2023-10-12 20:20:29 +08:00
|
|
|
|
<?xml version='1.0'?>
|
|
|
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
2024-04-12 21:05:43 +08:00
|
|
|
|
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
|
|
|
|
<!ENTITY % entities SYSTEM "custom-entities.ent" >
|
|
|
|
|
%entities;
|
|
|
|
|
]>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
|
|
|
|
|
|
|
|
|
|
<refentry id="systemd-vmspawn" conditional="ENABLE_VMSPAWN"
|
|
|
|
|
xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
|
|
|
|
|
|
|
|
<refentryinfo>
|
|
|
|
|
<title>systemd-vmspawn</title>
|
|
|
|
|
<productname>systemd</productname>
|
|
|
|
|
</refentryinfo>
|
|
|
|
|
|
|
|
|
|
<refmeta>
|
|
|
|
|
<refentrytitle>systemd-vmspawn</refentrytitle>
|
|
|
|
|
<manvolnum>1</manvolnum>
|
|
|
|
|
</refmeta>
|
|
|
|
|
|
|
|
|
|
<refnamediv>
|
|
|
|
|
<refname>systemd-vmspawn</refname>
|
2024-02-29 10:46:25 +08:00
|
|
|
|
<refpurpose>Spawn an OS in a virtual machine</refpurpose>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
</refnamediv>
|
|
|
|
|
|
|
|
|
|
<refsynopsisdiv>
|
|
|
|
|
<cmdsynopsis>
|
|
|
|
|
<command>systemd-vmspawn</command>
|
|
|
|
|
<arg choice="opt" rep="repeat">OPTIONS</arg>
|
|
|
|
|
<arg choice="opt" rep="repeat">ARGS</arg>
|
|
|
|
|
</cmdsynopsis>
|
|
|
|
|
</refsynopsisdiv>
|
|
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
|
<title>Description</title>
|
2024-04-14 22:41:08 +08:00
|
|
|
|
<para><command>systemd-vmspawn</command> may be used to start a virtual machine from an OS image. In many ways it is similar to <citerefentry>
|
|
|
|
|
<refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>, but
|
2023-10-12 20:20:29 +08:00
|
|
|
|
launches a full virtual machine instead of using namespaces.</para>
|
2023-10-26 21:03:59 +08:00
|
|
|
|
|
2024-01-18 20:32:10 +08:00
|
|
|
|
<para>File descriptors for <filename>/dev/kvm</filename> and <filename>/dev/vhost-vsock</filename> can be
|
|
|
|
|
passed to <command>systemd-vmspawn</command> via systemd's native socket passing interface (see
|
|
|
|
|
<citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry> for
|
|
|
|
|
details about the precise protocol used and the order in which the file descriptors are passed), these
|
2024-02-16 22:55:35 +08:00
|
|
|
|
file descriptors must be passed with the names <literal>kvm</literal> and <literal>vhost-vsock</literal>
|
|
|
|
|
respectively.</para>
|
2024-01-18 20:32:10 +08:00
|
|
|
|
|
2024-02-21 23:18:24 +08:00
|
|
|
|
<para>Note: on Ubuntu/Debian derivatives systemd-vmspawn requires the user to be in the
|
|
|
|
|
<literal>kvm</literal> group to use the VSOCK options.</para>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
|
<title>Options</title>
|
|
|
|
|
|
2023-11-06 18:25:12 +08:00
|
|
|
|
<para>The excess arguments are passed as extra kernel command line arguments using SMBIOS.</para>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
|
|
|
|
|
<para>The following options are understood:</para>
|
|
|
|
|
|
2024-01-23 02:26:22 +08:00
|
|
|
|
<variablelist>
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term><option>-q</option></term>
|
|
|
|
|
<term><option>--quiet</option></term>
|
|
|
|
|
|
|
|
|
|
<listitem><para>Turns off any status output by the tool
|
|
|
|
|
itself. When this switch is used, the only output from vmspawn
|
|
|
|
|
will be the console output of the Virtual Machine OS itself.</para>
|
|
|
|
|
|
|
|
|
|
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
|
|
</variablelist>
|
|
|
|
|
|
2023-10-12 20:20:29 +08:00
|
|
|
|
<refsect2>
|
2023-11-08 04:36:46 +08:00
|
|
|
|
<title>Image Options</title>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
|
2023-12-05 01:33:12 +08:00
|
|
|
|
<varlistentry>
|
|
|
|
|
<term><option>-D</option></term>
|
|
|
|
|
<term><option>--directory=</option></term>
|
|
|
|
|
|
|
|
|
|
<listitem><para>Directory to use as file system root for the virtual machine.</para>
|
|
|
|
|
|
|
|
|
|
