doc/ja/lxc-usernsexec.sgml.in

   1 <!--
   2
   3 lxc: linux Container library
   4
   5 (C) Copyright IBM Corp. 2007, 2008
   6
   7 Authors:
   8 Daniel Lezcano <daniel.lezcano at free.fr>
   9 Serge Hallyn <serge.hallyn at ubuntu.com>
  10
  11 This library is free software; you can redistribute it and/or
  12 modify it under the terms of the GNU Lesser General Public
  13 License as published by the Free Software Foundation; either
  14 version 2.1 of the License, or (at your option) any later version.
  15
  16 This library is distributed in the hope that it will be useful,
  17 but WITHOUT ANY WARRANTY; without even the implied warranty of
  18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  19 Lesser General Public License for more details.
  20
  21 You should have received a copy of the GNU Lesser General Public
  22 License along with this library; if not, write to the Free Software
  23 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  24
  25 Translated into Japanese
  26 by KATOH Yasufumi <karma at jazz.email.ne.jp>
  27 -->
  28
  29 <!DOCTYPE refentry PUBLIC @docdtd@ [
  30
  31 <!ENTITY commonoptions SYSTEM "@builddir@/common_options.sgml">
  32 <!ENTITY seealso SYSTEM "@builddir@/see_also.sgml">
  33 ]>
  34
  35 <refentry>
  36
  37   <docinfo><date>@LXC_GENERATE_DATE@</date></docinfo>
  38
  39   <refmeta>
  40     <refentrytitle>lxc-usernsexec</refentrytitle>
  41     <manvolnum>1</manvolnum>
  42   </refmeta>
  43
  44   <refnamediv>
  45     <refname>lxc-usernsexec</refname>
  46
  47     <refpurpose>
  48       <!--
  49       Run a task as root in a new user namespace.
  50       -->
  51       新しいユーザ名前空間内で root としてタスクを実行する
  52     </refpurpose>
  53   </refnamediv>
  54
  55   <refsynopsisdiv>
  56     <cmdsynopsis>
  57       <command>lxc-unshare</command>
  58       <arg choice="opt">-m <replaceable>uid-map</replaceable></arg>
  59       <arg choice="req">-- command</arg>
  60     </cmdsynopsis>
  61   </refsynopsisdiv>
  62
  63   <refsect1>
  64     <title><!-- Description -->説明</title>
  65
  66     <para>
  67       <!--
  68       <command>lxc-usernsexec</command> can be used to run a task as root
  69       in a new user namespace.
  70       -->
  71       <command>lxc-usernsexec</command> は，新しいユーザ名前空間内で root としてタスクを実行するのに使います．
  72     </para>
  73
  74   </refsect1>
  75
  76   <refsect1>
  77
  78     <title><!-- Options -->オプション</title>
  79
  80     <variablelist>
  81
  82       <varlistentry>
  83         <term>
  84           <option>-m <replaceable>uid-map</replaceable></option>
  85         </term>
  86         <listitem>
  87           <para>
  88             <!--
  89           The uid map to use in the user namespace.  Each map consists of
  90           four colon-separate values.  First a character 'u', 'g' or 'b' to
  91           specify whether this map perttains to user ids, group ids, or
  92           both; next the first userid in the user namespace;  next the
  93           first userid as seen on the host;  and finally the number of
  94           ids to be mapped.
  95               -->
  96             ユーザ名前空間内で使うための uid のマッピング．マッピングは，コロンで分けられた 4 つの値から構成されます．
  97             最初の文字は 'u', 'g', 'b' のどれかで，マッピングが UID, GID, UID と GID の両方のうちのどれに関するものなのかを指定します．
  98             次はユーザ名前空間内の最初の ID を指定します．その次はホスト上での最初の ID を指定します．最後はマッピングされる ID の数を指定します．
  99           </para>
 100           <para>
 101             <!--
 102           More than one map can be specified.  If no map is
 103           specified, then by default the full uid and gid ranges granted
 104           by /etc/subuid and /etc/subgid will be mapped to the
 105           uids and gids starting at 0 in the container.
