diff --git a/man/nss-mymachines.xml b/man/nss-mymachines.xml
index a0a0f99684..5742d89779 100644
--- a/man/nss-mymachines.xml
+++ b/man/nss-mymachines.xml
@@ -35,12 +35,21 @@
nss-mymachines is a plug-in module for the GNU Name Service Switch (NSS) functionality of
the GNU C Library (glibc), providing hostname resolution for the names of containers running
locally that are registered with
- systemd-machined.service8. The
+ systemd-machined.service8. The
container names are resolved to the IP addresses of the specific container, ordered by their scope. This
- functionality only applies to containers using network namespacing.
+ functionality only applies to containers using network namespacing (see the description of
+ in
+ systemd-nspawn1).
+ Note that the name that is resolved is the one registered with systemd-machined, which
+ may be different than the hostname configured inside of the container.
- The module also resolves user and group IDs used by containers to user and group names indicating the
- container name, and back. This functionality only applies to containers using user namespacing.
+ The module also provides name resolution for user and group identifiers mapped to containers. All names from
+ the range allocated to a given container container are exposed on the host as
+ vu-container-uid and
+ vg-container-gid (see example below). This
+ functionality only applies to containers using user namespacing (see the description of
+ in
+ systemd-nspawn1).To activate the NSS module, add mymachines to the lines starting with
hosts:, passwd: and group: in
@@ -53,7 +62,7 @@
- Example
+ Configuration in /etc/nsswitch.confHere is an example /etc/nsswitch.conf file that enables
nss-mymachines correctly:
@@ -75,11 +84,74 @@ netgroup: nis
+
+ Mappings provided by nss-mymachines
+
+ The container rawhide is spawned using
+ systemd-nspawn1:
+
+
+ # systemd-nspawn -M rawhide --boot --network-veth --private-users=pick
+Spawning container rawhide on /var/lib/machines/rawhide.
+Selected user namespace base 20119552 and range 65536.
+...
+
+$ machinectl --max-addresses=3
+MACHINE CLASS SERVICE OS VERSION ADDRESSES
+rawhide container systemd-nspawn fedora 30 169.254.40.164 fe80::94aa:3aff:fe7b:d4b9
+
+$ getent passwd vu-rawhide-0 vu-rawhide-81
+vu-rawhide-0:*:20119552:65534:vu-rawhide-0:/:/sbin/nologin
+vu-rawhide-81:*:20119633:65534:vu-rawhide-81:/:/sbin/nologin
+
+$ getent group vg-rawhide-0 vg-rawhide-81
+vg-rawhide-0:*:20119552:
+vg-rawhide-81:*:20119633:
+
+$ ps -o user:15,pid,tty,command -e|grep '^vu-rawhide'
+vu-rawhide-0 692 ? /usr/lib/systemd/systemd
+vu-rawhide-0 731 ? /usr/lib/systemd/systemd-journald
+vu-rawhide-192 734 ? /usr/lib/systemd/systemd-networkd
+vu-rawhide-193 738 ? /usr/lib/systemd/systemd-resolved
+vu-rawhide-0 742 ? /usr/lib/systemd/systemd-logind
+vu-rawhide-81 744 ? /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
+vu-rawhide-0 746 ? /usr/sbin/sshd -D ...
+vu-rawhide-0 752 ? /usr/lib/systemd/systemd --user
+vu-rawhide-0 753 ? (sd-pam)
+vu-rawhide-0 1628 ? login -- zbyszek
+vu-rawhide-1000 1630 ? /usr/lib/systemd/systemd --user
+vu-rawhide-1000 1631 ? (sd-pam)
+vu-rawhide-1000 1637 pts/8 -zsh
+
+$ ping -c1 rawhide
+PING rawhide(fe80::94aa:3aff:fe7b:d4b9%ve-rawhide (fe80::94aa:3aff:fe7b:d4b9%ve-rawhide)) 56 data bytes
+64 bytes from fe80::94aa:3aff:fe7b:d4b9%ve-rawhide (fe80::94aa:3aff:fe7b:d4b9%ve-rawhide): icmp_seq=1 ttl=64 time=0.045 ms
+...
+$ ping -c1 -4 rawhide
+PING rawhide (169.254.40.164) 56(84) bytes of data.
+64 bytes from 169.254.40.164 (169.254.40.164): icmp_seq=1 ttl=64 time=0.064 ms
+...
+
+# machinectl shell rawhide /sbin/ip a
+Connected to machine rawhide. Press ^] three times within 1s to exit session.
+1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
+ ...
+2: host0@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
+ link/ether 96:aa:3a:7b:d4:b9 brd ff:ff:ff:ff:ff:ff link-netnsid 0
+ inet 169.254.40.164/16 brd 169.254.255.255 scope link host0
+ valid_lft forever preferred_lft forever
+ inet6 fe80::94aa:3aff:fe7b:d4b9/64 scope link
+ valid_lft forever preferred_lft forever
+Connection to machine rawhide terminated.
+
+
+
See Alsosystemd1,
systemd-machined.service8,
+ machinectl1,
nss-systemd8,
nss-resolve8,
nss-myhostname8,
diff --git a/src/machine/machinectl.c b/src/machine/machinectl.c
index a49b11e7b0..5023acb5e2 100644
--- a/src/machine/machinectl.c
+++ b/src/machine/machinectl.c
@@ -332,7 +332,7 @@ static int list_machines(int argc, char *argv[], void *userdata) {
name,
0,
"",
- "",
+ " ",
arg_addrs,
&addresses);
@@ -475,20 +475,6 @@ static int show_unit_cgroup(sd_bus *bus, const char *unit, pid_t leader) {
return 0;
}
-static int print_addresses(sd_bus *bus, const char *name, int ifi, const char *prefix, const char *prefix2, int n_addr) {
- _cleanup_free_ char *s = NULL;
- int r;
-
- r = call_get_addresses(bus, name, ifi, prefix, prefix2, n_addr, &s);
- if (r < 0)
- return r;
-
- if (r > 0)
- fputs(s, stdout);
-
- return r;
-}
-
static int print_os_release(sd_bus *bus, const char *method, const char *name, const char *prefix) {
_cleanup_free_ char *pretty = NULL;
int r;
@@ -561,6 +547,7 @@ static void machine_status_info_clear(MachineStatusInfo *info) {
static void print_machine_status_info(sd_bus *bus, MachineStatusInfo *i) {
char since1[FORMAT_TIMESTAMP_RELATIVE_MAX];
char since2[FORMAT_TIMESTAMP_MAX];
+ _cleanup_free_ char *addresses = NULL;
const char *s1, *s2;
int ifi = -1;
@@ -630,11 +617,12 @@ static void print_machine_status_info(sd_bus *bus, MachineStatusInfo *i) {
fputc('\n', stdout);
}
- if (print_addresses(bus, i->name, ifi,
- "\t Address: ",
- "\n\t ",
- ALL_IP_ADDRESSES) > 0)
+ if (call_get_addresses(bus, i->name, ifi,
+ "\t Address: ", "\n\t ", ALL_IP_ADDRESSES,
+ &addresses) > 0) {
+ fputs(addresses, stdout);
fputc('\n', stdout);
+ }
print_os_release(bus, "GetMachineOSRelease", i->name, "\t OS: ");