From: KATOH Yasufumi <karma@jazz.email.ne.jp>
Date: Mon, 30 Sep 2013 08:30:45 +0000 (+0900)
Subject: doc: Update Japanese lxc.conf(5) man page
X-Git-Tag: lxc-1.0.0.alpha2~72
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=492d0d55c3ed84b8550ada0b8f53c6a60a6f169a;p=thirdparty%2Flxc.git

doc: Update Japanese lxc.conf(5) man page

Add description of automatic mounting options
---

diff --git a/doc/ja/lxc.conf.sgml.in b/doc/ja/lxc.conf.sgml.in
index 8fe149468..c4d17ff25 100644
--- a/doc/ja/lxc.conf.sgml.in
+++ b/doc/ja/lxc.conf.sgml.in
@@ -819,6 +819,153 @@ by KATOH Yasufumi <karma at jazz.email.ne.jp>
 	  </listitem>
 	</varlistentry>
 
+	<varlistentry>
+	  <term>
+	    <option>lxc.mount.auto</option>
+	  </term>
+	  <listitem>
+	    <para>
+              <!--
+	      specify which standard kernel file systems should be
+	      automatically mounted. This may dramatically simplify
+	      the configuration. The file systems are:
+              -->
+              æ¨æºã®ã«ã¼ãã«ãã¡ã¤ã«ã·ã¹ãã ã§èªåçã«ãã¦ã³ããããã®ãæå®ãã¾ãï¼ããã¯åçã«è¨­å®ãå®¹æã«ããå¯è½æ§ãããã¾ãï¼
+	    </para>
+	    <itemizedlist>
+	      <listitem>
+                <!--
+	        <option>proc:mixed</option> (or <option>proc</option>):
+	        mount <filename>/proc</filename> as read-write, but
+	        remount <filename>/proc/sys</filename> and
+	        <filename>/proc/sysrq-trigger</filename> read-only
+	        for security / container isolation purposes.
+                -->
+                <option>proc:mixed</option> (or <option>proc</option>):
+                <filename>/proc</filename> ãèª­ã¿æ¸ãå¯è½ã§ãã¦ã³ããã¾ãï¼ãã ãï¼<filename>/proc/sys</filename> ã¨ <filename>/proc/sysrq-trigger</filename> ã¯ï¼ã»ã­ã¥ãªãã£ã¨ã³ã³ããã®éé¢ã®ç®çã§ãªã¼ããªã³ãªã¼ã§åãã¦ã³ãããã¾ãï¼
+	      </listitem>
+	      <listitem>
+                <!--
+	        <option>proc:rw</option>: mount
+	        <filename>/proc</filename> as read-write
+                -->
+	        <option>proc:rw</option>:
+                <filename>/proc</filename> ãèª­ã¿æ¸ãå¯è½ã§ãã¦ã³ããã¾ãï¼
+	      </listitem>
+	      <listitem>
+                <!--
+	        <option>sys:ro</option> (or <option>sys</option>):
+	        mount <filename>/sys</filename> as read-only
+	        for security / container isolation purposes.
+                -->
+                <option>sys:ro</option> (or <option>sys</option>):
+                <filename>/sys</filename> ãï¼ã»ã­ã¥ãªãã£ã¨ã³ã³ããã®éé¢ã®ç®çã§ãªã¼ããªã³ãªã¼ã§ãã¦ã³ããã¾ãï¼
+	      </listitem>
+	      <listitem>
+                <!--
+	        <option>sys:rw</option>: mount
+	        <filename>/sys</filename> as read-write
+                -->
+	        <option>sys:rw</option>:
+                <filename>/sys</filename> ãèª­ã¿æ¸ãå¯è½ã§ãã¦ã³ããã¾ãï¼
+	      </listitem>
+	      <listitem>
+                <!--
+	        <option>cgroup:mixed</option> (or
+	        <option>cgroup</option>):
+	        mount a tmpfs to <filename>/sys/fs/cgroup</filename>,
+	        create directories for all hierarchies to which
+	        the container is added, create subdirectories
+	        there with the name of the cgroup, and bind-mount
+	        the container's own cgroup into that directory.
