mirror of
https://github.com/systemd/systemd.git
synced 2026-07-01 04:06:56 +00:00
Add --forward-journal=FILE|DIR to forward the container's journal
entries to the host via systemd-journal-remote. When specified,
nspawn starts systemd-journal-remote listening on a Unix socket,
bind-mounts it into the container at /run/host/journal/socket, and
passes a journal.forward_to_socket credential pointing to it.
Add --forward-journal-max-use=, --forward-journal-keep-free=,
--forward-journal-max-file-size=, and --forward-journal-max-files=
to configure disk usage limits for the forwarded journal.
Consolidate nspawn's per-machine on-disk state under a single runtime
directory at /run/systemd/nspawn/<machine>/. The container rootdir
mount point moves from /tmp/nspawn-root-XXXXXX to <runtime_dir>/root,
the unix-export directory moves from
/run/systemd/nspawn/unix-export/<machine> to <runtime_dir>/unix-export,
and the journal-remote socket lives at
<runtime_dir>/journal-remote-socket. Update ssh-generator and
ssh-proxy to follow the new unix-export path layout.
Extract fork_journal_remote() into fork-notify.{c,h} as a shared
helper used by both nspawn and vmspawn, replacing vmspawn's
start_systemd_journal_remote().
Extract runtime_directory_make() into path-lookup.{c,h} as a shared
helper used by both nspawn and vmspawn, replacing vmspawn's inline
runtime directory creation logic.
Co-developed-by: Claude Opus 4.6 <noreply@anthropic.com>
208 lines
7.3 KiB
Bash
208 lines
7.3 KiB
Bash
# shellcheck shell=bash
|
|
# systemd-nspawn(1) completion -*- shell-script -*-
|
|
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
#
|
|
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# systemd is distributed in the hope that it will be useful, but
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Lesser General Public License
|
|
# along with systemd; If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
__contains_word() {
|
|
local w word=$1; shift
|
|
for w in "$@"; do
|
|
[[ $w = "$word" ]] && return
|
|
done
|
|
}
|
|
|
|
__get_users() {
|
|
local a b
|
|
loginctl list-users --no-legend --no-pager 2>/dev/null |
|
|
{ while read -r a b; do echo " $b"; done; }
|
|
}
|
|
|
|
__get_slices() {
|
|
local a b
|
|
systemctl list-units -t slice --no-legend --no-pager --plain 2>/dev/null |
|
|
{ while read -r a b; do echo " $a"; done; }
|
|
}
|
|
|
|
__get_machines() {
|
|
local a b
|
|
{ machinectl list --full --max-addresses=0 --no-legend --no-pager 2>/dev/null; echo ".host"; } |
|
|
{ while read -r a b; do echo " $a"; done; } |
|
|
sort -u
|
|
}
|
|
|
|
__get_env() {
|
|
local a
|
|
env | { while read -r a; do [[ $a =~ ^[A-Za-z0-9_]+= ]] && echo " ${a%%=*}"; done; }
|
|
}
|
|
|
|
__get_interfaces(){
|
|
local name
|
|
for name in $(cd /sys/class/net && command ls); do
|
|
[[ "$name" != "lo" ]] && echo "$name"
|
|
done
|
|
}
|
|
|
|
__get_rlimit() {
|
|
local i
|
|
for i in $(systemd-nspawn --rlimit=help 2>/dev/null); do
|
|
echo " ${i}="
|
|
done
|
|
}
|
|
|
|
_systemd_nspawn() {
|
|
local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
|
|
local i verb comps
|
|
|
|
local -A OPTS=(
|
|
[STANDALONE]='-h --help --version --private-network -b --boot --read-only -q --quiet --share-system
|
|
--keep-unit -n --network-veth -j -x --ephemeral -a --as-pid2 -U --suppress-sync=yes
|
|
--cleanup --user --system'
|
|
[ARG]='-D --directory -u --uid --uuid --capability --drop-capability --link-journal --bind --bind-ro
|
|
-M --machine -S --slice -E --setenv -Z --selinux-context -L --selinux-apifs-context
|
|
--register --network-interface --network-bridge --personality -i --image --image-policy --tmpfs
