diff options
Diffstat (limited to 'upstream/opensuse-tumbleweed/man1/systemd-nspawn.1')
| -rw-r--r-- | upstream/opensuse-tumbleweed/man1/systemd-nspawn.1 | 158 |
1 files changed, 146 insertions, 12 deletions
diff --git a/upstream/opensuse-tumbleweed/man1/systemd-nspawn.1 b/upstream/opensuse-tumbleweed/man1/systemd-nspawn.1 index 2b67e183..c9ee1594 100644 --- a/upstream/opensuse-tumbleweed/man1/systemd-nspawn.1 +++ b/upstream/opensuse-tumbleweed/man1/systemd-nspawn.1 @@ -1,5 +1,5 @@ '\" t -.TH "SYSTEMD\-NSPAWN" "1" "" "systemd 254" "systemd-nspawn" +.TH "SYSTEMD\-NSPAWN" "1" "" "systemd 255" "systemd-nspawn" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -134,6 +134,8 @@ The following options are understood: \fB\-q\fR, \fB\-\-quiet\fR .RS 4 Turns off any status output by the tool itself\&. When this switch is used, the only output from nspawn will be the console output of the container OS itself\&. +.sp +Added in version 209\&. .RE .PP \fB\-\-settings=\fR\fIMODE\fR @@ -175,6 +177,8 @@ or next to the image file or container root directory, all settings will take ef If disabled, no \&.nspawn file is read and no settings except the ones on the command line are in effect\&. +.sp +Added in version 226\&. .RE .SS "Image Options" .PP @@ -217,6 +221,8 @@ or \fB\-\-ephemeral\fR\&. .sp Note that this switch leaves hostname, machine ID and all other settings that could identify the instance unmodified\&. +.sp +Added in version 219\&. .RE .PP \fB\-x\fR, \fB\-\-ephemeral\fR @@ -233,6 +239,8 @@ or new With this option no modifications of the container image are retained\&. Use \fB\-\-volatile=\fR (described below) for other mechanisms to restrict persistency of container images during runtime\&. +.sp +Added in version 219\&. .RE .PP \fB\-i\fR, \fB\-\-image=\fR @@ -304,6 +312,8 @@ and Any other partitions, such as foreign partitions or swap partitions are not mounted\&. May not be specified together with \fB\-\-directory=\fR, \fB\-\-template=\fR\&. +.sp +Added in version 211\&. .RE .PP \fB\-\-image\-policy=\fR\fB\fIpolicy\fR\fR @@ -312,6 +322,8 @@ Takes an image policy string as argument, as per \fBsystemd.image-policy\fR(7)\&. The policy is enforced when operating on the disk image specified via \fB\-\-image=\fR, see above\&. If not specified defaults to "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:esp=unprotected+absent:xbootldr=unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", i\&.e\&. all recognized file systems in the image are used, but not the swap partition\&. +.sp +Added in version 254\&. .RE .PP \fB\-\-oci\-bundle=\fR @@ -320,6 +332,8 @@ Takes the path to an OCI runtime bundle to invoke, as specified in the \m[blue]\fBOCI Runtime Specification\fR\m[]\&\s-2\u[3]\d\s+2\&. In this case no \&.nspawn file is loaded, and the root directory and various settings are read from the OCI runtime JSON data (but data passed on the command line takes precedence)\&. +.sp +Added in version 242\&. .RE .PP \fB\-\-read\-only\fR @@ -418,6 +432,8 @@ as container payload\&. The option does not require any particular preparations in the OS, but do note that "overlayfs" behaviour differs from regular file systems in a number of ways, and hence compatibility is limited\&. +.sp +Added in version 216\&. .RE .PP \fB\-\-root\-hash=\fR @@ -445,6 +461,8 @@ Also see the \fIRootHash=\fR option in \fBsystemd.exec\fR(5)\&. +.sp +Added in version 233\&. .RE .PP \fB\-\-root\-hash\-sig=\fR @@ -455,6 +473,8 @@ option\&. The semantics are the same as for the \fIRootHashSignature=\fR option, see \fBsystemd.exec\fR(5)\&. +.sp +Added in version 246\&. .RE .PP \fB\-\-verity\-data=\fR @@ -464,6 +484,8 @@ Takes the path to a data integrity (dm\-verity) file\&. This option enables data suffix is found next to the image file, bearing otherwise the same name (except if the image has the \&.raw suffix, in which case the verity data file must not have it in its name), the verity data is read from it and automatically used\&. +.sp +Added in version 246\&. .RE .PP \fB\-\-pivot\-root=\fR @@ -480,6 +502,8 @@ will be pivoted to the other directory\&. Both paths must be absolute, and are r This is for containers which have several bootable directories in them; for example, several \m[blue]\fBOSTree\fR\m[]\&\s-2\u[4]\d\s+2 deployments\&. It emulates the behavior of the boot loader and the initrd which normally select which directory to mount as the root and start the container\*(Aqs PID 1 in\&. +.sp +Added in version 233\&. .RE .SS "Execution Options" .PP @@ -493,6 +517,8 @@ compatible signal handling (specifically: it needs to reboot on SIGINT, reexecut \fB\-\-as\-pid2\fR a minimal stub init process is run as PID 1 and the selected program is executed as PID 2 (and hence does not need to implement any special semantics)\&. The stub init process will reap processes as necessary and react appropriately to signals\&. It is recommended to use this mode to invoke arbitrary commands in containers, unless they have been modified to run correctly as PID 1\&. Or in other words: this switch should be used for pretty much all commands, except when the command refers to an init or shell implementation, as these are generally capable of running correctly as PID 1\&. This option may not be combined with \fB\-\-boot\fR\&. +.sp +Added in version 229\&. .RE .PP \fB\-b\fR, \fB\-\-boot\fR @@ -548,6 +574,8 @@ template unit file is used\&. \fB\-\-chdir=\fR .RS 4 Change to the specified working directory before invoking the process in the container\&. Expects an absolute path in the container\*(Aqs file system namespace\&. +.sp +Added in version 229\&. .RE .PP \fB\-E \fR\fB\fINAME\fR\fR\fB[=\fR\fB\fIVALUE\fR\fR\fB]\fR, \fB\-\-setenv=\fR\fB\fINAME\fR\fR\fB[=\fR\fB\fIVALUE\fR\fR\fB]\fR @@ -557,6 +585,8 @@ Specifies an environment variable to pass to the init process in the container\& and \fIVALUE\fR are omitted, the value of the variable with the same name in the program environment will be used\&. +.sp +Added in version 209\&. .RE .PP \fB\-u\fR, \fB\-\-user=\fR @@ -578,6 +608,8 @@ triggers an orderly shutdown)\&. If is not used and this option is not specified the container\*(Aqs processes are terminated abruptly via \fBSIGKILL\fR\&. For a list of valid signals, see \fBsignal\fR(7)\&. +.sp +Added in version 220\&. .RE .PP \fB\-\-notify\-ready=\fR @@ -596,6 +628,8 @@ systemd\-nspawn waits for the "READY=1" message from the init process in the container before sending its own to systemd\&. For more details about notifications see \fBsd_notify\fR(3)\&. +.sp +Added in version 231\&. .RE .PP \fB\-\-suppress\-sync=\fR @@ -608,6 +642,8 @@ Expects a boolean argument\&. If true, turns off any form of on\-disk file syste flags to \fBopen\fR(2) and related calls will be made unavailable\&. This is potentially dangerous, as assumed data integrity guarantees to the container payload are not actually enforced (i\&.e\&. data assumed to have been written to disk might be lost if the system is shut down abnormally)\&. However, this can dramatically improve container runtime performance \(en as long as these guarantees are not required or desirable, for example because any data written by the container is of temporary, redundant nature, or just an intermediary artifact that will be further processed and finalized by a later step in a pipeline\&. Defaults to false\&. +.sp +Added in version 250\&. .RE .SS "System Identity Options" .PP @@ -618,6 +654,8 @@ Sets the machine name for this container\&. This name may be used to identify th and similar), and is used to initialize the container\*(Aqs hostname (which the container can choose to override, however)\&. If not specified, the last component of the root directory path of the container is used, possibly suffixed with a random identifier in case \fB\-\-ephemeral\fR mode is selected\&. If the root directory selected is the host\*(Aqs root directory the host\*(Aqs hostname is used as default instead\&. +.sp +Added in version 202\&. .RE .PP \fB\-\-hostname=\fR @@ -630,6 +668,8 @@ exclusively\&. Note that regardless whether the container\*(Aqs hostname is init \fB\-\-hostname=\fR or the one set with \fB\-\-machine=\fR, the container can later override its kernel hostname freely on its own as well\&. +.sp +Added in version 239\&. .RE .PP \fB\-\-uuid=\fR @@ -648,6 +688,8 @@ Make the container part of the specified slice, instead of the default machine\&.slice\&. This