<para>One of either <option>--directory=</option> or <option>--image=</option> must be specified.</para>
|
2024-02-16 22:55:35 +08:00
|
|
|
|
|
2023-12-05 01:33:12 +08:00
|
|
|
|
<para>Note: If mounting a non-root owned directory you may require <option>--private-users=</option>
|
|
|
|
|
to map into the user's subuid namespace.</para>
|
|
|
|
|
|
|
|
|
|
<xi:include href="version-info.xml" xpointer="v256"/>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
|
2023-11-08 04:36:46 +08:00
|
|
|
|
<variablelist>
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term><option>-i</option></term>
|
|
|
|
|
<term><option>--image=</option></term>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
|
2023-11-08 04:36:46 +08:00
|
|
|
|
<listitem><para>Root file system disk image (or device node) for the virtual machine.</para>
|
|
|
|
|
|
|
|
|
|
<xi:include href="version-info.xml" xpointer="v255"/>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
</variablelist>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
</refsect2>
|
|
|
|
|
|
|
|
|
|
<refsect2>
|
2023-11-08 04:36:46 +08:00
|
|
|
|
<title>Host Configuration</title>
|
|
|
|
|
|
|
|
|
|
<variablelist>
|
|
|
|
|
<varlistentry>
|
2024-04-12 17:12:15 +08:00
|
|
|
|
<term><option>--cpus=<replaceable>CPUS</replaceable></option></term>
|
2023-11-08 04:36:46 +08:00
|
|
|
|
|
|
|
|
|
<listitem><para>Configures the number of CPUs to start the virtual machine with.
|
|
|
|
|
Defaults to 1.</para>
|
|
|
|
|
|
|
|
|
|
<xi:include href="version-info.xml" xpointer="v255"/>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
2024-04-12 17:12:15 +08:00
|
|
|
|
<term><option>--ram=<replaceable>BYTES</replaceable></option></term>
|
2023-11-08 04:36:46 +08:00
|
|
|
|
|
|
|
|
|
<listitem><para>Configures the amount of memory to start the virtual machine with.
|
|
|
|
|
Defaults to 2G.</para>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
|
2023-11-08 04:36:46 +08:00
|
|
|
|
<xi:include href="version-info.xml" xpointer="v255"/>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<varlistentry>
|
2024-04-12 17:12:15 +08:00
|
|
|
|
<term><option>--kvm=<replaceable>BOOL</replaceable></option></term>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<listitem><para>Configures whether to use KVM. If the option is not specified KVM support will be
|
|
|
|
|
detected automatically. If true, KVM is always used, and if false, KVM is never used.</para>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
|
|
|
|
</varlistentry>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<varlistentry>
|
2024-04-12 17:12:15 +08:00
|
|
|
|
<term><option>--vsock=<replaceable>BOOL</replaceable></option></term>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<listitem>
|
2024-02-21 23:18:24 +08:00
|
|
|
|
<para>Configure whether to use VSOCK networking.</para>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
|
2024-02-21 23:18:24 +08:00
|
|
|
|
<para>If the option is not specified VSOCK support will be detected automatically. If yes is
|
|
|
|
|
specified VSOCK is always used, and vice versa if no is set VSOCK are never used.</para>
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<xi:include href="version-info.xml" xpointer="v255"/>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<varlistentry>
|
2024-04-12 17:12:15 +08:00
|
|
|
|
<term><option>--vsock-cid=<replaceable>CID</replaceable></option></term>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<listitem>
|
|
|
|
|
<para>Configure vmspawn to use a specific CID for the guest.</para>
|
2023-11-07 22:04:11 +08:00
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<para>If the option is not specified or an empty argument is supplied the guest will be assigned a random CID.</para>
|
2023-11-10 19:56:49 +08:00
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<para>Valid CIDs are in the range <constant>3</constant> to <constant>4294967294</constant> (<constant>0xFFFF_FFFE</constant>).
|
|
|
|
|
CIDs outside of this range are reserved.</para>
|
2023-11-10 19:56:49 +08:00
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<xi:include href="version-info.xml" xpointer="v255"/>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
2023-10-26 21:03:59 +08:00
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<varlistentry>
|
2024-04-12 17:12:15 +08:00
|
|
|
|
<term><option>--tpm=<replaceable>BOOL</replaceable></option></term>
|
2023-10-26 21:03:59 +08:00
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<listitem>
|
2024-02-21 23:23:55 +08:00
|
|
|
|
<para>Configure whether to use VM with a virtual TPM or not.</para>
|
2023-10-26 21:03:59 +08:00
|
|
|
|
|
2024-04-14 22:41:08 +08:00
|
|
|
|
<para>If the option is not specified vmspawn will detect the presence of <citerefentry project='debian'>
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<refentrytitle>swtpm</refentrytitle><manvolnum>8</manvolnum></citerefentry> and use it if available.
|
2024-04-14 22:41:08 +08:00
|
|
|
|
If yes is specified <citerefentry project='debian'><refentrytitle>swtpm</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
|
|
|
is always used, and vice versa if no is set <citerefentry project='debian'><refentrytitle>swtpm</refentrytitle>
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<manvolnum>8</manvolnum></citerefentry> is never used.</para>
|
2023-10-26 21:03:59 +08:00
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<para>Note: the virtual TPM used may change in future.</para>
|
2024-01-20 01:50:43 +08:00
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<xi:include href="version-info.xml" xpointer="v256"/>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
2024-04-12 17:12:15 +08:00
|
|
|
|
<term><option>--linux=<replaceable>PATH</replaceable></option></term>
|
2024-02-16 22:55:35 +08:00
|
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>Set the linux kernel image to use for direct kernel boot.</para>
|
|
|
|
|
|
|
|
|
|
<para>If no kernel was installed into the image then the image will fail to boot.</para>
|
|
|
|
|
|
|
|
|
|
<xi:include href="version-info.xml" xpointer="v256"/>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
2024-04-12 17:12:15 +08:00
|
|
|
|
<term><option>--initrd=<replaceable>PATH</replaceable></option></term>
|
2024-02-16 22:55:35 +08:00
|
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>Set the initrd to use for direct kernel boot.</para>
|
|
|
|
|
|
|
|
|
|
<para>If the linux kernel supplied is a UKI then this argument is not required.</para>
|
|
|
|
|
|
|
|
|
|
<para>If the option is specified multiple times vmspawn will merge the initrds together.</para>
|
|
|
|
|
|
|
|
|
|
<para>If no initrd was installed into the image then the image will fail to boot.</para>
|
|
|
|
|
|
|
|
|
|
<xi:include href="version-info.xml" xpointer="v256"/>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term><option>-n</option></term>
|
|
|
|
|
<term><option>--network-tap</option></term>
|
|
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>Create a TAP device to network with the virtual machine.</para>
|
|
|
|
|
|
|
|
|
|
<para>Note: root privileges are required to use TAP networking.
|
|
|
|
|
Additionally,
|
2023-11-11 01:32:25 +08:00
|
|
|
|
<citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
2024-02-16 22:55:35 +08:00
|
|
|
|
must be running and correctly set up on the host to provision the host interface. The relevant
|
|
|
|
|
<literal>.network</literal> file can be found at
|
|
|
|
|
<filename>/usr/lib/systemd/network/80-vm-vt.network</filename>.
|
|
|
|
|
</para>
|
2023-11-11 01:32:25 +08:00
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<xi:include href="version-info.xml" xpointer="v255"/>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
2023-11-11 01:32:25 +08:00
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<varlistentry>
|
|
|
|
|
<term><option>--network-user-mode</option></term>
|
2023-11-11 01:32:25 +08:00
|
|
|
|
|
2024-02-21 23:23:55 +08:00
|
|
|
|
<listitem><para>Use user mode networking.</para>
|
2023-11-11 01:32:25 +08:00
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
|
|
|
|
</varlistentry>
|
2024-01-20 01:50:43 +08:00
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<varlistentry>
|
2024-04-12 17:12:15 +08:00
|
|
|
|
<term><option>--firmware=<replaceable>PATH</replaceable></option></term>
|
2024-01-20 01:50:43 +08:00
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<listitem><para>Takes an absolute path, or a relative path beginning with
|
|
|
|
|
<filename>./</filename>. Specifies a JSON firmware definition file, which allows selecting the
|
|
|
|
|
firmware to boot in the VM. If not specified a suitable firmware is automatically discovered. If the
|
|
|
|
|
special string <literal>list</literal> is specified lists all discovered firmwares.</para>
|
2023-12-08 21:32:34 +08:00
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
|
2024-04-11 19:48:00 +08:00
|
|
|
|
<varlistentry>
|
|
|
|
|
<term><option>--discard-disk=<replaceable>BOOL</replaceable></option></term>
|
|
|
|
|
|
|
|
|
|
<listitem><para>Controls whether qemu processes discard requests from the VM.
