Previously, the man page suggested to only use nspawn for testing,
building, and debugging things. However, it is nowadays used in
production and used as building block for rocket, hence let's just admit
that it's pretty much production ready.
kernel modules may not be loaded from within the container.</para>
<para>Note that even though these security precautions are taken
- <command>systemd-nspawn</command> is not suitable for secure
+ <command>systemd-nspawn</command> is not suitable for fully secure
container setups. Many of the security features may be
circumvented and are hence primarily useful to avoid accidental
- changes to the host system from the container. The intended use of
- this program is debugging and testing as well as building of
- packages, distributions and software involved with boot and
- systems management.</para>
+ changes to the host system from the container.</para>
<para>In contrast to
<citerefentry project='man-pages'><refentrytitle>chroot</refentrytitle><manvolnum>1</manvolnum></citerefentry> <command>systemd-nspawn</command>
projects / thirdparty / systemd.git / commitdiff
