From: Sungbae Yoo <sungbae.yoo@samsung.com>
Date: Fri, 26 Feb 2016 09:39:09 +0000 (+0900)
Subject: doc: Update Korean lxc-attach(1)
X-Git-Tag: lxc-2.0.0.rc4~5^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eae7ec6edca67f6b7cb53818cce41290b6cd7138;p=thirdparty%2Flxc.git

doc: Update Korean lxc-attach(1)

Update for commit e986ea3

Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
---

diff --git a/doc/ko/lxc-attach.sgml.in b/doc/ko/lxc-attach.sgml.in
index f8e23f808..cc244d16e 100644
--- a/doc/ko/lxc-attach.sgml.in
+++ b/doc/ko/lxc-attach.sgml.in
@@ -91,6 +91,29 @@ by Sungbae Yoo <sungbae.yoo at samsung.com>
       ë§ì½ <replaceable>command</replaceable>ê° ì§ì ëì§ ììë¤ë©´, <command>lxc-attach</command>ê° íì¬ ì¤í ì¤ì¸ ìì´ ì»¨íì´ë ììë ìëì§ ê²ì¬íê³  ì´ë¥¼ ì¤ííë¤.
       ë§ì½ ì»¨íì´ë ìì ì¬ì©ìê° ì¡´ì¬íì§ ìê±°ë, nsswitchê° ì ëë¡ ëìíì§ ìë ê²½ì°ìë ì´ ëªë ¹ì´ ì¤í¨íê² ëë¤.
     </para>
+    <para>
+      <!--
+      Previous versions of <command>lxc-attach</command> simply attached to the
+      specified namespaces of a container and ran a shell or the specified
+      command without allocating a pseudo terminal. This made them vulnerable to
+      input faking via a TIOCSTI <command>ioctl</command> call after switching
+      between userspace execution contexts with different privilege levels. Newer
+      versions of <command>lxc-attach</command> will try to allocate a pseudo
+      terminal master/slave pair and attach any standard file descriptors which
+      refer to a terminal to the slave side of the pseudo terminal before
+      executing a shell or command. <command>lxc-attach</command> will first try
+      to allocate a pseudo terminal in the container. Should this fail it will try
+      to allocate a pseudo terminal on the host before finally giving up. Note,
+      that if none of the standard file descriptors refer to a terminal
+      <command>lxc-attach</command> will not try to allocate a pseudo terminal.
+      Instead it will simply attach to the containers namespaces and run a shell
+      or the specified command.
+      -->
+      ì´ì  ë²ì ì <command>lxc-attach</command>ë ë¨ìí ì»¨íì´ëì í¹ì  ë¤ìì¤íì´ì¤ì ë¶ì´, ìì ì¤ííê±°ë pseudo í°ë¯¸ë í ë¹ ìì´ í¹ì  ëªë ¹ì´ë¥¼ ì¤ííìë¤.
+      ì´ë ë¤ë¥¸ í¹ê¶ ìì¤ì ê°ë ì¬ì©ì ìì­ ì»¨íì¤í¸ ê°ì ì íí TIOCSTI <command>ioctl</command>ë¥¼ í¸ì¶íì¬ ìë ¥ì ê°ë¡ì± ì ìë ì·¨ì½ì ì´ ìë¤.
+      ìë¡ì´ ë²ì ì <command>lxc-attach</command>ë ìì´ë ëªë ¹ì´ë¥¼ ì¤ííê¸° ì ì, pseudo í°ë¯¸ë ë§ì¤í°/ì¬ë ì´ë¸ ìì í ë¹íê³ , í°ë¯¸ëì ê°ë¦¬í¤ê³  ìë íì¤ ìì¶ë ¥ íì¼ ëì¤í¬ë¦½í°ë¤ì ì¬ë ì´ë¸ pseudo í°ë¯¸ëë¡ ë¶ì¸ë¤. <command>lxc-attach</command>ë ì²ìì ì»¨íì´ë ë´ë¶ì pseudo í°ë¯¸ëì í ë¹íë¤. ë§ì½ ì´ê²ì´ ì¤í¨íë©´, í¸ì¤í¸ì í ë¹íê³ , ì´ë§ì  ì¤í¨íë©´ í ë¹ì í¬ê¸°íë¤.
+      í°ë¯¸ëì ê°ë¦¬í¤ê³  ìë íì¤ ìì¶ë ¥ íì¼ ëì¤í¬ë¦½í°ê° ìì ììë¤ë©´, <command>lxc-attach</command>ë pseudo í°ë¯¸ë í ë¹ì ìëíì§ ìëë¤. ë¨ìí ì»¨íì´ë ë¤ìì¤íì´ì¤ì ë¶ì´ ìì´ë ì§ì í ëªë ¹ì´ë§ ì¤íí  ë¿ì´ë¤.
+    </para>
 
