of the owners and the ACLs of all files and directories in a
container tree to match the UID/GID user namespacing range selected
for the container invocation. This mode is enabled via the new
- --private-user-chown switch. It also gained support for automatically
- choosing a free, previously unused UID/GID range when starting a
- container, via the new --private-users=pick setting (which implies
- --private-user-chown). Together, these options for the first time
- make user namespacing for nspawn containers fully automatic and thus
- deployable. The systemd-nspawn@.service template unit file has been
- changed to use this functionality by default.
+ --private-users-chown switch. It also gained support for
+ automatically choosing a free, previously unused UID/GID range when
+ starting a container, via the new --private-users=pick setting (which
+ implies --private-users-chown). Together, these options for the first
+ time make user namespacing for nspawn containers fully automatic and
+ thus deployable. The systemd-nspawn@.service template unit file has
+ been changed to use this functionality by default.
* systemd-nspawn gained a new --network-zone= switch, that allows
creating ad-hoc virtual Ethernet links between multiple containers,
" -U --private-users=pick Run within user namespace, autoselect UID/GID range\n"
" --private-users[=UIDBASE[:NUIDS]]\n"
" Similar, but with user configured UID/GID range\n"
- " --private-user-chown Adjust OS tree ownership to private UID/GID range\n"
+ " --private-users-chown Adjust OS tree ownership to private UID/GID range\n"
" --private-network Disable network in container\n"
" --network-interface=INTERFACE\n"
" Assign an existing network interface to the\n"
projects / platform / upstream / systemd.git / commitdiff