]>
Commit | Line | Data |
---|---|---|
61f403a1 LP |
1 | <?xml version='1.0'?> <!--*-nxml-*--> |
2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" | |
3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> | |
db9ecf05 | 4 | <!-- SPDX-License-Identifier: LGPL-2.1-or-later --> |
61f403a1 | 5 | |
bb5a34fb | 6 | <refentry id="systemd-dissect" conditional='HAVE_BLKID' |
61f403a1 LP |
7 | xmlns:xi="http://www.w3.org/2001/XInclude"> |
8 | ||
9 | <refentryinfo> | |
10 | <title>systemd-dissect</title> | |
11 | <productname>systemd</productname> | |
12 | </refentryinfo> | |
13 | ||
14 | <refmeta> | |
15 | <refentrytitle>systemd-dissect</refentrytitle> | |
16 | <manvolnum>1</manvolnum> | |
17 | </refmeta> | |
18 | ||
19 | <refnamediv> | |
20 | <refname>systemd-dissect</refname> | |
92828ba6 | 21 | <refname>mount.ddi</refname> |
2781f7b4 | 22 | <refpurpose>Dissect Discoverable Disk Images (DDIs)</refpurpose> |
61f403a1 LP |
23 | </refnamediv> |
24 | ||
25 | <refsynopsisdiv> | |
26 | <cmdsynopsis> | |
27 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="plain"><replaceable>IMAGE</replaceable></arg></command> | |
28 | </cmdsynopsis> | |
29 | <cmdsynopsis> | |
30 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--mount</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> <arg choice="plain"><replaceable>PATH</replaceable></arg></command> | |
31 | </cmdsynopsis> | |
ac1f1adf DDM |
32 | <cmdsynopsis> |
33 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--umount</option> <arg choice="plain"><replaceable>PATH</replaceable></arg></command> | |
34 | </cmdsynopsis> | |
07d6072e LP |
35 | <cmdsynopsis> |
36 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--attach</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg></command> | |
37 | </cmdsynopsis> | |
38 | <cmdsynopsis> | |
39 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--detach</option> <arg choice="plain"><replaceable>PATH</replaceable></arg></command> | |
40 | </cmdsynopsis> | |
0cf16924 AAF |
41 | <cmdsynopsis> |
42 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--list</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg></command> | |
43 | </cmdsynopsis> | |
b5b40106 LP |
44 | <cmdsynopsis> |
45 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--mtree</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg></command> | |
46 | </cmdsynopsis> | |
1a06ce16 LP |
47 | <cmdsynopsis> |
48 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--with</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> <arg choice="opt" rep="repeat"><replaceable>COMMAND</replaceable></arg></command> | |
49 | </cmdsynopsis> | |
61f403a1 LP |
50 | <cmdsynopsis> |
51 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--copy-from</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> <arg choice="plain"><replaceable>PATH</replaceable></arg> <arg choice="opt"><replaceable>TARGET</replaceable></arg></command> | |
52 | </cmdsynopsis> | |
53 | <cmdsynopsis> | |
54 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--copy-to</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> <arg choice="opt"><replaceable>SOURCE</replaceable></arg> <arg choice="plain"><replaceable>PATH</replaceable></arg></command> | |
55 | </cmdsynopsis> | |
56 | </refsynopsisdiv> | |
57 | ||
58 | <refsect1> | |
59 | <title>Description</title> | |
60 | ||
61 | <para><command>systemd-dissect</command> is a tool for introspecting and interacting with file system OS | |
e4823735 | 62 | disk images, specifically Discoverable Disk Images (DDIs). It supports four different operations:</para> |
61f403a1 LP |
63 | |
64 | <orderedlist> | |
65 | <listitem><para>Show general OS image information, including the image's | |
66 | <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry> data, | |
67 | machine ID, partition information and more.</para></listitem> | |
68 | ||
69 | <listitem><para>Mount an OS image to a local directory. In this mode it will dissect the OS image and | |
70 | mount the included partitions according to their designation onto a directory and possibly | |
71 | sub-directories.</para></listitem> | |
