cvs commit: de-docproj/books/handbook/jails chapter.sgml de-docproj/books/handbook/mac chapter.sgml

From: Aron Schlesinger <as(at)doc.bsdgroup.de>
Date: Thu, 23 Aug 2007 03:13:04 GMT

as 2007-08-23 03:13:04 UTC

FreeBSD ports repository

Modified files:
    books/handbook/jails chapter.sgml
    books/handbook/mac chapter.sgml
  Log:
  Aktuelle Jail und MAC -Kapitel vom offiziellen FreeBSD-Repro zum uebersetzen importiert.

  Revision Changes Path
  1.3 +934 -19 de-docproj/books/handbook/jails/chapter.sgml
  1.4 +2078 -9 de-docproj/books/handbook/mac/chapter.sgml

  Index: chapter.sgml
  ===================================================================
  RCS file: /home/cvs/de-docproj/books/handbook/jails/chapter.sgml,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -I$FreeBSDde.*$ -r1.2 -r1.3
  --- chapter.sgml 15 Apr 2007 18:51:46 -0000 1.2
  +++ chapter.sgml 23 Aug 2007 03:13:04 -0000 1.3
  @@ -3,29 +3,944 @@
        The FreeBSD German Documentation Project

        $FreeBSD$
  - $FreeBSDde: de-docproj/books/handbook/jails/chapter.sgml,v 1.2 2007/04/15 18:51:46 jkois Exp $
  - basiert auf:
  + $FreeBSDde: de-docproj/books/handbook/jails/chapter.sgml,v 1.3 2007/08/23 03:13:04 as Exp $
  + basiert auf: 1.13
   -->

   <chapter id="jails">
  + <chapterinfo>
  + <authorgroup>
  + <author>
  + <firstname>Matteo</firstname>
  + <surname>Riondato</surname>
  + <contrib>Contributed by </contrib>
  + </author>
  + </authorgroup>
  + </chapterinfo>

  - <title>Jails (noch nicht übersetzt)</title>
  + <title>Jails</title>

  - <para>Dieses Kapitel ist noch nicht übersetzt.
  - Lesen Sie bitte <ulink
  - url="&url.books.handbook.en;/jails.html">
  - das Original in englischer Sprache</ulink>. Wenn Sie helfen
  - wollen, dieses Kapitel zu übersetzen, senden Sie bitte
  - eine E-Mail an die Mailingliste &a.de.translators;.</para>
  -</chapter>
  + <indexterm><primary>jails</primary></indexterm>

