msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2012-05-28 07:16+0900\n"
-"PO-Revision-Date: 2012-05-31 07:37+0900\n"
+"POT-Creation-Date: 2015-01-11 04:00+0900\n"
+"PO-Revision-Date: 2015-01-11 18:45+0900\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Language: \n"
"Content-Transfer-Encoding: 8bit\n"
#. type: TH
-#: build/C/man2/acct.2:32 build/C/man5/acct.5:23
+#: build/C/man2/acct.2:31 build/C/man5/acct.5:25
#, no-wrap
msgid "ACCT"
msgstr "ACCT"
#. type: TH
-#: build/C/man2/acct.2:32
+#: build/C/man2/acct.2:31
#, no-wrap
msgid "2008-06-16"
msgstr "2008-06-16"
#. type: TH
-#: build/C/man2/acct.2:32 build/C/man5/acct.5:23
-#: build/C/man7/capabilities.7:46 build/C/man2/capget.2:11
-#: build/C/man7/cpuset.7:24 build/C/man7/credentials.7:25
+#: build/C/man2/acct.2:31 build/C/man5/acct.5:25
+#: build/C/man7/capabilities.7:48 build/C/man2/capget.2:15
+#: build/C/man7/cpuset.7:25 build/C/man7/credentials.7:27
#: build/C/man2/getgid.2:25 build/C/man2/getgroups.2:31
-#: build/C/man2/getpid.2:23 build/C/man2/getpriority.2:46
-#: build/C/man2/getresuid.2:27 build/C/man2/getrlimit.2:64
-#: build/C/man2/getrusage.2:39 build/C/man2/getsid.2:25
+#: build/C/man2/getpid.2:25 build/C/man2/getpriority.2:45
+#: build/C/man2/getresuid.2:28 build/C/man2/getrlimit.2:64
+#: build/C/man2/getrusage.2:39 build/C/man2/getsid.2:26
#: build/C/man2/getuid.2:26 build/C/man2/iopl.2:33
-#: build/C/man2/ioprio_set.2:25 build/C/man2/ipc.2:26
-#: build/C/man2/seteuid.2:27 build/C/man2/setfsgid.2:29
-#: build/C/man2/setfsuid.2:29 build/C/man2/setgid.2:27
-#: build/C/man2/setpgid.2:46 build/C/man2/setresuid.2:26
-#: build/C/man2/setreuid.2:43 build/C/man2/setsid.2:29
-#: build/C/man2/setuid.2:28 build/C/man7/svipc.7:25 build/C/man3/ulimit.3:27
+#: build/C/man2/ioprio_set.2:24 build/C/man2/ipc.2:25
+#: build/C/man7/namespaces.7:27 build/C/man7/pid_namespaces.7:27
+#: build/C/man2/seteuid.2:29 build/C/man2/setfsgid.2:31
+#: build/C/man2/setfsuid.2:31 build/C/man2/setgid.2:29
+#: build/C/man2/setpgid.2:48 build/C/man2/setresuid.2:26
+#: build/C/man2/setreuid.2:45 build/C/man2/setsid.2:31
+#: build/C/man2/setuid.2:30 build/C/man7/svipc.7:40 build/C/man3/ulimit.3:27
+#: build/C/man7/user_namespaces.7:27 build/C/man2/seccomp.2:27
#, no-wrap
msgid "Linux"
msgstr "Linux"
#. type: TH
-#: build/C/man2/acct.2:32 build/C/man5/acct.5:23
-#: build/C/man7/capabilities.7:46 build/C/man2/capget.2:11
-#: build/C/man7/cpuset.7:24 build/C/man7/credentials.7:25
+#: build/C/man2/acct.2:31 build/C/man5/acct.5:25
+#: build/C/man7/capabilities.7:48 build/C/man2/capget.2:15
+#: build/C/man7/cpuset.7:25 build/C/man7/credentials.7:27
#: build/C/man2/getgid.2:25 build/C/man2/getgroups.2:31
-#: build/C/man2/getpid.2:23 build/C/man2/getpriority.2:46
-#: build/C/man2/getresuid.2:27 build/C/man2/getrlimit.2:64
-#: build/C/man2/getrusage.2:39 build/C/man2/getsid.2:25
-#: build/C/man2/getuid.2:26 build/C/man2/iopl.2:33
-#: build/C/man2/ioprio_set.2:25 build/C/man2/ipc.2:26
-#: build/C/man2/seteuid.2:27 build/C/man2/setfsgid.2:29
-#: build/C/man2/setfsuid.2:29 build/C/man2/setgid.2:27
-#: build/C/man2/setpgid.2:46 build/C/man2/setresuid.2:26
-#: build/C/man2/setreuid.2:43 build/C/man2/setsid.2:29
-#: build/C/man2/setuid.2:28 build/C/man7/svipc.7:25 build/C/man3/ulimit.3:27
+#: build/C/man2/getpid.2:25 build/C/man2/getpriority.2:45
+#: build/C/man2/getresuid.2:28 build/C/man2/getrlimit.2:64
+#: build/C/man2/getrusage.2:39 build/C/man2/getsid.2:26
+#: build/C/man2/getuid.2:26 build/C/man3/group_member.3:25
+#: build/C/man2/iopl.2:33 build/C/man2/ioprio_set.2:24 build/C/man2/ipc.2:25
+#: build/C/man7/namespaces.7:27 build/C/man7/pid_namespaces.7:27
+#: build/C/man2/seteuid.2:29 build/C/man2/setfsgid.2:31
+#: build/C/man2/setfsuid.2:31 build/C/man2/setgid.2:29
+#: build/C/man2/setpgid.2:48 build/C/man2/setresuid.2:26
+#: build/C/man2/setreuid.2:45 build/C/man2/setsid.2:31
+#: build/C/man2/setuid.2:30 build/C/man7/svipc.7:40 build/C/man3/ulimit.3:27
+#: build/C/man7/user_namespaces.7:27 build/C/man2/seccomp.2:27
#, no-wrap
msgid "Linux Programmer's Manual"
msgstr "Linux Programmer's Manual"
#. type: SH
-#: build/C/man2/acct.2:33 build/C/man5/acct.5:24
-#: build/C/man7/capabilities.7:47 build/C/man2/capget.2:12
-#: build/C/man7/cpuset.7:25 build/C/man7/credentials.7:26
+#: build/C/man2/acct.2:32 build/C/man5/acct.5:26
+#: build/C/man7/capabilities.7:49 build/C/man2/capget.2:16
+#: build/C/man7/cpuset.7:26 build/C/man7/credentials.7:28
#: build/C/man2/getgid.2:26 build/C/man2/getgroups.2:32
-#: build/C/man2/getpid.2:24 build/C/man2/getpriority.2:47
-#: build/C/man2/getresuid.2:28 build/C/man2/getrlimit.2:65
-#: build/C/man2/getrusage.2:40 build/C/man2/getsid.2:26
-#: build/C/man2/getuid.2:27 build/C/man2/iopl.2:34
-#: build/C/man2/ioprio_set.2:26 build/C/man2/ipc.2:27
-#: build/C/man2/seteuid.2:28 build/C/man2/setfsgid.2:30
-#: build/C/man2/setfsuid.2:30 build/C/man2/setgid.2:28
-#: build/C/man2/setpgid.2:47 build/C/man2/setresuid.2:27
-#: build/C/man2/setreuid.2:44 build/C/man2/setsid.2:30
-#: build/C/man2/setuid.2:29 build/C/man7/svipc.7:26 build/C/man3/ulimit.3:28
+#: build/C/man2/getpid.2:26 build/C/man2/getpriority.2:46
+#: build/C/man2/getresuid.2:29 build/C/man2/getrlimit.2:65
+#: build/C/man2/getrusage.2:40 build/C/man2/getsid.2:27
+#: build/C/man2/getuid.2:27 build/C/man3/group_member.3:26
+#: build/C/man2/iopl.2:34 build/C/man2/ioprio_set.2:25 build/C/man2/ipc.2:26
+#: build/C/man7/namespaces.7:28 build/C/man7/pid_namespaces.7:28
+#: build/C/man2/seteuid.2:30 build/C/man2/setfsgid.2:32
+#: build/C/man2/setfsuid.2:32 build/C/man2/setgid.2:30
+#: build/C/man2/setpgid.2:49 build/C/man2/setresuid.2:27
+#: build/C/man2/setreuid.2:46 build/C/man2/setsid.2:32
+#: build/C/man2/setuid.2:31 build/C/man7/svipc.7:41 build/C/man3/ulimit.3:28
+#: build/C/man7/user_namespaces.7:28 build/C/man2/seccomp.2:28
#, no-wrap
msgid "NAME"
msgstr "名前"
#. type: Plain text
-#: build/C/man2/acct.2:35
+#: build/C/man2/acct.2:34
msgid "acct - switch process accounting on or off"
msgstr "acct - プロセス・アカウントのオンとオフを切り換える"
#. type: SH
-#: build/C/man2/acct.2:35 build/C/man5/acct.5:26 build/C/man2/capget.2:14
+#: build/C/man2/acct.2:34 build/C/man5/acct.5:28 build/C/man2/capget.2:18
#: build/C/man2/getgid.2:28 build/C/man2/getgroups.2:34
-#: build/C/man2/getpid.2:26 build/C/man2/getpriority.2:49
-#: build/C/man2/getresuid.2:30 build/C/man2/getrlimit.2:67
-#: build/C/man2/getrusage.2:42 build/C/man2/getsid.2:28
-#: build/C/man2/getuid.2:29 build/C/man2/iopl.2:36
-#: build/C/man2/ioprio_set.2:28 build/C/man2/ipc.2:29
-#: build/C/man2/seteuid.2:30 build/C/man2/setfsgid.2:32
-#: build/C/man2/setfsuid.2:32 build/C/man2/setgid.2:30
-#: build/C/man2/setpgid.2:49 build/C/man2/setresuid.2:29
-#: build/C/man2/setreuid.2:46 build/C/man2/setsid.2:32
-#: build/C/man2/setuid.2:31 build/C/man7/svipc.7:28 build/C/man3/ulimit.3:30
+#: build/C/man2/getpid.2:28 build/C/man2/getpriority.2:48
+#: build/C/man2/getresuid.2:31 build/C/man2/getrlimit.2:67
+#: build/C/man2/getrusage.2:42 build/C/man2/getsid.2:29
+#: build/C/man2/getuid.2:29 build/C/man3/group_member.3:28
+#: build/C/man2/iopl.2:36 build/C/man2/ioprio_set.2:27 build/C/man2/ipc.2:28
+#: build/C/man2/seteuid.2:32 build/C/man2/setfsgid.2:34
+#: build/C/man2/setfsuid.2:34 build/C/man2/setgid.2:32
+#: build/C/man2/setpgid.2:51 build/C/man2/setresuid.2:29
+#: build/C/man2/setreuid.2:48 build/C/man2/setsid.2:34
+#: build/C/man2/setuid.2:33 build/C/man7/svipc.7:43 build/C/man3/ulimit.3:30
+#: build/C/man2/seccomp.2:30
#, no-wrap
msgid "SYNOPSIS"
msgstr "書式"
#. type: Plain text
-#: build/C/man2/acct.2:39
+#: build/C/man2/acct.2:38
#, no-wrap
msgid "B<#include E<lt>unistd.hE<gt>>\n"
msgstr "B<#include E<lt>unistd.hE<gt>>\n"
#. type: Plain text
-#: build/C/man2/acct.2:41
+#: build/C/man2/acct.2:40
#, no-wrap
msgid "B<int acct(const char *>I<filename>B<);>\n"
msgstr "B<int acct(const char *>I<filename>B<);>\n"
#. type: Plain text
-#: build/C/man2/acct.2:47 build/C/man2/getgroups.2:48
-#: build/C/man2/getrlimit.2:84 build/C/man2/getsid.2:36
-#: build/C/man2/seteuid.2:42 build/C/man2/setpgid.2:69
-#: build/C/man2/setreuid.2:58
+#: build/C/man2/acct.2:46 build/C/man2/getgroups.2:48
+#: build/C/man2/getrlimit.2:84 build/C/man2/getsid.2:37
+#: build/C/man3/group_member.3:36 build/C/man2/seteuid.2:44
+#: build/C/man2/setpgid.2:71 build/C/man2/setreuid.2:60
msgid ""
"Feature Test Macro Requirements for glibc (see B<feature_test_macros>(7)):"
msgstr "glibc 向けの機能検査マクロの要件 (B<feature_test_macros>(7) 参照):"
#. type: Plain text
-#: build/C/man2/acct.2:51
+#: build/C/man2/acct.2:50
msgid ""
"B<acct>(): _BSD_SOURCE || (_XOPEN_SOURCE && _XOPEN_SOURCE\\ E<lt>\\ 500)"
msgstr ""
"B<acct>(): _BSD_SOURCE || (_XOPEN_SOURCE && _XOPEN_SOURCE\\ E<lt>\\ 500)"
#. type: SH
-#: build/C/man2/acct.2:51 build/C/man5/acct.5:28
-#: build/C/man7/capabilities.7:49 build/C/man2/capget.2:20
-#: build/C/man7/cpuset.7:27 build/C/man7/credentials.7:28
+#: build/C/man2/acct.2:50 build/C/man5/acct.5:30
+#: build/C/man7/capabilities.7:51 build/C/man2/capget.2:24
+#: build/C/man7/cpuset.7:28 build/C/man7/credentials.7:30
#: build/C/man2/getgid.2:36 build/C/man2/getgroups.2:52
-#: build/C/man2/getpid.2:34 build/C/man2/getpriority.2:57
-#: build/C/man2/getresuid.2:38 build/C/man2/getrlimit.2:88
-#: build/C/man2/getrusage.2:48 build/C/man2/getsid.2:49
-#: build/C/man2/getuid.2:37 build/C/man2/iopl.2:40
-#: build/C/man2/ioprio_set.2:33 build/C/man2/ipc.2:35
-#: build/C/man2/seteuid.2:51 build/C/man2/setfsgid.2:37
-#: build/C/man2/setfsuid.2:37 build/C/man2/setgid.2:36
-#: build/C/man2/setpgid.2:96 build/C/man2/setresuid.2:37
-#: build/C/man2/setreuid.2:68 build/C/man2/setsid.2:39
-#: build/C/man2/setuid.2:37 build/C/man7/svipc.7:36 build/C/man3/ulimit.3:34
+#: build/C/man2/getpid.2:36 build/C/man2/getpriority.2:56
+#: build/C/man2/getresuid.2:39 build/C/man2/getrlimit.2:88
+#: build/C/man2/getrusage.2:48 build/C/man2/getsid.2:50
+#: build/C/man2/getuid.2:37 build/C/man3/group_member.3:40
+#: build/C/man2/iopl.2:40 build/C/man2/ioprio_set.2:35 build/C/man2/ipc.2:34
+#: build/C/man7/namespaces.7:30 build/C/man7/pid_namespaces.7:30
+#: build/C/man2/seteuid.2:53 build/C/man2/setfsgid.2:38
+#: build/C/man2/setfsuid.2:38 build/C/man2/setgid.2:38
+#: build/C/man2/setpgid.2:100 build/C/man2/setresuid.2:37
+#: build/C/man2/setreuid.2:70 build/C/man2/setsid.2:41
+#: build/C/man2/setuid.2:39 build/C/man7/svipc.7:49 build/C/man3/ulimit.3:34
+#: build/C/man7/user_namespaces.7:30 build/C/man2/seccomp.2:43
#, no-wrap
msgid "DESCRIPTION"
msgstr "説明"
"き数として呼び出されたらアカウントをオフにする。"
#. type: SH
-#: build/C/man2/acct.2:60 build/C/man2/capget.2:152
-#: build/C/man2/getgroups.2:92 build/C/man2/getpriority.2:105
-#: build/C/man2/getresuid.2:49 build/C/man2/getrlimit.2:430
-#: build/C/man2/getrusage.2:180 build/C/man2/getsid.2:57
-#: build/C/man2/iopl.2:65 build/C/man2/ioprio_set.2:139
-#: build/C/man2/seteuid.2:65 build/C/man2/setfsgid.2:67
-#: build/C/man2/setfsuid.2:67 build/C/man2/setgid.2:51
-#: build/C/man2/setpgid.2:170 build/C/man2/setresuid.2:64
-#: build/C/man2/setreuid.2:89 build/C/man2/setsid.2:50
-#: build/C/man2/setuid.2:68 build/C/man3/ulimit.3:67
+#: build/C/man2/acct.2:60 build/C/man2/capget.2:160
+#: build/C/man2/getgroups.2:92 build/C/man2/getpriority.2:104
+#: build/C/man2/getresuid.2:50 build/C/man2/getrlimit.2:461
+#: build/C/man2/getrusage.2:188 build/C/man2/getsid.2:58
+#: build/C/man3/group_member.3:48 build/C/man2/iopl.2:66
+#: build/C/man2/ioprio_set.2:149 build/C/man2/seteuid.2:67
+#: build/C/man2/setfsgid.2:68 build/C/man2/setfsuid.2:68
+#: build/C/man2/setgid.2:53 build/C/man2/setpgid.2:195
+#: build/C/man2/setresuid.2:64 build/C/man2/setreuid.2:93
+#: build/C/man2/setsid.2:54 build/C/man2/setuid.2:70 build/C/man3/ulimit.3:67
+#: build/C/man2/seccomp.2:342
#, no-wrap
msgid "RETURN VALUE"
msgstr "返り値"
#. type: Plain text
-#: build/C/man2/acct.2:65 build/C/man2/capget.2:157
-#: build/C/man2/getresuid.2:54 build/C/man2/getrusage.2:185
-#: build/C/man2/iopl.2:70 build/C/man2/seteuid.2:70 build/C/man2/setgid.2:56
-#: build/C/man2/setresuid.2:69 build/C/man2/setreuid.2:94
-#: build/C/man2/setuid.2:73
+#: build/C/man2/acct.2:65 build/C/man2/capget.2:165
+#: build/C/man2/getresuid.2:55 build/C/man2/getrusage.2:193
+#: build/C/man2/iopl.2:71 build/C/man2/seteuid.2:72 build/C/man2/setgid.2:58
+#: build/C/man2/setresuid.2:69 build/C/man2/setreuid.2:98
+#: build/C/man2/setuid.2:75
msgid ""
"On success, zero is returned. On error, -1 is returned, and I<errno> is set "
"appropriately."
"定される。"
#. type: SH
-#: build/C/man2/acct.2:65 build/C/man2/capget.2:171 build/C/man7/cpuset.7:1099
+#: build/C/man2/acct.2:65 build/C/man2/capget.2:179 build/C/man7/cpuset.7:1100
#: build/C/man2/getgid.2:42 build/C/man2/getgroups.2:106
-#: build/C/man2/getpid.2:42 build/C/man2/getpriority.2:118
-#: build/C/man2/getresuid.2:54 build/C/man2/getrlimit.2:435
-#: build/C/man2/getrusage.2:185 build/C/man2/getsid.2:62
-#: build/C/man2/getuid.2:43 build/C/man2/iopl.2:70
-#: build/C/man2/ioprio_set.2:159 build/C/man2/seteuid.2:70
-#: build/C/man2/setgid.2:56 build/C/man2/setpgid.2:191
-#: build/C/man2/setresuid.2:69 build/C/man2/setreuid.2:94
-#: build/C/man2/setsid.2:57 build/C/man2/setuid.2:73 build/C/man3/ulimit.3:74
+#: build/C/man2/getpid.2:44 build/C/man2/getpriority.2:117
+#: build/C/man2/getresuid.2:55 build/C/man2/getrlimit.2:466
+#: build/C/man2/getrusage.2:193 build/C/man2/getsid.2:63
+#: build/C/man2/getuid.2:43 build/C/man2/iopl.2:71
+#: build/C/man2/ioprio_set.2:169 build/C/man2/seteuid.2:79
+#: build/C/man2/setgid.2:58 build/C/man2/setpgid.2:216
+#: build/C/man2/setresuid.2:76 build/C/man2/setreuid.2:105
+#: build/C/man2/setsid.2:61 build/C/man2/setuid.2:82 build/C/man3/ulimit.3:74
+#: build/C/man2/seccomp.2:358
#, no-wrap
msgid "ERRORS"
msgstr "エラー"
#. type: TP
-#: build/C/man2/acct.2:66 build/C/man7/cpuset.7:1115
-#: build/C/man7/cpuset.7:1122 build/C/man7/cpuset.7:1128
-#: build/C/man7/cpuset.7:1136 build/C/man7/cpuset.7:1143
-#: build/C/man2/getpriority.2:138 build/C/man2/setpgid.2:192
+#: build/C/man2/acct.2:66 build/C/man7/cpuset.7:1116
+#: build/C/man7/cpuset.7:1123 build/C/man7/cpuset.7:1129
+#: build/C/man7/cpuset.7:1137 build/C/man7/cpuset.7:1144
+#: build/C/man2/getpriority.2:137 build/C/man2/setpgid.2:217
#, no-wrap
msgid "B<EACCES>"
msgstr "B<EACCES>"
"(regular) のファイルでない。"
#. type: TP
-#: build/C/man2/acct.2:77 build/C/man2/capget.2:172 build/C/man7/cpuset.7:1171
-#: build/C/man2/getgroups.2:107 build/C/man2/getresuid.2:55
-#: build/C/man2/getrlimit.2:436 build/C/man2/getrusage.2:186
+#: build/C/man2/acct.2:77 build/C/man2/capget.2:180 build/C/man7/cpuset.7:1172
+#: build/C/man2/getgroups.2:107 build/C/man2/getresuid.2:56
+#: build/C/man2/getrlimit.2:467 build/C/man2/getrusage.2:194
+#: build/C/man2/seccomp.2:369
#, no-wrap
msgid "B<EFAULT>"
msgstr "B<EFAULT>"
msgstr "アクセスできるアドレス空間の外を I<filename> が指している。"
#. type: TP
-#: build/C/man2/acct.2:81 build/C/man7/cpuset.7:1237
-#: build/C/man7/cpuset.7:1245
+#: build/C/man2/acct.2:81 build/C/man7/cpuset.7:1238
+#: build/C/man7/cpuset.7:1246
#, no-wrap
msgid "B<EIO>"
msgstr "B<EIO>"
msgstr "I<filename> の実体にたどり着くまでのシンボリックリンクの数が多すぎる。"
#. type: TP
-#: build/C/man2/acct.2:93 build/C/man7/cpuset.7:1250
-#: build/C/man7/cpuset.7:1257 build/C/man7/cpuset.7:1262
+#: build/C/man2/acct.2:93 build/C/man7/cpuset.7:1251
+#: build/C/man7/cpuset.7:1258 build/C/man7/cpuset.7:1263
#, no-wrap
msgid "B<ENAMETOOLONG>"
msgstr "B<ENAMETOOLONG>"
msgstr "オープンされたファイルの総数がシステム制限に達した。"
#. type: TP
-#: build/C/man2/acct.2:100 build/C/man7/cpuset.7:1274
-#: build/C/man7/cpuset.7:1279
+#: build/C/man2/acct.2:100 build/C/man7/cpuset.7:1275
+#: build/C/man7/cpuset.7:1280
#, no-wrap
msgid "B<ENOENT>"
msgstr "B<ENOENT>"
msgstr "指定されたファイルが存在しない。"
#. type: TP
-#: build/C/man2/acct.2:103 build/C/man7/cpuset.7:1286
-#: build/C/man2/getgroups.2:127
+#: build/C/man2/acct.2:103 build/C/man7/cpuset.7:1287
+#: build/C/man2/getgroups.2:127 build/C/man2/seccomp.2:413
+#: build/C/man2/seccomp.2:416
#, no-wrap
msgid "B<ENOMEM>"
msgstr "B<ENOMEM>"
#. type: Plain text
#: build/C/man2/acct.2:106 build/C/man2/getgroups.2:130
+#: build/C/man2/seccomp.2:416
msgid "Out of memory."
msgstr "メモリ不足。"
#. type: TP
-#: build/C/man2/acct.2:106 build/C/man2/iopl.2:75
+#: build/C/man2/acct.2:106 build/C/man2/iopl.2:76
#, no-wrap
msgid "B<ENOSYS>"
msgstr "B<ENOSYS>"
"て制御される。"
#. type: TP
-#: build/C/man2/acct.2:112 build/C/man7/cpuset.7:1313
+#: build/C/man2/acct.2:112 build/C/man7/cpuset.7:1314
#, no-wrap
msgid "B<ENOTDIR>"
msgstr "B<ENOTDIR>"
"い。"
#. type: TP
-#: build/C/man2/acct.2:117 build/C/man2/capget.2:183 build/C/man2/capget.2:188
-#: build/C/man7/cpuset.7:1318 build/C/man2/getgroups.2:130
-#: build/C/man2/getpriority.2:150 build/C/man2/getrlimit.2:452
-#: build/C/man2/getsid.2:63 build/C/man2/iopl.2:78
-#: build/C/man2/ioprio_set.2:169 build/C/man2/seteuid.2:73
-#: build/C/man2/setgid.2:57 build/C/man2/setpgid.2:206
-#: build/C/man2/setresuid.2:77 build/C/man2/setreuid.2:95
-#: build/C/man2/setsid.2:58 build/C/man2/setuid.2:83 build/C/man3/ulimit.3:75
+#: build/C/man2/acct.2:117 build/C/man2/capget.2:191 build/C/man2/capget.2:196
+#: build/C/man7/cpuset.7:1319 build/C/man2/getgroups.2:130
+#: build/C/man2/getpriority.2:149 build/C/man2/getrlimit.2:483
+#: build/C/man2/getsid.2:64 build/C/man2/iopl.2:79
+#: build/C/man2/ioprio_set.2:179 build/C/man2/seteuid.2:83
+#: build/C/man2/setgid.2:64 build/C/man2/setpgid.2:231
+#: build/C/man2/setresuid.2:103 build/C/man2/setreuid.2:132
+#: build/C/man2/setsid.2:62 build/C/man2/setuid.2:110 build/C/man3/ulimit.3:75
#, no-wrap
msgid "B<EPERM>"
msgstr "B<EPERM>"
#. type: Plain text
#: build/C/man2/acct.2:127
-msgid "I<filename> refers to a file on a read-only file system."
+msgid "I<filename> refers to a file on a read-only filesystem."
msgstr ""
"読み込みだけのファイルシステム上のファイルを I<filename> が参照している。"
msgstr "使用可能なファイル構造体がないか、メモリが足りない。"
#. type: SH
-#: build/C/man2/acct.2:130 build/C/man5/acct.5:152
-#: build/C/man7/capabilities.7:1002 build/C/man2/capget.2:210
-#: build/C/man7/credentials.7:232 build/C/man2/getgid.2:44
-#: build/C/man2/getgroups.2:133 build/C/man2/getpid.2:44
-#: build/C/man2/getpriority.2:158 build/C/man2/getresuid.2:66
-#: build/C/man2/getrlimit.2:473 build/C/man2/getrusage.2:194
-#: build/C/man2/getsid.2:78 build/C/man2/getuid.2:45 build/C/man2/iopl.2:85
-#: build/C/man2/ioprio_set.2:186 build/C/man2/ipc.2:46
-#: build/C/man2/seteuid.2:89 build/C/man2/setfsgid.2:78
-#: build/C/man2/setfsuid.2:78 build/C/man2/setgid.2:74
-#: build/C/man2/setpgid.2:225 build/C/man2/setresuid.2:83
-#: build/C/man2/setreuid.2:111 build/C/man2/setsid.2:64
-#: build/C/man2/setuid.2:90 build/C/man3/ulimit.3:78
+#: build/C/man2/acct.2:130 build/C/man5/acct.5:153
+#: build/C/man7/capabilities.7:1120 build/C/man2/capget.2:218
+#: build/C/man7/credentials.7:287 build/C/man2/getgid.2:44
+#: build/C/man2/getgroups.2:133 build/C/man2/getpid.2:46
+#: build/C/man2/getpriority.2:157 build/C/man2/getresuid.2:67
+#: build/C/man2/getrlimit.2:504 build/C/man2/getrusage.2:202
+#: build/C/man2/getsid.2:79 build/C/man2/getuid.2:45
+#: build/C/man3/group_member.3:55 build/C/man2/iopl.2:87
+#: build/C/man2/ioprio_set.2:196 build/C/man2/ipc.2:45
+#: build/C/man7/namespaces.7:359 build/C/man7/pid_namespaces.7:351
+#: build/C/man2/seteuid.2:99 build/C/man2/setfsgid.2:75
+#: build/C/man2/setfsuid.2:75 build/C/man2/setgid.2:71
+#: build/C/man2/setpgid.2:250 build/C/man2/setresuid.2:109
+#: build/C/man2/setreuid.2:148 build/C/man2/setsid.2:68
+#: build/C/man2/setuid.2:117 build/C/man3/ulimit.3:78
+#: build/C/man7/user_namespaces.7:645 build/C/man2/seccomp.2:435
#, no-wrap
msgid "CONFORMING TO"
msgstr "準拠"
msgstr "SVr4, 4.3BSD (POSIX ではない)。"
#. type: SH
-#: build/C/man2/acct.2:137 build/C/man5/acct.5:156
-#: build/C/man7/capabilities.7:1007 build/C/man2/capget.2:212
-#: build/C/man7/cpuset.7:1340 build/C/man7/credentials.7:238
+#: build/C/man2/acct.2:137 build/C/man5/acct.5:157
+#: build/C/man7/capabilities.7:1126 build/C/man2/capget.2:220
+#: build/C/man7/cpuset.7:1341 build/C/man7/credentials.7:293
#: build/C/man2/getgid.2:46 build/C/man2/getgroups.2:141
-#: build/C/man2/getpid.2:46 build/C/man2/getpriority.2:161
-#: build/C/man2/getresuid.2:69 build/C/man2/getrlimit.2:496
-#: build/C/man2/getrusage.2:205 build/C/man2/getsid.2:80
-#: build/C/man2/getuid.2:47 build/C/man2/getuid.2:57 build/C/man2/iopl.2:89
-#: build/C/man2/ioprio_set.2:188 build/C/man2/ipc.2:50
-#: build/C/man2/seteuid.2:91 build/C/man2/setfsgid.2:82
-#: build/C/man2/setfsuid.2:82 build/C/man2/setgid.2:64
-#: build/C/man2/setpgid.2:247 build/C/man2/setresuid.2:86
-#: build/C/man2/setreuid.2:117 build/C/man2/setsid.2:66
-#: build/C/man2/setuid.2:95
+#: build/C/man2/getpid.2:48 build/C/man2/getpriority.2:160
+#: build/C/man2/getresuid.2:70 build/C/man2/getrlimit.2:527
+#: build/C/man2/getrusage.2:213 build/C/man2/getsid.2:81
+#: build/C/man2/getuid.2:47 build/C/man2/iopl.2:91
+#: build/C/man2/ioprio_set.2:198 build/C/man2/ipc.2:49
+#: build/C/man2/seteuid.2:101 build/C/man2/setfsgid.2:79
+#: build/C/man2/setfsuid.2:79 build/C/man2/setgid.2:73
+#: build/C/man2/setpgid.2:272 build/C/man2/setresuid.2:112
+#: build/C/man2/setreuid.2:154 build/C/man2/setsid.2:70
+#: build/C/man2/setuid.2:122 build/C/man7/user_namespaces.7:648
+#: build/C/man2/seccomp.2:439
#, no-wrap
msgid "NOTES"
msgstr "注意"
"明がある。"
#. type: SH
-#: build/C/man2/acct.2:143 build/C/man5/acct.5:173
-#: build/C/man7/capabilities.7:1055 build/C/man2/capget.2:219
-#: build/C/man7/cpuset.7:1487 build/C/man7/credentials.7:249
-#: build/C/man2/getgid.2:62 build/C/man2/getgroups.2:171
-#: build/C/man2/getpid.2:98 build/C/man2/getpriority.2:223
-#: build/C/man2/getresuid.2:85 build/C/man2/getrlimit.2:620
-#: build/C/man2/getrusage.2:245 build/C/man2/getsid.2:83
-#: build/C/man2/getuid.2:73 build/C/man2/iopl.2:98
-#: build/C/man2/ioprio_set.2:317 build/C/man2/ipc.2:58
-#: build/C/man2/seteuid.2:117 build/C/man2/setfsgid.2:110
-#: build/C/man2/setfsuid.2:110 build/C/man2/setgid.2:76
-#: build/C/man2/setpgid.2:315 build/C/man2/setresuid.2:106
-#: build/C/man2/setreuid.2:157 build/C/man2/setsid.2:83
-#: build/C/man2/setuid.2:118 build/C/man7/svipc.7:320 build/C/man3/ulimit.3:83
+#: build/C/man2/acct.2:143 build/C/man5/acct.5:174
+#: build/C/man7/capabilities.7:1183 build/C/man2/capget.2:228
+#: build/C/man7/cpuset.7:1488 build/C/man7/credentials.7:304
+#: build/C/man2/getgid.2:62 build/C/man2/getgroups.2:178
+#: build/C/man2/getpid.2:100 build/C/man2/getpriority.2:232
+#: build/C/man2/getresuid.2:86 build/C/man2/getrlimit.2:759
+#: build/C/man2/getrusage.2:253 build/C/man2/getsid.2:84
+#: build/C/man2/getuid.2:73 build/C/man3/group_member.3:57
+#: build/C/man2/iopl.2:100 build/C/man2/ioprio_set.2:346 build/C/man2/ipc.2:57
+#: build/C/man7/namespaces.7:364 build/C/man7/pid_namespaces.7:356
+#: build/C/man2/seteuid.2:141 build/C/man2/setfsgid.2:123
+#: build/C/man2/setfsuid.2:131 build/C/man2/setgid.2:83
+#: build/C/man2/setpgid.2:340 build/C/man2/setresuid.2:132
+#: build/C/man2/setreuid.2:194 build/C/man2/setsid.2:93
+#: build/C/man2/setuid.2:145 build/C/man7/svipc.7:335 build/C/man3/ulimit.3:83
+#: build/C/man7/user_namespaces.7:1011 build/C/man2/seccomp.2:662
#, no-wrap
msgid "SEE ALSO"
msgstr "関連項目"
msgstr "B<acct>(5)"
#. type: SH
-#: build/C/man2/acct.2:145 build/C/man5/acct.5:178
-#: build/C/man7/capabilities.7:1076 build/C/man2/capget.2:223
-#: build/C/man7/cpuset.7:1504 build/C/man7/credentials.7:280
-#: build/C/man2/getgid.2:67 build/C/man2/getgroups.2:178
-#: build/C/man2/getpid.2:108 build/C/man2/getpriority.2:231
-#: build/C/man2/getresuid.2:91 build/C/man2/getrlimit.2:637
-#: build/C/man2/getrusage.2:252 build/C/man2/getsid.2:87
-#: build/C/man2/getuid.2:78 build/C/man2/iopl.2:101
-#: build/C/man2/ioprio_set.2:323 build/C/man2/ipc.2:71
-#: build/C/man2/seteuid.2:124 build/C/man2/setfsgid.2:115
-#: build/C/man2/setfsuid.2:115 build/C/man2/setgid.2:82
-#: build/C/man2/setpgid.2:322 build/C/man2/setresuid.2:115
-#: build/C/man2/setreuid.2:165 build/C/man2/setsid.2:89
-#: build/C/man2/setuid.2:125 build/C/man7/svipc.7:334 build/C/man3/ulimit.3:88
+#: build/C/man2/acct.2:145 build/C/man5/acct.5:179
+#: build/C/man7/capabilities.7:1205 build/C/man2/capget.2:232
+#: build/C/man7/cpuset.7:1506 build/C/man7/credentials.7:340
+#: build/C/man2/getgid.2:67 build/C/man2/getgroups.2:186
+#: build/C/man2/getpid.2:111 build/C/man2/getpriority.2:241
+#: build/C/man2/getresuid.2:92 build/C/man2/getrlimit.2:777
+#: build/C/man2/getrusage.2:260 build/C/man2/getsid.2:88
+#: build/C/man2/getuid.2:78 build/C/man3/group_member.3:62
+#: build/C/man2/iopl.2:104 build/C/man2/ioprio_set.2:354 build/C/man2/ipc.2:70
+#: build/C/man7/namespaces.7:377 build/C/man7/pid_namespaces.7:365
+#: build/C/man2/seteuid.2:149 build/C/man2/setfsgid.2:128
+#: build/C/man2/setfsuid.2:136 build/C/man2/setgid.2:90
+#: build/C/man2/setpgid.2:347 build/C/man2/setresuid.2:142
+#: build/C/man2/setreuid.2:203 build/C/man2/setsid.2:100
+#: build/C/man2/setuid.2:153 build/C/man7/svipc.7:353 build/C/man3/ulimit.3:88
+#: build/C/man7/user_namespaces.7:1027 build/C/man2/seccomp.2:678
#, no-wrap
msgid "COLOPHON"
msgstr "この文書について"
#. type: Plain text
-#: build/C/man2/acct.2:152 build/C/man5/acct.5:185
-#: build/C/man7/capabilities.7:1083 build/C/man2/capget.2:230
-#: build/C/man7/cpuset.7:1511 build/C/man7/credentials.7:287
-#: build/C/man2/getgid.2:74 build/C/man2/getgroups.2:185
-#: build/C/man2/getpid.2:115 build/C/man2/getpriority.2:238
-#: build/C/man2/getresuid.2:98 build/C/man2/getrlimit.2:644
-#: build/C/man2/getrusage.2:259 build/C/man2/getsid.2:94
-#: build/C/man2/getuid.2:85 build/C/man2/iopl.2:108
-#: build/C/man2/ioprio_set.2:330 build/C/man2/ipc.2:78
-#: build/C/man2/seteuid.2:131 build/C/man2/setfsgid.2:122
-#: build/C/man2/setfsuid.2:122 build/C/man2/setgid.2:89
-#: build/C/man2/setpgid.2:329 build/C/man2/setresuid.2:122
-#: build/C/man2/setreuid.2:172 build/C/man2/setsid.2:96
-#: build/C/man2/setuid.2:132 build/C/man7/svipc.7:341 build/C/man3/ulimit.3:95
-msgid ""
-"This page is part of release 3.41 of the Linux I<man-pages> project. A "
-"description of the project, and information about reporting bugs, can be "
-"found at http://www.kernel.org/doc/man-pages/."
-msgstr ""
-"この man ページは Linux I<man-pages> プロジェクトのリリース 3.41 の一部\n"
+#: build/C/man2/acct.2:153 build/C/man5/acct.5:187
+#: build/C/man7/capabilities.7:1213 build/C/man2/capget.2:240
+#: build/C/man7/cpuset.7:1514 build/C/man7/credentials.7:348
+#: build/C/man2/getgid.2:75 build/C/man2/getgroups.2:194
+#: build/C/man2/getpid.2:119 build/C/man2/getpriority.2:249
+#: build/C/man2/getresuid.2:100 build/C/man2/getrlimit.2:785
+#: build/C/man2/getrusage.2:268 build/C/man2/getsid.2:96
+#: build/C/man2/getuid.2:86 build/C/man3/group_member.3:70
+#: build/C/man2/iopl.2:112 build/C/man2/ioprio_set.2:362 build/C/man2/ipc.2:78
+#: build/C/man7/namespaces.7:385 build/C/man7/pid_namespaces.7:373
+#: build/C/man2/seteuid.2:157 build/C/man2/setfsgid.2:136
+#: build/C/man2/setfsuid.2:144 build/C/man2/setgid.2:98
+#: build/C/man2/setpgid.2:355 build/C/man2/setresuid.2:150
+#: build/C/man2/setreuid.2:211 build/C/man2/setsid.2:108
+#: build/C/man2/setuid.2:161 build/C/man7/svipc.7:361 build/C/man3/ulimit.3:96
+#: build/C/man7/user_namespaces.7:1035 build/C/man2/seccomp.2:686
+msgid ""
+"This page is part of release 3.77 of the Linux I<man-pages> project. A "
+"description of the project, information about reporting bugs, and the latest "
+"version of this page, can be found at \\%http://www.kernel.org/doc/man-"
+"pages/."
+msgstr ""
+"この man ページは Linux I<man-pages> プロジェクトのリリース 3.77 の一部\n"
"である。プロジェクトの説明とバグ報告に関する情報は\n"
"http://www.kernel.org/doc/man-pages/ に書かれている。"
#. type: TH
-#: build/C/man5/acct.5:23
+#: build/C/man5/acct.5:25
#, no-wrap
msgid "2008-06-15"
msgstr "2008-06-15"
#. type: Plain text
-#: build/C/man5/acct.5:26
+#: build/C/man5/acct.5:28
msgid "acct - process accounting file"
msgstr "acct - プロセス・アカウンティング・ファイル"
#. type: Plain text
-#: build/C/man5/acct.5:28
+#: build/C/man5/acct.5:30
msgid "B<#include E<lt>sys/acct.hE<gt>>"
msgstr "B<#include E<lt>sys/acct.hE<gt>>"
#. type: Plain text
-#: build/C/man5/acct.5:34
+#: build/C/man5/acct.5:36
msgid ""
"If the kernel is built with the process accounting option enabled "
"(B<CONFIG_BSD_PROCESS_ACCT>), then calling B<acct>(2) starts process "
"B<acct>(2) を呼び出すとプロセス・アカウンティングが開始される。"
#. type: Plain text
-#: build/C/man5/acct.5:37
+#: build/C/man5/acct.5:39
msgid "acct(\"/var/log/pacct\");"
msgstr "acct(\"/var/log/pacct\");"
#. type: Plain text
-#: build/C/man5/acct.5:45
+#: build/C/man5/acct.5:47
msgid ""
"When process accounting is enabled, the kernel writes a record to the "
"accounting file as each process on the system terminates. This record "
"hE<gt>> で以下のように定義されている。"
#. type: Plain text
-#: build/C/man5/acct.5:49
+#: build/C/man5/acct.5:51
#, no-wrap
msgid "#define ACCT_COMM 16\n"
msgstr "#define ACCT_COMM 16\n"
#. type: Plain text
-#: build/C/man5/acct.5:51
+#: build/C/man5/acct.5:53
#, no-wrap
msgid "typedef u_int16_t comp_t;\n"
msgstr "typedef u_int16_t comp_t;\n"
#. type: Plain text
-#: build/C/man5/acct.5:75
+#: build/C/man5/acct.5:77
#, no-wrap
msgid ""
"struct acct {\n"
"};\n"
#. type: Plain text
-#: build/C/man5/acct.5:82
+#: build/C/man5/acct.5:84
#, no-wrap
msgid ""
"enum { /* Bits that may be set in ac_flag field */\n"
"};\n"
#. type: Plain text
-#: build/C/man5/acct.5:92
+#: build/C/man5/acct.5:94
msgid ""
"The I<comp_t> data type is a floating-point value consisting of a 3-bit, "
"base-8 exponent, and a 13-bit mantissa. A value, I<c>, of this type can be "
"型の) 整数に変換できる。"
#. type: Plain text
-#: build/C/man5/acct.5:95
+#: build/C/man5/acct.5:97
#, no-wrap
msgid " v = (c & 0x1fff) E<lt>E<lt> (((c E<gt>E<gt> 13) & 0x7) * 3);\n"
msgstr " v = (c & 0x1fff) E<lt>E<lt> (((c E<gt>E<gt> 13) & 0x7) * 3);\n"
#. type: Plain text
-#: build/C/man5/acct.5:105
+#: build/C/man5/acct.5:107
msgid ""
"The I<ac_utime>, I<ac_stime>, and I<ac_etime> fields measure time in \"clock "
"ticks\"; divide these values by I<sysconf(_SC_CLK_TCK)> to convert them to "
"きる。"
#. type: SS
-#: build/C/man5/acct.5:105
+#: build/C/man5/acct.5:107
#, no-wrap
-msgid "Version 3 Accounting File Format"
+msgid "Version 3 accounting file format"
msgstr "バージョン 3 のアカウンティングファイルのフォーマット"
#. type: Plain text
-#: build/C/man5/acct.5:120
+#: build/C/man5/acct.5:122
msgid ""
"Since kernel 2.6.8, an optional alternative version of the accounting file "
"can be produced if the B<CONFIG_BSD_PROCESS_ACCT_V3> option is set when "
"る)。 このレコードは以下のように定義されている。"
#. type: Plain text
-#: build/C/man5/acct.5:145
+#: build/C/man5/acct.5:147
#, no-wrap
msgid ""
"struct acct_v3 {\n"
"};\n"
#. type: SH
-#: build/C/man5/acct.5:148 build/C/man7/cpuset.7:1337
-#: build/C/man2/getresuid.2:59 build/C/man2/getrlimit.2:468
-#: build/C/man2/getsid.2:74 build/C/man2/ioprio_set.2:183
-#: build/C/man2/setfsgid.2:74 build/C/man2/setfsuid.2:74
-#: build/C/man2/setresuid.2:81
+#: build/C/man5/acct.5:149 build/C/man7/cpuset.7:1338
+#: build/C/man2/getresuid.2:60 build/C/man2/getrlimit.2:499
+#: build/C/man2/getsid.2:75 build/C/man2/ioprio_set.2:193
+#: build/C/man2/setfsgid.2:71 build/C/man2/setfsuid.2:71
+#: build/C/man2/setresuid.2:107 build/C/man2/seccomp.2:430
#, no-wrap
msgid "VERSIONS"
msgstr "バージョン"
#. type: Plain text
-#: build/C/man5/acct.5:152
+#: build/C/man5/acct.5:153
msgid "The I<acct_v3> structure is defined in glibc since version 2.6."
msgstr "I<acct_v3> 構造体はバージョン 2.6 以降の glibc で定義されている。"
#. type: Plain text
-#: build/C/man5/acct.5:156
+#: build/C/man5/acct.5:157
msgid ""
"Process accounting originated on BSD. Although it is present on most "
"systems, it is not standardized, and the details vary somewhat between "
"在するが、標準化されておらず、 その詳細はシステムによりいくらか異なる。"
#. type: Plain text
-#: build/C/man5/acct.5:159
+#: build/C/man5/acct.5:160
msgid ""
"Records in the accounting file are ordered by termination time of the "
"process."
msgstr "アカウンティングファイルのレコードは、プロセスの終了時刻の順序となる。"
#. type: Plain text
-#: build/C/man5/acct.5:166
+#: build/C/man5/acct.5:167
msgid ""
"In kernels up to and including 2.6.9, a separate accounting record is "
"written for each thread created using the NPTL threading library; since "
"全体についてのアカウンティングレコードが一つだけ書き込まれる。"
#. type: Plain text
-#: build/C/man5/acct.5:173
+#: build/C/man5/acct.5:174
msgid ""
"The I<proc/sys/kernel/acct> file, described in B<proc>(5), defines settings "
"that control the behavior of process accounting when disk space runs low."
"保持している。"
#. type: Plain text
-#: build/C/man5/acct.5:178
+#: build/C/man5/acct.5:179
msgid "B<lastcomm>(1), B<acct>(2), B<accton>(8), B<sa>(8)"
msgstr "B<lastcomm>(1), B<acct>(2), B<accton>(8), B<sa>(8)"
#. type: TH
-#: build/C/man7/capabilities.7:46
+#: build/C/man7/capabilities.7:48
#, no-wrap
msgid "CAPABILITIES"
msgstr "CAPABILITIES"
#. type: TH
-#: build/C/man7/capabilities.7:46
+#: build/C/man7/capabilities.7:48 build/C/man2/getpid.2:25
+#: build/C/man7/namespaces.7:27 build/C/man2/seteuid.2:29
+#: build/C/man2/setgid.2:29 build/C/man2/setresuid.2:26
+#: build/C/man2/setreuid.2:45 build/C/man2/setuid.2:30 build/C/man7/svipc.7:40
+#: build/C/man7/user_namespaces.7:27
#, no-wrap
-msgid "2012-04-15"
-msgstr "2012-04-15"
+msgid "2014-09-21"
+msgstr "2014-09-21"
#. type: Plain text
-#: build/C/man7/capabilities.7:49
+#: build/C/man7/capabilities.7:51
msgid "capabilities - overview of Linux capabilities"
msgstr "capabilities - Linux のケーパビリティ (capability) の概要"
#. type: Plain text
-#: build/C/man7/capabilities.7:61
+#: build/C/man7/capabilities.7:63
msgid ""
"For the purpose of performing permission checks, traditional UNIX "
"implementations distinguish two categories of processes: I<privileged> "
"のに対し、 特権プロセスでは全てのカーネルの権限チェックがバイパスされる。"
#. type: Plain text
-#: build/C/man7/capabilities.7:68
+#: build/C/man7/capabilities.7:70
msgid ""
"Starting with kernel 2.2, Linux divides the privileges traditionally "
"associated with superuser into distinct units, known as I<capabilities>, "
"パビリティはスレッド単位の属性である。"
#. type: SS
-#: build/C/man7/capabilities.7:68
+#: build/C/man7/capabilities.7:70
#, no-wrap
-msgid "Capabilities List"
+msgid "Capabilities list"
msgstr "ケーパビリティのリスト"
#. type: Plain text
-#: build/C/man7/capabilities.7:71
+#: build/C/man7/capabilities.7:73
msgid ""
"The following list shows the capabilities implemented on Linux, and the "
"operations or behaviors that each capability permits:"
"可する操作と動作をまとめたものである。"
#. type: TP
-#: build/C/man7/capabilities.7:71
+#: build/C/man7/capabilities.7:73
#, no-wrap
msgid "B<CAP_AUDIT_CONTROL> (since Linux 2.6.11)"
msgstr "B<CAP_AUDIT_CONTROL> (Linux 2.6.11 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:75
+#: build/C/man7/capabilities.7:77
msgid ""
"Enable and disable kernel auditing; change auditing filter rules; retrieve "
"auditing status and filtering rules."