72 | ||
ac1f1adf DDM |
73 | <listitem><para>Unmount an OS image from a local directory. In this mode it will recursively unmount |
74 | the mounted partitions and remove the underlying loop device, including all the partition sub-devices. | |
75 | </para></listitem> | |
76 | ||
61f403a1 LP |
77 | <listitem><para>Copy files and directories in and out of an OS image.</para></listitem> |
78 | </orderedlist> | |
79 | ||
80 | <para>The tool may operate on three types of OS images:</para> | |
81 | ||
82 | <orderedlist> | |
83 | <listitem><para>OS disk images containing a GPT partition table envelope, with partitions marked | |
db811444 | 84 | according to the <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions |
61f403a1 LP |
85 | Specification</ulink>.</para></listitem> |
86 | ||
87 | <listitem><para>OS disk images containing just a plain file-system without an enveloping partition | |
88 | table. (This file system is assumed to be the root file system of the OS.)</para></listitem> | |
89 | ||
90 | <listitem><para>OS disk images containing a GPT or MBR partition table, with a single | |
91 | partition only. (This partition is assumed to contain the root file system of the OS.)</para></listitem> | |
92 | </orderedlist> | |
93 | ||
94 | <para>OS images may use any kind of Linux-supported file systems. In addition they may make use of LUKS | |
95 | disk encryption, and contain Verity integrity information. Note that qualifying OS images may be booted | |
21556381 | 96 | with <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s |
61f403a1 LP |
97 | <option>--image=</option> switch, and be used as root file system for system service using the |
98 | <varname>RootImage=</varname> unit file setting, see | |
21556381 | 99 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> |
461836a4 LP |
100 | |
101 | <para>Note that the partition table shown when invoked without command switch (as listed below) does not | |
102 | necessarily show all partitions included in the image, but just the partitions that are understood and | |
103 | considered part of an OS disk image. Specifically, partitions of unknown types are ignored, as well as | |
104 | duplicate partitions (i.e. more than one per partition type), as are root and <filename>/usr/</filename> | |
105 | partitions of architectures not compatible with the local system. In other words: this tool will display | |
106 | what it operates with when mounting the image. To display the complete list of partitions use a tool such | |
107 | as <citerefentry | |
108 | project='man-pages'><refentrytitle>fdisk</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para> | |
92828ba6 LP |
109 | |
110 | <para>The <command>systemd-dissect</command> command may be invoked as <command>mount.ddi</command> in | |
111 | which case it implements the <citerefentry | |
112 | project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry> "external | |
113 | helper" interface. This ensures disk images compatible with <command>systemd-dissect</command> can be | |
114 | mounted directly by <command>mount</command> and <citerefentry | |
115 | project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>. For | |
116 | details see below.</para> | |
61f403a1 LP |
117 | </refsect1> |
118 | ||
119 | <refsect1> | |
120 | <title>Commands</title> | |
121 | ||
122 | <para>If neither of the command switches listed below are passed the specified disk image is opened and | |
123 | general information about the image and the contained partitions and their use is shown.</para> | |
124 | ||
125 | <variablelist> | |
126 | <varlistentry> | |
127 | <term><option>--mount</option></term> | |
128 | <term><option>-m</option></term> | |
129 | ||
130 | <listitem><para>Mount the specified OS image to the specified directory. This will dissect the image, | |
131 | determine the OS root file system — as well as possibly other partitions — and mount them to the | |
132 | specified directory. If the OS image contains multiple partitions marked with the <ulink | |
db811444 | 133 | url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink> |
61f403a1 LP |
