mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-10-27 01:55:32 +03:00
man: document how nspawn's --bind= and --private-users interact
Fixes: #5900
This commit is contained in:
parent
05d69e0294
commit
994a6364d2
@ -806,7 +806,13 @@
|
||||
<option>norbind</option> are allowed, controlling whether to create a recursive or a regular bind
|
||||
mount. Defaults to "rbind". Backslash escapes are interpreted, so <literal>\:</literal> may be used to embed
|
||||
colons in either path. This option may be specified multiple times for creating multiple independent bind
|
||||
mount points. The <option>--bind-ro=</option> option creates read-only bind mounts.</para></listitem>
|
||||
mount points. The <option>--bind-ro=</option> option creates read-only bind mounts.</para>
|
||||
|
||||
<para>Note that when this option is used in combination with <option>--private-users</option>, the resulting
|
||||
mount points will be owned by the <constant>nobody</constant> user. That's because the mount and its files and
|
||||
directories continue to be owned by the relevant host users and groups, which do not exist in the container,
|
||||
and thus show up under the wildcard UID 65534 (nobody). If such bind mounts are created, it is recommended to
|
||||
make them read-only, using <option>--bind-ro=</option>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
Loading…
Reference in New Issue
Block a user