diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2019-03-12 14:29:14 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-03-12 14:29:14 +0100 |
| commit | fb6692ed33052bc4ad01c961d09af72aeaa9b854 (patch) | |
| tree | 9895f7fc116a48c57f144cd11f375101e9d79a6b /man/systemd.exec.xml | |
| parent | po: update French translation (diff) | |
| parent | man: document NetworkNamespacePath= (diff) | |
| download | systemd-fb6692ed33052bc4ad01c961d09af72aeaa9b854.tar.xz systemd-fb6692ed33052bc4ad01c961d09af72aeaa9b854.zip | |
Merge pull request #11927 from poettering/network-namespace-path
Add NetworkNamespacePath= to unit files
Diffstat (limited to 'man/systemd.exec.xml')
| -rw-r--r-- | man/systemd.exec.xml | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 19c7b26bce..94c8e7a2dd 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -1100,7 +1100,29 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting> <para>Note that the implementation of this setting might be impossible (for example if network namespaces are not available), and the unit should be written in a way that does not solely rely on this setting for - security.</para></listitem> + security.</para> + + <para>When this option is used on a socket unit any sockets bound on behalf of this unit will be + bound within a private network namespace. This may be combined with + <varname>JoinsNamespaceOf=</varname> to listen on sockets inside of network namespaces of other + services.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>NetworkNamespacePath=</varname></term> + + <listitem><para>Takes an absolute file system path refererring to a Linux network namespace + pseudo-file (i.e. a file like <filename>/proc/$PID/ns/net</filename> or a bind mount or symlink to + one). When set the invoked processes are added to the network namespace referenced by that path. The + path has to point to a valid namespace file at the moment the processes are forked off. If this + option is used <varname>PrivateNetwork=</varname> has no effect. If this option is used together with + <varname>JoinsNamespaceOf=</varname> then it only has an effect if this unit is started before any of + the listed units that have <varname>PrivateNetwork=</varname> or + <varname>NetworkNamespacePath=</varname> configured, as otherwise the network namespace of those + units is reused.</para> + + <para>When this option is used on a socket unit any sockets bound on behalf of this unit will be + bound within the specified network namespace.</para></listitem> </varlistentry> <varlistentry> |