diff options
| author | Lennart Poettering <lennart@poettering.net> | 2022-12-01 22:41:47 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2023-04-05 20:55:15 +0200 |
| commit | 9ea811914fce034c2fe9d5f7d5712d49462ac6a4 (patch) | |
| tree | 8923f84ccfc9b4a41d23d449658c7b9ccd5cf4b7 /man/systemd-nspawn.xml | |
| parent | test: add integration test for image policy (diff) | |
| download | systemd-9ea811914fce034c2fe9d5f7d5712d49462ac6a4.tar.xz systemd-9ea811914fce034c2fe9d5f7d5712d49462ac6a4.zip | |
man: document image policy syntax and semantics, and the hooks in the various components
Diffstat (limited to 'man/systemd-nspawn.xml')
| -rw-r--r-- | man/systemd-nspawn.xml | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index e2c751692f..39a6febb3c 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -311,6 +311,17 @@ </varlistentry> <varlistentry> + <term><option>--image-policy=<replaceable>policy</replaceable></option></term> + + <listitem><para>Takes an image policy string as argument, as per + <citerefentry><refentrytitle>systemd.image-policy</refentrytitle><manvolnum>7</manvolnum></citerefentry>. The + policy is enforced when operating on the disk image specified via <option>--image=</option>, see + above. If not specified defaults to + <literal>root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:esp=unprotected+absent:xbootldr=unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent</literal>, + i.e. all recognized file systems in the image are used, but not the swap partition.</para></listitem> + </varlistentry> + + <varlistentry> <term><option>--oci-bundle=</option></term> <listitem><para>Takes the path to an OCI runtime bundle to invoke, as specified in the <ulink |