diff options
| author | Abderrahim Kitouni <abderrahim.kitouni@codethink.co.uk> | 2023-09-18 17:03:38 +0200 |
|---|---|---|
| committer | Luca Boccassi <luca.boccassi@gmail.com> | 2023-09-19 01:37:37 +0200 |
| commit | aefdc1124f19e8799a84e8a047e768223493bea1 (patch) | |
| tree | ccaa74ed3bd1e147ca4f99bfd6364e9e528eeaa4 /man/systemd-nspawn.xml | |
| parent | path: make arg_pager_flags static (diff) | |
| download | systemd-aefdc1124f19e8799a84e8a047e768223493bea1.tar.xz systemd-aefdc1124f19e8799a84e8a047e768223493bea1.zip | |
man: update version information
As I noticed a lot of missing information when trying to implement checking
for missing info. I reimplemented the version information script to be more
robust, and here is the result.
Follow up to ec07c3c80b2b1bfa6788500202006ff85f5ae4f4
Diffstat (limited to 'man/systemd-nspawn.xml')
| -rw-r--r-- | man/systemd-nspawn.xml | 156 |
1 files changed, 122 insertions, 34 deletions
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index aa96186173..9c6354a5fa 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -244,7 +244,9 @@ <para>Note that this switch leaves hostname, machine ID and all other settings that could identify the instance - unmodified.</para></listitem> + unmodified.</para> + + <xi:include href="version-info.xml" xpointer="v219"/></listitem> </varlistentry> <varlistentry> @@ -265,6 +267,8 @@ <para>With this option no modifications of the container image are retained. Use <option>--volatile=</option> (described below) for other mechanisms to restrict persistency of container images during runtime.</para> + + <xi:include href="version-info.xml" xpointer="v219"/> </listitem> </varlistentry> @@ -311,7 +315,9 @@ <option>--verity-data=</option> (and optionally <option>--root-hash-sig=</option>) options.</para> <para>Any other partitions, such as foreign partitions or swap partitions are not mounted. May not be specified - together with <option>--directory=</option>, <option>--template=</option>.</para></listitem> + together with <option>--directory=</option>, <option>--template=</option>.</para> + + <xi:include href="version-info.xml" xpointer="v211"/></listitem> </varlistentry> <varlistentry> @@ -400,7 +406,9 @@ former are not symlinks into the latter) are not supported by <literal>--volatile=yes</literal> as container payload. The <option>overlay</option> option does not require any particular preparations in the OS, but do note that <literal>overlayfs</literal> behaviour differs from regular file systems - in a number of ways, and hence compatibility is limited.</para></listitem> + in a number of ways, and hence compatibility is limited.</para> + + <xi:include href="version-info.xml" xpointer="v216"/></listitem> </varlistentry> <varlistentry> @@ -428,6 +436,8 @@ <para>Also see the <varname>RootHash=</varname> option in <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> + + <xi:include href="version-info.xml" xpointer="v233"/> </listitem> </varlistentry> @@ -468,7 +478,9 @@ <para>This is for containers which have several bootable directories in them; for example, several <ulink url="https://ostree.readthedocs.io/en/latest/">OSTree</ulink> deployments. It emulates the behavior of the boot loader and the initrd which normally select which directory to mount as the root - and start the container's PID 1 in.</para></listitem> + and start the container's PID 1 in.</para> + + <xi:include href="version-info.xml" xpointer="v233"/></listitem> </varlistentry> </variablelist> @@ -492,6 +504,8 @@ modified to run correctly as PID 1. Or in other words: this switch should be used for pretty much all commands, except when the command refers to an init or shell implementation, as these are generally capable of running correctly as PID 1. This option may not be combined with <option>--boot</option>.</para> + + <xi:include href="version-info.xml" xpointer="v229"/> </listitem> </varlistentry> @@ -546,7 +560,9 @@ <term><option>--chdir=</option></term> <listitem><para>Change to the specified working directory before invoking the process in the container. Expects - an absolute path in the container's file system namespace.</para></listitem> + an absolute path in the container's file system namespace.</para> + + <xi:include href="version-info.xml" xpointer="v229"/></listitem> </varlistentry> <varlistentry> @@ -559,7 +575,7 @@ are omitted, the value of the variable with the same name in the program environment will be used. </para> - <xi:include href="version-info.xml" xpointer="v250"/></listitem> + <xi:include href="version-info.xml" xpointer="v209"/></listitem> </varlistentry> <varlistentry> @@ -580,7 +596,9 @@ <constant>SIGRTMIN+3</constant> triggers an orderly shutdown). If <option>--boot</option> is not used and this option is not specified the container's processes are terminated abruptly via <constant>SIGKILL</constant>. For a list of valid signals, see <citerefentry - project='man-pages'><refentrytitle>signal</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para></listitem> + project='man-pages'><refentrytitle>signal</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para> + + <xi:include href="version-info.xml" xpointer="v220"/></listitem> </varlistentry> <varlistentry> @@ -593,7 +611,9 @@ With option <option>yes</option> systemd-nspawn waits for the <literal>READY=1</literal> message from the init process in the container before sending its own to systemd. For more details about notifications - see <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para></listitem> + see <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para> + + <xi:include href="version-info.xml" xpointer="v231"/></listitem> </varlistentry> <varlistentry> @@ -636,7 +656,9 @@ with a random identifier in case <option>--ephemeral</option> mode is selected. If the root directory selected is the host's root directory the host's hostname is used as default - instead.