applies only if the machine is run in its own scope unit, i\&.e\&. if \fB\-\-keep\-unit\fR isn\*(Aqt used\&. +.sp +Added in version 206\&. .RE .PP \fB\-\-property=\fR @@ -656,6 +698,8 @@ Set a unit property on the scope unit to register for the machine\&. This applie \fB\-\-keep\-unit\fR isn\*(Aqt used\&. Takes unit property assignments in the same format as \fBsystemctl set\-property\fR\&. This is useful to set memory limits and similar for the container\&. +.sp +Added in version 220\&. .RE .PP \fB\-\-register=\fR @@ -667,6 +711,8 @@ Controls whether the container is registered with and shown by tools such as \fBps\fR(1)\&. If the container does not run a service manager, it is recommended to set this option to "no"\&. +.sp +Added in version 209\&. .RE .PP \fB\-\-keep\-unit\fR @@ -693,6 +739,8 @@ and \fB\-\-register=no\fR in combination to disable any kind of unit allocation or registration with \fBsystemd\-machined\fR\&. +.sp +Added in version 209\&. .RE .SS "User Namespacing Options" .PP @@ -781,6 +829,8 @@ or /etc/group\&. In fact, the allocation of the range is not stored persistently anywhere, except in the file ownership of the files and directories of the container\&. .sp Note that when user namespacing is used file ownership on disk reflects this, and all of the container\*(Aqs files and directories are owned by the container\*(Aqs effective user and group IDs\&. This means that copying files from and to the container image requires correction of the numeric UID/GID values, according to the UID/GID shift applied\&. +.sp +Added in version 220\&. .RE .PP \fB\-\-private\-users\-ownership=\fR @@ -815,6 +865,8 @@ The option is implied if \fB\-\-private\-users=pick\fR is used\&. This option has no effect if user namespacing is not used\&. +.sp +Added in version 230\&. .RE .PP \fB\-U\fR @@ -843,6 +895,8 @@ systemd\-nspawn \&... \-\-private\-users=0 \-\-private\-users\-ownership=chown .if n \{\ .RE .\} +.sp +Added in version 230\&. .RE .SS "Networking Options" .PP @@ -884,6 +938,8 @@ After=sys\-subsystem\-net\-devices\-ens1\&.device This will make sure that activation of the container service will be delayed until the "ens1" network interface has shown up\&. This is required since hardware probing is fully asynchronous, and network interfaces might be discovered only later during the boot process, after the container would normally be started without these explicit dependencies\&. +.sp +Added in version 209\&. .RE .PP \fB\-\-network\-macvlan=\fR @@ -900,6 +956,8 @@ implies .sp As with \fB\-\-network\-interface=\fR, the underlying Ethernet network interface must already exist at the time the container is started, and thus similar unit file drop\-ins as described above might be useful\&. +.sp +Added in version 211\&. .RE .PP \fB\-\-network\-ipvlan=\fR @@ -918,6 +976,8 @@ implies .sp As with \fB\-\-network\-interface=\fR, the underlying Ethernet network interface must already exist at the time the container is started, and thus similar unit file drop\-ins as described above might be useful\&. +.sp +Added in version 219\&. .RE .PP \fB\-n\fR, \fB\-\-network\-veth\fR @@ -955,6 +1015,8 @@ for details on older naming algorithms for this interface)\&. Alternatively, the option may be used, which allows free configuration of the host\-side interface name independently of the container name \(em but might require a bit more additional configuration in case bridging in a fashion similar to \fB\-\-network\-bridge=\fR is desired\&. +.sp +Added in version 209\&. .RE .PP \fB\-\-network\-veth\-extra=\fR @@ -964,6 +1026,8 @@ Adds an additional virtual Ethernet link between host and container\&. Takes a c \fB\-\-network\-bridge=\fR has no effect on interfaces created with \fB\-\-network\-veth\-extra=\fR\&. +.sp +Added in version 228\&. .RE .PP \fB\-\-network\-bridge=\fR @@ -980,6 +1044,8 @@ prefix instead of .sp As with \fB\-\-network\-interface=\fR, the underlying bridge network interface must already exist at the time the container is started, and thus similar unit file drop\-ins as described above might be useful\&. +.sp +Added in version 209\&. .RE .PP \fB\-\-network\-zone=\fR @@ -1000,6 +1066,8 @@ includes by default