On Wed, Apr 22, 2015 at 4:04 PM, Lennart Poettering <lenn...@poettering.net> wrote: > Well, if that's what it says, then yes. We can certainly add support > for manipulating nft too, but so far the APIs fo that appeared much > less convincing to me, and quite a bit more exotic.
The user space tools for nft are much nicer than iptables, so I think they do provide a significant benefit. I would appreciate not having to go back to iptables:-) The exact command line I am running is this (straight out of systemctl cat systemd-nspawn@vm.service, *THANKS* to whoever implemented that!): ExecStart=/usr/bin/systemd-nspawn --quiet --keep-unit --boot --ephemeral \ --machine=vm \ --network-veth \ --bind=/mnt/raid0/data/ftp:/mnt/ftp /var/lib/machines is a normal read-write btrfs snapshot. vm is a read-only snapshot. It starts fine when vm is read-write. Best Regards, Tobias _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel