]>
Commit | Line | Data |
---|---|---|
61f403a1 LP |
1 | <?xml version='1.0'?> <!--*-nxml-*--> |
2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" | |
3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> | |
db9ecf05 | 4 | <!-- SPDX-License-Identifier: LGPL-2.1-or-later --> |
61f403a1 | 5 | |
bb5a34fb | 6 | <refentry id="systemd-dissect" conditional='HAVE_BLKID' |
61f403a1 LP |
7 | xmlns:xi="http://www.w3.org/2001/XInclude"> |
8 | ||
9 | <refentryinfo> | |
10 | <title>systemd-dissect</title> | |
11 | <productname>systemd</productname> | |
12 | </refentryinfo> | |
13 | ||
14 | <refmeta> | |
15 | <refentrytitle>systemd-dissect</refentrytitle> | |
16 | <manvolnum>1</manvolnum> | |
17 | </refmeta> | |
18 | ||
19 | <refnamediv> | |
20 | <refname>systemd-dissect</refname> | |
92828ba6 | 21 | <refname>mount.ddi</refname> |
2781f7b4 | 22 | <refpurpose>Dissect Discoverable Disk Images (DDIs)</refpurpose> |
61f403a1 LP |
23 | </refnamediv> |
24 | ||
25 | <refsynopsisdiv> | |
26 | <cmdsynopsis> | |
27 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="plain"><replaceable>IMAGE</replaceable></arg></command> | |
28 | </cmdsynopsis> | |
29 | <cmdsynopsis> | |
30 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--mount</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> <arg choice="plain"><replaceable>PATH</replaceable></arg></command> | |
31 | </cmdsynopsis> | |
ac1f1adf DDM |
32 | <cmdsynopsis> |
33 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--umount</option> <arg choice="plain"><replaceable>PATH</replaceable></arg></command> | |
34 | </cmdsynopsis> | |
07d6072e LP |
35 | <cmdsynopsis> |
36 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--attach</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg></command> | |
37 | </cmdsynopsis> | |
38 | <cmdsynopsis> | |
39 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--detach</option> <arg choice="plain"><replaceable>PATH</replaceable></arg></command> | |
40 | </cmdsynopsis> | |
0cf16924 AAF |
41 | <cmdsynopsis> |
42 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--list</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg></command> | |
43 | </cmdsynopsis> | |
b5b40106 LP |
44 | <cmdsynopsis> |
45 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--mtree</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg></command> | |
46 | </cmdsynopsis> | |
1a06ce16 LP |
47 | <cmdsynopsis> |
48 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--with</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> <arg choice="opt" rep="repeat"><replaceable>COMMAND</replaceable></arg></command> | |
49 | </cmdsynopsis> | |
61f403a1 LP |
50 | <cmdsynopsis> |
51 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--copy-from</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> <arg choice="plain"><replaceable>PATH</replaceable></arg> <arg choice="opt"><replaceable>TARGET</replaceable></arg></command> | |
52 | </cmdsynopsis> | |
53 | <cmdsynopsis> | |
54 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--copy-to</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> <arg choice="opt"><replaceable>SOURCE</replaceable></arg> <arg choice="plain"><replaceable>PATH</replaceable></arg></command> | |
55 | </cmdsynopsis> | |
a0582220 AAF |
56 | <cmdsynopsis> |
57 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--discover</option></command> | |
58 | </cmdsynopsis> | |
59 | <cmdsynopsis> | |
60 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--validate</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg></command> | |
61 | </cmdsynopsis> | |
61f403a1 LP |
62 | </refsynopsisdiv> |
63 | ||
64 | <refsect1> | |
65 | <title>Description</title> | |
66 | ||
67 | <para><command>systemd-dissect</command> is a tool for introspecting and interacting with file system OS | |
e4823735 | 68 | disk images, specifically Discoverable Disk Images (DDIs). It supports four different operations:</para> |
61f403a1 LP |
69 | |
70 | <orderedlist> | |
71 | <listitem><para>Show general OS image information, including the image's | |
72 | <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry> data, | |
73 | machine ID, partition information and more.</para></listitem> | |
74 | ||
75 | <listitem><para>Mount an OS image to a local directory. In this mode it will dissect the OS image and | |
76 | mount the included partitions according to their designation onto a directory and possibly | |
77 | sub-directories.</para></listitem> | |
78 | ||
ac1f1adf DDM |
79 | <listitem><para>Unmount an OS image from a local directory. In this mode it will recursively unmount |
80 | the mounted partitions and remove the underlying loop device, including all the partition sub-devices. | |
81 | </para></listitem> | |
82 | ||
61f403a1 LP |
83 | <listitem><para>Copy files and directories in and out of an OS image.</para></listitem> |
84 | </orderedlist> | |
85 | ||
86 | <para>The tool may operate on three types of OS images:</para> | |
87 | ||
88 | <orderedlist> | |
89 | <listitem><para>OS disk images containing a GPT partition table envelope, with partitions marked | |
db811444 | 90 | according to the <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions |
61f403a1 LP |
91 | Specification</ulink>.</para></listitem> |
92 | ||
93 | <listitem><para>OS disk images containing just a plain file-system without an enveloping partition | |
94 | table. (This file system is assumed to be the root file system of the OS.)</para></listitem> | |
95 | ||
96 | <listitem><para>OS disk images containing a GPT or MBR partition table, with a single | |
97 | partition only. (This partition is assumed to contain the root file system of the OS.)</para></listitem> | |
98 | </orderedlist> | |
99 | ||
100 | <para>OS images may use any kind of Linux-supported file systems. In addition they may make use of LUKS | |
101 | disk encryption, and contain Verity integrity information. Note that qualifying OS images may be booted | |
21556381 | 102 | with <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s |
61f403a1 LP |
103 | <option>--image=</option> switch, and be used as root file system for system service using the |
104 | <varname>RootImage=</varname> unit file setting, see | |
21556381 | 105 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> |
461836a4 LP |
106 | |
107 | <para>Note that the partition table shown when invoked without command switch (as listed below) does not | |
108 | necessarily show all partitions included in the image, but just the partitions that are understood and | |
109 | considered part of an OS disk image. Specifically, partitions of unknown types are ignored, as well as | |
110 | duplicate partitions (i.e. more than one per partition type), as are root and <filename>/usr/</filename> | |
111 | partitions of architectures not compatible with the local system. In other words: this tool will display | |
112 | what it operates with when mounting the image. To display the complete list of partitions use a tool such | |
113 | as <citerefentry | |
114 | project='man-pages'><refentrytitle>fdisk</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para> | |
92828ba6 LP |
115 | |
116 | <para>The <command>systemd-dissect</command> command may be invoked as <command>mount.ddi</command> in | |
117 | which case it implements the <citerefentry | |
118 | project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry> "external | |
119 | helper" interface. This ensures disk images compatible with <command>systemd-dissect</command> can be | |
120 | mounted directly by <command>mount</command> and <citerefentry | |
121 | project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>. For | |
122 | details see below.</para> | |
61f403a1 LP |
123 | </refsect1> |
124 | ||
125 | <refsect1> | |
126 | <title>Commands</title> | |
127 | ||
128 | <para>If neither of the command switches listed below are passed the specified disk image is opened and | |
129 | general information about the image and the contained partitions and their use is shown.</para> | |
130 | ||
131 | <variablelist> | |
132 | <varlistentry> | |
133 | <term><option>--mount</option></term> | |
134 | <term><option>-m</option></term> | |
135 | ||
136 | <listitem><para>Mount the specified OS image to the specified directory. This will dissect the image, | |
137 | determine the OS root file system — as well as possibly other partitions — and mount them to the | |
