diff options
| author | Lennart Poettering <lennart@poettering.net> | 2018-05-12 12:50:57 -0700 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2018-05-22 16:19:26 +0200 |
| commit | 09d423e9219883e5cb45adc249d07845fb6d4cb9 (patch) | |
| tree | 3b2bf3830e1f4b1c2c07a0d0129d1fd7ddd0ccd4 /man/systemd-nspawn.xml | |
| parent | 8904ab86b0397e64846e4b7418584f7120626d9f (diff) | |
| download | systemd-09d423e9219883e5cb45adc249d07845fb6d4cb9.tar.gz | |
nspawn: add greater control over how /etc/resolv.conf is handled
Fixes: #8014 #1781
Diffstat (limited to 'man/systemd-nspawn.xml')
| -rw-r--r-- | man/systemd-nspawn.xml | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index 9a0e02187f..03e79683bc 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -859,6 +859,35 @@ </varlistentry> <varlistentry> + <term><option>--resolv-conf=</option></term> + + <listitem><para>Configures how <filename>/etc/resolv.conf</filename> inside of the container (i.e. DNS + configuration synchronization from host to container) shall be handled. Takes one of <literal>off</literal>, + <literal>copy-host</literal>, <literal>copy-static</literal>, <literal>bind-host</literal>, + <literal>bind-static</literal>, <literal>delete</literal> or <literal>auto</literal>. If set to + <literal>off</literal> the <filename>/etc/resolv.conf</filename> file in the container is left as it is + included in the image, and neither modified nor bind mounted over. If set to <literal>copy-host</literal>, the + <filename>/etc/resolv.conf</filename> file from the host is copied into the container. Similar, if + <literal>bind-host</literal> is used, the file is bind mounted from the host into the container. If set to + <literal>copy-static</literal> the static <filename>resolv.conf</filename> file supplied with + <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> is + copied into the container, and correspondingly <literal>bind-static</literal> bind mounts it there. If set to + <literal>delete</literal> the <filename>/etc/resolv.conf</filename> file in the container is deleted if it + exists. Finally, if set to <literal>auto</literal> the file is left as it is if private networking is turned on + (see <option>--private-network</option>). Otherwise, if <filename>systemd-resolved.service</filename> is + connectible its static <filename>resolv.conf</filename> file is used, and if not the host's + <filename>/etc/resolv.conf</filename> file is used. In the latter cases the file is copied if the image is + writable, and bind mounted otherwise. It's recommended to use <literal>copy</literal> if the container shall be + able to make changes to the DNS configuration on its own, deviating from the host's settings. Otherwise + <literal>bind</literal> is preferable, as it means direct changes to <filename>/etc/resolv.conf</filename> in + the container are not allowed, as it is a read-only bind mount (but note that if the container has enough + privileges, it might simply go ahead and unmount the bind mount anyway). Note that both if the file is bind + mounted and if it is copied no further propagation of configuration is generally done after the one-time early + initialization (this is because the file is usually updated through copying and renaming). Defaults to + <literal>auto</literal>.</para></listitem> + </varlistentry> + + <varlistentry> <term><option>--read-only</option></term> <listitem><para>Mount the root file system read-only for the |