Hello everyone,
I would like to constraint the network in the containers I spawn using
nspawn.
What I'd like to achieve is the following:
- prevent the containers to use the network interfaces of the host
- make one exception and allow the containers to connect (tcp) to a
specific port bound on
>
> $ systemd-nspawn --directory=/os --read-only
> --overlay=/os/home/foobar:/tmp/home/foobar:/home/foobar
> --user=foobar
>
> I expect the user foobar to be able to write in /home/foobar (in the
> container) but instead I get a Permission denied.
>
Sorry all, I was not properly managing the
page says:
--read-only:
Mount the root file system read-only for the container.
Seems like the --read-only is tainting the --overlay option or maybe I
don't get the concept of "root file system" in the nspawn context.
Could someone advice ?
Thanks.
--
Fabi