</para></listitem> + instead.</para> + + <xi:include href="version-info.xml" xpointer="v202"/></listitem> </varlistentry> <varlistentry> @@ -652,6 +674,8 @@ exclusively. Note that regardless whether the container's hostname is initialized from the name set with <option>--hostname=</option> or the one set with <option>--machine=</option>, the container can later override its kernel hostname freely on its own as well.</para> + + <xi:include href="version-info.xml" xpointer="v239"/> </listitem> </varlistentry> @@ -678,6 +702,8 @@ <listitem><para>Make the container part of the specified slice, instead of the default <filename>machine.slice</filename>. This applies only if the machine is run in its own scope unit, i.e. if <option>--keep-unit</option> isn't used.</para> + + <xi:include href="version-info.xml" xpointer="v206"/> </listitem> </varlistentry> @@ -688,6 +714,8 @@ machine is run in its own scope unit, i.e. if <option>--keep-unit</option> isn't used. Takes unit property assignments in the same format as <command>systemctl set-property</command>. This is useful to set memory limits and similar for the container.</para> + + <xi:include href="version-info.xml" xpointer="v220"/> </listitem> </varlistentry> @@ -703,7 +731,9 @@ tools such as <citerefentry project='man-pages'><refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum></citerefentry>. If the container does not run a service manager, it is recommended to set this option to - <literal>no</literal>.</para></listitem> + <literal>no</literal>.</para> + + <xi:include href="version-info.xml" xpointer="v209"/></listitem> </varlistentry> <varlistentry> @@ -719,7 +749,9 @@ <para>Note that passing <option>--keep-unit</option> disables the effect of <option>--slice=</option> and <option>--property=</option>. Use <option>--keep-unit</option> and <option>--register=no</option> in combination to disable any kind of unit allocation or registration with - <command>systemd-machined</command>.</para></listitem> + <command>systemd-machined</command>.</para> + + <xi:include href="version-info.xml" xpointer="v209"/></listitem> </varlistentry> </variablelist> @@ -797,7 +829,9 @@ <para>Note that when user namespacing is used file ownership on disk reflects this, and all of the container's files and directories are owned by the container's effective user and group IDs. This means that copying files from and to the container image requires correction of the numeric UID/GID values, according to the UID/GID - shift applied.</para></listitem> + shift applied.</para> + + <xi:include href="version-info.xml" xpointer="v220"/></listitem> </varlistentry> <varlistentry> @@ -824,7 +858,7 @@ <option>--private-users=pick</option> is used. This option has no effect if user namespacing is not used.</para> - <xi:include href="version-info.xml" xpointer="v249"/></listitem> + <xi:include href="version-info.xml" xpointer="v230"/></listitem> </varlistentry> <varlistentry> @@ -841,6 +875,8 @@ <option>-U</option>) on the file system by redoing the operation with the first UID of 0:</para> <programlisting>systemd-nspawn … --private-users=0 --private-users-ownership=chown</programlisting> + + <xi:include href="version-info.xml" xpointer="v230"/> </listitem> </varlistentry> @@ -893,6 +929,8 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> <literal>ens1</literal> network interface has shown up. This is required since hardware probing is fully asynchronous, and network interfaces might be discovered only later during the boot process, after the container would normally be started without these explicit dependencies.</para> + + <xi:include href="version-info.xml" xpointer="v209"/> </listitem> </varlistentry> @@ -911,7 +949,9 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> <para>As with <option>--network-interface=</option>, the underlying Ethernet network interface must already exist at the time the container is started, and thus similar unit file drop-ins as described - above might be useful.</para></listitem> + above might be useful.</para> + + <xi:include href="version-info.xml" xpointer="v211"/></listitem> </varlistentry> <varlistentry> @@ -931,7 +971,9 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> <para>As with <option>--network-interface=</option>, the underlying Ethernet network interface must already exist at the time the container is started, and thus similar unit file drop-ins as described - above might be useful.</para></listitem> + above might be useful.</para> + + <xi:include href="version-info.xml" xpointer="v219"/></listitem> </varlistentry> <varlistentry> @@ -971,6 +1013,8 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> host-side interface name independently of the container name — but might require a bit more additional configuration in case bridging in a fashion similar to <option>--network-bridge=</option> is desired.