# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2024-03-01 17:11+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: TH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "SYSTEMD-NSPAWN" msgstr "" #. type: TH #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "systemd 255" msgstr "" #. type: TH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "systemd-nspawn" msgstr "" #. ----------------------------------------------------------------- #. * MAIN CONTENT STARTS HERE * #. ----------------------------------------------------------------- #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "NAME" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "systemd-nspawn - Spawn a command or OS in a light-weight container" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "SYNOPSIS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B [OPTIONS...] [I\\ [ARGS...]]" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B --boot [OPTIONS...] [ARGS...]" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "DESCRIPTION" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B may be used to run a command or OS in a light-weight " "namespace container\\&. In many ways it is similar to B(1), but more " "powerful since it fully virtualizes the file system hierarchy, as well as " "the process tree, the various IPC subsystems and the host and domain name\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B may be invoked on any directory tree containing an " "operating system tree, using the B<--directory=> command line option\\&. By " "using the B<--machine=> option an OS tree is automatically searched for in a " "couple of locations, most importantly in /var/lib/machines/, the suggested " "directory to place OS container images installed on the system\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "In contrast to B(1)\\ \\&B may be used to boot full " "Linux-based operating systems in a container\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B limits access to various kernel interfaces in the " "container to read-only, such as /sys/, /proc/sys/ or /sys/fs/selinux/\\&. " "The host\\*(Aqs network interfaces and the system clock may not be changed " "from within the container\\&. Device nodes may not be created\\&. The host " "system cannot be rebooted and kernel modules may not be loaded from within " "the container\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Use a tool like B(8), B(8), or B(8) to set up an " "OS directory tree suitable as file system hierarchy for B " "containers\\&. See the Examples section below for details on suitable " "invocation of these commands\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "As a safety check B will verify the existence of /usr/lib/os-" "release or /etc/os-release in the container tree before booting a container " "(see B(5))\\&. It might be necessary to add this file to the " "container tree manually if the OS of the container is too old to contain " "this file out-of-the-box\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B may be invoked directly from the interactive command line " "or run as system service in the background\\&. In this mode each container " "instance runs as its own service instance; a default template unit file " "systemd-nspawn@\\&.service is provided to make this easy, taking the " "container name as instance identifier\\&. Note that different default " "options apply when B is invoked by the template unit file " "than interactively on the command line\\&. Most importantly the template " "unit file makes use of the B<--boot> option which is not the default in case " "B is invoked from the interactive command line\\&. Further " "differences with the defaults are documented along with the various " "supported options below\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The B(1) tool may be used to execute a number of operations on " "containers\\&. In particular it provides easy-to-use commands to run " "containers as system services using the systemd-nspawn@\\&.service template " "unit file\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Along with each container a settings file with the \\&.nspawn suffix may " "exist, containing additional settings to apply when running the " "container\\&. See B(5) for details\\&. Settings files " "override the default options used by the systemd-nspawn@\\&.service template " "unit file, making it usually unnecessary to alter this template file " "directly\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that B will mount file systems private to the container " "to /dev/, /run/ and similar\\&. These will not be visible outside of the " "container, and their contents will be lost when the container exits\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that running two B containers from the same directory " "tree will not make processes in them see each other\\&. The PID namespace " "separation of the two containers is complete and the containers will share " "very few runtime objects except for the underlying file system\\&. Rather " "use B(1)\\*(Aqs B or B commands to request an " "additional login session in a running container\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B implements the \\m[blue]B\\m[]\\&\\s-2\\u[1]\\d\\s+2 specification\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "While running, containers invoked with B are registered with " "the B(8) service that keeps track of running containers, " "and provides programming interfaces to interact with them\\&." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "OPTIONS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If option B<--boot> is specified, the arguments are used as arguments for " "the init program\\&. Otherwise, I specifies the program to launch " "in the container, and the remaining arguments are used as arguments for this " "program\\&. If B<--boot> is not used and no arguments are specified, a shell " "is launched in the container\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The following options are understood:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<-q>, B<--quiet>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Turns off any status output by the tool itself\\&. When this switch is used, " "the only output from nspawn will be the console output of the container OS " "itself\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 209\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--settings=>I" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Controls whether B shall search for and use additional per-" "container settings from \\&.nspawn files\\&. Takes a boolean or the special " "values B or B\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If enabled (the default), a settings file named after the machine (as " "specified with the B<--machine=> setting, or derived from the directory or " "image file name) with the suffix \\&.nspawn is searched in /etc/systemd/" "nspawn/ and /run/systemd/nspawn/\\&. If it is found there, its settings are " "read and used\\&. If it is not found there, it is subsequently searched in " "the same directory as the image file or in the immediate parent of the root " "directory of the container\\&. In this case, if the file is found, its " "settings will be also read and used, but potentially unsafe settings are " "ignored\\&. Note that in both these cases, settings on the command line take " "precedence over the corresponding settings from loaded \\&.nspawn files, if " "both are specified\\&. Unsafe settings are considered all settings that " "elevate the container\\*(Aqs privileges or grant access to additional " "resources such as files or directories of the host\\&. For details about the " "format and contents of \\&.nspawn files, consult B(5)\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If this option is set to B, the file is searched, read and used " "the same way, however, the order of precedence is reversed: settings read " "from the \\&.nspawn file will take precedence over the corresponding command " "line options, if both are specified\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If this option is set to B, the file is searched, read and used the " "same way, but regardless of being found in /etc/systemd/nspawn/, /run/" "systemd/nspawn/ or next to the image file or container root directory, all " "settings will take effect, however, command line arguments still take " "precedence over corresponding settings\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If disabled, no \\&.nspawn file is read and no settings except the ones on " "the command line are in effect\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 226\\&." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Image Options" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<-D>, B<--directory=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Directory to use as file system root for the container\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If neither B<--directory=>, nor B<--image=> is specified the directory is " "determined by searching for a directory named the same as the machine name " "specified with B<--machine=>\\&. See B(1) section \"Files and " "Directories\" for the precise search path\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If neither B<--directory=>, B<--image=>, nor B<--machine=> are specified, " "the current directory will be used\\&. May not be specified together with " "B<--image=>\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--template=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Directory or \"btrfs\" subvolume to use as template for the container\\*(Aqs " "root directory\\&. If this is specified and the container\\*(Aqs root " "directory (as configured by B<--directory=>) does not yet exist it is " "created as \"btrfs\" snapshot (if supported) or plain directory (otherwise) " "and populated from this template tree\\&. Ideally, the specified template " "path refers to the root of a \"btrfs\" subvolume, in which case a simple " "copy-on-write snapshot is taken, and populating the root directory is " "instant\\&. If the specified template path does not refer to the root of a " "\"btrfs\" subvolume (or not even to a \"btrfs\" file system at all), the " "tree is copied (though possibly in a \\*(Aqreflink\\*(Aq copy-on-write " "scheme \\(em if the file system supports that), which can be substantially " "more time-consuming\\&. Note that the snapshot taken is of the specified " "directory or subvolume, including all subdirectories and subvolumes below " "it, but excluding any sub-mounts\\&. May not be specified together with B<--" "image=> or B<--ephemeral>\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that this switch leaves hostname, machine ID and all other settings " "that could identify the instance unmodified\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 219\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<-x>, B<--ephemeral>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If specified, the container is run with a temporary snapshot of its file " "system that is removed immediately when the container terminates\\&. May not " "be specified together with B<--template=>\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that this switch leaves hostname, machine ID and all other settings " "that could identify the instance unmodified\\&. Please note that \\(em as " "with B<--template=> \\(em taking the temporary snapshot is more efficient on " "file systems that support subvolume snapshots or \\*(Aqreflinks\\*(Aq " "natively (\"btrfs\" or new \"xfs\") than on more traditional file systems " "that do not (\"ext4\")\\&. Note that the snapshot taken is of the specified " "directory or subvolume, including all subdirectories and subvolumes below " "it, but excluding any sub-mounts\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "With this option no modifications of the container image are retained\\&. " "Use B<--volatile=> (described below) for other mechanisms to restrict " "persistency of container images during runtime\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<-i>, B<--image=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Disk image to mount the root directory for the container from\\&. Takes a " "path to a regular file or to a block device node\\&. The file or block " "device must contain either:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "An MBR partition table with a single partition of type 0x83 that is marked " "bootable\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A GUID partition table (GPT) with a single partition of type " "0fc63daf-8483-4772-8e79-3d69d8477de4\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A GUID partition table (GPT) with a marked root partition which is mounted " "as the root directory of the container\\&. Optionally, GPT images may " "contain a home and/or a server data partition which are mounted to the " "appropriate places in the container\\&. All these partitions must be " "identified by the partition types defined by the \\m[blue]B\\m[]\\&\\s-2\\u[2]\\d\\s+2\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "No partition table, and a single file system spanning the