<refsect1>
<title>Description</title>
<para><command>systemd-vmspawn</command> may be used to start a virtual machine from an OS image. In many ways it is similar to <citerefentry
- project='man-pages'><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>, but it
+ project='man-pages'><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>, but
launches a full virtual machine instead of using namespaces.</para>
<para>File descriptors for <filename>/dev/kvm</filename> and <filename>/dev/vhost-vsock</filename> can be
passed to <command>systemd-vmspawn</command> via systemd's native socket passing interface (see
<citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry> for
details about the precise protocol used and the order in which the file descriptors are passed), these
- fds must be passed with the names <literal>kvm</literal> and <literal>vhost-vsock</literal> respectively.</para>
+ file descriptors must be passed with the names <literal>kvm</literal> and <literal>vhost-vsock</literal>
+ respectively.</para>
<para>Note: on Ubuntu/Debian derivatives systemd-vmspawn requires the user to be in the <literal>kvm</literal> group to use the VSock options.</para>
</refsect1>
<listitem><para>Directory to use as file system root for the virtual machine.</para>
<para>One of either <option>--directory=</option> or <option>--image=</option> must be specified.</para>
+
<para>Note: If mounting a non-root owned directory you may require <option>--private-users=</option>
to map into the user's subuid namespace.</para>
</listitem>
</varlistentry>
- <varlistentry>
- <term><option>--qemu-kvm=</option><replaceable>BOOL</replaceable></term>
+ <varlistentry>
+ <term><option>--qemu-kvm=</option><replaceable>BOOL</replaceable></term>
- <listitem><para>Configures whether to use KVM. If the option is not specified KVM support will be
- detected automatically. If true, KVM is always used, and if false, KVM is never used.</para>
+ <listitem><para>Configures whether to use KVM. If the option is not specified KVM support will be
+ detected automatically. If true, KVM is always used, and if false, KVM is never used.</para>
- <xi:include href="version-info.xml" xpointer="v255"/></listitem>
- </varlistentry>
+ <xi:include href="version-info.xml" xpointer="v255"/></listitem>
+ </varlistentry>
- <varlistentry>
- <term><option>--qemu-vsock=</option><replaceable>BOOL</replaceable></term>
+ <varlistentry>
+ <term><option>--qemu-vsock=</option><replaceable>BOOL</replaceable></term>
- <listitem>
- <para>Configure whether to use VSock networking.</para>
- <para>If the option is not specified VSock support will be detected automatically.
- If yes is specified VSocks are always used, and vice versa if no is set VSocks are never used.</para>
- <xi:include href="version-info.xml" xpointer="v255"/>
- </listitem>
- </varlistentry>
+ <listitem>
+ <para>Configure whether to use VSock networking.</para>
- <varlistentry>
- <term><option>--vsock-cid=</option><replaceable>CID</replaceable></term>
+ <para>If the option is not specified VSock support will be detected automatically.
+ If yes is specified VSocks are always used, and vice versa if no is set VSocks are never used.</para>
+ <xi:include href="version-info.xml" xpointer="v255"/>
+ </listitem>
+ </varlistentry>
- <listitem>
- <para>Configure vmspawn to use a specific CID for the guest.</para>
- <para>If the option is not specified or an empty argument is supplied the guest will be assigned a random CID.</para>
- <para>Valid CIDs are in the range <constant>3</constant> to <constant>4294967294</constant> (<constant>0xFFFF_FFFE</constant>).
- CIDs outside of this range are reserved.</para>
- <xi:include href="version-info.xml" xpointer="v255"/>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>--vsock-cid=</option><replaceable>CID</replaceable></term>
- <varlistentry>
- <term><option>--tpm=</option><replaceable>BOOL</replaceable></term>
-
- <listitem>
- <para>Configure whether to use qemu with a virtual TPM or not.</para>
- <para>If the option is not specified vmspawn will detect the presence of <citerefentry project='man-pages'>
- <refentrytitle>swtpm</refentrytitle><manvolnum>8</manvolnum></citerefentry> and use it if available.