</para> + + <xi:include href="version-info.xml" xpointer="v209"/> </listitem> </varlistentry> @@ -986,7 +1030,9 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> used multiple times, and allows configuration of the network interface names. Note that <option>--network-bridge=</option> has no effect on interfaces created with - <option>--network-veth-extra=</option>.</para></listitem> + <option>--network-veth-extra=</option>.</para> + + <xi:include href="version-info.xml" xpointer="v228"/></listitem> </varlistentry> <varlistentry> @@ -1002,7 +1048,9 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> <para>As with <option>--network-interface=</option>, the underlying bridge network interface must already exist at the time the container is started, and thus similar unit file drop-ins as described - above might be useful.</para></listitem> + above might be useful.</para> + + <xi:include href="version-info.xml" xpointer="v209"/></listitem> </varlistentry> <varlistentry> @@ -1031,6 +1079,8 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> network interfaces. Using <option>--network-zone=</option> is hence in most cases fully automatic and sufficient to connect multiple local containers in a joined broadcast domain to the host, with further connectivity to the external network.</para> + + <xi:include href="version-info.xml" xpointer="v230"/> </listitem> </varlistentry> @@ -1048,7 +1098,9 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> for example, <option>--network-namespace-path=/run/netns/foo</option>. Note that this option cannot be used together with other network-related options, such as <option>--private-network</option> - or <option>--network-interface=</option>.</para></listitem> + or <option>--network-interface=</option>.</para> + + <xi:include href="version-info.xml" xpointer="v236"/></listitem> </varlistentry> <varlistentry> @@ -1067,7 +1119,9 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> same port as the host port is implied. This option is only supported if private networking is used, such as with <option>--network-veth</option>, <option>--network-zone=</option> - <option>--network-bridge=</option>.</para></listitem> + <option>--network-bridge=</option>.</para> + + <xi:include href="version-info.xml" xpointer="v219"/></listitem> </varlistentry> </variablelist> @@ -1102,7 +1156,9 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> <para>This option sets the bounding set of capabilities which also limits the ambient capabilities as given with the - <option>--ambient-capability=</option>.</para></listitem> + <option>--ambient-capability=</option>.</para> + + <xi:include href="version-info.xml" xpointer="v186"/></listitem> </varlistentry> <varlistentry> @@ -1118,7 +1174,9 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> <para>This option sets the bounding set of capabilities which also limits the ambient capabilities as given with the - <option>--ambient-capability=</option>.</para></listitem> + <option>--ambient-capability=</option>.</para> + + <xi:include href="version-info.xml" xpointer="v209"/></listitem> </varlistentry> <varlistentry> @@ -1152,7 +1210,9 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> on the payload code of the container cannot acquire new privileges, i.e. the "setuid" file bit as well as file system capabilities will not have an effect anymore. See <citerefentry project='man-pages'><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry> for - details about this flag. </para></listitem> + details about this flag. </para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> </varlistentry> <varlistentry> @@ -1168,7 +1228,9 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> system call allow list (as opposed to a deny list!), and this command line option hence adds or removes entries from the default allow list, depending on the <literal>~</literal> prefix. Note that the applied system call filter is also altered implicitly if additional capabilities are passed using - the <command>--capabilities=</command>.</para></listitem> + the <command>--capabilities=</command>.</para> + + <xi:include href="version-info.xml" xpointer="v235"/></listitem> </varlistentry> <varlistentry> @@ -1177,6 +1239,8 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> <listitem><para>Sets the SELinux security context to be used to label processes in the container.</para> + + <xi:include href="version-info.xml" xpointer="v209"/> </listitem> </varlistentry> @@ -1187,6 +1251,8 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> <listitem><para>Sets the SELinux security context to be used to label files in the virtual API file systems in the container.</para> + + <xi:include href="version-info.xml" xpointer="v209"/> </listitem> </varlistentry> </variablelist> @@ -1218,7 +1284,9 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> (i.e. <option>--private-users=</option> is used, see above), any limits set will be applied to the resource usage of the same user on all local containers as well as the host. This means particular care needs to be taken with these limits as they might be triggered by possibly less trusted code. Example: - <literal>--rlimit=RLIMIT_NOFILE=8192:16384</literal>.