From owner-doc-jp-work@jp.FreeBSD.org Sat Jul 16 16:59:00 2005
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id j6G7x0B48758;
	Sat, 16 Jul 2005 16:59:00 +0900 (JST)
	(envelope-from owner-doc-jp-work@jp.FreeBSD.org)
Received: from smtp2.inetd.co.jp (smtp2.inetd.co.jp [211.13.220.139])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet id j6G7wxh48753
	for <doc-jp-work@jp.FreeBSD.org>; Sat, 16 Jul 2005 16:58:59 +0900 (JST)
	(envelope-from hiroo@oikumene.gcd.org)
Received: from chrysanthe.oikumene.gcd.org (206.162.192.61.tokyo.global.alpha-net.ne.jp [61.192.162.206])
	by smtp2.inetd.co.jp (Postfix) with ESMTP id AFD32C4EB3
	for <doc-jp-work@jp.FreeBSD.org>; Sat, 16 Jul 2005 16:58:50 +0900 (JST)
Received: from jezebel.oikumene.gcd.org (jezebel.oikumene.gcd.org [192.168.0.20])
	(authenticated bits=0)
	by chrysanthe.oikumene.gcd.org (8.13.3/8.13.3) with ESMTP id j6G7o1Fs037073
	for <doc-jp-work@jp.FreeBSD.org>; Sat, 16 Jul 2005 16:50:01 +0900 (JST)
	(envelope-from hiroo@oikumene.gcd.org)
Message-ID: <86hdevchr1.wl%hiroo@oikumene.gcd.org>
From: Hiroo Ono <hiroo@oikumene.gcd.org>
To: doc-jp-work@jp.FreeBSD.org
In-Reply-To: <20050709.021121.55435463.rushani@bl.mmtr.or.jp>
References: <20050701.000858.112566285.rushani@bl.mmtr.or.jp>
	<86r7ejg7dp.wl%hiroo@oikumene.gcd.org>
	<20050709.021121.55435463.rushani@bl.mmtr.or.jp>
User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.7
 (=?ISO-8859-4?Q?Sanj=F2?=) APEL/10.6 Emacs/21.3 (i386--freebsd) MULE/5.0
 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=ISO-2022-JP
Reply-To: doc-jp-work@jp.FreeBSD.org
Precedence: list
Date: Sat, 16 Jul 2005 16:49:54 +0900
X-Sequence: doc-jp-work 1189
Subject: [doc-jp-work 1189] Re: relnotes for 6.0R
Sender: owner-doc-jp-work@jp.FreeBSD.org
X-Originator: hiroo@oikumene.gcd.org
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+050320

$B>.Ln42@8$G$9!#(B

At Sat, 09 Jul 2005 02:11:21 +0900,
Hideyuki KURASHINA wrote:
> $B$H$$$&$3$H$G!">e$+$i$d$C$F$_$^$7$?(B ($B$=$N(B3)$B!#(B

$B$"$j$,$H$&$4$6$$$^$9!#(B

> --- new.sgml.tmp	Sat Jul  9 02:03:15 2005
> +++ new.sgml	Sat Jul  9 02:03:29 2005
> @@ -253,90 +253,149 @@
>    <sect2 id="kernel">
>      <title>$B%+!<%M%k$NJQ99E@(B</title>

$ $B>/$7D>Lu@.J,$rA}$d$7$F$_$^$7$?!"$$$+$,$G$7$g$&$+!#(B

+    <para>The &man.jail.8; feature now supports a new sysctl
+      <varname>security.jail.chflags_allowed</varname>, which controls the
+      behavior of &man.chflags.1; within a jail.
+      If set to <literal>0</literal> (the default), then a jailed <username>root</username> user is
+      treated as an unprivileged user; if set to <literal>1</literal>, then
+      a jailed root user is treated the same as an unjailed <username>root</username> user.  &merged;</para>

> +    <para>&man.jail.8; $BFb$G$N(B &man.chflags.1; $B$N5sF0$r@)8f$9$k(B sysctl $BJQ?t(B
> +      <varname>security.jail.chflags_allowed</varname> $B$,DI2C$5$l$^$7$?!#(B
> +      $B$3$NJQ?t$NCM$,(B <literal>0</literal> ($B=i4|CM(B) $B$G$"$l$P!"(Bjail $BFb$G$O(B
> +      <username>root</username> $B$G$"$C$F$b%U%i%0$rJQ99$G$-$^$;$s!#(B

$B$3$NJQ?t$NCM$,(B <literal>0</literal> ($B=i4|CM(B) $B$G$"$l$P!"(Bjail $BFb$G$O(B
<username>root</username> $B%f!<%6$OFC8"$r$b$?$J$$%f!<%6$H$7$F07$o$l!"(B
$B%U%i%0$rJQ99$G$-$^$;$s!#(B

> +      $BCM$r(B <literal>1</literal> $B$K@_Dj$9$k$H!"(Bjail $BFb$G$b(B
> +      <username>root</username> $B$O%U%i%0$rJQ99$G$-$k$h$&$K$J$j$^$9!#(B
> +      &merged;</para>

$BCM$r(B <literal>1</literal> $B$K@_Dj$9$k$H!"(B<username>root</username> $B$O(B
jail $B$N30$HF1$807$$$K$J$j!"(Bjail $BFb$G$b%U%i%0$rJQ99$G$-$k$h$&$K$J$j$^$9!#(B
&merged;</para>

+	    <entry>Show all mount-points without any restrictions.</entry>
> +	    <entry>$B%^%&%s%H%]%$%s%H$r$9$Y$FI=<($7$^$9!#(B</entry>