  -
  + <sect1 id="jails-synopsis">
  + <title>Synopsis</title>
  +
  + <para>This chapter will provide an explanation of what &os; jails
  + are and how to use them. Jails, sometimes referred to as an
  + enhanced replacement of <emphasis>chroot environments</emphasis>,
  + are a very powerful tool for system administrators, but their basic
  + usage can also be useful for advanced users.</para>
  +
  + <para>After reading this chapter, you will know:</para>
  +
  + <itemizedlist>
  + <listitem>
  + <para>What a jail is, and what purpose it may serve in &os;
  + installations.</para>
  + </listitem>
  +
  + <listitem>
  + <para>How to build, start, and stop a jail.</para>
  + </listitem>
  +
  + <listitem>
  + <para>The basics of jail administration, both from inside
  + and outside the jail.</para>
  + </listitem>
  + </itemizedlist>
  +
  + <para>Other sources of useful information about jails are:</para>
  +
  + <itemizedlist>
  + <listitem>
  + <para>The &man.jail.8; manual page. This is the full reference
  + of the <command>jail</command> utility — the
  + administrative tool which can be used in &os; to start, stop,
  + and control &os; jails.</para>
  + </listitem>
  +
  + <listitem>
  + <para>The mailing lists and their archives. The archives of the
  + &a.questions; and other mailing lists hosted by the
  + &a.mailman.lists; already contain a wealth of material for
  + jails. It should always be engaging to search the archives,
  + or post a new question to the &a.questions.name; mailing
  + list.</para>
  + </listitem>
  + </itemizedlist>
  +
  + </sect1>
  +
  + <sect1 id="jails-terms">
  + <title>Terms Related to Jails</title>
  +
  + <para>To facilitate better understanding of parts of the &os; system
  + related to jails, their internals and the way they interact with
  + the rest of &os;, the following terms are used further in this
  + chapter:</para>
  +
  + <variablelist>
  + <varlistentry>
  + <term>&man.chroot.2; (command)</term>
  + <listitem>
  + <para>A system call of &os;, which changes the root directory of a
  + process and all its descendants.</para>
  + </listitem>
  + </varlistentry>
  +
  + <varlistentry>
  + <term>&man.chroot.2; (environment)</term>
  + <listitem>
  + <para>The environment of processes running in
  + a <quote>chroot</quote>. This includes resources such as the part
  + of the file system which is visible, user and group IDs which are
  + available, network interfaces and other IPC mechanisms,
  + etc.</para>
  + </listitem>
  + </varlistentry>
  +
  + <varlistentry>
  + <term>&man.jail.8; (command)</term>
  + <listitem>
  + <para>The system administration utility which allows launching of
  + processes within a jail environment.</para>
  + </listitem>
  + </varlistentry>
  +
  + <varlistentry>
  + <term>host (system, process, user, etc.)</term>
  + <listitem>
  + <para>The controlling system of a jail environment. The host system
  + has access to all the hardware resources available, and can
  + control processes both outside of and inside a jail environment.
  + One of the important differences of the host system from a jail is
  + that the limitations which apply to superuser processes inside a
  + jail are not enforced for processes of the host system.</para>
  + </listitem>
  + </varlistentry>
  +
  + <varlistentry>
  + <term>hosted (system, process, user, etc.)</term>
  + <listitem>
  + <para>A process, user or other entity, whose access to resources is
  + restricted by an &os; jail.</para>
  + </listitem>
  + </varlistentry>
  + </variablelist>
  + </sect1>
  +
  + <sect1 id="jails-intro">
  + <title>Introduction</title>
  +
  + <para>Since system administration is a difficult and perplexing
  + task, many powerful tools were developed to make life easier for
  + the administrator. These tools mostly provide enhancements of some sort
  + to the way systems are installed, configured and maintained.
  + Part of the tasks which an administrator is
  + expected to do is to properly configure the security of a system,
  + so that it can continue serving its real purpose, without allowing
  + security violations.</para>
  +
  + <para>One of the tools which can be used to enhance the security of
  + a &os; system are <emphasis>jails</emphasis>. Jails were
  + introduced in &os; 4.X by &a.phk;, but were greatly improved in
  + &os; 5.X to make them a powerful and flexible subsystem. Their
  + development still goes on, enhancing their usefulness, performance, reliability,
  + and security.</para>
  +
  + <sect2 id="jails-what">
  + <title>What is a Jail</title>
  +
  + <para>BSD-like operating systems have had &man.chroot.2; since the
  + time of 4.2BSD. The &man.chroot.8; utility can be used to
  + change the root directory
  + of a set of processes, creating a safe environment, separate
  + from the rest of the system. Processes created in the chrooted
  + environment can not access files or resources outside of it.
  + For that reason, compromising a service running in a chrooted
  + environment should not allow the attacker to compromise the
  + entire system. The &man.chroot.8; utility is good for easy
  + tasks, which do not require a lot of flexibility or complex and
  + advanced features. Since the inception of the
  + chroot concept, however, many ways have been found to escape from a
  + chrooted environment and, although they have been fixed in
  + modern versions of the &os; kernel, it was clear that
  + &man.chroot.2; was not the ideal solution for securing services.
  + A new subsystem had to be implemented.</para>
  +
  + <para>This is one of the main reasons why
  + <emphasis>jails</emphasis> were developed.</para>
  +

----------------------------------------------
Diff block truncated. (Max lines = 200)
----------------------------------------------

To Unsubscribe: send mail to majordomo(at)de.FreeBSD.org
with "unsubscribe de-cvs-doc" in the body of the message
Received on Thu 23 Aug 2007 - 05:14:21 CEST