"の状況やフィルタルールの取得ができる。"
#. type: TP
-#: build/C/man7/capabilities.7:75
+#: build/C/man7/capabilities.7:77
+#, no-wrap
+msgid "B<CAP_AUDIT_READ> (since Linux 3.16)"
+msgstr "B<CAP_AUDIT_READ> (Linux 3.16 以降)"
+
+#. commit a29b694aa1739f9d76538e34ae25524f9c549d59
+#. commit 3a101b8de0d39403b2c7e5c23fd0b005668acf48
+#. type: Plain text
+#: build/C/man7/capabilities.7:82
+msgid "Allow reading the audit log via a multicast netlink socket."
+msgstr "マルチキャスト netlink ソケット経由で監査ログの読み出しができる。"
+
+#. type: TP
+#: build/C/man7/capabilities.7:82
#, no-wrap
msgid "B<CAP_AUDIT_WRITE> (since Linux 2.6.11)"
msgstr "B<CAP_AUDIT_WRITE> (Linux 2.6.11 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:78
+#: build/C/man7/capabilities.7:85
msgid "Write records to kernel auditing log."
msgstr "カーネル監査のログにレコードを書き込む。"
#. type: TP
-#: build/C/man7/capabilities.7:78
+#: build/C/man7/capabilities.7:85
+#, no-wrap
+msgid "B<CAP_BLOCK_SUSPEND> (since Linux 3.5)"
+msgstr "B<CAP_BLOCK_SUSPEND> (Linux 3.5 以降)"
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:91
+msgid ""
+"Employ features that can block system suspend (B<epoll>(7) B<EPOLLWAKEUP>, "
+"I</proc/sys/wake_lock>)."
+msgstr ""
+"システムのサスペンドをブロックできる機能を使用する (B<epoll>(7) "
+"B<EPOLLWAKEUP>, I</proc/sys/wake_lock>)。"
+
+#. type: TP
+#: build/C/man7/capabilities.7:91
#, no-wrap
msgid "B<CAP_CHOWN>"
msgstr "B<CAP_CHOWN>"
#. type: Plain text
-#: build/C/man7/capabilities.7:82
+#: build/C/man7/capabilities.7:95
msgid "Make arbitrary changes to file UIDs and GIDs (see B<chown>(2))."
msgstr "ファイルの UID とGID を任意に変更する (B<chown>(2) 参照)。"
#. type: TP
-#: build/C/man7/capabilities.7:82
+#: build/C/man7/capabilities.7:95
#, no-wrap
msgid "B<CAP_DAC_OVERRIDE>"
msgstr "B<CAP_DAC_OVERRIDE>"
#. type: Plain text
-#: build/C/man7/capabilities.7:86
+#: build/C/man7/capabilities.7:99
msgid ""
"Bypass file read, write, and execute permission checks. (DAC is an "
"abbreviation of \"discretionary access control\".)"
"\"discretionary access control (任意のアクセス制御)\" の略である)。"
#. type: TP
-#: build/C/man7/capabilities.7:86
+#: build/C/man7/capabilities.7:99
#, no-wrap
msgid "B<CAP_DAC_READ_SEARCH>"
msgstr "B<CAP_DAC_READ_SEARCH>"
+#. type: IP
+#: build/C/man7/capabilities.7:103 build/C/man7/capabilities.7:106
+#: build/C/man7/capabilities.7:116 build/C/man7/capabilities.7:126
+#: build/C/man7/capabilities.7:130 build/C/man7/capabilities.7:132
+#: build/C/man7/capabilities.7:134 build/C/man7/capabilities.7:204
+#: build/C/man7/capabilities.7:206 build/C/man7/capabilities.7:208
+#: build/C/man7/capabilities.7:210 build/C/man7/capabilities.7:212
+#: build/C/man7/capabilities.7:214 build/C/man7/capabilities.7:216
+#: build/C/man7/capabilities.7:218 build/C/man7/capabilities.7:220
+#: build/C/man7/capabilities.7:244 build/C/man7/capabilities.7:246
+#: build/C/man7/capabilities.7:296 build/C/man7/capabilities.7:306
+#: build/C/man7/capabilities.7:312 build/C/man7/capabilities.7:317
+#: build/C/man7/capabilities.7:323 build/C/man7/capabilities.7:327
+#: build/C/man7/capabilities.7:334 build/C/man7/capabilities.7:337
+#: build/C/man7/capabilities.7:345 build/C/man7/capabilities.7:347
+#: build/C/man7/capabilities.7:356 build/C/man7/capabilities.7:365
+#: build/C/man7/capabilities.7:368 build/C/man7/capabilities.7:372
+#: build/C/man7/capabilities.7:380 build/C/man7/capabilities.7:383
+#: build/C/man7/capabilities.7:390 build/C/man7/capabilities.7:395
+#: build/C/man7/capabilities.7:401 build/C/man7/capabilities.7:405
+#: build/C/man7/capabilities.7:409 build/C/man7/capabilities.7:413
+#: build/C/man7/capabilities.7:417 build/C/man7/capabilities.7:444
+#: build/C/man7/capabilities.7:449 build/C/man7/capabilities.7:455
+#: build/C/man7/capabilities.7:458 build/C/man7/capabilities.7:461
+#: build/C/man7/capabilities.7:471 build/C/man7/capabilities.7:475
+#: build/C/man7/capabilities.7:492 build/C/man7/capabilities.7:495
+#: build/C/man7/capabilities.7:499 build/C/man7/capabilities.7:504
+#: build/C/man7/capabilities.7:513 build/C/man7/capabilities.7:518
+#: build/C/man7/capabilities.7:521 build/C/man7/capabilities.7:526
+#: build/C/man7/capabilities.7:529 build/C/man7/capabilities.7:532
+#: build/C/man7/capabilities.7:535 build/C/man7/capabilities.7:538
+#: build/C/man7/capabilities.7:543 build/C/man7/capabilities.7:545
+#: build/C/man7/capabilities.7:551 build/C/man7/capabilities.7:559
+#: build/C/man7/capabilities.7:561 build/C/man7/capabilities.7:565
+#: build/C/man7/capabilities.7:567 build/C/man7/capabilities.7:570
+#: build/C/man7/capabilities.7:574 build/C/man7/capabilities.7:576
+#: build/C/man7/capabilities.7:578 build/C/man7/capabilities.7:580
+#: build/C/man7/capabilities.7:589 build/C/man7/capabilities.7:596
+#: build/C/man7/capabilities.7:601 build/C/man7/capabilities.7:606
+#: build/C/man7/capabilities.7:611 build/C/man7/capabilities.7:636
+#: build/C/man7/capabilities.7:643 build/C/man7/capabilities.7:844
+#: build/C/man7/capabilities.7:852 build/C/man7/capabilities.7:1172
+#: build/C/man7/capabilities.7:1177 build/C/man7/cpuset.7:540
+#: build/C/man7/cpuset.7:545 build/C/man7/cpuset.7:550
+#: build/C/man7/cpuset.7:726 build/C/man7/cpuset.7:730
+#: build/C/man7/cpuset.7:927 build/C/man7/cpuset.7:930
+#: build/C/man7/cpuset.7:934 build/C/man7/cpuset.7:938
+#: build/C/man7/cpuset.7:942 build/C/man7/credentials.7:177
+#: build/C/man7/credentials.7:183 build/C/man7/credentials.7:195
+#: build/C/man7/credentials.7:217 build/C/man7/credentials.7:234
+#: build/C/man7/credentials.7:266 build/C/man7/credentials.7:269
+#: build/C/man7/credentials.7:280 build/C/man7/credentials.7:283
+#: build/C/man2/getrlimit.2:683 build/C/man2/getrlimit.2:686
+#: build/C/man7/namespaces.7:212 build/C/man7/namespaces.7:215
+#: build/C/man7/namespaces.7:228 build/C/man7/pid_namespaces.7:233
+#: build/C/man7/pid_namespaces.7:241 build/C/man7/pid_namespaces.7:252
+#: build/C/man7/user_namespaces.7:261 build/C/man7/user_namespaces.7:266
+#: build/C/man7/user_namespaces.7:272 build/C/man7/user_namespaces.7:285
+#: build/C/man7/user_namespaces.7:306 build/C/man7/user_namespaces.7:474
+#: build/C/man7/user_namespaces.7:477 build/C/man7/user_namespaces.7:479
+#: build/C/man7/user_namespaces.7:492 build/C/man7/user_namespaces.7:505
+#: build/C/man7/user_namespaces.7:532 build/C/man7/user_namespaces.7:541
+#: build/C/man2/seccomp.2:265 build/C/man2/seccomp.2:269
+#: build/C/man2/seccomp.2:272 build/C/man2/seccomp.2:277
+#: build/C/man2/seccomp.2:281 build/C/man2/seccomp.2:455
+#: build/C/man2/seccomp.2:463 build/C/man2/seccomp.2:469
+#, no-wrap
+msgid "*"
+msgstr "*"
+
#. type: Plain text
-#: build/C/man7/capabilities.7:90
+#: build/C/man7/capabilities.7:106
msgid ""
"Bypass file read permission checks and directory read and execute permission "
-"checks."
+"checks;"
msgstr ""
"ファイルの読み出し権限のチェックとディレクトリの読み出しと実行 の権限チェック"
"をバイパスする。"
+#. type: Plain text
+#: build/C/man7/capabilities.7:109
+msgid "Invoke B<open_by_handle_at>(2)."
+msgstr "B<open_by_handle_at>(2) を起動する。"
+
#. type: TP
-#: build/C/man7/capabilities.7:90
+#: build/C/man7/capabilities.7:112
#, no-wrap
msgid "B<CAP_FOWNER>"
msgstr "B<CAP_FOWNER>"
-#. type: IP
-#: build/C/man7/capabilities.7:94 build/C/man7/capabilities.7:104
-#: build/C/man7/capabilities.7:108 build/C/man7/capabilities.7:110
-#: build/C/man7/capabilities.7:112 build/C/man7/capabilities.7:182
-#: build/C/man7/capabilities.7:184 build/C/man7/capabilities.7:186
-#: build/C/man7/capabilities.7:188 build/C/man7/capabilities.7:190
-#: build/C/man7/capabilities.7:192 build/C/man7/capabilities.7:194
-#: build/C/man7/capabilities.7:196 build/C/man7/capabilities.7:198
-#: build/C/man7/capabilities.7:222 build/C/man7/capabilities.7:224
-#: build/C/man7/capabilities.7:270 build/C/man7/capabilities.7:280
-#: build/C/man7/capabilities.7:286 build/C/man7/capabilities.7:291
-#: build/C/man7/capabilities.7:297 build/C/man7/capabilities.7:304
-#: build/C/man7/capabilities.7:307 build/C/man7/capabilities.7:315
-#: build/C/man7/capabilities.7:317 build/C/man7/capabilities.7:326
-#: build/C/man7/capabilities.7:333 build/C/man7/capabilities.7:336
-#: build/C/man7/capabilities.7:340 build/C/man7/capabilities.7:343
-#: build/C/man7/capabilities.7:346 build/C/man7/capabilities.7:353
-#: build/C/man7/capabilities.7:358 build/C/man7/capabilities.7:364
-#: build/C/man7/capabilities.7:368 build/C/man7/capabilities.7:372
-#: build/C/man7/capabilities.7:376 build/C/man7/capabilities.7:380
-#: build/C/man7/capabilities.7:407 build/C/man7/capabilities.7:412
-#: build/C/man7/capabilities.7:417 build/C/man7/capabilities.7:420
-#: build/C/man7/capabilities.7:423 build/C/man7/capabilities.7:432
-#: build/C/man7/capabilities.7:436 build/C/man7/capabilities.7:472
-#: build/C/man7/capabilities.7:474 build/C/man7/capabilities.7:478
-#: build/C/man7/capabilities.7:480 build/C/man7/capabilities.7:483
-#: build/C/man7/capabilities.7:487 build/C/man7/capabilities.7:489
-#: build/C/man7/capabilities.7:491 build/C/man7/capabilities.7:493
-#: build/C/man7/capabilities.7:502 build/C/man7/capabilities.7:509
-#: build/C/man7/capabilities.7:514 build/C/man7/capabilities.7:519
-#: build/C/man7/capabilities.7:729 build/C/man7/capabilities.7:737
-#: build/C/man7/capabilities.7:1044 build/C/man7/capabilities.7:1049
-#: build/C/man7/cpuset.7:539 build/C/man7/cpuset.7:544
-#: build/C/man7/cpuset.7:549 build/C/man7/cpuset.7:725
-#: build/C/man7/cpuset.7:729 build/C/man7/cpuset.7:926
-#: build/C/man7/cpuset.7:929 build/C/man7/cpuset.7:933
-#: build/C/man7/cpuset.7:937 build/C/man7/cpuset.7:941
-#: build/C/man7/credentials.7:123 build/C/man7/credentials.7:129
-#: build/C/man7/credentials.7:141 build/C/man7/credentials.7:163
-#: build/C/man7/credentials.7:180 build/C/man7/credentials.7:212
-#: build/C/man7/credentials.7:215 build/C/man7/credentials.7:225
-#: build/C/man7/credentials.7:228
-#, no-wrap
-msgid "*"
-msgstr "*"
-
#. type: Plain text
-#: build/C/man7/capabilities.7:104
+#: build/C/man7/capabilities.7:126
msgid ""
-"Bypass permission checks on operations that normally require the file system "
-"UID of the process to match the UID of the file (e.g., B<chmod>(2), B<utime>"
-"(2)), excluding those operations covered by B<CAP_DAC_OVERRIDE> and "
+"Bypass permission checks on operations that normally require the filesystem "
+"UID of the process to match the UID of the file (e.g., B<chmod>(2), "
+"B<utime>(2)), excluding those operations covered by B<CAP_DAC_OVERRIDE> and "
"B<CAP_DAC_READ_SEARCH>;"
msgstr ""
"通常、プロセスのファイルシステム UID がファイルの UID に一致することが 要求さ"
"われる操作は除く。"
#. type: Plain text
-#: build/C/man7/capabilities.7:108
+#: build/C/man7/capabilities.7:130
msgid "set extended file attributes (see B<chattr>(1)) on arbitrary files;"
msgstr ""
"任意のファイルに対して拡張ファイル属性を設定する (B<chattr>(1) 参照)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:110
+#: build/C/man7/capabilities.7:132
msgid "set Access Control Lists (ACLs) on arbitrary files;"
msgstr "任意のファイルに対してアクセス制御リスト (ACL) を設定する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:112
+#: build/C/man7/capabilities.7:134
msgid "ignore directory sticky bit on file deletion;"
msgstr "ファイルの削除の際にディレクトリのスティッキービットを無視する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:119
+#: build/C/man7/capabilities.7:141
msgid ""
"specify B<O_NOATIME> for arbitrary files in B<open>(2) and B<fcntl>(2)."
msgstr ""
"る。"
#. type: TP
-#: build/C/man7/capabilities.7:121
+#: build/C/man7/capabilities.7:143
#, no-wrap
msgid "B<CAP_FSETID>"
msgstr "B<CAP_FSETID>"
#. type: Plain text
-#: build/C/man7/capabilities.7:127
+#: build/C/man7/capabilities.7:149
msgid ""
"Don't clear set-user-ID and set-group-ID permission bits when a file is "
"modified; set the set-group-ID bit for a file whose GID does not match the "
-"file system or any of the supplementary GIDs of the calling process."
+"filesystem or any of the supplementary GIDs of the calling process."
msgstr ""
"ファイルが変更されたときに set-user-ID とset-group-ID の許可ビットをクリア し"
"ない。呼び出し元プロセスのファイルシステム GID と追加の GID のいずれとも GID "
"が一致しないファイルに対して set-group-ID ビットを設定する。"
#. type: TP
-#: build/C/man7/capabilities.7:127
+#: build/C/man7/capabilities.7:149
#, no-wrap
msgid "B<CAP_IPC_LOCK>"
msgstr "B<CAP_IPC_LOCK>"
-#. FIXME As at Linux 3.2, there are some strange uses of this capability
+#. FIXME . As at Linux 3.2, there are some strange uses of this capability
#. in other places; they probably should be replaced with something else.
#. type: Plain text
-#: build/C/man7/capabilities.7:136
+#: build/C/man7/capabilities.7:158
msgid "Lock memory (B<mlock>(2), B<mlockall>(2), B<mmap>(2), B<shmctl>(2))."
msgstr ""
"メモリーのロック (B<mlock>(2), B<mlockall>(2), B<mmap>(2), B<shmctl>(2)) を"
"行う。"
#. type: TP
-#: build/C/man7/capabilities.7:136
+#: build/C/man7/capabilities.7:158
#, no-wrap
msgid "B<CAP_IPC_OWNER>"
msgstr "B<CAP_IPC_OWNER>"
#. type: Plain text
-#: build/C/man7/capabilities.7:139
+#: build/C/man7/capabilities.7:161
msgid "Bypass permission checks for operations on System V IPC objects."
msgstr ""
"System V IPC オブジェクトに対する操作に関して権限チェックをバイパスする。"
#. type: TP
-#: build/C/man7/capabilities.7:139
+#: build/C/man7/capabilities.7:161
#, no-wrap
msgid "B<CAP_KILL>"
msgstr "B<CAP_KILL>"
-#. FIXME CAP_KILL also has an effect for threads + setting child
+#. FIXME . CAP_KILL also has an effect for threads + setting child
#. termination signal to other than SIGCHLD: without this
#. capability, the termination signal reverts to SIGCHLD
#. if the child does an exec(). What is the rationale
#. for this?
#. type: Plain text
-#: build/C/man7/capabilities.7:152
+#: build/C/man7/capabilities.7:174
msgid ""
"Bypass permission checks for sending signals (see B<kill>(2)). This "
"includes use of the B<ioctl>(2) B<KDSIGACCEPT> operation."
"は B<ioctl>(2) の B<KDSIGACCEPT> 操作の使用も含まれる。"
#. type: TP
-#: build/C/man7/capabilities.7:152
+#: build/C/man7/capabilities.7:174
#, no-wrap
msgid "B<CAP_LEASE> (since Linux 2.4)"
msgstr "B<CAP_LEASE> (Linux 2.4 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:156
+#: build/C/man7/capabilities.7:178
msgid "Establish leases on arbitrary files (see B<fcntl>(2))."
msgstr "任意のファイルに対して ファイルリースを設定する (B<fcntl>(2) 参照)。"
#. type: TP
-#: build/C/man7/capabilities.7:156
+#: build/C/man7/capabilities.7:178
#, no-wrap
msgid "B<CAP_LINUX_IMMUTABLE>"
msgstr "B<CAP_LINUX_IMMUTABLE>"
#. These attributes are now available on ext2, ext3, Reiserfs, XFS, JFS
#. type: Plain text
-#: build/C/man7/capabilities.7:165
+#: build/C/man7/capabilities.7:187
msgid ""
-"Set the B<FS_APPEND_FL> and B<FS_IMMUTABLE_FL> i-node flags (see B<chattr>"
-"(1))."
+"Set the B<FS_APPEND_FL> and B<FS_IMMUTABLE_FL> inode flags (see "
+"B<chattr>(1))."
msgstr ""
-"拡張ファイル属性 B<FS_APPEND_FL> と B<FS_IMMUTABLE_FL> を設定する (B<chattr>"
-"(1) 参照)。"
+"inode フラグ B<FS_APPEND_FL> と B<FS_IMMUTABLE_FL> を設定する (B<chattr>(1) "
+"参照)。"
#. type: TP
-#: build/C/man7/capabilities.7:165
+#: build/C/man7/capabilities.7:187
#, no-wrap
msgid "B<CAP_MAC_ADMIN> (since Linux 2.6.25)"
msgstr "B<CAP_MAC_ADMIN> (Linux 2.6.25 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:169
+#: build/C/man7/capabilities.7:191
msgid ""
"Override Mandatory Access Control (MAC). Implemented for the Smack Linux "
"Security Module (LSM)."
"実装されている。"
#. type: TP
-#: build/C/man7/capabilities.7:169
+#: build/C/man7/capabilities.7:191
#, no-wrap
msgid "B<CAP_MAC_OVERRIDE> (since Linux 2.6.25)"
msgstr "B<CAP_MAC_OVERRIDE> (Linux 2.6.25 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:173
+#: build/C/man7/capabilities.7:195
msgid ""
"Allow MAC configuration or state changes. Implemented for the Smack LSM."
msgstr "MAC の設定や状態を変更する。 Smack LSM 用に実装されている。"
#. type: TP
-#: build/C/man7/capabilities.7:173
+#: build/C/man7/capabilities.7:195
#, no-wrap
msgid "B<CAP_MKNOD> (since Linux 2.4)"
msgstr "B<CAP_MKNOD> (Linux 2.4 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:177
+#: build/C/man7/capabilities.7:199
msgid "Create special files using B<mknod>(2)."
msgstr ""
"(Linux 2.4 以降) B<mknod>(2) を使用してスペシャルファイルを作成する。"
#. type: TP
-#: build/C/man7/capabilities.7:177
+#: build/C/man7/capabilities.7:199
#, no-wrap
msgid "B<CAP_NET_ADMIN>"
msgstr "B<CAP_NET_ADMIN>"
#. type: Plain text
-#: build/C/man7/capabilities.7:180
+#: build/C/man7/capabilities.7:202
msgid "Perform various network-related operations:"
msgstr "各種のネットワーク関係の操作を実行する:"
#. type: Plain text
-#: build/C/man7/capabilities.7:184
+#: build/C/man7/capabilities.7:206
msgid "interface configuration;"
msgstr "インターフェースの設定"
#. type: Plain text
-#: build/C/man7/capabilities.7:186
-msgid "administration of IP firewall, masquerading, and accounting"
+#: build/C/man7/capabilities.7:208
+msgid "administration of IP firewall, masquerading, and accounting;"
msgstr "IP のファイアウォール、マスカレード、アカウンティング"
#. type: Plain text
-#: build/C/man7/capabilities.7:188
+#: build/C/man7/capabilities.7:210
msgid "modify routing tables;"
msgstr "ルーティングテーブルの変更"
#. type: Plain text
-#: build/C/man7/capabilities.7:190
+#: build/C/man7/capabilities.7:212
msgid "bind to any address for transparent proxying;"
msgstr "透過的プロキシでの任意のアドレスの割り当て (bind)"
#. type: Plain text
-#: build/C/man7/capabilities.7:192
+#: build/C/man7/capabilities.7:214
msgid "set type-of-service (TOS)"
msgstr "サービス種別 (type-of-service; TOS) のセット"
#. type: Plain text
-#: build/C/man7/capabilities.7:194
+#: build/C/man7/capabilities.7:216
msgid "clear driver statistics;"
msgstr "ドライバの統計情報のクリア"
#. type: Plain text
-#: build/C/man7/capabilities.7:196
+#: build/C/man7/capabilities.7:218
msgid "set promiscuous mode;"
msgstr "promiscuous モードをセットする"
#. type: Plain text
-#: build/C/man7/capabilities.7:198
+#: build/C/man7/capabilities.7:220
msgid "enabling multicasting;"
msgstr "マルチキャストを有効にする"
#. type: Plain text
-#: build/C/man7/capabilities.7:209
+#: build/C/man7/capabilities.7:231
msgid ""
"use B<setsockopt>(2) to set the following socket options: B<SO_DEBUG>, "
"B<SO_MARK>, B<SO_PRIORITY> (for a priority outside the range 0 to 6), "
"B<SO_RCVBUFFORCE>, and B<SO_SNDBUFFORCE>"
#. type: TP
-#: build/C/man7/capabilities.7:211
+#: build/C/man7/capabilities.7:233
#, no-wrap
msgid "B<CAP_NET_BIND_SERVICE>"
msgstr "B<CAP_NET_BIND_SERVICE>"
#. type: Plain text
-#: build/C/man7/capabilities.7:215
+#: build/C/man7/capabilities.7:237
msgid ""
"Bind a socket to Internet domain privileged ports (port numbers less than "
"1024)."
"る。"
#. type: TP
-#: build/C/man7/capabilities.7:215
+#: build/C/man7/capabilities.7:237
#, no-wrap
msgid "B<CAP_NET_BROADCAST>"
msgstr "B<CAP_NET_BROADCAST>"
#. type: Plain text
-#: build/C/man7/capabilities.7:218
+#: build/C/man7/capabilities.7:240
msgid "(Unused) Make socket broadcasts, and listen to multicasts."
msgstr ""
"(未使用) ソケットのブロードキャストと、マルチキャストの待ち受けを行う。"
#. type: TP
-#: build/C/man7/capabilities.7:218
+#: build/C/man7/capabilities.7:240
#, no-wrap
msgid "B<CAP_NET_RAW>"
msgstr "B<CAP_NET_RAW>"
#. type: Plain text
-#: build/C/man7/capabilities.7:224
+#: build/C/man7/capabilities.7:246
msgid "use RAW and PACKET sockets;"
msgstr "RAW ソケットと PACKET ソケットを使用する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:226
+#: build/C/man7/capabilities.7:248
msgid "bind to any address for transparent proxying."
msgstr "透過的プロキシでの任意のアドレスの割り当て (bind)"
#. type: TP
-#: build/C/man7/capabilities.7:229
+#: build/C/man7/capabilities.7:251
#, no-wrap
msgid "B<CAP_SETGID>"
msgstr "B<CAP_SETGID>"
#. type: Plain text
-#: build/C/man7/capabilities.7:233
+#: build/C/man7/capabilities.7:257
msgid ""
"Make arbitrary manipulations of process GIDs and supplementary GID list; "
-"forge GID when passing socket credentials via UNIX domain sockets."
+"forge GID when passing socket credentials via UNIX domain sockets; write a "
+"group ID mapping in a user namespace (see B<user_namespaces>(7))."
msgstr ""
"プロセスの GID と追加の GID リストに対する任意の操作を行う。 UNIX ドメインソ"
"ケット経由でソケットの資格情報 (credential) を渡す際に 偽の GID を渡すことが"
-"できる。"
+"できる。 ユーザー名前空間にグループ ID マッピングを書き込むことができる "
+"(B<user_namespaces>(7) 参照)。"
#. type: TP
-#: build/C/man7/capabilities.7:233
+#: build/C/man7/capabilities.7:257
#, no-wrap
msgid "B<CAP_SETFCAP> (since Linux 2.6.24)"
msgstr "B<CAP_SETFCAP> (Linux 2.6.24 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:236
+#: build/C/man7/capabilities.7:260
msgid "Set file capabilities."
msgstr "ファイルケーパビリティを設定する。"
#. type: TP
-#: build/C/man7/capabilities.7:236
+#: build/C/man7/capabilities.7:260
#, no-wrap
msgid "B<CAP_SETPCAP>"
msgstr "B<CAP_SETPCAP>"
#. type: Plain text
-#: build/C/man7/capabilities.7:247
+#: build/C/man7/capabilities.7:271
msgid ""
"If file capabilities are not supported: grant or remove any capability in "
"the caller's permitted capability set to or from any other process. (This "
"サポートしているカーネルでは B<CAP_SETPCAP> は全く別の意味を持つからである。)"
#. type: Plain text
-#: build/C/man7/capabilities.7:257
+#: build/C/man7/capabilities.7:281
msgid ""
"If file capabilities are supported: add any capability from the calling "
"thread's bounding set to its inheritable set; drop capabilities from the "
"らケーパビリティを削除できる。 I<securebits> フラグを変更できる。"
#. type: TP
-#: build/C/man7/capabilities.7:257
+#: build/C/man7/capabilities.7:281
#, no-wrap
msgid "B<CAP_SETUID>"
msgstr "B<CAP_SETUID>"
#. FIXME CAP_SETUID also an effect in exec(); document this.
#. type: Plain text
-#: build/C/man7/capabilities.7:266
+#: build/C/man7/capabilities.7:292
msgid ""
"Make arbitrary manipulations of process UIDs (B<setuid>(2), B<setreuid>(2), "
-"B<setresuid>(2), B<setfsuid>(2)); make forged UID when passing socket "
-"credentials via UNIX domain sockets."
+"B<setresuid>(2), B<setfsuid>(2)); forge UID when passing socket credentials "
+"via UNIX domain sockets; write a user ID mapping in a user namespace (see "
+"B<user_namespaces>(7))."
msgstr ""
-"プロセスの UID に対する任意の操作 (B<setuid>(2), B<setreuid>(2), B<setresuid>"
-"(2), B<setfsuid>(2)) を行う。 UNIX ドメインソケット経由でソケットの資格情報 "
-"(credential) を渡す際に 偽の UID を渡すことができる。"
+"プロセスの UID に対する任意の操作 (B<setuid>(2), B<setreuid>(2), "
+"B<setresuid>(2), B<setfsuid>(2)) を行う。 UNIX ドメインソケット経由でソケッ"
+"トの資格情報 (credential) を渡す際に 偽の UID を渡すことができる。 ユーザー名"
+"前空間にユーザー ID マッピングを書き込むことができる (B<user_namespaces>(7) "
+"参照)。"
#. type: TP
-#: build/C/man7/capabilities.7:266
+#: build/C/man7/capabilities.7:292
#, no-wrap
msgid "B<CAP_SYS_ADMIN>"
msgstr "B<CAP_SYS_ADMIN>"
#. type: Plain text
-#: build/C/man7/capabilities.7:280
+#: build/C/man7/capabilities.7:306
msgid ""
-"Perform a range of system administration operations including: B<quotactl>"
-"(2), B<mount>(2), B<umount>(2), B<swapon>(2), B<swapoff>(2), B<sethostname>"
-"(2), and B<setdomainname>(2);"
+"Perform a range of system administration operations including: "
+"B<quotactl>(2), B<mount>(2), B<umount>(2), B<swapon>(2), B<swapoff>(2), "
+"B<sethostname>(2), and B<setdomainname>(2);"
msgstr ""
-"以下のシステム管理用の操作を実行する: B<quotactl>(2), B<mount>(2), B<umount>"
-"(2), B<swapon>(2), B<swapoff>(2), B<sethostname>(2), B<setdomainname>(2)."
+"以下のシステム管理用の操作を実行する: B<quotactl>(2), B<mount>(2), "
+"B<umount>(2), B<swapon>(2), B<swapoff>(2), B<sethostname>(2), "
+"B<setdomainname>(2)."
#. type: Plain text
-#: build/C/man7/capabilities.7:286
+#: build/C/man7/capabilities.7:312
msgid ""
"perform privileged B<syslog>(2) operations (since Linux 2.6.37, "
"B<CAP_SYSLOG> should be used to permit such operations);"
"B<CAP_SYSLOG> を使うべきである)"
#. type: Plain text
-#: build/C/man7/capabilities.7:291
+#: build/C/man7/capabilities.7:317
msgid "perform B<VM86_REQUEST_IRQ> B<vm86>(2) command;"
msgstr "B<VM86_REQUEST_IRQ> B<vm86>(2) コマンドを実行する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:297
+#: build/C/man7/capabilities.7:323
msgid ""
"perform B<IPC_SET> and B<IPC_RMID> operations on arbitrary System V IPC "
"objects;"
"する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:304
+#: build/C/man7/capabilities.7:327 build/C/man7/capabilities.7:574
+msgid "override B<RLIMIT_NPROC> resource limit;"
+msgstr "B<RLIMIT_NPROC> リソース制限を上書きする。"
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:334
msgid ""
"perform operations on I<trusted> and I<security> Extended Attributes (see "
"B<attr>(5));"
"照)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:307
+#: build/C/man7/capabilities.7:337
msgid "use B<lookup_dcookie>(2);"
msgstr "B<lookup_dcookie>(2) を呼び出す。"
#. type: Plain text
-#: build/C/man7/capabilities.7:315
+#: build/C/man7/capabilities.7:345
msgid ""
"use B<ioprio_set>(2) to assign B<IOPRIO_CLASS_RT> and (before Linux "
"2.6.25) B<IOPRIO_CLASS_IDLE> I/O scheduling classes;"
"前のバージョンのみ)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:317
+#: build/C/man7/capabilities.7:347
msgid "forge UID when passing socket credentials;"
msgstr "ソケットの資格情報 (credential) を渡す際に偽の UID を渡す。"
#. type: Plain text
-#: build/C/man7/capabilities.7:326
+#: build/C/man7/capabilities.7:356
msgid ""
"exceed I</proc/sys/fs/file-max>, the system-wide limit on the number of open "
"files, in system calls that open files (e.g., B<accept>(2), B<execve>(2), "
"proc/sys/fs/file-max> を超過する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:333
+#: build/C/man7/capabilities.7:365
msgid ""
"employ B<CLONE_*> flags that create new namespaces with B<clone>(2) and "
-"B<unshare>(2);"
+"B<unshare>(2) (but, since Linux 3.8, creating user namespaces does not "
+"require any capability);"
msgstr ""
-"B<clone>(2) と B<unshare>(2) で新しい名前空間を作成する B<CLONE_*> \n"
-"フラグを利用する。"
+"B<clone>(2) と B<unshare>(2) で新しい名前空間を作成する B<CLONE_*> フラグを利"
+"用する (ただし、 Linux 3.8 以降では、ユーザー名前空間の作成にどのケーパビリ"
+"ティも必要としない)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:336
+#: build/C/man7/capabilities.7:368
msgid "call B<perf_event_open>(2);"
msgstr "B<perf_event_open>(2) を呼び出す。"
#. type: Plain text
-#: build/C/man7/capabilities.7:340
+#: build/C/man7/capabilities.7:372
msgid "access privileged I<perf> event information;"
msgstr "特権が必要な I<perf> イベントの情報にアクセスする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:343
-msgid "call B<setns>(2);"
-msgstr "B<setns>(2) を呼び出す。"
+#: build/C/man7/capabilities.7:380
+msgid ""
+"call B<setns>(2) (requires B<CAP_SYS_ADMIN> in the I<target> namespace);"
+msgstr ""
+"B<setns>(2) を呼び出す (I<target> 名前空間での B<CAP_SYS_ADMIN> が必要)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:346
+#: build/C/man7/capabilities.7:383
msgid "call B<fanotify_init>(2);"
msgstr "B<fanotify_init>(2) を呼び出す。"
#. type: Plain text
-#: build/C/man7/capabilities.7:353
+#: build/C/man7/capabilities.7:390
msgid "perform B<KEYCTL_CHOWN> and B<KEYCTL_SETPERM> B<keyctl>(2) operations;"
msgstr "B<keyctl>(2) の B<KEYCTL_CHOWN> と B<KEYCTL_SETPERM> 操作を実行する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:358
+#: build/C/man7/capabilities.7:395
msgid "perform B<madvise>(2) B<MADV_HWPOISON> operation;"
msgstr "B<madvise>(2) の B<MADV_HWPOISON> 操作を実行する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:364
+#: build/C/man7/capabilities.7:401
msgid ""
"employ the B<TIOCSTI> B<ioctl>(2) to insert characters into the input queue "
-"of a terminal other than the caller's controlling terminal."
+"of a terminal other than the caller's controlling terminal;"
msgstr ""
"B<TIOCSTI> B<ioctl>(2) を使って、\n"
"呼び出し元の制御端末以外の端末の入力キューに文字を挿入する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:368
+#: build/C/man7/capabilities.7:405
msgid "employ the obsolete B<nfsservctl>(2) system call;"
msgstr "廃止予定の B<nfsservctl>(2) システムコールを使用する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:372
+#: build/C/man7/capabilities.7:409
msgid "employ the obsolete B<bdflush>(2) system call;"
msgstr "廃止予定の B<bdflush>(2) システムコールを使用する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:376
+#: build/C/man7/capabilities.7:413
msgid "perform various privileged block-device B<ioctl>(2) operations;"
msgstr ""
"特権が必要なブロックデバイスに対する各種の B<ioctl>(2) 操作を\n"
"実行する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:380
-msgid "perform various privileged file-system B<ioctl>(2) operations;"
+#: build/C/man7/capabilities.7:417
+msgid "perform various privileged filesystem B<ioctl>(2) operations;"
msgstr ""
"特権が必要なファイルシステムに対する各種の B<ioctl>(2) 操作を\n"
"実行する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:382
+#: build/C/man7/capabilities.7:419
msgid "perform administrative operations on many device drivers."
msgstr "多くのデバイスドライバに対する管理命令を実行する。"
#. type: TP
-#: build/C/man7/capabilities.7:384
+#: build/C/man7/capabilities.7:421
#, no-wrap
msgid "B<CAP_SYS_BOOT>"
msgstr "B<CAP_SYS_BOOT>"
#. type: Plain text
-#: build/C/man7/capabilities.7:390
+#: build/C/man7/capabilities.7:427
msgid "Use B<reboot>(2) and B<kexec_load>(2)."
msgstr "B<reboot>(2) と B<kexec_load>(2) を呼び出す。"
#. type: TP
-#: build/C/man7/capabilities.7:390
+#: build/C/man7/capabilities.7:427
#, no-wrap
msgid "B<CAP_SYS_CHROOT>"
msgstr "B<CAP_SYS_CHROOT>"
#. type: Plain text
-#: build/C/man7/capabilities.7:394
+#: build/C/man7/capabilities.7:431
msgid "Use B<chroot>(2)."
msgstr "B<chroot>(2). を呼び出す。"
#. type: TP
-#: build/C/man7/capabilities.7:394
+#: build/C/man7/capabilities.7:431
#, no-wrap
msgid "B<CAP_SYS_MODULE>"
msgstr "B<CAP_SYS_MODULE>"
#. type: Plain text
-#: build/C/man7/capabilities.7:403
+#: build/C/man7/capabilities.7:440
msgid ""
-"Load and unload kernel modules (see B<init_module>(2) and B<delete_module>"
-"(2)); in kernels before 2.6.25: drop capabilities from the system-wide "
-"capability bounding set."
+"Load and unload kernel modules (see B<init_module>(2) and "
+"B<delete_module>(2)); in kernels before 2.6.25: drop capabilities from the "
+"system-wide capability bounding set."
msgstr ""
"カーネルモジュールのロード、アンロードを行う (B<init_module>(2) と "
"B<delete_module>(2) を参照のこと)。 バージョン 2.6.25 より前のカーネルで、 "
"からケーパビリティを外す。"
#. type: TP
-#: build/C/man7/capabilities.7:403
+#: build/C/man7/capabilities.7:440
#, no-wrap
msgid "B<CAP_SYS_NICE>"
msgstr "B<CAP_SYS_NICE>"
#. type: Plain text
-#: build/C/man7/capabilities.7:412
+#: build/C/man7/capabilities.7:449
msgid ""
"Raise process nice value (B<nice>(2), B<setpriority>(2)) and change the "
"nice value for arbitrary processes;"
"セスの nice 値の変更を行う。"
#. type: Plain text
-#: build/C/man7/capabilities.7:417
+#: build/C/man7/capabilities.7:455
msgid ""
"set real-time scheduling policies for calling process, and set scheduling "
"policies and priorities for arbitrary processes (B<sched_setscheduler>(2), "
-"B<sched_setparam>(2));"
+"B<sched_setparam>(2), B<shed_setattr>(2));"
msgstr ""
"呼び出し元プロセスに対するリアルタイムスケジューリングポリシーと、 任意のプロ"
-"セスに対するスケジューリングポリシーと優先度を設定する (B<sched_setscheduler>"
-"(2), B<sched_setparam>(2))。"
+"セスに対するスケジューリングポリシーと優先度を設定する "
+"(B<sched_setscheduler>(2), B<sched_setparam>(2), B<shed_setattr>(2))。"
#. type: Plain text
-#: build/C/man7/capabilities.7:420
+#: build/C/man7/capabilities.7:458
msgid "set CPU affinity for arbitrary processes (B<sched_setaffinity>(2));"
msgstr ""
"任意のプロセスに対する CPU affinity を設定できる (B<sched_setaffinity>(2))。"
#. type: Plain text
-#: build/C/man7/capabilities.7:423
+#: build/C/man7/capabilities.7:461
msgid ""
-"set I/O scheduling class and priority for arbitrary processes (B<ioprio_set>"
-"(2));"
+"set I/O scheduling class and priority for arbitrary processes "
+"(B<ioprio_set>(2));"
msgstr ""
"任意のプロセスに対して I/O スケジューリングクラスと優先度を設定できる "
"(B<ioprio_set>(2))。"
#. migrate_pages(2):
#. do_migrate_pages(mm, &old, &new,
#. capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
+#. Document this.
#. type: Plain text
-#: build/C/man7/capabilities.7:432
+#: build/C/man7/capabilities.7:471
msgid ""
"apply B<migrate_pages>(2) to arbitrary processes and allow processes to be "
"migrated to arbitrary nodes;"
"る。"
#. type: Plain text
-#: build/C/man7/capabilities.7:436
+#: build/C/man7/capabilities.7:475
msgid "apply B<move_pages>(2) to arbitrary processes;"
msgstr "B<move_pages>(2) を任意のプロセスに対して行う。"
#. type: Plain text
-#: build/C/man7/capabilities.7:443
+#: build/C/man7/capabilities.7:482
msgid ""
"use the B<MPOL_MF_MOVE_ALL> flag with B<mbind>(2) and B<move_pages>(2)."
msgstr ""
"B<mbind>(2) と B<move_pages>(2) で B<MPOL_MF_MOVE_ALL> フラグを使用する。"
#. type: TP
-#: build/C/man7/capabilities.7:445
+#: build/C/man7/capabilities.7:484
#, no-wrap
msgid "B<CAP_SYS_PACCT>"
msgstr "B<CAP_SYS_PACCT>"
#. type: Plain text
-#: build/C/man7/capabilities.7:449
+#: build/C/man7/capabilities.7:488
msgid "Use B<acct>(2)."
msgstr "B<acct>(2) を呼び出す。"
#. type: TP
-#: build/C/man7/capabilities.7:449
+#: build/C/man7/capabilities.7:488
#, no-wrap
msgid "B<CAP_SYS_PTRACE>"
msgstr "B<CAP_SYS_PTRACE>"
#. type: Plain text
-#: build/C/man7/capabilities.7:456
+#: build/C/man7/capabilities.7:495
+msgid "Trace arbitrary processes using B<ptrace>(2);"
+msgstr "B<ptrace>(2) を使って任意のプロセスをトレースする。"
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:499
+msgid "apply B<get_robust_list>(2) to arbitrary processes;"
+msgstr "B<get_robust_list>(2) を任意のプロセスに対して行う。"
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:504
msgid ""
-"Trace arbitrary processes using B<ptrace>(2); apply B<get_robust_list>(2) "
-"to arbitrary processes."
+"transfer data to or from the memory of arbitrary processes using "
+"B<process_vm_readv>(2) and B<process_vm_writev>(2)."
msgstr ""
-"B<ptrace>(2) を使って任意のプロセスをトレースする。 任意のプロセスに "
-"B<get_robust_list>(2) を適用する。"
+"B<process_vm_readv>(2) と B<process_vm_writev>(2) を使って任意のプロセスのメ"
+"モリとの間でデータの送受信を行う。"
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:507
+msgid "inspect processes using B<kcmp>(2)."
+msgstr "B<kcmp>(2) を使ってプロセス内部を調査する。"
#. type: TP
-#: build/C/man7/capabilities.7:456
+#: build/C/man7/capabilities.7:509
#, no-wrap
msgid "B<CAP_SYS_RAWIO>"
msgstr "B<CAP_SYS_RAWIO>"
#. type: Plain text
-#: build/C/man7/capabilities.7:468
+#: build/C/man7/capabilities.7:518
+msgid "Perform I/O port operations (B<iopl>(2) and B<ioperm>(2));"
+msgstr "I/O ポート操作を実行する (B<iopl>(2)、 B<ioperm>(2))。"
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:521
+msgid "access I</proc/kcore>;"
+msgstr "I</proc/kcore> にアクセスする。"
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:526
+msgid "employ the B<FIBMAP> B<ioctl>(2) operation;"
+msgstr "B<FIBMAP> B<ioctl>(2) 操作を使用する。"
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:529
+msgid ""
+"open devices for accessing x86 model-specific registers (MSRs, see B<msr>(4))"
+msgstr ""
+"x86 モデルに固有のレジスタ (MSR レジスタ群、 B<msr>(4) 参照) にアクセスするた"
+"めのデバイスをオープンする。"
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:532
+msgid "update I</proc/sys/vm/mmap_min_addr>;"
+msgstr "I</proc/sys/vm/mmap_min_addr> を更新する。"
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:535
msgid ""
-"Perform I/O port operations (B<iopl>(2) and B<ioperm>(2)); access I</proc/"
-"kcore>; employ the B<FIBMAP> B<ioctl>(2) operation."
+"create memory mappings at addresses below the value specified by I</proc/sys/"
+"vm/mmap_min_addr>;"
msgstr ""
-"I/O ポート操作を実行する (B<iopl>(2)、 B<ioperm>(2))。\n"
-"I</proc/kcore> にアクセスする。\n"
-"B<FIBMAP> B<ioctl>(2) 操作を使用する。"
+"I</proc/sys/vm/mmap_min_addr> で指定された値よりも小さなアドレスにメモリマッ"
+"ピングを作成する。"
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:538
+msgid "map files in I</proc/bus/pci>;"
+msgstr "I</proc/bus/pci> にあるファイルをマップする。"
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:543
+msgid "open I</dev/mem> and I</dev/kmem>;"
+msgstr "I</dev/mem> や I</dev/kmem> をオープンする。"
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:545
+msgid "perform various SCSI device commands;"
+msgstr "各種の SCSI デバイスコマンドを実行する。"
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:551
+msgid "perform certain operations on B<hpsa>(4) and B<cciss>(4) devices;"
+msgstr "B<hpsa>(4) デバイスや B<cciss>(4) デバイスの特定の操作を実行する。"
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:553
+msgid "perform a range of device-specific operations on other devices."
+msgstr "他のデバイスに対して各種のデバイス固有命令を実行する。"
#. type: TP
-#: build/C/man7/capabilities.7:468
+#: build/C/man7/capabilities.7:555
#, no-wrap
msgid "B<CAP_SYS_RESOURCE>"
msgstr "B<CAP_SYS_RESOURCE>"
#. type: Plain text
-#: build/C/man7/capabilities.7:474
-msgid "Use reserved space on ext2 file systems;"
+#: build/C/man7/capabilities.7:561
+msgid "Use reserved space on ext2 filesystems;"
msgstr "ext2 ファイルシステム上の予約されている領域を使用する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:478
+#: build/C/man7/capabilities.7:565
msgid "make B<ioctl>(2) calls controlling ext3 journaling;"
msgstr "ext3 のジャーナル機能を制御する B<ioctl>(2) を使用する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:480
+#: build/C/man7/capabilities.7:567
msgid "override disk quota limits;"
msgstr "ディスク quota の上限を上書きする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:483
+#: build/C/man7/capabilities.7:570
msgid "increase resource limits (see B<setrlimit>(2));"
msgstr "リソース上限を増やす (B<setrlimit>(2))。"
#. type: Plain text
-#: build/C/man7/capabilities.7:487
-msgid "override B<RLIMIT_NPROC> resource limit;"
-msgstr "B<RLIMIT_NPROC> リソース制限を上書きする。"
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:489
+#: build/C/man7/capabilities.7:576
msgid "override maximum number of consoles on console allocation;"
msgstr "コンソール割り当てにおいてコンソールの最大数を上書きする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:491
+#: build/C/man7/capabilities.7:578
msgid "override maximum number of keymaps;"
msgstr "キーマップの最大数を上書きする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:493
+#: build/C/man7/capabilities.7:580
msgid "allow more than 64hz interrupts from the real-time clock;"
msgstr "リアルタイムクロックから秒間 64 回を越える回数の割り当てが許可する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:502
+#: build/C/man7/capabilities.7:589
msgid ""
"raise I<msg_qbytes> limit for a System V message queue above the limit in I</"
"proc/sys/kernel/msgmnb> (see B<msgop>(2) and B<msgctl>(2));"
"(B<msgop>(2) と B<msgctl>(2) 参照)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:509
+#: build/C/man7/capabilities.7:596
msgid ""
"override the I</proc/sys/fs/pipe-size-max> limit when setting the capacity "
"of a pipe using the B<F_SETPIPE_SZ> B<fcntl>(2) command."
"上限 I</proc/sys/fs/pipe-size-max> を上書きする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:514
+#: build/C/man7/capabilities.7:601
msgid ""
"use B<F_SETPIPE_SZ> to increase the capacity of a pipe above the limit "
"specified by I</proc/sys/fs/pipe-max-size>;"
"を増やすのに B<F_SETPIPE_SZ> を使用する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:519
+#: build/C/man7/capabilities.7:606
msgid ""
"override I</proc/sys/fs/mqueue/queues_max> limit when creating POSIX message "
"queues (see B<mq_overview>(7));"
"(B<mq_overview>(7) 参照)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:524
-msgid "employ B<prctl>(2) B<PR_SET_MM> operation."
