From owner-doc-jp-work@jp.FreeBSD.org Mon Jul 18 18:47:45 2005
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id j6I9ljW38172;
	Mon, 18 Jul 2005 18:47:45 +0900 (JST)
	(envelope-from owner-doc-jp-work@jp.FreeBSD.org)
Received: from wasley.bl.mmtr.or.jp (wasley.bl.mmtr.or.jp [210.228.173.142])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with SMTP/inet id j6I9leh38153
	for <doc-jp-work@jp.FreeBSD.org>; Mon, 18 Jul 2005 18:47:42 +0900 (JST)
	(envelope-from rushani@bl.mmtr.or.jp)
Received: (qmail 18434 invoked from network); 18 Jul 2005 18:47:38 +0900
Received: from unknown (HELO localhost) (202.229.143.11)
  by wasley.bl.mmtr.or.jp with SMTP; 18 Jul 2005 18:47:38 +0900
Message-Id: <20050718.184731.112573378.rushani@bl.mmtr.or.jp>
To: doc-jp-work@jp.FreeBSD.org
From: Hideyuki KURASHINA <rushani@bl.mmtr.or.jp>
In-Reply-To: <86hdevchr1.wl%hiroo@oikumene.gcd.org>
References: <86r7ejg7dp.wl%hiroo@oikumene.gcd.org>
	<20050709.021121.55435463.rushani@bl.mmtr.or.jp>
	<86hdevchr1.wl%hiroo@oikumene.gcd.org>
X-URL: http://www.rushani.jp/
X-PGP-Public-Key: http://www.rushani.jp/rushani.asc
X-PGP-Fingerprint: A052 6F98 6146 6FE3 91E2  DA6B F2FA 2088 439A DC57
X-RC5-72-Stats: http://stats.distributed.net/participant/psummary.php?project_id=8&id=432320
X-Mailer: Mew version 4.2.53 on Emacs 21.3 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: doc-jp-work@jp.FreeBSD.org
Precedence: list
Date: Mon, 18 Jul 2005 18:47:31 +0900
X-Sequence: doc-jp-work 1193
Subject: [doc-jp-work 1193] Re: relnotes for 6.0R
Sender: owner-doc-jp-work@jp.FreeBSD.org
X-Originator: rushani@bl.mmtr.or.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+050320

$BARIJ$G$9!#(B

>>> On Sat, 16 Jul 2005 16:49:54 +0900, Hiroo Ono <hiroo@oikumene.gcd.org> said:

> $B>.Ln42@8$G$9!#(B

$B::FI$7$F$$$?$@$$$F$"$j$,$H$&$4$6$$$^$9!#(B

$BFC$K%3%a%s%H$7$F$$$J$$ItJ,$O>.Ln$5$s$,::FI$7$F$/$@$5$C$?$h$&$K(B
$BJQ99$9$k$N$,$h$$$H;W$$$^$9!#(B

> +    <para>The &man.jail.8; feature now supports a new sysctl
> +      <varname>security.jail.chflags_allowed</varname>, which controls the
> +      behavior of &man.chflags.1; within a jail.
> +      If set to <literal>0</literal> (the default), then a jailed <username>root</username> user is
> +      treated as an unprivileged user; if set to <literal>1</literal>, then
> +      a jailed root user is treated the same as an unjailed <username>root</username> user.  &merged;</para>
> 
> > +    <para>&man.jail.8; $BFb$G$N(B &man.chflags.1; $B$N5sF0$r@)8f$9$k(B sysctl $BJQ?t(B
> > +      <varname>security.jail.chflags_allowed</varname> $B$,DI2C$5$l$^$7$?!#(B
> > +      $B$3$NJQ?t$NCM$,(B <literal>0</literal> ($B=i4|CM(B) $B$G$"$l$P!"(Bjail $BFb$G$O(B
> > +      <username>root</username> $B$G$"$C$F$b%U%i%0$rJQ99$G$-$^$;$s!#(B
> 
> $B$3$NJQ?t$NCM$,(B <literal>0</literal> ($B=i4|CM(B) $B$G$"$l$P!"(Bjail $BFb$G$O(B
> <username>root</username> $B%f!<%6$OFC8"$r$b$?$J$$%f!<%6$H$7$F07$o$l!"(B
> $B%U%i%0$rJQ99$G$-$^$;$s!#(B

$B%U%!%$%k$N%U%i%0JQ99$OFC8"$N0l$D$G$"$C$F$9$Y$F$8$c$J$$$H;W$C$?$N$G(B
$B0U?^E*$K!VFC8"!W$H$$$&8@MU$r;H$o$J$+$C$?$N$G$7$?!#(B

$BFC8"$H$$$&8@MU$r;H$&$J$i!"8D?ME*$K$O(B

  $B$3$NJQ?t$NCM$,(B <literal>0</literal> ($B=i4|CM(B) $B$G$"$l$P!"(Bjail $BFb$G$O(B
  <username>root</username> $B%f!<%6$O%U%i%0$rJQ99$9$kFC8"$,M?$($i$l$^$;$s!#(B

$B$H$9$k$N$,$$$$$+$J$H;W$&$N$G$9$,!"$I$&$G$7$g$&!#(B


> +	    <entry>Show only mount-points below jail's chroot and show only part of the
> +	      mount-point's path (for example, if the jail's chroot directory is
> +	      <filename>/jails/foo</filename> and
> +	      mount-point is
> +	      <filename>/jails/foo/usr/home</filename>,
> +	      only <filename>/usr/home</filename> will be shown).</entry>
> > +	    <entry>jail $B$N(B chroot $B%G%#%l%/%H%j$r@_CV$7$?%^%&%s%H%]%$%s%H$H!"(B
>                                                                         $B$N(B
> > +	      $B$=$N%G%#%l%/%H%j0J2<$N%^%&%s%H%]%$%s%H$N%Q%9(B
> > +	      ($B$?$H$($P!"(Bjail $B$N(B chroot $B%G%#%l%/%H%j$,(B
> > +	      <filename>/jails/foo</filename> $B$G(B
> > +	      $B%^%&%s%H%]%$%s%H$,(B
> > +	      <filename>/jails/foo/usr/home</filename> $B$J$i!"(B
> > +	      <filename>/usr/home</filename>) $B$N$_$rI=<($7$^$9!#(B</entry>

$B!V%^%&%s%H%]%$%s%H$H!"!W$r!V%^%&%s%H%]%$%s%H$N!W$KJQ$($k0UL#$r(B
$B65$($F$$$?$@$1$J$$$G$7$g$&$+!#(B

$B$3$3$N86J8$,J,$+$j$E$i$+$C$?$N$G!"(B jail $B$N30$G(B md $B%G%#%9%/$r:n$C$F(B
jail $B$N(B /tmp $B$K%^%&%s%H$7$F;n$7$?$N$G$9$,!"(Bsecurity.jail.enforce_statfs $B$,(B
1 $B$N$H$-$O(B

  # mount
  /dev/ad0s1g on / (ufs, local, soft-updates)
  devfs on /dev (devfs, local)
  /dev/md0c on /tmp (ufs, local)

$B$HI=<($5$l$k$N$G!"(B

  o jail $B$N(B chroot $B%G%#%l%/%H%j$r@_CV$7$?%^%&%s%H%]%$%s%H(B
  o $B$=$N%G%#%l%/%H%j0J2<$N%^%&%s%H%]%$%s%H$N%Q%9(B

$B$,=P$F$/$k$h!"$H$$$&0UL#$@$H9M$($^$7$?!#(B

$B$A$J$_$K!"(Bsecurity.jail.enforce_statfs $B$,(B 2

> > +	    <entry>jail $B$N(B chroot $B%G%#%l%/%H%j$r@_CV$7$?(B
> > +	      $B%^%&%s%H%]%$%s%H$N$_$rI=<($7$^$9!#(B</entry>

$B$N$H$-$O(B

  # mount
  /dev/ad0s1g on / (ufs, local, soft-updates)

$B$H=P$^$9!#(B

# $B4*0c$$$7$F$?$i$4$a$s$J$5$$!#(B

-- rushani