whole image\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "On GPT images, if an EFI System Partition (ESP) is discovered, it is " "automatically mounted to /efi (or /boot as fallback) in case a directory by " "this name exists and is empty\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Partitions encrypted with LUKS are automatically decrypted\\&. Also, on GPT " "images dm-verity data integrity hash partitions are set up if the root hash " "for them is specified using the B<--root-hash=> option\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Single file system images (i\\&.e\\&. file systems without a surrounding " "partition table) can be opened using dm-verity if the integrity data is " "passed using the B<--root-hash=> and B<--verity-data=> (and optionally B<--" "root-hash-sig=>) options\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Any other partitions, such as foreign partitions or swap partitions are not " "mounted\\&. May not be specified together with B<--directory=>, B<--" "template=>\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 211\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--image-policy=>I" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Takes an image policy string as argument, as per B(7)\\&. The policy is enforced when operating on the disk image " "specified via B<--image=>, see above\\&. If not specified defaults to " "\"root=verity+signed+encrypted+unprotected+absent:" "usr=verity+signed+encrypted+unprotected+absent:" "home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:" "esp=unprotected+absent:xbootldr=unprotected+absent:" "tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent\", i\\&." "e\\&. all recognized file systems in the image are used, but not the swap " "partition\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 254\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--oci-bundle=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Takes the path to an OCI runtime bundle to invoke, as specified in the " "\\m[blue]B\\m[]\\&\\s-2\\u[3]\\d\\s+2\\&. In this " "case no \\&.nspawn file is loaded, and the root directory and various " "settings are read from the OCI runtime JSON data (but data passed on the " "command line takes precedence)\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 242\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--read-only>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Mount the container\\*(Aqs root file system (and any other file systems " "container in the container image) read-only\\&. This has no effect on " "additional mounts made with B<--bind=>, B<--tmpfs=> and similar options\\&. " "This mode is implied if the container image file or directory is marked read-" "only itself\\&. It is also implied if B<--volatile=> is used\\&. In this " "case the container image on disk is strictly read-only, while changes are " "permitted but kept non-persistently in memory only\\&. For further details, " "see below\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--volatile>, B<--volatile=>I" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Boots the container in volatile mode\\&. When no mode parameter is passed or " "when mode is specified as B, full volatile mode is enabled\\&. This " "means the root directory is mounted as a mostly unpopulated \"tmpfs\" " "instance, and /usr/ from the OS tree is mounted into it in read-only mode " "(the system thus starts up with read-only OS image, but pristine state and " "configuration, any changes are lost on shutdown)\\&. When the mode parameter " "is specified as B, the OS tree is mounted read-only, but /var/ is " "mounted as a writable \"tmpfs\" instance into it (the system thus starts up " "with read-only OS resources and configuration, but pristine state, and any " "changes to the latter are lost on shutdown)\\&. When the mode parameter is " "specified as B the read-only root file system is combined with a " "writable tmpfs instance through \"overlayfs\", so that it appears at it " "normally would, but any changes are applied to the temporary file system " "only and lost when the container is terminated\\&. When the mode parameter " "is specified as B (the default), the whole OS tree is made available " "writable (unless B<--read-only> is specified, see above)\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that if one of the volatile modes is chosen, its effect is limited to " "the root file system (or /var/ in case of B), and any other mounts " "placed in the hierarchy are unaffected \\(em regardless if they are " "established automatically (e\\&.g\\&. the EFI system partition that might be " "mounted to /efi/ or /boot/) or explicitly (e\\&.g\\&. through an additional " "command line option such as B<--bind=>, see below)\\&. This means, even if " "B<--volatile=overlay> is used changes to /efi/ or /boot/ are prohibited in " "case such a partition exists in the container image operated on, and even if " "B<--volatile=state> is used the hypothetical file /etc/foobar is potentially " "writable if B<--bind=/etc/foobar> if used to mount it from outside the read-" "only container /etc/ directory\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The B<--ephemeral> option is closely related to this setting, and provides " "similar behaviour by making a temporary, ephemeral copy of the whole OS " "image and executing that\\&. For further details, see above\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The B<--tmpfs=> and B<--overlay=> options provide similar functionality, but " "for specific sub-directories of the OS image only\\&. For details, see " "below\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This option provides similar functionality for containers as the " "\"systemd\\&.volatile=\" kernel command line switch provides for host " "systems\\&. See B(7) for details\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that setting this option to B or B will only work correctly " "with operating systems in the container that can boot up with only /usr/ " "mounted, and are able to automatically populate /var/ (and /etc/ in case of " "\"--volatile=yes\")\\&. Specifically, this means that operating systems that " "follow the historic split of /bin/ and /lib/ (and related directories) from /" "usr/ (i\\&.e\\&. where the former are not symlinks into the latter) are not " "supported by \"--volatile=yes\" as container payload\\&. The B " "option does not require any particular preparations in the OS, but do note " "that \"overlayfs\" behaviour differs from regular file systems in a number " "of ways, and hence compatibility is limited\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 216\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--root-hash=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Takes a data integrity (dm-verity) root hash specified in hexadecimal\\&. " "This option enables data integrity checks using dm-verity, if the used image " "contains the appropriate integrity data (see above)\\&. The specified hash " "must match the root hash of integrity data, and is usually at least 256 bits " "(and hence 64 formatted hexadecimal characters) long (in case of SHA256 for " "example)\\&. If this option is not specified, but the image file carries the " "\"user\\&.verity\\&.roothash\" extended file attribute (see B(7)), " "then the root hash is read from it, also as formatted hexadecimal " "characters\\&. If the extended file attribute is not found (or is not " "supported by the underlying file system), but a file with the \\&.roothash " "suffix is found next to the image file, bearing otherwise the same name " "(except if the image has the \\&.raw suffix, in which case the root hash " "file must not have it in its name), the root hash is read from it and " "automatically used, also as formatted hexadecimal characters\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that this configures the root hash for the root file system\\&. Disk " "images may also contain separate file systems for the /usr/ hierarchy, which " "may be Verity protected as well\\&. The root hash for this protection may be " "configured via the \"user\\&.verity\\&.usrhash\" extended file attribute or " "via a \\&.usrhash file adjacent to the disk image, following the same format " "and logic as for the root hash for the root file system described here\\&. " "Note that there\\*(Aqs currently no switch to configure the root hash for " "the /usr/ from the command line\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Also see the I option in B(5)\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 233\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--root-hash-sig=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Takes a PKCS7 signature of the B<--root-hash=> option\\&. The semantics are " "the same as for the I option, see B(5)\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 246\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--verity-data=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Takes the path to a data integrity (dm-verity) file\\&. This option enables " "data integrity checks using dm-verity, if a root-hash is passed and if the " "used image itself does not contain the integrity data\\&. The integrity data " "must be matched by the root hash\\&. If this option is not specified, but a " "file with the \\&.verity suffix is found next to the image file, bearing " "otherwise the same name (except if the image has the \\&.raw suffix, in " "which case the verity data file must not have it in its name), the verity " "data is read from it and automatically used\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--pivot-root=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Pivot the specified directory to / inside the container, and either unmount " "the container\\*(Aqs old root, or pivot it to another specified " "directory\\&. Takes one of: a path argument \\(em in which case the " "specified path will be pivoted to / and the old root will be unmounted; or a " "colon-separated pair of new root path and pivot destination for the old " "root\\&. The new root path will be pivoted to /, and the old / will be " "pivoted to the other directory\\&. Both paths must be absolute, and are " "resolved in the container\\*(Aqs file system namespace\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This is for containers which have several bootable directories in them; for " "example, several \\m[blue]B\\m[]\\&\\s-2\\u[4]\\d\\s+2 " "deployments\\&. It emulates the behavior of the boot loader and the initrd " "which normally select which directory to mount as the root and start the " "container\\*(Aqs PID 1 in\\&." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Execution Options" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<-a>, B<--as-pid2>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Invoke the shell or specified program as process ID (PID) 2 instead of PID 1 " "(init)\\&. By default, if neither this option nor B<--boot> is used, the " "selected program is run as the process with PID 1, a mode only suitable for " "programs that are aware of the special semantics that the process with PID 1 " "has on UNIX\\&. For example, it needs to reap all processes reparented to " "it, and should implement B compatible signal handling " "(specifically: it needs to reboot on SIGINT, reexecute on SIGTERM, reload " "configuration on SIGHUP, and so on)\\&. With B<--as-pid2> a minimal stub " "init process is run as PID 1 and the selected program is executed as PID 2 " "(and hence does not need to implement any special semantics)\\&. The stub " "init process will reap processes as necessary and react appropriately to " "signals\\&. It is recommended to use this mode to invoke arbitrary commands " "in containers, unless they have been modified to run correctly as PID 1\\&. " "Or in other words: this switch should be used for pretty much all commands, " "except when the command refers to an init or shell implementation, as these " "are generally capable of running correctly as PID 1\\&. This option may not " "be combined with B<--boot>\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 229\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<-b>, B<--boot>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Automatically search for an init program and invoke it as PID 1, instead of " "a shell or a user supplied program\\&. If this option is used, arguments " "specified on the command line are used as arguments for the init program\\&. " "This option may not be combined with B<--as-pid2>\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The following table explains the different modes of invocation and " "relationship to B<--as-pid2> (see above):" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B" msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Switch" msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Explanation" msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid ".T&" msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "l l" msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "l l." msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Neither B<--as-pid2> nor