+	        The container will be able to write to its own
+	        cgroup directory, but not the parents, since they
+	        will be remounted read-only
+                -->
+	        <option>cgroup:mixed</option> (or
+	        <option>cgroup</option>):
+                <filename>/sys/fs/cgroup</filename> ã tmpfs ã§ãã¦ã³ããï¼ãã®ã³ã³ããã®è¿½å ãè¡ãããå¨ã¦ã®éå±¤æ§é ã«å¯¾ãããã£ã¬ã¯ããªãä½è£½ãï¼ãã® cgroup ã®ååã§ãã®ä¸­ã«ãµããã£ã¬ã¯ããªãä½è£½ãï¼ãã®ã³ã³ããèªèº«ã® cgroup ããã®ãã£ã¬ã¯ããªã«ãã¤ã³ããã¦ã³ããã¾ãï¼ã³ã³ããã¯èªèº«ã® cgroup ãã£ã¬ã¯ããªã«æ¸ãè¾¼ã¿ãå¯è½ã§ããï¼è¦ªãã£ã¬ã¯ããªã¯ãªã¼ããªã³ãªã¼ã§åãã¦ã³ãããã¦ããããæ¸ãè¾¼ãã¾ããï¼
+	      </listitem>
+	      <listitem>
+                <!--
+	        <option>cgroup:ro</option>: similar to
+	        <option>cgroup:mixed</option>, but everything will
+	        be mounted read-only.
+                -->
+	        <option>cgroup:ro</option>:
+                <option>cgroup:mixed</option> ã¨åæ§ã«ãã¦ã³ãããã¾ããï¼å¨ã¦ãªã¼ããªã³ãªã¼ã§ãã¦ã³ãããã¾ãï¼
+	      </listitem>
+	      <listitem>
+                <!--
+	        <option>cgroup:rw</option>: similar to
+	        <option>cgroup:mixed</option>, but everything will
+	        be mounted read-write. Note that the paths leading
+	        up to the container's own cgroup will be writable,
+	        but will not be a cgroup filesystem but just part
+	        of the tmpfs of <filename>/sys/fs/cgroup</filename>
+                -->
+	        <option>cgroup:rw</option>:
+                <option>cgroup:mixed</option> ã¨åæ§ã«ãã¦ã³ãããã¾ããï¼å¨ã¦èª­ã¿æ¸ãå¯è½ã§ãã¦ã³ãããã¾ãï¼ã³ã³ããèªèº«ã® cgroup ã«è³ãã¾ã§ã®ãã¹ãæ¸ãè¾¼ã¿å¯è½ã«ãªããã¨ã«æ³¨æãå¿è¦ã§ããï¼cgroup ãã¡ã¤ã«ã·ã¹ãã ã«ã¯ãªããï¼<filename>/sys/fs/cgroup</filename> ã® tmpfs ã®ä¸é¨åã«ãªãã§ãããï¼
+	      </listitem>
+	      <listitem>
+                <!--
+	        <option>cgroup-full:mixed</option> (or
+	        <option>cgroup-full</option>):
+	        mount a tmpfs to <filename>/sys/fs/cgroup</filename>,
+	        create directories for all hierarchies to which
+	        the container is added, bind-mount the hierarchies
+	        from the host to the container and make everything
+	        read-only except the container's own cgroup. Note
+	        that compared to <option>cgroup</option>, where
+	        all paths leading up to the container's own cgroup
+	        are just simple directories in the underlying
+	        tmpfs, here
+	        <filename>/sys/fs/cgroup/$hierarchy</filename>
+	        will contain the host's full cgroup hierarchy,
+	        albeit read-only outside the container's own cgroup.
