]>
Commit | Line | Data |
---|---|---|
755d8d03 KY |
1 | <!-- |
2 | ||
3 | lxc: linux Container library | |
4 | ||
5 | (C) Copyright IBM Corp. 2007, 2008 | |
6 | ||
7 | Authors: | |
8 | Daniel Lezcano <daniel.lezcano at free.fr> | |
9 | Serge Hallyn <serge.hallyn at ubuntu.com> | |
10 | ||
11 | This library is free software; you can redistribute it and/or | |
12 | modify it under the terms of the GNU Lesser General Public | |
13 | License as published by the Free Software Foundation; either | |
14 | version 2.1 of the License, or (at your option) any later version. | |
15 | ||
16 | This library is distributed in the hope that it will be useful, | |
17 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
19 | Lesser General Public License for more details. | |
20 | ||
21 | You should have received a copy of the GNU Lesser General Public | |
22 | License along with this library; if not, write to the Free Software | |
23 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA | |
24 | ||
25 | Translated into Japanese | |
26 | by KATOH Yasufumi <karma at jazz.email.ne.jp> | |
27 | --> | |
28 | ||
29 | <!DOCTYPE refentry PUBLIC @docdtd@ [ | |
30 | ||
31 | <!ENTITY commonoptions SYSTEM "@builddir@/common_options.sgml"> | |
32 | <!ENTITY seealso SYSTEM "@builddir@/see_also.sgml"> | |
33 | ]> | |
34 | ||
35 | <refentry> | |
36 | ||
37 | <docinfo><date>@LXC_GENERATE_DATE@</date></docinfo> | |
38 | ||
39 | <refmeta> | |
40 | <refentrytitle>lxc-usernsexec</refentrytitle> | |
41 | <manvolnum>1</manvolnum> | |
42 | </refmeta> | |
43 | ||
44 | <refnamediv> | |
45 | <refname>lxc-usernsexec</refname> | |
46 | ||
47 | <refpurpose> | |
48 | <!-- | |
49 | Run a task as root in a new user namespace. | |
50 | --> | |
51 | 新しいユーザ名前空間内で root としてタスクを実行する | |
52 | </refpurpose> | |
53 | </refnamediv> | |
54 | ||
55 | <refsynopsisdiv> | |
56 | <cmdsynopsis> | |
77e22991 | 57 | <command>lxc-usernsexec</command> |
755d8d03 KY |
58 | <arg choice="opt">-m <replaceable>uid-map</replaceable></arg> |
59 | <arg choice="req">-- command</arg> | |
60 | </cmdsynopsis> | |
61 | </refsynopsisdiv> | |
62 | ||
63 | <refsect1> | |
64 | <title><!-- Description -->説明</title> | |
65 | ||
66 | <para> | |
67 | <!-- | |
68 | <command>lxc-usernsexec</command> can be used to run a task as root | |
69 | in a new user namespace. | |
70 | --> | |
dc421f3a | 71 | <command>lxc-usernsexec</command> は、新しいユーザ名前空間内で root としてタスクを実行するのに使います。 |
755d8d03 KY |
72 | </para> |
73 | ||
74 | </refsect1> | |
75 | ||
76 | <refsect1> | |
77 | ||
78 | <title><!-- Options -->オプション</title> | |
79 | ||
80 | <variablelist> | |
81 | ||
82 | <varlistentry> | |
83 | <term> | |
84 | <option>-m <replaceable>uid-map</replaceable></option> | |
85 | </term> | |
86 | <listitem> | |
87 | <para> | |
88 | <!-- | |
89 | The uid map to use in the user namespace. Each map consists of | |
90 | four colon-separate values. First a character 'u', 'g' or 'b' to | |
69ba0789 | 91 | specify whether this map pertains to user ids, group ids, or |
755d8d03 KY |
92 | both; next the first userid in the user namespace; next the |
93 | first userid as seen on the host; and finally the number of | |
94 | ids to be mapped. | |
95 | --> | |
dc421f3a KY |
96 | ユーザ名前空間内で使うための uid のマッピング。マッピングは、コロンで分けられた 4 つの値から構成されます。 |
97 | 最初の文字は 'u', 'g', 'b' のどれかで、マッピングが UID, GID, UID と GID の両方のうちのどれに関するものなのかを指定します。 | |
98 | 次はユーザ名前空間内の最初の ID を指定します。その次はホスト上での最初の ID を指定します。最後はマッピングされる ID の数を指定します。 | |
755d8d03 KY |
99 | </para> |
100 | <para> | |
101 | <!-- | |
102 | More than one map can be specified. If no map is | |
103 | specified, then by default the full uid and gid ranges granted | |