134 | multiple nested mounts are established. This command expects two arguments: a path to an image file |
135 | and a path to a directory where to mount the image.</para> | |
136 | ||
ac1f1adf | 137 | <para>To unmount an OS image mounted like this use the <option>--umount</option> operation.</para> |
61f403a1 LP |
138 | |
139 | <para>When the OS image contains LUKS encrypted or Verity integrity protected file systems | |
140 | appropriate volumes are automatically set up and marked for automatic disassembly when the image is | |
141 | unmounted.</para> | |
142 | ||
143 | <para>The OS image may either be specified as path to an OS image stored in a regular file or may | |
144 | refer to block device node (in the latter case the block device must be the "whole" device, i.e. not | |
145 | a partition device). (The other supported commands described here support this, too.)</para> | |
146 | ||
147 | <para>All mounted file systems are checked with the appropriate <citerefentry | |
148 | project='man-pages'><refentrytitle>fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
149 | implementation in automatic fixing mode, unless explicitly turned off (<option>--fsck=no</option>) or | |
92828ba6 LP |
150 | read-only operation is requested (<option>--read-only</option>).</para> |
151 | ||
152 | <para>Note that this functionality is also available in <citerefentry | |
153 | project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry> via a | |
154 | command such as <command>mount -t ddi myimage.raw targetdir/</command>, as well as in <citerefentry | |
155 | project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>. For | |
ec07c3c8 AK |
156 | details, see below.</para> |
157 | ||
158 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
159 | </varlistentry> |
160 | ||
161 | <varlistentry> | |
162 | <term><option>-M</option></term> | |
163 | ||
ec07c3c8 AK |
164 | <listitem><para>This is a shortcut for <option>--mount --mkdir</option>.</para> |
165 | ||
166 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
167 | </varlistentry> |
168 | ||
ac1f1adf DDM |
169 | <varlistentry> |
170 | <term><option>--umount</option></term> | |
171 | <term><option>-u</option></term> | |
172 | ||
173 | <listitem><para>Unmount an OS image from the specified directory. This command expects one argument: | |
174 | a directory where an OS image was mounted.</para> | |
175 | ||
176 | <para>All mounted partitions will be recursively unmounted, and the underlying loop device will be | |
ec07c3c8 AK |
177 | removed, along with all its partition sub-devices.</para> |
178 | ||
179 | <xi:include href="version-info.xml" xpointer="v252"/></listitem> | |
ac1f1adf DDM |
180 | </varlistentry> |
181 | ||
182 | <varlistentry> | |
183 | <term><option>-U</option></term> | |
184 | ||
ec07c3c8 AK |
185 | <listitem><para>This is a shortcut for <option>--umount --rmdir</option>.</para> |
186 | ||
187 | <xi:include href="version-info.xml" xpointer="v252"/></listitem> | |
ac1f1adf | 188 | </varlistentry> |
07d6072e LP |
189 | |
190 | <varlistentry> | |
191 | <term><option>--attach</option></term> | |
192 | ||
193 | <listitem><para>Attach the specified disk image to an automatically allocated loopback block device, | |
194 | and print the path to the loopback block device to standard output. This is similar to an invocation | |
195 | of <command>losetup --find --show</command>, but will validate the image as DDI before attaching, and | |
196 | derive the correct sector size to use automatically. Moreover, it ensures the per-partition block | |
ec07c3c8 AK |
197 | devices are created before returning. Takes a path to a disk image file.</para> |
198 | ||
199 | <xi:include href="version-info.xml" xpointer="v254"/></listitem> | |
07d6072e LP |
200 | </varlistentry> |
201 | ||
202 | <varlistentry> | |
203 | <term><option>--detach</option></term> | |
204 | ||
205 | <listitem><para>Detach the specified disk image from a loopback block device. This undoes the effect | |
206 | of <option>--attach</option> above. This expects either a path to a loopback block device as an | |