-msgstr "B<prctl>(2) の B<PR_SET_MM> 操作を使用する。"
+#: build/C/man7/capabilities.7:611
+msgid "employ B<prctl>(2) B<PR_SET_MM> operation;"
+msgstr "B<prctl>(2) B<PR_SET_MM> 操作を使用する。"
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:616
+msgid ""
+"set I</proc/PID/oom_score_adj> to a value lower than the value last set by a "
+"process with B<CAP_SYS_RESOURCE>."
+msgstr ""
+"B<CAP_SYS_RESOURCE> を持ったプロセスによって最後に設定された値よりも小さな値"
+"を I</proc/PID/oom_score_adj> に設定する。"
#. type: TP
-#: build/C/man7/capabilities.7:526
+#: build/C/man7/capabilities.7:618
#, no-wrap
msgid "B<CAP_SYS_TIME>"
msgstr "B<CAP_SYS_TIME>"
#. type: Plain text
-#: build/C/man7/capabilities.7:533
+#: build/C/man7/capabilities.7:625
msgid ""
"Set system clock (B<settimeofday>(2), B<stime>(2), B<adjtimex>(2)); set real-"
"time (hardware) clock."
msgstr ""
-"システムクロックを変更する (B<settimeofday>(2), B<stime>(2), B<adjtimex>"
-"(2))。 リアルタイム (ハードウェア) クロックを変更する。"
+"システムクロックを変更する (B<settimeofday>(2), B<stime>(2), "
+"B<adjtimex>(2))。 リアルタイム (ハードウェア) クロックを変更する。"
#. type: TP
-#: build/C/man7/capabilities.7:533
+#: build/C/man7/capabilities.7:625
#, no-wrap
msgid "B<CAP_SYS_TTY_CONFIG>"
msgstr "B<CAP_SYS_TTY_CONFIG>"
#. type: Plain text
-#: build/C/man7/capabilities.7:540
+#: build/C/man7/capabilities.7:632
msgid ""
"Use B<vhangup>(2); employ various privileged B<ioctl>(2) operations on "
"virtual terminals."
"特権が必要な仮想端末に関する各種の B<ioctl>(2) 操作を利用できる。"
#. type: TP
-#: build/C/man7/capabilities.7:540
+#: build/C/man7/capabilities.7:632
#, no-wrap
msgid "B<CAP_SYSLOG> (since Linux 2.6.37)"
msgstr "B<CAP_SYSLOG> (Linux 2.6.37 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:548
+#: build/C/man7/capabilities.7:643
msgid ""
"Perform privileged B<syslog>(2) operations. See B<syslog>(2) for "
"information on which operations require privilege."
"特権が必要な B<syslog>(2) 操作を実行できる。\n"
"どの操作が特権が必要かについての情報は B<syslog>(2) を参照。"
+#. type: Plain text
+#: build/C/man7/capabilities.7:653
+msgid ""
+"View kernel addresses exposed via I</proc> and other interfaces when I</proc/"
+"sys/kernel/kptr_restrict> has the value 1. (See the discussion of the "
+"I<kptr_restrict> in B<proc>(5).)"
+msgstr ""
+"I</proc/sys/kernel/kptr_restrict> の値が 1 の場合、 I</proc> や他のインター"
+"フェース経由で公開されているカーネルアドレスを参照する (B<proc>(5) の "
+"I<kptr_restrict> の議論を参照)。"
+
#. type: TP
-#: build/C/man7/capabilities.7:548
+#: build/C/man7/capabilities.7:655
#, no-wrap
msgid "B<CAP_WAKE_ALARM> (since Linux 3.0)"
msgstr "B<CAP_WAKE_ALARM> (Linux 3.0 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:556
+#: build/C/man7/capabilities.7:663
msgid ""
"Trigger something that will wake up the system (set B<CLOCK_REALTIME_ALARM> "
"and B<CLOCK_BOOTTIME_ALARM> timers)."
"や B<CLOCK_BOOTTIME_ALARM> を設定する)。"
#. type: SS
-#: build/C/man7/capabilities.7:556
+#: build/C/man7/capabilities.7:663
#, no-wrap
-msgid "Past and Current Implementation"
+msgid "Past and current implementation"
msgstr "過去と現在の実装"
#. type: Plain text
-#: build/C/man7/capabilities.7:558
+#: build/C/man7/capabilities.7:665
msgid "A full implementation of capabilities requires that:"
msgstr "完全な形のケーパビリティを実装するには、以下の要件を満たす必要がある:"
#. type: IP
-#: build/C/man7/capabilities.7:558 build/C/man7/capabilities.7:701
-#: build/C/man7/capabilities.7:848 build/C/man7/capabilities.7:901
+#: build/C/man7/capabilities.7:665 build/C/man7/capabilities.7:816
+#: build/C/man7/capabilities.7:963 build/C/man7/capabilities.7:1016
+#: build/C/man7/user_namespaces.7:173 build/C/man7/user_namespaces.7:515
#, no-wrap
msgid "1."
msgstr "1."
#. type: Plain text
-#: build/C/man7/capabilities.7:562
+#: build/C/man7/capabilities.7:669
msgid ""
"For all privileged operations, the kernel must check whether the thread has "
"the required capability in its effective set."
"要なケーパビリティがあるかを確認する。"
#. type: IP
-#: build/C/man7/capabilities.7:562 build/C/man7/capabilities.7:706
-#: build/C/man7/capabilities.7:854 build/C/man7/capabilities.7:907
+#: build/C/man7/capabilities.7:669 build/C/man7/capabilities.7:821
+#: build/C/man7/capabilities.7:969 build/C/man7/capabilities.7:1022
+#: build/C/man7/user_namespaces.7:189 build/C/man7/user_namespaces.7:521
#, no-wrap
msgid "2."
msgstr "2."
#. type: Plain text
-#: build/C/man7/capabilities.7:565
+#: build/C/man7/capabilities.7:672
msgid ""
"The kernel must provide system calls allowing a thread's capability sets to "
"be changed and retrieved."
"システムコールが提供される。"
#. type: IP
-#: build/C/man7/capabilities.7:565 build/C/man7/capabilities.7:857
-#: build/C/man7/capabilities.7:911
+#: build/C/man7/capabilities.7:672 build/C/man7/capabilities.7:972
+#: build/C/man7/capabilities.7:1026 build/C/man7/user_namespaces.7:193
+#: build/C/man7/user_namespaces.7:526
#, no-wrap
msgid "3."
msgstr "3."
#. type: Plain text
-#: build/C/man7/capabilities.7:568
+#: build/C/man7/capabilities.7:675
msgid ""
-"The file system must support attaching capabilities to an executable file, "
-"so that a process gains those capabilities when the file is executed."
+"The filesystem must support attaching capabilities to an executable file, so "
+"that a process gains those capabilities when the file is executed."
msgstr ""
"ファイルシステムが、実行可能ファイルにケーパビリティを付与でき、ファイル 実行"
"時にそのケーパビリティをプロセスが取得できるような機能をサポートする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:572
+#: build/C/man7/capabilities.7:679
msgid ""
"Before kernel 2.6.24, only the first two of these requirements are met; "
"since kernel 2.6.24, all three requirements are met."
"2.6.24 以降では、3つの要件すべてが満たされている。"
#. type: SS
-#: build/C/man7/capabilities.7:572
+#: build/C/man7/capabilities.7:679
#, no-wrap
-msgid "Thread Capability Sets"
+msgid "Thread capability sets"
msgstr "スレッドケーパビリティセット"
#. type: Plain text
-#: build/C/man7/capabilities.7:575
+#: build/C/man7/capabilities.7:682
msgid ""
"Each thread has three capability sets containing zero or more of the above "
"capabilities:"
"もよい)。"
#. type: TP
-#: build/C/man7/capabilities.7:575
+#: build/C/man7/capabilities.7:682
#, no-wrap
msgid "I<Permitted>:"
msgstr "I<許可 (permitted)>:"
#. type: Plain text
-#: build/C/man7/capabilities.7:583
+#: build/C/man7/capabilities.7:690
msgid ""
"This is a limiting superset for the effective capabilities that the thread "
"may assume. It is also a limiting superset for the capabilities that may be "
"の限定的なスーパーセットでもある。"
#. type: Plain text
-#: build/C/man7/capabilities.7:589
+#: build/C/man7/capabilities.7:696
msgid ""
"If a thread drops a capability from its permitted set, it can never "
"reacquire that capability (unless it B<execve>(2)s either a set-user-ID-root "
"プログラムを B<execve>(2) しない限りは) もう一度獲得することはできない。"
#. type: TP
-#: build/C/man7/capabilities.7:589
+#: build/C/man7/capabilities.7:696
#, no-wrap
msgid "I<Inheritable>:"
msgstr "I<継承可能 (inheritable)>:"
#. type: Plain text
-#: build/C/man7/capabilities.7:596
+#: build/C/man7/capabilities.7:703
msgid ""
"This is a set of capabilities preserved across an B<execve>(2). It provides "
"a mechanism for a process to assign capabilities to the permitted set of the "
"リティセットとして 割り当てるケーパビリティを指定することができる。"
#. type: TP
-#: build/C/man7/capabilities.7:596 build/C/man7/capabilities.7:638
+#: build/C/man7/capabilities.7:703 build/C/man7/capabilities.7:753
#, no-wrap
msgid "I<Effective>:"
msgstr "I<実効 (effective)>:"
#. type: Plain text
-#: build/C/man7/capabilities.7:600
+#: build/C/man7/capabilities.7:707
msgid ""
"This is the set of capabilities used by the kernel to perform permission "
"checks for the thread."
"ティセットである。"
#. type: Plain text
-#: build/C/man7/capabilities.7:606
+#: build/C/man7/capabilities.7:713
msgid ""
"A child created via B<fork>(2) inherits copies of its parent's capability "
"sets. See below for a discussion of the treatment of capabilities during "
"する。 B<execve>(2) 中のケーパビリティの扱いについては下記を参照のこと。"
#. type: Plain text
-#: build/C/man7/capabilities.7:611
+#: build/C/man7/capabilities.7:717
msgid ""
"Using B<capset>(2), a thread may manipulate its own capability sets (see "
"below)."
"B<capset>(2) を使うと、プロセスは自分自身のケーパビリティセット を操作するこ"
"とができる (下記参照)。"
+#. commit 73efc0394e148d0e15583e13712637831f926720
+#. type: Plain text
+#: build/C/man7/capabilities.7:726
+msgid ""
+"Since Linux 3.2, the file I</proc/sys/kernel/cap_last_cap> exposes the "
+"numerical value of the highest capability supported by the running kernel; "
+"this can be used to determine the highest bit that may be set in a "
+"capability set."
+msgstr ""
+"Linux 3.2 以降では、 ファイル I</proc/sys/kernel/cap_last_cap> で、 実行中の"
+"カーネルでサポートされているケーパビリティの最大値を参照できる。 この情報を"
+"使って、 ケーパビリティセットに設定される可能性がある最上位ビットを判定するこ"
+"とができる。"
+
#. type: SS
-#: build/C/man7/capabilities.7:611
+#: build/C/man7/capabilities.7:726
#, no-wrap
-msgid "File Capabilities"
+msgid "File capabilities"
msgstr "ファイルケーパビリティ"
#. type: Plain text
-#: build/C/man7/capabilities.7:626
+#: build/C/man7/capabilities.7:741
msgid ""
"Since kernel 2.6.24, the kernel supports associating capability sets with an "
"executable file using B<setcap>(8). The file capability sets are stored in "
"セットを対応付けることができる。 ファイルケーパビリティセットは I<security."
"capability> という名前の拡張属性に保存される (B<setxattr>(2) 参照)。この拡張"
"属性への書き込みには B<CAP_SETFCAP> ケーパビリティが必要である。 ファイルケー"
-"パビリティセットとスレッドのケーパビリティセットの両方が 考慮され、 B<execve>"
-"(2) 後のスレッドのケーパビリティセットが決定される。"
+"パビリティセットとスレッドのケーパビリティセットの両方が 考慮され、 "
+"B<execve>(2) 後のスレッドのケーパビリティセットが決定される。"
#. type: Plain text
-#: build/C/man7/capabilities.7:628
+#: build/C/man7/capabilities.7:743
msgid "The three file capability sets are:"
msgstr "3 つのファイルケーパビリティセットが定義されている。"
#. type: TP
-#: build/C/man7/capabilities.7:628
+#: build/C/man7/capabilities.7:743
#, no-wrap
msgid "I<Permitted> (formerly known as I<forced>):"
msgstr "I<許可 (Permitted)> (以前のI<強制 (Forced)>):"
#. type: Plain text
-#: build/C/man7/capabilities.7:632
+#: build/C/man7/capabilities.7:747
msgid ""
"These capabilities are automatically permitted to the thread, regardless of "
"the thread's inheritable capabilities."
"ケーパビリティ。"
#. type: TP
-#: build/C/man7/capabilities.7:632
+#: build/C/man7/capabilities.7:747
#, no-wrap
msgid "I<Inheritable> (formerly known as I<allowed>):"
msgstr "I<継承可能 (Inheritable)> (以前の I<許容 (Allowed)>):"
#. type: Plain text
-#: build/C/man7/capabilities.7:638
+#: build/C/man7/capabilities.7:753
msgid ""
"This set is ANDed with the thread's inheritable set to determine which "
"inheritable capabilities are enabled in the permitted set of the thread "
"継承可能ケーパビリティが決定される。"
#. type: Plain text
-#: build/C/man7/capabilities.7:648
+#: build/C/man7/capabilities.7:763
msgid ""
"This is not a set, but rather just a single bit. If this bit is set, then "
"during an B<execve>(2) all of the new permitted capabilities for the thread "
"集合 にセットされない。"
#. type: Plain text
-#: build/C/man7/capabilities.7:664
+#: build/C/man7/capabilities.7:779
msgid ""
"Enabling the file effective capability bit implies that any file permitted "
"or inheritable capability that causes a thread to acquire the corresponding "
"ケーパビリティ についても実効フラグを有効と指定しなければならない。"
#. type: SS
-#: build/C/man7/capabilities.7:664
+#: build/C/man7/capabilities.7:779
#, no-wrap
-msgid "Transformation of Capabilities During execve()"
+msgid "Transformation of capabilities during execve()"
msgstr "execve() 中のケーパビリティの変換"
#. type: Plain text
-#: build/C/man7/capabilities.7:670
+#: build/C/man7/capabilities.7:785
msgid ""
"During an B<execve>(2), the kernel calculates the new capabilities of the "
"process using the following algorithm:"
"リズムを用いて計算する:"
#. type: Plain text
-#: build/C/man7/capabilities.7:675
+#: build/C/man7/capabilities.7:790
#, no-wrap
msgid ""
"P'(permitted) = (P(inheritable) & F(inheritable)) |\n"
" (F(permitted) & cap_bset)\n"
#. type: Plain text
-#: build/C/man7/capabilities.7:677
+#: build/C/man7/capabilities.7:792
#, no-wrap
msgid "P'(effective) = F(effective) ? P'(permitted) : 0\n"
msgstr "P'(effective) = F(effective) ? P'(permitted) : 0\n"
#. type: Plain text
-#: build/C/man7/capabilities.7:679
+#: build/C/man7/capabilities.7:794
#, no-wrap
msgid "P'(inheritable) = P(inheritable) [i.e., unchanged]\n"
msgstr "P'(inheritable) = P(inheritable) [つまり、変更されない]\n"
#. type: Plain text
-#: build/C/man7/capabilities.7:683
+#: build/C/man7/capabilities.7:798
msgid "where:"
msgstr "各変数の意味は以下の通り:"
#. type: IP
-#: build/C/man7/capabilities.7:684
+#: build/C/man7/capabilities.7:799
#, no-wrap
msgid "P"
msgstr "P"
#. type: Plain text
-#: build/C/man7/capabilities.7:687
+#: build/C/man7/capabilities.7:802
msgid "denotes the value of a thread capability set before the B<execve>(2)"
msgstr "B<execve>(2) 前のスレッドのケーパビリティセットの値"
#. type: IP
-#: build/C/man7/capabilities.7:687
+#: build/C/man7/capabilities.7:802
#, no-wrap
msgid "P'"
msgstr "P'"
#. type: Plain text
-#: build/C/man7/capabilities.7:690
+#: build/C/man7/capabilities.7:805
msgid "denotes the value of a capability set after the B<execve>(2)"
msgstr "B<execve>(2) 後のスレッドのケーパビリティセットの値"
#. type: IP
-#: build/C/man7/capabilities.7:690
+#: build/C/man7/capabilities.7:805
#, no-wrap
msgid "F"
msgstr "F"
#. type: Plain text
-#: build/C/man7/capabilities.7:692
+#: build/C/man7/capabilities.7:807
msgid "denotes a file capability set"
msgstr "ファイルケーパビリティセットの値"
#. type: IP
-#: build/C/man7/capabilities.7:692
+#: build/C/man7/capabilities.7:807
#, no-wrap
msgid "cap_bset"
msgstr "cap_bset"
#. type: Plain text
-#: build/C/man7/capabilities.7:694
+#: build/C/man7/capabilities.7:809
msgid "is the value of the capability bounding set (described below)."
msgstr "ケーパビリティバウンディングセットの値 (下記参照)"
#. type: SS
-#: build/C/man7/capabilities.7:696
+#: build/C/man7/capabilities.7:811
#, no-wrap
msgid "Capabilities and execution of programs by root"
msgstr "ケーパビリティと、ルートによるプログラムの実行"
#. type: Plain text
-#: build/C/man7/capabilities.7:701
+#: build/C/man7/capabilities.7:816
msgid ""
"In order to provide an all-powerful I<root> using capability sets, during an "
"B<execve>(2):"
"を実現するには、以下のようにする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:706
+#: build/C/man7/capabilities.7:821
msgid ""
"If a set-user-ID-root program is being executed, or the real user ID of the "
"process is 0 (root) then the file inheritable and permitted sets are "
"ビリティが有効) に定義する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:709
+#: build/C/man7/capabilities.7:824
msgid ""
"If a set-user-ID-root program is being executed, then the file effective bit "
"is defined to be one (enabled)."
#. exec(), then it gets all capabilities in its
#. permitted set, and no effective capabilities
#. type: Plain text
-#: build/C/man7/capabilities.7:724
+#: build/C/man7/capabilities.7:839
msgid ""
"The upshot of the above rules, combined with the capabilities "
"transformations described above, is that when a process B<execve>(2)s a set-"
-"user-ID-root program, or when a process with an effective UID of 0 B<execve>"
-"(2)s a program, it gains all capabilities in its permitted and effective "
-"capability sets, except those masked out by the capability bounding set. "
-"This provides semantics that are the same as those provided by traditional "
-"UNIX systems."
+"user-ID-root program, or when a process with an effective UID of 0 "
+"B<execve>(2)s a program, it gains all capabilities in its permitted and "
+"effective capability sets, except those masked out by the capability "
+"bounding set. This provides semantics that are the same as those provided "
+"by traditional UNIX systems."
msgstr ""
"上記のルールにケーパビリティ変換を適用した結果をまとめると、 プロセスが set-"
"user-ID-root プログラムを B<execve>(2) する場合、または実効 UID が 0 のプロ"
"により、伝統的な UNIX システムと同じ振る舞いができるようになっている。"
#. type: SS
-#: build/C/man7/capabilities.7:724
+#: build/C/man7/capabilities.7:839
#, no-wrap
msgid "Capability bounding set"
msgstr "ケーパビリティ・バウンディングセット"
#. type: Plain text
-#: build/C/man7/capabilities.7:729
+#: build/C/man7/capabilities.7:844
msgid ""
"The capability bounding set is a security mechanism that can be used to "
"limit the capabilities that can be gained during an B<execve>(2). The "
"bounding set is used in the following ways:"
msgstr ""
-"ケーパビリティ・バウンディングセット (capability bounding set) は、 B<execve>"
-"(2) 時に獲得できるケーパビリティを制限するために使われる セキュリティ機構で"
-"ある。 バウンディングセットは以下のように使用される。"
+"ケーパビリティ・バウンディングセット (capability bounding set) は、 "
+"B<execve>(2) 時に獲得できるケーパビリティを制限するために使われる セキュリ"
+"ã\83\86ã\82£æ©\9fæ§\8bã\81§ã\81\82ã\82\8bã\80\82 ã\83\90ã\82¦ã\83³ã\83\87ã\82£ã\83³ã\82°ã\82»ã\83\83ã\83\88ã\81¯ä»¥ä¸\8bã\81®ã\82\88ã\81\86ã\81«ä½¿ç\94¨ã\81\95ã\82\8cã\82\8bã\80\82"
#. type: Plain text
-#: build/C/man7/capabilities.7:737
+#: build/C/man7/capabilities.7:852
msgid ""
"During an B<execve>(2), the capability bounding set is ANDed with the file "
"permitted capability set, and the result of this operation is assigned to "
"る。"
#. type: Plain text
-#: build/C/man7/capabilities.7:749
+#: build/C/man7/capabilities.7:864
msgid ""
"(Since Linux 2.6.25) The capability bounding set acts as a limiting "
"superset for the capabilities that a thread can add to its inheritable set "
"できない、 ということである。"
#. type: Plain text
-#: build/C/man7/capabilities.7:756
+#: build/C/man7/capabilities.7:871
msgid ""
"Note that the bounding set masks the file permitted capabilities, but not "
"the inherited capabilities. If a thread maintains a capability in its "
"ということである。"
#. type: Plain text
-#: build/C/man7/capabilities.7:759
+#: build/C/man7/capabilities.7:874
msgid ""
"Depending on the kernel version, the capability bounding set is either a "
"system-wide attribute, or a per-process attribute."
"通の属性の場合と、プロセス単位の属性の場合がある。"
#. type: Plain text
-#: build/C/man7/capabilities.7:761
+#: build/C/man7/capabilities.7:876
msgid "B<Capability bounding set prior to Linux 2.6.25>"
msgstr "B<Linux 2.6.25 より前のケーパビリティ・バウンディングセット>"
#. type: Plain text
-#: build/C/man7/capabilities.7:769
+#: build/C/man7/capabilities.7:884
msgid ""
"In kernels before 2.6.25, the capability bounding set is a system-wide "
"attribute that affects all threads on the system. The bounding set is "
"きの十進数で表現される。)"
#. type: Plain text
-#: build/C/man7/capabilities.7:776
+#: build/C/man7/capabilities.7:891
msgid ""
"Only the B<init> process may set capabilities in the capability bounding "
"set; other than that, the superuser (more precisely: programs with the "
"ンディングセットのケーパビリティのクリアが できるだけである。"
#. type: Plain text
-#: build/C/man7/capabilities.7:785
+#: build/C/man7/capabilities.7:900
msgid ""
"On a standard system the capability bounding set always masks out the "
"B<CAP_SETPCAP> capability. To remove this restriction (dangerous!), modify "
"する必要がある。"
#. type: Plain text
-#: build/C/man7/capabilities.7:789
+#: build/C/man7/capabilities.7:904
msgid ""
"The system-wide capability bounding set feature was added to Linux starting "
"with kernel version 2.2.11."
"降で Linux に追加された。"
#. type: Plain text
-#: build/C/man7/capabilities.7:791
+#: build/C/man7/capabilities.7:906
msgid "B<Capability bounding set from Linux 2.6.25 onward>"
msgstr "B<Linux 2.6.25 以降のケーパビリティ・バウンディングセット>"
#. type: Plain text
-#: build/C/man7/capabilities.7:796
+#: build/C/man7/capabilities.7:911
msgid ""
"From Linux 2.6.25, the I<capability bounding set> is a per-thread "
"attribute. (There is no longer a system-wide capability bounding set.)"
"在しない)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:801
+#: build/C/man7/capabilities.7:916
msgid ""
"The bounding set is inherited at B<fork>(2) from the thread's parent, and "
"is preserved across an B<execve>(2)."
"B<execve>(2) の前後では保持される。"
#. type: Plain text
-#: build/C/man7/capabilities.7:814
+#: build/C/man7/capabilities.7:929
msgid ""
"A thread may remove capabilities from its capability bounding set using the "
"B<prctl>(2) B<PR_CAPBSET_DROP> operation, provided it has the "
"いるかを知ることができる。"
#. type: Plain text
-#: build/C/man7/capabilities.7:832
+#: build/C/man7/capabilities.7:947
msgid ""
-"Removing capabilities from the bounding set is only supported if file "
+"Removing capabilities from the bounding set is supported only if file "
"capabilities are compiled into the kernel. In kernels before Linux 2.6.33, "
"file capabilities were an optional feature configurable via the "
-"CONFIG_SECURITY_FILE_CAPABILITIES option. Since Linux 2.6.33, the "
+"B<CONFIG_SECURITY_FILE_CAPABILITIES> option. Since Linux 2.6.33, the "
"configuration option has been removed and file capabilities are always part "
"of the kernel. When file capabilities are compiled into the kernel, the "
"B<init> process (the ancestor of all processes) begins with a full bounding "
"バウンディングセットからのケーパビリティの削除がサポートされるのは、\n"
"カーネルのコンパイル時にファイルケーパビリティが有効になっている場合\n"
"だけである。Linux 2.6.33 より前のカーネルでは、ファイルケーパビリティは\n"
-"設定オプション CONFIG_SECURITY_FILE_CAPABILITIES で切り替えられる追加の\n"
+"設定オプション B<CONFIG_SECURITY_FILE_CAPABILITIES> で切り替えられる追加の\n"
"機能であった。Linux 2.6.33 以降では、この設定オプションは削除され、\n"
"ファイルケーパビリティは常にカーネルに組込まれるようになった。\n"
"ファイルケーパビリティがカーネルにコンパイル時に組み込まれている場合、\n"
"パビリティがサポートされていない場合には 違った意味を持つからである。"
#. type: Plain text
-#: build/C/man7/capabilities.7:839
+#: build/C/man7/capabilities.7:954
msgid ""
"Removing a capability from the bounding set does not remove it from the "
"thread's inherited set. However it does prevent the capability from being "
"こと はできなくなる。"
#. type: SS
-#: build/C/man7/capabilities.7:839
+#: build/C/man7/capabilities.7:954
#, no-wrap
-msgid "Effect of User ID Changes on Capabilities"
+msgid "Effect of user ID changes on capabilities"
msgstr "ユーザ ID 変更のケーパビリティへの影響"
#. type: Plain text
-#: build/C/man7/capabilities.7:848
+#: build/C/man7/capabilities.7:963
msgid ""
"To preserve the traditional semantics for transitions between 0 and nonzero "
"user IDs, the kernel makes the following changes to a thread's capability "
-"sets on changes to the thread's real, effective, saved set, and file system "
+"sets on changes to the thread's real, effective, saved set, and filesystem "
"user IDs (using B<setuid>(2), B<setresuid>(2), or similar):"
msgstr ""
"ユーザ ID が 0 と 0 以外の間で変化する際の振る舞いを従来と同じにするため、 ス"
"スレッドのケーパビリティセットに 以下の変更を行う:"
#. type: Plain text
-#: build/C/man7/capabilities.7:854
+#: build/C/man7/capabilities.7:969
msgid ""
"If one or more of the real, effective or saved set user IDs was previously "
"0, and as a result of the UID changes all of these IDs have a nonzero value, "
"合、許可と実効のケーパビリティセットの 全ケーパビリティをクリアする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:857
+#: build/C/man7/capabilities.7:972
msgid ""
"If the effective user ID is changed from 0 to nonzero, then all capabilities "
"are cleared from the effective set."
"パビリティをクリアする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:860
+#: build/C/man7/capabilities.7:975
msgid ""
"If the effective user ID is changed from nonzero to 0, then the permitted "
"set is copied to the effective set."
"実効ケーパビリティセットにコピーする。"
#. type: IP
-#: build/C/man7/capabilities.7:860 build/C/man7/capabilities.7:915
+#: build/C/man7/capabilities.7:975 build/C/man7/capabilities.7:1030
+#: build/C/man7/user_namespaces.7:529
#, no-wrap
msgid "4."
msgstr "4."
#. type: Plain text
-#: build/C/man7/capabilities.7:878
+#: build/C/man7/capabilities.7:993
msgid ""
-"If the file system user ID is changed from 0 to nonzero (see B<setfsuid>"
-"(2)) then the following capabilities are cleared from the effective set: "
+"If the filesystem user ID is changed from 0 to nonzero (see B<setfsuid>(2)), "
+"then the following capabilities are cleared from the effective set: "
"B<CAP_CHOWN>, B<CAP_DAC_OVERRIDE>, B<CAP_DAC_READ_SEARCH>, B<CAP_FOWNER>, "
-"B<CAP_FSETID>, B<CAP_LINUX_IMMUTABLE> (since Linux 2.2.30), "
-"B<CAP_MAC_OVERRIDE>, and B<CAP_MKNOD> (since Linux 2.2.30). If the file "
-"system UID is changed from nonzero to 0, then any of these capabilities that "
-"are enabled in the permitted set are enabled in the effective set."
+"B<CAP_FSETID>, B<CAP_LINUX_IMMUTABLE> (since Linux 2.6.30), "
+"B<CAP_MAC_OVERRIDE>, and B<CAP_MKNOD> (since Linux 2.6.30). If the "
+"filesystem UID is changed from nonzero to 0, then any of these capabilities "
+"that are enabled in the permitted set are enabled in the effective set."
msgstr ""
"ファイルシステム UID が 0 から 0 以外に変更された場合 (B<setfsuid>(2) 参"
"照)、実効ケーパビリティセットの以下のケーパビリティがクリアされる: "
"B<CAP_CHOWN>, B<CAP_DAC_OVERRIDE>, B<CAP_DAC_READ_SEARCH>, B<CAP_FOWNER>, "
-"B<CAP_FSETID>, B<CAP_LINUX_IMMUTABLE> (Linux 2.2.30 以降), "
-"B<CAP_MAC_OVERRIDE>, B<CAP_MKNOD> (Linux 2.2.30 以降)。 ファイルシステム UID "
+"B<CAP_FSETID>, B<CAP_LINUX_IMMUTABLE> (Linux 2.6.30 以降), "
+"B<CAP_MAC_OVERRIDE>, B<CAP_MKNOD> (Linux 2.6.30 以降)。 ファイルシステム UID "
"が 0 以外から 0 に変更された場合、 上記のケーパビリティのうち許可ケーパビリ"
"ティセットで有効になっているものが 実効ケーパビリティセットで有効にされる。"
#. type: Plain text
-#: build/C/man7/capabilities.7:886
+#: build/C/man7/capabilities.7:1001
msgid ""
"If a thread that has a 0 value for one or more of its user IDs wants to "
"prevent its permitted capability set being cleared when it resets all of its "
"は、 B<prctl>(2) の B<PR_SET_KEEPCAPS> 操作を使えばよい。"
#. type: SS
-#: build/C/man7/capabilities.7:886
+#: build/C/man7/capabilities.7:1001
#, no-wrap
msgid "Programmatically adjusting capability sets"
msgstr "プログラムでケーパビリティセットを調整する"
#. type: Plain text
-#: build/C/man7/capabilities.7:901
+#: build/C/man7/capabilities.7:1016
msgid ""
"A thread can retrieve and change its capability sets using the B<capget>(2) "
"and B<capset>(2) system calls. However, the use of B<cap_get_proc>(3) and "
"望ましい。 スレッドのケーパビリティセットの変更には以下のルールが適用される。"
#. type: Plain text
-#: build/C/man7/capabilities.7:907
+#: build/C/man7/capabilities.7:1022
msgid ""
"If the caller does not have the B<CAP_SETPCAP> capability, the new "
"inheritable set must be a subset of the combination of the existing "
"ばならない。"
#. type: Plain text
-#: build/C/man7/capabilities.7:911
+#: build/C/man7/capabilities.7:1026
msgid ""
-"(Since kernel 2.6.25) The new inheritable set must be a subset of the "
+"(Since Linux 2.6.25) The new inheritable set must be a subset of the "
"combination of the existing inheritable set and the capability bounding set."
msgstr ""
-"(カーネル 2.6.25 以降) 新しい継承可能セットは、既存の継承可能セットとケーパ"
-"ã\83\93ã\83ªã\83\86ã\82£ã\83» ã\83\90ã\82¦ã\83³ã\83\87ã\82£ã\83³ã\82°ã\82»ã\83\83ã\83\88ã\81®ç©\8dé\9b\86å\90\88 (AND) ã\81®é\83¨å\88\86é\9b\86å\90\88ã\81§ã\81ªã\81\91ã\82\8cã\81°ã\81ªã\82\89ã\81ªã\81\84ã\80\82"
+"(Linux 2.6.25 以降) 新しい継承可能セットは、既存の継承可能セットとケーパビリ"
+"ティ・ バウンディングセットの積集合 (AND) の部分集合でなければならない。"
#. type: Plain text
-#: build/C/man7/capabilities.7:915
+#: build/C/man7/capabilities.7:1030
msgid ""
"The new permitted set must be a subset of the existing permitted set (i.e., "
"it is not possible to acquire permitted capabilities that the thread does "
"のスレッドが現在持っていない許可ケーパビリティを 獲得することはできない)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:917
+#: build/C/man7/capabilities.7:1032
msgid "The new effective set must be a subset of the new permitted set."
msgstr ""
"新しい実効ケーパビリティセットは新しい許可ケーパビリティセットの 部分集合に"
"なっていなければならない。"
#. type: SS
-#: build/C/man7/capabilities.7:917
+#: build/C/man7/capabilities.7:1032
#, no-wrap
-msgid "The \"securebits\" flags: establishing a capabilities-only environment"
+msgid "The securebits flags: establishing a capabilities-only environment"
msgstr "securebits フラグ: ケーパビリティだけの環境を構築する"
#. For some background:
#. see http://lwn.net/Articles/280279/ and
#. http://article.gmane.org/gmane.linux.kernel.lsm/5476/
#. type: Plain text
-#: build/C/man7/capabilities.7:928
+#: build/C/man7/capabilities.7:1043
msgid ""
"Starting with kernel 2.6.26, and with a kernel in which file capabilities "
"are enabled, Linux implements a set of per-thread I<securebits> flags that "
"ようなフラグがある。"
#. type: TP
-#: build/C/man7/capabilities.7:928
+#: build/C/man7/capabilities.7:1043
#, no-wrap
msgid "B<SECBIT_KEEP_CAPS>"
msgstr "B<SECBIT_KEEP_CAPS>"
#. type: Plain text
-#: build/C/man7/capabilities.7:940
+#: build/C/man7/capabilities.7:1055
msgid ""
"Setting this flag allows a thread that has one or more 0 UIDs to retain its "
"capabilities when it switches all of its UIDs to a nonzero value. If this "
"同じ機能を提供するものである)。"
#. type: TP
-#: build/C/man7/capabilities.7:940
+#: build/C/man7/capabilities.7:1055
#, no-wrap
msgid "B<SECBIT_NO_SETUID_FIXUP>"
msgstr "B<SECBIT_NO_SETUID_FIXUP>"
#. type: Plain text
-#: build/C/man7/capabilities.7:947
+#: build/C/man7/capabilities.7:1062
msgid ""
"Setting this flag stops the kernel from adjusting capability sets when the "
-"threads's effective and file system UIDs are switched between zero and "
+"threads's effective and filesystem UIDs are switched between zero and "
"nonzero values. (See the subsection I<Effect of User ID Changes on "
"Capabilities>.)"
msgstr ""
"くなる (「ユーザ ID 変更のケーパビリティへの影響」の節を参照)。"
#. type: TP
-#: build/C/man7/capabilities.7:947
+#: build/C/man7/capabilities.7:1062
#, no-wrap
msgid "B<SECBIT_NOROOT>"
msgstr "B<SECBIT_NOROOT>"
#. type: Plain text
-#: build/C/man7/capabilities.7:955
+#: build/C/man7/capabilities.7:1070
msgid ""
"If this bit is set, then the kernel does not grant capabilities when a set-"
"user-ID-root program is executed, or when a process with an effective or "
"行」の節を参照)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:965
+#: build/C/man7/capabilities.7:1080
msgid ""
"Each of the above \"base\" flags has a companion \"locked\" flag. Setting "
"any of the \"locked\" flags is irreversible, and has the effect of "
"B<SECBIT_NOROOT_LOCKED> という名前である。"
#. type: Plain text
-#: build/C/man7/capabilities.7:977
+#: build/C/man7/capabilities.7:1092
msgid ""
"The I<securebits> flags can be modified and retrieved using the B<prctl>(2) "
"B<PR_SET_SECUREBITS> and B<PR_GET_SECUREBITS> operations. The "
"るには B<CAP_SETPCAP> ケーパビリティが必要である。"
#. type: Plain text
-#: build/C/man7/capabilities.7:986
+#: build/C/man7/capabilities.7:1101
msgid ""
"The I<securebits> flags are inherited by child processes. During an "
"B<execve>(2), all of the flags are preserved, except B<SECBIT_KEEP_CAPS> "
"B<SECBIT_KEEP_CAPS> が常にクリアされる以外は、全てのフラグが保持される。"
#. type: Plain text
-#: build/C/man7/capabilities.7:991
+#: build/C/man7/capabilities.7:1106
msgid ""
"An application can use the following call to lock itself, and all of its "
"descendants, into an environment where the only way of gaining capabilities "
"きる。"
#. type: Plain text
-#: build/C/man7/capabilities.7:1000
+#: build/C/man7/capabilities.7:1115
#, no-wrap
msgid ""
"prctl(PR_SET_SECUREBITS,\n"
" SECBIT_NOROOT |\n"
" SECBIT_NOROOT_LOCKED);\n"
+#. type: SS
+#: build/C/man7/capabilities.7:1117
+#, no-wrap
+msgid "Interaction with user namespaces"
+msgstr "ユーザー名前空間との相互作用"
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:1120
+msgid ""
+"For a discussion of the interaction of capabilities and user namespaces, see "
+"B<user_namespaces>(7)."
+msgstr ""
+"ケーパリビティとユーザー名前空間の相互の影響に関する議論は "
+"B<user_namespaces>(7) を参照。"
+
#. type: Plain text
-#: build/C/man7/capabilities.7:1007
+#: build/C/man7/capabilities.7:1126
msgid ""
"No standards govern capabilities, but the Linux capability implementation is "
-"based on the withdrawn POSIX.1e draft standard; see I<http://wt.xpilot.org/"
-"publications/posix.1e/>."
+"based on the withdrawn POSIX.1e draft standard; see E<.UR http://wt."
+"tuxomania.net\\:/publications\\:/posix.1e/> E<.UE .>"
msgstr ""
"ケーパビリティに関する標準はないが、 Linux のケーパビリティは廃案になった "
-"POSIX.1e 草案に基づいて実装されている。 I<http://wt.xpilot.org/publications/"
-"posix.1e/> を参照。"
+"POSIX.1e 草案に基づいて実装されている。 E<.UR http://wt.xpilot.org\\:/"
+"publications\\:/posix.1e/> E<.UE> を参照。"
#. type: Plain text
-#: build/C/man7/capabilities.7:1011
+#: build/C/man7/capabilities.7:1131
msgid ""
"Since kernel 2.5.27, capabilities are an optional kernel component, and can "
-"be enabled/disabled via the CONFIG_SECURITY_CAPABILITIES kernel "
+"be enabled/disabled via the B<CONFIG_SECURITY_CAPABILITIES> kernel "
"configuration option."
msgstr ""
"カーネル 2.5.27 以降、ケーパビリティは選択式のカーネルコンポーネント となって"
-"おり、カーネル設定オプション CONFIG_SECURITY_CAPABILITIES により有効/無効を切"
-"り替えることができる。"
+"おり、カーネル設定オプション B<CONFIG_SECURITY_CAPABILITIES> により有効/無効"
+"ã\82\92å\88\87ã\82\8aæ\9b¿ã\81\88ã\82\8bã\81\93ã\81¨ã\81\8cã\81§ã\81\8dã\82\8bã\80\82"
+#. 7b9a7ec565505699f503b4fcf61500dceb36e744
#. type: Plain text
-#: build/C/man7/capabilities.7:1018
+#: build/C/man7/capabilities.7:1145
msgid ""
"The I</proc/PID/task/TID/status> file can be used to view the capability "
"sets of a thread. The I</proc/PID/status> file shows the capability sets of "
-"a process's main thread."
+"a process's main thread. Before Linux 3.8, nonexistent capabilities were "
+"shown as being enabled (1) in these sets. Since Linux 3.8, all nonexistent "
+"capabilities (above B<CAP_LAST_CAP>) are shown as disabled (0)."
msgstr ""
"I</proc/PID/task/TID/status> ファイルを使うと、スレッドのケーパビリティセット"
"を見ることができる。 I</proc/PID/status> ファイルには、プロセスのメインスレッ"
-"ドのケーパビリティセットが表示される。"
+"ドのケーパビリティセットが表示される。 Linux 3.8 より前では、 これらのケーパ"
+"ビリティセットの表示で、 存在しないケーパビリティはすべて有効 (1) として表示"
+"される。 Linux 3.8 以降では、 存在しないケーパビリティはすべて無効 (0) として"
+"表示される。 (B<CAP_LAST_CAP> より大きい値を持つケーパビリティが存在しない"
+"ケーパビリティである)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:1033
+#: build/C/man7/capabilities.7:1160
msgid ""
"The I<libcap> package provides a suite of routines for setting and getting "
"capabilities that is more comfortable and less likely to change than the "
"る。 パッケージは以下で入手できる。"
#. type: Plain text
-#: build/C/man7/capabilities.7:1035
-msgid "I<http://www.kernel.org/pub/linux/libs/security/linux-privs>."
-msgstr "I<http://www.kernel.org/pub/linux/libs/security/linux-privs>"
+#: build/C/man7/capabilities.7:1163
+msgid ""
+"E<.UR http://www.kernel.org\\:/pub\\:/linux\\:/libs\\:/security\\:/linux-"
+"privs> E<.UE .>"
+msgstr ""
+"E<.UR http://www.kernel.org\\:/pub\\:/linux\\:/libs\\:/security\\:/linux-"
+"privs> E<.UE .>"
#. type: Plain text
-#: build/C/man7/capabilities.7:1044
+#: build/C/man7/capabilities.7:1172
msgid ""
"Before kernel 2.6.24, and since kernel 2.6.24 if file capabilities are not "
"enabled, a thread with the B<CAP_SETPCAP> capability can manipulate the "
"B<CAP_SETPCAP> ケーパビリティを持つことはないからである。"
#. type: Plain text
-#: build/C/man7/capabilities.7:1049
+#: build/C/man7/capabilities.7:1177
msgid ""
"In the pre-2.6.25 implementation the system-wide capability bounding set, I</"
"proc/sys/kernel/cap-bound>, always masks out this capability, and this can "
"い。"
#. type: Plain text
-#: build/C/man7/capabilities.7:1055
+#: build/C/man7/capabilities.7:1183
msgid ""
"If file capabilities are disabled in the current implementation, then "
"B<init> starts out with this capability removed from its per-process "
"上で生成される他の全てのプロセスでこのバウンディングセットが 継承される。"
#. type: Plain text
-#: build/C/man7/capabilities.7:1072
+#: build/C/man7/capabilities.7:1202
msgid ""
-"B<capget>(2), B<prctl>(2), B<setfsuid>(2), B<cap_clear>(3), B<cap_copy_ext>"
-"(3), B<cap_from_text>(3), B<cap_get_file>(3), B<cap_get_proc>(3), B<cap_init>"
-"(3), B<capgetp>(3), B<capsetp>(3), B<libcap>(3), B<credentials>(7), "
-"B<pthreads>(7), B<getcap>(8), B<setcap>(8)"
+"B<capsh>(1), B<capget>(2), B<prctl>(2), B<setfsuid>(2), B<cap_clear>(3), "
+"B<cap_copy_ext>(3), B<cap_from_text>(3), B<cap_get_file>(3), "
+"B<cap_get_proc>(3), B<cap_init>(3), B<capgetp>(3), B<capsetp>(3), "
+"B<libcap>(3), B<credentials>(7), B<user_namespaces>(7), B<pthreads>(7), "
+"B<getcap>(8), B<setcap>(8)"
msgstr ""
-"B<capget>(2), B<prctl>(2), B<setfsuid>(2), B<cap_clear>(3),\n"
-"B<cap_copy_ext>(3), B<cap_from_text>(3), B<cap_get_file>(3),\n"
-"B<cap_get_proc>(3), B<cap_init>(3), B<capgetp>(3), B<capsetp>(3),\n"
-"B<libcap>(3), B<credentials>(7), B<pthreads>(7), B<getcap>(8), B<setcap>(8)"
+"B<capsh>(1), B<capget>(2), B<prctl>(2), B<setfsuid>(2), B<cap_clear>(3), "
+"B<cap_copy_ext>(3), B<cap_from_text>(3), B<cap_get_file>(3), "
+"B<cap_get_proc>(3), B<cap_init>(3), B<capgetp>(3), B<capsetp>(3), "
+"B<libcap>(3), B<credentials>(7), B<user_namespaces>(7), B<pthreads>(7), "
+"B<getcap>(8), B<setcap>(8)"
#. type: Plain text
-#: build/C/man7/capabilities.7:1076
-msgid ""
-"Comments on the purposes of various capabilities in I<include/linux/"
-"capability.h> in the kernel source"
-msgstr ""
-"カーネルソース内の I<include/linux/capability.h> に\n"
-"各種のケーパビリティの目的についてのコメント"
+#: build/C/man7/capabilities.7:1205
+msgid "I<include/linux/capability.h> in the Linux kernel source tree"
+msgstr "Linux カーネルソース内の I<include/linux/capability.h>"
#. type: TH
-#: build/C/man2/capget.2:11
+#: build/C/man2/capget.2:15
#, no-wrap
msgid "CAPGET"
msgstr "CAPGET"
#. type: TH
-#: build/C/man2/capget.2:11
+#: build/C/man2/capget.2:15
#, no-wrap
-msgid "2010-09-20"
-msgstr "2010-09-20"
+msgid "2013-03-11"
+msgstr "2013-03-11"
#. type: Plain text
-#: build/C/man2/capget.2:14
+#: build/C/man2/capget.2:18
msgid "capget, capset - set/get capabilities of thread(s)"
msgstr "capget, capset - スレッドのケーパビリティを設定/取得する"
#. type: Plain text
-#: build/C/man2/capget.2:16
+#: build/C/man2/capget.2:20
msgid "B<#include E<lt>sys/capability.hE<gt>>"
msgstr "B<#include E<lt>sys/capability.hE<gt>>"
#. type: Plain text
-#: build/C/man2/capget.2:18
+#: build/C/man2/capget.2:22
msgid ""
"B<int capget(cap_user_header_t >I<hdrp>B<, cap_user_data_t >I<datap>B<);>"
msgstr ""
"B<int capget(cap_user_header_t >I<hdrp>B<, cap_user_data_t >I<datap>B<);>"
#. type: Plain text
-#: build/C/man2/capget.2:20
+#: build/C/man2/capget.2:24
msgid ""
"B<int capset(cap_user_header_t >I<hdrp>B<, const cap_user_data_t "
">I<datap>B<);>"
">I<datap>B<);>"
#. type: Plain text
-#: build/C/man2/capget.2:31
+#: build/C/man2/capget.2:35
msgid ""
"As of Linux 2.2, the power of the superuser (root) has been partitioned into "
"a set of discrete capabilities. Each thread has a set of effective "
"ドは「実効ケーパビリティ (effective capability) の集合」を持ち、 それによって"
"現在どの操作が実行可能かを識別できる。 また、各スレッドは、 「継承可能ケーパ"
"ビリティ (inheritable capability) の集合」と 「許可ケーパビリティ (permitted "
-"capability) の集合」を持つ。 「継承可能ケーパビリティの集合」は B<execve>"
-"(2) を通じて渡すことができるケーパビリティの集合であり、 「許可ケーパビリ"
-"ã\83\86ã\82£ (permitted capability) ã\81®é\9b\86å\90\88ã\80\8dã\81¯ å®\9få\8a¹ã\82±ã\83¼ã\83\91ã\83\93ã\83ªã\83\86ã\82£ã\82\84ç¶\99æ\89¿å\8f¯è\83½ã\82±ã\83¼ã\83\91ã\83\93ã\83ª"
-"ティとして有効にできる ケーパビリティを規定するものである。"
+"capability) の集合」を持つ。 「継承可能ケーパビリティの集合」は "
+"B<execve>(2) を通じて渡すことができるケーパビリティの集合であり、 「許可ケー"
+"ã\83\91ã\83\93ã\83ªã\83\86ã\82£ (permitted capability) ã\81®é\9b\86å\90\88ã\80\8dã\81¯ å®\9få\8a¹ã\82±ã\83¼ã\83\91ã\83\93ã\83ªã\83\86ã\82£ã\82\84ç¶\99æ\89¿å\8f¯è\83½ã\82±ã\83¼"
+"ã\83\91ã\83\93ã\83ªã\83\86ã\82£ã\81¨ã\81\97ã\81¦æ\9c\89å\8a¹ã\81«ã\81§ã\81\8dã\82\8b ã\82±ã\83¼ã\83\91ã\83\93ã\83ªã\83\86ã\82£ã\82\92è¦\8få®\9aã\81\99ã\82\8bã\82\82ã\81®ã\81§ã\81\82ã\82\8bã\80\82"
#. type: Plain text
-#: build/C/man2/capget.2:40
+#: build/C/man2/capget.2:44
msgid ""
-"These two functions are the raw kernel interface for getting and setting "
+"These two system calls are the raw kernel interface for getting and setting "
"thread capabilities. Not only are these system calls specific to Linux, but "
-"the kernel API is likely to change and use of these functions (in particular "
-"the format of the I<cap_user_*_t> types) is subject to extension with each "
-"kernel revision, but old programs will keep working."