<entry>$B@)8B$r@_$1$:!"%^%&%s%H%]%$%s%H$r$9$Y$FI=<($7$^$9!#(B</entry>

+	    <entry>Show only mount-points below jail's chroot and show only part of the
+	      mount-point's path (for example, if the jail's chroot directory is
+	      <filename>/jails/foo</filename> and
+	      mount-point is
+	      <filename>/jails/foo/usr/home</filename>,
+	      only <filename>/usr/home</filename> will be shown).</entry>
> +	    <entry>jail $B$N(B chroot $B%G%#%l%/%H%j$r@_CV$7$?%^%&%s%H%]%$%s%H$H!"(B
                                                                        $B$N(B
> +	      $B$=$N%G%#%l%/%H%j0J2<$N%^%&%s%H%]%$%s%H$N%Q%9(B
> +	      ($B$?$H$($P!"(Bjail $B$N(B chroot $B%G%#%l%/%H%j$,(B
> +	      <filename>/jails/foo</filename> $B$G(B
> +	      $B%^%&%s%H%]%$%s%H$,(B
> +	      <filename>/jails/foo/usr/home</filename> $B$J$i!"(B
> +	      <filename>/usr/home</filename>) $B$N$_$rI=<($7$^$9!#(B</entry>


> +	    <entry>jail $B$N(B chroot $B%G%#%l%/%H%j$r@_CV$7$?(B
> +	      $B%^%&%s%H%]%$%s%H$N$_$rI=<($7$^$9!#(B</entry>

$ $BLu$H$O4X78$J$$$G$9$,!"(B1 $B$H(B 2 $B$OF~$l49$($?J}$,$h$+$C$?$s$8$c$J$$$+(B
$ $B$H$$$&5$$,$7$^$7$?!#(B

+    <para>Fine-grained locking to allow much of the VFS stack to run
+      without the Giant lock has been added.  This is enabled by default
+      on the alpha, amd64, and i386 architectures, and can be disabled
+      by setting the loader tunable (and sysctl variable)
+      <varname>debug.mpsafevfs</varname> to
+      <literal>0</literal>.</para>
> +    <para>$B:YN3EY$N%m%C%/$,(B VFS $B%9%?%C%/$KDI2C$5$l!"%U%!%$%k%7%9%F%`$,(B
                                                                      $B$NBgItJ,$,(B
> +      $B%8%c%$%"%s%H%m%C%/(B (Giant lock) $B$J$7$KF0:n$9$k$h$&$K$J$j$^$7$?!#(B
> +      $B$3$l$O!"(Balpha, amd64 $B$*$h$S(B
> +      i386 $B%"!<%-%F%/%A%c$G$O=i4|@_Dj$GM-8z$K$J$C$F$$$^$9!#(B
> +      $BL58z$K$9$k$K$O!"%m!<%@$GD4@02DG=$JJQ?t(B ($B$*$h$S(B sysctl $BJQ?t(B)
> +      <varname>debug.mpsafevfs</varname>
> +      $B$r(B <literal>0</literal> $B$K@_Dj$7$F$/$@$5$$!#(B</para>

+    <para>System V IPC objects (message queues, semaphores, and shared
+      memory) now have support for Mandatory Access Control policies,
+      notably &man.mac.biba.4;, &man.mac.mls.4;, &man.mac.stub.4;, and
+      &man.mac.test.4;.</para>
> +    <para>System V IPC $B%*%V%8%'%/%H(B
> +      ($B%a%C%;!<%8%-%e!<!"%;%^%U%)$*$h$S6&M-%a%b%j(B)
> +      $B$,6/@)%"%/%;%9%3%s%H%m!<%k(B (MAC) $B%]%j%7!"(B
> +      $BFC$K(B &man.mac.biba.4;, &man.mac.mls.4;, &man.mac.stub.4; $B$*$h$S(B
     $B$J$+$G$b(B
> +      &man.mac.test.4; $B$KBP1~$7$^$7$?!#(B</para>

$ $B>e5-$O$J$s$H$J$/$J$N$G!":#$N$^$^$G$b$h$$$H;W$$$^$9!#(B

+    <para arch="i386">Memory allocation for legacy PCI bridges has
+      been limited to the top 32MB of RAM.  Many older, legacy bridges
+      only allow allocation from this range.  This change only applies
+      to devices which do not have their memory assigned by the BIOS.
+      This change fixes the <quote>bad Vcc</quote> error of CardBus
+      bridges (&man.pccbb.4;). &merged;</para>
> +    <para arch="i386">$B%l%,%7!<(B PCI $B%V%j%C%8$X$N%a%b%j$N3d$jEv$F$,(B
> +      RAM $B$N@hF,(B 32MB $B$^$G$K8BDj$5$l$^$7$?!#(B
> +      $B=i4|$N(B PCI $B%V%j%C%8$NB?$/$O(B
> +      $B%a%b%j$N3d$jEv$F$r$3$NHO0O$+$i$7$+$G$-$J$$$+$i$G$9!#(B
         $B$3$NHO0O$+$i$7$+%a%b%j$r3d$jEv$F$i$l$J$$$+$i$G$9!#(B

> +      $B$3$NJQ99$,E,MQ$5$l$k$N$O(B
> +      BIOS $B$K$h$C$F%a%b%j$,3d$jEv$F$i$l$J$$%G%P%$%9$G$"$j!"(B
> +      CardBus $B%V%j%C%8(B (&man.pccbb.4;) $B$N(B
> +      <quote>bad Vcc</quote> $B$H$$$&%(%i!<$r=$@5$7$^$9!#(B
> +      &merged;</para>