a network file matching the bridge interfaces created this way, which contains settings to enable automatic address provisioning on the created virtual network via DHCP, as well as automatic IP routing onto the host\*(Aqs external network interfaces\&. Using \fB\-\-network\-zone=\fR is hence in most cases fully automatic and sufficient to connect multiple local containers in a joined broadcast domain to the host, with further connectivity to the external network\&. +.sp +Added in version 230\&. .RE .PP \fB\-\-network\-namespace\-path=\fR @@ -1013,6 +1081,8 @@ created by \fB\-\-private\-network\fR or \fB\-\-network\-interface=\fR\&. +.sp +Added in version 236\&. .RE .PP \fB\-p\fR, \fB\-\-port=\fR @@ -1026,6 +1096,8 @@ is assumed\&. The container port number and its colon may be omitted, in which c \fB\-\-network\-veth\fR, \fB\-\-network\-zone=\fR \fB\-\-network\-bridge=\fR\&. +.sp +Added in version 219\&. .RE .SS "Security Options" .PP @@ -1073,6 +1145,8 @@ is passed, the program will print known capability names and exit\&. .sp This option sets the bounding set of capabilities which also limits the ambient capabilities as given with the \fB\-\-ambient\-capability=\fR\&. +.sp +Added in version 186\&. .RE .PP \fB\-\-drop\-capability=\fR @@ -1085,6 +1159,8 @@ is passed, the program will print known capability names and exit\&. .sp This option sets the bounding set of capabilities which also limits the ambient capabilities as given with the \fB\-\-ambient\-capability=\fR\&. +.sp +Added in version 209\&. .RE .PP \fB\-\-ambient\-capability=\fR @@ -1105,6 +1181,8 @@ This option cannot be combined with the boot mode of the container (as requested If the special value of "help" is passed, the program will print known capability names and exit\&. +.sp +Added in version 248\&. .RE .PP \fB\-\-no\-new\-privileges=\fR @@ -1114,6 +1192,8 @@ Takes a boolean argument\&. Specifies the value of the flag for the container payload\&. Defaults to off\&. When turned on the payload code of the container cannot acquire new privileges, i\&.e\&. the "setuid" file bit as well as file system capabilities will not have an effect anymore\&. See \fBprctl\fR(2) for details about this flag\&. +.sp +Added in version 239\&. .RE .PP \fB\-\-system\-call\-filter=\fR @@ -1131,16 +1211,22 @@ always implements a system call allow list (as opposed to a deny list!), and thi "~" prefix\&. Note that the applied system call filter is also altered implicitly if additional capabilities are passed using the \fB\-\-capabilities=\fR\&. +.sp +Added in version 235\&. .RE .PP \fB\-Z\fR, \fB\-\-selinux\-context=\fR .RS 4 Sets the SELinux security context to be used to label processes in the container\&. +.sp +Added in version 209\&. .RE .PP \fB\-L\fR, \fB\-\-selinux\-apifs\-context=\fR .RS 4 Sets the SELinux security context to be used to label files in the virtual API file systems in the container\&. +.sp +Added in version 209\&. .RE .SS "Resource Options" .PP @@ -1168,6 +1254,8 @@ may be used to turn off resource limiting for the specific type of resource\&. T \fB\-\-private\-users=\fR is used, see above), any limits set will be applied to the resource usage of the same user on all local containers as well as the host\&. This means particular care needs to be taken with these limits as they might be triggered by possibly less trusted code\&. Example: "\-\-rlimit=RLIMIT_NOFILE=8192:16384"\&. +.sp +Added in version 239\&. .RE .PP \fB\-\-oom\-score\-adjust=\fR @@ -1176,6 +1264,8 @@ Changes the OOM ("Out Of Memory") score adjustment value for the container paylo /proc/self/oom_score_adj which influences the preference with which this container is terminated when memory becomes scarce\&. For details see \fBproc\fR(5)\&. Takes an integer in the range \-1000\&...1000\&. +.sp +Added in version 239\&. .RE .PP \fB\-\-cpu\-affinity=\fR @@ -1183,6 +1273,8 @@ which influences the preference with which this container is terminated when mem Controls the CPU affinity of the container payload\&. Takes a comma separated list of CPU numbers or number ranges (the latter\*(Aqs start and end value separated by dashes)\&. See \fBsched_setaffinity\fR(2) for details\&. +.sp +Added in version 