- If yes is specified <citerefentry project='man-pages'><refentrytitle>swtpm</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- is always used, and vice versa if no is set <citerefentry project='man-pages'><refentrytitle>swtpm</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry> is never used.</para>
- <para>Note: the virtual TPM used may change in future.</para>
- <xi:include href="version-info.xml" xpointer="v256"/>
- </listitem>
- </varlistentry>
+ <listitem>
+ <para>Configure vmspawn to use a specific CID for the guest.</para>
- <varlistentry>
- <term><option>--linux=</option><replaceable>PATH</replaceable></term>
+ <para>If the option is not specified or an empty argument is supplied the guest will be assigned a random CID.</para>
- <listitem>
- <para>Set the linux kernel image to use for direct kernel boot.</para>
- <para>If no kernel was installed into the image then the image will fail to boot.</para>
- <xi:include href="version-info.xml" xpointer="v256"/>
- </listitem>
- </varlistentry>
+ <para>Valid CIDs are in the range <constant>3</constant> to <constant>4294967294</constant> (<constant>0xFFFF_FFFE</constant>).
+ CIDs outside of this range are reserved.</para>
- <varlistentry>
- <term><option>--initrd=</option><replaceable>PATH</replaceable></term>
+ <xi:include href="version-info.xml" xpointer="v255"/>
+ </listitem>
+ </varlistentry>
- <listitem>
- <para>Set the initrd to use for direct kernel boot.</para>
- <para>If the linux kernel supplied is a UKI then this argument is not required.</para>
- <para>If the option is specified multiple times vmspawn will merge the initrds together.</para>
- <para>If no initrd was installed into the image then the image will fail to boot.</para>
- <xi:include href="version-info.xml" xpointer="v256"/>
- </listitem>
- </varlistentry>
+ <varlistentry>
+ <term><option>--tpm=</option><replaceable>BOOL</replaceable></term>
- <varlistentry>
- <term><option>--qemu-gui</option></term>
+ <listitem>
+ <para>Configure whether to use qemu with a virtual TPM or not.</para>
- <listitem><para>Start QEMU in graphical mode.</para>
+ <para>If the option is not specified vmspawn will detect the presence of <citerefentry project='man-pages'>
+ <refentrytitle>swtpm</refentrytitle><manvolnum>8</manvolnum></citerefentry> and use it if available.
+ If yes is specified <citerefentry project='man-pages'><refentrytitle>swtpm</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ is always used, and vice versa if no is set <citerefentry project='man-pages'><refentrytitle>swtpm</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> is never used.</para>
- <xi:include href="version-info.xml" xpointer="v255"/></listitem>
- </varlistentry>
+ <para>Note: the virtual TPM used may change in future.</para>
- <varlistentry>
- <term><option>-n</option></term>
- <term><option>--network-tap</option></term>
-
- <listitem>
- <para>Create a TAP device to network with the virtual machine.</para>
- <para>
- Note: root privileges are required to use TAP networking.
- Additionally requires a correctly setup
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--linux=</option><replaceable>PATH</replaceable></term>
+
+ <listitem>
+ <para>Set the linux kernel image to use for direct kernel boot.</para>
+
+ <para>If no kernel was installed into the image then the image will fail to boot.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--initrd=</option><replaceable>PATH</replaceable></term>
+
+ <listitem>
+ <para>Set the initrd to use for direct kernel boot.</para>
+
+ <para>If the linux kernel supplied is a UKI then this argument is not required.</para>
+
+ <para>If the option is specified multiple times vmspawn will merge the initrds together.</para>
+
+ <para>If no initrd was installed into the image then the image will fail to boot.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--qemu-gui</option></term>
+
+ <listitem><para>Start QEMU in graphical mode.</para>
+
+ <xi:include href="version-info.xml" xpointer="v255"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-n</option></term>
+ <term><option>--network-tap</option></term>
+
+ <listitem>
+ <para>Create a TAP device to network with the virtual machine.</para>
+
+ <para>Note: root privileges are required to use TAP networking.
+ Additionally,
<citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- to be running on the host to ensure the host interface is correctly configured.
- The relevant <literal>.network</literal> file can be found at <filename>/usr/lib/systemd/network/80-vm-vt.network</filename>.
- </para>
- <xi:include href="version-info.xml" xpointer="v255"/>
- </listitem>
- </varlistentry>
+ must be running and correctly set up on the host to provision the host interface. The relevant
+ <literal>.network</literal> file can be found at
+ <filename>/usr/lib/systemd/network/80-vm-vt.network</filename>.
