diff options
Diffstat (limited to 'man')
| -rw-r--r-- | man/custom-entities.ent.in | 4 | ||||
| -rw-r--r-- | man/systemd-nspawn.xml | 29 | ||||
| -rw-r--r-- | man/systemd-sysext.xml | 12 | ||||
| -rw-r--r-- | man/systemd.nspawn.xml | 11 |
4 files changed, 36 insertions, 20 deletions
diff --git a/man/custom-entities.ent.in b/man/custom-entities.ent.in index 0376e0feb9..aa0e1ef1ae 100644 --- a/man/custom-entities.ent.in +++ b/man/custom-entities.ent.in @@ -17,5 +17,5 @@ <!ENTITY DEFAULT_DNS_OVER_TLS_MODE "{{DEFAULT_DNS_OVER_TLS_MODE_STR}}"> <!ENTITY DEFAULT_TIMEOUT "{{DEFAULT_TIMEOUT_SEC}} s"> <!ENTITY DEFAULT_USER_TIMEOUT "{{DEFAULT_USER_TIMEOUT_SEC}} s"> -<!ENTITY fedora_latest_version "36"> -<!ENTITY fedora_cloud_release "1.5"> +<!ENTITY fedora_latest_version "37"> +<!ENTITY fedora_cloud_release "1.7"> diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index 39a6febb3c..3b158a0631 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -852,11 +852,13 @@ <varlistentry> <term><option>--network-interface=</option></term> - <listitem><para>Assign the specified network interface to the container. This will remove the - specified interface from the calling namespace and place it in the container. When the container - terminates, it is moved back to the calling namespace. Note that - <option>--network-interface=</option> implies <option>--private-network</option>. This option may be - used more than once to add multiple network interfaces to the container.</para> + <listitem><para>Assign the specified network interface to the container. Either takes a single + interface name, referencing the name on the host, or a colon-separated pair of interfaces, in which + case the first one references the name on the host, and the second one the name in the container. + When the container terminates, the interface is moved back to the calling namespace and renamed to + its original name. Note that <option>--network-interface=</option> implies + <option>--private-network</option>. This option may be used more than once to add multiple network + interfaces to the container.</para> <para>Note that any network interface specified this way must already exist at the time the container is started. If the container shall be started automatically at boot via a @@ -880,9 +882,12 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> <term><option>--network-macvlan=</option></term> <listitem><para>Create a <literal>macvlan</literal> interface of the specified Ethernet network - interface and add it to the container. A <literal>macvlan</literal> interface is a virtual interface - that adds a second MAC address to an existing physical Ethernet link. The interface in the container - will be named after the interface on the host, prefixed with <literal>mv-</literal>. Note that + interface and add it to the container. Either takes a single interface name, referencing the name + on the host, or a colon-separated pair of interfaces, in which case the first one references the name + on the host, and the second one the name in the container. A <literal>macvlan</literal> interface is + a virtual interface that adds a second MAC address to an existing physical Ethernet link. If the + container interface name is not defined, the interface in the container will be named after the + interface on the host, prefixed with <literal>mv-</literal>. Note that <option>--network-macvlan=</option> implies <option>--private-network</option>. This option may be used more than once to add multiple network interfaces to the container.</para> @@ -895,9 +900,13 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> <term><option>--network-ipvlan=</option></term> <listitem><para>Create an <literal>ipvlan</literal> interface of the specified Ethernet network - interface and add it to the container. An <literal>ipvlan</literal> interface is a virtual interface, + interface and add it to the container. Either takes a single interface name, referencing the name on + the host, or a colon-separated pair of interfaces, in which case the first one references the name + on the host, and the second one the name in the container. An <literal>ipvlan</literal> interface is + a virtual interface, similar to a <literal>macvlan</literal> interface, which uses the same MAC address as the underlying - interface. The interface in the container will be named after the interface on the host, prefixed + interface. If the container interface name is not defined, the interface in the container will be + named after the interface on the host, prefixed with <literal>iv-</literal>. Note that <option>--network-ipvlan=</option> implies <option>--private-network</option>. This option may be used more than once to add multiple network interfaces to the container.</para> diff --git a/man/systemd-sysext.xml b/man/systemd-sysext.xml index a257fa73bc..6e164077e2 100644 --- a/man/systemd-sysext.xml +++ b/man/systemd-sysext.xml @@ -281,11 +281,13 @@ <listitem><para>Takes an image policy string as argument, as per <citerefentry><refentrytitle>systemd.image-policy</refentrytitle><manvolnum>7</manvolnum></citerefentry>. The policy is enforced when operating on system extension disk images. If not specified defaults to - <literal>root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent</literal>, - i.e. only the root and <filename>/usr/</filename> file systems in the image are used. When run in the - initrd and operating on a system extension image stored in the <filename>/.extra/sysext/</filename> - directory a slightly stricter policy is used by default: - <literal>root=signed+absent:usr=signed+absent</literal>, see above for details.</para></listitem> + <literal>root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent</literal> + for system extensions, i.e. only the root and <filename>/usr/</filename> file systems in the image + are used. For configuration extensions defaults to + <literal>root=verity+signed+encrypted+unprotected+absent</literal>. When run in the initrd and + operating on a system extension image stored in the <filename>/.extra/sysext/</filename> directory a + slightly stricter policy is used by default: <literal>root=signed+absent:usr=signed+absent</literal>, + see above for details.</para></listitem> </varlistentry> <xi:include href="standard-options.xml" xpointer="no-pager" /> diff --git a/man/systemd.nspawn.xml b/man/systemd.nspawn.xml index c1eef7853b..ec94176c01 100644 --- a/man/systemd.nspawn.xml +++ b/man/systemd.nspawn.xml @@ -531,8 +531,11 @@ <varlistentry> <term><varname>Interface=</varname></term> - <listitem><para>Takes a space-separated list of interfaces to - add to the container. This option corresponds to the + <listitem><para>Takes a space-separated list of interfaces to add to the container. + The interface object is defined either by a single interface name, referencing the name on the host, + or a colon-separated pair of interfaces, in which case the first one references the name on the host, + and the second one the name in the container. + This option corresponds to the <option>--network-interface=</option> command line switch and implies <varname>Private=yes</varname>. This option is privileged (see above).</para></listitem> @@ -544,7 +547,9 @@ <listitem><para>Takes a space-separated list of interfaces to add MACLVAN or IPVLAN interfaces to, which are then added to - the container. These options correspond to the + the container. The interface object is defined either by a single interface name, referencing the name + on the host, or a colon-separated pair of interfaces, in which case the first one references the name + on the host, and the second one the name in the container. These options correspond to the <option>--network-macvlan=</option> and <option>--network-ipvlan=</option> command line switches and imply <varname>Private=yes</varname>. These options are |