systemd-nspawn never uses user namespaces, as you can see from the source. User namespaces do not appear to work with a chroot at all right now, because you can't enter one while in a chroot and you can't use chroot while in a user namespace. - thestinger (talk) 19:35, 23 April 2014 (UTC)
- The report is still open, I'm restoring the link here just in case: FS#36969. The removed content is . -- Kynikos (talk) 01:45, 25 April 2014 (UTC)
- In conclusion from above mentioning user namespaces was not relevant on this page (pity really). So the only way to restrict the nspawn-container appears to be limiting its capabilities on start-up (as per man systemd-nspawn). Regarding FS#36969: it was originally opened for lxc-containers anyway and those appear to support user namespaces now. Hence, the only question remaining for this article at this point would be, if there are any remaining issues arising for systemd in general when activating CONFIG_USER_NS for lxc (opinion on that?).
- I have added the bug and a couple links with background info to talk:linux containers so the reference does not get lost.
- --Indigo (talk) 08:56, 3 May 2014 (UTC)
systemd-nspawn as a build environment
I've been struggling trying to set this up and i assume others will as well. Would be nice to have an example of a build workflow using this tool on this or on a seperate page. Captaincurrie (talk) 18:32, 19 January 2015 (UTC)
extra-x86_64-build. -- thestinger 18:41, 19 January 2015 (UTC) package implements this for Arch packaging, and is used for building everything in the repositories. It's as simple as replacing