@@ -154,78 +154,83 @@ USAGE:
154154 rootlesskit [global options] [arguments...]
155155
156156VERSION:
157- 1.1 .0
157+ 2.0.0-alpha .0
158158
159159DESCRIPTION:
160160 RootlessKit is a Linux-native implementation of "fake root" using user_namespaces(7).
161-
161+
162162 Web site: https://github.com/rootless-containers/rootlesskit
163-
163+
164164 Examples:
165165 # spawn a shell with a new user namespace and a mount namespace
166166 rootlesskit bash
167-
167+
168168 # make /etc writable
169169 rootlesskit --copy-up=/etc bash
170-
170+
171171 # set mount propagation to rslave
172172 rootlesskit --propagation=rslave bash
173-
173+
174174 # create a network namespace with slirp4netns, and expose 80/tcp on the namespace as 8080/tcp on the host
175175 rootlesskit --copy-up=/etc --net=slirp4netns --disable-host-loopback --port-driver=builtin -p 127.0.0.1:8080:80/tcp bash
176-
176+
177177 Note: RootlessKit requires /etc/subuid and /etc/subgid to be configured by the real root user.
178178 See https://rootlesscontaine.rs/getting-started/common/ .
179179
180180OPTIONS:
181- Misc:
181+ Misc:
182182 --debug debug mode (default: false)
183- --help, -h show help (default: false)
184- --version, -v print the version (default: false)
185-
186- Mount:
183+ --print-semver value print a version component as a decimal integer [major, minor, patch]
184+ --help, -h show help
185+ --version, -v print the version
186+
187+ Mount:
187188 --copy-up value [ --copy-up value ] mount a filesystem and copy-up the contents. e.g. "--copy-up=/etc" (typically required for non-host network)
188189 --copy-up-mode value copy-up mode [tmpfs+symlink]
189190 --propagation value mount propagation [rprivate, rslave]
190-
191- Network:
192- --net value network driver [host, slirp4netns, vpnkit, lxc-user-nic(experimental)]
193- --mtu value MTU for non-host network (default: 65520 for slirp4netns, 1500 for others) (default: 0)
194- --cidr value CIDR for slirp4netns network (default: 10.0.2.0/24)
195- --ifname value Network interface name (default: tap0 for slirp4netns and vpnkit, eth0 for lxc-user-nic)
191+
192+ Network:
193+ --net value network driver [host, pasta(experimental), slirp4netns, vpnkit, lxc-user-nic(experimental)]
194+ --mtu value MTU for non-host network (default: 65520 for pasta and slirp4netns, 1500 for others) (default: 0)
195+ --cidr value CIDR for pasta and slirp4netns networks (default: 10.0.2.0/24)
196+ --ifname value Network interface name (default: tap0 for pasta, slirp4netns, and vpnkit; eth0 for lxc-user-nic)
196197 --disable-host-loopback prohibit connecting to 127.0.0.1:* on the host namespace (default: false)
197- --ipv6 enable IPv6 routing. Unrelated to port forwarding. Only supported for slirp4netns. (experimental) (default: false)
198-
199- Network [lxc-user-nic]:
198+ --ipv6 enable IPv6 routing. Unrelated to port forwarding. Only supported for pasta and slirp4netns. (experimental) (default: false)
199+ --detach-netns detach network namespaces (default: false)
200+
201+ Network [lxc-user-nic]:
200202 --lxc-user-nic-binary value path of lxc-user-nic binary for --net=lxc-user-nic
201203 --lxc-user-nic-bridge value lxc-user-nic bridge name
202-
203- Network [slirp4netns]:
204+
205+ Network [pasta]:
206+ --pasta-binary value path of pasta binary for --net=pasta
207+
208+ Network [slirp4netns]:
204209 --slirp4netns-binary value path of slirp4netns binary for --net=slirp4netns
205210 --slirp4netns-sandbox value enable slirp4netns sandbox (experimental) [auto, true, false] (the default is planned to be "auto" in future)
206211 --slirp4netns-seccomp value enable slirp4netns seccomp (experimental) [auto, true, false] (the default is planned to be "auto" in future)
207-
208- Network [vpnkit]:
212+
213+ Network [vpnkit]:
209214 --vpnkit-binary value path of VPNKit binary for --net=vpnkit
210-
211- Port:
212- --port-driver value port driver for non-host network. [none, builtin, slirp4netns]
215+
216+ Port:
217+ --port-driver value port driver for non-host network. [none, implicit (for pasta), builtin, slirp4netns]
213218 --publish value, -p value [ --publish value, -p value ] publish ports. e.g. "127.0.0.1:8080:80/tcp"
214-
215- Process:
219+
220+ Process:
216221 --pidns create a PID namespace (default: false)
217222 --cgroupns create a cgroup namespace (default: false)
218223 --utsns create a UTS namespace (default: false)
219224 --ipcns create an IPC namespace (default: false)
220225 --reaper value enable process reaper. Requires --pidns. [auto,true,false]
221226 --evacuate-cgroup2 value evacuate processes into the specified subgroup. Requires --pidns and --cgroupns
222-
223- State:
227+
228+ State:
224229 --state-dir value state directory
225-
226- SubID:
230+
231+ SubID:
227232 --subid-source value the source of the subids. "dynamic" executes /usr/bin/getsubids. "static" reads /etc/{subuid,subgid}. [auto,dynamic,static]
228-
233+
229234```
230235
231236## State directory
0 commit comments