B<--boot> specified" msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "The passed parameters are interpreted as the command line, which is executed as PID 1 in the container\\&." msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B<--as-pid2> specified" msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "The passed parameters are interpreted as the command line, which is executed as PID 2 in the container\\&. A stub init process is run as PID 1\\&." msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B<--boot> specified" msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "An init program is automatically searched for and run as PID 1 in the container\\&. The passed parameters are used as invocation parameters for this process\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that B<--boot> is the default mode of operation if the systemd-" "nspawn@\\&.service template unit file is used\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--chdir=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Change to the specified working directory before invoking the process in the " "container\\&. Expects an absolute path in the container\\*(Aqs file system " "namespace\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<-E >IB<[=>IB<]>, B<--setenv=>IB<[=>IB<]>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Specifies an environment variable to pass to the init process in the " "container\\&. This may be used to override the default variables or to set " "additional variables\\&. It may be used more than once to set multiple " "variables\\&. When \"=\" and I are omitted, the value of the variable " "with the same name in the program environment will be used\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<-u>, B<--user=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "After transitioning into the container, change to the specified user defined " "in the container\\*(Aqs user database\\&. Like all other systemd-nspawn " "features, this is not a security feature and provides protection against " "accidental destructive operations only\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--kill-signal=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Specify the process signal to send to the container\\*(Aqs PID 1 when nspawn " "itself receives B, in order to trigger an orderly shutdown of the " "container\\&. Defaults to B if B<--boot> is used (on systemd-" "compatible init systems B triggers an orderly shutdown)\\&. If " "B<--boot> is not used and this option is not specified the container\\*(Aqs " "processes are terminated abruptly via B\\&. For a list of valid " "signals, see B(7)\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 220\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--notify-ready=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Configures support for notifications from the container\\*(Aqs init " "process\\&. B<--notify-ready=> takes a boolean (B and B)\\&. With " "option B systemd-nspawn notifies systemd with a \"READY=1\" message when " "the init process is created\\&. With option B systemd-nspawn waits for " "the \"READY=1\" message from the init process in the container before " "sending its own to systemd\\&. For more details about notifications see " "B(3)\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 231\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--suppress-sync=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Expects a boolean argument\\&. If true, turns off any form of on-disk file " "system synchronization for the container payload\\&. This means all system " "calls such as B(2), B, B, \\&... will execute no " "operation, and the B/B flags to B(2) and related " "calls will be made unavailable\\&. This is potentially dangerous, as assumed " "data integrity guarantees to the container payload are not actually enforced " "(i\\&.e\\&. data assumed to have been written to disk might be lost if the " "system is shut down abnormally)\\&. However, this can dramatically improve " "container runtime performance \\(en as long as these guarantees are not " "required or desirable, for example because any data written by the container " "is of temporary, redundant nature, or just an intermediary artifact that " "will be further processed and finalized by a later step in a pipeline\\&. " "Defaults to false\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 250\\&." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "System Identity Options" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<-M>, B<--machine=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Sets the machine name for this container\\&. This name may be used to " "identify this container during its runtime (for example in tools like " "B(1) and similar), and is used to initialize the " "container\\*(Aqs hostname (which the container can choose to override, " "however)\\&. If not specified, the last component of the root directory path " "of the container is used, possibly suffixed with a random identifier in case " "B<--ephemeral> mode is selected\\&. If the root directory selected is the " "host\\*(Aqs root directory the host\\*(Aqs hostname is used as default " "instead\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 202\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--hostname=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Controls the hostname to set within the container, if different from the " "machine name\\&. Expects a valid hostname as argument\\&. If this option is " "used, the kernel hostname of the container will be set to this value, " "otherwise it will be initialized to the machine name as controlled by the " "B<--machine=> option described above\\&. The machine name is used for " "various aspect of identification of the container from the outside, the " "kernel hostname configurable with this option is useful for the container to " "identify itself from the inside\\&. It is usually a good idea to keep both " "forms of identification synchronized, in order to avoid confusion\\&. It is " "hence recommended to avoid usage of this option, and use B<--machine=> " "exclusively\\&. Note that regardless whether the container\\*(Aqs hostname " "is initialized from the name set with B<--hostname=> or the one set with B<--" "machine=>, the container can later override its kernel hostname freely on " "its own as well\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 239\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--uuid=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Set the specified UUID for the container\\&. The init system will " "initialize /etc/machine-id from this if this file is not set yet\\&. Note " "that this option takes effect only if /etc/machine-id in the container is " "unpopulated\\&." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Property Options" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<-S>, B<--slice=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Make the container part of the specified slice, instead of the default " "machine\\&.slice\\&. This applies only if the machine is run in its own " "scope unit, i\\&.e\\&. if B<--keep-unit> isn\\*(Aqt used\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 206\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--property=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Set a unit property on the scope unit to register for the machine\\&. This " "applies only if the machine is run in its own scope unit, i\\&.e\\&. if B<--" "keep-unit> isn\\*(Aqt used\\&. Takes unit property assignments in the same " "format as B\\&. This is useful to set memory limits " "and similar for the container\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--register=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Controls whether the container is registered with B(8)\\&. " "Takes a boolean argument, which defaults to \"yes\"\\&. This option should " "be enabled when the container runs a full Operating System (more " "specifically: a system and service manager as PID 1), and is useful to " "ensure that the container is accessible via B(1) and shown by " "tools such as B(1)\\&. If the container does not run a service manager, " "it is recommended to set this option to \"no\"\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--keep-unit>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Instead of creating a transient scope unit to run the container in, simply " "use the service or scope unit B has been invoked in\\&. If " "B<--register=yes> is set this unit is registered with B(8)\\&. This switch should be used if B is invoked " "from within a service unit, and the service unit\\*(Aqs sole purpose is to " "run a single B container\\&. This option is not available if " "run from a user session\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that passing B<--keep-unit> disables the effect of B<--slice=> and B<--" "property=>\\&. Use B<--keep-unit> and B<--register=no> in combination to " "disable any kind of unit allocation or registration with B\\&." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "User Namespacing Options" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--private-users=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Controls user namespacing\\&. If enabled, the container will run with its " "own private set of UNIX user and group ids (UIDs and GIDs)\\&. This involves " "mapping the private UIDs/GIDs used in the container (starting with the " "container\\*(Aqs root user 0 and up) to a range of UIDs/GIDs on the host " "that are not used for other purposes (usually in the range beyond the " "host\\*(Aqs UID/GID 65536)\\&. The parameter may be specified as follows:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If one or two colon-separated numbers are specified, user namespacing is " "turned on\\&. The first parameter specifies the first host UID/GID to assign " "to the container, the second parameter specifies the number of host UIDs/" "GIDs to assign to the container\\&. If the second parameter is omitted, " "65536 UIDs/GIDs are assigned\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the parameter is \"yes\", user namespacing is turned on\\&. The UID/GID " "range to use is determined automatically from the file ownership of the root " "directory of the container\\*(Aqs directory tree\\&. To use this option, " "make sure to prepare the directory tree in advance, and ensure that all " "files and directories in it are owned by UIDs/GIDs in the range you\\*(Aqd " "like to use\\&. Also, make sure that used file ACLs exclusively reference " "UIDs/GIDs in the appropriate range\\&. In this mode, the number of UIDs/GIDs " "assigned to the container is 65536, and the owner UID/GID of the root " "directory must be a multiple of 65536\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the parameter is \"no\", user namespacing is turned off\\&. This is the " "default\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the parameter is \"identity\", user namespacing is employed with an " "identity mapping for the first 65536 UIDs/GIDs\\&. This is mostly equivalent " "to B<--private-users=0:65536>\\&. While it does not provide UID/GID " "isolation, since all host and container UIDs/GIDs are chosen identically it " "does provide process capability isolation, and hence is often a good choice " "if proper user namespacing with distinct UID maps is not appropriate\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The special value \"pick\" turns on user namespacing\\&. In this case the " "UID/GID range is automatically chosen\\&. As first step, the file owner UID/" "GID of the root directory of the container\\*(Aqs directory tree is read, " "and it is checked that no other container is currently using it\\&. If this " "check is successful, the UID/GID range determined this way is used, " "similarly to the behavior if \"yes\" is specified\\&. If the check is not " "successful (and thus the UID/GID range indicated in the root " "directory\\*(Aqs file owner is already used elsewhere) a new \\(en currently " "unused \\(en UID/GID range of 65536 UIDs/GIDs is randomly chosen between the " "host UID/GIDs of 524288 and 1878982656, always starting at a multiple of " "65536, and, if possible, consistently hashed from the machine name\\&. This " "setting implies B<--private-users-ownership=auto> (see below), which " "possibly has the effect that the files and directories in the " "container\\*(Aqs directory tree will be owned by the appropriate users of " "the range picked\\&. Using this option makes user namespace behavior fully " "automatic\\&. Note that the first invocation of a previously unused " "container image might result in picking a new UID/GID range for it, and thus " "in the (possibly expensive) file ownership adjustment operation\\&. However, " "subsequent invocations of the container will be cheap (unless of course the " "picked UID/GID range is assigned to a different use by then)\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "It is recommended to assign at least 65536 UIDs/GIDs to each container, so " "that the usable UID/GID range in the container covers 16 bit\\&. For best " "security, do not assign overlapping UID/GID ranges to multiple " "containers\\&. It is hence a good idea to use the upper 16 bit of the host " "32-bit UIDs/GIDs as container identifier, while the lower 16 bit encode the " "container UID/GID used\\&. This is in fact the behavior enforced by the B<--" "private-users=pick> option\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When user namespaces are used, the GID range assigned to each container is " "always chosen identical to the UID range\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "In most cases, using B<--private-users=pick> is the recommended option as it " "enhances container security massively and operates fully automatically in " "most cases\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that the picked UID/GID range is not written to /etc/passwd or /etc/" "group\\&. In fact, the allocation of the range is not stored persistently " "anywhere, except in the file ownership of the files and directories of the " "container\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that when user namespacing is used file ownership on disk reflects " "this, and all of the container\\*(Aqs files and directories are owned by the " "container\\*(Aqs effective user and group IDs\\&. This means that copying " "files from and to the container image requires correction of the numeric UID/" "GID values, according to the UID/GID shift applied\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--private-users-ownership=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Controls how to adjust the container image\\*(Aqs UIDs and GIDs to match the " "UID/GID range chosen with B<--private-users=>, see above\\&. Takes one of " "\"off\" (to leave the image as is), \"chown\" (to recursively B the " "container\\*(Aqs directory tree as needed), \"map\" (in order to use " "transparent ID mapping mounts) or \"auto\" for automatically using \"map\" " "where available and \"chown\" where not\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If \"chown\" is selected, all files and directories in the container\\*(Aqs " "directory tree will be adjusted so that they are owned by the appropriate " "UIDs/GIDs selected for the container (see above)\\&. This operation is " "potentially expensive, as it involves iterating through the full directory " "tree of the container\\&. Besides actual file ownership, file ACLs are " "adjusted as well\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Typically \"map\" is the best choice, since it transparently maps UIDs/GIDs " "in memory as needed without modifying the image, and without requiring an " "expensive recursive adjustment operation\\&. However, it is not available " "for all file systems, currently\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The B<--private-users-ownership=auto> option is implied if B<--private-" "users=pick> is used\\&. This option has no effect if user namespacing is not " "used\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 230\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<-U>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the kernel supports the user namespaces feature, equivalent to B<--" "private-users=pick --private-users-ownership=auto>, otherwise equivalent to " "B<--private-users=no>\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that B<-U> is the default if the systemd-nspawn@\\&.service template " "unit file is used\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note: it is possible to undo the effect of B<--private-users-" "ownership=chown> (or B<-U>) on the file system by redoing the operation with " "the first UID of 0:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "systemd-nspawn \\&... --private-users=0 --private-users-ownership=chown\n" msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Networking Options" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--private-network>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Disconnect networking of the container from the host\\&. This makes all " "network interfaces unavailable in the container, with the exception of the " "loopback device and those specified with B<--network-interface=> and " "configured with B<--network-veth>\\&. If this option is specified, the " "B capability will be added to the set of capabilities the " "container retains\\&. The latter may be disabled by using B<--drop-" "capability=>\\&. If this option is not specified (or implied by one of the " "options listed below), the container will have full access to the host " "network\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--network-interface=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Assign the specified network interface to the container\\&. Either takes a " "single interface name, referencing the name on the host, or a colon-" "separated pair of interfaces, in which case the first one references the " "name on the host, and the second one the name in the container\\&. When the " "container terminates, the interface is moved back to the calling namespace " "and renamed to its original name\\&. Note that B<--network-interface=> " "implies B<--private-network>\\&. This option may be used more than once to " "add multiple network interfaces to the container\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that any network interface specified this way must already exist at the " "time the container is started\\&. If the container shall be started " "automatically at boot via a systemd-nspawn@\\&.service unit file instance, " "it might hence make sense to add a unit file drop-in to the service instance " "(e\\&.g\\&. /etc/systemd/system/systemd-nspawn@foobar\\&.service\\&.d/50-" "network\\&.conf) with contents like the following:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "[Unit]\n" "Wants=sys-subsystem-net-devices-ens1\\&.device\n" "After=sys-subsystem-net-devices-ens1\\&.device\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This will make sure that activation of the container service will be delayed " "until the \"ens1\" network interface has shown up\\&. This is required since " "hardware probing is fully asynchronous, and network interfaces might be " "discovered only later during the boot process, after the container would " "normally be started without these explicit dependencies\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--network-macvlan=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Create a \"macvlan\" interface of the specified Ethernet network interface " "and add it to the container\\&. Either takes a single interface name, " "referencing the name on the host, or a colon-separated pair of interfaces, " "in which case the first one references the name on the host, and the second " "one the name in the container\\&. A \"macvlan\" interface is a virtual " "interface that adds a second MAC address to an existing physical Ethernet " "link\\&. If the container interface name is not defined, the interface in " "the container will be named after the interface on the host, prefixed with " "\"mv-\"\\&. Note that B<--network-macvlan=> implies B<--private-network>\\&. " "This option may be used more than once to add multiple network interfaces to " "the container\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "As with B<--network-interface=>, the underlying Ethernet network interface " "must already exist at the time the container is started, and thus similar " "unit file drop-ins as described above might be useful\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--network-ipvlan=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Create an \"ipvlan\" interface of the specified Ethernet network interface " "and add it to the container\\&. Either takes a single interface name, " "referencing the name on the host, or a colon-separated pair of interfaces, " "in which case the first one references the name on the host, and the second " "one the name in the container\\&. An \"ipvlan\" interface is a virtual " "interface, similar to a \"macvlan\" interface, which uses the same MAC " "address as the underlying interface\\&. If the container interface name is " "not defined, the interface in the container will be named after the " "interface on the host, prefixed with \"iv-\"\\&. Note that B<--network-" "ipvlan=> implies B<--private-network>\\&. This option may be used more than " "once to add multiple network interfaces to the container\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<-n>, B<--network-veth>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Create a virtual Ethernet link (\"veth\") between host and container\\&. The " "host side of the Ethernet link will be available as a network interface " "named after the container\\*(Aqs name (as specified with B<--machine=>), " "prefixed with \"ve-\"\\&. The container side of the Ethernet link will be " "named \"host0\"\\&. The B<--network-veth> option implies B<--private-" "network>\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that B(8) includes by default a network " "file /usr/lib/systemd/network/80-container-ve\\&.network matching the host-" "side interfaces created this way, which contains settings to enable " "automatic address provisioning on the created virtual link via DHCP, as well " "as automatic IP routing onto the host\\*(Aqs external network interfaces\\&. " "It also contains /usr/lib/systemd/network/80-container-host0\\&.network " "matching the container-side interface created this way, containing settings " "to enable client side address assignment via DHCP\\&. In case systemd-" "networkd is running on both the host and inside the container, automatic IP " "communication from the container to the host is thus available, with further " "connectivity to the external network\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that B<--network-veth> is the default if the systemd-nspawn@\\&.service " "template unit file is used\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that on Linux network interface names may have a length of 15 " "characters at maximum, while container names may have a length up to 64 " "characters\\&. As this option derives the host-side interface name from the " "container name the name is possibly truncated\\&. Thus, care needs to be " "taken to ensure that interface names remain unique in this case, or even " "better container names are generally not chosen longer than 12 characters, " "to avoid the truncation\\&. If the name is truncated, B will " "automatically append a 4-digit hash value to the name to reduce the chance " "of collisions\\&. However, the hash algorithm is not collision-free\\&. (See " "B(7) for details on older naming algorithms for " "this interface)\\&. Alternatively, the B<--network-veth-extra=> option may " "be used, which allows free configuration of the host-side interface name " "independently of the container name \\(em but might require a bit more " "additional configuration in case bridging in a fashion similar to B<--" "network-bridge=> is desired\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--network-veth-extra=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Adds an additional virtual Ethernet link between host and container\\&. " "Takes a colon-separated pair of host interface name and container interface " "name\\&. The latter may be omitted in which case the container and host " "sides will be assigned the same name\\&. This switch is independent of B<--" "network-veth>, and \\(em in contrast \\(em may be used multiple times, and " "allows configuration of the network interface names\\&. Note that B<--" "network-bridge=> has no effect on interfaces created with B<--network-veth-" "extra=>\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 228\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--network-bridge=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Adds the host side of the Ethernet link created with B<--network-veth> to " "the specified Ethernet bridge interface\\&. Expects a valid network " "interface name of a bridge device as argument\\&. Note that B<--network-" "bridge=> implies B<--network-veth>\\&. If this option is used, the host side " "of the Ethernet link will use the \"vb-\" prefix instead of \"ve-\"\\&. " "Regardless of the used naming prefix the same network interface name length " "limits imposed by Linux apply, along with the complications this creates " "(for details see above)\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "As with B<--network-interface=>, the underlying bridge network interface " "must already exist at the time the container is started, and thus similar " "unit file drop-ins as described above might be useful\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--network-zone=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Creates a virtual Ethernet link (\"veth\") to the container and adds it to " "an automatically managed Ethernet bridge interface\\&. The bridge interface " "is named after the passed argument, prefixed with \"vz-\"\\&. The bridge " "interface is automatically created when the first container configured for " "its name is started, and is automatically removed when the last container " "configured for its name exits\\&. Hence, each bridge interface configured " "this way exists only as long as