|
|
|
|
|
This prevents long running VMs from using more disk space than required.
|
|
|
|
|
This is enabled by default.</para>
|
|
|
|
|
|
|
|
|
|
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<varlistentry>
|
2024-04-12 17:12:15 +08:00
|
|
|
|
<term><option>--secure-boot=<replaceable>BOOL</replaceable></option></term>
|
2023-12-08 21:32:34 +08:00
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<listitem><para>Configure whether to search for firmware which supports Secure Boot.</para>
|
2023-12-08 21:32:34 +08:00
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<para>If the option is not specified the first firmware which is detected will be used.
|
|
|
|
|
If the option is set to yes then the first firmware with Secure Boot support will be selected.
|
|
|
|
|
If no is specified then the first firmware without Secure Boot will be selected.</para>
|
|
|
|
|
|
|
|
|
|
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
|
|
|
|
</varlistentry>
|
2024-01-20 01:50:43 +08:00
|
|
|
|
</variablelist>
|
2023-12-08 21:32:34 +08:00
|
|
|
|
</refsect2>
|
2023-10-26 21:03:59 +08:00
|
|
|
|
|
2023-12-08 21:32:34 +08:00
|
|
|
|
<refsect2>
|
2023-10-26 21:03:59 +08:00
|
|
|
|
<title>System Identity Options</title>
|
|
|
|
|
|
|
|
|
|
<variablelist>
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term><option>-M</option></term>
|
|
|
|
|
<term><option>--machine=</option></term>
|
|
|
|
|
|
2024-01-25 22:55:23 +08:00
|
|
|
|
<listitem><para>Sets the machine name for this virtual machine. This
|
|
|
|
|
name may be used to identify this virtual machine during its runtime
|
2023-10-26 21:03:59 +08:00
|
|
|
|
(for example in tools like
|
|
|
|
|
<citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
|
|
|
|
and similar).</para>
|
2024-02-16 22:55:35 +08:00
|
|
|
|
|
2023-11-21 04:07:00 +08:00
|
|
|
|
<xi:include href="version-info.xml" xpointer="v255"/>
|
2023-10-26 21:03:59 +08:00
|
|
|
|
</listitem>
|
2023-11-08 04:36:46 +08:00
|
|
|
|
</varlistentry>
|
2024-02-20 21:13:16 +08:00
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term><option>--uuid=</option></term>
|
|
|
|
|
|
|
|
|
|
<listitem><para>Set the specified UUID for the virtual machine. The
|
|
|
|
|
init system will initialize
|
|
|
|
|
<filename>/etc/machine-id</filename> from this if this file is
|
|
|
|
|
not set yet. Note that this option takes effect only if
|
|
|
|
|
<filename>/etc/machine-id</filename> in the virtual machine is
|
|
|
|
|
unpopulated.</para>
|
|
|
|
|
|
|
|
|
|
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
</variablelist>
|
|
|
|
|
</refsect2>
|
|
|
|
|
|
|
|
|
|
<refsect2>
|
|
|
|
|
<title>Property Options</title>
|
|
|
|
|
|
|
|
|
|
<variablelist>
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term><option>--register=</option></term>
|
|
|
|
|
|
|
|
|
|
<listitem><para>Controls whether the virtual machine is registered with
|
|
|
|
|
<citerefentry><refentrytitle>systemd-machined</refentrytitle><manvolnum>8</manvolnum></citerefentry>. Takes a
|
|
|
|
|
boolean argument, which defaults to <literal>yes</literal> when running as root, and <literal>no</literal> when
|
|
|
|
|
running as a regular user. This ensures that the virtual machine is accessible via
|
|
|
|
|
<citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
|
|
|
|
|
|
|
|
|
|
<para>Note: root privileges are required to use this option as registering with
|
|
|
|
|
<citerefentry><refentrytitle>systemd-machined</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
|
|
|
requires privileged D-Bus method calls.</para>
|
|
|
|
|
|
|
|
|
|
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
|
|
|
|
</varlistentry>
|
2023-11-08 04:36:46 +08:00
|
|
|
|
</variablelist>
|
2023-12-05 01:33:12 +08:00
|
|
|
|
</refsect2>
|
|
|
|
|
|
|
|
|
|
<refsect2>
|
|
|
|
|
<title>User Namespacing Options</title>
|
|
|
|
|
|
|
|
|
|
<variablelist>
|
|
|
|
|
<varlistentry>
|
2024-04-12 17:12:15 +08:00
|
|
|
|
<term><option>--private-users=<replaceable>UID_SHIFT[:UID_RANGE]</replaceable></option></term>
|
2023-12-05 01:33:12 +08:00
|
|
|
|
|
|
|
|
|
<listitem><para>Controls user namespacing under <option>--directory=</option>.