+ </para>
- <varlistentry>
- <term><option>--network-user-mode</option></term>
+ <xi:include href="version-info.xml" xpointer="v255"/>
+ </listitem>
+ </varlistentry>
- <listitem><para>Use user mode networking with QEMU.</para>
+ <varlistentry>
+ <term><option>--network-user-mode</option></term>
- <xi:include href="version-info.xml" xpointer="v255"/></listitem>
- </varlistentry>
+ <listitem><para>Use user mode networking with QEMU.</para>
- <varlistentry>
- <term><option>--firmware=</option><replaceable>PATH</replaceable></term>
+ <xi:include href="version-info.xml" xpointer="v255"/></listitem>
+ </varlistentry>
- <listitem><para>Takes an absolute path, or a relative path beginning with
- <filename>./</filename>. Specifies a JSON firmware definition file, which allows selecting the
- firmware to boot in the VM. If not specified a suitable firmware is automatically discovered. If the
- special string <literal>list</literal> is specified lists all discovered firmwares.</para>
+ <varlistentry>
+ <term><option>--firmware=</option><replaceable>PATH</replaceable></term>
- <xi:include href="version-info.xml" xpointer="v256"/></listitem>
- </varlistentry>
+ <listitem><para>Takes an absolute path, or a relative path beginning with
+ <filename>./</filename>. Specifies a JSON firmware definition file, which allows selecting the
+ firmware to boot in the VM. If not specified a suitable firmware is automatically discovered. If the
+ special string <literal>list</literal> is specified lists all discovered firmwares.</para>
- <varlistentry>
- <term><option>--secure-boot=</option><replaceable>BOOL</replaceable></term>
+ <xi:include href="version-info.xml" xpointer="v256"/></listitem>
+ </varlistentry>
- <listitem><para>Configure whether to search for firmware which supports Secure Boot.</para>
- <para>If the option is not specified the first firmware which is detected will be used.
- If the option is set to yes then the first firmware with Secure Boot support will be selected.
- If no is specified then the first firmware without Secure Boot will be selected.</para>
+ <varlistentry>
+ <term><option>--secure-boot=</option><replaceable>BOOL</replaceable></term>
- <xi:include href="version-info.xml" xpointer="v255"/></listitem>
- </varlistentry>
+ <listitem><para>Configure whether to search for firmware which supports Secure Boot.</para>
+
+ <para>If the option is not specified the first firmware which is detected will be used.
+ If the option is set to yes then the first firmware with Secure Boot support will be selected.
+ If no is specified then the first firmware without Secure Boot will be selected.</para>
+
+ <xi:include href="version-info.xml" xpointer="v255"/></listitem>
+ </varlistentry>
</variablelist>
</refsect2>
(for example in tools like
<citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
and similar).</para>
+
<xi:include href="version-info.xml" xpointer="v255"/>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--forward-journal=</option><replaceable>FILE|DIR</replaceable></term>
- <listitem><para>Forward the virtual machine's journal entries to the host.</para>
- <para><citerefentry><refentrytitle>systemd-journal-remote</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- Is currently used to receive the guest VM's forwarded journal entries. For more information on the semantics
- of supplying a file vs a directory here see <option>-o</option>/<option>--output</option> in
+ <listitem><para>Forward the virtual machine's journal to the host.
+ <citerefentry><refentrytitle>systemd-journal-remote</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ is currently used to receive the guest VM's forwarded journal entries. This option determines where
+ this journal is saved on the host and has the same semantics as
+ <option>-o</option>/<option>--output</option> described in
<citerefentry><refentrytitle>systemd-journal-remote</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
<xi:include href="version-info.xml" xpointer="v256"/>
else
journal_uid = 0;
- server_forward_socket(s, iovec, n, priority);