</para></listitem> + <literal>--rlimit=RLIMIT_NOFILE=8192:16384</literal>.</para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> </varlistentry> <varlistentry> @@ -1228,7 +1296,9 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> <filename>/proc/self/oom_score_adj</filename> which influences the preference with which this container is terminated when memory becomes scarce. For details see <citerefentry project='man-pages'><refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum></citerefentry>. Takes an - integer in the range -1000…1000.</para></listitem> + integer in the range -1000…1000.</para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> </varlistentry> <varlistentry> @@ -1237,7 +1307,9 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> <listitem><para>Controls the CPU affinity of the container payload. Takes a comma separated list of CPU numbers or number ranges (the latter's start and end value separated by dashes). See <citerefentry project='man-pages'><refentrytitle>sched_setaffinity</refentrytitle><manvolnum>2</manvolnum></citerefentry> for - details.</para></listitem> + details.</para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> </varlistentry> <varlistentry> @@ -1250,7 +1322,9 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> <literal>x86-64</literal> are supported. This is useful when running a 32-bit container on a 64-bit host. If this setting is not used, the personality reported in the container is the - same as the one reported on the host.</para></listitem> + same as the one reported on the host.</para> + + <xi:include href="version-info.xml" xpointer="v209"/></listitem> </varlistentry> </variablelist> @@ -1314,7 +1388,9 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> bind mount anyway). Note that both if the file is bind mounted and if it is copied no further propagation of configuration is generally done after the one-time early initialization (this is because the file is usually updated through copying and renaming). Defaults to - <literal>auto</literal>.</para></listitem> + <literal>auto</literal>.</para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> </varlistentry> <varlistentry> @@ -1334,7 +1410,9 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> <literal>auto</literal> and the <filename>/etc/localtime</filename> file of the host is a symlink, then <literal>symlink</literal> mode is used, and <literal>copy</literal> otherwise, except if the image is read-only in which case <literal>bind</literal> is used instead. Defaults to - <literal>auto</literal>.</para></listitem> + <literal>auto</literal>.</para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> </varlistentry> <varlistentry> @@ -1368,14 +1446,18 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> <literal>auto</literal> is used.</para> <para>Note that <option>--link-journal=try-guest</option> is the default if the - <filename>systemd-nspawn@.service</filename> template unit file is used.</para></listitem> + <filename>systemd-nspawn@.service</filename> template unit file is used.</para> + + <xi:include href="version-info.xml" xpointer="v187"/></listitem> </varlistentry> <varlistentry> <term><option>-j</option></term> <listitem><para>Equivalent to - <option>--link-journal=try-guest</option>.</para></listitem> + <option>--link-journal=try-guest</option>.</para> + + <xi:include href="version-info.xml" xpointer="v187"/></listitem> </varlistentry> </variablelist> @@ -1435,7 +1517,9 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> directories continue to be owned by the relevant host users and groups, which do not exist in the container, and thus show up under the wildcard UID 65534 (nobody). If such bind mounts are created, it is recommended to make them read-only, using <option>--bind-ro=</option>. Alternatively you can use the "idmap" mount option to - map the filesystem IDs.</para></listitem> + map the filesystem IDs.</para> + + <xi:include href="version-info.xml" xpointer="v198"/></listitem> </varlistentry> <varlistentry> @@ -1516,7 +1600,9 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> <para>Note that this option cannot be used to replace the root file system of the container with a temporary file system. However, the <option>--volatile=</option> option described below provides similar - functionality, with a focus on implementing stateless operating system images.</para></listitem> + functionality, with a focus on implementing stateless operating system images.</para> + + <xi:include href="version-info.xml" xpointer="v214"/></listitem> </varlistentry> <varlistentry> @@ -1566,7 +1652,9 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> <para>Note that this option cannot be used to replace the root file system of the container with an overlay file system. However, the <option>--volatile=</option> option described above provides similar functionality, - with a focus on implementing stateless operating system images.</para></listitem> + with a focus on implementing stateless operating system images.</para> + + <xi:include href="version-info.xml" xpointer="v220"/></listitem> </varlistentry> </variablelist> </refsect2> |