207 | argument, or the path to the backing image file. In the latter case it will automatically determine | |
ec07c3c8 AK |
208 | the right device to detach.</para> |
209 | ||
210 | <xi:include href="version-info.xml" xpointer="v254"/></listitem> | |
07d6072e | 211 | </varlistentry> |
ac1f1adf | 212 | |
0cf16924 AAF |
213 | <varlistentry> |
214 | <term><option>--list</option></term> | |
215 | <term><option>-l</option></term> | |
216 | ||
2292fa1e | 217 | <listitem><para>Prints the paths of all the files and directories in the specified OS image or |
ec07c3c8 AK |
218 | directory to standard output.</para> |
219 | ||
220 | <xi:include href="version-info.xml" xpointer="v253"/></listitem> | |
0cf16924 AAF |
221 | </varlistentry> |
222 | ||
b5b40106 LP |
223 | <varlistentry> |
224 | <term><option>--mtree</option></term> | |
225 | <term><option>-l</option></term> | |
226 | ||
8fb35004 ZJS |
227 | <listitem><para>Generates a BSD |
228 | <citerefentry project='die-net'><refentrytitle>mtree</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
2292fa1e | 229 | compatible file manifest of the specified disk image or directory. This is useful for comparing image |
b5b40106 LP |
230 | contents in detail, including inode information and other metadata. While the generated manifest will |
231 | contain detailed inode information, it currently excludes extended attributes, file system | |
8fb35004 ZJS |
232 | capabilities, MAC labels, |
233 | <citerefentry project='man-pages'><refentrytitle>chattr</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
234 | file flags, | |
235 | <citerefentry project='url'><refentrytitle url='https://btrfs.wiki.kernel.org/index.php/Manpage/btrfs(5)'>btrfs</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
236 | subvolume information, and various other file metadata. File content information is shown via a | |
237 | SHA256 digest. Additional fields might be added in future. Note that inode information such as link | |
238 | counts, inode numbers and timestamps is excluded from the output on purpose, as it typically | |
ec07c3c8 AK |
239 | complicates reproducibility.</para> |
240 | ||
241 | <xi:include href="version-info.xml" xpointer="v253"/></listitem> | |
b5b40106 LP |
242 | </varlistentry> |
243 | ||
1a06ce16 LP |
244 | <varlistentry> |
245 | <term><option>--with</option></term> | |
246 | ||
247 | <listitem><para>Runs the specified command with the specified OS image mounted. This will mount the | |
248 | image to a temporary directory, switch the current working directory to it, and invoke the specified | |
249 | command line as child process. Once the process ends it will unmount the image again, and remove the | |
250 | temporary directory. If no command is specified a shell is invoked. The image is mounted writable, | |
251 | use <option>--read-only</option> to switch to read-only operation. The invoked process will have the | |
252 | <varname>$SYSTEMD_DISSECT_ROOT</varname> environment variable set, containing the absolute path name | |
253 | of the temporary mount point, i.e. the same directory that is set as the current working | |
47838b55 | 254 | directory. It will also have the <varname>$SYSTEMD_DISSECT_DEVICE</varname> environment variable set, |
ec07c3c8 AK |
255 | containing the absolute path name of the loop device the image was attached to.</para> |
256 | ||
257 | <xi:include href="version-info.xml" xpointer="v253"/></listitem> | |
1a06ce16 LP |
258 | </varlistentry> |
259 | ||
61f403a1 LP |
260 | <varlistentry> |
261 | <term><option>--copy-from</option></term> | |
262 | <term><option>-x</option></term> | |
263 | ||
2292fa1e DDM |
264 | <listitem><para>Copies a file or directory from the specified OS image or directory into the |
265 | specified location on the host file system. Expects three arguments: a path to an image file or | |
266 | directory, a source path (relative to the image's root directory) and a destination path (relative to | |
267 | the current working directory, or an absolute path, both outside of the image). If the destination | |
268 | path is omitted or specified as dash (<literal>-</literal>), the specified file is written to | |
