From: KATOH Yasufumi <karma@jazz.email.ne.jp>
Date: Thu, 13 Feb 2014 07:11:08 +0000 (+0900)
Subject: doc: Update lxc.container.conf(5)
X-Git-Tag: lxc-1.0.0.rc1~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4473e38b99cd0b3f20839c2bf02058a987319f1d;p=thirdparty%2Flxc.git

doc: Update lxc.container.conf(5)

- Update Japanese man for commit a7c27357b33d726a326a11e1e72f68e1546b994a, seccomp v2
- Fix typo in English man

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
---

diff --git a/doc/ja/lxc.container.conf.sgml.in b/doc/ja/lxc.container.conf.sgml.in
index 4084a4ba9..351d1a5ce 100644
--- a/doc/ja/lxc.container.conf.sgml.in
+++ b/doc/ja/lxc.container.conf.sgml.in
@@ -1427,14 +1427,46 @@ by KATOH Yasufumi <karma at jazz.email.ne.jp>
         <!--
         A container can be started with a reduced set of available
 	system calls by loading a seccomp profile at startup.  The
-	seccomp configuration file should begin with a version number
-	(which currently must be 1) on the first line, a policy type
-	(which must be 'whitelist') on the second line, followed by a
-	list of allowed system call numbers, one per line.
+	seccomp configuration file must begin with a version number
+	on the first line, a policy type on the second line, followed
+	by the configuration.
         -->
         ã³ã³ããã¯ï¼èµ·åæã« seccomp ãã­ãã¡ã¤ã«ãã­ã¼ããããã¨ã§ï¼å©ç¨å¯è½ãªã·ã¹ãã ã³ã¼ã«ãæ¸ããã¦èµ·åãããã¨ãå¯è½ã§ãï¼
-        seccomp ã®è¨­å®ãã¡ã¤ã«ã¯ï¼æåã®è¡ããã¼ã¸ã§ã³çªå· (ç¾å¨ã¯ 1 ã§ãªããã°ãªããªã) ã§ï¼2 è¡ç®ã¯ããªã·ã¼ã®ã¿ã¤ã ('whitelist' ã§ãªããã°ãªããªã)ï¼ã§å§ã¾ãå¿è¦ãããï¼ãã®å¾ã« 1 è¡ãã¨ã«å©ç¨å¯è½ãªã·ã¹ãã ã³ã¼ã«ã®çªå·ãæ¸ããããªã¹ããç¶ãã¾ãï¼
+        seccomp ã®è¨­å®ãã¡ã¤ã«ã¯ï¼1 è¡ç®ããã¼ã¸ã§ã³çªå·ï¼2 è¡ç®ãããªã·ã¼ã®ã¿ã¤ãã§å§ã¾ãå¿è¦ãããï¼ãã®å¾ã«è¨­å®ãæ¸ãã¾ãï¼
       </para>
+      <para>
+        <!--
+        Versions 1 and 2 are currently supported.  In version 1, the
+	policy is a simple whitelist.  The second line therefore must
+	read "whitelist", with the rest of the file containing one (numeric)
+	sycall number per line.  Each syscall number is whitelisted,
+	while every unlisted number is blacklisted for use in the container
+        -->
+        ç¾æç¹ã§ã¯ï¼ãã¼ã¸ã§ã³çªå·ã¯ 1 ã¨ 2 ããµãã¼ããã¦ãã¾ãï¼ãã¼ã¸ã§ã³ 1 ã§ã¯ï¼ããªã·ã¼ã¯ã·ã³ãã«ãªãã¯ã¤ããªã¹ãã§ãã®ã§ï¼2 è¡ç®ã¯ "whitelist" ã§ãªããã°ãªãã¾ããï¼
+        ããã¦æ®ãã®è¡ã«ã¯ 1 è¡ã« 1 ã¤ãã¤ï¼ã·ã¹ãã ã³ã¼ã«çªå·ãæ¸ãã¾ãï¼åè¡ã®ã·ã¹ãã ã³ã¼ã«çªå·ããã¯ã¤ããªã¹ãåããï¼ãªã¹ãã«ãªãçªå·ã¯ï¼ãã®ã³ã³ããã§ã¯ãã©ãã¯ãªã¹ãã«å¥ãã¾ãï¼
+      </para>
+
+      <para>
+        <!--
+       In version 2, the policy may be blacklist or whitelist,
+       supports per-rule and per-policy default actions, and supports
+       per-architecture system call resolution from textual names.
+          -->
+        ãã¼ã¸ã§ã³ 2 ã§ã¯ï¼ããªã·ã¼ã¯ãã©ãã¯ãªã¹ããããã¯ãã¯ã¤ããªã¹ãã§è¡¨ããï¼ã«ã¼ã«ãã¨ã®ã¢ã¯ã·ã§ã³ã¨ï¼ããªã·ã¼ãã¨ã®ããã©ã«ãã®ã¢ã¯ã·ã§ã³ãè¨­å®ã§ãã¾ãï¼ããã¦ï¼ã¢ã¼ã­ãã¯ãã£ãã¨ã®è¨­å®ã¨ï¼ãã­ã¹ãã§æ¸ãããã·ã¹ãã ã³ã¼ã«åã§ã®è¨­å®ãå¯è½ã§ãï¼
+      </para>
+      <para>
+        <!--
+       An example blacklist policy, in which all system calls are
+       allowed except for mknod, which will simply do nothing and
+       return 0 (success), looks like:
+       -->
+        ä»¥ä¸ã«ãã©ãã¯ãªã¹ãã®ããªã·ã¼ã®ä¾ãç¤ºãã¾ãï¼ããã¯ mknod ä»¥å¤ã®å¨ã¦ã®ã·ã¹ãã ã³ã¼ã«ãè¨±å¯ããï¼mknod ãå¼ã°ããã¨ï¼ä½ãããã«åã« 0(æå) ãè¿ãã¾ãï¼
+      </para>
+<screen>
+2
+blacklist
+mknod errno 0
+</screen>
       <variablelist>
 	<varlistentry>
 	  <term>
diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in
index 3c2bbc302..8c83fbe23 100644
--- a/doc/lxc.container.conf.sgml.in
+++ b/doc/lxc.container.conf.sgml.in
@@ -1024,7 +1024,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 	policy is a simple whitelist.  The second line therefore must
 	read "whitelist", with the rest of the file containing one (numeric)
 	sycall number per line.  Each syscall number is whitelisted,
-	while every unlisted number is blacklisted for use in teh container
+	while every unlisted number is blacklisted for use in the container
       </para>
 
       <para>