|
2024-04-14 22:41:08 +08:00
|
|
|
|
If enabled, <command>virtiofsd</command> is instructed to map user and group ids (UIDs and GIDs).
|
|
|
|
|
This involves mapping the private UIDs/GIDs used in the virtual machine (starting with the virtual machine's
|
|
|
|
|
root user 0 and up) to a range of UIDs/GIDs on the host that are not used for other purposes (usually in the
|
|
|
|
|
range beyond the host's UID/GID 65536).</para>
|
2023-12-05 01:33:12 +08:00
|
|
|
|
|
|
|
|
|
<para>If one or two colon-separated numbers are specified, user namespacing is turned on. <replaceable>UID_SHIFT</replaceable>
|
|
|
|
|
specifies the first host UID/GID to map, <replaceable>UID_RANGE</replaceable> is optional and specifies number of host
|
|
|
|
|
UIDs/GIDs to assign to the virtual machine. If <replaceable>UID_RANGE</replaceable> is omitted, 65536 UIDs/GIDs are assigned.</para>
|
|
|
|
|
|
|
|
|
|
<para>When user namespaces are used, the GID range assigned to each virtual machine is always chosen identical to the
|
|
|
|
|
UID range.</para>
|
|
|
|
|
|
|
|
|
|
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
</variablelist>
|
|
|
|
|
</refsect2>
|
|
|
|
|
|
2023-12-14 00:54:34 +08:00
|
|
|
|
<refsect2>
|
|
|
|
|
<title>Mount Options</title>
|
|
|
|
|
|
|
|
|
|
<variablelist>
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
2024-04-12 17:12:15 +08:00
|
|
|
|
<term><option>--bind=<replaceable>PATH</replaceable></option></term>
|
|
|
|
|
<term><option>--bind-ro=<replaceable>PATH</replaceable></option></term>
|
2023-12-14 00:54:34 +08:00
|
|
|
|
|
|
|
|
|
<listitem><para>Mount a directory from the host into the virtual machine. Takes one of: a path
|
|
|
|
|
argument — in which case the specified path will be mounted from the host to the same path in the virtual machine, or
|
|
|
|
|
a colon-separated pair of paths — in which case the first specified path is the source in the host, and the
|
|
|
|
|
second path is the destination in the virtual machine. If the source path is not absolute, it is resolved
|
|
|
|
|
relative to the current working directory. The <option>--bind-ro=</option> option creates read-only bind mounts.
|
|
|
|
|
Backslash escapes are interpreted, so <literal>\:</literal> may be used to embed colons in either path.
|
|
|
|
|
This option may be specified multiple times for creating multiple independent bind mount points.</para>
|
|
|
|
|
|
|
|
|
|
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
|
|
|
|
</varlistentry>
|
2024-02-15 00:40:40 +08:00
|
|
|
|
|
|
|
|
|
<varlistentry>
|
2024-04-12 17:12:15 +08:00
|
|
|
|
<term><option>--extra-drive=<replaceable>PATH</replaceable></option></term>
|
2024-02-15 00:40:40 +08:00
|
|
|
|
|
|
|
|
|
<listitem><para>Takes a disk image or block device on the host and supplies it to the virtual machine as another drive.</para>
|
|
|
|
|
|
|
|
|
|
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
|
2023-12-14 00:54:34 +08:00
|
|
|
|
</variablelist>
|
|
|
|
|
</refsect2>
|
|
|
|
|
|
2024-02-06 19:27:17 +08:00
|
|
|
|
<refsect2>
|
|
|
|
|
<title>Integration Options</title>
|
|
|
|
|
|
|
|
|
|
<variablelist>
|
|
|
|
|
<varlistentry>
|
2024-04-12 17:12:15 +08:00
|
|
|
|
<term><option>--forward-journal=<replaceable>FILE|DIR</replaceable></option></term>
|
2024-02-06 19:27:17 +08:00
|
|
|
|
|
2024-02-16 22:55:35 +08:00
|
|
|
|
<listitem><para>Forward the virtual machine's journal to the host.