+"the kernel API is likely to change and use of these system calls (in "
+"particular the format of the I<cap_user_*_t> types) is subject to extension "
+"with each kernel revision, but old programs will keep working."
msgstr ""
-"この二つの関数はスレッドのケーパビリティを取得したり設定したりするための 生の"
-"ã\82«ã\83¼ã\83\8dã\83«ã\82¤ã\83³ã\82¿ã\83¼ã\83\95ã\82§ã\83¼ã\82¹ã\81§ã\81\82ã\82\8bã\80\82 ã\81\93ã\82\8cã\82\89ã\81®ã\82·ã\82¹ã\83\86ã\83 ã\82³ã\83¼ã\83«ã\81¯ Linux ç\89¹æ\9c\89ã\81§ã\81\82ã\82\8bã\81¨"
-"いうだけでなく、 カーネル API は変更されるかもしれず、これらの 関数の使用法 "
-"(特に I<cap_user_*_t> 型という書式) はカーネルのリビジョン毎に拡張されるかも"
-"しれないが、 以前のプログラムはそのまま動作する。"
+"この二つのシステムコールはスレッドのケーパビリティを取得したり設定したりする"
+"ã\81\9fã\82\81ã\81® ç\94\9fã\81®ã\82«ã\83¼ã\83\8dã\83«ã\82¤ã\83³ã\82¿ã\83¼ã\83\95ã\82§ã\83¼ã\82¹ã\81§ã\81\82ã\82\8bã\80\82 ã\81\93ã\82\8cã\82\89ã\81®ã\82·ã\82¹ã\83\86ã\83 ã\82³ã\83¼ã\83«ã\81¯ Linux ç\89¹"
+"有であるというだけでなく、 カーネル API は変更されるかもしれず、これらのシス"
+"テムコールの使用法 (特に I<cap_user_*_t> 型という書式) はカーネルのリビジョン"
+"毎に拡張されるかもしれないが、 以前のプログラムはそのまま動作する。"
#. type: Plain text
-#: build/C/man2/capget.2:51
+#: build/C/man2/capget.2:55
msgid ""
"The portable interfaces are B<cap_set_proc>(3) and B<cap_get_proc>(3); if "
-"possible you should use those interfaces in applications. If you wish to "
+"possible, you should use those interfaces in applications. If you wish to "
"use the Linux extensions in applications, you should use the easier-to-use "
"interfaces B<capsetp>(3) and B<capgetp>(3)."
msgstr ""
"スである B<capsetp>(3) と B<capgetp>(3) を使用すべきである。"
#. type: SS
-#: build/C/man2/capget.2:51
+#: build/C/man2/capget.2:55
#, no-wrap
msgid "Current details"
msgstr "現在の詳細"
#. type: Plain text
-#: build/C/man2/capget.2:54
+#: build/C/man2/capget.2:58
msgid ""
"Now that you have been warned, some current kernel details. The structures "
"are defined as follows."
"る。"
#. type: Plain text
-#: build/C/man2/capget.2:59
+#: build/C/man2/capget.2:63
#, no-wrap
msgid ""
"#define _LINUX_CAPABILITY_VERSION_1 0x19980330\n"
"#define _LINUX_CAPABILITY_U32S_1 1\n"
#. type: Plain text
-#: build/C/man2/capget.2:62
+#: build/C/man2/capget.2:66
#, no-wrap
msgid ""
"#define _LINUX_CAPABILITY_VERSION_2 0x20071026\n"
"#define _LINUX_CAPABILITY_U32S_2 2\n"
#. type: Plain text
-#: build/C/man2/capget.2:67
+#: build/C/man2/capget.2:71
#, no-wrap
msgid ""
"typedef struct __user_cap_header_struct {\n"
"} *cap_user_header_t;\n"
#. type: Plain text
-#: build/C/man2/capget.2:73
+#: build/C/man2/capget.2:77
#, no-wrap
msgid ""
"typedef struct __user_cap_data_struct {\n"
"} *cap_user_data_t;\n"
#. type: Plain text
-#: build/C/man2/capget.2:88
+#: build/C/man2/capget.2:96
msgid ""
-"I<effective, permitted, inheritable> are bitmasks of the capabilities "
-"defined in I<capability(7).> Note the I<CAP_*> values are bit indexes and "
-"need to be bit-shifted before ORing into the bit fields. To define the "
-"structures for passing to the system call you have to use the I<struct "
-"__user_cap_header_struct> and I<struct __user_cap_data_struct> names because "
-"the typedefs are only pointers."
+"The I<effective>, I<permitted>, and I<inheritable> fields are bit masks of "
+"the capabilities defined in B<capabilities>(7). Note the B<CAP_*> values "
+"are bit indexes and need to be bit-shifted before ORing into the bit "
+"fields. To define the structures for passing to the system call you have to "
+"use the I<struct __user_cap_header_struct> and I<struct "
+"__user_cap_data_struct> names because the typedefs are only pointers."
msgstr ""
-"I<effective, permitted, inheritable> は、 B<capability>(7) で定義されるケー"
-"パビリティのビットマスクである。 I<CAP_*> はビット番号を表すインデックス値で"
-"あり、 ビットフィールドに OR を行う前に I<CAP_*> の値の分だけビットシフトを行"
-"う必要がある。 typedef の方はポインタなので、 このシステムコールに渡す構造体"
-"を定義するには、 I<struct __user_cap_header_struct> と I<struct "
-"__user_cap_data_struct> という名前を使用しなければならない。"
+"フィールド I<effective>, I<permitted>, I<inheritable> は、 "
+"B<capabilities>(7) で定義されるケーパビリティのビットマスクである。 "
+"I<CAP_*> はビット番号を表すインデックス値であり、 ビットフィールドに OR を行"
+"う前に I<CAP_*> の値の分だけビットシフトを行う必要がある。 typedef の方はポイ"
+"ンタなので、 このシステムコールに渡す構造体を定義するには、 I<struct "
+"__user_cap_header_struct> と I<struct __user_cap_data_struct> という名前を使"
+"用しなければならない。"
#. type: Plain text
-#: build/C/man2/capget.2:100
+#: build/C/man2/capget.2:108
msgid ""
"Kernels prior to 2.6.25 prefer 32-bit capabilities with version "
"B<_LINUX_CAPABILITY_VERSION_1>, and kernels 2.6.25+ prefer 64-bit "
"32 ビットケーパビリティでは I<datap>[0] だけが使用される。"
#. type: Plain text
-#: build/C/man2/capget.2:104
+#: build/C/man2/capget.2:112
msgid ""
"Another change affecting the behavior of these system calls is kernel "
"support for file capabilities (VFS capability support). This support is "
"ションである (カーネル 2.6.24 で追加された)。"
#. type: Plain text
-#: build/C/man2/capget.2:111
+#: build/C/man2/capget.2:119
msgid ""
"For B<capget>() calls, one can probe the capabilities of any process by "
"specifying its process ID with the I<hdrp-E<gt>pid> field value."
"ることができる。"
#. type: SS
-#: build/C/man2/capget.2:111
+#: build/C/man2/capget.2:119
#, no-wrap
-msgid "With VFS Capability Support"
+msgid "With VFS capability support"
msgstr "VFS ケーパビリティがサポートされている場合"
#. type: Plain text
-#: build/C/man2/capget.2:123
+#: build/C/man2/capget.2:131
msgid ""
"VFS Capability support creates a file-attribute method for adding "
"capabilities to privileged executables. This privilege model obsoletes "
"なる (どちらの値でも等価である)。"
#. type: SS
-#: build/C/man2/capget.2:123
+#: build/C/man2/capget.2:131
#, no-wrap
-msgid "Without VFS Capability Support"
+msgid "Without VFS capability support"
msgstr "VFS ケーパビリティがサポートされていない場合"
#. type: Plain text
-#: build/C/man2/capget.2:149
+#: build/C/man2/capget.2:157
msgid ""
"When the kernel does not support VFS capabilities, B<capset>() calls can "
"operate on the capabilities of the thread specified by the I<pid> field of "
"I<hdrp> when that is nonzero, or on the capabilities of the calling thread "
"if I<pid> is 0. If I<pid> refers to a single-threaded process, then I<pid> "
"can be specified as a traditional process ID; operating on a thread of a "
-"multithreaded process requires a thread ID of the type returned by B<gettid>"
-"(2). For B<capset>(), I<pid> can also be: -1, meaning perform the change on "
-"all threads except the caller and B<init>(8); or a value less than -1, in "
-"which case the change is applied to all members of the process group whose "
-"ID is -I<pid>."
+"multithreaded process requires a thread ID of the type returned by "
+"B<gettid>(2). For B<capset>(), I<pid> can also be: -1, meaning perform the "
+"change on all threads except the caller and B<init>(1); or a value less than "
+"-1, in which case the change is applied to all members of the process group "
msgstr ""
"カーネルが VFS ケーパビリティをサポートしていない場合、 I<hdrp> の I<pid> "
"フィールドが 0 以外であれば、 B<capset>() の操作対象は I<pid> で指定されたス"
"る場合、 I<pid> は以前から使われているプロセスID を使って指定できる。 マルチ"
"スレッド・プロセス内のあるスレッドを対象にする場合は、 B<gettid>(2) が返すス"
"レッドID を用いて指定する必要がある。 また、 B<capset>() では -1 や -1 より"
-"小さな値を指定することもできる。 -1 は呼び出し元と B<init>(8) を除く全てのス"
+"小さな値を指定することもできる。 -1 は呼び出し元と B<init>(1) を除く全てのス"
"レッドを対象として変更を行うことを、 -1 より小さな値は ID が -I<pid> のプロセ"
"スグループの全メンバ を対象として変更を行うことを意味する。"
#. type: Plain text
-#: build/C/man2/capget.2:152
+#: build/C/man2/capget.2:160
msgid "For details on the data, see B<capabilities>(7)."
msgstr "このデータの詳細は B<capabilities>(7) を参照すること。"
#. type: Plain text
-#: build/C/man2/capget.2:171
+#: build/C/man2/capget.2:179
msgid ""
"The calls will fail with the error B<EINVAL>, and set the I<version> field "
"of I<hdrp> to the kernel preferred value of B<_LINUX_CAPABILITY_VERSION_?> "
"ビリティ・リビジョンが何かを 調べることができる。"
#. type: Plain text
-#: build/C/man2/capget.2:180
+#: build/C/man2/capget.2:188
msgid ""
"Bad memory address. I<hdrp> must not be NULL. I<datap> may be NULL only "
"when the user is trying to determine the preferred capability version format "
"バージョンを判定しようとしているときだけである。"
#. type: TP
-#: build/C/man2/capget.2:180 build/C/man7/cpuset.7:1179
-#: build/C/man7/cpuset.7:1188 build/C/man7/cpuset.7:1197
-#: build/C/man7/cpuset.7:1207 build/C/man7/cpuset.7:1216
-#: build/C/man7/cpuset.7:1223 build/C/man7/cpuset.7:1230
+#: build/C/man2/capget.2:188 build/C/man7/cpuset.7:1180
+#: build/C/man7/cpuset.7:1189 build/C/man7/cpuset.7:1198
+#: build/C/man7/cpuset.7:1208 build/C/man7/cpuset.7:1217
+#: build/C/man7/cpuset.7:1224 build/C/man7/cpuset.7:1231
#: build/C/man2/getgroups.2:114 build/C/man2/getgroups.2:121
-#: build/C/man2/getpriority.2:119 build/C/man2/getrlimit.2:440
-#: build/C/man2/getrusage.2:190 build/C/man2/iopl.2:71
-#: build/C/man2/ioprio_set.2:160 build/C/man2/setpgid.2:200
+#: build/C/man2/getpriority.2:118 build/C/man2/getrlimit.2:471
+#: build/C/man2/getrusage.2:198 build/C/man2/iopl.2:72
+#: build/C/man2/ioprio_set.2:170 build/C/man2/seteuid.2:80
+#: build/C/man2/setgid.2:59 build/C/man2/setpgid.2:225
+#: build/C/man2/setresuid.2:99 build/C/man2/setreuid.2:128
+#: build/C/man2/setuid.2:105 build/C/man2/seccomp.2:373
+#: build/C/man2/seccomp.2:380 build/C/man2/seccomp.2:387
+#: build/C/man2/seccomp.2:393 build/C/man2/seccomp.2:402
#, no-wrap
msgid "B<EINVAL>"
msgstr "B<EINVAL>"
#. type: Plain text
-#: build/C/man2/capget.2:183
+#: build/C/man2/capget.2:191
msgid "One of the arguments was invalid."
msgstr "引き数のどれかが無効である。"
#. type: Plain text
-#: build/C/man2/capget.2:188
+#: build/C/man2/capget.2:196
msgid ""
"An attempt was made to add a capability to the Permitted set, or to set a "
"capability in the Effective or Inheritable sets that is not in the Permitted "
"ティセット」や「継承可能ケーパビリティセット」に セットしようとしている。"
#. type: Plain text
-#: build/C/man2/capget.2:207
+#: build/C/man2/capget.2:215
msgid ""
"The caller attempted to use B<capset>() to modify the capabilities of a "
"thread other than itself, but lacked sufficient privilege. For kernels "
"生するというバグがあった。)"
#. type: TP
-#: build/C/man2/capget.2:207 build/C/man7/cpuset.7:1329
-#: build/C/man2/getpriority.2:127 build/C/man2/getrlimit.2:464
-#: build/C/man2/getsid.2:69 build/C/man2/ioprio_set.2:177
-#: build/C/man2/setpgid.2:215
+#: build/C/man2/capget.2:215 build/C/man7/cpuset.7:1330
+#: build/C/man2/getpriority.2:126 build/C/man2/getrlimit.2:495
+#: build/C/man2/getsid.2:70 build/C/man2/ioprio_set.2:187
+#: build/C/man2/setpgid.2:240 build/C/man2/seccomp.2:426
#, no-wrap
msgid "B<ESRCH>"
msgstr "B<ESRCH>"
#. type: Plain text
-#: build/C/man2/capget.2:210
+#: build/C/man2/capget.2:218
msgid "No such thread."
msgstr "そのようなスレッドが存在しない。"
#. type: Plain text
-#: build/C/man2/capget.2:212 build/C/man2/ioprio_set.2:188
+#: build/C/man2/capget.2:220 build/C/man2/ioprio_set.2:198
msgid "These system calls are Linux-specific."
msgstr "これらのシステムコールは Linux 独自である。"
#. type: Plain text
-#: build/C/man2/capget.2:217
+#: build/C/man2/capget.2:225
msgid ""
"The portable interface to the capability querying and setting functions is "
"provided by the I<libcap> library and is available here:"
"きる:"
#. type: Plain text
-#: build/C/man2/capget.2:219
-msgid "http://www.kernel.org/pub/linux/libs/security/linux-privs"
-msgstr "http://www.kernel.org/pub/linux/libs/security/linux-privs"
+#: build/C/man2/capget.2:228
+msgid ""
+"E<.UR http://git.kernel.org/cgit\\:/linux\\:/kernel\\:/git\\:/morgan\\:\\:/"
+"libcap.git> E<.UE>"
+msgstr ""
+"E<.UR http://git.kernel.org/cgit\\:/linux\\:/kernel\\:/git\\:/morgan\\:\\:/"
+"libcap.git> E<.UE>"
#. type: Plain text
-#: build/C/man2/capget.2:223
+#: build/C/man2/capget.2:232
msgid "B<clone>(2), B<gettid>(2), B<capabilities>(7)"
msgstr "B<clone>(2), B<gettid>(2), B<capabilities>(7)"
#. type: TH
-#: build/C/man7/cpuset.7:24
+#: build/C/man7/cpuset.7:25
#, no-wrap
msgid "CPUSET"
msgstr "CPUSET"
#. type: TH
-#: build/C/man7/cpuset.7:24
+#: build/C/man7/cpuset.7:25
#, no-wrap
-msgid "2008-11-12"
-msgstr "2008-11-12"
+msgid "2014-05-21"
+msgstr "2014-05-21"
#. type: Plain text
-#: build/C/man7/cpuset.7:27
+#: build/C/man7/cpuset.7:28
msgid "cpuset - confine processes to processor and memory node subsets"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:34
+#: build/C/man7/cpuset.7:35
msgid ""
-"The cpuset file system is a pseudo-file-system interface to the kernel "
-"cpuset mechanism, which is used to control the processor placement and "
-"memory placement of processes. It is commonly mounted at I</dev/cpuset>."
+"The cpuset filesystem is a pseudo-filesystem interface to the kernel cpuset "
+"mechanism, which is used to control the processor placement and memory "
+"placement of processes. It is commonly mounted at I</dev/cpuset>."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:51
+#: build/C/man7/cpuset.7:52
msgid ""
"On systems with kernels compiled with built in support for cpusets, all "
"processes are attached to a cpuset, and cpusets are always present. If a "
"system supports cpusets, then it will have the entry B<nodev cpuset> in the "
-"file I</proc/filesystems>. By mounting the cpuset file system (see the "
+"file I</proc/filesystems>. By mounting the cpuset filesystem (see the "
"B<EXAMPLE> section below), the administrator can configure the cpusets on a "
"system to control the processor and memory placement of processes on that "
"system. By default, if the cpuset configuration on a system is not modified "
-"or if the cpuset file system is not even mounted, then the cpuset mechanism, "
+"or if the cpuset filesystem is not even mounted, then the cpuset mechanism, "
"though present, has no affect on the system's behavior."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:53
+#: build/C/man7/cpuset.7:54
msgid "A cpuset defines a list of CPUs and memory nodes."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:62
+#: build/C/man7/cpuset.7:63
msgid ""
"The CPUs of a system include all the logical processing units on which a "
"process can execute, including, if present, multiple processor cores within "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:72
+#: build/C/man7/cpuset.7:73
msgid ""
-"Cpusets are represented as directories in a hierarchical pseudo-file system, "
+"Cpusets are represented as directories in a hierarchical pseudo-filesystem, "
"where the top directory in the hierarchy (I</dev/cpuset>) represents the "
"entire system (all online CPUs and memory nodes) and any cpuset that is the "
"child (descendant) of another parent cpuset contains a subset of that "
"parent's CPUs and memory nodes. The directories and files representing "
-"cpusets have normal file-system permissions."
+"cpusets have normal filesystem permissions."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:83
+#: build/C/man7/cpuset.7:84
msgid ""
"Every process in the system belongs to exactly one cpuset. A process is "
-"confined to only run on the CPUs in the cpuset it belongs to, and to "
+"confined to run only on the CPUs in the cpuset it belongs to, and to "
"allocate memory only on the memory nodes in that cpuset. When a process "
"B<fork>(2)s, the child process is placed in the same cpuset as its parent. "
"With sufficient privilege, a process may be moved from one cpuset to another "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:91
+#: build/C/man7/cpuset.7:92
msgid ""
"When the system begins booting, a single cpuset is defined that includes all "
"CPUs and memory nodes on the system, and all processes are in that cpuset. "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:113
+#: build/C/man7/cpuset.7:114
msgid ""
"Cpusets are integrated with the B<sched_setaffinity>(2) scheduling affinity "
"mechanism and the B<mbind>(2) and B<set_mempolicy>(2) memory-placement "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:119
+#: build/C/man7/cpuset.7:120
msgid ""
"Typically, a cpuset is used to manage the CPU and memory-node confinement "
"for a set of cooperating processes such as a batch scheduler job, and these "
msgstr ""
#. type: SH
-#: build/C/man7/cpuset.7:119
+#: build/C/man7/cpuset.7:120
#, no-wrap
msgid "FILES"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:124
+#: build/C/man7/cpuset.7:125
msgid ""
"Each directory below I</dev/cpuset> represents a cpuset and contains a fixed "
"set of pseudo-files describing the state of that cpuset."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:134
+#: build/C/man7/cpuset.7:135
msgid ""
-"New cpusets are created using the B<mkdir>(2) system call or the B<mkdir>"
-"(1) command. The properties of a cpuset, such as its flags, allowed CPUs "
-"and memory nodes, and attached processes, are queried and modified by "
-"reading or writing to the appropriate file in that cpuset's directory, as "
-"listed below."
+"New cpusets are created using the B<mkdir>(2) system call or the "
+"B<mkdir>(1) command. The properties of a cpuset, such as its flags, "
+"allowed CPUs and memory nodes, and attached processes, are queried and "
+"modified by reading or writing to the appropriate file in that cpuset's "
+"directory, as listed below."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:140
+#: build/C/man7/cpuset.7:141
msgid ""
"The pseudo-files in each cpuset directory are automatically created when the "
"cpuset is created, as a result of the B<mkdir>(2) invocation. It is not "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:148
+#: build/C/man7/cpuset.7:149
msgid ""
"A cpuset directory that contains no child cpuset directories, and has no "
"attached processes, can be removed using B<rmdir>(2) or B<rmdir>(1). It is "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:162
+#: build/C/man7/cpuset.7:163
msgid ""
"The pseudo-files in each cpuset directory are small text files that may be "
"read and written using traditional shell utilities such as B<cat>(1), and "
#. ====================== tasks ======================
#. type: Plain text
-#: build/C/man7/cpuset.7:167
+#: build/C/man7/cpuset.7:168
msgid ""
"The pseudo-files in a cpuset directory represent internal kernel state and "
"do not have any persistent image on disk. Each of these per-cpuset files is "
msgstr ""
#. type: TP
-#: build/C/man7/cpuset.7:167
+#: build/C/man7/cpuset.7:168
#, no-wrap
msgid "I<tasks>"
msgstr "I<tasks>"
#. type: Plain text
-#: build/C/man7/cpuset.7:177
+#: build/C/man7/cpuset.7:178
msgid ""
"List of the process IDs (PIDs) of the processes in that cpuset. The list is "
"formatted as a series of ASCII decimal numbers, each followed by a newline. "
"A process may be added to a cpuset (automatically removing it from the "
"cpuset that previously contained it) by writing its PID to that cpuset's "
-"I<tasks> file (with or without a trailing newline.)"
+"I<tasks> file (with or without a trailing newline)."
msgstr ""
#. =================== notify_on_release ===================
#. type: Plain text
-#: build/C/man7/cpuset.7:185
+#: build/C/man7/cpuset.7:186
msgid ""
"B<Warning:> only one PID may be written to the I<tasks> file at a time. If "
"a string is written that contains more than one PID, only the first one will "
msgstr ""
#. type: TP
-#: build/C/man7/cpuset.7:185
+#: build/C/man7/cpuset.7:186
#, no-wrap
msgid "I<notify_on_release>"
msgstr "I<notify_on_release>"
#. ====================== cpus ======================
#. type: Plain text
-#: build/C/man7/cpuset.7:194
+#: build/C/man7/cpuset.7:195
msgid ""
"Flag (0 or 1). If set (1), that cpuset will receive special handling after "
"it is released, that is, after all processes cease using it (i.e., terminate "
msgstr ""
#. type: TP
-#: build/C/man7/cpuset.7:194
+#: build/C/man7/cpuset.7:195
#, no-wrap
-msgid "I<cpus>"
-msgstr "I<cpus>"
+msgid "I<cpuset.cpus>"
+msgstr "I<cpuset.cpus>"
#. type: Plain text
-#: build/C/man7/cpuset.7:201
+#: build/C/man7/cpuset.7:202
msgid ""
"List of the physical numbers of the CPUs on which processes in that cpuset "
"are allowed to execute. See B<List Format> below for a description of the "
#. ==================== cpu_exclusive ====================
#. type: Plain text
-#: build/C/man7/cpuset.7:207
+#: build/C/man7/cpuset.7:208
msgid ""
"The CPUs allowed to a cpuset may be changed by writing a new list to its "
"I<cpus> file."
msgstr ""
#. type: TP
-#: build/C/man7/cpuset.7:207
+#: build/C/man7/cpuset.7:208
#, no-wrap
-msgid "I<cpu_exclusive>"
-msgstr "I<cpu_exclusive>"
+msgid "I<cpuset.cpu_exclusive>"
+msgstr "I<cpuset.cpu_exclusive>"
#. type: Plain text
-#: build/C/man7/cpuset.7:214
+#: build/C/man7/cpuset.7:215
msgid ""
"Flag (0 or 1). If set (1), the cpuset has exclusive use of its CPUs (no "
"sibling or cousin cpuset may overlap CPUs). By default this is off (0). "
#. ====================== mems ======================
#. type: Plain text
-#: build/C/man7/cpuset.7:236
+#: build/C/man7/cpuset.7:237
msgid ""
"Two cpusets are I<sibling> cpusets if they share the same parent cpuset in "
"the I</dev/cpuset> hierarchy. Two cpusets are I<cousin> cpusets if neither "
msgstr ""
#. type: TP
-#: build/C/man7/cpuset.7:236
+#: build/C/man7/cpuset.7:237
#, no-wrap
-msgid "I<mems>"
-msgstr "I<mems>"
+msgid "I<cpuset.mems>"
+msgstr "I<cpuset.mems>"
#. ==================== mem_exclusive ====================
#. type: Plain text
-#: build/C/man7/cpuset.7:244
+#: build/C/man7/cpuset.7:245
msgid ""
"List of memory nodes on which processes in this cpuset are allowed to "
"allocate memory. See B<List Format> below for a description of the format "
msgstr ""
#. type: TP
-#: build/C/man7/cpuset.7:244
+#: build/C/man7/cpuset.7:245
#, no-wrap
-msgid "I<mem_exclusive>"
-msgstr "I<mem_exclusive>"
+msgid "I<cpuset.mem_exclusive>"
+msgstr "I<cpuset.mem_exclusive>"
#. type: Plain text
-#: build/C/man7/cpuset.7:252
+#: build/C/man7/cpuset.7:253
msgid ""
"Flag (0 or 1). If set (1), the cpuset has exclusive use of its memory nodes "
"(no sibling or cousin may overlap). Also if set (1), the cpuset is a "
-"B<Hardwall> cpuset (see below.) By default this is off (0). Newly created "
+"B<Hardwall> cpuset (see below). By default this is off (0). Newly created "
"cpusets also initially default this to off (0)."
msgstr ""
#. ==================== mem_hardwall ====================
#. type: Plain text
-#: build/C/man7/cpuset.7:260
+#: build/C/man7/cpuset.7:261
msgid ""
"Regardless of the I<mem_exclusive> setting, if one cpuset is the ancestor of "
"another, then their memory nodes must overlap, because the memory nodes of "
msgstr ""
#. type: TP
-#: build/C/man7/cpuset.7:260
+#: build/C/man7/cpuset.7:261
#, no-wrap
-msgid "I<mem_hardwall> (since Linux 2.6.26)"
-msgstr ""
+msgid "I<cpuset.mem_hardwall> (since Linux 2.6.26)"
+msgstr "I<cpuset.mem_hardwall> (Linux 2.6.26 以降)"
#. ==================== memory_migrate ====================
#. type: Plain text
-#: build/C/man7/cpuset.7:271
+#: build/C/man7/cpuset.7:272
msgid ""
-"Flag (0 or 1). If set (1), the cpuset is a B<Hardwall> cpuset (see below.) "
+"Flag (0 or 1). If set (1), the cpuset is a B<Hardwall> cpuset (see below). "
"Unlike B<mem_exclusive>, there is no constraint on whether cpusets marked "
"B<mem_hardwall> may have overlapping memory nodes with sibling or cousin "
"cpusets. By default this is off (0). Newly created cpusets also initially "
msgstr ""
#. type: TP
-#: build/C/man7/cpuset.7:271
+#: build/C/man7/cpuset.7:272
#, no-wrap
-msgid "I<memory_migrate> (since Linux 2.6.16)"
-msgstr ""
+msgid "I<cpuset.memory_migrate> (since Linux 2.6.16)"
+msgstr "I<cpuset.memory_migrate> (Linux 2.6.16 以降)"
#. ==================== memory_pressure ====================
#. type: Plain text
-#: build/C/man7/cpuset.7:278
+#: build/C/man7/cpuset.7:279
msgid ""
"Flag (0 or 1). If set (1), then memory migration is enabled. By default "
"this is off (0). See the B<Memory Migration> section, below."
msgstr ""
#. type: TP
-#: build/C/man7/cpuset.7:278
+#: build/C/man7/cpuset.7:279
#, no-wrap
-msgid "I<memory_pressure> (since Linux 2.6.16)"
-msgstr ""
+msgid "I<cpuset.memory_pressure> (since Linux 2.6.16)"
+msgstr "I<cpuset.memory_pressure> (Linux 2.6.16 以降)"
#. ================= memory_pressure_enabled =================
#. type: Plain text
-#: build/C/man7/cpuset.7:291
+#: build/C/man7/cpuset.7:292
msgid ""
"A measure of how much memory pressure the processes in this cpuset are "
"causing. See the B<Memory Pressure> section, below. Unless "
msgstr ""
#. type: TP
-#: build/C/man7/cpuset.7:291
+#: build/C/man7/cpuset.7:292
#, no-wrap
-msgid "I<memory_pressure_enabled> (since Linux 2.6.16)"
-msgstr ""
+msgid "I<cpuset.memory_pressure_enabled> (since Linux 2.6.16)"
+msgstr "I<cpuset.memory_pressure_enabled> (Linux 2.6.16 以降)"
#. ================== memory_spread_page ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:303
+#: build/C/man7/cpuset.7:304
msgid ""
-"Flag (0 or 1). This file is only present in the root cpuset, normally I</"
+"Flag (0 or 1). This file is present only in the root cpuset, normally I</"
"dev/cpuset>. If set (1), the I<memory_pressure> calculations are enabled "
"for all cpusets in the system. By default this is off (0). See the "
"B<Memory Pressure> section, below."
msgstr ""
#. type: TP
-#: build/C/man7/cpuset.7:303
+#: build/C/man7/cpuset.7:304
#, no-wrap
-msgid "I<memory_spread_page> (since Linux 2.6.17)"
-msgstr ""
+msgid "I<cpuset.memory_spread_page> (since Linux 2.6.17)"
+msgstr "I<cpuset.memory_spread_page> (Linux 2.6.17 以降)"
#. ================== memory_spread_slab ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:313
+#: build/C/man7/cpuset.7:314
msgid ""
-"Flag (0 or 1). If set (1), pages in the kernel page cache (file-system "
+"Flag (0 or 1). If set (1), pages in the kernel page cache (filesystem "
"buffers) are uniformly spread across the cpuset. By default this is off (0) "
"in the top cpuset, and inherited from the parent cpuset in newly created "
"cpusets. See the B<Memory Spread> section, below."
msgstr ""
#. type: TP
-#: build/C/man7/cpuset.7:313
+#: build/C/man7/cpuset.7:314
#, no-wrap
-msgid "I<memory_spread_slab> (since Linux 2.6.17)"
-msgstr ""
+msgid "I<cpuset.memory_spread_slab> (since Linux 2.6.17)"
+msgstr "I<cpuset.memory_spread_slab> (Linux 2.6.17 以降)"
#. ================== sched_load_balance ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:324
+#: build/C/man7/cpuset.7:325
msgid ""
"Flag (0 or 1). If set (1), the kernel slab caches for file I/O (directory "
"and inode structures) are uniformly spread across the cpuset. By default "
msgstr ""
#. type: TP
-#: build/C/man7/cpuset.7:324
+#: build/C/man7/cpuset.7:325
#, no-wrap
-msgid "I<sched_load_balance> (since Linux 2.6.24)"
-msgstr ""
+msgid "I<cpuset.sched_load_balance> (since Linux 2.6.24)"
+msgstr "I<cpuset.sched_load_balance> (Linux 2.6.24 以降)"
#. ================== sched_relax_domain_level ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:338
+#: build/C/man7/cpuset.7:339
msgid ""
"Flag (0 or 1). If set (1, the default) the kernel will automatically load "
"balance processes in that cpuset over the allowed CPUs in that cpuset. If "
msgstr ""
#. type: TP
-#: build/C/man7/cpuset.7:338
+#: build/C/man7/cpuset.7:339
#, no-wrap
-msgid "I<sched_relax_domain_level> (since Linux 2.6.26)"
-msgstr ""
+msgid "I<cpuset.sched_relax_domain_level> (since Linux 2.6.26)"
+msgstr "I<cpuset.sched_relax_domain_level> (Linux 2.6.26 以降)"
#. ================== proc cpuset ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:358
+#: build/C/man7/cpuset.7:359
msgid ""
"Integer, between -1 and a small positive value. The "
"I<sched_relax_domain_level> controls the width of the range of CPUs over "
#. ================== proc status ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:366
+#: build/C/man7/cpuset.7:367
msgid ""
"In addition to the above pseudo-files in each directory below I</dev/"
"cpuset>, each process has a pseudo-file, I</proc/E<lt>pidE<gt>/cpuset>, that "
"displays the path of the process's cpuset directory relative to the root of "
-"the cpuset file system."
+"the cpuset filesystem."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:377
+#: build/C/man7/cpuset.7:378
msgid ""
"Also the I</proc/E<lt>pidE<gt>/status> file for each process has four added "
"lines, displaying the process's I<Cpus_allowed> (on which CPUs it may be "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:384
+#: build/C/man7/cpuset.7:385
#, no-wrap
msgid ""
"Cpus_allowed: ffffffff,ffffffff,ffffffff,ffffffff\n"
#. ================== EXTENDED CAPABILITIES ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:390
+#: build/C/man7/cpuset.7:391
msgid ""
"The \"allowed\" fields were added in Linux 2.6.24; the \"allowed_list\" "
"fields were added in Linux 2.6.26."
msgstr ""
#. type: SH
-#: build/C/man7/cpuset.7:390
+#: build/C/man7/cpuset.7:391
#, no-wrap
msgid "EXTENDED CAPABILITIES"
msgstr ""
#. ================== Exclusive Cpusets ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:398
+#: build/C/man7/cpuset.7:399
msgid ""
"In addition to controlling which I<cpus> and I<mems> a process is allowed to "
"use, cpusets provide the following extended capabilities."
msgstr ""
#. type: SS
-#: build/C/man7/cpuset.7:398
+#: build/C/man7/cpuset.7:399
#, no-wrap
-msgid "Exclusive Cpusets"
+msgid "Exclusive cpusets"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:405
+#: build/C/man7/cpuset.7:406
msgid ""
"If a cpuset is marked I<cpu_exclusive> or I<mem_exclusive>, no other cpuset, "
"other than a direct ancestor or descendant, may share any of the same CPUs "
#. ================== Hardwall ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:431
+#: build/C/man7/cpuset.7:432
msgid ""
"A cpuset that is I<mem_exclusive> restricts kernel allocations for buffer "
"cache pages and other internal kernel data pages commonly shared by the "
msgstr ""
#. type: SS
-#: build/C/man7/cpuset.7:431
+#: build/C/man7/cpuset.7:432
#, no-wrap
msgid "Hardwall"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:446
+#: build/C/man7/cpuset.7:447
msgid ""
"A cpuset that has I<mem_exclusive> or I<mem_hardwall> set is a I<hardwall> "
"cpuset. A I<hardwall> cpuset restricts kernel allocations for page, buffer, "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:457
+#: build/C/man7/cpuset.7:458
msgid ""
"This enables configuring a system so that several independent jobs can share "
-"common kernel data, such as file system pages, while isolating each job's "
+"common kernel data, such as filesystem pages, while isolating each job's "
"user allocation in its own cpuset. To do this, construct a large "
"I<hardwall> cpuset to hold all the jobs, and construct child cpusets for "
"each individual job which are not I<hardwall> cpusets."
#. ================== Notify On Release ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:463
+#: build/C/man7/cpuset.7:464
msgid ""
"Only a small amount of kernel memory, such as requests from interrupt "
"handlers, is allowed to be taken outside even a I<hardwall> cpuset."
msgstr ""
#. type: SS
-#: build/C/man7/cpuset.7:463
+#: build/C/man7/cpuset.7:464
#, no-wrap
-msgid "Notify On Release"
+msgid "Notify on release"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:475
+#: build/C/man7/cpuset.7:476
msgid ""
"If the I<notify_on_release> flag is enabled (1) in a cpuset, then whenever "
"the last process in the cpuset leaves (exits or attaches to some other "
"cpuset) and the last child cpuset of that cpuset is removed, the kernel "
"will run the command I</sbin/cpuset_release_agent>, supplying the pathname "
-"(relative to the mount point of the cpuset file system) of the abandoned "
+"(relative to the mount point of the cpuset filesystem) of the abandoned "
"cpuset. This enables automatic removal of abandoned cpusets."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:483
+#: build/C/man7/cpuset.7:484
msgid ""
"The default value of I<notify_on_release> in the root cpuset at system boot "
"is disabled (0). The default value of other cpusets at creation is the "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:491
+#: build/C/man7/cpuset.7:492
msgid ""
"The command I</sbin/cpuset_release_agent> is invoked, with the name (I</dev/"
"cpuset> relative path) of the to-be-released cpuset in I<argv[1]>."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:495
+#: build/C/man7/cpuset.7:496
msgid ""
"The usual contents of the command I</sbin/cpuset_release_agent> is simply "
"the shell script:"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:500
+#: build/C/man7/cpuset.7:501
#, no-wrap
msgid ""
"#!/bin/sh\n"
#. ================== Memory Pressure ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:508
+#: build/C/man7/cpuset.7:509
msgid ""
"As with other flag values below, this flag can be changed by writing an "
"ASCII number 0 or 1 (with optional trailing newline) into the file, to "
msgstr ""
#. type: SS
-#: build/C/man7/cpuset.7:508
+#: build/C/man7/cpuset.7:509
#, no-wrap
-msgid "Memory Pressure"
+msgid "Memory pressure"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:514
+#: build/C/man7/cpuset.7:515
msgid ""
"The I<memory_pressure> of a cpuset provides a simple per-cpuset running "
"average of the rate that the processes in a cpuset are attempting to free up "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:518
+#: build/C/man7/cpuset.7:519
msgid ""
"This enables batch managers that are monitoring jobs running in dedicated "
"cpusets to efficiently detect what level of memory pressure that job is "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:525
+#: build/C/man7/cpuset.7:526
msgid ""
"This is useful both on tightly managed systems running a wide mix of "
"submitted jobs, which may choose to terminate or reprioritize jobs that are "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:530
+#: build/C/man7/cpuset.7:531
msgid ""
"This mechanism provides a very economical way for the batch manager to "
"monitor a cpuset for signs of memory pressure. It's up to the batch manager "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:537
+#: build/C/man7/cpuset.7:538
msgid ""
"Unless memory pressure calculation is enabled by setting the pseudo-file I</"
-"dev/cpuset/memory_pressure_enabled>, it is not computed for any cpuset, and "
-"reads from any I<memory_pressure> always return zero, as represented by the "
-"ASCII string \"0\\en\". See the B<WARNINGS> section, below."
+"dev/cpuset/cpuset.memory_pressure_enabled>, it is not computed for any "
+"cpuset, and reads from any I<memory_pressure> always return zero, as "
+"represented by the ASCII string \"0\\en\". See the B<WARNINGS> section, "
+"below."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:539
+#: build/C/man7/cpuset.7:540
msgid "A per-cpuset, running average is employed for the following reasons:"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:544
+#: build/C/man7/cpuset.7:545
msgid ""
"Because this meter is per-cpuset rather than per-process or per virtual "
"memory region, the system load imposed by a batch scheduler monitoring this "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:549
+#: build/C/man7/cpuset.7:550
msgid ""
"Because this meter is a running average rather than an accumulating counter, "
"a batch scheduler can detect memory pressure with a single read, instead of "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:555
+#: build/C/man7/cpuset.7:556
msgid ""
"Because this meter is per-cpuset rather than per-process, the batch "
"scheduler can obtain the key information\\(emmemory pressure in a cpuset"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:563
+#: build/C/man7/cpuset.7:564
msgid ""
"The I<memory_pressure> of a cpuset is calculated using a per-cpuset simple "
"digital filter that is kept within the kernel. For each cpuset, this filter "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:572
+#: build/C/man7/cpuset.7:573
msgid ""
"The kernel direct reclaim code is entered whenever a process has to satisfy "
"a memory page request by first finding some other page to repurpose, due to "
-"lack of any readily available already free pages. Dirty file system pages "
-"are repurposed by first writing them to disk. Unmodified file system buffer "
+"lack of any readily available already free pages. Dirty filesystem pages "
+"are repurposed by first writing them to disk. Unmodified filesystem buffer "
"pages are repurposed by simply dropping them, though if that page is needed "
"again, it will have to be reread from disk."
msgstr ""
#. ================== Memory Spread ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:580
+#: build/C/man7/cpuset.7:581
msgid ""
-"The I<memory_pressure> file provides an integer number representing the "
-"recent (half-life of 10 seconds) rate of entries to the direct reclaim code "
-"caused by any process in the cpuset, in units of reclaims attempted per "
+"The I<cpuset.memory_pressure> file provides an integer number representing "
+"the recent (half-life of 10 seconds) rate of entries to the direct reclaim "
+"code caused by any process in the cpuset, in units of reclaims attempted per "
"second, times 1000."
msgstr ""
#. type: SS
-#: build/C/man7/cpuset.7:580
+#: build/C/man7/cpuset.7:581
#, no-wrap
-msgid "Memory Spread"
+msgid "Memory spread"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:588
+#: build/C/man7/cpuset.7:589
msgid ""
"There are two Boolean flag files per cpuset that control where the kernel "
-"allocates pages for the file-system buffers and related in-kernel data "
-"structures. They are called I<memory_spread_page> and I<memory_spread_slab>."
+"allocates pages for the filesystem buffers and related in-kernel data "
+"structures. They are called I<cpuset.memory_spread_page> and I<cpuset."
+"memory_spread_slab>."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:595
+#: build/C/man7/cpuset.7:596
msgid ""
-"If the per-cpuset Boolean flag file I<memory_spread_page> is set, then the "
-"kernel will spread the file-system buffers (page cache) evenly over all the "
-"nodes that the faulting process is allowed to use, instead of preferring to "
-"put those pages on the node where the process is running."
+"If the per-cpuset Boolean flag file I<cpuset.memory_spread_page> is set, "
+"then the kernel will spread the filesystem buffers (page cache) evenly over "
+"all the nodes that the faulting process is allowed to use, instead of "
+"preferring to put those pages on the node where the process is running."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:603
+#: build/C/man7/cpuset.7:604
msgid ""
-"If the per-cpuset Boolean flag file I<memory_spread_slab> is set, then the "
-"kernel will spread some file-system-related slab caches, such as those for "
-"inodes and directory entries, evenly over all the nodes that the faulting "
-"process is allowed to use, instead of preferring to put those pages on the "
-"node where the process is running."
+"If the per-cpuset Boolean flag file I<cpuset.memory_spread_slab> is set, "
+"then the kernel will spread some filesystem-related slab caches, such as "
+"those for inodes and directory entries, evenly over all the nodes that the "
+"faulting process is allowed to use, instead of preferring to put those pages "
+"on the node where the process is running."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:608
+#: build/C/man7/cpuset.7:609
msgid ""
"The setting of these flags does not affect the data segment (see B<brk>(2)) "
"or stack segment pages of a process."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:616
+#: build/C/man7/cpuset.7:617
msgid ""
"By default, both kinds of memory spreading are off and the kernel prefers to "
"allocate memory pages on the node local to where the requesting process is "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:619
+#: build/C/man7/cpuset.7:620
msgid ""
"When new cpusets are created, they inherit the memory spread settings of "
"their parent."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:634
+#: build/C/man7/cpuset.7:635
msgid ""
"Setting memory spreading causes allocations for the affected page or slab "
"caches to ignore the process's NUMA memory policy and be spread instead. "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:643
+#: build/C/man7/cpuset.7:644
msgid ""
-"Both I<memory_spread_page> and I<memory_spread_slab> are Boolean flag "
-"files. By default they contain \"0\", meaning that the feature is off for "
-"that cpuset. If a \"1\" is written to that file, that turns the named "
-"feature on."
+"Both I<cpuset.memory_spread_page> and I<cpuset.memory_spread_slab> are "
+"Boolean flag files. By default they contain \"0\", meaning that the feature "
+"is off for that cpuset. If a \"1\" is written to that file, that turns the "
+"named feature on."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:646
+#: build/C/man7/cpuset.7:647
msgid ""
"Cpuset-specified memory spreading behaves similarly to what is known (in "
"other contexts) as round-robin or interleave memory placement."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:649
+#: build/C/man7/cpuset.7:650
msgid ""
"Cpuset-specified memory spreading can provide substantial performance "
"improvements for jobs that:"
msgstr ""
#. type: IP
-#: build/C/man7/cpuset.7:649
+#: build/C/man7/cpuset.7:650 build/C/man7/user_namespaces.7:384
#, no-wrap
msgid "a)"
msgstr "a)"
#. type: Plain text
-#: build/C/man7/cpuset.7:653
+#: build/C/man7/cpuset.7:654
msgid ""
"need to place thread-local data on memory nodes close to the CPUs which are "
"running the threads that most frequently access that data; but also"
msgstr ""
#. type: IP
-#: build/C/man7/cpuset.7:653
+#: build/C/man7/cpuset.7:654 build/C/man7/user_namespaces.7:389
#, no-wrap
msgid "b)"
msgstr "b)"
#. type: Plain text
-#: build/C/man7/cpuset.7:656
+#: build/C/man7/cpuset.7:657
msgid ""
-"need to access large file-system data sets that must to be spread across the "
+"need to access large filesystem data sets that must to be spread across the "
"several nodes in the job's cpuset in order to fit."
msgstr ""
#. ================== Memory Migration ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:663
+#: build/C/man7/cpuset.7:664
msgid ""
"Without this policy, the memory allocation across the nodes in the job's "
"cpuset can become very uneven, especially for jobs that might have just a "
msgstr ""
#. type: SS
-#: build/C/man7/cpuset.7:663
+#: build/C/man7/cpuset.7:664
#, no-wrap
-msgid "Memory Migration"
+msgid "Memory migration"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:672
+#: build/C/man7/cpuset.7:673
msgid ""
-"Normally, under the default setting (disabled) of I<memory_migrate>, once a "
-"page is allocated (given a physical page of main memory) then that page "
-"stays on whatever node it was allocated, so long as it remains allocated, "
-"even if the cpuset's memory-placement policy I<mems> subsequently changes."
+"Normally, under the default setting (disabled) of I<cpuset.memory_migrate>, "
+"once a page is allocated (given a physical page of main memory), then that "
+"page stays on whatever node it was allocated, so long as it remains "
+"allocated, even if the cpuset's memory-placement policy I<mems> subsequently "
+"changes."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:678
+#: build/C/man7/cpuset.7:679
msgid ""
"When memory migration is enabled in a cpuset, if the I<mems> setting of the "
"cpuset is changed, then any memory page in use by any process in the cpuset "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:684
+#: build/C/man7/cpuset.7:685
msgid ""
"Furthermore, if a process is moved into a cpuset with I<memory_migrate> "
"enabled, any memory pages it uses that were on memory nodes allowed in its "
#. ================== Scheduler Load Balancing ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:692
+#: build/C/man7/cpuset.7:693
msgid ""
"The relative placement of a migrated page within the cpuset is preserved "
"during these migration operations if possible. For example, if the page was "
msgstr ""
#. type: SS
-#: build/C/man7/cpuset.7:692
+#: build/C/man7/cpuset.7:693
#, no-wrap
-msgid "Scheduler Load Balancing"
+msgid "Scheduler load balancing"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:699
+#: build/C/man7/cpuset.7:700
msgid ""
"The kernel scheduler automatically load balances processes. If one CPU is "
"underutilized, the kernel will look for processes on other more overloaded "
"CPUs and move those processes to the underutilized CPU, within the "
-"constraints of such placement mechanisms as cpusets and B<sched_setaffinity>"
-"(2)."