138 | specified directory. If the OS image contains multiple partitions marked with the <ulink | |
db811444 | 139 | url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink> |
61f403a1 LP |
140 | multiple nested mounts are established. This command expects two arguments: a path to an image file |
141 | and a path to a directory where to mount the image.</para> | |
142 | ||
ac1f1adf | 143 | <para>To unmount an OS image mounted like this use the <option>--umount</option> operation.</para> |
61f403a1 LP |
144 | |
145 | <para>When the OS image contains LUKS encrypted or Verity integrity protected file systems | |
146 | appropriate volumes are automatically set up and marked for automatic disassembly when the image is | |
147 | unmounted.</para> | |
148 | ||
149 | <para>The OS image may either be specified as path to an OS image stored in a regular file or may | |
150 | refer to block device node (in the latter case the block device must be the "whole" device, i.e. not | |
151 | a partition device). (The other supported commands described here support this, too.)</para> | |
152 | ||
153 | <para>All mounted file systems are checked with the appropriate <citerefentry | |
154 | project='man-pages'><refentrytitle>fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
155 | implementation in automatic fixing mode, unless explicitly turned off (<option>--fsck=no</option>) or | |
92828ba6 LP |
156 | read-only operation is requested (<option>--read-only</option>).</para> |
157 | ||
158 | <para>Note that this functionality is also available in <citerefentry | |
159 | project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry> via a | |
160 | command such as <command>mount -t ddi myimage.raw targetdir/</command>, as well as in <citerefentry | |
161 | project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>. For | |
ec07c3c8 AK |
162 | details, see below.</para> |
163 | ||
164 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
165 | </varlistentry> |
166 | ||
167 | <varlistentry> | |
168 | <term><option>-M</option></term> | |
169 | ||
ec07c3c8 AK |
170 | <listitem><para>This is a shortcut for <option>--mount --mkdir</option>.</para> |
171 | ||
172 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
173 | </varlistentry> |
174 | ||
ac1f1adf DDM |
175 | <varlistentry> |
176 | <term><option>--umount</option></term> | |
177 | <term><option>-u</option></term> | |
178 | ||
179 | <listitem><para>Unmount an OS image from the specified directory. This command expects one argument: | |
180 | a directory where an OS image was mounted.</para> | |
181 | ||
182 | <para>All mounted partitions will be recursively unmounted, and the underlying loop device will be | |
ec07c3c8 AK |
183 | removed, along with all its partition sub-devices.</para> |
184 | ||
185 | <xi:include href="version-info.xml" xpointer="v252"/></listitem> | |
ac1f1adf DDM |
186 | </varlistentry> |
187 | ||
188 | <varlistentry> | |
189 | <term><option>-U</option></term> | |
190 | ||
ec07c3c8 AK |
191 | <listitem><para>This is a shortcut for <option>--umount --rmdir</option>.</para> |
192 | ||
193 | <xi:include href="version-info.xml" xpointer="v252"/></listitem> | |
ac1f1adf | 194 | </varlistentry> |
07d6072e LP |
195 | |
196 | <varlistentry> | |
197 | <term><option>--attach</option></term> | |
198 | ||
199 | <listitem><para>Attach the specified disk image to an automatically allocated loopback block device, | |
200 | and print the path to the loopback block device to standard output. This is similar to an invocation | |
201 | of <command>losetup --find --show</command>, but will validate the image as DDI before attaching, and | |
202 | derive the correct sector size to use automatically. Moreover, it ensures the per-partition block | |
ec07c3c8 AK |
203 | devices are created before returning. Takes a path to a disk image file.</para> |
204 | ||
205 | <xi:include href="version-info.xml" xpointer="v254"/></listitem> | |
07d6072e LP |
206 | </varlistentry> |
207 | ||
208 | <varlistentry> | |
209 | <term><option>--detach</option></term> | |
210 | ||
211 | <listitem><para>Detach the specified disk image from a loopback block device. This undoes the effect | |
212 | of <option>--attach</option> above. This expects either a path to a loopback block device as an | |
213 | argument, or the path to the backing image file. In the latter case it will automatically determine | |
ec07c3c8 AK |
214 | the right device to detach.</para> |
215 | ||
216 | <xi:include href="version-info.xml" xpointer="v254"/></listitem> | |
07d6072e | 217 | </varlistentry> |
ac1f1adf | 218 | |
0cf16924 AAF |
219 | <varlistentry> |
220 | <term><option>--list</option></term> | |
221 | <term><option>-l</option></term> | |
222 | ||
2292fa1e | 223 | <listitem><para>Prints the paths of all the files and directories in the specified OS image or |
ec07c3c8 AK |
224 | directory to standard output.</para> |
225 | ||
226 | <xi:include href="version-info.xml" xpointer="v253"/></listitem> | |
0cf16924 AAF |
227 | </varlistentry> |
228 | ||
b5b40106 LP |
229 | <varlistentry> |
230 | <term><option>--mtree</option></term> | |
b5b40106 | 231 | |
8fb35004 ZJS |
232 | <listitem><para>Generates a BSD |
233 | <citerefentry project='die-net'><refentrytitle>mtree</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
2292fa1e | 234 | compatible file manifest of the specified disk image or directory. This is useful for comparing image |
b5b40106 LP |
235 | contents in detail, including inode information and other metadata. While the generated manifest will |
236 | contain detailed inode information, it currently excludes extended attributes, file system | |
8fb35004 ZJS |
237 | capabilities, MAC labels, |
238 | <citerefentry project='man-pages'><refentrytitle>chattr</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
239 | file flags, | |
be57c176 | 240 | <citerefentry project='url'><refentrytitle url='https://btrfs.readthedocs.io/en/latest/btrfs-man5.html'>btrfs</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
8fb35004 ZJS |
241 | subvolume information, and various other file metadata. File content information is shown via a |
242 | SHA256 digest. Additional fields might be added in future. Note that inode information such as link | |
243 | counts, inode numbers and timestamps is excluded from the output on purpose, as it typically | |
ec07c3c8 AK |
244 | complicates reproducibility.</para> |
245 | ||
246 | <xi:include href="version-info.xml" xpointer="v253"/></listitem> | |
b5b40106 LP |
247 | </varlistentry> |
248 | ||
1a06ce16 LP |
249 | <varlistentry> |
250 | <term><option>--with</option></term> | |
251 | ||
252 | <listitem><para>Runs the specified command with the specified OS image mounted. This will mount the | |
253 | image to a temporary directory, switch the current working directory to it, and invoke the specified | |
254 | command line as child process. Once the process ends it will unmount the image again, and remove the | |
255 | temporary directory. If no command is specified a shell is invoked. The image is mounted writable, | |
256 | use <option>--read-only</option> to switch to read-only operation. The invoked process will have the | |
257 | <varname>$SYSTEMD_DISSECT_ROOT</varname> environment variable set, containing the absolute path name | |
258 | of the temporary mount point, i.e. the same directory that is set as the current working | |
47838b55 | 259 | directory. It will also have the <varname>$SYSTEMD_DISSECT_DEVICE</varname> environment variable set, |
ec07c3c8 AK |
260 | containing the absolute path name of the loop device the image was attached to.</para> |
261 | ||
262 | <xi:include href="version-info.xml" xpointer="v253"/></listitem> | |
1a06ce16 LP |
263 | </varlistentry> |
264 | ||
61f403a1 LP |
265 | <varlistentry> |
266 | <term><option>--copy-from</option></term> | |
267 | <term><option>-x</option></term> | |
268 | ||
2292fa1e DDM |
269 | <listitem><para>Copies a file or directory from the specified OS image or directory into the |
270 | specified location on the host file system. Expects three arguments: a path to an image file or | |
271 | directory, a source path (relative to the image's root directory) and a destination path (relative to | |
272 | the current working directory, or an absolute path, both outside of the image). If the destination | |