 106               -->
 107             複数回のマッピングを指定することも可能です．もしマッピングを指定しない場合，デフォルトでは /etc/subuid, /etc/subgid で許可された全ての範囲の UID, GID が，コンテナ内の 0 から始まる UID, GID にマッピングされます．
 108           </para>
 109           <para>
 110             <!--
 111           Note that <replaceable>lxc-usernsexec</replaceable> always tries
 112           to setuid and setgid to 0 in the namespace.  Therefore uid 0 in
 113           the namespace must be mapped.
 114               -->
 115             <replaceable>lxc-usernsexec</replaceable> は，常に名前空間内の 0 に setuid, setgid しようとしますので，名前空間内の UID 0 は必ずマッピングしなければいけないことに注意してください．
 116           </para>
 117         </listitem>
 118       </varlistentry>
 119
 120
 121     </variablelist>
 122
 123   </refsect1>
 124
 125   <refsect1>
 126     <title><!-- Examples -->例</title>
 127       <para>
 128         <!--
 129         To spawn a shell with the full allotted subuids mapped into
 130         the container, use
 131         <programlisting>
 132           lxc-usernsexec
 133         </programlisting>
 134         To run a different shell than <replaceable>/bin/sh</replaceable>, use
 135         <programlisting>
 136           lxc-usernsexec &#045;&#045; /bin/bash
 137         </programlisting>
 138         -->
 139         割り当てられた subuid の全てをコンテナ内にマッピングしてシェルを起動するには，
 140         <programlisting>
 141           lxc-usernsexec
 142         </programlisting>
 143         のようにしてください．<replaceable>/bin/sh</replaceable> とは違うシェルを起動する場合，
 144         <programlisting>
 145           lxc-usernsexec -- /bin/bash
 146         </programlisting>
 147         のようにしてください．
 148       </para>
 149       <para>
 150         <!--
 151         If your user id is 1000, root in a container is mapped to 190000, and
 152         you wish to chown a file you own to root in the container, you can use:
 153         <programlisting>
 154           lxc-usernsexec -m b:0:1000:1 -m b:1:190000:1 &#045;&#045; /bin/chown 1:1 $file
 155         </programlisting>
 156         This maps your userid to root in the user namespace, and 190000 to uid 1.
 157         Since root in the user namespace is privileged over all userids mapped
 158         into the namespace, you are allowed to change the file ownership, which
 159         you could not do on the host using a simple chown.
 160         -->
 161         あなたの UID が 1000 で，コンテナ内の root を 190000 にマッピングする場合で，あなたの所有するファイルをコンテナ内の root に chown したい場合は，以下のように実行します．
 162         <programlisting>
 163           lxc-usernsexec -m b:0:1000:1 -m b:1:190000:1 -- /bin/chown 1:1 $file
 164         </programlisting>
 165         これはあなたの UID をユーザ名前空間の root に，190000 を uid 1 にマッピングしています．
 166         ユーザ名前空間内の root は，名前空間内の全ての ID に対して特権があるため，ホスト上で単純に chown を使えない場合でも，あなたはファイルのオーナーを変更する事が可能です．
 167       </para>
 168   </refsect1>
 169
 170   &seealso;
 171
 172   <refsect1>
 173     <title>Author</title>
 174     <para>Serge Hallyn <email>serge.hallyn@ubuntu.com</email></para>
 175   </refsect1>
 176
 177 </refentry>
 178
 179 <!-- Keep this comment at the end of the file
 180 Local variables:
 181 mode: sgml
 182 sgml-omittag:t
 183 sgml-shorttag:t
 184 sgml-minimize-attributes:nil
 185 sgml-always-quote-attributes:t
 186 sgml-indent-step:2
 187 sgml-indent-data:t
 188 sgml-parent-document:nil
 189 sgml-default-dtd-file:nil
 190 sgml-exposed-tags:nil
 191 sgml-local-catalogs:nil
 192 sgml-local-ecat-files:nil
 193 End:
 194 -->