diff options
| author | Lennart Poettering <lennart@poettering.net> | 2024-11-12 09:44:48 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2025-01-08 21:54:19 +0100 |
| commit | 55e4946f9ca75c35e87ff7f0c0d871e0d80e8ca0 (patch) | |
| tree | c410275aaff277ba286a29130a5357ebe97359d3 /man | |
| parent | userdb: synthesize stub user records for the foreign UID (diff) | |
| download | systemd-55e4946f9ca75c35e87ff7f0c0d871e0d80e8ca0.tar.xz systemd-55e4946f9ca75c35e87ff7f0c0d871e0d80e8ca0.zip | |
dissect: add new --shift command
Diffstat (limited to 'man')
| -rw-r--r-- | man/systemd-dissect.xml | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/man/systemd-dissect.xml b/man/systemd-dissect.xml index 3aaa1744f3..2718feccb7 100644 --- a/man/systemd-dissect.xml +++ b/man/systemd-dissect.xml @@ -62,6 +62,9 @@ <cmdsynopsis> <command>systemd-dissect</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg>--validate</arg> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> </cmdsynopsis> + <cmdsynopsis> + <command>systemd-dissect</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg>--shift</arg> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> <arg choice="plain"><replaceable>UIDBASE</replaceable></arg> + </cmdsynopsis> </refsynopsisdiv> <refsect1> @@ -350,6 +353,27 @@ <xi:include href="version-info.xml" xpointer="v254"/></listitem> </varlistentry> + <varlistentry> + <term><option>--shift</option></term> + + <listitem><para>Recursively iterates through all inodes of the specified image and shifts the UIDs + and GIDs the inodes are owned by into the specified UID range. Takes an image path and a UID base as + parameter. The UID base can be specified numerically (in which case it must be a multiple of 65536, + and either 0 or within the container or foreign UID range, as per <ulink + url="https://systemd.io/UIDS-GIDS/">Users, Groups, UIDs and GIDs on systemd Systems</ulink>), or as + the symbolic identifier <literal>foreign</literal> which is shorthand to the foreign UID base. This + command is useful for preparing directory container images for unprivileged use. Note that this + command is intended for images that use the 16bit UIDs/GIDs range only, and it always ignores the + upper 16bit of the current UID/GID ownership, combining the lower 16 bit with the target UID + base.</para> + + <para>Use <command>systemd-dissect --shift /some/container/tree foreign</command> to shift a + container image into the foreign UID range, or <command>systemd-dissect --shift /some/container/tree + 0</command> to shift it to host UID range.</para> + + <xi:include href="version-info.xml" xpointer="v258"/></listitem> + </varlistentry> + <xi:include href="standard-options.xml" xpointer="help" /> <xi:include href="standard-options.xml" xpointer="version" /> </variablelist> |