as 2007-08-23 03:13:04 UTC
FreeBSD ports repository
Modified files:
books/handbook/jails chapter.sgml
books/handbook/mac chapter.sgml
Log:
Aktuelle Jail und MAC -Kapitel vom offiziellen FreeBSD-Repro zum uebersetzen importiert.
Revision Changes Path
1.3 +934 -19 de-docproj/books/handbook/jails/chapter.sgml
1.4 +2078 -9 de-docproj/books/handbook/mac/chapter.sgml
Index: chapter.sgml
===================================================================
RCS file: /home/cvs/de-docproj/books/handbook/jails/chapter.sgml,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -I$FreeBSDde.*$ -r1.2 -r1.3
--- chapter.sgml 15 Apr 2007 18:51:46 -0000 1.2
+++ chapter.sgml 23 Aug 2007 03:13:04 -0000 1.3
@@ -3,29 +3,944 @@
The FreeBSD German Documentation Project
$FreeBSD$
- $FreeBSDde: de-docproj/books/handbook/jails/chapter.sgml,v 1.2 2007/04/15 18:51:46 jkois Exp $
- basiert auf:
+ $FreeBSDde: de-docproj/books/handbook/jails/chapter.sgml,v 1.3 2007/08/23 03:13:04 as Exp $
+ basiert auf: 1.13
-->
<chapter id="jails">
+ <chapterinfo>
+ <authorgroup>
+ <author>
+ <firstname>Matteo</firstname>
+ <surname>Riondato</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </chapterinfo>
- <title>Jails (noch nicht übersetzt)</title>
+ <title>Jails</title>
- <para>Dieses Kapitel ist noch nicht übersetzt.
- Lesen Sie bitte <ulink
- url="&url.books.handbook.en;/jails.html">
- das Original in englischer Sprache</ulink>. Wenn Sie helfen
- wollen, dieses Kapitel zu übersetzen, senden Sie bitte
- eine E-Mail an die Mailingliste &a.de.translators;.</para>
-</chapter>
+ <indexterm><primary>jails</primary></indexterm>
-<!--
- Local Variables:
- mode: sgml
- sgml-declaration: "../chapter.decl"
- sgml-indent-data: t
- sgml-omittag: nil
- sgml-always-quote-attributes: t
- sgml-parent-document: ("../book.sgml" "part" "chapter")
- End:
--->
+ <sect1 id="jails-synopsis">
+ <title>Synopsis</title>
+
+ <para>This chapter will provide an explanation of what &os; jails
+ are and how to use them. Jails, sometimes referred to as an
+ enhanced replacement of <emphasis>chroot environments</emphasis>,
+ are a very powerful tool for system administrators, but their basic
+ usage can also be useful for advanced users.</para>
+
+ <para>After reading this chapter, you will know:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>What a jail is, and what purpose it may serve in &os;
+ installations.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to build, start, and stop a jail.</para>
+ </listitem>
+
+ <listitem>
+ <para>The basics of jail administration, both from inside
+ and outside the jail.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Other sources of useful information about jails are:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The &man.jail.8; manual page. This is the full reference
+ of the <command>jail</command> utility — the
+ administrative tool which can be used in &os; to start, stop,
+ and control &os; jails.</para>
+ </listitem>
+
+ <listitem>
+ <para>The mailing lists and their archives. The archives of the
+ &a.questions; and other mailing lists hosted by the
+ &a.mailman.lists; already contain a wealth of material for
+ jails. It should always be engaging to search the archives,
+ or post a new question to the &a.questions.name; mailing
+ list.</para>
+ </listitem>
+ </itemizedlist>
+
+ </sect1>
+
+ <sect1 id="jails-terms">
+ <title>Terms Related to Jails</title>
+
+ <para>To facilitate better understanding of parts of the &os; system
+ related to jails, their internals and the way they interact with
+ the rest of &os;, the following terms are used further in this
+ chapter:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>&man.chroot.2; (command)</term>
+ <listitem>
+ <para>A system call of &os;, which changes the root directory of a
+ process and all its descendants.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&man.chroot.2; (environment)</term>
+ <listitem>
+ <para>The environment of processes running in
+ a <quote>chroot</quote>. This includes resources such as the part
+ of the file system which is visible, user and group IDs which are
+ available, network interfaces and other IPC mechanisms,
+ etc.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&man.jail.8; (command)</term>
+ <listitem>
+ <para>The system administration utility which allows launching of
+ processes within a jail environment.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>host (system, process, user, etc.)</term>
+ <listitem>
+ <para>The controlling system of a jail environment. The host system
+ has access to all the hardware resources available, and can
+ control processes both outside of and inside a jail environment.
+ One of the important differences of the host system from a jail is
+ that the limitations which apply to superuser processes inside a
+ jail are not enforced for processes of the host system.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>hosted (system, process, user, etc.)</term>
+ <listitem>
+ <para>A process, user or other entity, whose access to resources is
+ restricted by an &os; jail.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </sect1>
+
+ <sect1 id="jails-intro">
+ <title>Introduction</title>
+
+ <para>Since system administration is a difficult and perplexing
+ task, many powerful tools were developed to make life easier for
+ the administrator. These tools mostly provide enhancements of some sort
+ to the way systems are installed, configured and maintained.
+ Part of the tasks which an administrator is
+ expected to do is to properly configure the security of a system,
+ so that it can continue serving its real purpose, without allowing
+ security violations.</para>
+
+ <para>One of the tools which can be used to enhance the security of
+ a &os; system are <emphasis>jails</emphasis>. Jails were
+ introduced in &os; 4.X by &a.phk;, but were greatly improved in
+ &os; 5.X to make them a powerful and flexible subsystem. Their
+ development still goes on, enhancing their usefulness, performance, reliability,
+ and security.</para>
+
+ <sect2 id="jails-what">
+ <title>What is a Jail</title>
+
+ <para>BSD-like operating systems have had &man.chroot.2; since the
+ time of 4.2BSD. The &man.chroot.8; utility can be used to
+ change the root directory
+ of a set of processes, creating a safe environment, separate
+ from the rest of the system. Processes created in the chrooted
+ environment can not access files or resources outside of it.
+ For that reason, compromising a service running in a chrooted
+ environment should not allow the attacker to compromise the
+ entire system. The &man.chroot.8; utility is good for easy
+ tasks, which do not require a lot of flexibility or complex and
+ advanced features. Since the inception of the
+ chroot concept, however, many ways have been found to escape from a
+ chrooted environment and, although they have been fixed in
+ modern versions of the &os; kernel, it was clear that
+ &man.chroot.2; was not the ideal solution for securing services.
+ A new subsystem had to be implemented.</para>
+
+ <para>This is one of the main reasons why
+ <emphasis>jails</emphasis> were developed.</para>
+
----------------------------------------------
Diff block truncated. (Max lines = 200)
----------------------------------------------
To Unsubscribe: send mail to majordomo(at)de.FreeBSD.org
with "unsubscribe de-cvs-doc" in the body of the message
Received on Thu 23 Aug 2007 - 05:14:21 CEST