diff --git a/NEWS b/NEWS
index 321750b7e1..d4e74d8551 100644
--- a/NEWS
+++ b/NEWS
@@ -14081,7 +14081,7 @@ CHANGES WITH 218:
or are not older than the specified time.
* A new, native PPPoE library has been added to sd-network,
- systemd's library of light-weight networking protocols. This
+ systemd's library of lightweight networking protocols. This
library will be used in a future version of networkd to
enable PPPoE communication without an external pppd daemon.
@@ -14928,7 +14928,7 @@ CHANGES WITH 214:
have been added. When enabled, they will make the user data
(such as /home) inaccessible or read-only and the system
(such as /usr) read-only, for specific services. This allows
- very light-weight per-service sandboxing to avoid
+ very lightweight per-service sandboxing to avoid
modifications of user data or system files from
services. These two new switches have been enabled for all
of systemd's long-running services, where appropriate.
@@ -15637,7 +15637,7 @@ CHANGES WITH 209:
activation files automatically into native systemd .busname
and .service units.
- * sd-bus: add a light-weight vtable implementation that allows
+ * sd-bus: add a lightweight vtable implementation that allows
defining objects on the bus with a simple static const
vtable array of its methods, signals and properties.
diff --git a/docs/THE_CASE_FOR_THE_USR_MERGE.md b/docs/THE_CASE_FOR_THE_USR_MERGE.md
index c603e143e4..30901eb7ac 100644
--- a/docs/THE_CASE_FOR_THE_USR_MERGE.md
+++ b/docs/THE_CASE_FOR_THE_USR_MERGE.md
@@ -80,7 +80,7 @@ _With all vendor-supplied OS resources in a single directory /usr they may be sh
**Myth #4**: The /usr merge’s only purpose is to look pretty, and has no other benefits
-**Fact**: The /usr merge makes sharing the vendor-supplied OS resources between a host and networked clients as well as a host and local light-weight containers easier and atomic. Snapshotting the OS becomes a viable option. The /usr merge also allows making the entire vendor-supplied OS resources read-only for increased security and robustness.
+**Fact**: The /usr merge makes sharing the vendor-supplied OS resources between a host and networked clients as well as a host and local lightweight containers easier and atomic. Snapshotting the OS becomes a viable option. The /usr merge also allows making the entire vendor-supplied OS resources read-only for increased security and robustness.
**Myth #5**: Adopting the /usr merge in your distribution means additional work for your distribution's package maintainers
diff --git a/man/org.freedesktop.machine1.xml b/man/org.freedesktop.machine1.xml
index aac30d25d7..602c04bf4f 100644
--- a/man/org.freedesktop.machine1.xml
+++ b/man/org.freedesktop.machine1.xml
@@ -651,7 +651,7 @@ node /org/freedesktop/machine1/machine/rawhide {
Leader is the PID of the leader process of the machine.Class is the class of the machine and is either the string "vm" (for real VMs
- based on virtualized hardware) or "container" (for light-weight userspace virtualization sharing the
+ based on virtualized hardware) or "container" (for lightweight userspace virtualization sharing the
same kernel as the host).RootDirectory is the root directory of the container if it is known and
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index cd7d349b95..c780abf96a 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -21,7 +21,7 @@
systemd-nspawn
- Spawn a command or OS in a light-weight container
+ Spawn a command or OS in a lightweight container
@@ -43,11 +43,11 @@
Description
- systemd-nspawn may be used to run a command or OS in a light-weight namespace
+ systemd-nspawn may be used to run a command or OS in a lightweight namespace
container. In many ways it is similar to chroot1, but more powerful
- since it fully virtualizes the file system hierarchy, as well as the process tree, the various IPC subsystems and
- the host and domain name.
+ since it virtualizes the file system hierarchy, as well as the process tree, the various IPC subsystems, and
+ the host and domain names.systemd-nspawn may be invoked on any directory tree containing an operating system tree,
using the command line option. By using the option an OS
@@ -59,11 +59,14 @@
project='man-pages'>chroot1systemd-nspawn
may be used to boot full Linux-based operating systems in a container.
- systemd-nspawn limits access to various kernel interfaces in the container to read-only,
- such as /sys/, /proc/sys/ or /sys/fs/selinux/. The
- host's network interfaces and the system clock may not be changed from within the container. Device nodes may not
- be created. The host system cannot be rebooted and kernel modules may not be loaded from within the
- container.
+ systemd-nspawn limits access to various kernel interfaces in the container to
+ read-only, such as /sys/, /proc/sys/, or
+ /sys/fs/selinux/. The host's network interfaces and the system clock may not be
+ changed from within the container. Device nodes may not be created. The host system cannot be rebooted
+ and kernel modules may not be loaded from within the container. This sandbox can easily be
+ circumvented from within the container if user namespaces are not used. This means that
+ untrusted code must always be run in a user namespace, see the discussion of the
+ option below.Use a tool like dnf8, Note that systemd-nspawn will mount file systems private to the container to
- /dev/, /run/ and similar. These will not be visible outside of the
- container, and their contents will be lost when the container exits.