+ (void) server_forward_socket(s, iovec, n, priority);
server_write_to_journal(s, journal_uid, iovec, n, priority);
}
assert(s);
/* if we already have a forward address from config don't load the credential */
- if (s->forward_to_socket.sockaddr.sa.sa_family != AF_UNSPEC) {
- log_debug("Socket forward address already set not loading journal.forward_to_socket");
- return;
- }
+ if (s->forward_to_socket.sockaddr.sa.sa_family != AF_UNSPEC)
+ return log_debug("Socket forward address already set not loading journal.forward_to_socket");
r = read_credential("journal.forward_to_socket", &data, NULL);
- if (r < 0) {
- log_debug_errno(r, "Failed to read credential journal.forward_to_socket, ignoring: %m");
- return;
- }
+ if (r < 0)
+ return (void) log_debug_errno(r, "Failed to read credential journal.forward_to_socket, ignoring: %m");
r = socket_address_parse(&s->forward_to_socket, data);
if (r < 0)
#include "socket-util.h"
#include "sparse-endian.h"
-void server_open_forward_socket(Server *s) {
+static int server_open_forward_socket(Server *s) {
_cleanup_close_ int socket_fd = -EBADF;
const SocketAddress *addr;
int family;
assert(s);
- /* nop if there is nothing to do */
- if (s->forward_to_socket.sockaddr.sa.sa_family == AF_UNSPEC || s->namespace || s->forward_socket_fd >= 0)
- return;
+ /* Noop if there is nothing to do. */
+ if (s->forward_to_socket.sockaddr.sa.sa_family == AF_UNSPEC || s->namespace)
+ return 0;
+ /* All ready, nothing to do. */
+ if (s->forward_socket_fd >= 0)
+ return 1;
addr = &s->forward_to_socket;
family = socket_address_family(addr);
- if (!IN_SET(family, AF_UNIX, AF_INET, AF_INET6, AF_VSOCK)) {
- log_debug("Unsupported socket type for forward socket: %d", family);
- return;
- }
+ if (!IN_SET(family, AF_UNIX, AF_INET, AF_INET6, AF_VSOCK))
+ return log_debug_errno(SYNTHETIC_ERRNO(ESOCKTNOSUPPORT),
+ "Unsupported socket type for forward socket: %d", family);
socket_fd = socket(family, SOCK_STREAM|SOCK_CLOEXEC, 0);
- if (socket_fd < 0) {
- log_debug_errno(errno, "Failed to create forward socket, ignoring: %m");
- return;
- }
+ if (socket_fd < 0)
+ return log_debug_errno(errno, "Failed to create forward socket, ignoring: %m");
- if (connect(socket_fd, &addr->sockaddr.sa, addr->size) < 0) {
- log_debug_errno(errno, "Failed to connect to remote address for forwarding, ignoring: %m");
- return;
- }
+ if (connect(socket_fd, &addr->sockaddr.sa, addr->size) < 0)
+ return log_debug_errno(errno, "Failed to connect to remote address for forwarding, ignoring: %m");
s->forward_socket_fd = TAKE_FD(socket_fd);
- log_debug("Successfully connected to remote address for forwarding");
+ log_debug("Successfully connected to remote address for forwarding.");
+ return 1;
}
-static inline bool must_serialise(struct iovec iov) {
+static inline bool must_serialize(struct iovec iov) {
/* checks an iovec of the form FIELD=VALUE to see if VALUE needs binary safe serialisation:
* See https://systemd.io/JOURNAL_EXPORT_FORMATS/#journal-export-format for more information
* on binary safe serialisation for the journal export format */
const uint8_t *s = iov.iov_base;
bool before_value = true;
- FOREACH_ARRAY(c, s, iov.iov_len) {
+ FOREACH_ARRAY(c, s, iov.iov_len)
if (before_value)
before_value = *c != (uint8_t)'=';
else if (*c < (uint8_t)' ' && *c != (uint8_t)'\t')
return true;
- }
return false;
}
-void server_forward_socket(
+int server_forward_socket(
Server *s,
const struct iovec *iovec,
size_t n_iovec,
int priority) {
- _cleanup_free_ struct iovec *iov_alloc = NULL;
- struct iovec *iov = NULL;
+ _cleanup_free_ struct iovec *iov_alloc = NULL;
+ struct iovec *iov;
_cleanup_free_ le64_t *len_alloc = NULL;
- le64_t *len = NULL;
+ le64_t *len;
+ int r;
assert(s);
assert(iovec);
assert(n_iovec > 0);
if (LOG_PRI(priority) > s->max_level_socket)
- return;
+ return 0;
- server_open_forward_socket(s);
+ r = server_open_forward_socket(s);
+ if (r <= 0)
+ return r;
- /* if we failed to open a socket just return */
- if (s->forward_socket_fd < 0)
- return;
-