+"constraints of such placement mechanisms as cpusets and "
+"B<sched_setaffinity>(2)."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:712
+#: build/C/man7/cpuset.7:713
msgid ""
"The algorithmic cost of load balancing and its impact on key shared kernel "
"data structures such as the process list increases more than linearly with "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:718
+#: build/C/man7/cpuset.7:719
msgid ""
"The per-cpuset flag I<sched_load_balance> provides a mechanism to suppress "
"this automatic scheduler load balancing in cases where it is not needed and "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:722
+#: build/C/man7/cpuset.7:723
msgid ""
"By default, load balancing is done across all CPUs, except those marked "
"isolated using the kernel boot time \"isolcpus=\" argument. (See "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:725
+#: build/C/man7/cpuset.7:726
msgid ""
"This default load balancing across all CPUs is not well suited to the "
"following two situations:"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:729
+#: build/C/man7/cpuset.7:730
msgid ""
"On large systems, load balancing across many CPUs is expensive. If the "
"system is managed using cpusets to place independent jobs on separate sets "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:733
+#: build/C/man7/cpuset.7:734
msgid ""
"Systems supporting real-time on some CPUs need to minimize system overhead "
"on those CPUs, including avoiding process load balancing if that is not "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:743
+#: build/C/man7/cpuset.7:744
msgid ""
"When the per-cpuset flag I<sched_load_balance> is enabled (the default "
"setting), it requests load balancing across all the CPUs in that cpuset's "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:752
+#: build/C/man7/cpuset.7:753
msgid ""
"When the per-cpuset flag I<sched_load_balance> is disabled, then the "
"scheduler will avoid load balancing across the CPUs in that cpuset, "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:760
+#: build/C/man7/cpuset.7:761
msgid ""
"So, for example, if the top cpuset has the flag I<sched_load_balance> "
"enabled, then the scheduler will load balance across all CPUs, and the "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:765
+#: build/C/man7/cpuset.7:766
msgid ""
"Therefore in the above two situations, the flag I<sched_load_balance> should "
"be disabled in the top cpuset, and only some of the smaller, child cpusets "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:773
+#: build/C/man7/cpuset.7:774
msgid ""
"When doing this, you don't usually want to leave any unpinned processes in "
"the top cpuset that might use nontrivial amounts of CPU, as such processes "
#. ================== Scheduler Relax Domain Level ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:779
+#: build/C/man7/cpuset.7:780
msgid ""
"Of course, processes pinned to a particular CPU can be left in a cpuset that "
"disables I<sched_load_balance> as those processes aren't going anywhere else "
msgstr ""
#. type: SS
-#: build/C/man7/cpuset.7:779
+#: build/C/man7/cpuset.7:780
#, no-wrap
-msgid "Scheduler Relax Domain Level"
+msgid "Scheduler relax domain level"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:800
+#: build/C/man7/cpuset.7:801
msgid ""
"The kernel scheduler performs immediate load balancing whenever a CPU "
"becomes free or another task becomes runnable. This load balancing works to "
"ensure that as many CPUs as possible are usefully employed running tasks. "
"The kernel also performs periodic load balancing off the software clock "
-"described in I<time>(7). The setting of I<sched_relax_domain_level> only "
-"applies to immediate load balancing. Regardless of the "
+"described in B<time>(7). The setting of I<sched_relax_domain_level> applies "
+"only to immediate load balancing. Regardless of the "
"I<sched_relax_domain_level> setting, periodic load balancing is attempted "
"over all CPUs (unless disabled by turning off I<sched_load_balance>.) In "
-"any case, of course, tasks will only be scheduled to run on CPUs allowed by "
+"any case, of course, tasks will be scheduled to run only on CPUs allowed by "
"their cpuset, as modified by B<sched_setaffinity>(2) system calls."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:808
+#: build/C/man7/cpuset.7:809
msgid ""
"On small systems, such as those with just a few CPUs, immediate load "
"balancing is useful to improve system interactivity and to minimize wasteful "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:816
+#: build/C/man7/cpuset.7:817
msgid ""
"The exact meaning of the small integer values of I<sched_relax_domain_level> "
"will depend on internal implementation details of the kernel scheduler code "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:821
+#: build/C/man7/cpuset.7:822
msgid ""
"As of this writing, when this capability was introduced in Linux 2.6.26, on "
"certain popular architectures, the positive values of "
msgstr ""
#. type: IP
-#: build/C/man7/cpuset.7:823
+#: build/C/man7/cpuset.7:824
#, no-wrap
msgid "B<(1)>"
msgstr "B<(1)>"
#. type: Plain text
-#: build/C/man7/cpuset.7:826
+#: build/C/man7/cpuset.7:827
msgid ""
"Perform immediate load balancing across Hyper-Thread siblings on the same "
"core."
msgstr ""
#. type: IP
-#: build/C/man7/cpuset.7:826
+#: build/C/man7/cpuset.7:827
#, no-wrap
msgid "B<(2)>"
msgstr "B<(2)>"
#. type: Plain text
-#: build/C/man7/cpuset.7:828
+#: build/C/man7/cpuset.7:829
msgid ""
"Perform immediate load balancing across other cores in the same package."
msgstr ""
#. type: IP
-#: build/C/man7/cpuset.7:828
+#: build/C/man7/cpuset.7:829
#, no-wrap
msgid "B<(3)>"
msgstr "B<(3)>"
#. type: Plain text
-#: build/C/man7/cpuset.7:831
+#: build/C/man7/cpuset.7:832
msgid ""
"Perform immediate load balancing across other CPUs on the same node or blade."
msgstr ""
#. type: IP
-#: build/C/man7/cpuset.7:831
+#: build/C/man7/cpuset.7:832
#, no-wrap
msgid "B<(4)>"
msgstr "B<(4)>"
#. type: Plain text
-#: build/C/man7/cpuset.7:834
+#: build/C/man7/cpuset.7:835
msgid ""
"Perform immediate load balancing across over several (implementation detail) "
"nodes [On NUMA systems]."
msgstr ""
#. type: IP
-#: build/C/man7/cpuset.7:834
+#: build/C/man7/cpuset.7:835
#, no-wrap
msgid "B<(5)>"
msgstr "B<(5)>"
#. type: Plain text
-#: build/C/man7/cpuset.7:837
+#: build/C/man7/cpuset.7:838
msgid ""
"Perform immediate load balancing across over all CPUs in system [On NUMA "
"systems]."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:846
+#: build/C/man7/cpuset.7:847
msgid ""
"The I<sched_relax_domain_level> value of zero (0) always means don't perform "
-"immediate load balancing, hence that load balancing is only done "
+"immediate load balancing, hence that load balancing is done only "
"periodically, not immediately when a CPU becomes available or another task "
"becomes runnable."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:854
+#: build/C/man7/cpuset.7:855
msgid ""
"The I<sched_relax_domain_level> value of minus one (-1) always means use "
"the system default value. The system default value can vary by architecture "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:862
+#: build/C/man7/cpuset.7:863
msgid ""
"In the case of multiple overlapping cpusets which have conflicting "
"I<sched_relax_domain_level> values, then the highest such value applies to "
msgstr ""
#. type: SH
-#: build/C/man7/cpuset.7:862
+#: build/C/man7/cpuset.7:863
#, no-wrap
msgid "FORMATS"
msgstr ""
#. ================== Mask Format ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:866
+#: build/C/man7/cpuset.7:867
msgid ""
"The following formats are used to represent sets of CPUs and memory nodes."
msgstr ""
#. type: SS
-#: build/C/man7/cpuset.7:866
+#: build/C/man7/cpuset.7:867
#, no-wrap
-msgid "Mask Format"
+msgid "Mask format"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:871
+#: build/C/man7/cpuset.7:872
msgid ""
-"The B<Mask Format> is used to represent CPU and memory-node bitmasks in the "
+"The B<Mask Format> is used to represent CPU and memory-node bit masks in the "
"I</proc/E<lt>pidE<gt>/status> file."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:879
+#: build/C/man7/cpuset.7:880
msgid ""
"This format displays each 32-bit word in hexadecimal (using ASCII characters "
"\"0\" - \"9\" and \"a\" - \"f\"); words are filled with leading zeros, if "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:882
+#: build/C/man7/cpuset.7:883
msgid ""
"The number of 32-bit words displayed is the minimum number needed to display "
-"all bits of the bitmask, based on the size of the bitmask."
+"all bits of the bit mask, based on the size of the bit mask."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:884
+#: build/C/man7/cpuset.7:885
msgid "Examples of the B<Mask Format>:"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:892
+#: build/C/man7/cpuset.7:893
#, no-wrap
msgid ""
"00000001 # just bit 0 set\n"
"40000000,00000000,00000000 # just bit 94 set\n"
"00000001,00000000,00000000 # just bit 64 set\n"
"000000ff,00000000 # bits 32-39 set\n"
-"00000000,000E3862 # 1,5,6,11-13,17-19 set\n"
+"00000000,000e3862 # 1,5,6,11-13,17-19 set\n"
msgstr ""
"00000001 # just bit 0 set\n"
"40000000,00000000,00000000 # just bit 94 set\n"
"00000001,00000000,00000000 # just bit 64 set\n"
"000000ff,00000000 # bits 32-39 set\n"
-"00000000,000E3862 # 1,5,6,11-13,17-19 set\n"
+"00000000,000e3862 # 1,5,6,11-13,17-19 set\n"
#. type: Plain text
-#: build/C/man7/cpuset.7:896
+#: build/C/man7/cpuset.7:897
msgid "A mask with bits 0, 1, 2, 4, 8, 16, 32, and 64 set displays as:"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:900
+#: build/C/man7/cpuset.7:901
#, no-wrap
msgid "00000001,00000001,00010117\n"
msgstr "00000001,00000001,00010117\n"
#. ================== List Format ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:907
+#: build/C/man7/cpuset.7:908
msgid ""
"The first \"1\" is for bit 64, the second for bit 32, the third for bit 16, "
"the fourth for bit 8, the fifth for bit 4, and the \"7\" is for bits 2, 1, "
msgstr ""
#. type: SS
-#: build/C/man7/cpuset.7:907
+#: build/C/man7/cpuset.7:908
#, no-wrap
-msgid "List Format"
+msgid "List format"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:914
+#: build/C/man7/cpuset.7:915
msgid ""
"The B<List Format> for I<cpus> and I<mems> is a comma-separated list of CPU "
"or memory-node numbers and ranges of numbers, in ASCII decimal."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:916
+#: build/C/man7/cpuset.7:917
msgid "Examples of the B<List Format>:"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:921
+#: build/C/man7/cpuset.7:922
#, no-wrap
msgid ""
"0-4,9 # bits 0, 1, 2, 3, 4, and 9 set\n"
#. ================== RULES ==================
#. type: SH
-#: build/C/man7/cpuset.7:924
+#: build/C/man7/cpuset.7:925
#, no-wrap
msgid "RULES"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:926
+#: build/C/man7/cpuset.7:927
msgid "The following rules apply to each cpuset:"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:929
+#: build/C/man7/cpuset.7:930
msgid ""
"Its CPUs and memory nodes must be a (possibly equal) subset of its parent's."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:933
-msgid "It can only be marked I<cpu_exclusive> if its parent is."
+#: build/C/man7/cpuset.7:934
+msgid "It can be marked I<cpu_exclusive> only if its parent is."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:937
-msgid "It can only be marked I<mem_exclusive> if its parent is."
+#: build/C/man7/cpuset.7:938
+msgid "It can be marked I<mem_exclusive> only if its parent is."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:941
+#: build/C/man7/cpuset.7:942
msgid "If it is I<cpu_exclusive>, its CPUs may not overlap any sibling."
msgstr ""
#. ================== PERMISSIONS ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:946
+#: build/C/man7/cpuset.7:947
msgid ""
"If it is I<memory_exclusive>, its memory nodes may not overlap any sibling."
msgstr ""
#. type: SH
-#: build/C/man7/cpuset.7:946
+#: build/C/man7/cpuset.7:947
#, no-wrap
msgid "PERMISSIONS"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:951
+#: build/C/man7/cpuset.7:952
msgid ""
"The permissions of a cpuset are determined by the permissions of the "
-"directories and pseudo-files in the cpuset file system, normally mounted at "
+"directories and pseudo-files in the cpuset filesystem, normally mounted at "
"I</dev/cpuset>."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:960
+#: build/C/man7/cpuset.7:961
msgid ""
"For instance, a process can put itself in some other cpuset (than its "
"current one) if it can write the I<tasks> file for that cpuset. This "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:967
+#: build/C/man7/cpuset.7:968
msgid ""
"An additional constraint is applied to requests to place some other process "
"in a cpuset. One process may not attach another to a cpuset unless it would "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:978
+#: build/C/man7/cpuset.7:979
msgid ""
"A process may create a child cpuset if it can access and write the parent "
"cpuset directory. It can modify the CPUs or memory nodes in a cpuset if it "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:999
+#: build/C/man7/cpuset.7:1000
msgid ""
"There is one minor difference between the manner in which these permissions "
-"are evaluated and the manner in which normal file-system operation "
+"are evaluated and the manner in which normal filesystem operation "
"permissions are evaluated. The kernel interprets relative pathnames "
"starting at a process's current working directory. Even if one is operating "
"on a cpuset file, relative pathnames are interpreted relative to the "
"cpuset can be used are if either the process's current working directory is "
"its cpuset (it first did a B<cd> or B<chdir>(2) to its cpuset directory "
"beneath I</dev/cpuset>, which is a bit unusual) or if some user code "
-"converts the relative cpuset path to a full file-system path."
+"converts the relative cpuset path to a full filesystem path."
msgstr ""
#. ================== WARNINGS ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:1014
+#: build/C/man7/cpuset.7:1015
msgid ""
"In theory, this means that user code should specify cpusets using absolute "
-"pathnames, which requires knowing the mount point of the cpuset file system "
+"pathnames, which requires knowing the mount point of the cpuset filesystem "
"(usually, but not necessarily, I</dev/cpuset>). In practice, all user level "
-"code that this author is aware of simply assumes that if the cpuset file "
-"system is mounted, then it is mounted at I</dev/cpuset>. Furthermore, it is "
-"common practice for carefully written user code to verify the presence of "
-"the pseudo-file I</dev/cpuset/tasks> in order to verify that the cpuset "
-"pseudo-file system is currently mounted."
+"code that this author is aware of simply assumes that if the cpuset "
+"filesystem is mounted, then it is mounted at I</dev/cpuset>. Furthermore, "
+"it is common practice for carefully written user code to verify the presence "
+"of the pseudo-file I</dev/cpuset/tasks> in order to verify that the cpuset "
+"pseudo-filesystem is currently mounted."
msgstr ""
#. type: SH
-#: build/C/man7/cpuset.7:1014
+#: build/C/man7/cpuset.7:1015
#, no-wrap
msgid "WARNINGS"
msgstr ""
#. type: SS
-#: build/C/man7/cpuset.7:1015
+#: build/C/man7/cpuset.7:1016
#, no-wrap
msgid "Enabling memory_pressure"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1024
+#: build/C/man7/cpuset.7:1025
msgid ""
-"By default, the per-cpuset file I<memory_pressure> always contains zero "
-"(0). Unless this feature is enabled by writing \"1\" to the pseudo-file I</"
-"dev/cpuset/memory_pressure_enabled>, the kernel does not compute per-cpuset "
-"I<memory_pressure>."
+"By default, the per-cpuset file I<cpuset.memory_pressure> always contains "
+"zero (0). Unless this feature is enabled by writing \"1\" to the pseudo-"
+"file I</dev/cpuset/cpuset.memory_pressure_enabled>, the kernel does not "
+"compute per-cpuset I<memory_pressure>."
msgstr ""
#. type: SS
-#: build/C/man7/cpuset.7:1024
+#: build/C/man7/cpuset.7:1025
#, no-wrap
msgid "Using the echo command"
msgstr ""
#. Gack! csh(1)'s echo does this
#. type: Plain text
-#: build/C/man7/cpuset.7:1035
+#: build/C/man7/cpuset.7:1036
msgid ""
"When using the B<echo> command at the shell prompt to change the values of "
"cpuset files, beware that the built-in B<echo> command in some shells does "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1039
+#: build/C/man7/cpuset.7:1040
#, no-wrap
-msgid "echo 19 E<gt> mems\n"
-msgstr "echo 19 E<gt> mems\n"
+msgid "echo 19 E<gt> cpuset.mems\n"
+msgstr "echo 19 E<gt> cpuset.mems\n"
#. type: Plain text
-#: build/C/man7/cpuset.7:1052
+#: build/C/man7/cpuset.7:1053
msgid ""
"failed because memory node 19 was not allowed (perhaps the current system "
"does not have a memory node 19), then the B<echo> command might not display "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1057
+#: build/C/man7/cpuset.7:1058
#, no-wrap
msgid ""
-"/bin/echo 19 E<gt> mems\n"
+"/bin/echo 19 E<gt> cpuset.mems\n"
"/bin/echo: write error: Invalid argument\n"
msgstr ""
-"/bin/echo 19 E<gt> mems\n"
+"/bin/echo 19 E<gt> cpuset.mems\n"
"/bin/echo: write error: Invalid argument\n"
#. ================== EXCEPTIONS ==================
#. type: SH
-#: build/C/man7/cpuset.7:1060
+#: build/C/man7/cpuset.7:1061
#, no-wrap
msgid "EXCEPTIONS"
msgstr ""
#. type: SS
-#: build/C/man7/cpuset.7:1061
+#: build/C/man7/cpuset.7:1062
#, no-wrap
msgid "Memory placement"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1064
+#: build/C/man7/cpuset.7:1065
msgid ""
"Not all allocations of system memory are constrained by cpusets, for the "
"following reasons."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1079
+#: build/C/man7/cpuset.7:1080
msgid ""
"If hot-plug functionality is used to remove all the CPUs that are currently "
"assigned to a cpuset, then the kernel will automatically update the "
"available, a similar exception is expected to apply there as well. In "
"general, the kernel prefers to violate cpuset placement, rather than "
"starving a process that has had all its allowed CPUs or memory nodes taken "
-"offline. User code should reconfigure cpusets to only refer to online CPUs "
+"offline. User code should reconfigure cpusets to refer only to online CPUs "
"and memory nodes when using hot-plug to add or remove such resources."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1087
+#: build/C/man7/cpuset.7:1088
msgid ""
"A few kernel-critical, internal memory-allocation requests, marked "
"GFP_ATOMIC, must be satisfied immediately. The kernel may drop some request "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1091
+#: build/C/man7/cpuset.7:1092
msgid ""
"Allocations of memory requested by kernel drivers while processing an "
"interrupt lack any relevant process context, and are not confined by cpusets."
msgstr ""
#. type: SS
-#: build/C/man7/cpuset.7:1091
+#: build/C/man7/cpuset.7:1092
#, no-wrap
msgid "Renaming cpusets"
msgstr ""
#. ================== ERRORS ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:1099
+#: build/C/man7/cpuset.7:1100
msgid ""
"You can use the B<rename>(2) system call to rename cpusets. Only simple "
"renaming is supported; that is, changing the name of a cpuset directory is "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1103
+#: build/C/man7/cpuset.7:1104
msgid ""
"The Linux kernel implementation of cpusets sets I<errno> to specify the "
"reason for a failed system call affecting cpusets."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1108
+#: build/C/man7/cpuset.7:1109
msgid ""
"The possible I<errno> settings and their meaning when set on a failed cpuset "
"call are as listed below."
msgstr ""
#. type: TP
-#: build/C/man7/cpuset.7:1108
+#: build/C/man7/cpuset.7:1109
#, no-wrap
msgid "B<E2BIG>"
msgstr "B<E2BIG>"
#. type: Plain text
-#: build/C/man7/cpuset.7:1115
+#: build/C/man7/cpuset.7:1116
msgid ""
"Attempted a B<write>(2) on a special cpuset file with a length larger than "
"some kernel-determined upper limit on the length of such writes."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1122
+#: build/C/man7/cpuset.7:1123
msgid ""
"Attempted to B<write>(2) the process ID (PID) of a process to a cpuset "
"I<tasks> file when one lacks permission to move that process."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1128
+#: build/C/man7/cpuset.7:1129
msgid ""
"Attempted to add, using B<write>(2), a CPU or memory node to a cpuset, when "
"that CPU or memory node was not already in its parent."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1136
+#: build/C/man7/cpuset.7:1137
msgid ""
-"Attempted to set, using B<write>(2), I<cpu_exclusive> or I<mem_exclusive> on "
-"a cpuset whose parent lacks the same setting."
+"Attempted to set, using B<write>(2), I<cpuset.cpu_exclusive> or I<cpuset."
+"mem_exclusive> on a cpuset whose parent lacks the same setting."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1143
-msgid "Attempted to B<write>(2) a I<memory_pressure> file."
+#: build/C/man7/cpuset.7:1144
+msgid "Attempted to B<write>(2) a I<cpuset.memory_pressure> file."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1146
+#: build/C/man7/cpuset.7:1147
msgid "Attempted to create a file in a cpuset directory."
msgstr ""
#. type: TP
-#: build/C/man7/cpuset.7:1146 build/C/man7/cpuset.7:1151
-#: build/C/man7/cpuset.7:1156
+#: build/C/man7/cpuset.7:1147 build/C/man7/cpuset.7:1152
+#: build/C/man7/cpuset.7:1157
#, no-wrap
msgid "B<EBUSY>"
msgstr "B<EBUSY>"
#. type: Plain text
-#: build/C/man7/cpuset.7:1151
+#: build/C/man7/cpuset.7:1152
msgid ""
"Attempted to remove, using B<rmdir>(2), a cpuset with attached processes."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1156
+#: build/C/man7/cpuset.7:1157
msgid "Attempted to remove, using B<rmdir>(2), a cpuset with child cpusets."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1161
+#: build/C/man7/cpuset.7:1162
msgid ""
"Attempted to remove a CPU or memory node from a cpuset that is also in a "
"child of that cpuset."
msgstr ""
#. type: TP
-#: build/C/man7/cpuset.7:1161 build/C/man7/cpuset.7:1166
+#: build/C/man7/cpuset.7:1162 build/C/man7/cpuset.7:1167
#, no-wrap
msgid "B<EEXIST>"
msgstr "B<EEXIST>"
#. type: Plain text
-#: build/C/man7/cpuset.7:1166
+#: build/C/man7/cpuset.7:1167
msgid "Attempted to create, using B<mkdir>(2), a cpuset that already exists."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1171
+#: build/C/man7/cpuset.7:1172
msgid "Attempted to B<rename>(2) a cpuset to a name that already exists."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1179
+#: build/C/man7/cpuset.7:1180
msgid ""
"Attempted to B<read>(2) or B<write>(2) a cpuset file using a buffer that "
"is outside the writing processes accessible address space."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1188
+#: build/C/man7/cpuset.7:1189
msgid ""
"Attempted to change a cpuset, using B<write>(2), in a way that would violate "
"a I<cpu_exclusive> or I<mem_exclusive> attribute of that cpuset or any of "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1197
+#: build/C/man7/cpuset.7:1198
msgid ""
-"Attempted to B<write>(2) an empty I<cpus> or I<mems> list to a cpuset which "
-"has attached processes or child cpusets."
+"Attempted to B<write>(2) an empty I<cpuset.cpus> or I<cpuset.mems> list to "
+"a cpuset which has attached processes or child cpusets."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1207
+#: build/C/man7/cpuset.7:1208
msgid ""
-"Attempted to B<write>(2) a I<cpus> or I<mems> list which included a range "
-"with the second number smaller than the first number."
+"Attempted to B<write>(2) a I<cpuset.cpus> or I<cpuset.mems> list which "
+"included a range with the second number smaller than the first number."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1216
+#: build/C/man7/cpuset.7:1217
msgid ""
-"Attempted to B<write>(2) a I<cpus> or I<mems> list which included an "
-"invalid character in the string."
+"Attempted to B<write>(2) a I<cpuset.cpus> or I<cpuset.mems> list which "
+"included an invalid character in the string."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1223
+#: build/C/man7/cpuset.7:1224
msgid ""
-"Attempted to B<write>(2) a list to a I<cpus> file that did not include any "
-"online CPUs."
+"Attempted to B<write>(2) a list to a I<cpuset.cpus> file that did not "
+"include any online CPUs."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1230
+#: build/C/man7/cpuset.7:1231
msgid ""
-"Attempted to B<write>(2) a list to a I<mems> file that did not include any "
-"online memory nodes."
+"Attempted to B<write>(2) a list to a I<cpuset.mems> file that did not "
+"include any online memory nodes."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1237
+#: build/C/man7/cpuset.7:1238
msgid ""
-"Attempted to B<write>(2) a list to a I<mems> file that included a node that "
-"held no memory."
+"Attempted to B<write>(2) a list to a I<cpuset.mems> file that included a "
+"node that held no memory."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1245
+#: build/C/man7/cpuset.7:1246
msgid ""
"Attempted to B<write>(2) a string to a cpuset I<tasks> file that does not "
"begin with an ASCII decimal integer."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1250
+#: build/C/man7/cpuset.7:1251
msgid "Attempted to B<rename>(2) a cpuset into a different directory."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1257
+#: build/C/man7/cpuset.7:1258
msgid ""
"Attempted to B<read>(2) a I</proc/E<lt>pidE<gt>/cpuset> file for a cpuset "
"path that is longer than the kernel page size."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1262
+#: build/C/man7/cpuset.7:1263
msgid ""
"Attempted to create, using B<mkdir>(2), a cpuset whose base directory name "
"is longer than 255 characters."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1269
+#: build/C/man7/cpuset.7:1270
msgid ""
"Attempted to create, using B<mkdir>(2), a cpuset whose full pathname, "
"including the mount point (typically \"/dev/cpuset/\") prefix, is longer "
msgstr ""
#. type: TP
-#: build/C/man7/cpuset.7:1269
+#: build/C/man7/cpuset.7:1270
#, no-wrap
msgid "B<ENODEV>"
msgstr "B<ENODEV>"
#. type: Plain text
-#: build/C/man7/cpuset.7:1274
+#: build/C/man7/cpuset.7:1275
msgid ""
"The cpuset was removed by another process at the same time as a B<write>(2) "
"was attempted on one of the pseudo-files in the cpuset directory."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1279
+#: build/C/man7/cpuset.7:1280
msgid ""
"Attempted to create, using B<mkdir>(2), a cpuset in a parent cpuset that "
"doesn't exist."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1286
+#: build/C/man7/cpuset.7:1287
msgid ""
"Attempted to B<access>(2) or B<open>(2) a nonexistent file in a cpuset "
"directory."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1291
+#: build/C/man7/cpuset.7:1292
msgid ""
"Insufficient memory is available within the kernel; can occur on a variety "
"of system calls affecting cpusets, but only if the system is extremely short "
msgstr ""
#. type: TP
-#: build/C/man7/cpuset.7:1291 build/C/man7/cpuset.7:1303
+#: build/C/man7/cpuset.7:1292 build/C/man7/cpuset.7:1304
#, no-wrap
msgid "B<ENOSPC>"
msgstr "B<ENOSPC>"
#. type: Plain text
-#: build/C/man7/cpuset.7:1303
+#: build/C/man7/cpuset.7:1304
msgid ""
"Attempted to B<write>(2) the process ID (PID) of a process to a cpuset "
-"I<tasks> file when the cpuset had an empty I<cpus> or empty I<mems> setting."
+"I<tasks> file when the cpuset had an empty I<cpuset.cpus> or empty I<cpuset."
+"mems> setting."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1313
+#: build/C/man7/cpuset.7:1314
msgid ""
-"Attempted to B<write>(2) an empty I<cpus> or I<mems> setting to a cpuset "
-"that has tasks attached."
+"Attempted to B<write>(2) an empty I<cpuset.cpus> or I<cpuset.mems> setting "
+"to a cpuset that has tasks attached."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1318
+#: build/C/man7/cpuset.7:1319
msgid "Attempted to B<rename>(2) a nonexistent cpuset."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1321
+#: build/C/man7/cpuset.7:1322
msgid "Attempted to remove a file from a cpuset directory."
msgstr ""
#. type: TP
-#: build/C/man7/cpuset.7:1321
+#: build/C/man7/cpuset.7:1322
#, no-wrap
msgid "B<ERANGE>"
msgstr "B<ERANGE>"
#. type: Plain text
-#: build/C/man7/cpuset.7:1329
+#: build/C/man7/cpuset.7:1330
msgid ""
-"Specified a I<cpus> or I<mems> list to the kernel which included a number "
-"too large for the kernel to set in its bitmasks."
+"Specified a I<cpuset.cpus> or I<cpuset.mems> list to the kernel which "
+"included a number too large for the kernel to set in its bit masks."
msgstr ""
#. ================== VERSIONS ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:1337
+#: build/C/man7/cpuset.7:1338
msgid ""
"Attempted to B<write>(2) the process ID (PID) of a nonexistent process to a "
"cpuset I<tasks> file."
#. ================== NOTES ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:1340
+#: build/C/man7/cpuset.7:1341
msgid "Cpusets appeared in version 2.6.12 of the Linux kernel."
msgstr ""
#. ================== BUGS ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:1351
+#: build/C/man7/cpuset.7:1352
msgid ""
"Despite its name, the I<pid> parameter is actually a thread ID, and each "
"thread in a threaded group can be attached to a different cpuset. The value "
msgstr ""
#. type: SH
-#: build/C/man7/cpuset.7:1351 build/C/man2/getrlimit.2:576
-#: build/C/man2/ioprio_set.2:308 build/C/man2/setfsgid.2:102
-#: build/C/man2/setfsuid.2:102
+#: build/C/man7/cpuset.7:1352 build/C/man2/getpriority.2:225
+#: build/C/man2/getrlimit.2:570 build/C/man2/ioprio_set.2:337
+#: build/C/man2/setfsgid.2:106 build/C/man2/setfsuid.2:114
#, no-wrap
msgid "BUGS"
msgstr "バグ"
#. ================== EXAMPLE ==================
#. type: Plain text
-#: build/C/man7/cpuset.7:1364
+#: build/C/man7/cpuset.7:1365
msgid ""
-"I<memory_pressure> cpuset files can be opened for writing, creation, or "
-"truncation, but then the B<write>(2) fails with I<errno> set to B<EACCES>, "
-"and the creation and truncation options on B<open>(2) have no effect."
+"I<cpuset.memory_pressure> cpuset files can be opened for writing, creation, "
+"or truncation, but then the B<write>(2) fails with I<errno> set to "
+"B<EACCES>, and the creation and truncation options on B<open>(2) have no "
+"effect."
msgstr ""
#. type: SH
-#: build/C/man7/cpuset.7:1364 build/C/man2/getrlimit.2:520
+#: build/C/man7/cpuset.7:1365 build/C/man2/getrlimit.2:703
+#: build/C/man7/namespaces.7:361 build/C/man7/pid_namespaces.7:353
+#: build/C/man7/user_namespaces.7:677 build/C/man2/seccomp.2:476
#, no-wrap
msgid "EXAMPLE"
msgstr "例"
#. type: Plain text
-#: build/C/man7/cpuset.7:1367
+#: build/C/man7/cpuset.7:1368
msgid ""
"The following examples demonstrate querying and setting cpuset options using "
"shell commands."
msgstr ""
#. type: SS
-#: build/C/man7/cpuset.7:1367
+#: build/C/man7/cpuset.7:1368
#, no-wrap
msgid "Creating and attaching to a cpuset."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1370
+#: build/C/man7/cpuset.7:1371
msgid ""
"To create a new cpuset and attach the current command shell to it, the steps "
"are:"
msgstr ""
#. type: IP
-#: build/C/man7/cpuset.7:1372 build/C/man7/cpuset.7:1411
+#: build/C/man7/cpuset.7:1373 build/C/man7/cpuset.7:1412
#, no-wrap
msgid "1)"
msgstr "1)"
#. type: Plain text
-#: build/C/man7/cpuset.7:1374
+#: build/C/man7/cpuset.7:1375
msgid "mkdir /dev/cpuset (if not already done)"
msgstr ""
#. type: IP
-#: build/C/man7/cpuset.7:1374 build/C/man7/cpuset.7:1417
+#: build/C/man7/cpuset.7:1375 build/C/man7/cpuset.7:1418
#, no-wrap
msgid "2)"
msgstr "2)"
#. type: Plain text
-#: build/C/man7/cpuset.7:1376
+#: build/C/man7/cpuset.7:1377
msgid "mount -t cpuset none /dev/cpuset (if not already done)"
msgstr ""
#. type: IP
-#: build/C/man7/cpuset.7:1376 build/C/man7/cpuset.7:1420
+#: build/C/man7/cpuset.7:1377 build/C/man7/cpuset.7:1421
#, no-wrap
msgid "3)"
msgstr "3)"
#. type: Plain text
-#: build/C/man7/cpuset.7:1379
+#: build/C/man7/cpuset.7:1380
msgid "Create the new cpuset using B<mkdir>(1)."
msgstr ""
#. type: IP
-#: build/C/man7/cpuset.7:1379 build/C/man7/cpuset.7:1423
+#: build/C/man7/cpuset.7:1380 build/C/man7/cpuset.7:1424
#, no-wrap
msgid "4)"
msgstr "4)"
#. type: Plain text
-#: build/C/man7/cpuset.7:1381
+#: build/C/man7/cpuset.7:1382
msgid "Assign CPUs and memory nodes to the new cpuset."
msgstr ""
#. type: IP
-#: build/C/man7/cpuset.7:1381 build/C/man7/cpuset.7:1428
+#: build/C/man7/cpuset.7:1382 build/C/man7/cpuset.7:1429
#, no-wrap
msgid "5)"
msgstr "5)"
#. type: Plain text
-#: build/C/man7/cpuset.7:1383
+#: build/C/man7/cpuset.7:1384
msgid "Attach the shell to the new cpuset."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1388
+#: build/C/man7/cpuset.7:1389
msgid ""
"For example, the following sequence of commands will set up a cpuset named "
"\"Charlie\", containing just CPUs 2 and 3, and memory node 1, and then "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1402
+#: build/C/man7/cpuset.7:1403
#, no-wrap
msgid ""
"$B< mkdir /dev/cpuset>\n"
"$B< cd /dev/cpuset>\n"
"$B< mkdir Charlie>\n"
"$B< cd Charlie>\n"
-"$B< /bin/echo 2-3 E<gt> cpus>\n"
-"$B< /bin/echo 1 E<gt> mems>\n"
+"$B< /bin/echo 2-3 E<gt> cpuset.cpus>\n"
+"$B< /bin/echo 1 E<gt> cpuset.mems>\n"
"$B< /bin/echo $$ E<gt> tasks>\n"
"# The current shell is now running in cpuset Charlie\n"
"# The next line should display '/Charlie'\n"
"$B< cd /dev/cpuset>\n"
"$B< mkdir Charlie>\n"
"$B< cd Charlie>\n"
-"$B< /bin/echo 2-3 E<gt> cpus>\n"
-"$B< /bin/echo 1 E<gt> mems>\n"
+"$B< /bin/echo 2-3 E<gt> cpuset.cpus>\n"
+"$B< /bin/echo 1 E<gt> cpuset.mems>\n"
"$B< /bin/echo $$ E<gt> tasks>\n"
"# The current shell is now running in cpuset Charlie\n"
"# The next line should display '/Charlie'\n"
"$B< cat /proc/self/cpuset>\n"
#. type: SS
-#: build/C/man7/cpuset.7:1404
+#: build/C/man7/cpuset.7:1405
#, no-wrap
msgid "Migrating a job to different memory nodes."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1409
+#: build/C/man7/cpuset.7:1410
msgid ""
"To migrate a job (the set of processes attached to a cpuset) to different "
"CPUs and memory nodes in the system, including moving the memory pages "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1417
+#: build/C/man7/cpuset.7:1418
msgid ""
"Let's say we want to move the job in cpuset I<alpha> (CPUs 4-7 and memory "
"nodes 2-3) to a new cpuset I<beta> (CPUs 16-19 and memory nodes 8-9)."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1420
+#: build/C/man7/cpuset.7:1421
msgid "First create the new cpuset I<beta>."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1423
+#: build/C/man7/cpuset.7:1424
msgid "Then allow CPUs 16-19 and memory nodes 8-9 in I<beta>."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1428
+#: build/C/man7/cpuset.7:1429
msgid "Then enable I<memory_migration> in I<beta>."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1433
+#: build/C/man7/cpuset.7:1434
msgid "Then move each process from I<alpha> to I<beta>."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1436
+#: build/C/man7/cpuset.7:1437
msgid "The following sequence of commands accomplishes this."
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1446
+#: build/C/man7/cpuset.7:1447
#, no-wrap
msgid ""
"$B< cd /dev/cpuset>\n"
"$B< mkdir beta>\n"
"$B< cd beta>\n"
-"$B< /bin/echo 16-19 E<gt> cpus>\n"
-"$B< /bin/echo 8-9 E<gt> mems>\n"
-"$B< /bin/echo 1 E<gt> memory_migrate>\n"
+"$B< /bin/echo 16-19 E<gt> cpuset.cpus>\n"
+"$B< /bin/echo 8-9 E<gt> cpuset.mems>\n"
+"$B< /bin/echo 1 E<gt> cpuset.memory_migrate>\n"
"$B< while read i; do /bin/echo $i; done E<lt> ../alpha/tasks E<gt> tasks>\n"
msgstr ""
"$B< cd /dev/cpuset>\n"
"$B< mkdir beta>\n"
"$B< cd beta>\n"
-"$B< /bin/echo 16-19 E<gt> cpus>\n"
-"$B< /bin/echo 8-9 E<gt> mems>\n"
-"$B< /bin/echo 1 E<gt> memory_migrate>\n"
+"$B< /bin/echo 16-19 E<gt> cpuset.cpus>\n"
+"$B< /bin/echo 8-9 E<gt> cpuset.mems>\n"
+"$B< /bin/echo 1 E<gt> cpuset.memory_migrate>\n"
"$B< while read i; do /bin/echo $i; done E<lt> ../alpha/tasks E<gt> tasks>\n"
#. type: Plain text
-#: build/C/man7/cpuset.7:1455
+#: build/C/man7/cpuset.7:1456
msgid ""
"The above should move any processes in I<alpha> to I<beta>, and any memory "
"held by these processes on memory nodes 2-3 to memory nodes 8-9, "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1457
+#: build/C/man7/cpuset.7:1458
msgid "Notice that the last step of the above sequence did not do:"
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1461
+#: build/C/man7/cpuset.7:1462
#, no-wrap
msgid "$B< cp ../alpha/tasks tasks>\n"
msgstr "$B< cp ../alpha/tasks tasks>\n"
#. type: Plain text
-#: build/C/man7/cpuset.7:1472
+#: build/C/man7/cpuset.7:1473
msgid ""
"The I<while> loop, rather than the seemingly easier use of the B<cp>(1) "
"command, was necessary because only one process PID at a time may be written "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1480
+#: build/C/man7/cpuset.7:1481
msgid ""
"The same effect (writing one PID at a time) as the I<while> loop can be "
"accomplished more efficiently, in fewer keystrokes and in syntax that works "
msgstr ""
#. type: Plain text
-#: build/C/man7/cpuset.7:1484
+#: build/C/man7/cpuset.7:1485
#, no-wrap
msgid "$B< sed -un p E<lt> ../alpha/tasks E<gt> tasks>\n"
msgstr "$B< sed -un p E<lt> ../alpha/tasks E<gt> tasks>\n"
#. type: Plain text
-#: build/C/man7/cpuset.7:1501
+#: build/C/man7/cpuset.7:1503
msgid ""
"B<taskset>(1), B<get_mempolicy>(2), B<getcpu>(2), B<mbind>(2), "
"B<sched_getaffinity>(2), B<sched_setaffinity>(2), B<sched_setscheduler>(2), "
-"B<set_mempolicy>(2), B<CPU_SET>(3), B<proc>(5), B<numa>(7), B<migratepages>"
-"(8), B<numactl>(8)"
+"B<set_mempolicy>(2), B<CPU_SET>(3), B<proc>(5), B<numa>(7), B<sched>(7), "
+"B<migratepages>(8), B<numactl>(8)"
msgstr ""
"B<taskset>(1), B<get_mempolicy>(2), B<getcpu>(2), B<mbind>(2), "
"B<sched_getaffinity>(2), B<sched_setaffinity>(2), B<sched_setscheduler>(2), "
-"B<set_mempolicy>(2), B<CPU_SET>(3), B<proc>(5), B<numa>(7), B<migratepages>"
-"(8), B<numactl>(8)"
+"B<set_mempolicy>(2), B<CPU_SET>(3), B<proc>(5), B<numa>(7), B<sched>(7), "
+"B<migratepages>(8), B<numactl>(8)"
#. type: Plain text
-#: build/C/man7/cpuset.7:1504
-msgid "The kernel source file I<Documentation/cpusets.txt>."
-msgstr ""
+#: build/C/man7/cpuset.7:1506
+msgid "I<Documentation/cpusets.txt> in the Linux kernel source tree"
+msgstr "Linux カーネルソース内の I<Documentation/cpusets.txt>"
#. type: TH
-#: build/C/man7/credentials.7:25
+#: build/C/man7/credentials.7:27
#, no-wrap
msgid "CREDENTIALS"
msgstr "CREDENTIALS"
#. type: TH
-#: build/C/man7/credentials.7:25
+#: build/C/man7/credentials.7:27 build/C/man2/setsid.2:31
#, no-wrap
-msgid "2008-06-03"
-msgstr "2008-06-03"
+msgid "2014-12-31"
+msgstr "2014-12-31"
#. type: Plain text
-#: build/C/man7/credentials.7:28
+#: build/C/man7/credentials.7:30
msgid "credentials - process identifiers"
msgstr "credentials - 認証に用いられるプロセスの識別子"
#. type: SS
-#: build/C/man7/credentials.7:29
+#: build/C/man7/credentials.7:31
#, no-wrap
msgid "Process ID (PID)"
msgstr "プロセスID (PID)"
#. type: Plain text
-#: build/C/man7/credentials.7:39
+#: build/C/man7/credentials.7:41
msgid ""
"Each process has a unique nonnegative integer identifier that is assigned "
"when the process is created using B<fork>(2). A process can obtain its PID "
#. .BR waitid (2),
#. .BR wait4 (2),
#. type: Plain text
-#: build/C/man7/credentials.7:60
+#: build/C/man7/credentials.7:62
msgid ""
"PIDs are used in a range of system calls to identify the process affected by "
"the call, for example: B<kill>(2), B<ptrace>(2), B<setpriority>(2) "
"B<setpgid>(2), B<setsid>(2), B<sigqueue>(3), and B<waitpid>(2)."
msgstr ""
"PID は各種のシステムコールでそのシステムコールが作用するプロセスを 特定するた"
-"めに使用される。以下に例を挙げる: B<kill>(2), B<ptrace>(2), B<setpriority>"
-"(2), B<setpgid>(2), B<setsid>(2), B<sigqueue>(3), B<waitpid>(2)."
+"めに使用される。以下に例を挙げる: B<kill>(2), B<ptrace>(2), "
+"B<setpriority>(2), B<setpgid>(2), B<setsid>(2), B<sigqueue>(3), "
+"B<waitpid>(2)."
#. type: Plain text
-#: build/C/man7/credentials.7:63
+#: build/C/man7/credentials.7:65
msgid "A process's PID is preserved across an B<execve>(2)."
msgstr "プロセスの PID は B<execve>(2) の前後で不変である。"
#. type: SS
-#: build/C/man7/credentials.7:63
+#: build/C/man7/credentials.7:65
#, no-wrap
-msgid "Parent Process ID (PPID)"
+msgid "Parent process ID (PPID)"
msgstr "親プロセス ID (PPID)"
#. type: Plain text
-#: build/C/man7/credentials.7:71
+#: build/C/man7/credentials.7:73
msgid ""
"A process's parent process ID identifies the process that created this "
-"process using B<fork>(2). A process can obtain its PPID using B<getppid>"
-"(2). A PPID is represented using the type I<pid_t>."
+"process using B<fork>(2). A process can obtain its PPID using "
+"
B<getppid>(2). A PPID is represented using the type I<pid_t>."
msgstr ""
"プロセスの親プロセスの ID は、 B<fork>(2) を使ってそのプロセスを生成したプロ"
"セスを示す。 プロセスは B<getppid>(2) を使って自分の PPID を取得できる。 "
"PPID は I<pid_t> 型で表現される。"
#. type: Plain text
-#: build/C/man7/credentials.7:74
+#: build/C/man7/credentials.7:76
msgid "A process's PPID is preserved across an B<execve>(2)."
msgstr "プロセスの PPID は B<execve>(2) の前後で不変である。"
#. type: SS
-#: build/C/man7/credentials.7:74
+#: build/C/man7/credentials.7:76
#, no-wrap
-msgid "Process Group ID and Session ID"
+msgid "Process group ID and session ID"
msgstr "プロセスグループ ID とセッション ID"
#. type: Plain text
-#: build/C/man7/credentials.7:82
+#: build/C/man7/credentials.7:84
msgid ""
"Each process has a session ID and a process group ID, both represented using "
"the type I<pid_t>. A process can obtain its session ID using B<getsid>(2), "
"and its process group ID using B<getpgrp>(2)."
msgstr ""
"各プロセスはセッション ID とプロセスグループ ID を持つ。 これらの ID はどちら"
-"も I<pid_t> 型で表現される。 プロセスは、それぞれ B<getsid>(2), B<getpgrp>"
-"(2) を使って自分のセッション ID、プロセスグループ ID を取得できる。"
+"も I<pid_t> 型で表現される。 プロセスは、それぞれ B<getsid>(2), "
+"B<getpgrp>(2) を使って自分のセッション ID、プロセスグループ ID を取得でき"
+"る。"
#. type: Plain text
-#: build/C/man7/credentials.7:88
+#: build/C/man7/credentials.7:90
msgid ""
"A child created by B<fork>(2) inherits its parent's session ID and process "
"group ID. A process's session ID and process group ID are preserved across "
"B<execve>(2) の前後で不変である。"
#. type: Plain text
-#: build/C/man7/credentials.7:101
+#: build/C/man7/credentials.7:103
msgid ""
"Sessions and process groups are abstractions devised to support shell job "
"control. A process group (sometimes called a \"job\") is a collection of "
"ID と同じプロセスは、 そのグループの「プロセスグループ・リーダー」である。"
#. type: Plain text
-#: build/C/man7/credentials.7:113
+#: build/C/man7/credentials.7:115
msgid ""
"A session is a collection of processes that share the same session ID. All "
"of the members of a process group also have the same session ID (i.e., all "
"プロセスグループの全メンバーは同じセッション ID を持つ (つまり、一つのプロセ"
"スグループのメンバーは全て同じセッションに所属し、 これにより、セッションとプ"
"ロセスグループで二階層のプロセス階層が形成できる)。 新たなセッションの生成は"
-"プロセスが B<setsid>(2) を呼び出すことで行う。 B<setsid>(2) は、 B<setsid>"
-"(2) を呼び出したプロセスの PID と同じ値のセッション ID を持つ 新たなセッショ"
-"ンを生成する。 セッションの生成者は「セッション・リーダー」と呼ばれる。"
+"プロセスが B<setsid>(2) を呼び出すことで行う。 B<setsid>(2) は、 "
+"B<setsid>(2) を呼び出したプロセスの PID と同じ値のセッション ID を持つ 新た"
+"なセッションを生成する。 セッションの生成者は「セッション・リーダー」と呼ばれ"
+"る。"
+
+#. type: Plain text
+#: build/C/man7/credentials.7:124
+msgid ""
+"All of the processes in a session share a I<controlling terminal>. The "
+"controlling terminal is established when the session leader first opens a "
+"terminal (unless the B<O_NOCTTY> flag is specified when calling "
+"B<open>(2)). A terminal may be the controlling terminal of at most one "
+"session."
+msgstr ""
+"あるセッションの全プロセスは一つの I<制御端末> を共有する。 セッションリー"
+"ダーが最初に端末をオープンした際に制御端末は設定される (B<open>(2) の呼び出し"
+"で B<O_NOCTTY> フラグが指定された場合を除く)。 一つの端末は、最大でも一つの"
+"セッションの制御端末にしかなれない。"
+
+#. type: Plain text
+#: build/C/man7/credentials.7:146
+msgid ""
+"At most one of the jobs in a session may be the I<foreground job>; other "
+"jobs in the session are I<background jobs>. Only the foreground job may "
+"read from the terminal; when a process in the background attempts to read "
+"from the terminal, its process group is sent a B<SIGTTIN> signal, which "
+"suspends the job. If the B<TOSTOP> flag has been set for the terminal (see "
+"B<termios>(3)), then only the foreground job may write to the terminal; "
+"writes from background job cause a B<SIGTTOU> signal to be generated, which "
+"suspends the job. When terminal keys that generate a signal (such as the "
+"I<interrupt> key, normally control-C) are pressed, the signal is sent to "
+"the processes in the foreground job."
+msgstr ""
+"一つのセッションのジョブの中で、I<フォアグラウンドジョブ>になれるのは最大でも"
+"一つで、そのセッションの他のジョブはI<バックグラウンドジョブ>である。 フォア"
+"グラウンドジョブだけが端末からの読み込みを行える。 バックグラウンドのプロセス"
+"が端末から読み込みを行おうとした場合、 フォアグラウンドジョブを停止させるシグ"
+"ナルである B<SIGTTIN> が所属するプロセスグループに対して送信される。 端末に "
+"B<TOSTOP> フラグがセットされていた場合 (B<termios>(3) 参照)、 フォアグラウン"
+"ドジョブだけが端末への書き込みを行える。 バックグラウンドのプロセスが端末への"
+"書き込みを行おうとした場合、 フォアグラウンドジョブを停止させるシグナルであ"
+"る B<SIGTTOU> が生成される。 シグナルを生成する端末キー (例えば I<中断>キー、"
+"通常は control-C) が押された場合、 そのシグナルはフォアグラウンドジョブのプロ"
+"セスに送信される。"
+
+#. type: Plain text
+#: build/C/man7/credentials.7:167
+msgid ""
+"Various system calls and library functions may operate on all members of a "
+"process group, including B<kill>(2), B<killpg>(2), B<getpriority>(2), "
+"B<setpriority>(2), B<ioprio_get>(2), B<ioprio_set>(2), B<waitid>(2), and "
+"B<waitpid>(2). See also the discussion of the B<F_GETOWN>, B<F_GETOWN_EX>, "
+"B<F_SETOWN>, and B<F_SETOWN_EX> operations in B<fcntl>(2)."
