Merge pull request #31979 from tengqm/zh-glossary-userns

k8s-ci-robot · web-flow · commit 2cb30790dd0c · 2022-03-02T07:09:14.000-08:00
[zh] Add glossary userns
diff --git a/content/zh/docs/reference/glossary/userns.md b/content/zh/docs/reference/glossary/userns.md
@@ -0,0 +1,56 @@
+---
+title: 用户名字空间
+id: userns
+date: 2021-07-13
+full_link: https://man7.org/linux/man-pages/man7/user_namespaces.7.html
+short_description: >
+  一种为非特权用户模拟超级用户特权的 Linux 内核功能特性。
+
+aka:
+tags:
+- security
+---
+
+<!--
+title: user namespace
+id: userns
+date: 2021-07-13
+full_link: https://man7.org/linux/man-pages/man7/user_namespaces.7.html
+short_description: >
+  A Linux kernel feature to emulate superuser privilege for unprivileged users.
+
+aka:
+tags:
+- security
+-->
+
+<!--
+A kernel feature to emulate root. Used for "rootless containers".
+-->
+用来模拟 root 用户的内核功能特性。用来支持“Rootless 容器”。
+
+<!--more-->
+
+<!--
+User namespaces are a Linux kernel feature that allows a non-root user to
+emulate superuser ("root") privileges,
+for example in order to run containers without being a superuser outside the container.
+-->
+用户名字空间（User Namespace）是一种 Linux 内核功能特性，允许非 root 用户
+模拟超级用户（"root"）的特权，例如用来运行容器却不必成为容器之外的超级用户。
+
+<!--
+User namespace is effective for mitigating damage of potential container break-out attacks.
+-->
+用户名字空间对于缓解因潜在的容器逃逸攻击而言是有效的。
+
+<!--
+In the context of user namespaces, the namespace is a Linux kernel feature, and not a
+{{< glossary_tooltip text="namespace" term_id="namespace" >}} in the Kubernetes sense
+of the term.
+-->
+在用户名字空间语境中，名字空间是 Linux 内核的功能特性而不是 Kubernetes 意义上的
+{{< glossary_tooltip text="名字空间" term_id="namespace" >}}概念。
+
+<!-- TODO: https://kinvolk.io/blog/2020/12/improving-kubernetes-and-container-security-with-user-namespaces/ -->
+
