SYSTEMD-VMSPAWN(1) systemd-vmspawn SYSTEMD-VMSPAWN(1) systemd-vmspawn - systemd-vmspawn [...] [...] systemd-vmspawn . systemd-nspawn(1) . /dev/kvm /dev/vhost-vsock systemd-vmspawn systemd ( sd_listen_fds(3) ) "kvm" "vhost-vsock" . : / systemd-vmspawn "kvm" VSOCK. SMBIOS. : -q --quiet . vmspawn . 256. --system --user machined machined . machined (root) machined. 260. -D --directory= . --directory= --image=. --directory=.. : --private-users= subuid . /etc/subuid . 256. -i --image= ( ) . 255. --image-format=FORMAT --image=. "raw" "qcow2". "raw". "qcow2" . 260. -x --ephemeral . --image= . --ephemeral --extra-drive=. 260. --cpus=CPUS . 1. 255. --ram=BYTES . 2G. 255. --kvm=BOOL KVM. auto KVM . (true) KVM. (false) KVM. 255. --vsock=BOOL VSOCK . auto VSOCK . (true) VSOCK. (false) VSOCK. 255. --vsock-cid=CID (CID) . CID 3 4294967294 (0xFFFF_FFFE). . vmspawn CID CID . 255. --tpm=BOOL TPM swtpm(8). auto vmspawn swtpm . swtpm. TPM. 256. --tpm-state=PATH|auto|off TPM TPM ( --tpm= ). . . "auto" ".tpmstate". "off" TPM . TPM . "auto". --ephemeral "auto" "off". 258. --linux=PATH . --linux= vmspawn UAPI.1[1] XBOOTLDR /boot ESP /efi . . 256. --initrd=PATH initrd . --linux= 2 UAPI.1[1] . initrd . --initrd= vmspawn . 256. -n, --network-tap TAP . : TAP. systemd-networkd(8) . ".network" /usr/lib/systemd/network/80-vm-vt.network. 255. --network-user-mode . 255. --firmware=PATH ./. JSON . . "list" . 256. --discard-disk=BOOL qemu (discard) . . . 256. --secure-boot=BOOL . auto . "yes" . "no" . 255. --grow-image=BYTES, -G BYTES --image= . . K M G ( 1024). 4096. 258. --smbios11=STRING, -s STRING SMBIOS 11. . smbios-type-11(7) . 258. --notify-ready= (init) systemd-vmspawn. (true) systemd-vmspawn "READY=1" init . (false) systemd-vmspawn . systemd-vmspawn . sd_notify(3). (true). ( systemd-nspawn(1) (false).) 258. -M --machine= . ( machinectl(1) ). 255. --uuid= UUID . /etc/machine-id . /etc/machine-id . 256. -S --slice= slice machine.slice . scope --keep-unit. 258. --property= scope . scope --keep-unit. systemctl set-property. . 258. --register= systemd-machined(8). "yes" (root) "no" . machinectl(1). : systemd-machined(8) D-Bus . 256. --private-users=UID_SHIFT[:UID_RANGE] --directory=. virtiofsd(1) (UIDs GIDs). UIDs/GIDs ( 0 ) UIDs/GIDs ( UID/GID 65536). . UID_SHIFT UID/GID UID_RANGE UIDs/GIDs . UID_RANGE 65536 UID/GID. GID UID. 256. --bind=PATH, --bind-ro=PATH . : -- -- . . --bind-ro= . "\:" . . 256. --extra-drive=[FORMAT:]PATH . "raw" "qcow2" . "raw". "qcow2" . 256. --bind-user= . . . : 1. /run/vmhost/home/ virtiofs. virtiofsd UID/GID UID/GID . 2. JSON "userdb.transient.*". UID/GID . nss-systemd(8) glibc NSS / . . ( ). UID/GID . . UIDs/GIDs ( --bind-user= ) "". / systemd 258 nss-systemd nsswitch.conf. nss-systemd(8) . (UNIX) . ( yescrypt "$y$"). 259. --bind-user-shell= --bind-user= . . o () . . o . o . : . --bind-user=. 259. --bind-user-group= --bind-user= . . : . --bind-user=. 259. --forward-journal=FILE|DIR (journal) . systemd-journal-remote(8) . -o/--output systemd-journal-remote(8). 256. --pass-ssh-key=BOOL SSH systemd-vmspawn D-Bus systemd . "no" SSH. . systemd-vmspawn . 256. --ssh-key-type=TYPE SSH ssh-keygen(1) . "ed25519" "rsa" sshd(8). 256. --console= . "interactive" "read-only" "native" "gui". "interactive". "interactive" . "read-only" . "native" TTY qemu ( qemu). "gui" qemu . 