+msgstr ""
+"様々なシステムコールやライブラリ関数で、プロセスグループの全メンバーに対して"
+"操作を行うことができる。 例えば、 B<kill>(2), B<killpg>(2), "
+"B<getpriority>(2), B<setpriority>(2), B<ioprio_get>(2), B<ioprio_set>(2), "
+"B<waitid>(2), B<waitpid>(2) など。 B<fcntl>(2) の操作 B<F_GETOWN>, "
+"B<F_GETOWN_EX>, B<F_SETOWN>, B<F_SETOWN_EX> の議論も参照。"
#. type: SS
-#: build/C/man7/credentials.7:113
+#: build/C/man7/credentials.7:167
#, no-wrap
-msgid "User and Group Identifiers"
+msgid "User and group identifiers"
msgstr "ユーザ ID とグループ ID"
#. type: Plain text
-#: build/C/man7/credentials.7:121
+#: build/C/man7/credentials.7:175
msgid ""
"Each process has various associated user and groups IDs. These IDs are "
"integers, respectively represented using the types I<uid_t> and I<gid_t> "
"types.hE<gt>> で定義されている)。"
#. type: Plain text
-#: build/C/man7/credentials.7:123
+#: build/C/man7/credentials.7:177
msgid "On Linux, each process has the following user and group identifiers:"
msgstr ""
"Linux では、各プロセスは以下のような種類のユーザ ID とグループ ID を持つ。"
#. type: Plain text
-#: build/C/man7/credentials.7:129
+#: build/C/man7/credentials.7:183
msgid ""
"Real user ID and real group ID. These IDs determine who owns the process. "
-"A process can obtain its real user (group) ID using B<getuid>(2) (B<getgid>"
-"(2))."
+"A process can obtain its real user (group) ID using B<getuid>(2) "
+"(B<getgid>(2))."
msgstr ""
"実ユーザ ID と実グループ ID。 これらの ID によりプロセスの所有者が決定され"
"る。 プロセスが自分の実ユーザ ID、実グループ ID を取得するには、それぞれ "
"B<getuid>(2), B<getgid>(2) を使用する。"
#. type: Plain text
-#: build/C/man7/credentials.7:141
+#: build/C/man7/credentials.7:195
msgid ""
"Effective user ID and effective group ID. These IDs are used by the kernel "
"to determine the permissions that the process will have when accessing "
"shared resources such as message queues, shared memory, and semaphores. On "
"most UNIX systems, these IDs also determine the permissions when accessing "
-"files. However, Linux uses the file system IDs described below for this "
-"task. A process can obtain its effective user (group) ID using B<geteuid>"
-"(2) (B<getegid>(2))."
+"files. However, Linux uses the filesystem IDs described below for this "
+"task. A process can obtain its effective user (group) ID using "
+"B<geteuid>(2) (B<getegid>(2))."
msgstr ""
"実効ユーザ ID と実効グループ ID。 これらの ID は、メッセージキュー、共有メモ"
"リ、セマフォなどの 共有リソースにアクセスしようとした際にそのプロセスがアクセ"
"プ ID を取得するには、それぞれ B<geteuid>(2), B<getegid>(2) を使用する。"
#. type: Plain text
-#: build/C/man7/credentials.7:163
+#: build/C/man7/credentials.7:217
msgid ""
"Saved set-user-ID and saved set-group-ID. These IDs are used in set-user-ID "
"and set-group-ID programs to save a copy of the corresponding effective IDs "
"る。"
#. type: Plain text
-#: build/C/man7/credentials.7:180
+#: build/C/man7/credentials.7:234
msgid ""
-"File system user ID and file system group ID (Linux-specific). These IDs, "
-"in conjunction with the supplementary group IDs described below, are used to "
+"Filesystem user ID and filesystem group ID (Linux-specific). These IDs, in "
+"conjunction with the supplementary group IDs described below, are used to "
"determine permissions for accessing files; see B<path_resolution>(7) for "
"details. Whenever a process's effective user (group) ID is changed, the "
-"kernel also automatically changes the file system user (group) ID to the "
-"same value. Consequently, the file system IDs normally have the same values "
-"as the corresponding effective ID, and the semantics for file-permission "
-"checks are thus the same on Linux as on other UNIX systems. The file system "
-"IDs can be made to differ from the effective IDs by calling B<setfsuid>(2) "
-"and B<setfsgid>(2)."
+"kernel also automatically changes the filesystem user (group) ID to the same "
+"value. Consequently, the filesystem IDs normally have the same values as "
+"the corresponding effective ID, and the semantics for file-permission checks "
+"are thus the same on Linux as on other UNIX systems. The filesystem IDs can "
+"be made to differ from the effective IDs by calling B<setfsuid>(2) and "
+"B<setfsgid>(2)."
msgstr ""
"ファイルシステム・ユーザ ID とファイルシステム・グループ ID (Linux 固有)。 こ"
"れらの ID は、後述の補助グループ ID と組み合わせて使用され、 ファイルへのアク"
#. /proc/sys/kernel/ngroups_max.
#. As at 2.6.22-rc2, this file is still read-only.
#. type: Plain text
-#: build/C/man7/credentials.7:199
+#: build/C/man7/credentials.7:253
msgid ""
"Supplementary group IDs. This is a set of additional group IDs that are "
"used for permission checks when accessing files and other shared resources. "
"最大で 32 である。 カーネル 2.6.4 以降では、一つのプロセスあたりの 補助グルー"
"プのメンバー数は最大で 65536 である。 I<sysconf(_SC_NGROUPS_MAX)> を呼び出す"
"ことで、あるプロセスがメンバーとなることができる可能性のある 補助グループ数を"
-"知ることができる。 プロセスは、自分の補助グループ ID の集合を B<getgroups>"
-"(2) で取得でき、 B<setgroups>(2) で集合を変更できる。"
+"知ることができる。 プロセスは、自分の補助グループ ID の集合を "
+"B<getgroups>(2) で取得でき、 B<setgroups>(2) で集合を変更できる。"
#. type: Plain text
-#: build/C/man7/credentials.7:209
+#: build/C/man7/credentials.7:263
msgid ""
"A child process created by B<fork>(2) inherits copies of its parent's user "
"and groups IDs. During an B<execve>(2), a process's real user and group ID "
"(B<execve>(2) で説明されている)。"
#. type: Plain text
-#: build/C/man7/credentials.7:212
+#: build/C/man7/credentials.7:266
msgid ""
"Aside from the purposes noted above, a process's user IDs are also employed "
"in a number of other contexts:"
msgstr "上記の目的以外にも、プロセスのユーザ ID は他の様々な場面で利用される。"
#. type: Plain text
-#: build/C/man7/credentials.7:215
-msgid ""
-"when determining the permissions for sending signals\\(emsee B<kill>(2);"
-msgstr "シグナルを送る許可の判定時\\(em B<kill>(2) 参照。"
+#: build/C/man7/credentials.7:269
+msgid "when determining the permissions for sending signals (see B<kill>(2));"
+msgstr "シグナルを送る許可の判定時 (B<kill>(2) 参照)"
#. type: Plain text
-#: build/C/man7/credentials.7:225
+#: build/C/man7/credentials.7:280
msgid ""
"when determining the permissions for setting process-scheduling parameters "
"(nice value, real time scheduling policy and priority, CPU affinity, I/O "
"priority) using B<setpriority>(2), B<sched_setaffinity>(2), "
-"B<sched_setscheduler>(2), B<sched_setparam>(2), and B<ioprio_set>(2);"
+"B<sched_setscheduler>(2), B<sched_setparam>(2), B<sched_setattr>(2), and "
+"B<ioprio_set>(2);"
msgstr ""
"プロセスのスケジューリング関連のパラメータ (nice 値、 リアルタイム・スケ"
"ジューリングポリシーや優先度、CPU affinity、 入出力優先度) の設定許可の判定"
"時。 スケジューリング関連のパラメータ設定には B<setpriority>(2), "
"B<sched_setaffinity>(2), B<sched_setscheduler>(2), B<sched_setparam>(2), "
-"B<ioprio_set>(2) が使用される。"
+"B<sched_setattr>(2), B<ioprio_set>(2) が使用される。"
#. type: Plain text
-#: build/C/man7/credentials.7:228
-msgid "when checking resource limits; see B<getrlimit>(2);"
-msgstr "リソース上限のチェック時。 B<getrlimit>(2) 参照。"
+#: build/C/man7/credentials.7:283
+msgid "when checking resource limits (see B<getrlimit>(2));"
+msgstr "リソース上限のチェック時 (B<getrlimit>(2) 参照)"
#. type: Plain text
-#: build/C/man7/credentials.7:232
+#: build/C/man7/credentials.7:287
msgid ""
"when checking the limit on the number of inotify instances that the process "
-"may create; see B<inotify>(7)."
+"may create (see B<inotify>(7))."
msgstr ""
-"プロセスが生成できる inotify インスタンス数の上限のチェック時。 B<inotify>"
-"(7) 参照。"
+"プロセスが生成できる inotify インスタンス数の上限のチェック時 (B<inotify>(7) "
+"参照)"
#. type: Plain text
-#: build/C/man7/credentials.7:238
+#: build/C/man7/credentials.7:293
msgid ""
"Process IDs, parent process IDs, process group IDs, and session IDs are "
"specified in POSIX.1-2001. The real, effective, and saved set user and "
"groups IDs, and the supplementary group IDs, are specified in POSIX.1-2001. "
-"The file system user and group IDs are a Linux extension."
+"The filesystem user and group IDs are a Linux extension."
msgstr ""
"プロセス ID、親プロセス ID、プロセスグループ ID、セッション ID は "
"POSIX.1-2001 で規定されている。 実 ID、実効 ID、保存セット ID のユーザ ID / "
"ルシステム・ユーザ ID / グループ ID は Linux による拡張である。"
#. type: Plain text
-#: build/C/man7/credentials.7:249
+#: build/C/man7/credentials.7:304
msgid ""
"The POSIX threads specification requires that credentials are shared by all "
"of the threads in a process. However, at the kernel level, Linux maintains "
"れることを保証する ための処理を行っている。"
#. type: Plain text
-#: build/C/man7/credentials.7:280
-msgid ""
-"B<bash>(1), B<csh>(1), B<ps>(1), B<access>(2), B<execve>(2), B<faccessat>"
-"(2), B<fork>(2), B<getpgrp>(2), B<getpid>(2), B<getppid>(2), B<getsid>(2), "
-"B<kill>(2), B<killpg>(2), B<setegid>(2), B<seteuid>(2), B<setfsgid>(2), "
-"B<setfsuid>(2), B<setgid>(2), B<setgroups>(2), B<setresgid>(2), B<setresuid>"
-"(2), B<setuid>(2), B<waitpid>(2), B<euidaccess>(3), B<initgroups>(3), "
-"B<tcgetpgrp>(3), B<tcsetpgrp>(3), B<capabilities>(7), B<path_resolution>(7), "
-"B<unix>(7)"
-msgstr ""
-"B<bash>(1), B<csh>(1), B<ps>(1), B<access>(2), B<execve>(2), B<faccessat>"
-"(2), B<fork>(2), B<getpgrp>(2), B<getpid>(2), B<getppid>(2), B<getsid>(2), "
-"B<kill>(2), B<killpg>(2), B<setegid>(2), B<seteuid>(2), B<setfsgid>(2), "
-"B<setfsuid>(2), B<setgid>(2), B<setgroups>(2), B<setresgid>(2), B<setresuid>"
-"(2), B<setuid>(2), B<waitpid>(2), B<euidaccess>(3), B<initgroups>(3), "
-"B<tcgetpgrp>(3), B<tcsetpgrp>(3), B<capabilities>(7), B<path_resolution>(7), "
-"B<unix>(7)"
+#: build/C/man7/credentials.7:340
+msgid ""
+"B<bash>(1), B<csh>(1), B<ps>(1), B<access>(2), B<execve>(2), "
+"B<faccessat>(2), B<fork>(2), B<getgroups>(2), B<getpgrp>(2), B<getpid>(2), "
+"B<getppid>(2), B<getsid>(2), B<kill>(2), B<killpg>(2), B<setegid>(2), "
+"B<seteuid>(2), B<setfsgid>(2), B<setfsuid>(2), B<setgid>(2), "
+"B<setgroups>(2), B<setresgid>(2), B<setresuid>(2), B<setuid>(2), "
+"B<waitpid>(2), B<euidaccess>(3), B<initgroups>(3), B<tcgetpgrp>(3), "
+"B<tcsetpgrp>(3), B<capabilities>(7), B<namespaces>(7), "
+"B<path_resolution>(7), B<pid_namespaces>(7), B<signal>(7), "
+"B<user_namespaces>(7), B<unix>(7)"
+msgstr ""
+"B<bash>(1), B<csh>(1), B<ps>(1), B<access>(2), B<execve>(2), "
+"B<faccessat>(2), B<fork>(2), B<getgroups>(2), B<getpgrp>(2), B<getpid>(2), "
+"B<getppid>(2), B<getsid>(2), B<kill>(2), B<killpg>(2), B<setegid>(2), "
+"B<seteuid>(2), B<setfsgid>(2), B<setfsuid>(2), B<setgid>(2), "
+"B<setgroups>(2), B<setresgid>(2), B<setresuid>(2), B<setuid>(2), "
+"B<waitpid>(2), B<euidaccess>(3), B<initgroups>(3), B<tcgetpgrp>(3), "
+"B<tcsetpgrp>(3), B<capabilities>(7), B<namespaces>(7), "
+"B<path_resolution>(7), B<pid_namespaces>(7), B<signal>(7), "
+"B<user_namespaces>(7), B<unix>(7)"
#. type: TH
#: build/C/man2/getgid.2:25
msgstr "GETGID"
#. type: TH
-#: build/C/man2/getgid.2:25 build/C/man2/getgroups.2:31
-#: build/C/man2/getresuid.2:27 build/C/man2/getuid.2:26
-#: build/C/man2/setfsgid.2:29 build/C/man2/setfsuid.2:29
-#: build/C/man2/setgid.2:27 build/C/man2/setresuid.2:26
-#: build/C/man2/setreuid.2:43 build/C/man2/setuid.2:28
+#: build/C/man2/getgid.2:25 build/C/man2/getresuid.2:28
+#: build/C/man2/getuid.2:26
#, no-wrap
msgid "2010-11-22"
msgstr "2010-11-22"
#. type: Plain text
#: build/C/man2/getgid.2:30 build/C/man2/getgroups.2:38
-#: build/C/man2/getpid.2:30 build/C/man2/getresuid.2:34
-#: build/C/man2/getsid.2:30 build/C/man2/getuid.2:31 build/C/man2/seteuid.2:34
-#: build/C/man2/setgid.2:34 build/C/man2/setpgid.2:51
-#: build/C/man2/setresuid.2:33 build/C/man2/setreuid.2:50
-#: build/C/man2/setsid.2:35 build/C/man2/setuid.2:35
+#: build/C/man2/getpid.2:32 build/C/man2/getresuid.2:35
+#: build/C/man2/getsid.2:31 build/C/man2/getuid.2:31
+#: build/C/man3/group_member.3:30 build/C/man2/seteuid.2:36
+#: build/C/man2/setgid.2:36 build/C/man2/setpgid.2:53
+#: build/C/man2/setresuid.2:33 build/C/man2/setreuid.2:52
+#: build/C/man2/setsid.2:37 build/C/man2/setuid.2:37
msgid "B<#include E<lt>unistd.hE<gt>>"
msgstr "B<#include E<lt>unistd.hE<gt>>"
#. type: Plain text
#: build/C/man2/getgid.2:32 build/C/man2/getgroups.2:36
-#: build/C/man2/getpid.2:28 build/C/man2/getuid.2:33 build/C/man2/seteuid.2:32
-#: build/C/man2/setgid.2:32 build/C/man2/setreuid.2:48
-#: build/C/man2/setuid.2:33
+#: build/C/man2/getpid.2:30 build/C/man2/getuid.2:33 build/C/man2/seteuid.2:34
+#: build/C/man2/setgid.2:34 build/C/man2/setreuid.2:50
+#: build/C/man2/setuid.2:35
msgid "B<#include E<lt>sys/types.hE<gt>>"
msgstr "B<#include E<lt>sys/types.hE<gt>>"
msgstr "B<getegid>() は呼び出し元のプロセスの実効グループ ID を返す。"
#. type: Plain text
-#: build/C/man2/getgid.2:44 build/C/man2/getpid.2:44 build/C/man2/getuid.2:45
+#: build/C/man2/getgid.2:44 build/C/man2/getpid.2:46 build/C/man2/getuid.2:45
msgid "These functions are always successful."
msgstr "これらの関数は常に成功する。"
msgid ""
"The original Linux B<getgid>() and B<getegid>() system calls supported "
"only 16-bit group IDs. Subsequently, Linux 2.4 added B<getgid32>() and "
-"B<getegid32>(), supporting 32-bit IDs. The glibc B<getgid>() and B<getegid>"
-"() wrapper functions transparently deal with the variations across kernel "
-"versions."
+"B<getegid32>(), supporting 32-bit IDs. The glibc B<getgid>() and "
+"B<getegid>() wrapper functions transparently deal with the variations "
+"across kernel versions."
msgstr ""
"元々の Linux の B<getgid>() と B<getegid>() システムコールは\n"
"16 ビットのグループ ID だけに対応していた。\n"
msgid "GETGROUPS"
msgstr "GETGROUPS"
+#. type: TH
+#: build/C/man2/getgroups.2:31 build/C/man2/getpriority.2:45
+#, no-wrap
+msgid "2014-08-19"
+msgstr "2014-08-19"
+
#. type: Plain text
#: build/C/man2/getgroups.2:34
msgid "getgroups, setgroups - get/set list of supplementary group IDs"
"B<setgroups>() は特権を必要とするため、POSIX.1-2001 に従っていない。"
#. type: Plain text
-#: build/C/man2/getgroups.2:149
+#: build/C/man2/getgroups.2:153
msgid ""
"A process can have up to B<NGROUPS_MAX> supplementary group IDs in addition "
-"to the effective group ID. The set of supplementary group IDs is inherited "
-"from the parent process, and preserved across an B<execve>(2)."
+"to the effective group ID. The constant B<NGROUPS_MAX> is defined in "
+"I<E<lt>limits.hE<gt>>. The set of supplementary group IDs is inherited from "
+"the parent process, and preserved across an B<execve>(2)."
msgstr ""
"プロセスは、実効グループ ID に加え、最大 B<NGROUPS_MAX> までの補助グループ "
-"ID を持つことができる。 補助グループ ID の集合は親プロセスから継承され、 "
-"B<execve>(2) の前後で保持される。"
+"ID を持つことができる。 定数 B<NGROUPS_MAX> は I<E<lt>limits.hE<gt>> で定義さ"
+"れている。 補助グループ ID の集合は親プロセスから継承され、 B<execve>(2) の"
+"前後で保持される。"
#. type: Plain text
-#: build/C/man2/getgroups.2:152
+#: build/C/man2/getgroups.2:156
msgid ""
-"The maximum number of supplementary group IDs can be found using B<sysconf>"
-"(3):"
+"The maximum number of supplementary group IDs can be found at run time using "
+"B<sysconf>(3):"
msgstr ""
-"補助グループ ID の最大数は B<sysconf>(3) を使って以下のようにして調べること"
-"ができる:"
+"補助グループ ID の最大数は、実行時に B<sysconf>(3) を使って以下のようにして"
+"調べることができる:"
#. type: Plain text
-#: build/C/man2/getgroups.2:156
+#: build/C/man2/getgroups.2:160
#, no-wrap
msgid ""
" long ngroups_max;\n"
" ngroups_max = sysconf(_SC_NGROUPS_MAX);\n"
#. type: Plain text
-#: build/C/man2/getgroups.2:161
+#: build/C/man2/getgroups.2:168
msgid ""
"The maximum return value of B<getgroups>() cannot be larger than one more "
-"than this value."
+"than this value. Since Linux 2.6.4, the maximum number of supplementary "
+"group IDs is also exposed via the Linux-specific read-only file, I</proc/sys/"
+"kernel/ngroups_max>."
msgstr ""
-"B<getgroups>() の返り値の最大値は、この値より 1 大きい値より大きくなることは"
-"ない。"
+"B<getgroups>() の返り値の最大値は、この値より大きくなることはない。 Linux "
+"2.6.4 以降では、補助グループ ID の最大数も Linux 固有の読み込み専用のファイ"
+"ル I</proc/sys/kernel/ngroups_max> 経由で公開されている。"
#. type: Plain text
-#: build/C/man2/getgroups.2:171
+#: build/C/man2/getgroups.2:178
msgid ""
"The original Linux B<getgroups>() system call supported only 16-bit group "
"IDs. Subsequently, Linux 2.4 added B<getgroups32>(), supporting 32-bit "
"バージョンによるこの違いを吸収している。"
#. type: Plain text
-#: build/C/man2/getgroups.2:178
+#: build/C/man2/getgroups.2:186
msgid ""
-"B<getgid>(2), B<setgid>(2), B<getgrouplist>(3), B<initgroups>(3), "
-"B<capabilities>(7), B<credentials>(7)"
+"B<getgid>(2), B<setgid>(2), B<getgrouplist>(3), B<group_member>(3), "
+"B<initgroups>(3), B<capabilities>(7), B<credentials>(7)"
msgstr ""
-"B<getgid>(2), B<setgid>(2), B<getgrouplist>(3), B<initgroups>(3), "
-"B<capabilities>(7), B<credentials>(7)"
+"B<getgid>(2), B<setgid>(2), B<getgrouplist>(3), B<group_member>(3), "
+"B<initgroups>(3), B<capabilities>(7), B<credentials>(7)"
#. type: TH
-#: build/C/man2/getpid.2:23
+#: build/C/man2/getpid.2:25
#, no-wrap
msgid "GETPID"
msgstr "GETPID"
-#. type: TH
-#: build/C/man2/getpid.2:23
-#, no-wrap
-msgid "2008-09-23"
-msgstr "2008-09-23"
-
#. type: Plain text
-#: build/C/man2/getpid.2:26
+#: build/C/man2/getpid.2:28
msgid "getpid, getppid - get process identification"
msgstr "getpid, getppid - プロセス ID を得る"
#. type: Plain text
-#: build/C/man2/getpid.2:32
+#: build/C/man2/getpid.2:34
msgid "B<pid_t getpid(void);>"
msgstr "B<pid_t getpid(void);>"
#. type: Plain text
-#: build/C/man2/getpid.2:34
+#: build/C/man2/getpid.2:36
msgid "B<pid_t getppid(void);>"
msgstr "B<pid_t getppid(void);>"
#. type: Plain text
-#: build/C/man2/getpid.2:39
+#: build/C/man2/getpid.2:41
msgid ""
"B<getpid>() returns the process ID of the calling process. (This is often "
"used by routines that generate unique temporary filenames.)"
"イル名として 他と重ならない名前を生成するルーチンでしばしば使用される。)"
#. type: Plain text
-#: build/C/man2/getpid.2:42
+#: build/C/man2/getpid.2:44
msgid ""
"B<getppid>() returns the process ID of the parent of the calling process."
msgstr "B<getppid>() は呼び出し元のプロセスの親プロセスのプロセス ID を返す。"
#. type: Plain text
-#: build/C/man2/getpid.2:46
+#: build/C/man2/getpid.2:48
msgid "POSIX.1-2001, 4.3BSD, SVr4."
msgstr "POSIX.1-2001, 4.3BSD, SVr4."
#. wait(NULL);
#. }
#. type: Plain text
-#: build/C/man2/getpid.2:98
+#: build/C/man2/getpid.2:100
msgid ""
"Since glibc version 2.3.4, the glibc wrapper function for B<getpid>() "
"caches PIDs, so as to avoid additional system calls when a process calls "
"for these system calls by using B<syscall>(2), then a call to B<getpid>() "
"in the child will return the wrong value (to be precise: it will return the "
"PID of the parent process). See also B<clone>(2) for discussion of a case "
-"where B<getpid>() may return the wrong value even when invoking B<clone>"
-"(2) via the glibc wrapper function."
+"where B<getpid>() may return the wrong value even when invoking "
+"B<clone>(2) via the glibc wrapper function."
msgstr ""
"glibc バージョン 2.3.4 以降では、 glibc の B<getpid>() のラッパー関数は PID "
"をキャッシュする。 これは、プロセスが繰り返し B<getpid>() を呼び出した場合に"
"違った値を返す場合があり、これに関する議論は B<clone>(2) も参照してほしい。"
#. type: Plain text
-#: build/C/man2/getpid.2:108
+#: build/C/man2/getpid.2:111
msgid ""
-"B<clone>(2), B<fork>(2), B<kill>(2), B<exec>(3), B<mkstemp>(3), B<tempnam>"
-"(3), B<tmpfile>(3), B<tmpnam>(3), B<credentials>(7)"
+"B<clone>(2), B<fork>(2), B<kill>(2), B<exec>(3), B<mkstemp>(3), "
+"B<tempnam>(3), B<tmpfile>(3), B<tmpnam>(3), B<credentials>(7), "
+"B<pid_namespaces>(7)"
msgstr ""
-"B<clone>(2), B<fork>(2), B<kill>(2), B<exec>(3), B<mkstemp>(3), B<tempnam>"
-"(3), B<tmpfile>(3), B<tmpnam>(3), B<credentials>(7)"
+"B<clone>(2), B<fork>(2), B<kill>(2), B<exec>(3), B<mkstemp>(3), "
+"B<tempnam>(3), B<tmpfile>(3), B<tmpnam>(3), B<credentials>(7), "
+"B<pid_namespaces>(7)"
#. type: TH
-#: build/C/man2/getpriority.2:46
+#: build/C/man2/getpriority.2:45
#, no-wrap
msgid "GETPRIORITY"
msgstr "GETPRIORITY"
-#. type: TH
-#: build/C/man2/getpriority.2:46
-#, no-wrap
-msgid "2008-05-29"
-msgstr "2008-05-29"
-
#. type: Plain text
-#: build/C/man2/getpriority.2:49
+#: build/C/man2/getpriority.2:48
msgid "getpriority, setpriority - get/set program scheduling priority"
msgstr ""
"getpriority, setpriority - プログラムのスケジューリングの優先度を取得/設定す"
"る"
#. type: Plain text
-#: build/C/man2/getpriority.2:51 build/C/man2/getrlimit.2:69
+#: build/C/man2/getpriority.2:50 build/C/man2/getrlimit.2:69
#: build/C/man2/getrusage.2:44
msgid "B<#include E<lt>sys/time.hE<gt>>"
msgstr "B<#include E<lt>sys/time.hE<gt>>"
#. type: Plain text
-#: build/C/man2/getpriority.2:53 build/C/man2/getrlimit.2:71
+#: build/C/man2/getpriority.2:52 build/C/man2/getrlimit.2:71
#: build/C/man2/getrusage.2:46
msgid "B<#include E<lt>sys/resource.hE<gt>>"
msgstr "B<#include E<lt>sys/resource.hE<gt>>"
#. type: Plain text
-#: build/C/man2/getpriority.2:55
-msgid "B<int getpriority(int >I<which>B<, int >I<who>B<);>"
-msgstr "B<int getpriority(int >I<which>B<, int >I<who>B<);>"
+#: build/C/man2/getpriority.2:54
+msgid "B<int getpriority(int >I<which>B<, id_t >I<who>B<);>"
+msgstr "B<int getpriority(int >I<which>B<, id_t >I<who>B<);>"
#. type: Plain text
-#: build/C/man2/getpriority.2:57
-msgid "B<int setpriority(int >I<which>B<, i
nt >I<who>B<, int >I<prio>B<);>"
-msgstr "B<int setpriority(int >I<which>B<, i
nt >I<who>B<, int >I<prio>B<);>"
+#: build/C/man2/getpriority.2:56
+msgid "B<int setpriority(int >I<which>B<, i
d_t >I<who>B<, int >I<prio>B<);>"
+msgstr "B<int setpriority(int >I<which>B<, i
d_t >I<who>B<, int >I<prio>B<);>"
#. type: Plain text
-#: build/C/man2/getpriority.2:68
+#: build/C/man2/getpriority.2:67
msgid ""
"The scheduling priority of the process, process group, or user, as indicated "
"by I<which> and I<who> is obtained with the B<getpriority>() call and set "
"先度 (scheduling priority) の 取得や設定をそれぞれ行う。"
#. type: Plain text
-#: build/C/man2/getpriority.2:95
+#: build/C/man2/getpriority.2:94
msgid ""
"The value I<which> is one of B<PRIO_PROCESS>, B<PRIO_PGRP>, or B<PRIO_USER>, "
"and I<who> is interpreted relative to I<which> (a process identifier for "
"ルトの優先度は 0 である; 小さな数字ほど、有利なスケジューリングとなる。"
#. type: Plain text
-#: build/C/man2/getpriority.2:105
+#: build/C/man2/getpriority.2:104
msgid ""
"The B<getpriority>() call returns the highest priority (lowest numerical "
"value) enjoyed by any of the specified processes. The B<setpriority>() "
"である。"
#. type: Plain text
-#: build/C/man2/getpriority.2:118
+#: build/C/man2/getpriority.2:117
msgid ""
"Since B<getpriority>() can legitimately return the value -1, it is "
"necessary to clear the external variable I<errno> prior to the call, then "
"を返し、エラーがあれば -1 を返す。"
#. type: Plain text
-#: build/C/man2/getpriority.2:127
+#: build/C/man2/getpriority.2:126
msgid "I<which> was not one of B<PRIO_PROCESS>, B<PRIO_PGRP>, or B<PRIO_USER>."
msgstr ""
"I<which> が B<PRIO_PROCESS>, B<PRIO_PGRP>, B<PRIO_USER> のいずれでもない。"
#. type: Plain text
-#: build/C/man2/getpriority.2:134
+#: build/C/man2/getpriority.2:133
msgid "No process was located using the I<which> and I<who> values specified."
msgstr "I<which> と I<who> で指定されたプロセスが存在しない。"
#. type: Plain text
-#: build/C/man2/getpriority.2:138
+#: build/C/man2/getpriority.2:137
msgid ""
"In addition to the errors indicated above, B<setpriority>() may fail if:"
msgstr "上記のものに加えて B<setpriority>() では以下のエラーがある:"
#. type: Plain text
-#: build/C/man2/getpriority.2:150
+#: build/C/man2/getpriority.2:149
msgid ""
"The caller attempted to lower a process priority, but did not have the "
"required privilege (on Linux: did not have the B<CAP_SYS_NICE> capability). "
-"Since Linux 2.6.12, this error only occurs if the caller attempts to set a "
+"Since Linux 2.6.12, this error occurs only if the caller attempts to set a "
"process priority outside the range of the B<RLIMIT_NICE> soft resource limit "
"of the target process; see B<getrlimit>(2) for details."
msgstr ""
"エラーが発生する。詳細は B<getrlimit>(2) を参照。"
#. type: Plain text
-#: build/C/man2/getpriority.2:158
+#: build/C/man2/getpriority.2:157
msgid ""
"A process was located, but its effective user ID did not match either the "
"effective or the real user ID of the caller, and was not privileged (on "
"参照のこと。"
#. type: Plain text
-#: build/C/man2/getpriority.2:161
+#: build/C/man2/getpriority.2:160
msgid ""
"SVr4, 4.4BSD (these function calls first appeared in 4.2BSD), POSIX.1-2001."
msgstr "SVr4, 4.4BSD (これらの関数は 4.2BSD で最初に登場した), POSIX.1-2001."
#. type: Plain text
-#: build/C/man2/getpriority.2:167
+#: build/C/man2/getpriority.2:166
msgid ""
"A child created by B<fork>(2) inherits its parent's nice value. The nice "
"value is preserved across B<execve>(2)."
"B<execve>(2) の前後で nice 値は保存される。"
#. type: Plain text
-#: build/C/man2/getpriority.2:178
+#: build/C/man2/getpriority.2:177
msgid ""
"The degree to which their relative nice value affects the scheduling of "
"processes varies across UNIX systems, and, on Linux, across kernel "
"てられる。"
#. type: Plain text
-#: build/C/man2/getpriority.2:193
+#: build/C/man2/getpriority.2:192
msgid ""
"The details on the condition for B<EPERM> depend on the system. The above "
-"description is what POSIX.1-2001 says, and seems to be followed on all "
-"System V-like systems. Linux kernels before 2.6.12 required the real or "
+"description is what POSIX.1-2001 says, and seems to be followed on all System"
+"\\ V-like systems. Linux kernels before 2.6.12 required the real or "
"effective user ID of the caller to match the real user of the process I<who> "
"(instead of its effective user ID). Linux 2.6.12 and later require the "
"effective user ID of the caller to match the real or effective user ID of "
"later."
msgstr ""
"B<EPERM> が発生する条件の詳細はシステムに依存する。 上記の説明は "
-"POSIX.1-2001 のものであり、全ての System V 風システムは これに従っているよう"
-"ã\81§ã\81\82ã\82\8bã\80\82 2.6.12 ã\82\88ã\82\8aå\89\8dã\81® Linux ã\82«ã\83¼ã\83\8dã\83«ã\81§ã\81¯ã\80\81å\91¼ã\81³å\87ºã\81\97å\85\83ã\81®å®\9f UID ã\81¾ã\81\9fã\81¯ å®\9få\8a¹ "
-"UID がプロセス I<who> の (実効 UID でなく) 実 UID に一致する必要がある。 "
+"POSIX.1-2001 のものであり、全ての System\\ V 風システムは これに従っているよ"
+"ã\81\86ã\81§ã\81\82ã\82\8bã\80\82 2.6.12 ã\82\88ã\82\8aå\89\8dã\81® Linux ã\82«ã\83¼ã\83\8dã\83«ã\81§ã\81¯ã\80\81å\91¼ã\81³å\87ºã\81\97å\85\83ã\81®å®\9f UID ã\81¾ã\81\9fã\81¯ å®\9f"
+"効 UID がプロセス I<who> の (実効 UID でなく) 実 UID に一致する必要がある。 "
"Linux 2.6.12 以降では、呼び出し元の実行 UID がプロセス I<who> の実 UID か実"
"効 UID のいずれかと一致する必要がある。 全ての BSD 風システム (SunOS 4.1.3, "
"Ultrix 4.2, 4.3BSD, FreeBSD 4.3, OpenBSD-2.5等) は、 Linux 2.6.12 以降と同じ"
"動作をする。"
#. type: Plain text
-#: build/C/man2/getpriority.2:209
+#: build/C/man2/getpriority.2:197
msgid ""
"The actual priority range varies between kernel versions. Linux before "
-"1.3.36 had -infinity..15. Since kernel 1.3.43 Linux has the range -20..19. "
-"Within the kernel, nice values are actually represented using the "
-"corresponding range 40..1 (since negative numbers are error codes) and these "
-"are the values employed by the B<setpriority>() and B<getpriority>() "
-"system calls. The glibc wrapper functions for these system calls handle the "
-"translations between the user-land and kernel representations of the nice "
-"value according to the formula I<unice\\ =\\ 20\\ -\\ knice>."
+"1.3.36 had -infinity..15. Since kernel 1.3.43, Linux has the range "
+"-20..19. On some other systems, the range of nice values is -20..20."
msgstr ""
-"実際の優先度の値の範囲はカーネルのバージョンによって異なる。 1.3.36 より前の "
-"Linux では、優先度の範囲は負の無限大 〜 15 である。 1.3.43 以降の Linux で"
-"は、優先度の範囲は -20 〜 19 である。 カーネル内部では、nice 値は実際には 40 "
-"〜 1 の範囲を使って 表現されており (負の値はエラーコードとなるため)、こちらの"
-"値が システムコール B<setpriority>() と B<getpriority>() で使用されてい"
-"る。 glibc のこれらのシステムコールのラッパー関数において、nice 値の ユーザ領"
-"域 (user-land) とカーネル表現の間の変換が行われる。 変換式は以下の通り: "
-"I<unice\\ =\\ 20\\ -\\ knice>"
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:211
-msgid "On some systems, the range of nice values is -20..20."
-msgstr "いくつかのシステムでは、nice 値の範囲は \\20 〜 20 である。"
+"実際の優先度の範囲はカーネルのバージョンにより異なる。 バージョン 1.3.36 より"
+"前の Linux では -infinity(マイナス無限大)..15 である。 カーネル 1.3.43 以降"
+"の Linux では、 -20..19 である。 他のいくつかのシステムでは、この範囲が "
+"-20..20 である。"
#. type: Plain text
-#: build/C/man2/getpriority.2:223
+#: build/C/man2/getpriority.2:210
msgid ""
"Including I<E<lt>sys/time.hE<gt>> is not required these days, but increases "
"portability. (Indeed, I<E<lt>sys/resource.hE<gt>> defines the I<rusage> "
"I<rusage> 構造体が定義されているが、そのフィールドで使用されている I<struct "
"timeval> 型は I<E<lt>sys/time.hE<gt>> で定義されている)。"
+#. type: SS
+#: build/C/man2/getpriority.2:210 build/C/man2/seteuid.2:132
+#, no-wrap
+msgid "C library/kernel ABI differences"
+msgstr "C ライブラリとカーネル ABI の違い"
+
+#. type: Plain text
+#: build/C/man2/getpriority.2:225
+msgid ""
+"Within the kernel, nice values are actually represented using the range "
+"40..1 (since negative numbers are error codes) and these are the values "
+"employed by the B<setpriority>() and B<getpriority>() system calls. The "
+"glibc wrapper functions for these system calls handle the translations "
+"between the user-land and kernel representations of the nice value according "
+"to the formula I<unice\\ =\\ 20\\ -\\ knice>. (Thus, the kernels 40..1 "
+"range corresponds to the range -20..19 as seen by user space.)"
+msgstr ""
+"カーネル内部では、nice 値は実際には 40 〜 1 の範囲を使って 表現されており (負"
+"の値はエラーコードとなるため)、こちらの値が システムコール B<setpriority>() "
+"と B<getpriority>() で使用されている。 glibc のこれらのシステムコールのラッ"
+"パー関数において、nice 値の ユーザ領域 (user-land) とカーネル表現の間の変換が"
+"行われる。 変換式は I<unice\\ =\\ 20\\ -\\ knice> となる。 (したがって、カー"
+"ネルの 40..1 の範囲はユーザー空間で見える -20..19 の範囲に対応する。)"
+
+#. type: Plain text
+#: build/C/man2/getpriority.2:232
+msgid ""
+"According to POSIX, the nice value is a per-process setting. However, under "
+"the current Linux/NPTL implementation of POSIX threads, the nice value is a "
+"per-thread attribute: different threads in the same process can have "
+"different nice values. Portable applications should avoid relying on the "
+"Linux behavior, which may be made standards conformant in the future."
+msgstr ""
+"POSIX では nice 値はプロセス単位の設定となっている。 一方、 現在の POSIX ス"
+"レッドの Linux/NPTL 実装では、 nice 値はスレッド単位の属性である。 同じプロセ"
+"スの別々のスレッドが異なる nice 値を持つ場合がある。 移植性が必要なアプリケー"
+"ションではこの Linux の動作を前提するのは避けるべきである。 Linux の動作は将"
+"来標準に準拠した動作になるかもしれない。"
+
#. type: Plain text
-#: build/C/man2/getpriority.2:228
-msgid "B<nice>(1), B<renice>(1), B<fork>(2), B<capabilities>(7)"
-msgstr "B<nice>(1), B<renice>(1), B<fork>(2), B<capabilities>(7)"
+#: build/C/man2/getpriority.2:238
+msgid "B<nice>(1), B<renice>(1), B<fork>(2), B<capabilities>(7), B<sched>(7)"
+msgstr "B<nice>(1), B<renice>(1), B<fork>(2), B<capabilities>(7), B<sched>(7)"
#. type: Plain text
-#: build/C/man2/getpriority.2:231
+#: build/C/man2/getpriority.2:241
msgid ""
-"I<Documentation/scheduler/sched-nice-design.txt> in the kernel source tree "
-"(since Linux 2.6.23)."
+"I<Documentation/scheduler/sched-nice-design.txt> in the Linux kernel source "
+"tree (since Linux 2.6.23)"
msgstr ""
-"(Linux 2.6.23 以降の) カーネルのソースツリー内の I<Documentation/scheduler/"
-"sched-nice-design.txt>"
+"Linux カーネルのソースツリー内の I<Documentation/scheduler/sched-nice-design."
+"txt> (Linux 2.6.23 以降)"
#. type: TH
-#: build/C/man2/getresuid.2:27
+#: build/C/man2/getresuid.2:28
#, no-wrap
msgid "GETRESUID"
msgstr "GETRESUID"
#. type: Plain text
-#: build/C/man2/getresuid.2:30
+#: build/C/man2/getresuid.2:31
msgid "getresuid, getresgid - get real, effective and saved user/group IDs"
msgstr ""
"getresuid, getresgid - 実、実効、保存、ユーザー ID / グループ ID を取得する"
#. type: Plain text
-#: build/C/man2/getresuid.2:32 build/C/man2/setresuid.2:31
+#: build/C/man2/getresuid.2:33 build/C/man2/setresuid.2:31
msgid "B<#define _GNU_SOURCE> /* See feature_test_macros(7) */"
msgstr "B<#define _GNU_SOURCE> /* feature_test_macros(7) 参照 */"
#. type: Plain text
-#: build/C/man2/getresuid.2:36
+#: build/C/man2/getresuid.2:37
msgid ""
"B<int getresuid(uid_t *>I<ruid>B<, uid_t *>I<euid>B<, uid_t *>I<suid>B<);>"
msgstr ""
"B<int getresuid(uid_t *>I<ruid>B<, uid_t *>I<euid>B<, uid_t *>I<suid>B<);>"
#. type: Plain text
-#: build/C/man2/getresuid.2:38
+#: build/C/man2/getresuid.2:39
msgid ""
"B<int getresgid(gid_t *>I<rgid>B<, gid_t *>I<egid>B<, gid_t *>I<sgid>B<);>"
msgstr ""
"B<int getresgid(gid_t *>I<rgid>B<, gid_t *>I<egid>B<, gid_t *>I<sgid>B<);>"
#. type: Plain text
-#: build/C/man2/getresuid.2:49
+#: build/C/man2/getresuid.2:50
msgid ""
"B<getresuid>() returns the real UID, the effective UID, and the saved set-"
"user-ID of the calling process, in the arguments I<ruid>, I<euid>, and "
"出したプロセスのグループ ID について同様の処理を行う。"
#. type: Plain text
-#: build/C/man2/getresuid.2:59
+#: build/C/man2/getresuid.2:60
msgid ""
"One of the arguments specified an address outside the calling program's "
"address space."
"ある。"
#. type: Plain text
-#: build/C/man2/getresuid.2:61
+#: build/C/man2/getresuid.2:62
msgid "These system calls appeared on Linux starting with kernel 2.1.44."
msgstr "これらのシステムコールはカーネル 2.1.44 から Linux に登場した。"
#. type: Plain text
-#: build/C/man2/getresuid.2:66
+#: build/C/man2/getresuid.2:67
msgid ""
"The prototypes are given by glibc since version 2.3.2, provided "
"B<_GNU_SOURCE> is defined."
"られる。"
#. type: Plain text
-#: build/C/man2/getresuid.2:69 build/C/man2/setresuid.2:86
+#: build/C/man2/getresuid.2:70 build/C/man2/setresuid.2:112
msgid ""
"These calls are nonstandard; they also appear on HP-UX and some of the BSDs."
msgstr "これらのコールは非標準である。 HP-UX や BSD 系のいくつかにも存在する。"
#. type: Plain text
-#: build/C/man2/getresuid.2:85
+#: build/C/man2/getresuid.2:86
msgid ""
"The original Linux B<getresuid>() and B<getresgid>() system calls "
"supported only 16-bit user and group IDs. Subsequently, Linux 2.4 added "
"カーネルバージョンによるこの違いを吸収している。"
#. type: Plain text
-#: build/C/man2/getresuid.2:91
+#: build/C/man2/getresuid.2:92
msgid ""
-"B<getuid>(2), B<setresuid>(2), B<setreuid>(2), B<setuid>(2), B<credentials>"
-"(7)"
+"B<getuid>(2), B<setresuid>(2), B<setreuid>(2), B<setuid>(2), "
+"B<credentials>(7)"
msgstr ""
-"B<getuid>(2), B<setresuid>(2), B<setreuid>(2), B<setuid>(2), B<credentials>"
-"(7)"
+"B<getuid>(2), B<setresuid>(2), B<setreuid>(2), B<setuid>(2), "
+"B<credentials>(7)"
#. type: TH
#: build/C/man2/getrlimit.2:64
#. type: TH
#: build/C/man2/getrlimit.2:64
#, no-wrap
-msgid "2011-09-10"
-msgstr "2011-09-10"
+msgid "2014-10-02"
+msgstr "2014-10-02"
#. type: Plain text
#: build/C/man2/getrlimit.2:67
#. type: Plain text
#: build/C/man2/getrlimit.2:88
msgid "B<prlimit>(): _GNU_SOURCE && _FILE_OFFSET_BITS == 64"
-msgstr ""
+msgstr "B<prlimit>(): _GNU_SOURCE && _FILE_OFFSET_BITS == 64"
#. type: Plain text
#: build/C/man2/getrlimit.2:97
msgid ""
"The soft limit is the value that the kernel enforces for the corresponding "
"resource. The hard limit acts as a ceiling for the soft limit: an "
-"unprivileged process may only set its soft limit to a value in the range "
+"unprivileged process may set only its soft limit to a value in the range "
"from 0 up to the hard limit, and (irreversibly) lower its hard limit. A "
"privileged process (under Linux: one with the B<CAP_SYS_RESOURCE> "
"capability) may make arbitrary changes to either limit value."
"structure returned by B<getrlimit>() and in the structure passed to "
"B<setrlimit>())."
msgstr ""
-"値 B<RLIM_INFINITY> はリソースに制限がないことを表す (この値は B<getrlimit>"
-"() が返す構造体と B<setrlimit>() に渡す構造体の両方で使用される)。"
+"値 B<RLIM_INFINITY> はリソースに制限がないことを表す (この値は "
+"B<getrlimit>() が返す構造体と B<setrlimit>() に渡す構造体の両方で使用され"
+"る)。"
#. type: Plain text
#: build/C/man2/getrlimit.2:126
#: build/C/man2/getrlimit.2:146
msgid ""
"The maximum size of the process's virtual memory (address space) in bytes. "
-"This limit affects calls to B<brk>(2), B<mmap>(2) and B<mremap>(2), which "
+"This limit affects calls to B<brk>(2), B<mmap>(2), and B<mremap>(2), which "
"fail with the error B<ENOMEM> upon exceeding this limit. Also automatic "
"stack expansion will fail (and generate a B<SIGSEGV> that kills the process "
"if no alternate stack has been made available via B<sigaltstack>(2)). Since "
msgstr "B<RLIMIT_CORE>"
#. type: Plain text
-#: build/C/man2/getrlimit.2:153
+#: build/C/man2/getrlimit.2:154
msgid ""
-"Maximum size of I<core> file. When 0 no core dump files are created. When "
-"nonzero, larger dumps are truncated to this size."
+"Maximum size of a I<core> file (see B<core>(5)). When 0 no core dump files "
+"are created. When nonzero, larger dumps are truncated to this size."
msgstr ""
-"I<core> ファイルの最大サイズ。 0 の場合、core ファイルは生成されない。 0 以外"
-"の場合、このサイズより大きいダンプは切り詰められる。"
+"I<core> ファイルの最大サイズ (B<core>(5) 参照)。 0 の場合、core ファイルは生"
+"成されない。 0 以外の場合、このサイズより大きいダンプは切り詰められる。"
#. type: TP
-#: build/C/man2/getrlimit.2:153
+#: build/C/man2/getrlimit.2:154
#, no-wrap
msgid "B<RLIMIT_CPU>"
msgstr "B<RLIMIT_CPU>"
#. type: Plain text
-#: build/C/man2/getrlimit.2:173
+#: build/C/man2/getrlimit.2:174
msgid ""
"CPU time limit in seconds. When the process reaches the soft limit, it is "
"sent a B<SIGXCPU> signal. The default action for this signal is to "
"すべきである。)"
#. type: TP
-#: build/C/man2/getrlimit.2:173
+#: build/C/man2/getrlimit.2:174
#, no-wrap
msgid "B<RLIMIT_DATA>"
msgstr "B<RLIMIT_DATA>"
#. type: Plain text
-#: build/C/man2/getrlimit.2:184
+#: build/C/man2/getrlimit.2:185
msgid ""
"The maximum size of the process's data segment (initialized data, "
"uninitialized data, and heap). This limit affects calls to B<brk>(2) and "
"B<ENOMEM> で失敗する。"
#. type: TP
-#: build/C/man2/getrlimit.2:184
+#: build/C/man2/getrlimit.2:185
#, no-wrap
msgid "B<RLIMIT_FSIZE>"
msgstr "B<RLIMIT_FSIZE>"
#. type: Plain text
-#: build/C/man2/getrlimit.2:196
+#: build/C/man2/getrlimit.2:197
msgid ""
"The maximum size of files that the process may create. Attempts to extend a "
"file beyond this limit result in delivery of a B<SIGXFSZ> signal. By "
"(B<write>(2), B<truncate>(2) など) はエラー B<EFBIG> で失敗する。"
#. type: TP
-#: build/C/man2/getrlimit.2:196
+#: build/C/man2/getrlimit.2:197
#, no-wrap
msgid "B<RLIMIT_LOCKS> (Early Linux 2.4 only)"
msgstr "B<RLIMIT_LOCKS> (初期の Linux 2.4 のみ)"
#. to be precise: Linux 2.4.0-test9; no longer in 2.4.25 / 2.5.65
#. type: Plain text
-#: build/C/man2/getrlimit.2:204
+#: build/C/man2/getrlimit.2:205
msgid ""
"A limit on the combined number of B<flock>(2) locks and B<fcntl>(2) leases "
"that this process may establish."
