From: Dwight Engen Date: Fri, 4 Oct 2013 17:46:05 +0000 (-0400) Subject: fix errors when using docbook2man X-Git-Tag: lxc-1.0.0.alpha2~46 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3157e673952bb857caf98666983eb5c0aec831a9;p=thirdparty%2Flxc.git fix errors when using docbook2man docbook2man picks up some errors that docbook2x does not, fixing them isn't harmful to docbook2x. The only real change is adding and tags. Signed-off-by: Dwight Engen Signed-off-by: Serge Hallyn --- diff --git a/doc/lxc.conf.sgml.in b/doc/lxc.conf.sgml.in index dd68d486a..ac3e37743 100644 --- a/doc/lxc.conf.sgml.in +++ b/doc/lxc.conf.sgml.in @@ -668,81 +668,101 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - (or ): - mount /proc as read-write, but - remount /proc/sys and - /proc/sysrq-trigger read-only - for security / container isolation purposes. + + (or ): + mount /proc as read-write, but + remount /proc/sys and + /proc/sysrq-trigger read-only + for security / container isolation purposes. + - : mount - /proc as read-write + + : mount + /proc as read-write + - (or ): - mount /sys as read-only - for security / container isolation purposes. + + (or ): + mount /sys as read-only + for security / container isolation purposes. + - : mount - /sys as read-write + + : mount + /sys as read-write + - (or - ): - mount a tmpfs to /sys/fs/cgroup, - create directories for all hierarchies to which - the container is added, create subdirectories - there with the name of the cgroup, and bind-mount - the container's own cgroup into that directory. - The container will be able to write to its own - cgroup directory, but not the parents, since they - will be remounted read-only + + (or + ): + mount a tmpfs to /sys/fs/cgroup, + create directories for all hierarchies to which + the container is added, create subdirectories + there with the name of the cgroup, and bind-mount + the container's own cgroup into that directory. + The container will be able to write to its own + cgroup directory, but not the parents, since they + will be remounted read-only + - : similar to - , but everything will + + : similar to + , but everything will be mounted read-only. + - : similar to - , but everything will - be mounted read-write. Note that the paths leading - up to the container's own cgroup will be writable, - but will not be a cgroup filesystem but just part - of the tmpfs of /sys/fs/cgroup + + : similar to + , but everything will + be mounted read-write. Note that the paths leading + up to the container's own cgroup will be writable, + but will not be a cgroup filesystem but just part + of the tmpfs of /sys/fs/cgroup + - (or - ): - mount a tmpfs to /sys/fs/cgroup, - create directories for all hierarchies to which - the container is added, bind-mount the hierarchies - from the host to the container and make everything - read-only except the container's own cgroup. Note - that compared to , where - all paths leading up to the container's own cgroup - are just simple directories in the underlying - tmpfs, here - /sys/fs/cgroup/$hierarchy - will contain the host's full cgroup hierarchy, - albeit read-only outside the container's own cgroup. - This may leak quite a bit of information into the - container. + + (or + ): + mount a tmpfs to /sys/fs/cgroup, + create directories for all hierarchies to which + the container is added, bind-mount the hierarchies + from the host to the container and make everything + read-only except the container's own cgroup. Note + that compared to , where + all paths leading up to the container's own cgroup + are just simple directories in the underlying + tmpfs, here + /sys/fs/cgroup/$hierarchy + will contain the host's full cgroup hierarchy, + albeit read-only outside the container's own cgroup. + This may leak quite a bit of information into the + container. + - : similar to - , but everything - will be mounted read-only. + + : similar to + , but everything + will be mounted read-only. + - : similar to - , but everything - will be mounted read-write. Note that in this case, - the container may escape its own cgroup. (Note also - that if the container has CAP_SYS_ADMIN support - and can mount the cgroup filesystem itself, it may - do so anyway.) + + : similar to + , but everything + will be mounted read-write. Note that in this case, + the container may escape its own cgroup. (Note also + that if the container has CAP_SYS_ADMIN support + and can mount the cgroup filesystem itself, it may + do so anyway.) + @@ -1001,20 +1021,20 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA as command line arguments and through environment variables. The arguments are: - Container name. - Section (always 'lxc'). - The hook type (i.e. 'clone' or 'pre-mount'). - Additional arguments In the + Container name. + Section (always 'lxc'). + The hook type (i.e. 'clone' or 'pre-mount'). + Additional arguments In the case of the clone hook, any extra arguments passed to - lxc-clone will appear as further arguments to the hook. + lxc-clone will appear as further arguments to the hook. The following environment variables are set: - LXC_NAME: is the container's name. - LXC_ROOTFS_MOUNT: the path to the mounted root filesystem. - LXC_CONFIG_FILE: the path to the container configuration file. - LXC_SRC_NAME: in the case of the clone hook, this is the original container's name. - LXC_ROOTFS_PATH: this is the lxc.rootfs entry for the container. Note this is likely not where the mounted rootfs is to be found, use LXC_ROOTFS_MOUNT for that. + LXC_NAME: is the container's name. + LXC_ROOTFS_MOUNT: the path to the mounted root filesystem. + LXC_CONFIG_FILE: the path to the container configuration file. + LXC_SRC_NAME: in the case of the clone hook, this is the original container's name. + LXC_ROOTFS_PATH: this is the lxc.rootfs entry for the container. Note this is likely not where the mounted rootfs is to be found, use LXC_ROOTFS_MOUNT for that. @@ -1121,8 +1141,8 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA A hook to be run when the container is cloned to a new one. - See lxc-clone - 1 for more information. + See lxc-clone + 1 for more information.