+ /dev/, /run/, and similar. These will not be visible outside of
+ the container, and their contents will be lost when the container exits.Note that running two systemd-nspawn containers from the same directory tree will not make
processes in them see each other. The PID namespace separation of the two containers is complete and the containers
@@ -810,17 +813,6 @@
range. In this mode, the number of UIDs/GIDs assigned to the container is 65536, and the owner
UID/GID of the root directory must be a multiple of 65536.
- If the parameter is no, user namespacing is turned off. This is
- the default.
-
-
- If the parameter is identity, user namespacing is employed with
- an identity mapping for the first 65536 UIDs/GIDs. This is mostly equivalent to
- . While it does not provide UID/GID isolation, since all
- host and container UIDs/GIDs are chosen identically it does provide process capability isolation,
- and hence is often a good choice if proper user namespacing with distinct UID maps is not
- appropriate.
-
The special value pick turns on user namespacing. In this case
the UID/GID range is automatically chosen. As first step, the file owner UID/GID of the root
directory of the container's directory tree is read, and it is checked that no other container is
@@ -837,22 +829,35 @@
for it, and thus in the (possibly expensive) file ownership adjustment operation. However,
subsequent invocations of the container will be cheap (unless of course the picked UID/GID range is
assigned to a different use by then).
+
+ If the parameter is no, user namespacing is turned off. This is
+ the default when systemd-nspawn is invoked directly. (Note that the
+ systemd-nspawn@.service unit enables private users.) This option is not
+ secure and must not be used to run untrusted code.
+
+ If the parameter is identity, user namespacing is employed with
+ an identity mapping for the first 65536 UIDs/GIDs. This is mostly equivalent to
+ . While it does not provide UID/GID isolation, since all
+ host and container UIDs/GIDs are chosen identically it does provide process capability isolation,
+ but may be useful if proper user namespacing with distinct UID maps is not possible. This option is
+ not secure and must not be used to run untrusted code.
- It is recommended to assign at least 65536 UIDs/GIDs to each container, so that the usable UID/GID range in the
- container covers 16 bit. For best security, do not assign overlapping UID/GID ranges to multiple containers. It is
- hence a good idea to use the upper 16 bit of the host 32-bit UIDs/GIDs as container identifier, while the lower 16
- bit encode the container UID/GID used. This is in fact the behavior enforced by the
- option.
+ It is recommended to assign at least 65536 UIDs/GIDs to each container, so that the usable
+ UID/GID range in the container covers 16 bits. For best security, do not assign overlapping UID/GID
+ ranges to multiple containers. It is hence a good idea to use the upper 16 bit of the host 32-bit
+ UIDs/GIDs as container identifier, while the lower 16 bits encode the container UID/GID used. This is
+ in fact the behavior enforced by the option.
- When user namespaces are used, the GID range assigned to each container is always chosen identical to the
- UID range.
+ When user namespaces are used, the GID range assigned to each container is always chosen
+ identical to the UID range.
- In most cases, using is the recommended option as it enhances
- container security massively and operates fully automatically in most cases.
+ In most cases, using is the recommended option as user
+ namespacing is required for security, and this option massively enhances container security while
+ operating fully automatically in most cases.Note that the picked UID/GID range is not written to /etc/passwd or
- /etc/group. In fact, the allocation of the range is not stored persistently anywhere,
+ /etc/group. In fact, the allocation of the range is not stored persistently,
except in the file ownership of the files and directories of the container.Note that when user namespacing is used file ownership on disk reflects this, and all of the container's
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index dfc9f6f994..73b28a47d8 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -601,7 +601,7 @@
systemd (and other UIs) as a user-visible label for the unit, so this string
should identify the unit rather than describe it, despite the name. This string also shouldn't just
repeat the unit name. Apache2 Web Server is a good example. Bad examples are
- high-performance light-weight HTTP server (too generic) or
+ high-performance lightweight HTTP server (too generic) or
Apache2 (meaningless for people who do not know Apache, duplicates the unit
name). systemd may use this string as a noun in status messages (Starting
description..., Started
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 8fc58665e4..d659937f3b 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -320,7 +320,7 @@ static int help(void) {
return log_oom();
printf("%1$s [OPTIONS...] [PATH] [ARGUMENTS...]\n\n"
- "%5$sSpawn a command or OS in a light-weight container.%6$s\n\n"
+ "%5$sSpawn a command or OS in a lightweight container.%6$s\n\n"
" -h --help Show this help\n"
" --version Print version string\n"
" -q --quiet Do not show status information\n"
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 421e465d71..c4e032d8d7 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -2007,7 +2007,7 @@ static int create_directory_or_subvolume(
if (r == 0)
/* Don't create a subvolume unless the root directory is one, too. We do this under
* the assumption that if the root directory is just a plain directory (i.e. very
- * light-weight), we shouldn't try to split it up into subvolumes (i.e. more
+ * lightweight), we shouldn't try to split it up into subvolumes (i.e. more
* heavy-weight). Thus, chroot() environments and suchlike will get a full brtfs
* subvolume set up below their tree only if they specifically set up a btrfs
* subvolume for the root dir too. */