From 4160043a0fac8b812905b7502ce34adf3af538f1 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Tue, 6 Sep 2016 02:27:18 -0400 Subject: move man pages to appropriate directories --- man/systemd.nspawn.xml | 454 ------------------------------------------------- 1 file changed, 454 deletions(-) delete mode 100644 man/systemd.nspawn.xml (limited to 'man/systemd.nspawn.xml') diff --git a/man/systemd.nspawn.xml b/man/systemd.nspawn.xml deleted file mode 100644 index 3683412c14..0000000000 --- a/man/systemd.nspawn.xml +++ /dev/null @@ -1,454 +0,0 @@ - - -%entities; -]> - - - - - - - systemd.nspawn - systemd - - - - Developer - Lennart - Poettering - lennart@poettering.net - - - - - - systemd.nspawn - 5 - - - - systemd.nspawn - Container settings - - - - /etc/systemd/nspawn/machine.nspawn - /run/systemd/nspawn/machine.nspawn - /var/lib/machines/machine.nspawn - - - - Description - - An nspawn container settings file (suffix - .nspawn) encodes additional runtime - information about a local container, and is searched, read and - used by - systemd-nspawn1 - when starting a container. Files of this type are named after the - containers they define settings for. They are optional, and only - required for containers whose execution environment shall differ - from the defaults. Files of this type mostly contain settings that - may also be set on the systemd-nspawn command - line, and make it easier to persistently attach specific settings - to specific containers. The syntax of these files is inspired by - .desktop files following the XDG - Desktop Entry Specification, which in turn are inspired by - Microsoft Windows .ini files. - - Boolean arguments used in these settings files can be - written in various formats. For positive settings, the strings - , , - and are equivalent. For negative settings, the - strings , , - and are - equivalent. - - Empty lines and lines starting with # or ; are - ignored. This may be used for commenting. Lines ending - in a backslash are concatenated with the following - line while reading and the backslash is replaced by a - space character. This may be used to wrap long lines. - - - - - <filename>.nspawn</filename> File Discovery - - Files are searched by appending the - .nspawn suffix to the machine name of the - container, as specified with the - switch of systemd-nspawn, or derived from the - directory or image file name. This file is first searched in - /etc/systemd/nspawn/ and - /run/systemd/nspawn/. If found in these - directories, its settings are read and all of them take full effect - (but are possibly overridden by corresponding command line - arguments). If not found, the file will then be searched next to - the image file or in the immediate parent of the root directory of - the container. If the file is found there, only a subset of the - settings will take effect however. All settings that possibly - elevate privileges or grant additional access to resources of the - host (such as files or directories) are ignored. To which options - this applies is documented below. - - Persistent settings files created and maintained by the - administrator (and thus trusted) should be placed in - /etc/systemd/nspawn/, while automatically - downloaded (and thus potentially untrusted) settings files are - placed in /var/lib/machines/ instead (next to - the container images), where their security impact is limited. In - order to add privileged settings to .nspawn - files acquired from the image vendor, it is recommended to copy the - settings files into /etc/systemd/nspawn/ and - edit them there, so that the privileged options become - available. The precise algorithm for how the files are searched and - interpreted may be configured with - systemd-nspawn's - switch, see - systemd-nspawn1 - for details. - - - - [Exec] Section Options - - Settings files may include an [Exec] - section, which carries various execution parameters: - - - - - Boot= - - Takes a boolean argument, which defaults to off. If enabled, systemd-nspawn - will automatically search for an init executable and invoke it. In this case, the - specified parameters using Parameters= are passed as additional arguments to the - init process. This setting corresponds to the switch on the - systemd-nspawn command line. This option may not be combined with - ProcessTwo=yes. - - - - ProcessTwo= - - Takes a boolean argument, which defaults to off. If enabled, the specified program is run as - PID 2. A stub init process is run as PID 1. This setting corresponds to the switch - on the systemd-nspawn command line. This option may not be combined with - Boot=yes. - - - - Parameters= - - Takes a space-separated list of - arguments. This is either a command line, beginning with the - binary name to execute, or – if Boot= is - enabled – the list of arguments to pass to the init - process. This setting corresponds to the command line - parameters passed on the systemd-nspawn - command line. - - - - Environment= - - Takes an environment variable assignment - consisting of key and value, separated by - =. Sets an environment variable for the - main process invoked in the container. This setting may be - used multiple times to set multiple environment variables. It - corresponds to the command line - switch. - - - - User= - - Takes a UNIX user name. Specifies the user - name to invoke the main process of the container as. This user - must be known in the container's user database. This - corresponds to the command line - switch. - - - - WorkingDirectory= - - Selects the working directory for the process invoked in the container. Expects an absolute - path in the container's file system namespace. This corresponds to the command line - switch. - - - - Capability= - DropCapability= - - Takes a space-separated list of Linux process - capabilities (see - capabilities7 - for details). The Capability= setting - specifies additional capabilities to pass on top of the - default set of