summaryrefslogtreecommitdiffstats
path: root/share/man
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2017-06-29 09:14:46 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2017-06-29 09:20:38 +0000
commit13f1aa11bd770faf8e66a72a7ac34fc1f7e2305a (patch)
tree1cdf704c14e208bc35e4ea25569ff14086ae4ed7 /share/man
parentAdding upstream version 20170522. (diff)
downloadopen-infrastructure-compute-tools-13f1aa11bd770faf8e66a72a7ac34fc1f7e2305a.tar.xz
open-infrastructure-compute-tools-13f1aa11bd770faf8e66a72a7ac34fc1f7e2305a.zip
Adding upstream version 20170629.upstream/20170629
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'share/man')
-rw-r--r--share/man/container-shell.1.txt33
-rw-r--r--share/man/container-top.1.txt75
-rw-r--r--share/man/container.1.txt3
3 files changed, 111 insertions, 0 deletions
diff --git a/share/man/container-shell.1.txt b/share/man/container-shell.1.txt
index 6d792b8..760e0c5 100644
--- a/share/man/container-shell.1.txt
+++ b/share/man/container-shell.1.txt
@@ -53,6 +53,39 @@ All container commands are available, see container(1). Additionally, the follow
*logout*, *exit:*::
exits container-shell.
+USAGE
+-----
+Although the container-shell can be started from a running system like any other program, the main intend is to use the
+container-shell via SSH. That way otherwise unprivileged users have possibility to manage containers without
+needing a regular shell login on the container server.
+
+For usage over SSH a unprivileged user should be created:
+
+ sudo adduser --gecos "container-tools,,," \
+ --home /var/lib/container-tools/container-shell \
+ --shell /usr/bin/container-shell
+
+The container-shell can then be allowed for specific SSH keys via /var/ib/container-tools/container-shell/.ssh/authorized_keys like so:
+
+ command="/usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...]
+
+
+RESTRICTED SHELL
+----------------
+The container-shell by default grants any user that has access to it to use all available container commands.
+
+Through two corresponding environment variables users can be allowed or disallowed to use specific container commands.
+In connection with SSH this makes it possible to grant certain SSH keys (and by that, users) privileges to operate container
+servers without having to give them root access, a login shell at all and prevents them from doing things they are not trusted to do.
+
+Example (blacklisting): In order to allow all commands except for removing and stopping containers, the following variable can be used:
+
+ command="CONTAINER_COMMANDS_DISABLE='remove stop' /usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...]
+
+Example (whitelisting): The other way around works too. To disallow all commands except for listing containers and showing the container-tools version, the following variable can be used:
+
+ command="CONTAINER_COMMANDS_ENABLE='list version' /usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...]
+
SEE ALSO
--------
diff --git a/share/man/container-top.1.txt b/share/man/container-top.1.txt
new file mode 100644
index 0000000..5cc2a0a
--- /dev/null
+++ b/share/man/container-top.1.txt
@@ -0,0 +1,75 @@
+// container-tools - Manage systemd-nspawn containers
+// Copyright (C) 2014-2017 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+CONTAINER-TOP(1)
+================
+:doctype: manpage
+:man manual: Open Infrastructure
+:man source: container-tools
+:man version: {revnumber}
+
+
+NAME
+----
+container-top - Dynamic list container on the system
+
+
+SYNOPSIS
+--------
+*container top* ['OPTIONS']
+
+
+DESCRIPTION
+-----------
+The container top command dynamically lists container on the system.
+
+
+OPTIONS
+-------
+The following container options are available, defaults to *--delay 1*:
+
+*-d, --delay='SECONDS[.TENTHS]'*::
+ Specifies the delay between screen updates, defaults to 1.
+
+
+EXAMPLES
+--------
+*Dynamically list containers of the local system:*::
+ sudo container top
+
+
+SEE ALSO
+--------
+container-tools(7),
+container(1).
+
+
+HOMEPAGE
+--------
+More information about container-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net.
+
+
+CONTACT
+-------
+Bug reports, feature requests, help, patches, support and everything else
+are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>.
+
+Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org.
+
+
+AUTHORS
+-------
+container-tools was written by Daniel Baumann <daniel.baumann@open-infrastructure.net>.
diff --git a/share/man/container.1.txt b/share/man/container.1.txt
index fa94d7f..6bd2a12 100644
--- a/share/man/container.1.txt
+++ b/share/man/container.1.txt
@@ -83,6 +83,9 @@ The following container commands are available:
*status*::
Show container status, see container-status(1).
+*top*::
+ Dynamic list of container on the system, see container-top(1).
+
*version*::
Show container-tools version, see container-version(1).