273 | path is omitted or specified as dash (<literal>-</literal>), the specified file is written to | |
274 | standard output. If the source path in the image file system refers to a regular file it is copied to | |
275 | the destination path. In this case access mode, extended attributes and timestamps are copied as | |
276 | well, but file ownership is not. If the source path in the image refers to a directory, it is copied | |
277 | to the destination path, recursively with all containing files and directories. In this case the file | |
ec07c3c8 AK |
278 | ownership is copied too.</para> |
279 | ||
280 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
281 | </varlistentry> |
282 | ||
283 | <varlistentry> | |
284 | <term><option>--copy-to</option></term> | |
285 | <term><option>-a</option></term> | |
286 | ||
287 | <listitem><para>Copies a file or directory from the specified location in the host file system into | |
2292fa1e DDM |
288 | the specified OS image or directory. Expects three arguments: a path to an image file or directory, a |
289 | source path (relative to the current working directory, or an absolute path, both outside of the | |
290 | image) and a destination path (relative to the image's root directory). If the source path is omitted | |
291 | or specified as dash (<literal>-</literal>), the data to write is read from standard input. If the | |
292 | source path in the host file system refers to a regular file, it is copied to the destination path. | |
293 | In this case access mode, extended attributes and timestamps are copied as well, but file ownership | |
294 | is not. If the source path in the host file system refers to a directory it is copied to the | |
295 | destination path, recursively with all containing files and directories. In this case the file | |
296 | ownership is copied too.</para> | |
61f403a1 LP |
297 | |
298 | <para>As with <option>--mount</option> file system checks are implicitly run before the copy | |
ec07c3c8 AK |
299 | operation begins.</para> |
300 | ||
301 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
302 | </varlistentry> |
303 | ||
0305cf6e LP |
304 | <varlistentry> |
305 | <term><option>--discover</option></term> | |
306 | ||
3b288a2d | 307 | <listitem><para>Show a list of DDIs in well-known directories. This will show machine, portable |
1e07c6f3 | 308 | service and system/configuration extension disk images in the usual directories |
0305cf6e | 309 | <filename>/usr/lib/machines/</filename>, <filename>/usr/lib/portables/</filename>, |
1e07c6f3 | 310 | <filename>/usr/lib/confexts/</filename>, <filename>/var/lib/machines/</filename>, |
0305cf6e | 311 | <filename>/var/lib/portables/</filename>, <filename>/var/lib/extensions/</filename> and so |
ec07c3c8 AK |
312 | on.</para> |
313 | ||
314 | <xi:include href="version-info.xml" xpointer="v253"/></listitem> | |
0305cf6e LP |
315 | </varlistentry> |
316 | ||
dee4a623 LP |
317 | <varlistentry> |
318 | <term><option>--validate</option></term> | |
319 | ||
320 | <listitem><para>Validates the partition arrangement of a disk image (DDI), and ensures it matches the | |
321 | image policy specified via <option>--image-policy=</option>, if one is specified. This parses the | |
322 | partition table and probes the file systems in the image, but does not attempt to mount them (nor to | |
323 | set up disk encryption/authentication via LUKS/Verity). It does this taking the configured image | |
324 | dissection policy into account. Since this operation does not mount file systems, this command – | |
325 | unlike all other commands implemented by this tool – requires no privileges other than the ability to | |
326 | access the specified file. Prints "OK" and returns zero if the image appears to be in order and | |
327 | matches the specified image dissection policy. Otherwise prints an error message and returns | |
ec07c3c8 AK |
328 | non-zero.</para> |
329 | ||
330 | <xi:include href="version-info.xml" xpointer="v254"/></listitem> | |
dee4a623 LP |
331 | </varlistentry> |
332 | ||
61f403a1 LP |
333 | <xi:include href="standard-options.xml" xpointer="help" /> |
334 | <xi:include href="standard-options.xml" xpointer="version" /> | |
