| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |
|
|
| |
All hail linkchecker!
|
| | |
|
| |
|
|
| |
This is similar to systemd-run's --property= setting.
|
| | |
|
| |
|
|
| |
The dnf name is here to stay, we might as well adjust.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
/var/lib/container to /var/lib/machines
Given that this is also the place to store raw disk images which are
very much bootable with qemu/kvm it sounds like a misnomer to call the
directory "container". Hence, let's change this sooner rather than
later, and use the generic name, in particular since we otherwise try to
use the generic "machine" preferably over the more specific "container"
or "vm".
|
| |
|
|
|
|
|
| |
Now that networkd's IP masquerading support means that running
containers with "--network-veth" will provide network access out of the
box for the container, let's add a shortcut "-n" for it, to make it
easily accessible.
|
| |
|
|
| |
This exposes an IP port on the container as local port using DNAT.
|
| |
|
|
|
|
|
| |
https://github.com/vlajos/misspell_fixer
https://github.com/torstehu/systemd/commit/b6fdeb618cf2f3ce1645b3315f15f482710c7ffa
Thanks to Torstein Husebo <torstein@huseboe.net>.
|
| |
|
|
| |
command line
|
| |
|
|
|
|
|
|
|
| |
Also, when booting up an ephemeral container of / use the system
hostname as default machine name.
This way specifiyng -M is unnecessary when booting up an ephemeral
container, while allowing any number of ephemeral containers to run from
the same tree.
|
| |
|
|
|
|
|
|
| |
This adds --template= to duplicate an OS tree as btrfs snpashot and run
it
This also adds --ephemeral or -x to create a snapshot of an OS tree and
boot that, removing it after exit.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--link-journal={host,guest} fail if the host does not have persistent
journalling enabled and /var/log/journal/ does not exist. Even worse, as there
is no stdout/err any more, there is no error message to point that out.
Introduce two new modes "try-host" and "try-guest" which don't fail in this
case, and instead just silently skip the guest journal setup.
Change -j to mean "try-guest" instead of "guest", and fix the wrong --help
output for it (it said "host" before).
Change systemd-nspawn@.service.in to use "try-guest" so that this unit works
with both persistent and non-persistent journals on the host without failing.
https://bugs.debian.org/770275
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is annoying when we have dead links on fd.o.
Add project='man-pages|die-net|archlinux' to <citerefentry>-ies.
In generated html, add external links to
http://man7.org/linux/man-pages/man, http://linux.die.net/man/,
https://www.archlinux.org/.
By default, pages in sections 2 and 4 go to man7, since Michael
Kerrisk is the autorative source on kernel related stuff.
The rest of links goes to linux.die.net, because they have the
manpages.
Except for the pacman stuff, since it seems to be only available from
archlinux.org.
Poor gummiboot gets no link, because gummitboot(8) ain't to be found
on the net. According to common wisdom, that would mean that it does
not exist. But I have seen Kay using it, so I know it does, and
deserves to be found. Can somebody be nice and put it up somewhere?
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The file should have been in /usr/lib/ in the first place, since it
describes the OS container in /usr (and not the configuration in /etc),
hence, let's support os-release files in /usr/lib as fallback if no
version in /etc exists, following the usual override logic.
A prior commit already enabled tmpfiles to create /etc/os-release as a
symlink to /usr/lib/os-release should it be missing, thus providing nice
compatibility with applications only checking in /etc.
While it's probably a good idea if all apps check both locations via a
fallback logic, it is only necessary in the early boot process, as long
as the /etc/os-release symlink has not been restored, in case we boot
with an empty /etc.
|
| |
|
|
| |
such as /var
|
| |
|
|
|
| |
Set commas where there should be some.
Some improvements to word order.
|
| |
|
|
|
| |
This patch exchange words which are inappropriate for a situation,
deletes duplicated words, and adds particles where needed.
|
| | |
|
| | |
|
| |
|
|
| |
Discoverable Partitions Specification
|
| |
|
|
| |
container
|
| | |
|
| |
|
|
|
|
|
| |
"ve-" interface name prefix
This way we can recognize the interfaces later on to apply different
host-side configuration to them.
|
| |
|
|
| |
containers on a 64bit host
|
| |
|
|
|
|
|
|
| |
Issues fixed:
* missing words required by grammar
* duplicated or extraneous words
* inappropriate forms (e.g. singular/plural), and declinations
* orthographic misspellings
|
| |
|
|
| |
Resolve spotted issues related to missing or extraneous commas, dashes.
|
| |
|
|
|
|
|
|
| |
This adds the host side of the veth link to the given bridge.
Also refactor the creation of the veth interfaces a bit to set it up
from the host rather than the container. This simplifies the addition
to the bridge, but otherwise the behavior is unchanged.
|
| | |
|
| | |
|
| |
|
|
| |
into the container
|
| | |
|
| |
|
|
| |
of this
|
| |
|
|
| |
or services) as machine with machined
|
| |
|
|
| |
the container with machined
|
| |
|
|
| |
namespacing
|
| |
|
|
|
|
|
|
|
|
|
| |
Let's always call the security labels the same way:
SMACK: "Smack Label"
SELINUX: "SELinux Security Context"
And the low-level encapsulation is called "seclabel". Now let's hope we
stick to this vocabulary in future, too, and don't mix "label"s and
"security contexts" and so on wildly.
|
| |
|
|
| |
the API file systems, nothing else
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- As suggested, prefix argument variables with "arg_" how we do this
usually.
- As suggested, don't involve memory allocations when storing command
line arguments.
- Break --help text at 80 chars
- man: explain that this is about SELinux
- don't do unnecessary memory allocations when putting together mount
option string
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds to new options:
-Z PROCESS_LABEL
This specifies the process label to run on processes run within the container.
-L FILE_LABEL
The file label to assign to memory file systems created within the container.
For example if you wanted to wrap an container with SELinux sandbox labels, you could execute a command line the following
chcon system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -R /srv/container
systemd-nspawn -L system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -Z system_u:system_r:svirt_lxc_net_t:s0:c0,c1 -D /srv/container /bin/sh
|
| |
|
|
| |
container to spawn
|