there\\*(Aqs at least one container " "referencing it running\\&. This option is very similar to B<--network-" "bridge=>, besides this automatic creation/removal of the bridge device\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This setting makes it easy to place multiple related containers on a common, " "virtual Ethernet-based broadcast domain, here called a \"zone\"\\&. Each " "container may only be part of one zone, but each zone may contain any number " "of containers\\&. Each zone is referenced by its name\\&. Names may be " "chosen freely (as long as they form valid network interface names when " "prefixed with \"vz-\"), and it is sufficient to pass the same name to the " "B<--network-zone=> switch of the various concurrently running containers to " "join them in one zone\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that B(8) includes by default a network " "file /usr/lib/systemd/network/80-container-vz\\&.network matching the bridge " "interfaces created this way, which contains settings to enable automatic " "address provisioning on the created virtual network via DHCP, as well as " "automatic IP routing onto the host\\*(Aqs external network interfaces\\&. " "Using B<--network-zone=> is hence in most cases fully automatic and " "sufficient to connect multiple local containers in a joined broadcast domain " "to the host, with further connectivity to the external network\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--network-namespace-path=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Takes the path to a file representing a kernel network namespace that the " "container shall run in\\&. The specified path should refer to a (possibly " "bind-mounted) network namespace file, as exposed by the kernel below /proc/" "$PID/ns/net\\&. This makes the container enter the given network " "namespace\\&. One of the typical use cases is to give a network namespace " "under /run/netns created by B(8), for example, B<--network-" "namespace-path=/run/netns/foo>\\&. Note that this option cannot be used " "together with other network-related options, such as B<--private-network> or " "B<--network-interface=>\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 236\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<-p>, B<--port=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If private networking is enabled, maps an IP port on the host onto an IP " "port on the container\\&. Takes a protocol specifier (either \"tcp\" or " "\"udp\"), separated by a colon from a host port number in the range 1 to " "65535, separated by a colon from a container port number in the range from 1 " "to 65535\\&. The protocol specifier and its separating colon may be omitted, " "in which case \"tcp\" is assumed\\&. The container port number and its colon " "may be omitted, in which case the same port as the host port is implied\\&. " "This option is only supported if private networking is used, such as with " "B<--network-veth>, B<--network-zone=> B<--network-bridge=>\\&." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Security Options" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--capability=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "List one or more additional capabilities to grant the container\\&. Takes a " "comma-separated list of capability names, see B(7) for more " "information\\&. Note that the following capabilities will be granted in any " "way: B, B, B, " "B, B, B, B, " "B, B, B, B, " "B, B, B, B, " "B, B, B, B, " "B, B, B, B, " "B, B, B\\&. Also " "B is retained if B<--private-network> is specified\\&. If the " "special value \"all\" is passed, all capabilities are retained\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the special value of \"help\" is passed, the program will print known " "capability names and exit\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This option sets the bounding set of capabilities which also limits the " "ambient capabilities as given with the B<--ambient-capability=>\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 186\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--drop-capability=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Specify one or more additional capabilities to drop for the container\\&. " "This allows running the container with fewer capabilities than the default " "(see above)\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--ambient-capability=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Specify one or more additional capabilities to pass in the inheritable and " "ambient set to the program started within the container\\&. The value " "\"all\" is not supported for this setting\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "All capabilities specified here must be in the set allowed with the B<--" "capability=> and B<--drop-capability=> options\\&. Otherwise, an error " "message will be shown\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This option cannot be combined with the boot mode of the container (as " "requested via B<--boot>)\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 248\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--no-new-privileges=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Takes a boolean argument\\&. Specifies the value of the " "B flag for the container payload\\&. Defaults to " "off\\&. When turned on the payload code of the container cannot acquire new " "privileges, i\\&.e\\&. the \"setuid\" file bit as well as file system " "capabilities will not have an effect anymore\\&. See B(2) for " "details about this flag\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--system-call-filter=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Alter the system call filter applied to containers\\&. Takes a space-" "separated list of system call names or group names (the latter prefixed with " "\"@\", as listed by the B command of B(1))\\&. Passed system calls will be permitted\\&. The list may " "optionally be prefixed by \"~\", in which case all listed system calls are " "prohibited\\&. If this command line option is used multiple times the " "configured lists are combined\\&. If both a positive and a negative list " "(that is one system call list without and one with the \"~\" prefix) are " "configured, the negative list takes precedence over the positive list\\&. " "Note that B always implements a system call allow list (as " "opposed to a deny list!), and this command line option hence adds or removes " "entries from the default allow list, depending on the \"~\" prefix\\&. Note " "that the applied system call filter is also altered implicitly if additional " "capabilities are passed using the B<--capabilities=>\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 235\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<-Z>, B<--selinux-context=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Sets the SELinux security context to be used to label processes in the " "container\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<-L>, B<--selinux-apifs-context=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Sets the SELinux security context to be used to label files in the virtual " "API file systems in the container\\&." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Resource Options" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--rlimit=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Sets the specified POSIX resource limit for the container payload\\&. " "Expects an assignment of the form \"I=I:I\" or " "\"I=I\", where I should refer to a resource limit type, " "such as B or B\\&. The I and I " "fields should refer to the numeric soft and hard resource limit values\\&. " "If the second form is used, I may specify a value that is used both " "as soft and hard limit\\&. In place of a numeric value the special string " "\"infinity\" may be used to turn off resource limiting for the specific type " "of resource\\&. This command line option may be used multiple times to " "control limits on multiple limit types\\&. If used multiple times for the " "same limit type, the last use wins\\&. For details about resource limits see " "B(2)\\&. By default resource limits for the container\\*(Aqs init " "process (PID 1) are set to the same values the Linux kernel originally " "passed to the host init system\\&. Note that some resource limits are " "enforced on resources counted per user, in particular B\\&. " "This means that unless user namespacing is deployed (i\\&.e\\&. B<--private-" "users=> is used, see above), any limits set will be applied to the resource " "usage of the same user on all local containers as well as the host\\&. This " "means particular care needs to be taken with these limits as they might be " "triggered by possibly less trusted code\\&. Example: \"--" "rlimit=RLIMIT_NOFILE=8192:16384\"\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--oom-score-adjust=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Changes the OOM (\"Out Of Memory\") score adjustment value for the container " "payload\\&. This controls /proc/self/oom_score_adj which influences the " "preference with which this container is terminated when memory becomes " "scarce\\&. For details see B(5)\\&. Takes an integer in the range " "-1000\\&...1000\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--cpu-affinity=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Controls the CPU affinity of the container payload\\&. Takes a comma " "separated list of CPU numbers or number ranges (the latter\\*(Aqs start and " "end value separated by dashes)\\&. See B(2) for " "details\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--personality=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Control the architecture (\"personality\") reported by B(2) in the " "container\\&. Currently, only \"x86\" and \"x86-64\" are supported\\&. This " "is useful when running a 32-bit container on a 64-bit host\\&. If this " "setting is not used, the personality reported in the container is the same " "as the one reported on the host\\&." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Integration Options" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--resolv-conf=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Configures how /etc/resolv\\&.conf inside of the container shall be handled " "(i\\&.e\\&. DNS configuration synchronization from host to container)\\&. " "Takes one of \"off\", \"copy-host\", \"copy-static\", \"copy-uplink\", " "\"copy-stub\", \"replace-host\", \"replace-static\", \"replace-uplink\", " "\"replace-stub\", \"bind-host\", \"bind-static\", \"bind-uplink\", \"bind-" "stub\", \"delete\" or \"auto\"\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If set to \"off\" the /etc/resolv\\&.conf file in the container is left as " "it is included in the image, and neither modified nor bind mounted over\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If set to \"copy-host\", the /etc/resolv\\&.conf file from the host is " "copied into the container, unless the file exists already and is not a " "regular file (e\\&.g\\&. a symlink)\\&. Similarly, if \"replace-host\" is " "used the file is copied, replacing any existing inode, including " "symlinks\\&. Similarly, if \"bind-host\" is used, the file is bind mounted " "from the host into the container\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If set to \"copy-static\", \"replace-static\" or \"bind-static\" the static " "resolv\\&.conf file supplied with B(8) " "(specifically: /usr/lib/systemd/resolv\\&.conf) is copied or bind mounted " "into the container\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If set to \"copy-uplink\", \"replace-uplink\" or \"bind-uplink\" the uplink " "resolv\\&.conf file managed by systemd-resolved\\&.service (specifically: /" "run/systemd/resolve/resolv\\&.conf) is copied or bind mounted into the " "container\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If set to \"copy-stub\", \"replace-stub\" or \"bind-stub\" the stub " "resolv\\&.conf file managed by systemd-resolved\\&.service (specifically: /" "run/systemd/resolve/stub-resolv\\&.conf) is copied or bind mounted into the " "container\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If set to \"delete\" the /etc/resolv\\&.conf file in the container is " "deleted if it exists\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Finally, if set to \"auto\" the file is left as it is if private networking " "is turned on (see B<--private-network>)\\&. Otherwise, if systemd-" "resolved\\&.service is running its stub resolv\\&.conf file is used, and if " "not the host\\*(Aqs /etc/resolv\\&.conf file\\&. In the latter cases the " "file is copied if the image is writable, and bind mounted otherwise\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "It\\*(Aqs recommended to use \"copy-\\&...\" or \"replace-\\&...