https://bugzilla.redhat.com/show_bug.cgi?id=1147737 --- tools/virsh.pod | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tools/virsh.pod b/tools/virsh.pod index d2cc5b2..d8502c7 100644 --- a/tools/virsh.pod +++ b/tools/virsh.pod @@ -4170,7 +4170,7 @@ When I<--timestamp> is used, a human-readable timestamp will be printed before the event, and the timing information provided by QEMU will be omitted. -=item B<lxc-enter-namespace> I<domain> -- /path/to/binary [arg1, [arg2, ...]] +=item B<lxc-enter-namespace> I<domain> [I<--noseclabel>] -- /path/to/binary [arg1, [arg2, ...]] Enter the namespace of I<domain> and execute the command C</path/to/binary> passing the requested args. The binary path is relative to the container @@ -4179,6 +4179,10 @@ environment variables / console visible to virsh. This command only works when connected to the LXC hypervisor driver. This command succeeds only if C</path/to/binary> has 0 exit status. +By default the new process will run with the security label of the new +parent container. Use the I<--noseclabel> option to instead have the +process keep the same security label as C<virsh>. + =back =head1 ENVIRONMENT -- 2.7.3