From: KATOH Yasufumi <karma@jazz.email.ne.jp>
Date: Wed, 30 Sep 2015 06:19:27 +0000 (+0900)
Subject: doc: Add the note related mount in Japanese lxc.container.conf(5)
X-Git-Tag: lxc-1.0.8~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=906c1e6d3c06d25969fa9fabe0d85732e46a48df;p=thirdparty%2Flxc.git

doc: Add the note related mount in Japanese lxc.container.conf(5)

Update for commit 592fd47

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
---

diff --git a/doc/ja/lxc.container.conf.sgml.in b/doc/ja/lxc.container.conf.sgml.in
index 726802b2c..61cf94365 100644
--- a/doc/ja/lxc.container.conf.sgml.in
+++ b/doc/ja/lxc.container.conf.sgml.in
@@ -934,6 +934,23 @@ by KATOH Yasufumi <karma at jazz.email.ne.jp>
         ãããã®ãã¦ã³ããã¤ã³ãã¯ãã³ã³ããã ãã«è¦ããã³ã³ããå¤ã§å®è¡ããããã­ã»ã¹ããè¦ãããã¨ã¯ããã¾ããã
         ä¾ãã°ã/etc ã /var ã /home ããã¦ã³ãããã¨ãã«å½¹ã«ç«ã¤ã§ãããã
       </para>
+      <para>
+	<!--
+	NOTE - LXC will generally ensure that mount targets and relative
+	bind-mount sources are properly confined under the container
+	root, to avoid attacks involving over-mounting host directories
+	and files.  (Symbolic links in absolute mount sources are ignored)
+	However, if the container configuration first mounts a directory which
+	is under the control of the container user, such as /home/joe, into
+        the container at some <filename>path</filename>, and then mounts
+        under <filename>path</filename>, then a TOCTTOU attack would be
+        possible where the container user modifies a symbolic link under
+        his home directory at just the right time.
+	  -->
+	æ³¨æ: éå¸¸ LXC ã¯ããã¦ã³ãå¯¾è±¡ã¨ç¸å¯¾ãã¹æå®ã®ãã¤ã³ããã¦ã³ãããé©åã«ã³ã³ããã«ã¼ãä»¥ä¸ã«éãè¾¼ãã¾ãã
+	ããã¯ããã¹ãã®ãã£ã¬ã¯ããªããã¡ã¤ã«ã«å¯¾ãã¦éã­åãããè¡ããããªãã¦ã³ãã«ããæ»æãé²ãã¾ãã(çµ¶å¯¾ãã¹æå®ã®ãã¦ã³ãã½ã¼ã¹ä¸­ã®åãã¹ãã·ã³ããªãã¯ãªã³ã¯ã§ããå ´åã¯ç¡è¦ããã¾ãã)
+	ããããããã³ã³ããã®è¨­å®ãæåã«ã/home/joe ã®ãããªã³ã³ããã¦ã¼ã¶ã®ã³ã³ãã­ã¼ã«éä¸ã«ãããã£ã¬ã¯ããªããã³ã³ããä¸­ã®ãã <filename>path</filename> ã«ãã¦ã³ããããã®å¾ <filename>path</filename> ä»¥ä¸ã§ãã¦ã³ããè¡ããããããªå ´åãã³ã³ããã¦ã¼ã¶ãã¿ã¤ãã³ã°ãè¦è¨ãã£ã¦èªèº«ã®ãã¼ã ãã£ã¬ã¯ããªä»¥ä¸ã§ã·ã³ããªãã¯ãªã³ã¯ãæä½ãããããª TOCTTOU æ»æãæç«ããå¯è½æ§ãããã¾ãã
+      </para>
       <variablelist>
 	<varlistentry>
 	  <term>
