From 6200fe310bc923404bf943a87f0fc75db054f2aa Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Thu, 29 Jun 2017 11:14:50 +0200 Subject: Merging upstream version 20170629. Signed-off-by: Daniel Baumann --- share/man/container-shell.1.txt | 33 ++++++++++++++++++ share/man/container-top.1.txt | 75 +++++++++++++++++++++++++++++++++++++++++ share/man/container.1.txt | 3 ++ 3 files changed, 111 insertions(+) create mode 100644 share/man/container-top.1.txt (limited to 'share/man') diff --git a/share/man/container-shell.1.txt b/share/man/container-shell.1.txt index 6d792b8..760e0c5 100644 --- a/share/man/container-shell.1.txt +++ b/share/man/container-shell.1.txt @@ -53,6 +53,39 @@ All container commands are available, see container(1). Additionally, the follow *logout*, *exit:*:: exits container-shell. +USAGE +----- +Although the container-shell can be started from a running system like any other program, the main intend is to use the +container-shell via SSH. That way otherwise unprivileged users have possibility to manage containers without +needing a regular shell login on the container server. + +For usage over SSH a unprivileged user should be created: + + sudo adduser --gecos "container-tools,,," \ + --home /var/lib/container-tools/container-shell \ + --shell /usr/bin/container-shell + +The container-shell can then be allowed for specific SSH keys via /var/ib/container-tools/container-shell/.ssh/authorized_keys like so: + + command="/usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...] + + +RESTRICTED SHELL +---------------- +The container-shell by default grants any user that has access to it to use all available container commands. + +Through two corresponding environment variables users can be allowed or disallowed to use specific container commands. +In connection with SSH this makes it possible to grant certain SSH keys (and by that, users) privileges to operate container +servers without having to give them root access, a login shell at all and prevents them from doing things they are not trusted to do. + +Example (blacklisting): In order to allow all commands except for removing and stopping containers, the following variable can be used: + + command="CONTAINER_COMMANDS_DISABLE='remove stop' /usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...] + +Example (whitelisting): The other way around works too. To disallow all commands except for listing containers and showing the container-tools version, the following variable can be used: + + command="CONTAINER_COMMANDS_ENABLE='list version' /usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...] + SEE ALSO -------- diff --git a/share/man/container-top.1.txt b/share/man/container-top.1.txt new file mode 100644 index 0000000..5cc2a0a --- /dev/null +++ b/share/man/container-top.1.txt @@ -0,0 +1,75 @@ +// container-tools - Manage systemd-nspawn containers +// Copyright (C) 2014-2017 Daniel Baumann +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +CONTAINER-TOP(1) +================ +:doctype: manpage +:man manual: Open Infrastructure +:man source: container-tools +:man version: {revnumber} + + +NAME +---- +container-top - Dynamic list container on the system + + +SYNOPSIS +-------- +*container top* ['OPTIONS'] + + +DESCRIPTION +----------- +The container top command dynamically lists container on the system. + + +OPTIONS +------- +The following container options are available, defaults to *--delay 1*: + +*-d, --delay='SECONDS[.TENTHS]'*:: + Specifies the delay between screen updates, defaults to 1. + + +EXAMPLES +-------- +*Dynamically list containers of the local system:*:: + sudo container top + + +SEE ALSO +-------- +container-tools(7), +container(1). + + +HOMEPAGE +-------- +More information about container-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. + + +CONTACT +------- +Bug reports, feature requests, help, patches, support and everything else +are welcome on the Open Infrastructure Software Mailing List . + +Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. + + +AUTHORS +------- +container-tools was written by Daniel Baumann . diff --git a/share/man/container.1.txt b/share/man/container.1.txt index fa94d7f..6bd2a12 100644 --- a/share/man/container.1.txt +++ b/share/man/container.1.txt @@ -83,6 +83,9 @@ The following container commands are available: *status*:: Show container status, see container-status(1). +*top*:: + Dynamic list of container on the system, see container-top(1). + *version*:: Show container-tools version, see container-version(1). -- cgit v1.2.3