+	        This may leak quite a bit of information into the
+	        container.
+                -->
+	        <option>cgroup-full:mixed</option> (or
+	        <option>cgroup-full</option>):
+                <filename>/sys/fs/cgroup</filename> ã tmpfs ã§ãã¦ã³ããï¼ãã®ã³ã³ããã®è¿½å ãè¡ãããå¨ã¦ã®éå±¤æ§é ã«å¯¾ãããã£ã¬ã¯ããªãä½è£½ãï¼ãã¹ãããã³ã³ããã¾ã§ã®éå±¤æ§é ãå¨ã¦ãã¤ã³ããã¦ã³ããï¼ã³ã³ããèªèº«ã® cgroup ãé¤ãã¦ãªã¼ããªã³ãªã¼ã«ãã¾ãï¼<option>cgroup</option> ã¨æ¯ã¹ãã¨ï¼ã³ã³ããèªèº«ã® cgroup ã«è³ãã¾ã§ã®å¨ã¦ã®ãã¹ã tmpfs ã®ä¸å±¤ã®ã·ã³ãã«ãªãã£ã¬ã¯ããªã¨ãªãï¼ã³ã³ããèªèº«ã® cgroup ã®å¤ã§ã¯ãªã¼ããªã³ãªã¼ã«ãªãã¾ããï¼<filename>/sys/fs/cgroup/$hierarchy</filename> ã¯ãã¹ãã®å¨ã¦ã® cgroup éå±¤æ§é ãå«ã¿ã¾ãï¼ããã«ããï¼ã³ã³ããã«ã¯ããªãã®æå ±ãæ¼æ´©ãã¾ãï¼
+	      </listitem>
+	      <listitem>
+                <!--
+	        <option>cgroup-full:ro</option>: similar to
+	        <option>cgroup-full:mixed</option>, but everything
+	        will be mounted read-only.
+                -->
+	        <option>cgroup-full:ro</option>:
+                <option>cgroup-full:mixed</option> ã¨åæ§ã«ãã¦ã³ãããã¾ããï¼å¨ã¦ãªã¼ããªã³ãªã¼ã§ãã¦ã³ãããã¾ãï¼
+	      </listitem>
+	      <listitem>
+                <!--
+	        <option>cgroup-full:rw</option>: similar to
+	        <option>cgroup-full:mixed</option>, but everything
+	        will be mounted read-write. Note that in this case,
+	        the container may escape its own cgroup. (Note also
+	        that if the container has CAP_SYS_ADMIN support
+	        and can mount the cgroup filesystem itself, it may
+	        do so anyway.)
+                -->
+	        <option>cgroup-full:rw</option>:
+	        <option>cgroup-full:mixed</option>ã¨åæ§ã«ãã¦ã³ãããã¾ããï¼å¨ã¦èª­ã¿æ¸ãå¯è½ã§ãã¦ã³ãããã¾ãï¼ãã®å ´åï¼ã³ã³ããã¯èªèº«ã® cgroup ããè±åºããå¯è½æ§ããããã¨ã«æ³¨æãã¦ãã ãã (ã³ã³ããã CAP_SYS_ADMIN ãæã¡ï¼èªèº«ã§ cgroup ãã¡ã¤ã«ã·ã¹ãã ããã¦ã³ãå¯è½ãªãï¼ãããã«ãããã®ããã«ãããããããªããã¨ã«ãæ³¨æãã¦ãã ãã)ï¼
+	      </listitem>
+	    </itemizedlist>
+	    <para>
+              <!--
+	      Examples:
+              -->
+              ä¾:
+	    </para>
+	    <programlisting>
+	      lxc.mount.auto = proc sys cgroup
+	      lxc.mount.auto = proc:rw sys:rw cgroup-full:rw
+	    </programlisting>
+	  </listitem>
+	</varlistentry>
+
       </variablelist>
     </refsect2>
 