269 | standard output. If the source path in the image file system refers to a regular file it is copied to | |
270 | the destination path. In this case access mode, extended attributes and timestamps are copied as | |
271 | well, but file ownership is not. If the source path in the image refers to a directory, it is copied | |
272 | to the destination path, recursively with all containing files and directories. In this case the file | |
ec07c3c8 AK |
273 | ownership is copied too.</para> |
274 | ||
275 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
276 | </varlistentry> |
277 | ||
278 | <varlistentry> | |
279 | <term><option>--copy-to</option></term> | |
280 | <term><option>-a</option></term> | |
281 | ||
282 | <listitem><para>Copies a file or directory from the specified location in the host file system into | |
2292fa1e DDM |
283 | the specified OS image or directory. Expects three arguments: a path to an image file or directory, a |
284 | source path (relative to the current working directory, or an absolute path, both outside of the | |
285 | image) and a destination path (relative to the image's root directory). If the source path is omitted | |
286 | or specified as dash (<literal>-</literal>), the data to write is read from standard input. If the | |
287 | source path in the host file system refers to a regular file, it is copied to the destination path. | |
288 | In this case access mode, extended attributes and timestamps are copied as well, but file ownership | |
289 | is not. If the source path in the host file system refers to a directory it is copied to the | |
290 | destination path, recursively with all containing files and directories. In this case the file | |
291 | ownership is copied too.</para> | |
61f403a1 LP |
292 | |
293 | <para>As with <option>--mount</option> file system checks are implicitly run before the copy | |
ec07c3c8 AK |
294 | operation begins.</para> |
295 | ||
296 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
297 | </varlistentry> |
298 | ||
0305cf6e LP |
299 | <varlistentry> |
300 | <term><option>--discover</option></term> | |
301 | ||
3b288a2d | 302 | <listitem><para>Show a list of DDIs in well-known directories. This will show machine, portable |
1e07c6f3 | 303 | service and system/configuration extension disk images in the usual directories |
0305cf6e | 304 | <filename>/usr/lib/machines/</filename>, <filename>/usr/lib/portables/</filename>, |
1e07c6f3 | 305 | <filename>/usr/lib/confexts/</filename>, <filename>/var/lib/machines/</filename>, |
0305cf6e | 306 | <filename>/var/lib/portables/</filename>, <filename>/var/lib/extensions/</filename> and so |
ec07c3c8 AK |
307 | on.</para> |
308 | ||
309 | <xi:include href="version-info.xml" xpointer="v253"/></listitem> | |
0305cf6e LP |
310 | </varlistentry> |
311 | ||
dee4a623 LP |
312 | <varlistentry> |
313 | <term><option>--validate</option></term> | |
314 | ||
315 | <listitem><para>Validates the partition arrangement of a disk image (DDI), and ensures it matches the | |
316 | image policy specified via <option>--image-policy=</option>, if one is specified. This parses the | |
317 | partition table and probes the file systems in the image, but does not attempt to mount them (nor to | |
318 | set up disk encryption/authentication via LUKS/Verity). It does this taking the configured image | |
319 | dissection policy into account. Since this operation does not mount file systems, this command – | |
320 | unlike all other commands implemented by this tool – requires no privileges other than the ability to | |
321 | access the specified file. Prints "OK" and returns zero if the image appears to be in order and | |
322 | matches the specified image dissection policy. Otherwise prints an error message and returns | |
ec07c3c8 AK |
323 | non-zero.</para> |
324 | ||
325 | <xi:include href="version-info.xml" xpointer="v254"/></listitem> | |
dee4a623 LP |
326 | </varlistentry> |
327 | ||
61f403a1 LP |
328 | <xi:include href="standard-options.xml" xpointer="help" /> |
329 | <xi:include href="standard-options.xml" xpointer="version" /> | |