239\&. .RE .PP \fB\-\-personality=\fR @@ -1194,6 +1286,8 @@ in the container\&. Currently, only and "x86\-64" are supported\&. This is useful when running a 32\-bit container on a 64\-bit host\&. If this setting is not used, the personality reported in the container is the same as the one reported on the host\&. +.sp +Added in version 209\&. .RE .SS "Integration Options" .PP @@ -1297,6 +1391,8 @@ is preferable, as it means direct changes to /etc/resolv\&.conf in the container are not allowed, as it is a read\-only bind mount (but note that if the container has enough privileges, it might simply go ahead and unmount the bind mount anyway)\&. Note that both if the file is bind mounted and if it is copied no further propagation of configuration is generally done after the one\-time early initialization (this is because the file is usually updated through copying and renaming)\&. Defaults to "auto"\&. +.sp +Added in version 239\&. .RE .PP \fB\-\-timezone=\fR @@ -1336,6 +1432,8 @@ otherwise, except if the image is read\-only in which case "bind" is used instead\&. Defaults to "auto"\&. +.sp +Added in version 239\&. .RE .PP \fB\-\-link\-journal=\fR @@ -1355,7 +1453,9 @@ Control whether the container\*(Aqs journal shall be made visible to the host sy "try\-host" and "try\-guest" -do the same but do not fail if the host does not have persistent journaling enabled\&. If +do the same but do not fail if the host does not have persistent journaling enabled, or if the container is in the +\fB\-\-ephemeral\fR +mode\&. If "auto" (the default), and the right subdirectory of /var/log/journal @@ -1372,12 +1472,16 @@ Note that is the default if the systemd\-nspawn@\&.service template unit file is used\&. +.sp +Added in version 187\&. .RE .PP \fB\-j\fR .RS 4 Equivalent to \fB\-\-link\-journal=try\-guest\fR\&. +.sp +Added in version 187\&. .RE .SS "Mount Options" .PP @@ -1397,7 +1501,8 @@ Mount options are comma\-separated\&. \fBrbind\fR and \fBnorbind\fR -control whether to create a recursive or a regular bind mount\&. Defaults to "rbind"\&. +control whether to create a recursive or a regular bind mount\&. Defaults to +\fBrbind\fR\&. \fBnoidmap\fR, \fBidmap\fR, and \fBrootidmap\fR @@ -1407,7 +1512,8 @@ Using \fBidmap\fR or \fBrootidmap\fR -requires support by the source filesystem for user/group ID mapped mounts\&. Defaults to "noidmap"\&. With +requires support by the source filesystem for user/group ID mapped mounts\&. Defaults to +\fBnoidmap\fR\&. With \fBx\fR being the container\*(Aqs UID range offset, \fBy\fR @@ -1489,6 +1595,8 @@ Note that when this option is used in combination with \fBnobody\fR user\&. That\*(Aqs because the mount and its files and directories continue to be owned by the relevant host users and groups, which do not exist in the container, and thus show up under the wildcard UID 65534 (nobody)\&. If such bind mounts are created, it is recommended to make them read\-only, using \fB\-\-bind\-ro=\fR\&. Alternatively you can use the "idmap" mount option to map the filesystem IDs\&. +.sp +Added in version 198\&. .RE .PP \fB\-\-bind\-user=\fR @@ -1555,11 +1663,15 @@ and .sp This operation is only supported in combination with \fB\-\-private\-users=\fR/\fB\-U\fR\&. +.sp +Added in version 249\&. .RE .PP \fB\-\-inaccessible=\fR .RS 4 Make the specified path inaccessible in the container\&. This over\-mounts the specified path (which must exist in the container) with a file node of the same type that is empty and has the most restrictive access mode supported\&. This is an effective way to mask files, directories and other file system objects from the container payload\&. This option may be used more than once in case all specified paths are masked\&. +.sp +Added in version 242\&. .RE .PP \fB\-\-tmpfs=\fR @@ -1571,6 +1683,8 @@ may be used to embed colons in the path\&. Note that this option cannot be used to replace the root file system of the container with a temporary file system\&. However, the \fB\-\-volatile=\fR option described below provides similar functionality, with a focus on implementing stateless operating system images\&. +.sp +Added in version 214\&. .RE .PP \fB\-\-overlay=\fR, \fB\-\-overlay\-ro=\fR @@ -1608,6 +1722,8 @@ mount option receives the paths to stack in the opposite order of this switch\&. Note that this option cannot be used to replace the root file system of the container with an overlay file system\&. However, the \fB\-\-volatile=\fR option described above provides similar functionality, with a focus on implementing stateless operating system images\&. +.sp +Added in version 220\&. .RE .SS "Input/Output Options" .PP @@ -1660,12 +1776,16 @@ to be available\&. On the other hand, in this mode container invocations can be may be used to synthesize input that might be used for escaping the container\&. Hence \fBpipe\fR mode should only be used if the payload is sufficiently trusted or when the standard input/output/error output file descriptors are known safe, for example pipes\&. +.sp +Added in version 242\&. .RE .PP \fB\-\-pipe\fR, \fB\-P\fR .RS 4 Equivalent to \fB\-\-console=pipe\fR\&. +.sp +Added in version 242\&. .RE .SS "Credentials" .PP @@ -1692,7 +1812,7 @@ to embed a newline, or "\ex00" to embed a \fBNUL\fR -byte)\&. Note that the invoking shell might already apply unescaping once, hence this might require double escaping!\&. +byte)\&. Note that the invoking shell might already apply unescaping once, hence this might require double escaping! .sp The \fBsystemd-sysusers.service\fR(8) @@ -1725,6 +1845,8 @@ in volatile mode, i\&.e\&. with empty and /var/\&. The container payload will recognize this as a first boot, and will invoke systemd\-firstboot\&.service, which then reads the two passed credentials to configure the system\*(Aqs initial locale and root password\&. +.sp +Added in version 247\&. .RE .SS "Other" .PP @@ -1875,6 +1997,12 @@ will be ignored by the executable, and needs to be handled by the pager\&. This option instructs the pager to not send termcap initialization and deinitialization strings to the terminal\&. It is set by default to allow command output to remain visible in the terminal even after the pager exits\&. Nevertheless, this prevents some pager functionality from working, in particular paged output cannot be scrolled with the mouse\&. .RE .sp +Note that setting the regular +\fI$LESS\fR +environment variable has no effect for +\fBless\fR +invocations by systemd tools\&. +.sp See \fBless\fR(1) for more discussion\&. @@ -1886,6 +2014,12 @@ Override the charset passed to \fBless\fR (by default "utf\-8", if the invoking terminal is determined to be UTF\-8 compatible)\&. +.sp +Note that setting the regular +\fI$LESSCHARSET\fR +environment variable has no effect for +\fBless\fR +invocations by systemd tools\&. .RE .PP \fI$SYSTEMD_PAGERSECURE\fR @@ -1948,9 +2082,9 @@ and other conditions\&. .\} .nf # machinectl pull\-raw \-\-verify=no \e - https://download\&.fedoraproject\&.org/pub/fedora/linux/releases/37/Cloud/x86_64/images/Fedora\-Cloud\-Base\-37\-1\&.7\&.x86_64\&.raw\&.xz \e - Fedora\-Cloud\-Base\-37\-1\&.7\&.x86\-64 -# systemd\-nspawn \-M Fedora\-Cloud\-Base\-37\-1\&.7\&.x86\-64 + https://download\&.fedoraproject\&.org/pub/fedora/linux/releases/40/Cloud/x86_64/images/Fedora\-Cloud\-Base\-40\-1\&.6\&.x86_64\&.raw\&.xz \e + Fedora\-Cloud\-Base\-40\-1\&.6\&.x86\-64 +# systemd\-nspawn \-M Fedora\-Cloud\-Base\-40\-1\&.6\&.x86\-64 .fi .if n \{\ .RE @@ -1966,21 +2100,21 @@ and opens a shell in it\&. .RS 4 .\} .nf -# dnf \-y \-\-releasever=37 \-\-installroot=/var/lib/machines/f37 \e +# dnf \-y \-\-releasever=40 \-\-installroot=/var/lib/machines/f40 \e \-\-repo=fedora \-\-repo=updates \-\-setopt=install_weak_deps=False install \e passwd dnf fedora\-release vim\-minimal util\-linux systemd systemd\-networkd -# systemd\-nspawn \-bD /var/lib/machines/f37 +# systemd\-nspawn \-bD /var/lib/machines/f40 .fi .if n \{\ .RE .\} .PP This installs a minimal Fedora distribution into the directory -/var/lib/machines/f37 +/var/lib/machines/f40 and then boots that OS in a namespace container\&. Because the installation is located underneath the standard /var/lib/machines/ directory, it is also possible to start the machine using -\fBsystemd\-nspawn \-M f37\fR\&. +\fBsystemd\-nspawn \-M f40\fR\&. .PP \fBExample\ \&3.\ \&Spawn a shell in a container of a minimal Debian unstable distribution\fR .sp |