diff options
| author | Andreas Valder <git@notandy.de> | 2021-06-05 18:39:38 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2021-10-28 19:19:22 +0200 |
| commit | c0c8f7180023e7c72bf9dd67f1a82d3ea611d445 (patch) | |
| tree | ec673bcda5eb64da7283b41c1392cc6ea71e4c22 /man/systemd-nspawn.xml | |
| parent | 5433d425b4b6f84e0fec8fbd81ef46745828b293 (diff) | |
| download | systemd-c0c8f7180023e7c72bf9dd67f1a82d3ea611d445.tar.gz | |
nspawn: add filesystem id mapping support to --bind and --bind-ro
Diffstat (limited to 'man/systemd-nspawn.xml')
| -rw-r--r-- | man/systemd-nspawn.xml | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index aec0b0e129..9c1cb33c01 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -1357,17 +1357,21 @@ After=sys-subsystem-net-devices-ens1.device</programlisting> source path is taken relative to the image's root directory. This permits setting up bind mounts within the container image. The source path may be specified as empty string, in which case a temporary directory below the host's <filename>/var/tmp/</filename> directory is used. It is automatically removed when the container is - shut down. Mount options are comma-separated and currently, only <option>rbind</option> and - <option>norbind</option> are allowed, controlling whether to create a recursive or a regular bind - mount. Defaults to "rbind". Backslash escapes are interpreted, so <literal>\:</literal> may be used to embed - colons in either path. This option may be specified multiple times for creating multiple independent bind - mount points. The <option>--bind-ro=</option> option creates read-only bind mounts.</para> + shut down. The <option>--bind-ro=</option> option creates read-only bind mounts. Backslash escapes are interpreted, + so <literal>\:</literal> may be used to embed colons in either path. This option may be specified + multiple times for creating multiple independent bind mount points.</para> + + <para>Mount options are comma-separated. <option>rbind</option> and <option>norbind</option> control whether + to create a recursive or a regular bind mount. Defaults to "rbind". <option>idmap</option> and <option>noidmap</option> + control if the bind mount should use filesystem id mappings. Using this option requires support by the source filesystem + for id mappings. Defaults to "noidmap".</para> <para>Note that when this option is used in combination with <option>--private-users</option>, the resulting mount points will be owned by the <constant>nobody</constant> user. That's because the mount and its files and directories continue to be owned by the relevant host users and groups, which do not exist in the container, and thus show up under the wildcard UID 65534 (nobody). If such bind mounts are created, it is recommended to - make them read-only, using <option>--bind-ro=</option>.</para></listitem> + make them read-only, using <option>--bind-ro=</option>. Alternatively you can use the "idmap" mount option to + map the filesystem ids.</para></listitem> </varlistentry> <varlistentry> |