|
|
--volatile --network-macvlan --kill-signal --template --notify-ready --root-hash --chdir
|
|
--pivot-root --property --private-users --private-users-ownership --network-namespace-path
|
|
--network-ipvlan --network-veth-extra --network-zone -p --port --system-call-filter --overlay
|
|
--overlay-ro --settings --rlimit --hostname --no-new-privileges --oom-score-adjust --cpu-affinity
|
|
--resolv-conf --timezone --root-hash-sig --background --oci-bundle --verity-data
|
|
--restrict-address-families
|
|
--forward-journal --forward-journal-max-use --forward-journal-keep-free
|
|
--forward-journal-max-file-size --forward-journal-max-files'
|
|
)
|
|
|
|
_init_completion || return
|
|
|
|
if __contains_word "$prev" ${OPTS[ARG]}; then
|
|
case $prev in
|
|
--directory|-D|--template|--oci-bundle)
|
|
compopt -o nospace
|
|
comps=$(compgen -S/ -A directory -- "$cur" )
|
|
;;
|
|
--uid|-u)
|
|
comps=$( __get_users )
|
|
;;
|
|
--uuid|--root-hash)
|
|
comps=''
|
|
;;
|
|
--capability)
|
|
comps='CAP_BLOCK_SUSPEND CAP_IPC_LOCK CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_SYS_MODULE CAP_SYS_PACCT CAP_SYS_RAWIO
|
|
CAP_SYS_TIME CAP_SYSLOG CAP_WAKE_ALARM CAP_NET_ADMIN'
|
|
;;
|
|
--drop-capability)
|
|
comps='CAP_AUDIT_CONTROL CAP_AUDIT_WRITE CAP_CHOWN CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_FSETID
|
|
CAP_IPC_OWNER CAP_KILL CAP_LEASE CAP_LINUX_IMMUTABLE CAP_MKNOD CAP_NET_ADMIN CAP_NET_BIND_SERVICE
|
|
CAP_NET_BROADCAST CAP_NET_RAW CAP_SETFCAP CAP_SETGID CAP_SETPCAP CAP_SETUID CAP_SYS_ADMIN CAP_SYS_BOOT
|
|
CAP_SYS_CHROOT CAP_SYS_NICE CAP_SYS_PTRACE CAP_SYS_RESOURCE CAP_SYS_TTY_CONFIG'
|
|
;;
|
|
--link-journal)
|
|
comps='no auto guest try-guest host try-host'
|
|
;;
|
|
--bind|--bind-ro)
|
|
compopt -o nospace -o filenames
|
|
comps=$(compgen -f -- "$cur" )
|
|
;;
|
|
--tmpfs)
|
|
compopt -o nospace
|
|
comps=$(compgen -S/ -A directory -- "$cur" )
|
|
;;
|
|
--machine|-M)
|
|
comps=$( __get_machines )
|
|
;;
|
|
--slice|-S)
|
|
comps=$( __get_slices )
|
|
;;
|
|
--setenv|-E)
|
|
comps=$( __get_env )
|
|
;;
|
|
--selinux-context|-Z)
|
|
comps=''
|
|
;;
|
|
--selinux-apifs-context|-L)
|
|
comps=''
|
|
;;
|
|
--register)
|
|
comps='yes no auto'
|
|
;;
|
|
--network-interface)
|
|
comps=$(__get_interfaces)
|
|
;;
|
|
--network-bridge)
|
|
comps=''
|
|
;;
|
|
--network-macvlan)
|
|
comps=''
|
|
;;
|
|
--personality)
|
|
comps='x86 x86-64'
|
|
;;
|
|
--volatile)
|
|
comps=$( systemd-nspawn --volatile=help 2>/dev/null )
|
|
;;
|
|
--image|-i)
|
|
compopt -o nospace
|
|
comps=$( compgen -A file -- "$cur" )
|
|
;;
|
|
--kill-signal)
|
|
_signals
|
|
return
|
|
;;
|
|
--notify-ready)
|
|
comps='yes no'
|
|
;;
|
|
--private-users)
|
|
comps='yes no pick identity managed'
|
|
;;
|
|
--network-namespace-path)
|
|
comps=$( compgen -A file -- "$cur" )
|
|
;;
|
|
--settings)
|
|
comps='yes no override trusted'
|
|
;;
|
|
--rlimit)
|
|
comps=$( __get_rlimit )
|
|
;;
|
|
--hostname)
|
|
comps=''
|
|
;;
|
|
--no-new-privileges)
|
|
comps='yes no'
|
|
;;
|
|
--oom-score-adjust)
|
|
comps=''
|
|
;;
|
|
--cpu-affinity)
|
|
comps=''
|
|
;;
|
|
--resolv-conf)
|
|
comps=$( systemd-nspawn --resolv-conf=help 2>/dev/null )
|
|
;;
|
|
--timezone)
|
|
comps=$( systemd-nspawn --timezone=help 2>/dev/null )
|
|
;;
|
|
--root-hash-sig)
|
|
compopt -o nospace
|
|
comps=$( compgen -A file -- "$cur" )
|
|
;;
|
|
esac
|
|
COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
|
|
return 0
|
|
fi
|
|
|
|
COMPREPLY=( $(compgen -W '${OPTS[*]}' -- "$cur") )
|
|
}
|
|
|
|
complete -F _systemd_nspawn systemd-nspawn
|