VIRT-SANDBOX-SERVICE-CLONE(1Virtualization SupporVIRT-SANDBOX-SERVICE-CLONE(1)NAME
virt-sandbox-service clone - clone an existing Secure container
SYNOPSIS
Clone a Security container
virt-sandbox-service [-c URI] clone [-h] [-p PATH] [-s SECURITY-OPTS] SOURCE DEST
DESCRIPTION
virt-sandbox-service is used to manage secure sandboxed system
services. These applications will be launched via libvirt and run
within a virtualization technology such as LinuX Containers (LXC), or
optionally QEMU/KVM. The container / virtual machines will be secured
by SELinux and resource separated using cgroups.
The clone command will clone the SOURCE security sandbox container into
the DEST security sandbox container.
OPTIONS-h, --help
Display help message
-c URI, --connect URI
The connection URI for the hypervisor (currently only LXC URIs are
supported).
-p PATH, --path PATH
Set path to copy container content from/to. This argument must
match the value of the "-p" arg given when creating the original
source container.
Default: "/var/lib/libvirt/filesystems".
-s SECURITY-OPTIONS, --security=SECURITY-OPTIONS
Use alternative security options. SECURITY-OPTIONS is a set of
key=val pairs, separated by commas. The following options are valid
for SELinux
dynamic
Dynamically allocate an SELinux label, using the default base
context. The default base context is
system_u:system_r:svirt_lxc_net_t:s0 for LXC,
system_u:system_r:svirt_t:s0 for KVM,
system_u:system_r:svirt_tcg_t:s0 for QEMU.
dynamic,label=USER:ROLE:TYPE:LEVEL
Dynamically allocate an SELinux label, using the base context
USER:ROLE:TYPE:LEVEL, instead of the default base context.
static,label=USER:ROLE:TYPE:LEVEL
To set a completely static label. For example,
static,label=system_u:system_r:svirt_t:s0:c412,c355
EXAMPLE
Execute /bin/sh in httpd1 container
# virt-sandbox-service clone -s static,label=system_u:system_r:svirt_lxc_net_t:s0:c1,c2 httpd1 httpd2
SEE ALSOlibvirt(8), selinux(8), systemd(8), "virt-sandbox-service(1)"
FILES
Container content will be stored in subdirectories of
/var/lib/libvirt/filesystems, by default. You can manage the content
in these directories outside of the container and processes within the
container will see the content.
AUTHORS
Daniel Walsh <dwalsh@redhat.com> Daniel P. Berrange <dan@berrange.com>
COPYRIGHT
Copyright (C) 2011-2013 Red Hat, Inc.
LICENSE
virt-sandbox is distributed under the terms of the GNU LGPL v2+. This
is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE
libvirt-sandbox-0.5.0 2013-10-03 VIRT-SANDBOX-SERVICE-CLONE(1)