335 | </variablelist> | |
336 | ||
337 | </refsect1> | |
338 | ||
339 | <refsect1> | |
340 | <title>Options</title> | |
341 | ||
342 | <para>The following options are understood:</para> | |
343 | ||
344 | <variablelist> | |
345 | <varlistentry> | |
346 | <term><option>--read-only</option></term> | |
347 | <term><option>-r</option></term> | |
348 | ||
349 | <listitem><para>Operate in read-only mode. By default <option>--mount</option> will establish | |
350 | writable mount points. If this option is specified they are established in read-only mode | |
ec07c3c8 AK |
351 | instead.</para> |
352 | ||
353 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
354 | </varlistentry> |
355 | ||
356 | <varlistentry> | |
357 | <term><option>--fsck=no</option></term> | |
358 | ||
359 | <listitem><para>Turn off automatic file system checking. By default when an image is accessed for | |
60c6c210 LP |
360 | writing (by <option>--mount</option> or <option>--copy-to</option>) the file systems contained in the |
361 | OS image are automatically checked using the appropriate <citerefentry | |
61f403a1 LP |
362 | project='man-pages'><refentrytitle>fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry> |
363 | command, in automatic fixing mode. This behavior may be switched off using | |
ec07c3c8 AK |
364 | <option>--fsck=no</option>.</para> |
365 | ||
366 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
367 | </varlistentry> |
368 | ||
74a54bae LP |
369 | <varlistentry> |
370 | <term><option>--growfs=no</option></term> | |
371 | ||
372 | <listitem><para>Turn off automatic growing of accessed file systems to their partition size, if | |
373 | marked for that in the GPT partition table. By default when an image is accessed for writing (by | |
374 | <option>--mount</option> or <option>--copy-to</option>) the file systems contained in the OS image | |
375 | are automatically grown to their partition sizes, if bit 59 in the GPT partition flags is set for | |
376 | partition types that are defined by the <ulink | |
db811444 | 377 | url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink>. This |
74a54bae LP |
378 | behavior may be switched off using <option>--growfs=no</option>. File systems are grown automatically |
379 | on access if all of the following conditions are met:</para> | |
380 | <orderedlist> | |
381 | <listitem><para>The file system is mounted writable</para></listitem> | |
382 | <listitem><para>The file system currently is smaller than the partition it is contained in (and thus can be grown)</para></listitem> | |
383 | <listitem><para>The image contains a GPT partition table</para></listitem> | |
384 | <listitem><para>The file system is stored on a partition defined by the Discoverable Partitions Specification</para></listitem> | |
385 | <listitem><para>Bit 59 of the GPT partition flags for this partition is set, as per specification</para></listitem> | |
386 | <listitem><para>The <option>--growfs=no</option> option is not passed.</para></listitem> | |
387 | </orderedlist> | |
ec07c3c8 AK |
388 | |
389 | <xi:include href="version-info.xml" xpointer="v249"/> | |
74a54bae LP |
390 | </listitem> |
391 | </varlistentry> | |
392 | ||
61f403a1 LP |
393 | <varlistentry> |
394 | <term><option>--mkdir</option></term> | |
395 | ||
396 | <listitem><para>If combined with <option>--mount</option> the directory to mount the OS image to is | |
397 | created if it is missing. Note that the directory is not automatically removed when the disk image is | |
ec07c3c8 AK |
398 | unmounted again.</para> |
399 | ||
400 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
401 | </varlistentry> |
402 | ||
ac1f1adf DDM |
403 | <varlistentry> |
404 | <term><option>--rmdir</option></term> | |
405 | ||
406 | <listitem><para>If combined with <option>--umount</option> the specified directory where the OS image | |
ec07c3c8 AK |
407 | is mounted is removed after unmounting the OS image.</para> |
408 | ||
409 | <xi:include href="version-info.xml" xpointer="v252"/></listitem> | |
ac1f1adf DDM |
410 | </varlistentry> |
411 | ||
61f403a1 LP |
412 | <varlistentry> |
413 | <term><option>--discard=</option></term> | |