104 | by /etc/subuid and /etc/subgid will be mapped to the | |
105 | uids and gids starting at 0 in the container. | |
106 | --> | |
dc421f3a | 107 | 複数回のマッピングを指定することも可能です。もしマッピングを指定しない場合、デフォルトでは /etc/subuid, /etc/subgid で許可された全ての範囲の UID, GID が、コンテナ内の 0 から始まる UID, GID にマッピングされます。 |
755d8d03 KY |
108 | </para> |
109 | <para> | |
110 | <!-- | |
111 | Note that <replaceable>lxc-usernsexec</replaceable> always tries | |
112 | to setuid and setgid to 0 in the namespace. Therefore uid 0 in | |
113 | the namespace must be mapped. | |
114 | --> | |
dc421f3a | 115 | <replaceable>lxc-usernsexec</replaceable> は、常に名前空間内の 0 に setuid, setgid しようとしますので、名前空間内の UID 0 は必ずマッピングしなければいけないことに注意してください。 |
755d8d03 KY |
116 | </para> |
117 | </listitem> | |
118 | </varlistentry> | |
119 | ||
120 | ||
121 | </variablelist> | |
122 | ||
123 | </refsect1> | |
124 | ||
125 | <refsect1> | |
126 | <title><!-- Examples -->例</title> | |
127 | <para> | |
128 | <!-- | |
129 | To spawn a shell with the full allotted subuids mapped into | |
130 | the container, use | |
131 | <programlisting> | |
132 | lxc-usernsexec | |
133 | </programlisting> | |
134 | To run a different shell than <replaceable>/bin/sh</replaceable>, use | |
135 | <programlisting> | |
136 | lxc-usernsexec -- /bin/bash | |
137 | </programlisting> | |
138 | --> | |
dc421f3a | 139 | 割り当てられた subuid の全てをコンテナ内にマッピングしてシェルを起動するには、 |
755d8d03 KY |
140 | <programlisting> |
141 | lxc-usernsexec | |
142 | </programlisting> | |
dc421f3a | 143 | のようにしてください。<replaceable>/bin/sh</replaceable> とは違うシェルを起動する場合、 |
755d8d03 KY |
144 | <programlisting> |
145 | lxc-usernsexec -- /bin/bash | |
146 | </programlisting> | |
dc421f3a | 147 | のようにしてください。 |
755d8d03 KY |
148 | </para> |
149 | <para> | |
150 | <!-- | |
151 | If your user id is 1000, root in a container is mapped to 190000, and | |
152 | you wish to chown a file you own to root in the container, you can use: | |
153 | <programlisting> | |
154 | lxc-usernsexec -m b:0:1000:1 -m b:1:190000:1 -- /bin/chown 1:1 $file | |
155 | </programlisting> | |
156 | This maps your userid to root in the user namespace, and 190000 to uid 1. | |
157 | Since root in the user namespace is privileged over all userids mapped | |
158 | into the namespace, you are allowed to change the file ownership, which | |
159 | you could not do on the host using a simple chown. | |
160 | --> | |
dc421f3a | 161 | あなたの UID が 1000 で、コンテナ内の root を 190000 にマッピングする場合で、あなたの所有するファイルをコンテナ内の root に chown したい場合は、以下のように実行します。 |
755d8d03 KY |
162 | <programlisting> |
163 | lxc-usernsexec -m b:0:1000:1 -m b:1:190000:1 -- /bin/chown 1:1 $file | |
164 | </programlisting> | |
dc421f3a KY |
165 | これはあなたの UID をユーザ名前空間の root に、190000 を uid 1 にマッピングしています。 |
166 | ユーザ名前空間内の root は、名前空間内の全ての ID に対して特権があるため、ホスト上で単純に chown を使えない場合でも、あなたはファイルのオーナーを変更する事が可能です。 | |
755d8d03 KY |
167 | </para> |
168 | </refsect1> | |
169 | ||
170 | &seealso; | |
171 | ||
172 | <refsect1> | |
51fded06 | 173 | <title><!-- Author -->作者</title> |
755d8d03 KY |
174 | <para>Serge Hallyn <email>serge.hallyn@ubuntu.com</email></para> |
175 | </refsect1> | |
176 | ||
177 | </refentry> | |
178 | ||
179 | <!-- Keep this comment at the end of the file | |
180 | Local variables: | |
181 | mode: sgml | |
182 | sgml-omittag:t | |
183 | sgml-shorttag:t | |
184 | sgml-minimize-attributes:nil | |
185 | sgml-always-quote-attributes:t | |
186 | sgml-indent-step:2 | |
187 | sgml-indent-data:t | |
188 | sgml-parent-document:nil | |
189 | sgml-default-dtd-file:nil | |
190 | sgml-exposed-tags:nil | |
191 | sgml-local-catalogs:nil | |
192 | sgml-local-ecat-files:nil | |
193 | End: | |
194 | --> |