256. --background=COLOR ANSI . ANSI X3.64 SGR "40" "41" ... "47" "48;2;..." "48;5;...". ANSI ()[2] . . --console=interactive --console=read-only. 256. --load-credential=: --set-credential=: . LoadCredential= SetCredential= . systemd.exec(5) . --set-credential= C ( "\n" "\x00" NUL). ! 255. --no-pager (pager). -h --help . --version . --no-ask-password . $SYSTEMD_LOG_LEVEL ( ). . ( ) emerg alert crit err warning notice info debug 0 7. syslog(3) . console syslog kmsg journal (: SYSTEMD_LOG_LEVEL=debug,console:info debug info). . $SYSTEMD_LOG_COLOR . tty . journalctl(1) . $SYSTEMD_LOG_TIME . . journalctl(1) . $SYSTEMD_LOG_LOCATION . . . . $SYSTEMD_LOG_TID . (TID). . . $SYSTEMD_LOG_TARGET . : console ( ) console-prefixed ( "" syslog(3) kmsg ( ) journal ( ) journal-or-kmsg ( kmsg ) auto ( ) null ( ). $SYSTEMD_LOG_RATELIMIT_KMSG kmsg . . "true". systemd kmsg. $SYSTEMD_PAGER $PAGER --no-pager. $SYSTEMD_PAGER $PAGER. $SYSTEMD_PAGER $PAGER less(1) more(1) . . "cat" --no-pager. : $SYSTEMD_PAGERSECURE $SYSTEMD_PAGER $PAGER ( "cat" "") . $SYSTEMD_LESS less ( "FRSXMK"). : K Ctrl+C. less Ctrl+C . $SYSTEMD_LESS "K" less Ctrl+C . X termcap . . . $LESS less systemd. less(1) . $SYSTEMD_LESSCHARSET less ( "utf-8" UTF-8). $LESSCHARSET less systemd. $SYSTEMD_PAGERSECURE (pager) less(1) "" . sudo(8) pkexec(1) . . " " ( ). " " --no-pager PAGER=cat . . (true) " " . " " LESSSECURE=1 . less(1) " ". false (pager). SYSTEMD_PAGERSECURE=0 . $SYSTEMD_PAGERSECURE systemd " " (pager) . " " (UID) geteuid(2) sd_pid_get_owner_uid(3) sudo(8) ($SUDO_UID [3]). SYSTEMD_PAGERSECURE=1 " " . . $SYSTEMD_PAGERSECURE . $SYSTEMD_PAGER $PAGER $SYSTEMD_PAGERSECURE . $SYSTEMD_COLORS (boolean) . ( ) systemd . $COLORTERM "truecolor" "24bit" 24 256 $NO_COLOR $TERM . true $NO_COLOR. false . "16" "256" "24bit" ANSI 16 256 24 . "auto-16" "auto-256" "auto-24bit" $TERM . $SYSTEMD_URLIFY . . systemd $TERM . 1. Arch Linux mkosi $ mkosi -d arch -p systemd -p linux --autologin -o image.raw -f build $ systemd-vmspawn --image=image.raw 2. Fedora 43 Cloud machinectl $ curl -L \ -O https://download.fedoraproject.org/pub/fedora/linux/releases/43/Cloud/x86_64/images/Fedora-Cloud-Base-43-1.6.x86_64.raw.xz \ -O https://download.fedoraproject.org/pub/fedora/linux/releases/43/Cloud/x86_64/images/Fedora-Cloud-43-1.6-x86_64-CHECKSUM \ -O https://fedoraproject.org/fedora.gpg $ gpgv --keyring ./fedora.gpg Fedora-Cloud-43-1.6-x86_64-CHECKSUM $ sha256sum -c Fedora-Cloud-43-1.6-x86_64-CHECKSUM # machinectl import-raw Fedora-Cloud-Base-43-1.6.x86_64.raw.xz fedora-43-cloud # systemd-vmspawn -M fedora-43-cloud 3. systemd $ mkosi build $ systemd-vmspawn \ -D mkosi.output/system \ --private-users $(grep $(whoami) /etc/subuid | cut -d: -f2) \ --linux mkosi.output/system.efi \ --forward-journal=vm.journal \ enforcing=0 : SELinux (enforcing mode). 4. SSH systemd-ssh-proxy $ mkosi build $ my_vsock_cid=3735928559 $ systemd-vmspawn \ -D mkosi.output/system \ --private-users $(grep $(whoami) /etc/subuid | cut -d: -f2) \ --linux mkosi.output/system.efi \ --vsock-cid $my_vsock_cid \ enforcing=0 $ ssh root@vsock/$my_vsock_cid -i /run/user/$UID/systemd/vmspawn/machine-*-system-ed25519 errno . EXIT_STATUS . EXIT_SUCCESS. systemd(1) mkosi(1) machinectl(1) importctl(1) UAPI.1[1] 1. UAPI.1 https://uapi-group.org/specifications/specs/boot_loader_specification 2. ANSI () https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_(Select_Graphic_Rendition)_parameters 3. $SUDO_UID . 3 . . : . systemd 260.1 SYSTEMD-VMSPAWN(1)