\" if the " "container shall be able to make changes to the DNS configuration on its own, " "deviating from the host\\*(Aqs settings\\&. Otherwise \"bind\" is " "preferable, as it means direct changes to /etc/resolv\\&.conf in the " "container are not allowed, as it is a read-only bind mount (but note that if " "the container has enough privileges, it might simply go ahead and unmount " "the bind mount anyway)\\&. Note that both if the file is bind mounted and if " "it is copied no further propagation of configuration is generally done after " "the one-time early initialization (this is because the file is usually " "updated through copying and renaming)\\&. Defaults to \"auto\"\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--timezone=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Configures how /etc/localtime inside of the container (i\\&.e\\&. local " "timezone synchronization from host to container) shall be handled\\&. Takes " "one of \"off\", \"copy\", \"bind\", \"symlink\", \"delete\" or \"auto\"\\&. " "If set to \"off\" the /etc/localtime file in the container is left as it is " "included in the image, and neither modified nor bind mounted over\\&. If set " "to \"copy\" the /etc/localtime file of the host is copied into the " "container\\&. Similarly, if \"bind\" is used, the file is bind mounted from " "the host into the container\\&. If set to \"symlink\", a symlink is created " "pointing from /etc/localtime in the container to the timezone file in the " "container that matches the timezone setting on the host\\&. If set to " "\"delete\", the file in the container is deleted, should it exist\\&. If set " "to \"auto\" and the /etc/localtime file of the host is a symlink, then " "\"symlink\" mode is used, and \"copy\" otherwise, except if the image is " "read-only in which case \"bind\" is used instead\\&. Defaults to \"auto\"\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--link-journal=>" msgstr "" #. type: Plain text #: archlinux debian-unstable mageia-cauldron msgid "" "Control whether the container\\*(Aqs journal shall be made visible to the " "host system\\&. If enabled, allows viewing the container\\*(Aqs journal " "files from the host (but not vice versa)\\&. Takes one of \"no\", \"host\", " "\"try-host\", \"guest\", \"try-guest\", \"auto\"\\&. If \"no\", the journal " "is not linked\\&. If \"host\", the journal files are stored on the host file " "system (beneath /var/log/journal/I) and the subdirectory is bind-" "mounted into the container at the same location\\&. If \"guest\", the " "journal files are stored on the guest file system (beneath /var/log/journal/" "I) and the subdirectory is symlinked into the host at the same " "location\\&. \"try-host\" and \"try-guest\" do the same but do not fail if " "the host does not have persistent journaling enabled, or if the container is " "in the B<--ephemeral> mode\\&. If \"auto\" (the default), and the right " "subdirectory of /var/log/journal exists, it will be bind mounted into the " "container\\&. If the subdirectory does not exist, no linking is " "performed\\&. Effectively, booting a container once with \"guest\" or " "\"host\" will link the journal persistently if further on the default of " "\"auto\" is used\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that B<--link-journal=try-guest> is the default if the systemd-" "nspawn@\\&.service template unit file is used\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 187\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<-j>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Equivalent to B<--link-journal=try-guest>\\&." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Mount Options" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--bind=>, B<--bind-ro=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Bind mount a file or directory from the host into the container\\&. Takes " "one of: a path argument\\ \\&\\(em in which case the specified path will be " "mounted from the host to the same path in the container, or a colon-" "separated pair of paths\\ \\&\\(em in which case the first specified path is " "the source in the host, and the second path is the destination in the " "container, or a colon-separated triple of source path, destination path and " "mount options\\&. The source path may optionally be prefixed with a \"+\" " "character\\&. If so, the source path is taken relative to the image\\*(Aqs " "root directory\\&. This permits setting up bind mounts within the container " "image\\&. The source path may be specified as empty string, in which case a " "temporary directory below the host\\*(Aqs /var/tmp/ directory is used\\&. It " "is automatically removed when the container is shut down\\&. If the source " "path is not absolute, it is resolved relative to the current working " "directory\\&. The B<--bind-ro=> option creates read-only bind mounts\\&. " "Backslash escapes are interpreted, so \"\\e:\" may be used to embed colons " "in either path\\&. This option may be specified multiple times for creating " "multiple independent bind mount points\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "" "Mount options are comma-separated\\&. B and B control " "whether to create a recursive or a regular bind mount\\&. Defaults to " "B\\&. B, B, and B control ID mapping\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "" "Using B or B requires support by the source filesystem for " "user/group ID mapped mounts\\&. Defaults to B\\&. With B being " "the container\\*(Aqs UID range offset, B being the length of the " "container\\*(Aqs UID range, and B

being the owner UID of the bind mount " "source inode on the host:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If B is used, any user B in the range B<0 \\&... y> seen from " "inside of the container is mapped to B in the B range " "on the host\\&. Other host users are mapped to B inside the " "container\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If B is used, any user B in the UID range B<0 \\&... y> as seen " "from inside the container is mapped to the same B in the same B<0 \\&... " "y> range on the host\\&. Other host users are mapped to B inside the " "container\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If B is used, the user B<0> seen from inside of the container is " "mapped to B

on the host\\&. Other host users are mapped to B " "inside the container\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Whichever ID mapping option is used, the same mapping will be used for users " "and groups IDs\\&. If B is used, the group owning the bind " "mounted directory will have no effect\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that when this option is used in combination with B<--private-users>, " "the resulting mount points will be owned by the B user\\&. " "That\\*(Aqs because the mount and its files and directories continue to be " "owned by the relevant host users and groups, which do not exist in the " "container, and thus show up under the wildcard UID 65534 (nobody)\\&. If " "such bind mounts are created, it is recommended to make them read-only, " "using B<--bind-ro=>\\&. Alternatively you can use the \"idmap\" mount option " "to map the filesystem IDs\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 198\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--bind-user=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Binds the home directory of the specified user on the host into the " "container\\&. Takes the name of an existing user on the host as argument\\&. " "May be used multiple times to bind multiple users into the container\\&. " "This does three things:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The user\\*(Aqs home directory is bind mounted from the host into /run/host/" "home/\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "An additional UID/GID mapping is added that maps the host user\\*(Aqs UID/" "GID to a container UID/GID, allocated from the 60514\\&...60577 range\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A JSON user and group record is generated in /run/userdb/ that describes the " "mapped user\\&. It contains a minimized representation of the host\\*(Aqs " "user record, adjusted to the UID/GID and home directory path assigned to the " "user in the container\\&. The B(8) glibc NSS module will pick " "up these records from there and make them available in the container\\*(Aqs " "user/group databases\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The combination of the three operations above ensures that it is possible to " "log into the container using the same account information as on the host\\&. " "The user is only mapped transiently, while the container is running, and the " "mapping itself does not result in persistent changes to the container " "(except maybe for log messages generated at login time, and similar)\\&. " "Note that in particular the UID/GID assignment in the container is not made " "persistently\\&. If the user is mapped transiently, it is best to not allow " "the user to make persistent changes to the container\\&. If the user leaves " "files or directories owned by the user, and those UIDs/GIDs are reused " "during later container invocations (possibly with a different B<--bind-" "user=> mapping), those files and directories will be accessible to the " "\"new\" user\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The user/group record mapping only works if the container contains systemd " "249 or newer, with B properly configured in nsswitch\\&." "conf\\&. See B(8) for details\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that the user record propagated from the host into the container will " "contain the UNIX password hash of the user, so that seamless logins in the " "container are possible\\&. If the container is less trusted than the host " "it\\*(Aqs hence important to use a strong UNIX password hash function (e\\&." "g\\&. yescrypt or similar, with the \"$y$\" hash prefix)\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When binding a user from the host into the container checks are executed to " "ensure that the username is not yet known in the container\\&. Moreover, it " "is checked that the UID/GID allocated for it is not currently defined in the " "user/group databases of the container\\&. Both checks directly access the " "container\\*(Aqs /etc/passwd and /etc/group, and thus might not detect " "existing accounts in other databases\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is only supported in combination with B<--private-users=>/B<-" "U>\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 249\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--inaccessible=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Make the specified path inaccessible in the container\\&. This over-mounts " "the specified path (which must exist in the container) with a file node of " "the same type that is empty and has the most restrictive access mode " "supported\\&. This is an effective way to mask files, directories and other " "file system objects from the container payload\\&. This option may be used " "more than once in case all specified paths are masked\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--tmpfs=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Mount a tmpfs file system into the container\\&. Takes a single absolute " "path argument that specifies where to mount the tmpfs instance to (in which " "case the directory access mode will be chosen as 0755, owned by root/root), " "or optionally a colon-separated pair of path and mount option string that is " "used for mounting (in which case the kernel default for access mode and " "owner will be chosen, unless otherwise specified)\\&. Backslash escapes are " "interpreted in the path, so \"\\e:\" may be used to embed colons in the " "path\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that this option cannot be used to replace the root file system of the " "container with a temporary file system\\&. However, the B<--volatile=> " "option described below provides similar functionality, with a focus on " "implementing stateless operating system images\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 214\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--overlay=>, B<--overlay-ro=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Combine multiple directory trees into one overlay file system and mount it " "into the container\\&. Takes a list of colon-separated paths to the " "directory trees to combine and the destination mount point\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Backslash escapes are interpreted in the paths, so \"\\e:\" may be used to " "embed colons in the paths\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If three or more paths are specified, then the last specified path is the " "destination mount point in the container, all paths specified before refer " "to directory trees on the host and are combined in the specified order into " "one overlay file system\\&. The left-most path is hence the lowest directory " "tree, the second-to-last path the highest directory tree in the stacking " "order\\&. If B<--overlay-ro=> is used instead of B<--overlay=>, a read-only " "overlay file system is created\\&. If a writable overlay file system is " "created, all changes made to it are written to the highest directory tree in " "the stacking order, i\\&.e\\&. the second-to-last specified\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If only two paths are specified, then the second specified path is used both " "as the top-level directory tree in the stacking order as seen from the host, " "as well as the mount point for the overlay file system in the container\\&. " "At least two paths have to be specified\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The source paths may optionally be prefixed with \"+\" character\\&. If so " "they are taken relative to the image\\*(Aqs root directory\\&. The uppermost " "source path may also be specified as an empty string, in which case a " "temporary directory below the host\\*(Aqs /var/tmp/ is used\\&. The " "directory is removed automatically when the container is shut down\\&. This " "behaviour is useful in order to make read-only container directories " "writable while the container is running\\&. For example, use \"--overlay=+/" "var::/var\" in order to automatically overlay a writable temporary directory " "on a read-only /var/ directory\\&. If a source path is not absolute, it is " "resolved relative to the current working directory\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "For details about overlay file systems, see \\m[blue]B\\m[]\\&\\s-2\\u[5]\\d\\s+2\\&. Note that the semantics of " "overlay file systems are substantially different from normal file systems, " "in particular regarding reported device and inode information\\&. Device and " "inode information may change for a file while it is being written to, and " "processes might see out-of-date versions of files at times\\&. Note that " "this switch automatically derives the \"workdir=\" mount option for the " "overlay file system from the top-level directory tree, making it a sibling " "of it\\&. It is hence essential that the top-level directory tree is not a " "mount point itself (since the working directory must be on the same file " "system as the top-most directory tree)\\&. Also note that the \"lowerdir=\" " "mount option receives the paths to stack in the opposite order of this " "switch\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that this option cannot be used to replace the root file system of the " "container with an overlay file system\\&. However, the B<--volatile=> option " "described above provides similar functionality, with a focus on implementing " "stateless operating system images\\&." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Input/Output Options" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--console=>I" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Configures how to set up standard input, output and error output for the " "container payload, as well as the /dev/console device for the container\\&. " "Takes one of B, B, B, B or " "B\\&. If B, a pseudo-TTY is allocated and made " "available as /dev/console in the container\\&. It is then bi-directionally " "connected to the standard input and output passed to B\\&. " "B is similar but only the output of the container is propagated " "and no input from the caller is read\\&. If B, a pseudo TTY is " "allocated, but it is not connected anywhere\\&. In B mode no pseudo " "TTY is allocated, but the standard input, output and error output file " "descriptors passed to B are passed on \\(em as they are " "\\(em to the container payload, see the following paragraph\\&. Finally, " "B mode operates like B when B is " "invoked on a terminal, and like B otherwise\\&. Defaults to " "B if B is invoked from a terminal, and B otherwise\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "In B mode, /dev/console will not exist in the container\\&. This means " "that the container payload generally cannot be a full init system as init " "systems tend to require /dev/console to be available\\&. On the other hand, " "in this mode container invocations can be used within shell pipelines\\&. " "This is because intermediary pseudo TTYs do not permit independent " "bidirectional propagation of the end-of-file (EOF) condition, which is " "necessary for shell pipelines to work correctly\\&. IBI< mode should be used carefully>, as passing arbitrary file " "descriptors to less trusted container payloads might open up unwanted " "interfaces for access by the container payload\\&. For example, if a passed " "file descriptor refers to a TTY of some form, APIs such as B may be " "used to synthesize input that might be used for escaping the container\\&. " "Hence B mode should only be used if the payload is sufficiently " "trusted or when the standard input/output/error output file descriptors are " "known safe, for example pipes\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--pipe>, B<-P>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Equivalent to B<--console=pipe>\\&." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Credentials" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--load-credential=>I:I, B<--set-credential=>I:I" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Pass a credential to the container\\&. These two options correspond to the " "I and I settings in unit files\\&. See " "B(5) for details about these concepts, as well as the syntax " "of the option\\*(Aqs arguments\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note: when B runs as systemd system service it can propagate " "the credentials it received via I/I to the " "container payload\\&. A systemd service manager running as PID 1 in the " "container can further propagate them to the services it itself starts\\&. It " "is thus possible to easily propagate credentials from a parent service " "manager to a container manager service and from there into its payload\\&. " "This can even be done recursively\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "In order to embed binary data into the credential data for B<--set-" "credential=>, use C-style escaping (i\\&.e\\&. \"\\en\" to embed a newline, " "or \"\\ex00\" to embed a B byte)\\&. Note that the invoking shell might " "already apply unescaping once, hence this might require double escaping!\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The B(8) and B(1) services " "read credentials configured this way for the purpose of configuring the " "container\\*(Aqs root user\\*(Aqs password and shell, as well as system " "locale, keymap and timezone during the first boot process of the " "container\\&. This is particularly useful in combination with B<--" "volatile=yes> where every single boot appears as first boot, since " "configuration applied to /etc/ is lost on container reboot cycles\\&. See " "the respective man pages for details\\&. Example:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "# systemd-nspawn -i image\\&.raw \\e\n" " --volatile=yes \\e\n" " --set-credential=firstboot\\&.locale:de_DE\\&.UTF-8 \\e\n" " --set-credential=passwd\\&.hashed-password\\&.root:\\*(Aq$y$j9T$yAuRJu1o5HioZAGDYPU5d\\&.$F64ni6J2y2nNQve90M/p0ZP0ECP/qqzipNyaY9fjGpC\\*(Aq \\e\n" " -b\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The above command line will invoke the specified image file image\\&.raw in " "volatile mode, i\\&.e\\&. with empty /etc/ and /var/\\&. The container " "payload will recognize this as a first boot, and will invoke systemd-" "firstboot\\&.service, which then reads the two passed credentials to " "configure the system\\*(Aqs initial locale and root password\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "Added in version 247\\&." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Other" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--no-pager>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Do not pipe output into a pager\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<-h>, B<--help>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Print a short help text and exit\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B<--version>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Print a short version string and exit\\&." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "ENVIRONMENT" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "I<$SYSTEMD_LOG_LEVEL>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The maximum log level of emitted messages (messages with a higher log level, " "i\\&.e\\&. less important ones, will be suppressed)\\&. Either one of (in " "order of decreasing importance) B, B, B, B, " "B, B, B, B, or an integer in the range " "0\\&...7\\&. See B(3) for more information\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "I<$SYSTEMD_LOG_COLOR>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A boolean\\&. If true, messages written to the tty will be colored according " "to priority\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This setting is only useful when messages are written directly to the " "terminal, because B(1) and other tools that display logs will " "color messages based on the log level on their own\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "I<$SYSTEMD_LOG_TIME>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A boolean\\&. If true, console log messages will be prefixed with a " "timestamp\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This setting is only useful when messages are written directly to the " "terminal or a file, because B(1) and other tools that display " "logs will attach timestamps based on the entry metadata on their own\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "I<$SYSTEMD_LOG_LOCATION>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A boolean\\&. If true, messages will be prefixed with a filename and line " "number in the source code where the message originates\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that the log location is often attached as metadata to journal entries " "anyway\\&. Including it directly in the message text can nevertheless be " "convenient when debugging programs\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "I<$SYSTEMD_LOG_TID>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A boolean\\&. If true, messages will be prefixed with the current numerical " "thread ID (TID)\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that the this information is attached as metadata to journal entries " "anyway\\&. Including it directly in the message text can nevertheless be " "convenient when debugging programs\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "I<$SYSTEMD_LOG_TARGET>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The destination for log messages\\&. One of B (log to the attached " "tty), B (log to the attached tty but with prefixes " "encoding the log level and \"facility\", see B(3), B (log to " "the kernel circular log buffer), B (log to the journal), B (log to the journal if available, and to kmsg otherwise), B " "(determine the appropriate log target automatically, the default), B " "(disable log output)\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "I<$SYSTEMD_LOG_RATELIMIT_KMSG>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Whether to ratelimit kmsg or not\\&. Takes a boolean\\&. Defaults to " "\"true\"\\&. If disabled, systemd will not ratelimit messages written to " "kmsg\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "I<$SYSTEMD_PAGER>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Pager to use when B<--no-pager> is not given; overrides I<$PAGER>\\&. If " "neither I<$SYSTEMD_PAGER> nor I<$PAGER> are set, a set of well-known pager " "implementations are tried in turn, including B(1) and B(1), " "until one is found\\&. If no pager implementation is discovered no pager is " "invoked\\&. Setting this environment variable to an empty string or the " "value \"cat\" is equivalent to passing B<--no-pager>\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note: if I<$SYSTEMD_PAGERSECURE> is not set, I<$SYSTEMD_PAGER> (as well as " "I<$PAGER>) will be silently ignored\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "I<$SYSTEMD_LESS>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Override the options passed to B (by default \"FRSXMK\")\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Users might want to change two options in particular:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This option instructs the pager to exit immediately when Ctrl+C is " "pressed\\&. To allow B to handle Ctrl+C itself to switch back to the " "pager command prompt, unset this option\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the value of I<$SYSTEMD_LESS> does not include \"K\", and the pager that " "is invoked is B, Ctrl+C will be ignored by the executable, and needs " "to be handled by the pager\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This option instructs the pager to not send termcap initialization and " "deinitialization strings to the terminal\\&. It is set by default to allow " "command output to remain visible in the terminal even after the pager " "exits\\&. Nevertheless, this prevents some pager functionality from working, " "in particular paged output cannot be scrolled with the mouse\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "See B(1) for more discussion\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "I<$SYSTEMD_LESSCHARSET>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Override the charset passed to B (by default \"utf-8\", if the " "invoking terminal is determined to be UTF-8 compatible)\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "I<$SYSTEMD_PAGERSECURE>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Takes a boolean argument\\&. When true, the \"secure\" mode of the pager is " "enabled; if false, disabled\\&. If I<$SYSTEMD_PAGERSECURE> is not set at " "all, secure mode is enabled if the effective UID is not the same as the " "owner of the login session, see B(2) and " "B(3)\\&. In secure mode, B will be set " "when invoking the pager, and the pager shall disable commands that open or " "create new files or start new subprocesses\\&. When I<$SYSTEMD_PAGERSECURE> " "is not set at all, pagers which are not known to implement secure mode will " "not be used\\&. (Currently only B(1) implements secure mode\\&.)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note: when commands are invoked with elevated privileges, for example under " "B(8) or B(1), care must be taken to ensure that unintended " "interactive features are not enabled\\&. \"Secure\" mode for the pager may " "be enabled automatically as describe above\\&. Setting " "I or not removing it from the inherited environment " "allows the user to invoke arbitrary commands\\&. Note that if the " "I<$SYSTEMD_PAGER> or I<$PAGER> variables are to be honoured, " "I<$SYSTEMD_PAGERSECURE> must be set too\\&. It might be reasonable to " "completely disable the pager using B<--no-pager> instead\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "I<$SYSTEMD_COLORS>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Takes a boolean argument\\&. When true, B and related utilities " "will use colors in their output, otherwise the output will be monochrome\\&. " "Additionally, the variable can take one of the following special values: " "\"16\", \"256\" to restrict the use of colors to the base 16 or 256 ANSI " "colors, respectively\\&. This can be specified to override the automatic " "decision based on I<$TERM> and what the console is connected to\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "I<$SYSTEMD_URLIFY>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The value must be a boolean\\&. Controls whether clickable links should be " "generated in the output for terminal emulators supporting this\\&. This can " "be specified to override the decision that B makes based on " "I<$TERM> and other conditions\\&." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "EXAMPLES" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "" "# machinectl pull-raw --verify=no \\e\n" " https://download\\&.fedoraproject\\&.org/pub/fedora/linux/releases/38/Cloud/x86_64/images/Fedora-Cloud-Base-38-1\\&.6\\&.x86_64\\&.raw\\&.xz \\e\n" " Fedora-Cloud-Base-38-1\\&.6\\&.x86-64\n" "# systemd-nspawn -M Fedora-Cloud-Base-38-1\\&.6\\&.x86-64\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This downloads an image using B(1) and opens a shell in it\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "" "# dnf -y --releasever=38 --installroot=/var/lib/machines/f38 \\e\n" " --repo=fedora --repo=updates --setopt=install_weak_deps=False install \\e\n" " passwd dnf fedora-release vim-minimal util-linux systemd systemd-networkd\n" "# systemd-nspawn -bD /var/lib/machines/f38\n" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "" "This installs a minimal Fedora distribution into the directory /var/lib/" "machines/f38 and then boots that OS in a namespace container\\&. Because the " "installation is located underneath the standard /var/lib/machines/ " "directory, it is also possible to start the machine using B\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "# debootstrap unstable ~/debian-tree/\n" "# systemd-nspawn -D ~/debian-tree/\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This installs a minimal Debian unstable distribution into the directory ~/" "debian-tree/ and then spawns a shell from this image in a namespace " "container\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B supports \\m[blue]B\\m[]\\&\\s-2\\u[7]\\d\\s+2, " "\\m[blue]B\\m[]\\&\\s-2\\u[8]\\d\\s+2, and " "\\m[blue]B\\m[]\\&\\s-2\\u[9]\\d\\s+2 out of the box, so the same " "command can be used to install any of those\\&. For other distributions from " "the Debian family, a mirror has to be specified, see B(8)\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "# pacstrap -c ~/arch-tree/ base\n" "# systemd-nspawn -bD ~/arch-tree/\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This installs a minimal Arch Linux distribution into the directory ~/arch-" "tree/ and then boots an OS in a namespace container in it\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "# zypper --root=/var/lib/machines/tumbleweed ar -c \\e\n" " https://download\\&.opensuse\\&.org/tumbleweed/repo/oss tumbleweed\n" "# zypper --root=/var/lib/machines/tumbleweed refresh\n" "# zypper --root=/var/lib/machines/tumbleweed install --no-recommends \\e\n" " systemd shadow zypper openSUSE-release vim\n" "# systemd-nspawn -M tumbleweed passwd root\n" "# systemd-nspawn -M tumbleweed -b\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "# systemd-nspawn -D / -xb\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This runs a copy of the host system in a snapshot which is removed " "immediately when the container exits\\&. All file system changes made during " "runtime will be lost on shutdown, hence\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "# chcon system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -R /srv/container\n" "# systemd-nspawn -L system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 \\e\n" " -Z system_u:system_r:svirt_lxc_net_t:s0:c0,c1 -D /srv/container /bin/sh\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "# systemd-nspawn -b -i ~/image\\&.raw \\e\n" " --pivot-root=/ostree/deploy/$OS/deploy/$CHECKSUM:/sysroot \\e\n" " --bind=+/sysroot/ostree/deploy/$OS/var:/var\n" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "EXIT STATUS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The exit code of the program executed in the container is returned\\&." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "SEE ALSO" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B(1), B(5), B(1), B(8), " "B(8), B(8), B(8), B(5), " "B(1), B(8)" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "NOTES" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid " 1." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Container Interface" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "\\%https://systemd.io/CONTAINER_INTERFACE" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid " 2." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Discoverable Partitions Specification" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "\\%https://uapi-group.org/specifications/specs/" "discoverable_partitions_specification" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid " 3." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "OCI Runtime Specification" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "\\%https://github.com/opencontainers/runtime-spec/blob/master/spec.md" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid " 4." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "OSTree" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "\\%https://ostree.readthedocs.io/en/latest/" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid " 5." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Overlay Filesystem" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "\\%https://docs.kernel.org/filesystems/overlayfs.html" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid " 6." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Fedora" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "\\%https://getfedora.org" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid " 7." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Debian" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "\\%https://www.debian.org" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid " 8." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Ubuntu" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "\\%https://www.ubuntu.com" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid " 9." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Tanglu" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "\\%https://www.tanglu.org" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "10." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Arch Linux" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "\\%https://www.archlinux.org" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "11." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "OpenSUSE Tumbleweed" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "\\%https://software.opensuse.org/distributions/tumbleweed" msgstr "" #. type: TH #: debian-bookworm opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "systemd 254" msgstr "" #. type: Plain text #: debian-bookworm msgid "" "Note that B(8) includes by default a network " "file /lib/systemd/network/80-container-ve\\&.network matching the host-side " "interfaces created this way, which contains settings to enable automatic " "address provisioning on the created virtual link via DHCP, as well as " "automatic IP routing onto the host\\*(Aqs external network interfaces\\&. It " "also contains /lib/systemd/network/80-container-host0\\&.network matching " "the container-side interface created this way, containing settings to enable " "client side address assignment via DHCP\\&. In case systemd-networkd is " "running on both the host and inside the container, automatic IP " "communication from the container to the host is thus available, with further " "connectivity to the external network\\&." msgstr "" #. type: Plain text #: debian-bookworm msgid "" "Note that B(8) includes by default a network " "file /lib/systemd/network/80-container-vz\\&.network matching the bridge " "interfaces created this way, which contains settings to enable automatic " "address provisioning on the created virtual network via DHCP, as well as " "automatic IP routing onto the host\\*(Aqs external network interfaces\\&. " "Using B<--network-zone=> is hence in most cases fully automatic and " "sufficient to connect multiple local containers in a joined broadcast domain " "to the host, with further connectivity to the external network\\&." msgstr "" #. type: Plain text #: debian-bookworm fedora-40 fedora-rawhide opensuse-leap-15-6 #: opensuse-tumbleweed msgid "" "Control whether the container\\*(Aqs journal shall be made visible to the " "host system\\&. If enabled, allows viewing the container\\*(Aqs journal " "files from the host (but not vice versa)\\&. Takes one of \"no\", \"host\", " "\"try-host\", \"guest\", \"try-guest\", \"auto\"\\&. If \"no\", the journal " "is not linked\\&. If \"host\", the journal files are stored on the host file " "system (beneath /var/log/journal/I) and the subdirectory is bind-" "mounted into the container at the same location\\&. If \"guest\", the " "journal files are stored on the guest file system (beneath /var/log/journal/" "I) and the subdirectory is symlinked into the host at the same " "location\\&. \"try-host\" and \"try-guest\" do the same but do not fail if " "the host does not have persistent journaling enabled\\&. If \"auto\" (the " "default), and the right subdirectory of /var/log/journal exists, it will be " "bind mounted into the container\\&. If the subdirectory does not exist, no " "linking is performed\\&. Effectively, booting a container once with " "\"guest\" or \"host\" will link the journal persistently if further on the " "default of \"auto\" is used\\&." msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Mount options are comma-separated\\&. B and B control " "whether to create a recursive or a regular bind mount\\&. Defaults to " "\"rbind\"\\&. B, B, and B control ID mapping\\&." msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Using B or B requires support by the source filesystem for " "user/group ID mapped mounts\\&. Defaults to \"noidmap\"\\&. With B being " "the container\\*(Aqs UID range offset, B being the length of the " "container\\*(Aqs UID range, and B

being the owner UID of the bind mount " "source inode on the host:" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "# machinectl pull-raw --verify=no \\e\n" " https://download\\&.fedoraproject\\&.org/pub/fedora/linux/releases/37/Cloud/x86_64/images/Fedora-Cloud-Base-37-1\\&.7\\&.x86_64\\&.raw\\&.xz \\e\n" " Fedora-Cloud-Base-37-1\\&.7\\&.x86-64\n" "# systemd-nspawn -M Fedora-Cloud-Base-37-1\\&.7\\&.x86-64\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "# dnf -y --releasever=37 --installroot=/var/lib/machines/f37 \\e\n" " --repo=fedora --repo=updates --setopt=install_weak_deps=False install \\e\n" " passwd dnf fedora-release vim-minimal util-linux systemd systemd-networkd\n" "# systemd-nspawn -bD /var/lib/machines/f37\n" msgstr "" #. type: Plain text #: debian-bookworm opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This installs a minimal Fedora distribution into the directory /var/lib/" "machines/f37 and then boots that OS in a namespace container\\&. Because the " "installation is located underneath the standard /var/lib/machines/ " "directory, it is also possible to start the machine using B\\&." msgstr ""