]>
<!--
+ SPDX-License-Identifier: LGPL-2.1+
+
This file is part of systemd.
Copyright 2015 Lennart Poettering
specified parameters using <varname>Parameters=</varname> are passed as additional arguments to the
<filename>init</filename> process. This setting corresponds to the <option>--boot</option> switch on the
<command>systemd-nspawn</command> command line. This option may not be combined with
- <varname>ProcessTwo=yes</varname>.</para></listitem>
+ <varname>ProcessTwo=yes</varname>. This option is the default if the
+ <filename>systemd-nspawn@.service</filename> template unit file is used.</para></listitem>
</varlistentry>
<varlistentry>
switch.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>PivotRoot=</varname></term>
+
+ <listitem><para>Selects a directory to pivot to <filename>/</filename> inside the container when starting up.
+ Takes a single path, or a pair of two paths separated by a colon. Both paths must be absolute, and are resolved
+ in the container's file system namespace. This corresponds to the <option>--pivot-root=</option> command line
+ switch.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>Capability=</varname></term>
<term><varname>DropCapability=</varname></term>
all cases.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>KillSignal=</varname></term>
+
+ <listitem><para>Specify the process signal to send to the
+ container's PID 1 when nspawn itself receives SIGTERM, in
+ order to trigger an orderly shutdown of the container.
+ Defaults to SIGRTMIN+3 if <option>Boot=</option> is used
+ (on systemd-compatible init systems SIGRTMIN+3 triggers an
+ orderly shutdown). For a list of valid signals, see
+ <citerefentry project='man-pages'><refentrytitle>signal</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>Personality=</varname></term>
<option>--uuid=</option> command line switch. This option is
privileged (see above). </para></listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><varname>PrivateUsers=</varname></term>
+
+ <listitem><para>Configures support for usernamespacing. This is equivalent to the
+ <option>--private-users=</option> command line switch, and takes the same options. This option is privileged
+ (see above). This option is the default if the <filename>systemd-nspawn@.service</filename> template unit file
+ is used.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>NotifyReady=</varname></term>
+
+ <listitem><para>Configures support for notifications from the container's init process. This is equivalent to
+ the <option>--notify-ready=</option> command line switch, and takes the same parameters. See
+ <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry> for details
+ about the specific options supported.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>SystemCallFilter=</varname></term>
+
+ <listitem><para>Configures the system call filter applied to containers. This is equivalent to the
+ <option>--system-call-filter=</option> command line switch, and takes the same list parameter. See
+ <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry> for
+ details.</para></listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
for details about the specific options supported. This setting
is privileged (see above).</para></listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><varname>Overlay=</varname></term>
+ <term><varname>OverlayReadOnly=</varname></term>
+
+ <listitem><para>Adds an overlay mount point. Takes a colon-separated list of paths. This option may be used
+ multiple times to configure multiple overlay mounts. This option is equivalent to the command line switches
+ <option>--overlay=</option> and <option>--overlay-ro=</option>, see
+ <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry> for details
+ about the specific options supported. This setting is privileged (see above).</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>PrivateUsersChown=</varname></term>
+
+ <listitem><para>Configures whether the ownership of the files and directories in the container tree shall be
+ adjusted to the UID/GID range used, if necessary and user namespacing is enabled. This is equivalent to the
+ <option>--private-users-chown</option> command line switch. This option is privileged (see
+ above). </para></listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
<varlistentry>
<term><varname>VirtualEthernet=</varname></term>
- <listitem><para>Takes a boolean argument. Configures whether
- to create a virtual Ethernet connection
- (<literal>veth</literal>) between host and the container. This
- setting implies <varname>Private=yes</varname>. This setting
- corresponds to the <option>--network-veth</option> command
- line switch. This option is privileged (see
- above).</para></listitem>
+ <listitem><para>Takes a boolean argument. Configures whether to create a virtual Ethernet connection
+ (<literal>veth</literal>) between host and the container. This setting implies
+ <varname>Private=yes</varname>. This setting corresponds to the <option>--network-veth</option> command line
+ switch. This option is privileged (see above). This option is the default if the
+ <filename>systemd-nspawn@.service</filename> template unit file is used.</para></listitem>
</varlistentry>
<varlistentry>
option is privileged (see above).</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>Zone=</varname></term>
+
+ <listitem><para>Takes a network zone name. This setting implies <varname>VirtualEthernet=yes</varname> and
+ <varname>Private=yes</varname> and has the effect that the host side of the created virtual Ethernet link is
+ connected to an automatically managed bridge interface named after the passed argument, prefixed with
+ <literal>vz-</literal>. This option corresponds to the <option>--network-zone=</option> command line
+ switch. This option is privileged (see above).</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>Port=</varname></term>
projects / thirdparty / systemd.git / blobdiff