"値を制限する。"
#. type: TP
-#: build/C/man2/getrlimit.2:204
+#: build/C/man2/getrlimit.2:205
#, no-wrap
msgid "B<RLIMIT_MEMLOCK>"
msgstr "B<RLIMIT_MEMLOCK>"
#. type: Plain text
-#: build/C/man2/getrlimit.2:242
+#: build/C/man2/getrlimit.2:243
msgid ""
"The maximum number of bytes of memory that may be locked into RAM. In "
"effect this limit is rounded down to the nearest multiple of the system page "
-"size. This limit affects B<mlock>(2) and B<mlockall>(2) and the B<mmap>"
-"(2) B<MAP_LOCKED> operation. Since Linux 2.6.9 it also affects the "
+"size. This limit affects B<mlock>(2) and B<mlockall>(2) and the "
+"B<mmap>(2) B<MAP_LOCKED> operation. Since Linux 2.6.9 it also affects the "
"B<shmctl>(2) B<SHM_LOCK> operation, where it sets a maximum on the total "
"bytes in shared memory segments (see B<shmget>(2)) that may be locked by "
"the real user ID of the calling process. The B<shmctl>(2) B<SHM_LOCK> "
"サイズの最も近い倍数に 切り捨てて丸められる。 この制限は B<mlock>(2), "
"B<mlockall>(2), B<mmap>(2) の B<MAP_LOCKED> 操作に影響する。 Linux 2.6.9 以"
"降では B<shmctl>(2) B<SHM_LOCK> 操作にも影響する。 この操作は呼び出し元プロ"
-"セスの実 (real) ユーザー ID にロックされる 共有メモリセグメント (B<shmget>"
-"(2) を参照) の合計バイト数の最大値を設定する。 B<shmctl>(2) B<SHM_LOCK> に"
-"よるロックは、 B<mlock>(2), B<mlockall>(2), B<mmap>(2) の B<MAP_LOCKED> に"
-"よって確立されるプロセス毎のメモリロックとは分けて数える。 1 つのプロセスはこ"
-"ã\81®å\88¶é\99\90ã\81¾ã\81§ã\81®ã\83\90ã\82¤ã\83\88ã\82\92ã\83ã\83\83ã\82¯ã\81§ã\81\8dã\82\8bã\80\82 ã\81\93ã\81®å\88¶é\99\90ã\81«ã\81¯ 2 ã\81¤ã\81®ç¨®é¡\9eã\81\8cã\81\82ã\82\8bã\80\82 2.6.9 ã\82\88ã\82\8a"
-"前の Linux カーネル では、 この制限は特権プロセスによってロックされるメモリの"
-"合計を制御していた。 Linux 2.6.9 以降では、特権プロセスがロックするメモリの合"
-"計に制限はなく、 代わりにこの制限は非特権プロセスがロックするメモリの合計に "
-"適用されるようになった。"
+"セスの実 (real) ユーザー ID にロックされる 共有メモリセグメント "
+"(B<shmget>(2) を参照) の合計バイト数の最大値を設定する。 B<shmctl>(2) "
+"B<SHM_LOCK> によるロックは、 B<mlock>(2), B<mlockall>(2), B<mmap>(2) の "
+"B<MAP_LOCKED> によって確立されるプロセス毎のメモリロックとは分けて数える。 1 "
+"ã\81¤ã\81®ã\83\97ã\83ã\82»ã\82¹ã\81¯ã\81\93ã\81®å\88¶é\99\90ã\81¾ã\81§ã\81®ã\83\90ã\82¤ã\83\88ã\82\92ã\83ã\83\83ã\82¯ã\81§ã\81\8dã\82\8bã\80\82 ã\81\93ã\81®å\88¶é\99\90ã\81«ã\81¯ 2 ã\81¤ã\81®ç¨®é¡\9eã\81\8c"
+"ある。 2.6.9 より前の Linux カーネル では、 この制限は特権プロセスによって"
+"ロックされるメモリの合計を制御していた。 Linux 2.6.9 以降では、特権プロセスが"
+"ロックするメモリの合計に制限はなく、 代わりにこの制限は非特権プロセスがロック"
+"するメモリの合計に 適用されるようになった。"
#. type: TP
-#: build/C/man2/getrlimit.2:242
+#: build/C/man2/getrlimit.2:243
#, no-wrap
-msgid "B<RLIMIT_MSGQUEUE> (Since Linux 2.6.8)"
+msgid "B<RLIMIT_MSGQUEUE> (since Linux 2.6.8)"
msgstr "B<RLIMIT_MSGQUEUE> (Linux 2.6.8 以降)"
#. type: Plain text
-#: build/C/man2/getrlimit.2:250
+#: build/C/man2/getrlimit.2:251
msgid ""
"Specifies the limit on the number of bytes that can be allocated for POSIX "
"message queues for the real user ID of the calling process. This limit is "
"れ、(そのキューが削除されるまでの間) この制限の計算対象に含められる。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:254
+#: build/C/man2/getrlimit.2:260
+#, no-wrap
+msgid ""
+" Since Linux 3.5:\n"
+" bytes = attr.mq_maxmsg * sizeof(struct msg_msg) +\n"
+" min(attr.mq_maxmsg, MQ_PRIO_MAX) *\n"
+" sizeof(struct posix_msg_tree_node)+\n"
+" /* For overhead */\n"
+" attr.mq_maxmsg * attr.mq_msgsize;\n"
+" /* For message data */\n"
+msgstr ""
+" Linux 3.5 以降:\n"
+" bytes = attr.mq_maxmsg * sizeof(struct msg_msg) +\n"
+" min(attr.mq_maxmsg, MQ_PRIO_MAX) *\n"
+" sizeof(struct posix_msg_tree_node)+\n"
+" /* オーバーヘッド分 */\n"
+" attr.mq_maxmsg * attr.mq_msgsize;\n"
+" /* メッセージデータ分 */\n"
+
+#. type: Plain text
+#: build/C/man2/getrlimit.2:266
#, no-wrap
msgid ""
-" bytes = attr.mq_maxmsg * sizeof(struct msg_msg *) +\n"
-" attr.mq_maxmsg * attr.mq_msgsize\n"
+" Linux 3.4 and earlier:\n"
+" bytes = attr.mq_maxmsg * sizeof(struct msg_msg *) +\n"
+" /* For overhead */\n"
+" attr.mq_maxmsg * attr.mq_msgsize;\n"
+" /* For message data */\n"
msgstr ""
-" bytes = attr.mq_maxmsg * sizeof(struct msg_msg *) +\n"
-" attr.mq_maxmsg * attr.mq_msgsize\n"
+" Linux 3.4 以前:\n"
+" bytes = attr.mq_maxmsg * sizeof(struct msg_msg *) +\n"
+" /* オーバーヘッド分 */\n"
+" attr.mq_maxmsg * attr.mq_msgsize;\n"
+" /* メッセージデータ分 */\n"
#. type: Plain text
-#: build/C/man2/getrlimit.2:262
+#: build/C/man2/getrlimit.2:279
msgid ""
"where I<attr> is the I<mq_attr> structure specified as the fourth argument "
-"to B<mq_open>(3)."
+"to B<mq_open>(3), and the I<msg_msg> and I<posix_msg_tree_node> structures "
+"are kernel-internal structures."
msgstr ""
"ここで I<attr> は I<mq_attr> 構造体であり、 B<mq_open>(3) の第 4 引き数とし"
-"て指定される。"
+"て指定される。 また、構造体 I<msg_msg> と I<posix_msg_tree_node> はカーネル内"
+"部の構造体である。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:268
+#: build/C/man2/getrlimit.2:285
msgid ""
-"The first addend in the formula, which includes I<sizeof(struct msg_msg *)> "
-"(4 bytes on Linux/i386), ensures that the user cannot create an unlimited "
+"The \"overhead\" addend in the formula accounts for overhead bytes required "
+"by the implementation and ensures that the user cannot create an unlimited "
"number of zero-length messages (such messages nevertheless each consume some "
"system memory for bookkeeping overhead)."
msgstr ""
-"I<sizeof(struct msg_msg *)> (Linux/i386 では 4 バイト) を含む最初の加数は、 "
-"ã\83¦ã\83¼ã\82¶ã\83¼ã\81\8cé\95·ã\81\95 0 ã\81®ã\83¡ã\83\83ã\82»ã\83¼ã\82¸ã\82\92ç\84¡å\88¶é\99\90ã\81«ä½\9cã\82\8cã\81ªã\81\84ã\81\93ã\81¨ä¿\9d証ã\81\97ã\81¦ã\81\84ã\82\8b (ã\81\93ã\81®ã\82\88ã\81\86ã\81ª"
-"メッセージであっても、 記録のためのオーバーヘッドでシステムメモリを消費す"
-"る)。"
+"上記の式での「オーバーヘッド」加算分は、実装において必要となるオーバーヘッド"
+"ã\82\92è\80\83æ\85®ã\81\97ã\81\9fã\82\82ã\81®ã\81§ã\81\82ã\82\8bã\80\82 ã\81¾ã\81\9fã\80\81ã\81\93ã\82\8cã\81«ã\82\88ã\82\8aã\80\81ã\83¦ã\83¼ã\82¶ã\83¼ã\81\8cé\95·ã\81\95 0 ã\81®ã\83¡ã\83\83ã\82»ã\83¼ã\82¸ã\82\92ç\84¡å\88¶"
+"限に作れないことが保証される (このようなメッセージであっても、 記録のための"
+"ã\82ªã\83¼ã\83\90ã\83¼ã\83\98ã\83\83ã\83\89ã\81§ã\82·ã\82¹ã\83\86ã\83 ã\83¡ã\83¢ã\83ªã\82\92æ¶\88è²»ã\81\99ã\82\8b)ã\80\82"
#. type: TP
-#: build/C/man2/getrlimit.2:268
+#: build/C/man2/getrlimit.2:285
#, no-wrap
msgid "B<RLIMIT_NICE> (since Linux 2.6.12, but see BUGS below)"
msgstr "B<RLIMIT_NICE> (Linux 2.6.12 以降, 下記の「バグ」の節も参照)"
#. type: Plain text
-#: build/C/man2/getrlimit.2:281
+#: build/C/man2/getrlimit.2:298
msgid ""
"Specifies a ceiling to which the process's nice value can be raised using "
"B<setpriority>(2) or B<nice>(2). The actual ceiling for the nice value is "
"B<RLIM_INFINITY> の値は -1 である)。"
#. type: TP
-#: build/C/man2/getrlimit.2:281
+#: build/C/man2/getrlimit.2:298
#, no-wrap
msgid "B<RLIMIT_NOFILE>"
msgstr "B<RLIMIT_NOFILE>"
#. type: Plain text
-#: build/C/man2/getrlimit.2:295
+#: build/C/man2/getrlimit.2:312
msgid ""
"Specifies a value one greater than the maximum file descriptor number that "
"can be opened by this process. Attempts (B<open>(2), B<pipe>(2), B<dup>(2), "
"B<RLIMIT_OFILE> という名前となっている)。"
#. type: TP
-#: build/C/man2/getrlimit.2:295
+#: build/C/man2/getrlimit.2:312
#, no-wrap
msgid "B<RLIMIT_NPROC>"
msgstr "B<RLIMIT_NPROC>"
#. type: Plain text
-#: build/C/man2/getrlimit.2:303
+#: build/C/man2/getrlimit.2:325
msgid ""
"The maximum number of processes (or, more precisely on Linux, threads) that "
"can be created for the real user ID of the calling process. Upon "
-"encountering this limit, B<fork>(2) fails with the error B<EAGAIN>."
+"encountering this limit, B<fork>(2) fails with the error B<EAGAIN>. This "
+"limit is not enforced for processes that have either the B<CAP_SYS_ADMIN> or "
+"the B<CAP_SYS_RESOURCE> capability."
msgstr ""
"呼び出したプロセスの実ユーザー ID で作成できる最大プロセス数 (より正確には "
"Linux ではスレッド数)。 この上限に達すると、 B<fork>(2) はエラー B<EAGAIN> "
-"で失敗する。"
+"で失敗する。 この上限値は、ケーパビリティ B<CAP_SYS_ADMIN> か "
+"B<CAP_SYS_RESOURCE> のどちらかを持つプロセスには適用されない。"
#. type: TP
-#: build/C/man2/getrlimit.2:303
+#: build/C/man2/getrlimit.2:325
#, no-wrap
msgid "B<RLIMIT_RSS>"
msgstr "B<RLIMIT_RSS>"
#. talk of making it do something has surfaced from time to time in LKML
#. -- MTK, Jul 05
#. type: Plain text
-#: build/C/man2/getrlimit.2:315
+#: build/C/man2/getrlimit.2:337
msgid ""
"Specifies the limit (in pages) of the process's resident set (the number of "
-"virtual pages resident in RAM). This limit only has effect in Linux 2.4.x, "
-"x E<lt> 30, and there only affects calls to B<madvise>(2) specifying "
+"virtual pages resident in RAM). This limit has effect only in Linux 2.4.x, "
+"x E<lt> 30, and there affects only calls to B<madvise>(2) specifying "
"B<MADV_WILLNEED>."
msgstr ""
"プロセスの resident set (RAM 上に存在する仮想ページの数) の 上限を (ページ数"
"B<MADV_WILLNEED> を指定した関数コールにしか影響しない。"
#. type: TP
-#: build/C/man2/getrlimit.2:315
+#: build/C/man2/getrlimit.2:337
#, no-wrap
-msgid "B<RLIMIT_RTPRIO> (Since Linux 2.6.12, but see BUGS)"
+msgid "B<RLIMIT_RTPRIO> (since Linux 2.6.12, but see BUGS)"
msgstr "B<RLIMIT_RTPRIO> (Linux 2.6.12 以降, バグの節も参照)"
#. type: Plain text
-#: build/C/man2/getrlimit.2:322
+#: build/C/man2/getrlimit.2:344
msgid ""
"Specifies a ceiling on the real-time priority that may be set for this "
"process using B<sched_setscheduler>(2) and B<sched_setparam>(2)."
"ロセスのリアルタイム優先度の上限を指定する。"
#. type: TP
-#: build/C/man2/getrlimit.2:322
+#: build/C/man2/getrlimit.2:344
#, no-wrap
-msgid "B<RLIMIT_RTTIME> (Since Linux 2.6.25)"
+msgid "B<RLIMIT_RTTIME> (since Linux 2.6.25)"
msgstr "B<RLIMIT_RTTIME> (Linux 2.6.25 以降)"
#. type: Plain text
-#: build/C/man2/getrlimit.2:334
+#: build/C/man2/getrlimit.2:356
msgid ""
"Specifies a limit (in microseconds) on the amount of CPU time that a "
"process scheduled under a real-time scheduling policy may consume without "
"トされない。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:345
+#: build/C/man2/getrlimit.2:367
msgid ""
"Upon reaching the soft limit, the process is sent a B<SIGXCPU> signal. If "
"the process catches or ignores this signal and continues consuming CPU time, "
"られる。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:348
+#: build/C/man2/getrlimit.2:370
msgid ""
"The intended use of this limit is to stop a runaway real-time process from "
"locking up the system."
"テムが動かなくなるのを避ける場合である。"
#. type: TP
-#: build/C/man2/getrlimit.2:348
+#: build/C/man2/getrlimit.2:370
#, no-wrap
-msgid "B<RLIMIT_SIGPENDING> (Since Linux 2.6.8)"
+msgid "B<RLIMIT_SIGPENDING> (since Linux 2.6.8)"
msgstr "B<RLIMIT_SIGPENDING> (Linux 2.6.8 以降)"
#. This replaces the /proc/sys/kernel/rtsig-max system-wide limit
#. that was present in kernels <= 2.6.7. MTK Dec 04
#. type: Plain text
-#: build/C/man2/getrlimit.2:362
+#: build/C/man2/getrlimit.2:384
msgid ""
"Specifies the limit on the number of signals that may be queued for the real "
"user ID of the calling process. Both standard and real-time signals are "
-"counted for the purpose of checking this limit. However, the limit is only "
-"enforced for B<sigqueue>(3); it is always possible to use B<kill>(2) to "
-"queue one instance of any of the signals that are not already queued to the "
-"process."
+"counted for the purpose of checking this limit. However, the limit is "
+"enforced only for B<sigqueue>(3); it is always possible to use B<kill>(2) "
+"to queue one instance of any of the signals that are not already queued to "
+"the process."
msgstr ""
"呼び出し元プロセスの実ユーザー ID に対して キューに入れられるシグナルの\n"
"数の制限を指定する。この制限をチェックするため、標準シグナルとリアルタ\n"
"イムシグナルの両方がカウントされる。しかし、この制限は B<sigqueue>(3)\n"
-"ã\81«å¯¾ã\81\97ã\81¦ã\81\97ã\81\8bå¼·å\88¶ã\81\95ã\82\8cã\81\9a、 B<kill>(2) 使うことで、そのプロセスに対してま\n"
+"ã\81«å¯¾ã\81\97ã\81¦ã\81®ã\81¿é\81©ç\94¨ã\81\95ã\82\8c、 B<kill>(2) 使うことで、そのプロセスに対してま\n"
"だキューに入れられていない シグナルのインスタンスをキューに入れることが\n"
"できる。"
#. type: TP
-#: build/C/man2/getrlimit.2:362
+#: build/C/man2/getrlimit.2:384
#, no-wrap
msgid "B<RLIMIT_STACK>"
msgstr "B<RLIMIT_STACK>"
#. type: Plain text
-#: build/C/man2/getrlimit.2:370
+#: build/C/man2/getrlimit.2:392
msgid ""
"The maximum size of the process stack, in bytes. Upon reaching this limit, "
"a B<SIGSEGV> signal is generated. To handle this signal, a process must "
"のシグナルスタック (B<sigaltstack>(2)) を使用しなければならない。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:375
+#: build/C/man2/getrlimit.2:397
msgid ""
"Since Linux 2.6.23, this limit also determines the amount of space used for "
"the process's command-line arguments and environment variables; for details, "
"B<execve>(2) を参照。"
#. type: SS
-#: build/C/man2/getrlimit.2:375
+#: build/C/man2/getrlimit.2:397
#, no-wrap
msgid "prlimit()"
-msgstr ""
+msgstr "prlimit()"
#. commit c022a0acad534fd5f5d5f17280f6d4d135e74e81
#. Author: Jiri Slaby <jslaby@suse.cz>
#. Date: Tue May 4 18:03:50 2010 +0200
+#. rlimits: implement prlimit64 syscall
+#. commit 6a1d5e2c85d06da35cdfd93f1a27675bfdc3ad8c
+#. Author: Jiri Slaby <jslaby@suse.cz>
+#. Date: Wed Mar 24 17:06:58 2010 +0100
+#. rlimits: add rlimit64 structure
#. type: Plain text
-#: build/C/man2/getrlimit.2:386
+#: build/C/man2/getrlimit.2:417
msgid ""
"The Linux-specific B<prlimit>() system call combines and extends the "
"functionality of B<setrlimit>() and B<getrlimit>(). It can be used to both "
"set and get the resource limits of an arbitrary process."
msgstr ""
+"Linux 固有の B<prlimit>() システムコールは、 B<setrlimit>() と B<getrlimit> "
+"の機能を合わせて拡張したものである。 このシステムコールを使って、任意のプロセ"
+"スのリソース上限の設定と取得を行うことができる。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:393
+#: build/C/man2/getrlimit.2:424
msgid ""
"The I<resource> argument has the same meaning as for B<setrlimit>() and "
"B<getrlimit>()."
msgstr ""
+"I<resource> 引き数は B<setrlimit>() や B<getrlimit>() と同じ意味である。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:411
+#: build/C/man2/getrlimit.2:442
msgid ""
"If the I<new_limit> argument is a not NULL, then the I<rlimit> structure to "
"which it points is used to set new values for the soft and hard limits for "
"call to B<prlimit>() places the previous soft and hard limits for "
"I<resource> in the I<rlimit> structure pointed to by I<old_limit>."
msgstr ""
+"I<new_limit> 引き数が NULL 以外の場合、 I<new_limit> が指す I<rlimit> 構造体"
+"を使って I<resource> のソフトリミットとハードリミットの新しい値が設定され"
+"る。 I<old_limit> 引き数が NULL 以外の場合、 B<prlimit>() の呼び出しが成功す"
+"ると、 I<resource> の直前のソフトリミットとハードリミットが I<old_limit> が指"
+"す I<rlimit> 構造体に格納される。"
-#. FIXME this permission check is strange
+#. FIXME . this permission check is strange
#. Asked about this on LKML, 7 Nov 2010
#. "Inconsistent credential checking in prlimit() syscall"
#. type: Plain text
-#: build/C/man2/getrlimit.2:430
+#: build/C/man2/getrlimit.2:461
msgid ""
"The I<pid> argument specifies the ID of the process on which the call is to "
"operate. If I<pid> is 0, then the call applies to the calling process. To "
"I<and> the real, effective, and saved set group IDs of the target process "
"must match the real group ID of the caller."
msgstr ""
+"I<pid> 引き数は呼び出しの操作対象となるプロセス ID を指定する。 I<pid> が 0 "
+"の場合、呼び出しは呼び出し元プロセスに対して適用される。 自分以外のプロセスの"
+"リソースの設定と取得を行うためには、 呼び出し元プロセスが "
+"B<CAP_SYS_RESOURCE> ケーパビリティを持っているか、 対象となるプロセスの実ユー"
+"ザ ID、 実効ユーザ ID、 保存 set-user-ID が呼び出し元プロセスの実ユーザ ID と"
+"一致し、 かつ、 対象となるプロセスの実グループ ID、 実効グループ ID、 保存 "
+"set-group-ID が呼び出し元プロセスの実グループ ID と一致していなければならな"
+"い。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:435
+#: build/C/man2/getrlimit.2:466
msgid ""
"On success, these system calls return 0. On error, -1 is returned, and "
"I<errno> is set appropriately."
"エラーの場合は -1 が返され、 I<errno> が適切に設定される。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:440
+#: build/C/man2/getrlimit.2:471
msgid ""
"A pointer argument points to a location outside the accessible address space."
msgstr "場所を指すポインタ引き数がアクセス可能なアドレス空間外を指している。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:452
+#: build/C/man2/getrlimit.2:483
msgid ""
"The value specified in I<resource> is not valid; or, for B<setrlimit>() or "
"B<prlimit>(): I<rlim-E<gt>rlim_cur> was greater than I<rlim-E<gt>rlim_max>."
"I<rlim-E<gt>rlim_cur> が I<rlim-E<gt>rlim_max> よりも大きかった。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:464
+#: build/C/man2/getrlimit.2:495
msgid ""
"An unprivileged process tried to raise the hard limit; the "
"B<CAP_SYS_RESOURCE> capability is required to do this. Or, the caller tried "
"設定する許可を持っていなかった。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:468
+#: build/C/man2/getrlimit.2:499
msgid "Could not find a process with the ID specified in I<pid>."
-msgstr ""
+msgstr "I<pid> で指定された ID のプロセスが見つからなかった。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:473
+#: build/C/man2/getrlimit.2:504
msgid ""
"The B<prlimit>() system call is available since Linux 2.6.36. Library "
"support is available since glibc 2.13."
msgstr ""
+"B<prlimit>() システムコールは Linux 2.6.36 以降で利用できる。 ライブラリのサ"
+"ポートは glibc 2.13 以降で利用できる。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:477
+#: build/C/man2/getrlimit.2:508
msgid "B<getrlimit>(), B<setrlimit>(): SVr4, 4.3BSD, POSIX.1-2001."
-msgstr ""
+msgstr "B<getrlimit>(), B<setrlimit>(): SVr4, 4.3BSD, POSIX.1-2001."
#. type: Plain text
-#: build/C/man2/getrlimit.2:480
+#: build/C/man2/getrlimit.2:511
msgid "B<prlimit>(): Linux-specific."
-msgstr ""
+msgstr "B<prlimit>(): Linux 固有。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:496
+#: build/C/man2/getrlimit.2:527
msgid ""
"B<RLIMIT_MEMLOCK> and B<RLIMIT_NPROC> derive from BSD and are not specified "
"in POSIX.1-2001; they are present on the BSDs and Linux, but on few other "
"B<RLIMIT_SIGPENDING> は Linux 固有のものである。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:502
+#: build/C/man2/getrlimit.2:533
msgid ""
"A child process created via B<fork>(2) inherits its parent's resource "
"limits. Resource limits are preserved across B<execve>(2)."
"承する。 B<execve>(2) の前後でリソース制限は保存される。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:511
+#: build/C/man2/getrlimit.2:538
+msgid ""
+"Lowering the soft limit for a resource below the process's current "
+"consumption of that resource will succeed (but will prevent the process from "
+"further increasing its consumption of the resource)."
+msgstr ""
+"リソースのソフトリミットをそのプロセスが現在のリソース使用量より小さい値に設"
+"定することはできる (但し、そのプロセスはそれ以降そのリソースの使用量を増やす"
+"ことができなくなる)。"
+
+#. type: Plain text
+#: build/C/man2/getrlimit.2:547
msgid ""
"One can set the resource limits of the shell using the built-in I<ulimit> "
"command (I<limit> in B<csh>(1)). The shell's resource limits are inherited "
"マンドを実行してシェルが生成するプロセス に引き継がれる。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:520
+#: build/C/man2/getrlimit.2:552
+msgid ""
+"Since Linux 2.6.24, the resource limits of any process can be inspected via "
+"I</proc/[pid]/limits>; see B<proc>(5)."
+msgstr ""
+"Linux 2.6.24 以降では、 プロセスのリソース上限は I</proc/[pid]/limits> で知る"
+"ことができる。 B<proc>(5) 参照。"
+
+#. type: Plain text
+#: build/C/man2/getrlimit.2:561
msgid ""
"Ancient systems provided a B<vlimit>() function with a similar purpose to "
-"B<setrlimit>(). For backward compatibility, glibc also provides B<vlimit>"
-"(). All new applications should be written using B<setrlimit>()."
+"B<setrlimit>(). For backward compatibility, glibc also provides "
+"B<vlimit>(). All new applications should be written using B<setrlimit>()."
msgstr ""
"古いシステムでは、 B<setrlimit>() と同様の目的を持つ関数 B<vlimit>() が提供"
"されていた。 後方互換性のため、glibc でも B<vlimit>() を提供している。 全て"
"の新しいアプリケーションでは、 B<setrlimit>() を使用すべきである。"
+#. type: SS
+#: build/C/man2/getrlimit.2:561
+#, no-wrap
+msgid "C library/ kernel ABI differences"
+msgstr "C ライブラリとカーネル ABI の違い"
+
#. type: Plain text
-#: build/C/man2/getrlimit.2:523
-msgid "The program below demonstrates the use of B<prlimit>()."
+#: build/C/man2/getrlimit.2:570
+msgid ""
+"Since version 2.13, the glibc B<getrlimit>() and B<setrlimit>() wrapper "
+"functions no longer invoke the corresponding system calls, but instead "
+"employ B<prlimit>(), for the reasons described in BUGS."
+msgstr ""
+"バージョン 2.13 以降では、 glibc の B<getrlimit>() と B<setrlimit>() のラッ"
+"パー関数はもはや対応するシステムコールを呼び出さず、 代わりに「バグ」の節で説"
+"明されている理由から B<prlimit>() を利用している。"
+
+#. type: Plain text
+#: build/C/man2/getrlimit.2:579
+msgid ""
+"In older Linux kernels, the B<SIGXCPU> and B<SIGKILL> signals delivered when "
+"a process encountered the soft and hard B<RLIMIT_CPU> limits were delivered "
+"one (CPU) second later than they should have been. This was fixed in kernel "
+"2.6.8."
+msgstr ""
+"以前の Linux カーネルでは、プロセスがソフトまたはハード B<RLIMIT_CPU> リミッ"
+"トに達した場合に送られる B<SIGXCPU> と B<SIGKILL> シグナルが、本来送られるべ"
+"き時点の 1 (CPU) 秒後に送られてしまう。 これはカーネル 2.6.8 で修正された。"
+
+#. see http://marc.theaimsgroup.com/?l=linux-kernel&m=114008066530167&w=2
+#. type: Plain text
+#: build/C/man2/getrlimit.2:587
+msgid ""
+"In 2.6.x kernels before 2.6.17, a B<RLIMIT_CPU> limit of 0 is wrongly "
+"treated as \"no limit\" (like B<RLIM_INFINITY>). Since Linux 2.6.17, "
+"setting a limit of 0 does have an effect, but is actually treated as a limit "
+"of 1 second."
+msgstr ""
+"2.6.17 より前の 2.6.x カーネルでは、 B<RLIMIT_CPU> リミットが 0 の場合、 "
+"(B<RLIM_INFINITY> と同じように) 「制限なし」と間違って解釈されていた。 Linux "
+"2.6.17 以降では、リミットを 0 に設定した場合にも 効果を持つようになっている"
+"が、実際にはリミットの値は 1 秒となる。"
+
+#. See https://lwn.net/Articles/145008/
+#. type: Plain text
+#: build/C/man2/getrlimit.2:592
+msgid ""
+"A kernel bug means that B<RLIMIT_RTPRIO> does not work in kernel 2.6.12; the "
+"problem is fixed in kernel 2.6.13."
+msgstr ""
+"カーネル 2.6.12 には、 B<RLIMIT_RTPRIO> が動作しないというバグがある。この問"
+"題はカーネル 2.6.13 で修正されている。"
+
+#. see http://marc.theaimsgroup.com/?l=linux-kernel&m=112256338703880&w=2
+#. type: Plain text
+#: build/C/man2/getrlimit.2:603
+msgid ""
+"In kernel 2.6.12, there was an off-by-one mismatch between the priority "
+"ranges returned by B<getpriority>(2) and B<RLIMIT_NICE>. This had the "
+"effect that the actual ceiling for the nice value was calculated as I<19\\ -"
+"\\ rlim_cur>. This was fixed in kernel 2.6.13."
+msgstr ""
+"カーネル 2.6.12 では、 B<getpriority>(2) と B<RLIMIT_NICE> が返す優先度の範"
+"囲が一つずれていた。このため、nice 値の実際の上限が I<19\\ -\\ rlim_cur> に"
+"なってしまうという影響があった。これはカーネル 2.6.13 で修正された。"
+
+#. The relevant patch, sent to LKML, seems to be
+#. http://thread.gmane.org/gmane.linux.kernel/273462
+#. From: Roland McGrath <roland <at> redhat.com>
+#. Subject: [PATCH 7/7] make RLIMIT_CPU/SIGXCPU per-process
+#. Date: 2005-01-23 23:27:46 GMT
+#. Tested Solaris 10, FreeBSD 9, OpenBSD 5.0
+#. FIXME . https://bugzilla.kernel.org/show_bug.cgi?id=50951
+#. type: Plain text
+#: build/C/man2/getrlimit.2:630
+msgid ""
+"Since Linux 2.6.12, if a process reaches its soft B<RLIMIT_CPU> limit and "
+"has a handler installed for B<SIGXCPU>, then, in addition to invoking the "
+"signal handler, the kernel increases the soft limit by one second. This "
+"behavior repeats if the process continues to consume CPU time, until the "
+"hard limit is reached, at which point the process is killed. Other "
+"implementations do not change the B<RLIMIT_CPU> soft limit in this manner, "
+"and the Linux behavior is probably not standards conformant; portable "
+"applications should avoid relying on this Linux-specific behavior. The "
+"Linux-specific B<RLIMIT_RTTIME> limit exhibits the same behavior when the "
+"soft limit is encountered."
+msgstr ""
+"Linux 2.6.12 以降では、 プロセスがその B<RLIMIT_CPU> ソフトリミットに達し、 "
+"B<SIGXCPU> に対してシグナルハンドラが設定されている場合、 シグナルハンドラを"
+"起動するだけでなく、 カーネルは 1 秒間ソフトリミットを増やす。 そのプロセス"
+"が CPU 時間を消費し続けている限り、 ハードリミットに達するまで、この動作が繰"
+"り返される。 ハードリミットに達すると、その時点でプロセスは kill される。 他"
+"の実装では、上記のような B<RLIMIT_CPU> ソフトリミットの変更は行われず、 おそ"
+"らく Linux の動作は標準に準拠していない。 移植性が必要なアプリケーションでは"
+"この Linux 固有の動作を前提にするのは避けるべきである。 Linux 固有の上限 "
+"B<RLIMIT_RTTIME> でも、 ソフトリミットに達した場合に同じ動作となる。"
+
+#. type: Plain text
+#: build/C/man2/getrlimit.2:640
+msgid ""
+"Kernels before 2.4.22 did not diagnose the error B<EINVAL> for "
+"B<setrlimit>() when I<rlim-E<gt>rlim_cur> was greater than I<rlim-"
+"E<gt>rlim_max>."
+msgstr ""
+"2.4.22 より前のカーネルでは、 I<rlim-E<gt>rlim_cur> が I<rlim-E<gt>rlim_max> "
+"より大きかった場合、 B<setrlimit>() での B<EINVAL> エラーを検出できない。"
+
+#. type: SS
+#: build/C/man2/getrlimit.2:640
+#, no-wrap
+msgid "Representation of \"large\" resource limit values on 32-bit platforms"
+msgstr "32 ビットプラットフォームにおける「大きな」リソース上限値の表現"
+
+#. https://bugzilla.kernel.org/show_bug.cgi?id=5042
+#. http://sources.redhat.com/bugzilla/show_bug.cgi?id=12201
+#. type: Plain text
+#: build/C/man2/getrlimit.2:671
+msgid ""
+"The glibc B<getrlimit>() and B<setrlimit>() wrapper functions use a 64-bit "
+"I<rlim_t> data type, even on 32-bit platforms. However, the I<rlim_t> data "
+"type used in the B<getrlimit>() and B<setrlimit>() system calls is a (32-"
+"bit) I<unsigned long>. Furthermore, in Linux versions before 2.6.36, the "
+"kernel represents resource limits on 32-bit platforms as I<unsigned long>. "
+"However, a 32-bit data type is not wide enough. The most pertinent limit "
+"here is B<RLIMIT_FSIZE>, which specifies the maximum size to which a file "
+"can grow: to be useful, this limit must be represented using a type that is "
+"as wide as the type used to represent file offsets\\(emthat is, as wide as a "
+"64-bit B<off_t> (assuming a program compiled with I<_FILE_OFFSET_BITS=64>)."
+msgstr ""
+"glibc の B<getrlimit>() と B<setrlimit>() ラッパー関数は、32 ビットプラット"
+"フォームであっても 64 ビットの I<rlim_t> データ型を使用する。 しかし、 "
+"B<getrlimit>() と B<setrlimit>() システムコールで使用される I<rlim_t> データ"
+"型は (32 ビットの) I<unsigned long> である。 さらに、 2.6.36 より前の Linux "
+"では、 カーネルは 32 ビットプラットフォームではリソース上限を I<unsigned "
+"long> として表現している。 しかしながら、 32 ビットデータ型は十分な大きさでは"
+"ない。 ここで最も関係がある上限値は B<RLIMIT_FSIZE> である。 この上限はファイ"
+"ルサイズの最大値であり、実用性の面からは、 この上限をファイルオフセットを表現"
+"するのに使用されている型、 つまり 64 ビットの B<off_t> "
+"(I<_FILE_OFFSET_BITS=64> でコンパイルしたプログラムの場合)、 と同じ幅を持つ"
+"型、を使って表現すべきである。"
+
+#. type: Plain text
+#: build/C/man2/getrlimit.2:681
+msgid ""
+"To work around this kernel limitation, if a program tried to set a resource "
+"limit to a value larger than can be represented in a 32-bit I<unsigned "
+"long>, then the glibc B<setrlimit>() wrapper function silently converted "
+"the limit value to B<RLIM_INFINITY>. In other words, the requested resource "
+"limit setting was silently ignored."
+msgstr ""
+"カーネルのこの制限に対する対策として、 プログラムがリソース上限を 32 ビット"
+"の I<unsigned long> で表現できる値よりも大きな値に設定しようとした際には、 "
+"glibc の B<setrlimit>() ラッパー関数はこの上限値を黙って B<RLIM_INFINITY> に"
+"変換していた。 言い換えると、指定されたリソース上限値は黙って無視されていた。"
+
+#. type: Plain text
+#: build/C/man2/getrlimit.2:683
+msgid "This problem was addressed in Linux 2.6.36 with two principal changes:"
+msgstr "この問題は Linux 2.6.36 での以下の主な変更により解決された。"
+
+#. type: Plain text
+#: build/C/man2/getrlimit.2:686
+msgid ""
+"the addition of a new kernel representation of resource limits that uses 64 "
+"bits, even on 32-bit platforms;"
+msgstr ""
+"32 ビットプラットフォームであっても 64 ビットを使用するリソース上限の新しい"
+"カーネルでの表現方法の追加。"
+
+#. type: Plain text
+#: build/C/man2/getrlimit.2:690
+msgid ""
+"the addition of the B<prlimit>() system call, which employs 64-bit values "
+"for its resource limit arguments."
+msgstr ""
+"リソース上限の引き数として 64 ビット値を取る B<prlimit>() システムコールの追"
+"加。"
+
+#. https://www.sourceware.org/bugzilla/show_bug.cgi?id=12201
+#. type: Plain text
+#: build/C/man2/getrlimit.2:703
+msgid ""
+"Since version 2.13, glibc works around the limitations of the "
+"B<getrlimit>() and B<setrlimit>() system calls by implementing "
+"B<setrlimit>() and B<getrlimit>() as wrapper functions that call "
+"B<prlimit>()."
msgstr ""
+"バージョン 2.13 以降の glibc では、 B<getrlimit>() と B<setrlimit>() システム"
+"コールの制限に対する回避手段として、\n"
+"B<setrlimit>() と B<getrlimit>() を B<prlimit>() を呼び出すラッパー関数として"
+"実装している。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:532
+#: build/C/man2/getrlimit.2:706
+msgid "The program below demonstrates the use of B<prlimit>()."
+msgstr "以下のプログラムに B<prlimit>() の使用例を示す。"
+
+#. type: Plain text
+#: build/C/man2/getrlimit.2:715
#, no-wrap
msgid ""
"#define _GNU_SOURCE\n"
"#include E<lt>sys/resource.hE<gt>\n"
#. type: Plain text
-#: build/C/man2/getrlimit.2:535
+#: build/C/man2/getrlimit.2:718
#, no-wrap
msgid ""
"#define errExit(msg) \tdo { perror(msg); exit(EXIT_FAILURE); \\e\n"
" } while (0)\n"
#. type: Plain text
-#: build/C/man2/getrlimit.2:542
+#: build/C/man2/getrlimit.2:725
#, no-wrap
msgid ""
"int\n"
" pid_t pid;\n"
#. type: Plain text
-#: build/C/man2/getrlimit.2:548
+#: build/C/man2/getrlimit.2:731
#, no-wrap
msgid ""
" if (!(argc == 2 || argc == 4)) {\n"
" }\n"
#. type: Plain text
-#: build/C/man2/getrlimit.2:550
+#: build/C/man2/getrlimit.2:733
#, no-wrap
msgid " pid = atoi(argv[1]); /* PID of target process */\n"
msgstr " pid = atoi(argv[1]); /* PID of target process */\n"
#. type: Plain text
-#: build/C/man2/getrlimit.2:557
+#: build/C/man2/getrlimit.2:740
#, no-wrap
msgid ""
" newp = NULL;\n"
" }\n"
#. type: Plain text
-#: build/C/man2/getrlimit.2:560
+#: build/C/man2/getrlimit.2:743
#, no-wrap
msgid ""
" /* Set CPU time limit of target process; retrieve and display\n"
" previous limit */\n"
#. type: Plain text
-#: build/C/man2/getrlimit.2:565
+#: build/C/man2/getrlimit.2:748
#, no-wrap
msgid ""
" if (prlimit(pid, RLIMIT_CPU, newp, &old) == -1)\n"
" (long long) old.rlim_cur, (long long) old.rlim_max);\n"
#. type: Plain text
-#: build/C/man2/getrlimit.2:567
+#: build/C/man2/getrlimit.2:750
#, no-wrap
msgid " /* Retrieve and display new CPU time limit */\n"
msgstr " /* Retrieve and display new CPU time limit */\n"
#. type: Plain text
-#: build/C/man2/getrlimit.2:572
+#: build/C/man2/getrlimit.2:755
#, no-wrap
msgid ""
" if (prlimit(pid, RLIMIT_CPU, NULL, &old) == -1)\n"
" (long long) old.rlim_cur, (long long) old.rlim_max);\n"
#. type: Plain text
-#: build/C/man2/getrlimit.2:575
+#: build/C/man2/getrlimit.2:758 build/C/man7/user_namespaces.7:829
#, no-wrap
msgid ""
" exit(EXIT_FAILURE);\n"
" exit(EXIT_FAILURE);\n"
"}\n"
-#. FIXME prlimit() does not suffer
-#. https://bugzilla.kernel.org/show_bug.cgi?id=5042
-#. http://sources.redhat.com/bugzilla/show_bug.cgi?id=12201
-#. type: Plain text
-#: build/C/man2/getrlimit.2:588
-msgid ""
-"In older Linux kernels, the B<SIGXCPU> and B<SIGKILL> signals delivered when "
-"a process encountered the soft and hard B<RLIMIT_CPU> limits were delivered "
-"one (CPU) second later than they should have been. This was fixed in kernel "
-"2.6.8."
-msgstr ""
-"以前の Linux カーネルでは、プロセスがソフトまたはハード B<RLIMIT_CPU> リミッ"
-"トに達した場合に送られる B<SIGXCPU> と B<SIGKILL> シグナルが、本来送られるべ"
-"き時点の 1 (CPU) 秒後に送られてしまう。 これはカーネル 2.6.8 で修正された。"
-
-#. see http://marc.theaimsgroup.com/?l=linux-kernel&m=114008066530167&w=2
-#. type: Plain text
-#: build/C/man2/getrlimit.2:596
-msgid ""
-"In 2.6.x kernels before 2.6.17, a B<RLIMIT_CPU> limit of 0 is wrongly "
-"treated as \"no limit\" (like B<RLIM_INFINITY>). Since Linux 2.6.17, "
-"setting a limit of 0 does have an effect, but is actually treated as a limit "
-"of 1 second."
-msgstr ""
-"2.6.17 より前の 2.6.x カーネルでは、 B<RLIMIT_CPU> リミットが 0 の場合、 "
-"(B<RLIM_INFINITY> と同じように) 「制限なし」と間違って解釈されていた。 Linux "
-"2.6.17 以降では、リミットを 0 に設定した場合にも 効果を持つようになっている"
-"が、実際にはリミットの値は 1 秒となる。"
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:600
-msgid ""
-"A kernel bug means that B<RLIMIT_RTPRIO> does not work in kernel 2.6.12; the "
-"problem is fixed in kernel 2.6.13."
-msgstr ""
-"カーネル 2.6.12 には、 B<RLIMIT_RTPRIO> が動作しないというバグがある。この問"
-"題はカーネル 2.6.13 で修正されている。"
-
-#. see http://marc.theaimsgroup.com/?l=linux-kernel&m=112256338703880&w=2
-#. type: Plain text
-#: build/C/man2/getrlimit.2:611
-msgid ""
-"In kernel 2.6.12, there was an off-by-one mismatch between the priority "
-"ranges returned by B<getpriority>(2) and B<RLIMIT_NICE>. This had the "
-"effect that the actual ceiling for the nice value was calculated as I<19\\ -"
-"\\ rlim_cur>. This was fixed in kernel 2.6.13."
-msgstr ""
-"カーネル 2.6.12 では、 B<getpriority>(2) と B<RLIMIT_NICE> が返す優先度の範"
-"囲が一つずれていた。このため、nice 値の実際の上限が I<19\\ -\\ rlim_cur> に"
-"なってしまうという影響があった。これはカーネル 2.6.13 で修正された。"
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:620
-msgid ""
-"Kernels before 2.4.22 did not diagnose the error B<EINVAL> for B<setrlimit>"
-"() when I<rlim-E<gt>rlim_cur> was greater than I<rlim-E<gt>rlim_max>."
-msgstr ""
-"2.4.22 より前のカーネルでは、 I<rlim-E<gt>rlim_cur> が I<rlim-E<gt>rlim_max> "
-"より大きかった場合、 B<setrlimit>() での B<EINVAL> エラーを検出できない。"
-
#. type: Plain text
-#: build/C/man2/getrlimit.2:637
+#: build/C/man2/getrlimit.2:777
msgid ""
-"B<dup>(2), B<fcntl>(2), B<fork>(2), B<getrusage>(2), B<mlock>(2), B<mmap>"
-"(2), B<open>(2), B<quotactl>(2), B<sbrk>(2), B<shmctl>(2), B<malloc>(3), "
-"B<sigqueue>(3), B<ulimit>(3), B<core>(5), B<capabilities>(7), B<signal>(7)"
+"B<prlimit>(1), B<dup>(2), B<fcntl>(2), B<fork>(2), B<getrusage>(2), "
+"B<mlock>(2), B<mmap>(2), B<open>(2), B<quotactl>(2), B<sbrk>(2), "
+"B<shmctl>(2), B<malloc>(3), B<sigqueue>(3), B<ulimit>(3), B<core>(5), "
+"B<capabilities>(7), B<signal>(7)"
msgstr ""
-"B<dup>(2), B<fcntl>(2), B<fork>(2), B<getrusage>(2), B<mlock>(2), B<mmap>"
-"(2), B<open>(2), B<quotactl>(2), B<sbrk>(2), B<shmctl>(2), B<malloc>(3), "
-"B<sigqueue>(3), B<ulimit>(3), B<core>(5), B<capabilities>(7), B<signal>(7)"
+"B<prlimit>(1), B<dup>(2), B<fcntl>(2), B<fork>(2), B<getrusage>(2), "
+"B<mlock>(2), B<mmap>(2), B<open>(2), B<quotactl>(2), B<sbrk>(2), "
+"B<shmctl>(2), B<malloc>(3), B<sigqueue>(3), B<ulimit>(3), B<core>(5), "
+"B<capabilities>(7), B<signal>(7)"
#. type: TH
#: build/C/man2/getrusage.2:39
msgstr "GETRUSAGE"
#. type: TH
-#: build/C/man2/getrusage.2:39 build/C/man2/getsid.2:25
-#: build/C/man2/setpgid.2:46
+#: build/C/man2/getrusage.2:39
#, no-wrap
-msgid "2010-09-26"
-msgstr "2010-09-26"
+msgid "2014-05-10"
+msgstr "2014-05-10"
#. type: Plain text
#: build/C/man2/getrusage.2:42
msgstr "B<RUSAGE_THREAD> (Linux 2.6.26 以降)"
#. type: Plain text
-#: build/C/man2/getrusage.2:68
-msgid "Return resource usage statistics for the calling thread."
-msgstr "呼び出したスレッドに関する資源使用量の統計を返す。"
+#: build/C/man2/getrusage.2:75
+msgid ""
+"Return resource usage statistics for the calling thread. The B<_GNU_SOURCE> "
+"feature test macro must be defined (before including I<any> header file) in "
+"order to obtain the definition of this constant from I<E<lt>sys/resource."
+"hE<gt>>."
+msgstr ""
+"呼び出したスレッドに関する資源使用量の統計を返す。 I<E<lt>sys/resource."