- /* we need a newline after each iovec + 4 for each we have to serialise in a binary safe way
- * +1 for the final __REALTIME_TIMESTAMP metadata field */
+ /* We need a newline after each iovec + 4 for each we have to serialize in a binary safe way
+ * + 1 for the final __REALTIME_TIMESTAMP metadata field. */
size_t n = n_iovec * 5 + 1;
if (n < ALLOCA_MAX / (sizeof(struct iovec) + sizeof(le64_t)) / 2) {
len = newa(le64_t, n_iovec);
} else {
iov_alloc = new(struct iovec, n);
- if (!iov_alloc) {
- log_oom();
- return;
- }
+ if (!iov_alloc)
+ return log_oom();
iov = iov_alloc;
len_alloc = new(le64_t, n_iovec);
- if (!len_alloc) {
- log_oom();
- return;
- }
+ if (!len_alloc)
+ return log_oom();
len = len_alloc;
}
struct iovec nl = IOVEC_MAKE_STRING("\n");
size_t iov_idx = 0, len_idx = 0;
FOREACH_ARRAY(i, iovec, n_iovec) {
- if (must_serialise(*i)) {
+ if (must_serialize(*i)) {
const uint8_t *c;
c = memchr(i->iov_base, '=', i->iov_len);
/* this should never happen */
- if (_unlikely_(!c || c == i->iov_base)) {
- log_error("Found invalid journal field, refusing to forward.");
- return;
- }
+ if (_unlikely_(!c || c == i->iov_base))
+ return log_warning_errno(SYNTHETIC_ERRNO(EBADMSG),
+ "Found invalid journal field, refusing to forward.");
/* write the field name */
iov[iov_idx++] = IOVEC_MAKE(i->iov_base, c - (uint8_t*) i->iov_base);
iov[iov_idx++] = nl;
}
- /* synthesise __REALTIME_TIMESTAMP as the last argument so systemd-journal-upload can receive these export messages */
+ /* Synthesise __REALTIME_TIMESTAMP as the last argument so systemd-journal-upload can receive these
+ * export messages. */
char buf[sizeof("__REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t) + 2];
xsprintf(buf, "__REALTIME_TIMESTAMP="USEC_FMT"\n\n", now(CLOCK_REALTIME));
iov[iov_idx++] = IOVEC_MAKE_STRING(buf);
if (writev(s->forward_socket_fd, iov, iov_idx) < 0) {
log_debug_errno(errno, "Failed to forward log message over socket: %m");
- /* if we failed to send once we will probably fail again so wait for a new connection to
- * establish before attempting to forward again */
+ /* If we failed to send once we will probably fail again so wait for a new connection to
+ * establish before attempting to forward again. */
s->forward_socket_fd = safe_close(s->forward_socket_fd);
}
+
+ return 0;
}
#include "journald-server.h"
#include "socket-util.h"
-void server_forward_socket(Server *s, const struct iovec *iovec, size_t n, int priority);
-void server_open_forward_socket(Server *s);
+int server_forward_socket(Server *s, const struct iovec *iovec, size_t n, int priority);
}
#define _FORWARD_TO_SOCKET_PARSE_CHECK_FAILS(str, addr, varname) \
- do { \
- SocketAddress varname = {}; \
+ do { \
+ SocketAddress varname = {}; \
config_parse_forward_to_socket("", "", 0, "", 0, "", 0, str, \
- &varname, NULL); \
- assert_se(socket_address_verify(&varname, true) < 0); \
+ &varname, NULL); \
+ assert_se(socket_address_verify(&varname, true) < 0); \
} while (0)
#define FORWARD_TO_SOCKET_PARSE_CHECK_FAILS(str) \
_FORWARD_TO_SOCKET_PARSE_CHECK_FAILS(str, addr, conf##__COUNTER__)
#define _FORWARD_TO_SOCKET_PARSE_CHECK(str, addr, varname) \
- do { \
- SocketAddress varname = {}; \
+ do { \
+ SocketAddress varname = {}; \
config_parse_forward_to_socket("", "", 0, "", 0, "", 0, str, \
- &varname, NULL); \
- buf = mfree(buf); \
- buf2 = mfree(buf2); \
- socket_address_print(&varname, &buf);\
- socket_address_print(&addr, &buf2);\
+ &varname, NULL); \
+ buf = mfree(buf); \
+ buf2 = mfree(buf2); \
+ socket_address_print(&varname, &buf); \
+ socket_address_print(&addr, &buf2); \
log_info("\"%s\" parsed as \"%s\", should be \"%s\"", str, buf, buf2); \
log_info("socket_address_verify(&addr, false) = %d", socket_address_verify(&addr, false)); \
log_info("socket_address_verify(&varname, false) = %d", socket_address_verify(&varname, false)); \
log_info("socket_address_family(&addr) = %d", socket_address_family(&addr)); \
log_info("socket_address_family(&varname) = %d", socket_address_family(&varname)); \
- log_info("addr.size = %u", addr.size); \
- log_info("varname.size = %u", varname.size); \