330 | </variablelist> | |
331 | ||
332 | </refsect1> | |
333 | ||
334 | <refsect1> | |
335 | <title>Options</title> | |
336 | ||
337 | <para>The following options are understood:</para> | |
338 | ||
339 | <variablelist> | |
340 | <varlistentry> | |
341 | <term><option>--read-only</option></term> | |
342 | <term><option>-r</option></term> | |
343 | ||
344 | <listitem><para>Operate in read-only mode. By default <option>--mount</option> will establish | |
345 | writable mount points. If this option is specified they are established in read-only mode | |
ec07c3c8 AK |
346 | instead.</para> |
347 | ||
348 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
349 | </varlistentry> |
350 | ||
351 | <varlistentry> | |
352 | <term><option>--fsck=no</option></term> | |
353 | ||
354 | <listitem><para>Turn off automatic file system checking. By default when an image is accessed for | |
60c6c210 LP |
355 | writing (by <option>--mount</option> or <option>--copy-to</option>) the file systems contained in the |
356 | OS image are automatically checked using the appropriate <citerefentry | |
61f403a1 LP |
357 | project='man-pages'><refentrytitle>fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry> |
358 | command, in automatic fixing mode. This behavior may be switched off using | |
ec07c3c8 AK |
359 | <option>--fsck=no</option>.</para> |
360 | ||
361 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
362 | </varlistentry> |
363 | ||
74a54bae LP |
364 | <varlistentry> |
365 | <term><option>--growfs=no</option></term> | |
366 | ||
367 | <listitem><para>Turn off automatic growing of accessed file systems to their partition size, if | |
368 | marked for that in the GPT partition table. By default when an image is accessed for writing (by | |
369 | <option>--mount</option> or <option>--copy-to</option>) the file systems contained in the OS image | |
370 | are automatically grown to their partition sizes, if bit 59 in the GPT partition flags is set for | |
371 | partition types that are defined by the <ulink | |
db811444 | 372 | url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink>. This |
74a54bae LP |
373 | behavior may be switched off using <option>--growfs=no</option>. File systems are grown automatically |
374 | on access if all of the following conditions are met:</para> | |
375 | <orderedlist> | |
376 | <listitem><para>The file system is mounted writable</para></listitem> | |
377 | <listitem><para>The file system currently is smaller than the partition it is contained in (and thus can be grown)</para></listitem> | |
378 | <listitem><para>The image contains a GPT partition table</para></listitem> | |
379 | <listitem><para>The file system is stored on a partition defined by the Discoverable Partitions Specification</para></listitem> | |
380 | <listitem><para>Bit 59 of the GPT partition flags for this partition is set, as per specification</para></listitem> | |
381 | <listitem><para>The <option>--growfs=no</option> option is not passed.</para></listitem> | |
382 | </orderedlist> | |
ec07c3c8 AK |
383 | |
384 | <xi:include href="version-info.xml" xpointer="v249"/> | |
74a54bae LP |
385 | </listitem> |
386 | </varlistentry> | |
387 | ||
61f403a1 LP |
388 | <varlistentry> |
389 | <term><option>--mkdir</option></term> | |
390 | ||
391 | <listitem><para>If combined with <option>--mount</option> the directory to mount the OS image to is | |
392 | created if it is missing. Note that the directory is not automatically removed when the disk image is | |
ec07c3c8 AK |
393 | unmounted again.</para> |
394 | ||
395 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
396 | </varlistentry> |
397 | ||
ac1f1adf DDM |
398 | <varlistentry> |
399 | <term><option>--rmdir</option></term> | |
400 | ||
401 | <listitem><para>If combined with <option>--umount</option> the specified directory where the OS image | |
ec07c3c8 AK |
402 | is mounted is removed after unmounting the OS image.</para> |
403 | ||
404 | <xi:include href="version-info.xml" xpointer="v252"/></listitem> | |
ac1f1adf DDM |
405 | </varlistentry> |
406 | ||
61f403a1 LP |
407 | <varlistentry> |