capabilities. The - DropCapability= setting specifies - capabilities to drop from the default set. These settings - correspond to the and - command line - switches. Note that Capability= is a - privileged setting, and only takes effect in - .nspawn files in - /etc/systemd/nspawn/ and - /run/system/nspawn/ (see above). On the - other hand, DropCapability= takes effect in - all cases. - - - - KillSignal= - - Specify the process signal to send to the - container's PID 1 when nspawn itself receives SIGTERM, in - order to trigger an orderly shutdown of the container. - Defaults to SIGRTMIN+3 if is used - (on systemd-compatible init systems SIGRTMIN+3 triggers an - orderly shutdown). For a list of valid signals, see - signal7. - - - - Personality= - - Configures the kernel personality for the - container. This is equivalent to the - switch. - - - - MachineID= - - Configures the 128-bit machine ID (UUID) to pass to - the container. This is equivalent to the - command line switch. This option is - privileged (see above). - - - - PrivateUsers= - - Configures support for usernamespacing. This is equivalent to the - command line switch, and takes the same options. This option is privileged - (see above). - - - - - - [Files] Section Options - - Settings files may include a [Files] - section, which carries various parameters configuring the file - system of the container: - - - - - ReadOnly= - - Takes a boolean argument, which defaults to off. If - specified, the container will be run with a read-only file - system. This setting corresponds to the - command line - switch. - - - - Volatile= - - Takes a boolean argument, or the special value - state. This configures whether to run the - container with volatile state and/or configuration. This - option is equivalent to , see - systemd-nspawn1 - for details about the specific options - supported. - - - - Bind= - BindReadOnly= - - Adds a bind mount from the host into the - container. Takes a single path, a pair of two paths separated - by a colon, or a triplet of two paths plus an option string - separated by colons. This option may be used multiple times to - configure multiple bind mounts. This option is equivalent to - the command line switches and - , see - systemd-nspawn1 - for details about the specific options supported. This setting - is privileged (see above). - - - - TemporaryFileSystem= - - Adds a tmpfs mount to the - container. Takes a path or a pair of path and option string, - separated by a colon. This option may be used multiple times to - configure multiple tmpfs mounts. This - option is equivalent to the command line switch - , see - systemd-nspawn1 - for details about the specific options supported. This setting - is privileged (see above). - - - - PrivateUsersChown= - - Configures whether the ownership of the files and directories in the container tree shall be - adjusted to the UID/GID range used, if necessary and user namespacing is enabled. This is equivalent to the - command line switch. This option is privileged (see - above). - - - - - - - [Network] Section Options - - Settings files may include a [Network] - section, which carries various parameters configuring the network - connectivity of the container: - - - - - Private= - - Takes a boolean argument, which defaults to off. If - enabled, the container will run in its own network namespace - and not share network interfaces and configuration with the - host. This setting corresponds to the - command line - switch. - - - - VirtualEthernet= - - Takes a boolean argument. Configures whether - to create a virtual Ethernet connection - (veth) between host and the container. This - setting implies Private=yes. This setting - corresponds to the command - line switch. This option is privileged (see - above). - - - - VirtualEthernetExtra= - - Takes a colon-separated pair of interface - names. Configures an additional virtual Ethernet connection - (veth) between host and the container. The - first specified name is the interface name on the host, the - second the interface name in the container. The latter may be - omitted in which case it is set to the same name as the host - side interface. This setting implies - Private=yes. This setting corresponds to - the command line - switch, and maybe be used multiple times. It is independent of - VirtualEthernet=. This option is privileged - (see above). - - - - Interface= - - Takes a space-separated list of interfaces to - add to the container. This option corresponds to the - command line switch and - implies Private=yes. This option is - privileged (see above). - - - - MACVLAN= - IPVLAN= - - Takes a space-separated list of interfaces to - add MACLVAN or IPVLAN interfaces to, which are then added to - the container. These options correspond to the - and - command line switches and - imply Private=yes. These options are - privileged (see above). - - - - Bridge= - - Takes an interface name. This setting implies - VirtualEthernet=yes and - Private=yes and has the effect that the - host side of the created virtual Ethernet link is connected to - the specified bridge interface. This option corresponds to the - command line switch. This - option is privileged (see above). - - - - Zone= - - Takes a network zone name. This setting implies VirtualEthernet=yes and - Private=yes and has the effect that the host side of the created virtual Ethernet link is - connected to an automatically managed bridge interface named after the passed argument, prefixed with - vz-. This option corresponds to the command line - switch. This option is privileged (see above). - - - - Port= - - Exposes a TCP or UDP port of the container on - the host. This option corresponds to the - command line switch, see - systemd-nspawn1 - for the precise syntax of the argument this option takes. This - option is privileged (see above). - - - - - - See Also - - systemd1, - systemd-nspawn1, - systemd.directives7 - - - - -- cgit v1.2.3-54-g00ecf