414 | ||
415 | <listitem><para>Takes one of <literal>disabled</literal>, <literal>loop</literal>, | |
416 | <literal>all</literal>, <literal>crypto</literal>. If <literal>disabled</literal> the image is | |
75909cc7 | 417 | accessed with empty block discarding turned off. If <literal>loop</literal> discarding is enabled if |
61f403a1 | 418 | operating on a regular file. If <literal>crypt</literal> discarding is enabled even on encrypted file |
ec07c3c8 AK |
419 | systems. If <literal>all</literal> discarding is unconditionally enabled.</para> |
420 | ||
421 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
422 | </varlistentry> |
423 | ||
e7e2fbdd LP |
424 | <varlistentry> |
425 | <term><option>--in-memory</option></term> | |
426 | ||
427 | <listitem><para>If specified an in-memory copy of the specified disk image is used. This may be used | |
428 | to operate with write-access on a (possibly read-only) image, without actually modifying the original | |
429 | file. This may also be used in order to operate on a disk image without keeping the originating file | |
ec07c3c8 AK |
430 | system busy, in order to allow it to be unmounted.</para> |
431 | ||
432 | <xi:include href="version-info.xml" xpointer="v253"/></listitem> | |
e7e2fbdd LP |
433 | </varlistentry> |
434 | ||
61f403a1 LP |
435 | <varlistentry> |
436 | <term><option>--root-hash=</option></term> | |
437 | <term><option>--root-hash-sig=</option></term> | |
438 | <term><option>--verity-data=</option></term> | |
439 | ||
75909cc7 ZJS |
440 | <listitem><para>Configure various aspects of Verity data integrity for the OS image. Option |
441 | <option>--root-hash=</option> specifies a hex-encoded top-level Verity hash to use for setting up the | |
442 | Verity integrity protection. Option <option>--root-hash-sig=</option> specifies the path to a file | |
443 | containing a PKCS#7 signature for the hash. This signature is passed to the kernel during activation, | |
444 | which will match it against signature keys available in the kernel keyring. Option | |
445 | <option>--verity-data=</option> specifies a path to a file with the Verity data to use for the OS | |
446 | image, in case it is stored in a detached file. It is recommended to embed the Verity data directly | |
447 | in the image, using the Verity mechanisms in the <ulink | |
db811444 | 448 | url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink>. |
ec07c3c8 AK |
449 | </para> |
450 | ||
451 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
452 | </varlistentry> |
453 | ||
236d1fa2 LP |
454 | <varlistentry> |
455 | <term><option>--loop-ref=</option></term> | |
456 | ||
457 | <listitem><para>Configures the "reference" string the kernel shall report as backing file for the | |
458 | loopback block device. While this is supposed to be a path or filename referencing the backing file, | |
459 | this is not enforced and the kernel accepts arbitrary free-form strings, chosen by the user. Accepts | |
460 | arbitrary strings up to a length of 63 characters. This sets the kernel's | |
461 | <literal>.lo_file_name</literal> field for the block device. Note this is distinct from the | |
462 | <filename>/sys/class/block/loopX/loop/backing_file</filename> attribute file that always reports a | |
463 | path referring to the actual backing file. The latter is subject to mount namespace translation, the | |
7a05926f YW |
464 | former is not.</para> |
465 | ||
466 | <para>This setting is particularly useful in combination with the <option>--attach</option> command, | |
467 | as it allows later referencing the allocated loop device via | |
468 | <filename>/dev/disk/by-loop-ref/…</filename> symlinks. Example: first, set up the loopback device | |
469 | via <command>systemd-dissect attach --loop-ref=quux foo.raw</command>, and then reference it in a | |
470 | command via the specified filename: <command>cfdisk /dev/disk/by-loop-ref/quux</command>. | |
ec07c3c8 AK |
471 | </para> |
472 | ||
473 | <xi:include href="version-info.xml" xpointer="v254"/></listitem> | |
236d1fa2 LP |
474 | </varlistentry> |
475 | ||
12d58b6c DDM |
476 | <varlistentry> |
477 | <term><option>--mtree-hash=no</option></term> | |
