man: reorder description of nspawn --console
The default value was described at the end of two long paragraphs. Make the first para self contained, and move the description of --console=pipe into the second para.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek
parent
dce66ffedb
commit
7a25ba554a
|
|
@ -1296,30 +1296,32 @@
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--console=</option><replaceable>MODE</replaceable></term>
|
<term><option>--console=</option><replaceable>MODE</replaceable></term>
|
||||||
|
|
||||||
<listitem><para>Configures how to set up standard input, output and error output for the container payload, as
|
<listitem><para>Configures how to set up standard input, output and error output for the container
|
||||||
well as the <filename>/dev/console</filename> device for the container. Takes one of
|
payload, as well as the <filename>/dev/console</filename> device for the container. Takes one of
|
||||||
<option>interactive</option>, <option>read-only</option>, <option>passive</option> or <option>pipe</option>. If
|
<option>interactive</option>, <option>read-only</option>, <option>passive</option>, or
|
||||||
<option>interactive</option> a pseudo-TTY is allocated and made available as <filename>/dev/console</filename>
|
<option>pipe</option>. If <option>interactive</option>, a pseudo-TTY is allocated and made available
|
||||||
in the container. It is then bi-directionally connected to the standard input and output passed to
|
as <filename>/dev/console</filename> in the container. It is then bi-directionally connected to the
|
||||||
<command>systemd-nspawn</command>. <option>read-only</option> is similar but only the output of the container
|
standard input and output passed to <command>systemd-nspawn</command>. <option>read-only</option> is
|
||||||
is propagated and no input from the caller is read. In <option>passive</option> mode a pseudo TTY is allocated,
|
similar but only the output of the container is propagated and no input from the caller is read. If
|
||||||
but it is not connected anywhere. Finally, in <option>pipe</option> mode no pseudo TTY is allocated, but the
|
<option>passive</option>, a pseudo TTY is allocated, but it is not connected anywhere. Finally, in
|
||||||
passed standard input, output and error output file descriptors are passed on — as they are — to the container
|
<option>pipe</option> mode no pseudo TTY is allocated, but the standard input, output and error
|
||||||
payload. In this mode <filename>/dev/console</filename> will not exist in the container. Note that in this mode
|
output file descriptors passed to <command>systemd-nspawn</command> are passed on — as they are — to
|
||||||
the container payload generally cannot be a full init system as init systems tend to require
|
the container payload, see the following paragraph. Defaults to <option>interactive</option> if
|
||||||
<filename>/dev/console</filename> to be available. On the other hand, in this mode container invocations can be
|
|
||||||
used within shell pipelines. This is because intermediary pseudo TTYs do not permit independent bidirectional
|
|
||||||
propagation of the end-of-file (EOF) condition, which is necessary for shell pipelines to work
|
|
||||||
correctly.</para>
|
|
||||||
|
|
||||||
<para>Note that the <option>pipe</option> mode should be used carefully, as passing arbitrary file descriptors
|
|
||||||
to less trusted container payloads might open up unwanted interfaces for access by the container payload. For
|
|
||||||
example, if a passed file descriptor refers to a TTY of some form, APIs such as <constant>TIOCSTI</constant>
|
|
||||||
may be used to synthesize input that might be used for escaping the container. Hence <option>pipe</option> mode
|
|
||||||
should only be used if the payload is sufficiently trusted or when the standard input/output/error output file
|
|
||||||
descriptors are known safe, for example pipes. Defaults to <option>interactive</option> if
|
|
||||||
<command>systemd-nspawn</command> is invoked from a terminal, and <option>read-only</option>
|
<command>systemd-nspawn</command> is invoked from a terminal, and <option>read-only</option>
|
||||||
otherwise.</para></listitem>
|
otherwise.</para>
|
||||||
|
|
||||||
|
<para>In <option>pipe</option> mode, <filename>/dev/console</filename> will not exist in the
|
||||||
|
container. This means that the container payload generally cannot be a full init system as init
|
||||||
|
systems tend to require <filename>/dev/console</filename> to be available. On the other hand, in this
|
||||||
|
mode container invocations can be used within shell pipelines. This is because intermediary pseudo
|
||||||
|
TTYs do not permit independent bidirectional propagation of the end-of-file (EOF) condition, which is
|
||||||
|
necessary for shell pipelines to work correctly. <emphasis>Note that the <option>pipe</option> mode
|
||||||
|
should be used carefully</emphasis>, as passing arbitrary file descriptors to less trusted container
|
||||||
|
payloads might open up unwanted interfaces for access by the container payload. For example, if a
|
||||||
|
passed file descriptor refers to a TTY of some form, APIs such as <constant>TIOCSTI</constant> may be
|
||||||
|
used to synthesize input that might be used for escaping the container. Hence <option>pipe</option>
|
||||||
|
mode should only be used if the payload is sufficiently trusted or when the standard
|
||||||
|
input/output/error output file descriptors are known safe, for example pipes.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue