virt-sandbox-service.pod 2.42 KB
Newer Older
1 2 3 4 5 6
=head1 NAME

virt-sandbox-service - Secure container tool

=head1 SYNOPSIS

7
  {create,clone,connect,delete,execute,reload,upgrade}
8

9
  commands:
10

11
    create              create a sandbox container
12

13
    clone               Clone an existing sandbox container
14

15
    connect             Connect to a sandbox container
16

17
    delete              Delete a sandbox container
18

19
    execute             Execute a command within a sandbox container
20

21
    reload              Reload a running sandbox container
22

23 24
    upgrade             Upgrade an existing sandbox container

25 26
=head1 DESCRIPTION

27
virt-sandbox-service is used to provision secure sandboxed system services.
28 29 30 31 32
These applications will be launched via libvirt and run within a virtualization
technology such as LinuX Containers (LXC), or optionally QEMU/KVM. The
container / virtual machines will be secured by SELinux and resource
separated using cgroups.

33 34 35 36 37 38 39
By default, it will use the libvirt LXC driver, with the C<lxc:///> URI.
This is different from libvirt's normal behaviour, which is to probe
for the best URI to use. Thus if using C<virsh> to get a list of containers,
one must specify an explicit URI for it, C<virsh -c lxc:///>. Alternatively
the C<LIBVIRT_DEFAULT_URI> environment variable can be set, or the config
file C</etc/libvirt/libvirt.conf> can have a default URI set.

40 41 42 43 44 45 46 47
=head1 OPTIONS

=over 4

=item B<-h>, B<--help>

Display help message

48
=item B<-c URI>, B<--connect URI>
49

50 51
The connection URI for the hypervisor (currently only LXC URIs are
supported).
52 53 54 55 56

=back

=head1 SEE ALSO

57 58 59 60 61
C<libvirt(8)>, C<selinux(8)>, C<systemd(8)>, C<virt-sandbox(1)>,
C<virt-sandbox-service-create(1)>, C<virt-sandbox-service-clone(1)>,
C<virt-sandbox-service-connect(1)>, C<virt-sandbox-service-delete(1)>,
C<virt-sandbox-service-execute(1)>, C<virt-sandbox-service-reload(1)>,
C<virt-sandbox-service-upgrade(1)>
62 63 64 65 66 67 68 69 70 71 72

=head1 FILES

Container content will be stored in subdirectories of
/var/lib/libvirt/filesystems, by default.  You can manage the
content in these directories outside of the container and
processes within the container will see the content.

=head1 AUTHORS

Daniel Walsh <dwalsh@redhat.com>
73

74 75 76 77
Daniel P. Berrange <dan@berrange.com>

=head1 COPYRIGHT

78
Copyright (C) 2011-2013 Red Hat, Inc.
79 80 81 82 83 84 85

=head1 LICENSE

virt-sandbox is distributed under the terms of the GNU LGPL v2+.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE