The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3042
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
Update for commit 8de90384363fe01f5258d36724dd3eae55918b5b
Signed-off-by: KATOH Yasufumi <ka...@jazz.email.ne.jp>
From 3c452dec31e8422be9e89b1ae35f942e0ca7a615 Mon Sep 17 00:00:00 2001
From: KATOH Yasufumi <ka...@jazz.email.ne.jp>
Date: Thu, 13 Jun 2019 21:05:24 +0900
Subject: [PATCH] doc: add a note about shared ns + LSMs to Japanese doc
Update for commit 8de90384363fe01f5258d36724dd3eae55918b5b
Signed-off-by: KATOH Yasufumi <ka...@jazz.email.ne.jp>
---
doc/ja/lxc.container.conf.sgml.in | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/doc/ja/lxc.container.conf.sgml.in
b/doc/ja/lxc.container.conf.sgml.in
index 3ea3402ff8..ccc225054a 100644
--- a/doc/ja/lxc.container.conf.sgml.in
+++ b/doc/ja/lxc.container.conf.sgml.in
@@ -2307,6 +2307,16 @@ by KATOH Yasufumi <karma at jazz.email.ne.jp>
-->
ふたつのプロセスが異なるユーザ名前空間に存在し、そのうちのひとつが他のネットワーク名前空間を継承したい場合、通常はユーザ名前空間も同様に継承する必要があることに注意が必要です。
</para>
+
+ <para>
+ <!--
+ Note that without careful additional configuration of an LSM,
+ sharing user+pid namespaces with a task may allow that task to
+ escalate privileges to that of the task calling liblxc.
+ -->
+ LSM で慎重に設定を追加しないで、タスクでユーザ + PID 名前空間を共有すると、そのタスクは liblxc
を呼び出したタスクの権限に昇格できることに注意が必要です。
+ </para>
+
</listitem>
</varlistentry>
</variablelist>
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