408 | <term><option>--discard=</option></term> | |
409 | ||
410 | <listitem><para>Takes one of <literal>disabled</literal>, <literal>loop</literal>, | |
411 | <literal>all</literal>, <literal>crypto</literal>. If <literal>disabled</literal> the image is | |
75909cc7 | 412 | accessed with empty block discarding turned off. If <literal>loop</literal> discarding is enabled if |
61f403a1 | 413 | operating on a regular file. If <literal>crypt</literal> discarding is enabled even on encrypted file |
ec07c3c8 AK |
414 | systems. If <literal>all</literal> discarding is unconditionally enabled.</para> |
415 | ||
416 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
417 | </varlistentry> |
418 | ||
e7e2fbdd LP |
419 | <varlistentry> |
420 | <term><option>--in-memory</option></term> | |
421 | ||
422 | <listitem><para>If specified an in-memory copy of the specified disk image is used. This may be used | |
423 | to operate with write-access on a (possibly read-only) image, without actually modifying the original | |
424 | file. This may also be used in order to operate on a disk image without keeping the originating file | |
ec07c3c8 AK |
425 | system busy, in order to allow it to be unmounted.</para> |
426 | ||
427 | <xi:include href="version-info.xml" xpointer="v253"/></listitem> | |
e7e2fbdd LP |
428 | </varlistentry> |
429 | ||
61f403a1 LP |
430 | <varlistentry> |
431 | <term><option>--root-hash=</option></term> | |
432 | <term><option>--root-hash-sig=</option></term> | |
433 | <term><option>--verity-data=</option></term> | |
434 | ||
75909cc7 ZJS |
435 | <listitem><para>Configure various aspects of Verity data integrity for the OS image. Option |
436 | <option>--root-hash=</option> specifies a hex-encoded top-level Verity hash to use for setting up the | |
437 | Verity integrity protection. Option <option>--root-hash-sig=</option> specifies the path to a file | |
438 | containing a PKCS#7 signature for the hash. This signature is passed to the kernel during activation, | |
439 | which will match it against signature keys available in the kernel keyring. Option | |
440 | <option>--verity-data=</option> specifies a path to a file with the Verity data to use for the OS | |
441 | image, in case it is stored in a detached file. It is recommended to embed the Verity data directly | |
442 | in the image, using the Verity mechanisms in the <ulink | |
db811444 | 443 | url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink>. |
ec07c3c8 AK |
444 | </para> |
445 | ||
446 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
447 | </varlistentry> |
448 | ||
236d1fa2 LP |
449 | <varlistentry> |
450 | <term><option>--loop-ref=</option></term> | |
451 | ||
452 | <listitem><para>Configures the "reference" string the kernel shall report as backing file for the | |
453 | loopback block device. While this is supposed to be a path or filename referencing the backing file, | |
454 | this is not enforced and the kernel accepts arbitrary free-form strings, chosen by the user. Accepts | |
455 | arbitrary strings up to a length of 63 characters. This sets the kernel's | |
456 | <literal>.lo_file_name</literal> field for the block device. Note this is distinct from the | |
457 | <filename>/sys/class/block/loopX/loop/backing_file</filename> attribute file that always reports a | |
458 | path referring to the actual backing file. The latter is subject to mount namespace translation, the | |
7a05926f YW |
459 | former is not.</para> |
460 | ||
461 | <para>This setting is particularly useful in combination with the <option>--attach</option> command, | |
462 | as it allows later referencing the allocated loop device via | |
463 | <filename>/dev/disk/by-loop-ref/…</filename> symlinks. Example: first, set up the loopback device | |
464 | via <command>systemd-dissect attach --loop-ref=quux foo.raw</command>, and then reference it in a | |
465 | command via the specified filename: <command>cfdisk /dev/disk/by-loop-ref/quux</command>. | |
ec07c3c8 AK |
466 | </para> |
467 | ||
468 | <xi:include href="version-info.xml" xpointer="v254"/></listitem> | |
236d1fa2 LP |
469 | </varlistentry> |
470 | ||
12d58b6c DDM |
471 | <varlistentry> |
472 | <term><option>--mtree-hash=no</option></term> | |
473 | ||
474 | <listitem><para>If combined with <option>--mtree</option>, turns off inclusion of file hashes in the | |
475 | mtree output. This makes the <option>--mtree</option> faster when operating on large images. | |
ec07c3c8 AK |
476 | </para> |
477 | ||
478 | <xi:include href="version-info.xml" xpointer="v254"/></listitem> | |
12d58b6c DDM |
479 | </varlistentry> |
480 | ||
9ea81191 | 481 | <xi:include href="standard-options.xml" xpointer="image-policy-open" /> |
17547fb5 LP |
482 | <xi:include href="standard-options.xml" xpointer="no-pager" /> |
483 | <xi:include href="standard-options.xml" xpointer="no-legend" /> | |
8d0d1a30 | 484 | <xi:include href="standard-options.xml" xpointer="json" /> |
61f403a1 | 485 | </variablelist> |
61f403a1 LP |
486 | </refsect1> |
487 | ||
488 | <refsect1> | |
489 | <title>Exit status</title> | |
490 | ||
1a06ce16 LP |
491 | <para>On success, 0 is returned, a non-zero failure code otherwise. If the <option>--with</option> |
492 | command is used the exit status of the invoked command is propagated.</para> | |
493 | </refsect1> | |
494 | ||
92828ba6 LP |
495 | <refsect1> |
496 | <title>Invocation as <command>/sbin/mount.ddi</command></title> | |
497 | ||
498 | <para>The <command>systemd-dissect</command> executable may be symlinked to | |
499 | <filename>/sbin/mount.ddi</filename>. If invoked through that it implements <citerefentry | |
500 | project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry>'s | |
501 | "external helper" interface for the (pseudo) file system type <literal>ddi</literal>. This means | |
502 | conformant disk images may be mounted directly via</para> | |
503 | ||
504 | <programlisting># mount -t ddi myimage.raw targetdir/</programlisting> | |
505 | ||
506 | <para>in a fashion mostly equivalent to:</para> | |
507 | ||
508 | <programlisting># systemd-dissect --mount myimage.raw targetdir/</programlisting> | |
509 | ||
510 | <para>Note that since a single DDI may contain multiple file systems it should later be unmounted with | |
511 | <command>umount -R targetdir/</command>, for recursive operation.</para> | |
512 | ||
513 | <para>This functionality is particularly useful to mount DDIs automatically at boot via simple | |
514 | <filename>/etc/fstab</filename> entries. For example:</para> | |
515 | ||
516 | <programlisting>/path/to/myimage.raw /images/myimage/ ddi defaults 0 0</programlisting> | |
517 | ||
518 | <para>When invoked this way the mount options <literal>ro</literal>, <literal>rw</literal>, | |
519 | <literal>discard</literal>, <literal>nodiscard</literal> map to the corresponding options listed above | |
520 | (i.e. <option>--read-only</option>, <option>--discard=all</option>, | |
521 | <option>--discard=disabled</option>). Mount options are <emphasis>not</emphasis> generically passed on to | |
522 | the file systems inside the images.</para> | |
523 | </refsect1> | |
1a06ce16 LP |
524 | |
525 | <refsect1> | |
526 | <title>Examples</title> | |
527 | ||
528 | <example> | |
529 | <title>Generate a tarball from an OS disk image</title> | |
530 | ||
92828ba6 | 531 | <programlisting># systemd-dissect --with foo.raw tar cz . >foo.tar.gz</programlisting> |
1a06ce16 | 532 | </example> |
61f403a1 LP |
533 | </refsect1> |
534 | ||
535 | <refsect1> | |
536 | <title>See Also</title> | |
537 | <para> | |
538 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
21556381 ZJS |
539 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
540 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
db811444 | 541 | <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink>, |
92828ba6 | 542 | <citerefentry project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry>, |
461836a4 LP |
543 | <citerefentry project='man-pages'><refentrytitle>umount</refentrytitle><manvolnum>8</manvolnum></citerefentry>, |
544 | <citerefentry project='man-pages'><refentrytitle>fdisk</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
61f403a1 LP |
545 | </para> |
546 | </refsect1> | |
547 | ||
548 | </refentry> |