|
|
|
|
|
<citerefentry><refentrytitle>systemd-journal-remote</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
|
|
|
is currently used to receive the guest VM's forwarded journal entries. This option determines where
|
|
|
|
|
this journal is saved on the host and has the same semantics as
|
|
|
|
|
<option>-o</option>/<option>--output</option> described in
|
2024-02-06 19:27:17 +08:00
|
|
|
|
<citerefentry><refentrytitle>systemd-journal-remote</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
|
|
|
|
|
|
|
|
|
<xi:include href="version-info.xml" xpointer="v256"/>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
2024-03-07 22:48:54 +08:00
|
|
|
|
|
|
|
|
|
<varlistentry>
|
2024-04-12 17:12:15 +08:00
|
|
|
|
<term><option>--pass-ssh-key=<replaceable>BOOL</replaceable></option></term>
|
2024-03-07 22:48:54 +08:00
|
|
|
|
|
|
|
|
|
<listitem><para>By default an SSH key is generated to allow <command>systemd-vmspawn</command> to open
|
|
|
|
|
a D-Bus connection to the VM's systemd bus. Setting this to "no" will disable SSH key generation.</para>
|
|
|
|
|
|
|
|
|
|
<para>The generated keys are ephemeral. That is they are valid only for the current invocation of <command>systemd-vmspawn</command>,
|
|
|
|
|
and are typically not persisted.</para>
|
|
|
|
|
|
|
|
|
|
<xi:include href="version-info.xml" xpointer="v256"/>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
2024-04-12 17:12:15 +08:00
|
|
|
|
<term><option>--ssh-key-type=<replaceable>TYPE</replaceable></option></term>
|
2024-03-07 22:48:54 +08:00
|
|
|
|
|
|
|
|
|
<listitem><para>Configures the type of SSH key to generate, see
|
2024-04-14 22:41:08 +08:00
|
|
|
|
<citerefentry project="man-pages"><refentrytitle>ssh-keygen</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
2024-03-07 22:48:54 +08:00
|
|
|
|
for more information.</para>
|
|
|
|
|
|
|
|
|
|
<para>By default <literal>ed25519</literal> keys are generated, however <literal>rsa</literal> keys
|
|
|
|
|
may also be useful if the VM has a particularly old version of <command>sshd</command></para>.
|
|
|
|
|
|
|
|
|
|
<xi:include href="version-info.xml" xpointer="v256"/>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
2024-02-06 19:27:17 +08:00
|
|
|
|
</variablelist>
|
|
|
|
|
</refsect2>
|
|
|
|
|
|
2024-02-23 19:20:55 +08:00
|
|
|
|
<refsect2>
|
|
|
|
|
<title>Input/Output Options</title>
|
|
|
|
|
|
|
|
|
|
<variablelist>
|
|
|
|
|
<varlistentry>
|
2024-04-12 17:12:15 +08:00
|
|
|
|
<term><option>--console=<replaceable>MODE</replaceable></option></term>
|
2024-02-23 19:20:55 +08:00
|
|
|
|
|
|
|
|
|
<listitem><para>Configures how to set up the console of the VM. Takes one of
|
|
|
|
|
<literal>interactive</literal>, <literal>read-only</literal>, <literal>native</literal>,
|
|
|
|
|
<literal>gui</literal>. Defaults to <literal>interactive</literal>. <literal>interactive</literal>
|
|
|
|
|
provides an interactive terminal interface to the VM. <literal>read-only</literal> is similar, but
|
|
|
|
|
is strictly read-only, i.e. does not accept any input from the user. <literal>native</literal> also
|
|
|
|
|
provides a TTY-based interface, but uses qemu native implementation (which means the qemu monitor
|
|
|
|
|
is available). <literal>gui</literal> shows the qemu graphical UI.</para>
|
|
|
|
|
|
|
|
|
|
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term><option>--background=<replaceable>COLOR</replaceable></option></term>
|
|
|
|
|
|
|
|
|
|
