tree-wide: replace problematic terminology

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This commit is contained in:
Christian Brauner 2021-06-14 17:21:44 +02:00
parent 4f6c7312ef
commit f48e807159
No known key found for this signature in database
GPG Key ID: 8EB056D53EECB12D
9 changed files with 9 additions and 9 deletions

View File

@ -91,7 +91,7 @@ by KATOH Yasufumi <karma at jazz.email.ne.jp>
<!--
It will consult the configuration file <filename>@LXC_USERNIC_CONF@</filename>
to determine the number of interfaces which the calling user is allowed to
create, and which bridge he may attach them to. It tracks the
create, and which bridge they may attach them to. It tracks the
number of interfaces each user has created using the file
<filename>@LXC_USERNIC_DB@</filename>. It ensures that the calling
user is privileged over the network namespace to which the interface

View File

@ -1487,7 +1487,7 @@ by KATOH Yasufumi <karma at jazz.email.ne.jp>
the container at some <filename>path</filename>, and then mounts
under <filename>path</filename>, then a TOCTTOU attack would be
possible where the container user modifies a symbolic link under
his home directory at just the right time.
their home directory at just the right time.
-->
注意: 通常 LXC は、マウント対象と相対パス指定のバインドマウントを、適切にコンテナルート以下に閉じ込めます。
これは、ホストのディレクトリやファイルに対して重ね合わせを行うようなマウントによる攻撃を防ぎます。(絶対パス指定のマウントソース中の各パスがシンボリックリンクである場合は無視されます。)

View File

@ -76,7 +76,7 @@ by Sungbae Yoo <sungbae.yoo at samsung.com>
<!--
It will consult the configuration file <filename>@LXC_USERNIC_CONF@</filename>
to determine the number of interfaces which the calling user is allowed to
create, and which bridge he may attach them to. It tracks the
create, and which bridge they may attach them to. It tracks the
number of interfaces each user has created using the file
<filename>@LXC_USERNIC_DB@</filename>. It ensures that the calling
user is privileged over the network namespace to which the interface

View File

@ -1060,7 +1060,7 @@ by Sungbae Yoo <sungbae.yoo at samsung.com>
the container at some <filename>path</filename>, and then mounts
under <filename>path</filename>, then a TOCTTOU attack would be
possible where the container user modifies a symbolic link under
his home directory at just the right time.
their home directory at just the right time.
-->
주의 - 보통 LXC는 마운트 대상과 상대 경로로 된 바인드 마운트 소스들이 컨테이너의 루트 아래에 있도록 보장할 것이다. 이는 호스트 디렉토리와 파일들을 겹쳐서 마운트하는 유형의 공격을 피하기 위한 것이다. (절대 경로로 된 마운트 소스 내에 존재하는 심볼릭 링크들은 무시될 것이다.)
하지만, 만약 컨테이너 설정에서 컨테이너 사용자가 제어할 수 있는, 예를 들어 /home/joe와 같은 디렉토리를 컨테이너 내의 <filename>path</filename>에 먼저 마운트 하고 나서, <filename>path</filename> 내에 또 마운트를 하는 경우가 있다면,

View File

@ -755,7 +755,7 @@ rootfs
state change and exit. This is useful for scripting to
synchronize the launch of a container or the end. The
parameter is an ORed combination of different states. The
following example shows how to wait for a container if he went
following example shows how to wait for a container if they went
to the background.
<programlisting>

View File

@ -81,7 +81,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
<para>
It will consult the configuration file <filename>@LXC_USERNIC_CONF@</filename>
to determine the number of interfaces which the calling user is allowed to
create, and which bridge he may attach them to. It tracks the
create, and which bridge they may attach them to. It tracks the
number of interfaces each user has created using the file
<filename>@LXC_USERNIC_DB@</filename>. It ensures that the calling
user is privileged over the network namespace to which the interface

View File

@ -1125,7 +1125,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
the container at some <filename>path</filename>, and then mounts
under <filename>path</filename>, then a TOCTTOU attack would be
possible where the container user modifies a symbolic link under
his home directory at just the right time.
their home directory at just the right time.
</para>
<variablelist>
<varlistentry>

View File

@ -3411,7 +3411,7 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
}
/* Check if we really need to use newuidmap and newgidmap.
* If the user is only remapping his own {g,u}id, we don't need it.
* If the user is only remapping their own {g,u}id, we don't need it.
*/
if (use_shadow && lxc_list_len(idmap) == 2) {
use_shadow = false;

View File

@ -251,7 +251,7 @@ static int lxc_terminal_write_log_file(struct lxc_terminal *terminal, char *buf,
/* This isn't a regular file. so rotating the file seems a
* dangerous thing to do, size limits are also very
* questionable. Let's not risk anything and tell the user that
* he's requesting us to do weird stuff.
* they're requesting us to do weird stuff.
*/
if (terminal->log_rotate > 0 || terminal->log_size > 0)
return -EINVAL;