From: Sungbae Yoo <sungbae.yoo@samsung.com>
Date: Tue, 6 Oct 2015 09:29:01 +0000 (+0900)
Subject: doc: Add the note related mount in Korean lxc.container.conf(5)
X-Git-Tag: lxc-2.0.0.beta1~94
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=73740a136b1c6b657aa2f8d78fe6a3fe38546bb3;p=thirdparty%2Flxc.git

doc: Add the note related mount in Korean lxc.container.conf(5)

Update for commit 592fd47

Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
---

diff --git a/doc/ko/lxc.container.conf.sgml.in b/doc/ko/lxc.container.conf.sgml.in
index b30568048..6d225a870 100644
--- a/doc/ko/lxc.container.conf.sgml.in
+++ b/doc/ko/lxc.container.conf.sgml.in
@@ -1008,6 +1008,23 @@ by Sungbae Yoo <sungbae.yoo at samsung.com>
         ì´ ë§ì´í¸ í¬ì¸í¸ë¤ì ì»¨íì´ëììë§ ë³´ì´ê³  ì¸ë¶ìì ì¤ííë íë¡ì¸ì¤ë¤ìê² ë³´ì´ì§ ìëë¤.
         ì´ë ìë¥¼ ë¤ì´  /etc, /var, /homeì ë§ì´í¸í  ë ì ì©íë¤.
       </para>
+      <para>
+        <!--
+        NOTE - LXC will generally ensure that mount targets and relative
+        bind-mount sources are properly confined under the container
+        root, to avoid attacks involving over-mounting host directories
+        and files.  (Symbolic links in absolute mount sources are ignored)
+        However, if the container configuration first mounts a directory which
+        is under the control of the container user, such as /home/joe, into
+        the container at some <filename>path</filename>, and then mounts
+        under <filename>path</filename>, then a TOCTTOU attack would be
+        possible where the container user modifies a symbolic link under
+        his home directory at just the right time.
+        -->
+        ì£¼ì - ë³´íµ LXCë ë§ì´í¸ ëìê³¼ ìë ê²½ë¡ë¡ ë ë°ì¸ë ë§ì´í¸ ìì¤ë¤ì´ ì»¨íì´ëì ë£¨í¸ ìëì ìëë¡ ë³´ì¥í  ê²ì´ë¤. ì´ë í¸ì¤í¸ ëë í ë¦¬ì íì¼ë¤ì ê²¹ì³ì ë§ì´í¸íë ì íì ê³µê²©ì í¼íê¸° ìí ê²ì´ë¤. (ì ë ê²½ë¡ë¡ ë ë§ì´í¸ ìì¤ ë´ì ì¡´ì¬íë ì¬ë³¼ë¦­ ë§í¬ë¤ì ë¬´ìë  ê²ì´ë¤.)
+        íì§ë§, ë§ì½ ì»¨íì´ë ì¤ì ìì ì»¨íì´ë ì¬ì©ìê° ì ì´í  ì ìë, ìë¥¼ ë¤ì´ /home/joeì ê°ì ëë í ë¦¬ë¥¼ ì»¨íì´ë ë´ì <filename>path</filename>ì ë¨¼ì  ë§ì´í¸ íê³  ëì,  <filename>path</filename> ë´ì ë ë§ì´í¸ë¥¼ íë ê²½ì°ê° ìë¤ë©´,
+        ì»¨íì´ë ì¬ì©ìê° ìì ì home ëë í ë¦¬ì ìë ì¬ë³¼ë¦­ë§í¬ë¥¼ ì íí ìê°ì ì¡°ìíì¬, TOCTTOU (ì­ì£¼ : Time of check to time of use) ê³µê²©ì´ ê°ë¥í  ê²ì´ë¤.
+      </para>
       <variablelist>
 	<varlistentry>
 	  <term>