   </refsect1>
 
@@ -402,6 +425,21 @@ by Sungbae Yoo <sungbae.yoo at samsung.com>
       ì´ë¬í ë¬¸ì ë¥¼ í´ê²°íê¸° ìí´, <option>-R</option> ìµìì´ ì ê³µëë¤. í´ë¹ ìµìì attachëë íë¡ì¸ì¤ì ë¤í¸ìí¬/pid ë¤ìì¤íì´ì¤ë¥¼ ë°ìíê¸° ìí´ <replaceable>/proc</replaceable>ì <replaceable>/sys</replaceable>ë¥¼ ë¤ì ë§ì´í¸íë¤.
 í¸ì¤í¸ì ì¤ì  íì¼ìì¤íì ë°©í´ê° ëì§ ìê¸° ìí´ ë§ì´í¸ ë¤ìì¤íì´ì¤ë ê³µì ëì§ ìëë¤(<command>lxc-unshare</command>ì ëìê³¼ ë¹ì·). <replaceable>/proc</replaceable>ì <replaceable>/sys</replaceable> íì¼ìì¤íì ì ì¸íê³  í¸ì¤í¸ ë§ì´í¸ ë¤ìì¤íì´ì¤ì ëì¼í ìë¡ì´ ë§ì´í¸ ë¤ìì¤íì´ì¤ê° ì£¼ì´ì§ê² ëë¤.
     </para>
+
+    <para>
+      <!--
+      Previous versions of <command>lxc-attach</command> suffered a bug whereby
+      a user could attach to a containers namespace without being placed in a
+      writeable cgroup for some critical subsystems. Newer versions of
+      <command>lxc-attach</command> will check whether a user is in a writeable
+      cgroup for those critical subsystems. <command>lxc-attach</command> might
+      thus fail unexpectedly for some users (E.g. on systems where an
+      unprivileged user is not placed in a writeable cgroup in critical
+      subsystems on login.). However, this behavior is correct and more secure.
+      -->
+      ì´ì  ë²ì ì <command>lxc-attach</command>ë ëªëª ì¤ìí ìë¸ìì¤íì ì°ê¸°ê° ê°ë¥í cgroup ë´ì ìëë¼ë, ì¬ì©ìê° ì»¨íì´ëì ë¤ìì¤íì´ì¤ì ì°ê²°í  ì ìë ë²ê·¸ê° ììë¤.
+      ìë¡ì´ ë²ì ì <command>lxc-attach</command>ë íì¬ ì¬ì©ìê° ëªëª ì¤ìí ìë¸ìì¤íì ì°ê¸° ê¶íì´ ìë cgroupì ìíëì§ ì¬ë¶ë¥¼ ê²ì¬íë¤. ê·¸ë¬ë¯ë¡ <command>lxc-attach</command>ë ì¬ì©ìì ë°ë¼ ì¤í¨íë ê²½ì°ë ìë¤. (ìë¥¼ ë¤ì´, ë¡ê·¸ì¸ ì ë¹í¹ê¶ ì¬ì©ìê° ì¤ì ìë¸ìì¤íì ì°ê¸°ê° ê°ë¥í cgroupì ìì¹íì§ ìì ê²½ì°) íì§ë§ ì´ë¬í ëìì ì íí ê²ì´ê³  ë ìì í ê²ì´ë¤.
+    </para>
   </refsect1>
 
   <refsect1>
