nspawn: add NamespacePath support for nspawn files

Commit d7bea6b6 ("nspawn: introduce an option for specifying network
namespace path") already did most of the work here enabling a command
line option for specifying the namespace path for a given container.
Someone even took care of the merging code in merge_settings as though
this already worked. All that's then needed is to add a line to the
nspawn-gperf.gperf file to actually enable being able to specify
NamespacePath from nspawn files as well.

This greatly simplifies how we configure nspawn containers by being able
to give all the options we need in .nspawn files instead of needing to
also use command line parameters.

Closes: #27188

diff --git a/man/systemd.nspawn.xml b/man/systemd.nspawn.xml
index 1db41a1b72c6af8f0dc5a42786bc29583b5c17e3..6492a8911aa0111788f254be37773ede7d19ac0f 100644 (file)
--- a/man/systemd.nspawn.xml
+++ b/man/systemd.nspawn.xml
@@ -585,6 +585,26 @@
         <xi:include href="version-info.xml" xpointer="v226"/></listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><varname>NamespacePath=</varname></term>
+
+        <listitem><para>Takes the path to a file representing a kernel
+        network namespace that the container shall run in. The specified path
+        should refer to a (possibly bind-mounted) network namespace file, as
+        exposed by the kernel below <filename>/proc/$PID/ns/net</filename>.
+        This makes the container enter the given network namespace. One of the
+        typical use cases is to give a network namespace under
+        <filename>/run/netns</filename> created by <citerefentry
+        project='man-pages'><refentrytitle>ip-netns</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+        for example, <varname>NamespacePath=/run/netns/foo</varname>.
+        Note that this option cannot be used together with other
+        network-related options, such as <varname>Private=</varname>
+        or <varname>Interface=</varname>. This option corresponds to the
+        <option>--network-namespace-path</option> command line switch.</para>
+
+        <xi:include href="version-info.xml" xpointer="v259"/></listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><varname>VirtualEthernet=</varname></term>
 

diff --git a/src/nspawn/nspawn-gperf.gperf b/src/nspawn/nspawn-gperf.gperf
index 7a8a8d8b3d0aaddd2e901f487a140b721097aadf..9c886f712125aaf844864faf86c38804b3ab7297 100644 (file)
--- a/src/nspawn/nspawn-gperf.gperf
+++ b/src/nspawn/nspawn-gperf.gperf
@@ -73,6 +73,7 @@ Files.PrivateUsersOwnership,  config_parse_userns_ownership, 0,
 Files.BindUser,               config_parse_bind_user,      0,                        offsetof(Settings, bind_user)
 Files.BindUserShell,          config_parse_bind_user_shell, 0,                       0
 Network.Private,              config_parse_tristate,       0,                        offsetof(Settings, private_network)
+Network.NamespacePath,        config_parse_path,           0,                        offsetof(Settings, network_namespace_path)
 Network.Interface,            config_parse_network_iface_pair, 0,                    offsetof(Settings, network_interfaces)
 Network.MACVLAN,              config_parse_macvlan_iface_pair, 0,                    offsetof(Settings, network_macvlan)
 Network.IPVLAN,               config_parse_ipvlan_iface_pair, 0,                     offsetof(Settings, network_ipvlan)