<listitem><para>Change the terminal background color to the specified ANSI color as long as the VM
|
|
|
|
|
runs. The color specified should be an ANSI X3.64 SGR background color, i.e. strings such as
|
|
|
|
|
<literal>40</literal>, <literal>41</literal>, …, <literal>47</literal>, <literal>48;2;…</literal>,
|
|
|
|
|
<literal>48;5;…</literal>. See <ulink
|
|
|
|
|
url="https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_(Select_Graphic_Rendition)_parameters">ANSI
|
|
|
|
|
Escape Code (Wikipedia)</ulink> for details. Assign an empty string to disable any coloring. This
|
|
|
|
|
only has an effect in <option>--console=interactive</option> and
|
|
|
|
|
<option>--console=read-only</option> modes.</para>
|
|
|
|
|
|
|
|
|
|
<xi:include href="version-info.xml" xpointer="v256"/>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
</variablelist>
|
|
|
|
|
</refsect2>
|
|
|
|
|
|
2023-12-05 01:33:12 +08:00
|
|
|
|
<refsect2>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
<title>Credentials</title>
|
|
|
|
|
|
|
|
|
|
<variablelist>
|
|
|
|
|
<varlistentry>
|
2024-04-12 17:12:15 +08:00
|
|
|
|
<term><option>--load-credential=<replaceable>ID</replaceable>:<replaceable>PATH</replaceable></option></term>
|
|
|
|
|
<term><option>--set-credential=<replaceable>ID</replaceable>:<replaceable>VALUE</replaceable></option></term>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
|
2024-01-25 22:55:23 +08:00
|
|
|
|
<listitem><para>Pass a credential to the virtual machine. These two options correspond to the
|
2023-10-12 20:20:29 +08:00
|
|
|
|
<varname>LoadCredential=</varname> and <varname>SetCredential=</varname> settings in unit files. See
|
|
|
|
|
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
|
|
|
|
|
details about these concepts, as well as the syntax of the option's arguments.</para>
|
|
|
|
|
|
|
|
|
|
<para>In order to embed binary data into the credential data for <option>--set-credential=</option>,
|
|
|
|
|
use C-style escaping (i.e. <literal>\n</literal> to embed a newline, or <literal>\x00</literal> to
|
|
|
|
|
embed a <constant>NUL</constant> byte). Note that the invoking shell might already apply unescaping
|
2024-02-29 10:46:25 +08:00
|
|
|
|
once, hence this might require double escaping!</para>
|
2023-11-08 04:36:46 +08:00
|
|
|
|
|
|
|
|
|
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
</varlistentry>
|
|
|
|
|
</variablelist>
|
|
|
|
|
|
2023-10-26 21:03:59 +08:00
|
|
|
|
</refsect2><refsect2>
|
2023-11-08 04:36:46 +08:00
|
|
|
|
<title>Other</title>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
|
2023-11-08 04:36:46 +08:00
|
|
|
|
<variablelist>
|
|
|
|
|
<xi:include href="standard-options.xml" xpointer="no-pager" />
|
|
|
|
|
<xi:include href="standard-options.xml" xpointer="help" />
|
|
|
|
|
<xi:include href="standard-options.xml" xpointer="version" />
|
|
|
|
|
</variablelist>
|
|
|
|
|
</refsect2>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
|
|
<xi:include href="common-variables.xml" />
|
|
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
|
<title>Examples</title>
|
|
|
|
|
|
|
|
|
|
<example>
|
|
|
|
|
<title>Run an Arch Linux VM image generated by mkosi</title>
|
|
|
|
|
|
2023-11-08 04:36:46 +08:00
|
|
|
|
<programlisting>
|
|
|
|
|
$ mkosi -d arch -p systemd -p linux --autologin -o image.raw -f build
|
|
|
|
|
$ systemd-vmspawn --image=image.raw
|
|
|
|
|
</programlisting>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
</example>
|
2024-04-12 21:05:43 +08:00
|
|
|
|
|
|
|
|
|
<example>
|
|
|
|
|
<title>Import and run a Fedora 39 Cloud image using machinectl</title>
|
|
|
|
|
|
|
|
|
|
<programlisting>
|
|
|
|
|
$ curl -L \
|
|
|
|
|
-O https://download.fedoraproject.org/pub/fedora/linux/releases/&fedora_latest_version;/Cloud/x86_64/images/Fedora-Cloud-Base-&fedora_latest_version;-&fedora_cloud_release;.x86_64.raw.xz \
|
|
|
|
|
-O https://download.fedoraproject.org/pub/fedora/linux/releases/&fedora_latest_version;/Cloud/x86_64/images/Fedora-Cloud-&fedora_latest_version;-&fedora_cloud_release;-x86_64-CHECKSUM \
|
|
|
|
|
-O https://fedoraproject.org/fedora.gpg
|
|
|
|
|
$ gpgv --keyring ./fedora.gpg Fedora-Cloud-&fedora_latest_version;-&fedora_cloud_release;-x86_64-CHECKSUM
|
|
|
|
|
$ sha256sum -c Fedora-Cloud-&fedora_latest_version;-&fedora_cloud_release;-x86_64-CHECKSUM
|
|
|
|
|
# machinectl import-raw Fedora-Cloud-Base-&fedora_latest_version;-&fedora_cloud_release;.x86_64.raw.xz fedora-&fedora_latest_version;-cloud
|
|
|
|
|
# systemd-vmspawn -M fedora-&fedora_latest_version;-cloud
|
|
|
|
|
</programlisting>
|
|
|
|
|
</example>
|
2024-04-12 21:35:26 +08:00
|
|
|
|
|
|
|
|
|
<example>
|
|
|
|
|
<title>Build and run systemd's system image and forward the VM's journal to a local file</title>
|
|
|
|
|
|
|
|
|
|
<programlisting>
|
|
|
|
|
$ mkosi build
|
|
|
|
|
$ systemd-vmspawn \
|
|
|
|
|
-D mkosi.output/system \
|
|
|
|
|
--private-users $(grep $(whoami) /etc/subuid | cut -d: -f2) \
|
|
|
|
|
--linux mkosi.output/system.efi \
|
|
|
|
|
--forward-journal=vm.journal \
|
|
|
|
|
enforcing=0
|
|
|
|
|
</programlisting>
|
|
|
|
|
|
|
|
|
|
<para>Note: this example also uses a kernel command line argument to ensure SELinux isn't started in enforcing mode.</para>
|
|
|
|
|
</example>
|
2024-04-13 00:03:00 +08:00
|
|
|
|
|
|
|
|
|
<example>
|
|
|
|
|
<title>SSH into a running VM using <command>systemd-ssh-proxy</command></title>
|
|
|
|
|
|
|
|
|
|
<programlisting>
|
|
|
|
|
$ mkosi build
|
|
|
|
|
$ my_vsock_cid=3735928559
|
|
|
|
|
$ systemd-vmspawn \
|
|
|
|
|
-D mkosi.output/system \
|
|
|
|
|
--private-users $(grep $(whoami) /etc/subuid | cut -d: -f2) \
|
|
|
|
|
--linux mkosi.output/system.efi \
|
|
|
|
|
--vsock-cid $my_vsock_cid \
|
|
|
|
|
enforcing=0
|
|
|
|
|
$ ssh root@vsock/$my_vsock_cid -i /run/user/$UID/systemd/vmspawn/machine-*-system-ed25519
|
|
|
|
|
</programlisting>
|
|
|
|
|
</example>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
|
<title>Exit status</title>
|
|
|
|
|
|
2023-11-04 10:58:12 +08:00
|
|
|
|
<para>If an error occurred the value errno is propagated to the return code.
|
2023-10-26 21:03:59 +08:00
|
|
|
|
If EXIT_STATUS is supplied by the running image that is returned.
|
2023-10-12 20:20:29 +08:00
|
|
|
|
Otherwise EXIT_SUCCESS is returned.</para>
|
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
|
<title>See Also</title>
|
2023-12-23 02:09:32 +08:00
|
|
|
|
<para><simplelist type="inline">
|
|
|
|
|
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
2024-04-14 22:41:08 +08:00
|
|
|
|
<member><citerefentry project='debian'><refentrytitle>mkosi</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
2024-02-27 16:39:57 +08:00
|
|
|
|
<member><citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
|
|
|
|
<member><citerefentry><refentrytitle>importctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
2023-12-23 02:09:32 +08:00
|
|
|
|
</simplelist></para>
|
2023-10-12 20:20:29 +08:00
|
|
|
|
</refsect1>
|
|
|
|
|
</refentry>
|