- assert_se(socket_address_equal(&varname, &addr)); \
+ log_info("addr.size = %u", addr.size); \
+ log_info("varname.size = %u", varname.size); \
+ assert_se(socket_address_equal(&varname, &addr)); \
} while (0)
#define FORWARD_TO_SOCKET_PARSE_CHECK(str, addr) \
printf("%1$s [OPTIONS...] [ARGUMENTS...]\n\n"
"%5$sSpawn a command or OS in a virtual machine.%6$s\n\n"
- " -h --help Show this help\n"
- " --version Print version string\n"
- " -q --quiet Do not show status information\n"
- " --no-pager Do not pipe output into a pager\n"
+ " -h --help Show this help\n"
+ " --version Print version string\n"
+ " -q --quiet Do not show status information\n"
+ " --no-pager Do not pipe output into a pager\n"
"\n%3$sImage:%4$s\n"
- " -D --directory=PATH Root directory for the container\n"
- " -i --image=PATH Root file system disk image (or device node) for\n"
- " the virtual machine\n"
+ " -D --directory=PATH Root directory for the VM\n"
+ " -i --image=FILE|DEVICE Root file system disk image or device for the VM\n"
"\n%3$sHost Configuration:%4$s\n"
- " --qemu-smp=SMP Configure guest's SMP settings\n"
- " --qemu-mem=MEM Configure guest's RAM size\n"
- " --qemu-kvm=BOOL Configure whether to use KVM or not\n"
- " --qemu-vsock=BOOL Configure whether to use qemu with a vsock or not\n"
- " --vsock-cid= Specify the CID to use for the qemu guest's vsock\n"
- " --tpm=BOOL Configure whether to use a virtual TPM or not\n"
- " --linux=PATH Specify the linux kernel for direct kernel boot\n"
- " --initrd=PATH Specify the initrd for direct kernel boot\n"
- " --qemu-gui Start QEMU in graphical mode\n"
- " -n --network-tap Create a TAP device for networking with QEMU.\n"
- " --network-user-mode Use user mode networking with QEMU.\n"
- " --secure-boot=BOOL Configure whether to search for firmware which\n"
- " supports Secure Boot\n"
- " --firmware=PATH|list Select firmware definition file (or list available)\n"
+ " --qemu-smp=SMP Configure guest's SMP settings\n"
+ " --qemu-mem=MEM Configure guest's RAM size\n"
+ " --qemu-kvm=BOOL Enable use of KVM\n"
+ " --qemu-vsock=BOOL Override autodetection of VSock support in QEMU\n"
+ " --vsock-cid=CID Specify the CID to use for the qemu guest's VSock\n"
+ " --tpm=BOOL Enable use of a virtual TPM\n"
+ " --linux=PATH Specify the linux kernel for direct kernel boot\n"
+ " --initrd=PATH Specify the initrd for direct kernel boot\n"
+ " --qemu-gui Start QEMU in graphical mode\n"
+ " -n --network-tap Create a TAP device for networking with QEMU\n"
+ " --network-user-mode Use user mode networking with QEMU\n"
+ " --secure-boot=BOOL Enable searching for firmware supporting SecureBoot\n"
+ " --firmware=PATH|list Select firmware definition file (or list available)\n"
"\n%3$sSystem Identity:%4$s\n"
- " -M --machine=NAME Set the machine name for the virtual machine\n"
+ " -M --machine=NAME Set the machine name for the VM\n"
"\n%3$sUser Namespacing:%4$s\n"
" --private-users=UIDBASE[:NUIDS]\n"
- " Configure the UID/GID range to map into the\n"
- " virtiofsd namespace\n"
+ " Configure the UID/GID range to map into the\n"
+ " virtiofsd namespace\n"
"\n%3$sMounts:%4$s\n"
" --bind=SOURCE[:TARGET]\n"
- " Mount a file or directory from the host into\n"
- " the VM.\n"
+ " Mount a file or directory from the host into the VM\n"
" --bind-ro=SOURCE[:TARGET]\n"
- " Similar, but creates a read-only mount\n"
+ " Mount a file or directory, but read-only\n"
"\n%3$sIntegration:%4$s\n"
" --forward-journal=FILE|DIR\n"
- " Forward the virtual machine's journal entries to\n"
- " the host.\n"
+ " Forward the VM's journal to the host\n"
"\n%3$sCredentials:%4$s\n"
" --set-credential=ID:VALUE\n"
- " Pass a credential with literal value to the\n"
- " virtual machine\n"
+ " Pass a credential with literal value to the VM\n"
" --load-credential=ID:PATH\n"
- " Load credential to pass to the virtual machine from\n"
- " file or AF_UNIX stream socket.\n"
+ " Load credential for the VM from file or AF_UNIX\n"
+ " stream socket.\n"
"\nSee the %2$s for details.\n",
program_invocation_short_name,
link,