478 | ||
479 | <listitem><para>If combined with <option>--mtree</option>, turns off inclusion of file hashes in the | |
480 | mtree output. This makes the <option>--mtree</option> faster when operating on large images. | |
ec07c3c8 AK |
481 | </para> |
482 | ||
483 | <xi:include href="version-info.xml" xpointer="v254"/></listitem> | |
12d58b6c DDM |
484 | </varlistentry> |
485 | ||
9ea81191 | 486 | <xi:include href="standard-options.xml" xpointer="image-policy-open" /> |
17547fb5 LP |
487 | <xi:include href="standard-options.xml" xpointer="no-pager" /> |
488 | <xi:include href="standard-options.xml" xpointer="no-legend" /> | |
8d0d1a30 | 489 | <xi:include href="standard-options.xml" xpointer="json" /> |
61f403a1 | 490 | </variablelist> |
61f403a1 LP |
491 | </refsect1> |
492 | ||
493 | <refsect1> | |
494 | <title>Exit status</title> | |
495 | ||
1a06ce16 LP |
496 | <para>On success, 0 is returned, a non-zero failure code otherwise. If the <option>--with</option> |
497 | command is used the exit status of the invoked command is propagated.</para> | |
498 | </refsect1> | |
499 | ||
92828ba6 LP |
500 | <refsect1> |
501 | <title>Invocation as <command>/sbin/mount.ddi</command></title> | |
502 | ||
503 | <para>The <command>systemd-dissect</command> executable may be symlinked to | |
504 | <filename>/sbin/mount.ddi</filename>. If invoked through that it implements <citerefentry | |
505 | project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry>'s | |
506 | "external helper" interface for the (pseudo) file system type <literal>ddi</literal>. This means | |
507 | conformant disk images may be mounted directly via</para> | |
508 | ||
509 | <programlisting># mount -t ddi myimage.raw targetdir/</programlisting> | |
510 | ||
511 | <para>in a fashion mostly equivalent to:</para> | |
512 | ||
513 | <programlisting># systemd-dissect --mount myimage.raw targetdir/</programlisting> | |
514 | ||
515 | <para>Note that since a single DDI may contain multiple file systems it should later be unmounted with | |
516 | <command>umount -R targetdir/</command>, for recursive operation.</para> | |
517 | ||
518 | <para>This functionality is particularly useful to mount DDIs automatically at boot via simple | |
519 | <filename>/etc/fstab</filename> entries. For example:</para> | |
520 | ||
521 | <programlisting>/path/to/myimage.raw /images/myimage/ ddi defaults 0 0</programlisting> | |
522 | ||
523 | <para>When invoked this way the mount options <literal>ro</literal>, <literal>rw</literal>, | |
524 | <literal>discard</literal>, <literal>nodiscard</literal> map to the corresponding options listed above | |
525 | (i.e. <option>--read-only</option>, <option>--discard=all</option>, | |
526 | <option>--discard=disabled</option>). Mount options are <emphasis>not</emphasis> generically passed on to | |
527 | the file systems inside the images.</para> | |
528 | </refsect1> | |
1a06ce16 LP |
529 | |
530 | <refsect1> | |
531 | <title>Examples</title> | |
532 | ||
533 | <example> | |
534 | <title>Generate a tarball from an OS disk image</title> | |
535 | ||
92828ba6 | 536 | <programlisting># systemd-dissect --with foo.raw tar cz . >foo.tar.gz</programlisting> |
1a06ce16 | 537 | </example> |
61f403a1 LP |
538 | </refsect1> |
539 | ||
540 | <refsect1> | |
541 | <title>See Also</title> | |
13a69c12 DT |
542 | <para><simplelist type="inline"> |
543 | <member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member> | |
544 | <member><citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry></member> | |
545 | <member><citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry></member> | |
546 | <member><ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink></member> | |
547 | <member><citerefentry project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry></member> | |
548 | <member><citerefentry project='man-pages'><refentrytitle>umount</refentrytitle><manvolnum>8</manvolnum></citerefentry></member> | |
549 | <member><citerefentry project='man-pages'><refentrytitle>fdisk</refentrytitle><manvolnum>8</manvolnum></citerefentry></member> | |
550 | </simplelist></para> | |
61f403a1 LP |
551 | </refsect1> |
552 | ||
553 | </refentry> |