+"hE<gt>> からこの定数の定義を得るためには、 ((I<どの>ヘッダファイルをインク"
+"ルードするよりも前に) 機能検査マクロ B<_GNU_SOURCE> を定義しなければならな"
+"い。"
#. type: Plain text
-#: build/C/man2/getrusage.2:72
+#: build/C/man2/getrusage.2:79
msgid ""
"The resource usages are returned in the structure pointed to by I<usage>, "
"which has the following form:"
"ある。"
#. type: Plain text
-#: build/C/man2/getrusage.2:93
+#: build/C/man2/getrusage.2:100
#, no-wrap
msgid ""
"struct rusage {\n"
"};\n"
#. type: Plain text
-#: build/C/man2/getrusage.2:101
+#: build/C/man2/getrusage.2:108
msgid ""
"Not all fields are completed; unmaintained fields are set to zero by the "
"kernel. (The unmaintained fields are provided for compatibility with other "
"systems, and because they may one day be supported on Linux.) The fields "
"are interpreted as follows:"
msgstr ""
+"すべてのフィールドがサポートされているわけではない。 メンテナンスされていない"
+"フィールドには、 カーネルが 0 を設定する (メンテナンスされていないフィールド"
+"は、 他のシステムとの互換性のために提供されており、 いつか Linux でもサポート"
+"されるかもしれない)。 各フィールドの詳細は以下の通りである。"
#. type: TP
-#: build/C/man2/getrusage.2:101
+#: build/C/man2/getrusage.2:108
#, no-wrap
msgid "I<ru_utime>"
msgstr "I<ru_utime>"
#. type: Plain text
-#: build/C/man2/getrusage.2:107
+#: build/C/man2/getrusage.2:114
msgid ""
"This is the total amount of time spent executing in user mode, expressed in "
"a I<timeval> structure (seconds plus microseconds)."
msgstr ""
+"ユーザモードでの実行で消費された合計時間。 I<timeval> 構造体 (秒とミリ秒) で"
+"表現される。"
#. type: TP
-#: build/C/man2/getrusage.2:107
+#: build/C/man2/getrusage.2:114
#, no-wrap
msgid "I<ru_stime>"
msgstr "I<ru_stime>"
#. type: Plain text
-#: build/C/man2/getrusage.2:113
+#: build/C/man2/getrusage.2:120
msgid ""
"This is the total amount of time spent executing in kernel mode, expressed "
"in a I<timeval> structure (seconds plus microseconds)."
msgstr ""
+"カーネルモードでの実行で消費された合計時間。 I<timeval> 構造体 (秒とミリ秒) "
+"で表現される。"
#. type: TP
-#: build/C/man2/getrusage.2:113
+#: build/C/man2/getrusage.2:120
#, no-wrap
msgid "I<ru_maxrss> (since Linux 2.6.32)"
msgstr "I<ru_maxrss> (Linux 2.6.32 以降)"
#. type: Plain text
-#: build/C/man2/getrusage.2:119
+#: build/C/man2/getrusage.2:127
msgid ""
-"This is the maximum resident set size used (in kilobytes). For "
+"This is the maximum resident set size used (in kilobytes). For "
"B<RUSAGE_CHILDREN>, this is the resident set size of the largest child, not "
"the maximum resident set size of the process tree."
msgstr ""
+"使用された resident set size の最大値 (キロバイト単位)。 B<RUSAGE_CHILDREN> "
+"の場合には、プロセスツリーの resident set size の最大値ではなく、 最も大きい"
+"子プロセスの resident set size となる。"
#. type: TP
-#: build/C/man2/getrusage.2:119
+#: build/C/man2/getrusage.2:127
#, no-wrap
msgid "I<ru_ixrss> (unmaintained)"
-msgstr ""
+msgstr "I<ru_ixrss> (メンテナンスされていない)"
#. On some systems, this field records the number of signals received.
#. type: Plain text
-#: build/C/man2/getrusage.2:125 build/C/man2/getrusage.2:130
-#: build/C/man2/getrusage.2:135 build/C/man2/getrusage.2:147
-#: build/C/man2/getrusage.2:159 build/C/man2/getrusage.2:165
-#: build/C/man2/getrusage.2:169
+#: build/C/man2/getrusage.2:133 build/C/man2/getrusage.2:138
+#: build/C/man2/getrusage.2:143 build/C/man2/getrusage.2:155
+#: build/C/man2/getrusage.2:167 build/C/man2/getrusage.2:173
+#: build/C/man2/getrusage.2:177
msgid "This field is currently unused on Linux."
-msgstr ""
+msgstr "このフィールドは現在のところ Linux では未使用である。"
#. type: TP
-#: build/C/man2/getrusage.2:125
+#: build/C/man2/getrusage.2:133
#, no-wrap
msgid "I<ru_idrss> (unmaintained)"
-msgstr ""
+msgstr "I<ru_idrss> (メンテナンスされていない)"
#. type: TP
-#: build/C/man2/getrusage.2:130
+#: build/C/man2/getrusage.2:138
#, no-wrap
msgid "I<ru_isrss> (unmaintained)"
-msgstr ""
+msgstr "I<ru_isrss> (メンテナンスされていない)"
#. type: TP
-#: build/C/man2/getrusage.2:135
+#: build/C/man2/getrusage.2:143
#, no-wrap
msgid "I<ru_minflt>"
msgstr "I<ru_minflt>"
#. type: Plain text
-#: build/C/man2/getrusage.2:140
+#: build/C/man2/getrusage.2:148
msgid ""
"The number of page faults serviced without any I/O activity; here I/O "
"activity is avoided by ``reclaiming'' a page frame from the list of pages "
"awaiting reallocation."
msgstr ""
+"I/O 動作なしで発生したページフォルトの回数。 再割り当てを待っているページリス"
+"トからページフレームを「回収」 (reclaim) することで、 I/O 動作を避けることが"
+"できる。"
#. type: TP
-#: build/C/man2/getrusage.2:140
+#: build/C/man2/getrusage.2:148
#, no-wrap
msgid "I<ru_majflt>"
msgstr "I<ru_majflt>"
#. type: Plain text
-#: build/C/man2/getrusage.2:143
+#: build/C/man2/getrusage.2:151
msgid "The number of page faults serviced that required I/O activity."
-msgstr ""
+msgstr "I/O 動作を必要とするページフォルトの回数。"
#. type: TP
-#: build/C/man2/getrusage.2:143
+#: build/C/man2/getrusage.2:151
#, no-wrap
msgid "I<ru_nswap> (unmaintained)"
-msgstr ""
+msgstr "I<ru_nswap> (メンテナンスされていない)"
#. type: TP
-#: build/C/man2/getrusage.2:147
+#: build/C/man2/getrusage.2:155
#, no-wrap
msgid "I<ru_inblock> (since Linux 2.6.22)"
msgstr "I<ru_inblock> (Linux 2.6.22 以降)"
#. type: Plain text
-#: build/C/man2/getrusage.2:150
-msgid "The number of times the file system had to perform input."
-msgstr ""
+#: build/C/man2/getrusage.2:158
+msgid "The number of times the filesystem had to perform input."
+msgstr "ファイルシステムが入力を実行する必要があった回数。"
#. type: TP
-#: build/C/man2/getrusage.2:150
+#: build/C/man2/getrusage.2:158
#, no-wrap
msgid "I<ru_oublock> (since Linux 2.6.22)"
msgstr "I<ru_oublock> (Linux 2.6.22 以降)"
#. type: Plain text
-#: build/C/man2/getrusage.2:153
-msgid "The number of times the file system had to perform output."
-msgstr ""
+#: build/C/man2/getrusage.2:161
+msgid "The number of times the filesystem had to perform output."
+msgstr "ファイルシステムが出力を実行する必要があった回数。"
#. type: TP
-#: build/C/man2/getrusage.2:153
+#: build/C/man2/getrusage.2:161
#, no-wrap
msgid "I<ru_msgsnd> (unmaintained)"
-msgstr ""
+msgstr "I<ru_msgsnd> (メンテナンスされていない)"
#. type: TP
-#: build/C/man2/getrusage.2:159
+#: build/C/man2/getrusage.2:167
#, no-wrap
msgid "I<ru_msgrcv> (unmaintained)"
-msgstr ""
+msgstr "I<ru_msgrcv> (メンテナンスされていない)"
#. type: TP
-#: build/C/man2/getrusage.2:165
+#: build/C/man2/getrusage.2:173
#, no-wrap
msgid "I<ru_nsignals> (unmaintained)"
-msgstr ""
+msgstr "I<ru_nsignals> (メンテナンスされていない)"
#. type: TP
-#: build/C/man2/getrusage.2:169
+#: build/C/man2/getrusage.2:177
#, no-wrap
msgid "I<ru_nvcsw> (since Linux 2.6)"
msgstr "I<ru_nvcsw> (Linux 2.6 以降)"
#. type: Plain text
-#: build/C/man2/getrusage.2:174
+#: build/C/man2/getrusage.2:182
msgid ""
"The number of times a context switch resulted due to a process voluntarily "
"giving up the processor before its time slice was completed (usually to "
"await availability of a resource)."
msgstr ""
+"自分のタイムスライスが完了する前にプロセスが自発的にプロセッサを解放して行わ"
+"れたコンテキストスイッチの回数 (通常はリソースが利用可能になるのを待つために"
+"行われる)。"
#. type: TP
-#: build/C/man2/getrusage.2:174
+#: build/C/man2/getrusage.2:182
#, no-wrap
msgid "I<ru_nivcsw> (since Linux 2.6)"
msgstr "I<memory_migrate> (Linux 2.6.16 以降)"
#. type: Plain text
-#: build/C/man2/getrusage.2:179
+#: build/C/man2/getrusage.2:187
msgid ""
"The number of times a context switch resulted due to a higher priority "
"process becoming runnable or because the current process exceeded its time "
"slice."
msgstr ""
+"優先度が自分より高いプロセッサが実行可能になったか、現在のプロセスが自分のタ"
+"イムスライスを超過したことにより行われたコンテキストスイッチの回数。"
#. type: Plain text
-#: build/C/man2/getrusage.2:190
+#: build/C/man2/getrusage.2:198
msgid "I<usage> points outside the accessible address space."
msgstr "I<usage> がアクセス可能なアドレス空間の外を指している。"
#. type: Plain text
-#: build/C/man2/getrusage.2:194
+#: build/C/man2/getrusage.2:202
msgid "I<who> is invalid."
msgstr "I<who> が無効である。"
#. type: Plain text
-#: build/C/man2/getrusage.2:202
+#: build/C/man2/getrusage.2:210
msgid ""
-"SVr4, 4.3BSD. POSIX.1-2001 specifies B<getrusage>(), but only specifies the "
+"SVr4, 4.3BSD. POSIX.1-2001 specifies B<getrusage>(), but specifies only the "
"fields I<ru_utime> and I<ru_stime>."
msgstr ""
"SVr4, 4.3BSD. POSIX.1-2001 は B<getrusage>() を規定しているが、規定している"
"フィールドは I<ru_utime> と I<ru_stime> だけである。"
#. type: Plain text
-#: build/C/man2/getrusage.2:205
+#: build/C/man2/getrusage.2:213
msgid "B<RUSAGE_THREAD> is Linux-specific."
msgstr "B<RUSAGE_THREAD> は Linux 固有である。"
#. type: Plain text
-#: build/C/man2/getrusage.2:208
+#: build/C/man2/getrusage.2:216
msgid "Resource usage metrics are preserved across an B<execve>(2)."
msgstr "B<execve>(2) の前後でリソース使用量の指標は保持される。"
#. type: Plain text
-#: build/C/man2/getrusage.2:216
+#: build/C/man2/getrusage.2:224
msgid ""
"Including I<E<lt>sys/time.hE<gt>> is not required these days, but increases "
"portability. (Indeed, I<struct timeval> is defined in I<E<lt>sys/time."
#. See the description of getrusage() in XSH.
#. A similar statement was also in SUSv2.
#. type: Plain text
-#: build/C/man2/getrusage.2:228
+#: build/C/man2/getrusage.2:236
msgid ""
"In Linux kernel versions before 2.6.9, if the disposition of B<SIGCHLD> is "
"set to B<SIG_IGN> then the resource usages of child processes are "
"改正された。"
#. type: Plain text
-#: build/C/man2/getrusage.2:231
+#: build/C/man2/getrusage.2:239
msgid ""
"The structure definition shown at the start of this page was taken from "
"4.3BSD Reno."
-msgstr ""
+msgstr "このページの最初で示した構造体の定義は 4.3BSD Reno のものである。"
#. type: Plain text
-#: build/C/man2/getrusage.2:240
+#: build/C/man2/getrusage.2:248
msgid ""
"Ancient systems provided a B<vtimes>() function with a similar purpose to "
-"B<getrusage>(). For backward compatibility, glibc also provides B<vtimes>"
-"(). All new applications should be written using B<getrusage>()."
+"B<getrusage>(). For backward compatibility, glibc also provides "
+"B<vtimes>(). All new applications should be written using B<getrusage>()."
msgstr ""
"古いシステムでは、 B<getrusage>() と同様の目的を持つ関数 B<vtimes>() が提供\n"
"されていた。後方互換性のため、glibc でも B<vtimes>() を提供している。\n"
"全ての新しいアプリケーションでは B<getrusage>() を使用すべきである。"
#. type: Plain text
-#: build/C/man2/getrusage.2:245
+#: build/C/man2/getrusage.2:253
msgid "See also the description of I</proc/PID/stat> in B<proc>(5)."
msgstr "B<proc>(5) にある I</proc/PID/stat> の説明も参照のこと。"
#. type: Plain text
-#: build/C/man2/getrusage.2:252
+#: build/C/man2/getrusage.2:260
msgid ""
"B<clock_gettime>(2), B<getrlimit>(2), B<times>(2), B<wait>(2), B<wait4>(2), "
"B<clock>(3)"
"B<clock>(3)"
#. type: TH
-#: build/C/man2/getsid.2:25
+#: build/C/man2/getsid.2:26
#, no-wrap
msgid "GETSID"
msgstr "GETSID"
+#. type: TH
+#: build/C/man2/getsid.2:26
+#, no-wrap
+msgid "2010-09-26"
+msgstr "2010-09-26"
+
#. type: Plain text
-#: build/C/man2/getsid.2:28
+#: build/C/man2/getsid.2:29
msgid "getsid - get session ID"
msgstr "getsid - セッション ID を取得する。"
#. type: Plain text
-#: build/C/man2/getsid.2:32
+#: build/C/man2/getsid.2:33
msgid "B<pid_t getsid(pid_t>I< pid>B<);>"
msgstr "B<pid_t getsid(pid_t>I< pid>B<);>"
#. type: Plain text
-#: build/C/man2/getsid.2:41
+#: build/C/man2/getsid.2:42
msgid "B<getsid>():"
msgstr "B<getsid>():"
#. type: Plain text
-#: build/C/man2/getsid.2:44 build/C/man2/setpgid.2:77
+#: build/C/man2/getsid.2:45 build/C/man2/setpgid.2:79
msgid ""
"_XOPEN_SOURCE\\ E<gt>=\\ 500 || _XOPEN_SOURCE\\ &&\\ _XOPEN_SOURCE_EXTENDED"
msgstr ""
"_XOPEN_SOURCE\\ E<gt>=\\ 500 || _XOPEN_SOURCE\\ &&\\ _XOPEN_SOURCE_EXTENDED"
#. type: Plain text
-#: build/C/man2/getsid.2:46 build/C/man2/setpgid.2:79
+#: build/C/man2/getsid.2:47 build/C/man2/setpgid.2:81
msgid "|| /* Since glibc 2.12: */ _POSIX_C_SOURCE\\ E<gt>=\\ 200809L"
msgstr "|| /* glibc 2.12 以降: */ _POSIX_C_SOURCE\\ E<gt>=\\ 200809L"
#. type: Plain text
-#: build/C/man2/getsid.2:57
+#: build/C/man2/getsid.2:58
msgid ""
"I<getsid(0)> returns the session ID of the calling process. I<getsid(p)> "
"returns the session ID of the process with process ID I<p>. (The session ID "
"は セッションリーダーのプロセスグループ ID である)。"
#. type: Plain text
-#: build/C/man2/getsid.2:62
+#: build/C/man2/getsid.2:63
msgid ""
"On success, a session ID is returned. On error, I<(pid_t)\\ -1> will be "
"returned, and I<errno> is set appropriately."
"れ、 I<errno> が適切に設定される。"
#. type: Plain text
-#: build/C/man2/getsid.2:69
+#: build/C/man2/getsid.2:70
msgid ""
"A process with process ID I<p> exists, but it is not in the same session as "
"the calling process, and the implementation considers this an error."
"ではなく、 さらに実装がこの状態をエラーと判断した場合。"
#. type: Plain text
-#: build/C/man2/getsid.2:74
+#: build/C/man2/getsid.2:75
msgid "No process with process ID I<p> was found."
msgstr "プロセス ID が I<p> のプロセスがない。"
#. Linux has this system call since Linux 1.3.44.
#. There is libc support since libc 5.2.19.
#. type: Plain text
-#: build/C/man2/getsid.2:78
+#: build/C/man2/getsid.2:79
msgid "This system call is available on Linux since version 2.0."
msgstr "このシステムコールは Linux バージョン 2.0 以降で利用可能である。"
#. type: Plain text
-#: build/C/man2/getsid.2:80 build/C/man2/setgid.2:76 build/C/man2/setsid.2:66
+#: build/C/man2/getsid.2:81 build/C/man2/setgid.2:73 build/C/man2/setsid.2:70
msgid "SVr4, POSIX.1-2001."
msgstr "SVr4, POSIX.1-2001."
#. type: Plain text
-#: build/C/man2/getsid.2:83
+#: build/C/man2/getsid.2:84
msgid "Linux does not return B<EPERM>."
msgstr "Linux は B<EPERM> を返さない。"
#. type: Plain text
-#: build/C/man2/getsid.2:87
+#: build/C/man2/getsid.2:88
msgid "B<getpgid>(2), B<setsid>(2), B<credentials>(7)"
msgstr "B<getpgid>(2), B<setsid>(2), B<credentials>(7)"
#. type: Plain text
#: build/C/man2/getuid.2:57
msgid ""
-"In UNIX V6 the B<getuid>() call returned I<(euid E<lt>E<lt> 8) + uid>. "
-"UNIX V7 introduced separate calls B<getuid>() and B<geteuid>()."
+"In UNIX\\ V6 the B<getuid>() call returned I<(euid E<lt>E<lt> 8) + uid>. "
+"UNIX\\ V7 introduced separate calls B<getuid>() and B<geteuid>()."
msgstr ""
-"UNIX V6 では B<getuid>() コールは I<(euid E<lt>E<lt> 8) + uid> を返してい"
-"た。 UNIX V7 では B<getuid>() と B<geteuid>() という別々のコールが導入され"
-"た。"
+"UNIX\\ V6 では B<getuid>() コールは I<(euid E<lt>E<lt> 8) + uid> を返してい"
+"た。 UNIX\\ V7 では B<getuid>() と B<geteuid>() という別々のコールが導入さ"
+"ã\82\8cã\81\9fã\80\82"
#. type: Plain text
#: build/C/man2/getuid.2:73
msgid ""
"The original Linux B<getuid>() and B<geteuid>() system calls supported "
"only 16-bit user IDs. Subsequently, Linux 2.4 added B<getuid32>() and "
-"B<geteuid32>(), supporting 32-bit IDs. The glibc B<getuid>() and B<geteuid>"
-"() wrapper functions transparently deal with the variations across kernel "
-"versions."
+"B<geteuid32>(), supporting 32-bit IDs. The glibc B<getuid>() and "
+"B<geteuid>() wrapper functions transparently deal with the variations "
+"across kernel versions."
msgstr ""
"元々の Linux の B<getuid>() と B<geteuid>() システムコールは\n"
"16 ビットのグループ ID だけに対応していた。\n"
msgstr "B<getresuid>(2), B<setreuid>(2), B<setuid>(2), B<credentials>(7)"
#. type: TH
+#: build/C/man3/group_member.3:25
+#, no-wrap
+msgid "GROUP_MEMBER"
+msgstr "GROUP_MEMBER"
+
+#. type: TH
+#: build/C/man3/group_member.3:25
+#, no-wrap
+msgid "2014-03-30"
+msgstr "2014-03-30"
+
+#. type: TH
+#: build/C/man3/group_member.3:25
+#, no-wrap
+msgid "GNU"
+msgstr "GNU"
+
+#. type: Plain text
+#: build/C/man3/group_member.3:28
+msgid "group_member - test whether a process is in a group"
+msgstr "group_member - プロセスがグループに属しているかを検査する"
+
+#. type: Plain text
+#: build/C/man3/group_member.3:32
+msgid "B<int group_member(gid_t >I<gid>B<);>"
+msgstr "B<int group_member(gid_t >I<gid>B<);>"
+
+#. type: Plain text
+#: build/C/man3/group_member.3:40
+msgid "B<group_member>(): _GNU_SOURCE"
+msgstr "B<group_member>(): _GNU_SOURCE"
+
+#. type: Plain text
+#: build/C/man3/group_member.3:48
+msgid ""
+"The B<group_member>() function tests whether any of the caller's "
+"supplementary group IDs (as returned by B<getgroups>(2)) matches I<gid>."
+msgstr ""
+"B<group_member>() 関数は、 呼び出し元の補助グループ ID (B<getgroups>(2) が返"
+"す値) のいずれかが I<gid> に一致するかを検索する。"
+
+#. type: Plain text
+#: build/C/man3/group_member.3:55
+msgid ""
+"The B<group_member>() function returns nonzero if any of the caller's "
+"supplementary group IDs matches I<gid>, and zero otherwise."
+msgstr ""
+"B<group_member>() 関数は、 呼び出し元の補助グループ ID のいずれかが I<gid> に"
+"一致すれば 0 以外の値を、そうでなければ 0 を返す。"
+
+#. type: Plain text
+#: build/C/man3/group_member.3:57
+msgid "This function is a nonstandard GNU extension."
+msgstr "この関数は非標準の GNU 拡張である。"
+
+#. type: Plain text
+#: build/C/man3/group_member.3:62
+msgid "B<getgid>(2), B<getgroups>(2), B<getgrouplist>(3), B<group>(5)"
+msgstr "B<getgid>(2), B<getgroups>(2), B<getgrouplist>(3), B<group>(5)"
+
+#. type: TH
#: build/C/man2/iopl.2:33
#, no-wrap
msgid "IOPL"
#. type: TH
#: build/C/man2/iopl.2:33
#, no-wrap
-msgid "2004-05-27"
-msgstr "2004-05-27"
+msgid "2013-03-15"
+msgstr "2013-03-15"
#. type: Plain text
#: build/C/man2/iopl.2:36
msgstr "B<int iopl(int >I<level>B<);>"
#. type: Plain text
-#: build/C/man2/iopl.2:44
+#: build/C/man2/iopl.2:45
msgid ""
"B<iopl>() changes the I/O privilege level of the calling process, as "
-"specified in I<level>."
+"specified by the two least significant bits in I<level>."
msgstr ""
-"B<iopl>() ã\81¯å\91¼ã\81³å\87ºã\81\97å\85\83ã\81®ã\83\97ã\83ã\82»ã\82¹ã\81® I/O ç\89¹æ¨©ã\83¬ã\83\99ã\83«ã\82\92 I<level> ã\81§æ\8c\87å®\9aã\81\97ã\81\9få\80¤ã\81«"
-"変更する。"
+"B<iopl>() ã\81¯å\91¼ã\81³å\87ºã\81\97å\85\83ã\81®ã\83\97ã\83ã\82»ã\82¹ã\81® I/O ç\89¹æ¨©ã\83¬ã\83\99ã\83«ã\82\92 I<level> ã\81®ä¸\8bä½\8d 2 ã\83\93ã\83\83ã\83\88"
+"で指定した値に変更する。"
#. type: Plain text
-#: build/C/man2/iopl.2:50
+#: build/C/man2/iopl.2:51
msgid ""
"This call is necessary to allow 8514-compatible X servers to run under "
"Linux. Since these X servers require access to all 65536 I/O ports, the "
"B<ioperm>(2) 関数では不十分だからである。"
#. type: Plain text
-#: build/C/man2/iopl.2:54
+#: build/C/man2/iopl.2:55
msgid ""
"In addition to granting unrestricted I/O port access, running at a higher I/"
"O privilege level also allows the process to disable interrupts. This will "
"る。この機能は時としてシステムの破壊を もたらすので勧められない。"
#. type: Plain text
-#: build/C/man2/iopl.2:59
+#: build/C/man2/iopl.2:60
msgid "Permissions are inherited by B<fork>(2) and B<execve>(2)."
msgstr "B<fork>(2) や B<exec>(2) を行った場合、特権は継承される。"
#. type: Plain text
-#: build/C/man2/iopl.2:61
+#: build/C/man2/iopl.2:62
msgid "The I/O privilege level for a normal process is 0."
msgstr "通常のプロセスの I/O 特権レベルは 0 である。"
#. type: Plain text
-#: build/C/man2/iopl.2:65
+#: build/C/man2/iopl.2:66
msgid ""
"This call is mostly for the i386 architecture. On many other architectures "
"it does not exist or will always return an error."
"他の多くのアーキテクチャでは存在しないか、常にエラーを返す。"
#. type: Plain text
-#: build/C/man2/iopl.2:75
+#: build/C/man2/iopl.2:76
msgid "I<level> is greater than 3."
msgstr "引き数 I<level> が 3 より大きい。"
#. type: Plain text
-#: build/C/man2/iopl.2:78
+#: build/C/man2/iopl.2:79
msgid "This call is unimplemented."
msgstr "このシステムコールは実装されていない。"
#. type: Plain text
-#: build/C/man2/iopl.2:85
+#: build/C/man2/iopl.2:87
msgid ""
"The calling process has insufficient privilege to call B<iopl>(); the "
-"B<CAP_SYS_RAWIO> capability is required."
+"B<CAP_SYS_RAWIO> capability is required to raise the I/O privilege level "
+"above its current value."
msgstr ""
-"呼び出し元プロセスに B<iopl>() を呼び出すのに十分な権限がなかった。 B<iopl>"
-"() を呼び出すには B<CAP_SYS_RAWIO> ケーパビリティが必要である。"
+"呼び出し元プロセスに B<iopl>() を呼び出すのに十分な権限がなかった。 I/O 特権"
+"レベルを現在の値より上げるには B<CAP_SYS_RAWIO> ケーパビリティが必要である。"
#. type: Plain text
-#: build/C/man2/iopl.2:89
+#: build/C/man2/iopl.2:91
msgid ""
-"B<iopl>() is Linux-specific and should not be used in processes intended to "
-"be portable."
+"B<iopl>() is Linux-specific and should not be used in programs that are "
+"intended to be portable."
msgstr ""
-"B<iopl>() は Linux 特有の関数であり、移植を意図したプログラムで 使用してはな"
-"ã\82\89ã\81ªã\81\84ã\80\82"
+"B<ipc>() は Linux 特有であり、 移植を意図したプログラムでは 使用してはいけな"
+"い。"
#. type: Plain text
-#: build/C/man2/iopl.2:98
+#: build/C/man2/iopl.2:100
msgid ""
"Libc5 treats it as a system call and has a prototype in I<E<lt>unistd."
"hE<gt>>. Glibc1 does not have a prototype. Glibc2 has a prototype both in "
"i386 のみで利用可能なので、使用すべきではない。"
#. type: Plain text
-#: build/C/man2/iopl.2:101
-msgid "B<ioperm>(2), B<capabilities>(7)"
-msgstr "B<ioperm>(2), B<capabilities>(7)"
+#: build/C/man2/iopl.2:104
+msgid "B<ioperm>(2), B<outb>(2), B<capabilities>(7)"
+msgstr "B<ioperm>(2), B<outb>(2), B<capabilities>(7)"
#. type: TH
-#: build/C/man2/ioprio_set.2:25
+#: build/C/man2/ioprio_set.2:24
#, no-wrap
msgid "IOPRIO_SET"
msgstr "IOPRIO_SET"
#. type: TH
-#: build/C/man2/ioprio_set.2:25
+#: build/C/man2/ioprio_set.2:24
#, no-wrap
-msgid "2008-07-09"
-msgstr "2008-07-09"
+msgid "2013-02-12"
+msgstr "2013-02-12"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:28
+#: build/C/man2/ioprio_set.2:27
msgid "ioprio_get, ioprio_set - get/set I/O scheduling class and priority"
msgstr "ioprio_get, ioprio_set - I/O スケジューリングクラスと優先度の設定/取得"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:32
+#: build/C/man2/ioprio_set.2:31
#, no-wrap
msgid ""
"B<int ioprio_get(int >I<which>B<, int >I<who>B<);>\n"
"B<int ioprio_set(int >I<which>B<, int >I<who>B<, int >I<ioprio>B<);>\n"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:40
+#: build/C/man2/ioprio_set.2:35
+msgid "I<Note>: There are no glibc wrappers for these system calls; see NOTES."
+msgstr ""
+"I<注意>: これらのシステムコールには glibc ラッパー関数は存在しない。 「注意」"
+"の節を参照。"
+
+#. type: Plain text
+#: build/C/man2/ioprio_set.2:42
msgid ""
"The B<ioprio_get>() and B<ioprio_set>() system calls respectively get and "
-"set the I/O scheduling class and priority of one or more processes."
+"set the I/O scheduling class and priority of one or more threads."
msgstr ""
-"ã\82·ã\82¹ã\83\86ã\83 ã\82³ã\83¼ã\83« B<ioprio_get>() / B<ioprio_set>() ã\81¯ã\80\81(1ã\81¤ä»¥ä¸\8aã\81®) ã\83\97ã\83ã\82»ã\82¹"
+"ã\82·ã\82¹ã\83\86ã\83 ã\82³ã\83¼ã\83« B<ioprio_get>() / B<ioprio_set>() ã\81¯ã\80\81(1ã\81¤ä»¥ä¸\8aã\81®) ã\82¹ã\83¬ã\83\83ã\83\89"
"の I/O スケジューリングクラスと 優先度の取得/設定を行う。"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:52
+#: build/C/man2/ioprio_set.2:54
msgid ""
-"The I<which> and I<who> arguments identify the process(es) on which the "
-"system calls operate. The I<which> argument determines how I<who> is "
-"interpreted, and has one of the following values:"
+"The I<which> and I<who> arguments identify the thread(s) on which the system "
+"calls operate. The I<which> argument determines how I<who> is interpreted, "
+"and has one of the following values:"
msgstr ""
-"I<which> ã\81¨ I<who> å¼\95ã\81\8dæ\95°ã\81§ã\82·ã\82¹ã\83\86ã\83 ã\82³ã\83¼ã\83«ã\81®æ\93\8dä½\9c対象ã\81¨ã\81ªã\82\8bã\83\97ã\83ã\82»ã\82¹を指示す"
+"I<which> ã\81¨ I<who> å¼\95ã\81\8dæ\95°ã\81§ã\82·ã\82¹ã\83\86ã\83 ã\82³ã\83¼ã\83«ã\81®æ\93\8dä½\9c対象ã\81¨ã\81ªã\82\8bã\82¹ã\83¬ã\83\83ã\83\89を指示す"
"る。 I<which> 引き数は、 I<who> をどのように解釈するかを決めるもので、以下の"
"いずれか一つを指定する。"
#. type: TP
-#: build/C/man2/ioprio_set.2:52
+#: build/C/man2/ioprio_set.2:54
#, no-wrap
msgid "B<IOPRIO_WHO_PROCESS>"
msgstr "B<IOPRIO_WHO_PROCESS>"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:56
-msgid "I<who> is a process ID identifying a single process."
-msgstr "I<who> はプロセスID であり、指定された 1 プロセスが対象となる。"
+#: build/C/man2/ioprio_set.2:61
+msgid ""
+"I<who> is a process ID or thread ID identifying a single process or thread. "
+"If I<who> is 0, then operate on the calling thread."
+msgstr ""
+"I<who> は特定のプロセスやスレッドを特定するためのプロセス ID かスレッド ID で"
+"ある。 I<who> が 0 の場合、呼び出し元のスレッドに対して操作が行われる。"
#. type: TP
-#: build/C/man2/ioprio_set.2:56
+#: build/C/man2/ioprio_set.2:61
#, no-wrap
msgid "B<IOPRIO_WHO_PGRP>"
msgstr "B<IOPRIO_WHO_PGRP>"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:60
+#: build/C/man2/ioprio_set.2:68
msgid ""
-"I<who> is a process group ID identifying all the members of a process group."
+"I<who> is a process group ID identifying all the members of a process "
+"group. If I<who> is 0, then operate on the process group of which the "
+"caller is a member."
msgstr ""
-"I<who> はプロセスグループID であり、プロセスグループの全メンバが対象となる。"
+"I<who> はプロセスグループ ID であり、プロセスグループの全メンバが対象とな"
+"る。 I<who> が 0 の場合、 呼び出し元がメンバーとなっているプロセスグループに"
+"対して操作が行われる。"
#. type: TP
-#: build/C/man2/ioprio_set.2:60
+#: build/C/man2/ioprio_set.2:68
#, no-wrap
msgid "B<IOPRIO_WHO_USER>"
msgstr "B<IOPRIO_WHO_USER>"
+#. FIXME . Need to document the behavior when 'who" is specified as 0
+#. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652443
#. type: Plain text
-#: build/C/man2/ioprio_set.2:65
+#: build/C/man2/ioprio_set.2:75
msgid ""
"I<who> is a user ID identifying all of the processes that have a matching "
"real UID."
msgstr "I<who> はユーザID であり、実 UID に一致する全プロセスが対象となる。"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:88
+#: build/C/man2/ioprio_set.2:98
msgid ""
"If I<which> is specified as B<IOPRIO_WHO_PGRP> or B<IOPRIO_WHO_USER> when "
"calling B<ioprio_get>(), and more than one process matches I<who>, then the "
"いうことである。"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:98
+#: build/C/man2/ioprio_set.2:108
msgid ""
"The I<ioprio> argument given to B<ioprio_set>() is a bit mask that "
"specifies both the scheduling class and the priority to be assigned to the "
"の値を組み立てたり解釈するのに、以下のマクロが利用できる。"
#. type: TP
-#: build/C/man2/ioprio_set.2:98
+#: build/C/man2/ioprio_set.2:108
#, no-wrap
msgid "B<IOPRIO_PRIO_VALUE(>I<class>B<, >I<data>B<)>"
msgstr "B<IOPRIO_PRIO_VALUE(>I<class>B<, >I<data>B<)>"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:107
+#: build/C/man2/ioprio_set.2:117
msgid ""
"Given a scheduling I<class> and priority (I<data>), this macro combines the "
"two values to produce an I<ioprio> value, which is returned as the result of "
"2つの値を組み合わせて、 I<ioprio> 値を生成し、マクロの結果として返す。"
#. type: TP
-#: build/C/man2/ioprio_set.2:107
+#: build/C/man2/ioprio_set.2:117
#, no-wrap
msgid "B<IOPRIO_PRIO_CLASS(>I<mask>B<)>"
msgstr "B<IOPRIO_PRIO_CLASS(>I<mask>B<)>"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:119
+#: build/C/man2/ioprio_set.2:129
msgid ""
"Given I<mask> (an I<ioprio> value), this macro returns its I/O class "
"component, that is, one of the values B<IOPRIO_CLASS_RT>, "
"値を返す。"
#. type: TP
-#: build/C/man2/ioprio_set.2:119
+#: build/C/man2/ioprio_set.2:129
#, no-wrap
msgid "B<IOPRIO_PRIO_DATA(>I<mask>B<)>"
msgstr "B<IOPRIO_PRIO_DATA(>I<mask>B<)>"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:128
+#: build/C/man2/ioprio_set.2:138
msgid ""
"Given I<mask> (an I<ioprio> value), this macro returns its priority "
"(I<data>) component."
"I<mask> (I<ioprio> 値) を与えると、このマクロは優先度 (I<data>) 要素を返す。"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:131
+#: build/C/man2/ioprio_set.2:141
msgid ""
"See the NOTES section for more information on scheduling classes and "
"priorities."
"と。"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:139
+#: build/C/man2/ioprio_set.2:149
msgid ""
"I/O priorities are supported for reads and for synchronous (B<O_DIRECT>, "
"B<O_SYNC>) writes. I/O priorities are not supported for asynchronous "
"ためプログラム単位の優先度は適用されないから である。"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:152
+#: build/C/man2/ioprio_set.2:162
msgid ""
"On success, B<ioprio_get>() returns the I<ioprio> value of the process with "
"highest I/O priority of any of the processes that match the criteria "
"ラーの場合、-1 を返し、 I<errno> にエラーを示す値を設定する。"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:159
+#: build/C/man2/ioprio_set.2:169
msgid ""
"On success, B<ioprio_set>() returns 0. On error, -1 is returned, and "
"I<errno> is set to indicate the error."
"I<errno> にエラーを示す値を設定する。"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:169
+#: build/C/man2/ioprio_set.2:179
msgid ""
"Invalid value for I<which> or I<ioprio>. Refer to the NOTES section for "
"available scheduler classes and priority levels for I<ioprio>."
"クラスと優先度レベルについては 「備考」を参照のこと。"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:177
+#: build/C/man2/ioprio_set.2:187
msgid ""
"The calling process does not have the privilege needed to assign this "
"I<ioprio> to the specified process(es). See the NOTES section for more "
"考」の節を参照のこと。"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:183
+#: build/C/man2/ioprio_set.2:193
msgid ""
"No process(es) could be found that matched the specification in I<which> and "
"I<who>."
"I<which> と I<who> で指定された基準に合致するプロセスが見つからなかった。"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:186
+#: build/C/man2/ioprio_set.2:196
msgid "These system calls have been available on Linux since kernel 2.6.13."
msgstr ""
"これらのシステムコールはカーネル 2.6.13 以降の Linux で利用可能である。"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:191
+#: build/C/man2/ioprio_set.2:201
msgid ""
-"Glibc does not provide wrapper for these system calls; call them using "
+"Glibc does not provide a wrapper for these system calls; call them using "
"B<syscall>(2)."
msgstr ""
"glibc はこれらのシステムコールに対するラッパー関数を提供していない。 "
"B<syscall>(2) を使って呼び出すこと。"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:196
+#: build/C/man2/ioprio_set.2:220
+msgid ""
+"Two or more processes or threads can share an I/O context. This will be the "
+"case when B<clone>(2) was called with the B<CLONE_IO> flag. However, by "
+"default, the distinct threads of a process will B<not> share the same I/O "
+"context. This means that if you want to change the I/O priority of all "
+"threads in a process, you may need to call B<ioprio_set>() on each of the "
+"threads. The thread ID that you would need for this operation is the one "
+"that is returned by B<gettid>(2) or B<clone>(2)."
+msgstr ""
+"複数のプロセスやスレッドが一つの I/O コンテキストを共有する場合がある。 "
+"B<clone>(2) を B<CLONE_IO> フラグ付きで呼び出した場合にはこの状況となる。 し"
+"かしながら、デフォルトでは、一つのプロセスの個々のスレッドは I/O コンテキスト"
+"を共有「しない」。 したがって、 プロセス内のすべてのスレッドの I/O 優先度を変"
+"更したい場合には、 それぞれのスレッドに対して B<ioprio_set>() を呼び出す必要"
+"がある。 この操作を行うのに必要となるスレッド ID には B<gettid>(2) か "
+"B<clone>(2) が返す値を指定する。"
+
+#. type: Plain text
+#: build/C/man2/ioprio_set.2:225
msgid ""
-"These system calls only have an effect when used in conjunction with an I/O "
+"These system calls have an effect only when used in conjunction with an I/O "
"scheduler that supports I/O priorities. As at kernel 2.6.17 the only such "
"scheduler is the Completely Fair Queuing (CFQ) I/O scheduler."
msgstr ""
"ジューラは Completely Fair Queuing (CFQ) I/O スケジューラだけである。"
#. type: SS
-#: build/C/man2/ioprio_set.2:196
+#: build/C/man2/ioprio_set.2:225
#, no-wrap
-msgid "Selecting an I/O Scheduler"
+msgid "Selecting an I/O scheduler"
msgstr "I/O スケジューラの選択"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:200
+#: build/C/man2/ioprio_set.2:229
msgid ""
"I/O Schedulers are selected on a per-device basis via the special file I</"
"sys/block/E<lt>deviceE<gt>/queue/scheduler>."
"I</sys/block/E<lt>deviceE<gt>/queue/scheduler> 経由で行われる。"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:206
+#: build/C/man2/ioprio_set.2:235
msgid ""
-"One can view the current I/O scheduler via the I</sys> file system. For "
+"One can view the current I/O scheduler via the I</sys> filesystem. For "
"example, the following command displays a list of all schedulers currently "
"loaded in the kernel:"
msgstr ""
"ストが表示される。"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:211
+#: build/C/man2/ioprio_set.2:240
#, no-wrap
msgid ""
"$B< cat /sys/block/hda/queue/scheduler>\n"
"noop anticipatory deadline [cfq]\n"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:225
+#: build/C/man2/ioprio_set.2:254
msgid ""
"The scheduler surrounded by brackets is the one actually in use for the "
"device (I<hda> in the example). Setting another scheduler is done by "
"と、デバイス I<hda> のスケジューラとして I<cfq> が設定される。"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:231
+#: build/C/man2/ioprio_set.2:260
#, no-wrap
msgid ""
"$B< su>\n"
"#B< echo cfq E<gt> /sys/block/hda/queue/scheduler>\n"
#. type: SS
-#: build/C/man2/ioprio_set.2:233
+#: build/C/man2/ioprio_set.2:262
#, no-wrap
-msgid "The Completely Fair Queuing (CFQ) I/O Scheduler"
+msgid "The Completely Fair Queuing (CFQ) I/O scheduler"
msgstr "Completely Fair Queuing (CFQ) I/O スケジューラ"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:239
+#: build/C/man2/ioprio_set.2:268
msgid ""
"Since v3 (aka CFQ Time Sliced) CFQ implements I/O nice levels similar to "
"those of CPU scheduling. These nice levels are grouped in three scheduling "
"定義されている。"
#. type: TP
-#: build/C/man2/ioprio_set.2:239
+#: build/C/man2/ioprio_set.2:268
#, no-wrap
msgid "B<IOPRIO_CLASS_RT> (1)"
msgstr "B<IOPRIO_CLASS_RT> (1)"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:254
+#: build/C/man2/ioprio_set.2:283
msgid ""
"This is the real-time I/O class. This scheduling class is given higher "
"priority than any other class: processes from this class are given first "
"るように変更されるかもしれない。"
#. type: TP
-#: build/C/man2/ioprio_set.2:254
+#: build/C/man2/ioprio_set.2:283
#, no-wrap
msgid "B<IOPRIO_CLASS_BE> (2)"
msgstr "B<IOPRIO_CLASS_BE> (2)"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:267
+#: build/C/man2/ioprio_set.2:296
msgid ""
"This is the best-effort scheduling class, which is the default for any "
"process that hasn't set a specific I/O priority. The class data (priority) "
"(最高) から 7 (最低) である。"
#. type: TP
-#: build/C/man2/ioprio_set.2:267
+#: build/C/man2/ioprio_set.2:296
#, no-wrap
msgid "B<IOPRIO_CLASS_IDLE> (3)"
msgstr "B<IOPRIO_CLASS_IDLE> (3)"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:276
+#: build/C/man2/ioprio_set.2:305
msgid ""
"This is the idle scheduling class. Processes running at this level only get "
"I/O time when no-one else needs the disk. The idle class has no class "
"だ。"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:280
+#: build/C/man2/ioprio_set.2:309
msgid ""
"Refer to I<Documentation/block/ioprio.txt> for more information on the CFQ I/"
"O Scheduler and an example program."
"I<Documentation/block/ioprio.txt> を参照のこと。"
#. type: SS
-#: build/C/man2/ioprio_set.2:280
+#: build/C/man2/ioprio_set.2:309
#, no-wrap
msgid "Required permissions to set I/O priorities"
msgstr "I/O 優先度の設定に必要な許可"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:283
+#: build/C/man2/ioprio_set.2:312
msgid ""
"Permission to change a process's priority is granted or denied based on two "
"assertions:"
"定される。"
#. type: TP
-#: build/C/man2/ioprio_set.2:283
+#: build/C/man2/ioprio_set.2:312
#, no-wrap
msgid "B<Process ownership>"
msgstr "B<プロセスの所有権>"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:291
+#: build/C/man2/ioprio_set.2:320
msgid ""
-"An unprivileged process may only set the I/O priority of a process whose "
+"An unprivileged process may set only the I/O priority of a process whose "
"real UID matches the real or effective UID of the calling process. A "
"process which has the B<CAP_SYS_NICE> capability can change the priority of "
"any process."
"パビリティを持つプロセスは、どのプロセスの優先度でも変更できる。"
#. type: TP
-#: build/C/man2/ioprio_set.2:291
+#: build/C/man2/ioprio_set.2:320
#, no-wrap
msgid "B<What is the desired priority>"
msgstr "B<どの優先度に設定しようとしているか>"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:303
+#: build/C/man2/ioprio_set.2:332
msgid ""
"Attempts to set very high priorities (B<IOPRIO_CLASS_RT>) require the "
"B<CAP_SYS_ADMIN> capability. Kernel versions up to 2.6.24 also required "
"パビリティが必要であったが、 Linux 2.6.25 以降ではもはや必要なくなった。"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:308
+#: build/C/man2/ioprio_set.2:337
msgid ""
"A call to B<ioprio_set>() must follow both rules, or the call will fail "
"with the error B<EPERM>."
#. Ulrich Drepper replied that he wasn't going to add these
#. to glibc.
#. type: Plain text
-#: build/C/man2/ioprio_set.2:317
+#: build/C/man2/ioprio_set.2:346
msgid ""
"Glibc does not yet provide a suitable header file defining the function "
"prototypes and macros described on this page. Suitable definitions can be "
"ればよい。"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:321
-msgid "B<getpriority>(2), B<open>(2), B<capabilities>(7)"
-msgstr "B<getpriority>(2), B<open>(2), B<capabilities>(7)"
+#: build/C/man2/ioprio_set.2:351
+msgid "B<ionice>(1), B<getpriority>(2), B<open>(2), B<capabilities>(7)"
+msgstr "B<ionice>(1), B<getpriority>(2), B<open>(2), B<capabilities>(7)"
#. type: Plain text
-#: build/C/man2/ioprio_set.2:323
-msgid "Documentation/block/ioprio.txt in the kernel source tree."
-msgstr "カーネルソース内の Documentation/block/ioprio.txt"
+#: build/C/man2/ioprio_set.2:354
+msgid "I<Documentation/block/ioprio.txt> in the Linux kernel source tree"
+msgstr "Linux カーネルソース内の I<Documentation/block/ioprio.txt>"
#. type: TH
-#: build/C/man2/ipc.2:26
+#: build/C/man2/ipc.2:25
#, no-wrap
msgid "IPC"
msgstr "IPC"
#. type: TH
-#: build/C/man2/ipc.2:26
+#: build/C/man2/ipc.2:25
#, no-wrap
-msgid "2007-06-28"
-msgstr "2007-06-28"
+msgid "2012-10-16"
+msgstr "2012-10-16"
#. type: Plain text
-#: build/C/man2/ipc.2:29
+#: build/C/man2/ipc.2:28
msgid "ipc - System V IPC system calls"
msgstr "ipc - System V IPC システムコール"
#. type: Plain text
-#: build/C/man2/ipc.2:34
+#: build/C/man2/ipc.2:33
#, no-wrap
msgid ""
"B<int ipc(unsigned int >I<call>B<, int >I<first>B<, int >I<second>B<, int >I<third>B<,>\n"
"B< void *>I<ptr>B<, long >I<fifth>B<);>\n"
#. type: Plain text
-#: build/C/man2/ipc.2:42
+#: build/C/man2/ipc.2:41
msgid ""
-"B<ipc>() is a common kernel entry point for the System V IPC calls for "
+"B<ipc>() is a common kernel entry point for the System\\ V IPC calls for "
"messages, semaphores, and shared memory. I<call> determines which IPC "
"function to invoke; the other arguments are passed through to the "
"appropriate call."
msgstr ""
-"B<ipc>() は メッセージ、セマフォー、共有メモリに関する System V IPC コール"
+"B<ipc>() は メッセージ、セマフォー、共有メモリに関する System\\ V IPC コール"
"の 共通のカーネルへのエントリポイントである。 I<call> はどの IPC 関数を呼び出"
"すかを決め; 他の引き数は適切なコールへと渡される。"
#. type: Plain text
-#: build/C/man2/ipc.2:46
+#: build/C/man2/ipc.2:45
msgid ""
"User programs should call the appropriate functions by their usual names. "
"Only standard library implementors and kernel hackers need to know about "
"リの実装者やカーネルハッカーのみが B<ipc>() について知る必要がある。"
#. type: Plain text
-#: build/C/man2/ipc.2:50
+#: build/C/man2/ipc.2:49
msgid ""
"B<ipc>() is Linux-specific, and should not be used in programs intended to "
"be portable."
"い。"
#. type: Plain text
-#: build/C/man2/ipc.2:58
+#: build/C/man2/ipc.2:57
msgid ""
-"On a few architectures, for example ia64, there is no B<ipc>() system call; "
-"instead B<msgctl>(2), B<semctl>(2), B<shmctl>(2), and so on really are "
-"implemented as separate system calls."
+"On some architectures\\(emfor example x86-64 and ARM\\(emthere is no "
+"B<ipc>() system call; instead B<msgctl>(2), B<semctl>(2), B<shmctl>(2), and "
+"so on really are implemented as separate system calls."
msgstr ""
-"ia64 などのいくつかのアーキテクチャでは、システムコール B<ipc>() が存在しな"
-"い。実際には、その代わりに B<msgctl>(2), B<semctl>(2), B<shmctl>(2) などが独"
-"立したシステムコールとして実装されている。"
+"いくつかのアーキテクチャ\\(emfor 例えば x86-64 や ARM\\(emでは、システムコー"
+"ル B<ipc>() が存在しない。実際には、その代わりに B<msgctl>(2), "
+"B<semctl>(2), B<shmctl>(2) などが独立したシステムコールとして実装されてい"
+"る。"
#. type: Plain text
-#: build/C/man2/ipc.2:71
+#: build/C/man2/ipc.2:70
msgid ""
"B<msgctl>(2), B<msgget>(2), B<msgrcv>(2), B<msgsnd>(2), B<semctl>(2), "
"B<semget>(2), B<semop>(2), B<semtimedop>(2), B<shmat>(2), B<shmctl>(2), "
"B<shmdt>(2), B<shmget>(2)"
msgstr ""
"B<msgctl>(2), B<msgget>(2), B<msgrcv>(2), B<msgsnd>(2), B<semctl>(2), "
-"B<semget>(2), B<semop>(2), B<shmat>(2), B<shmctl>(2), B<shmdt>(2), B<shmget>"
-"(2)"
-
-#. type: TH
-#: build/C/man2/seteuid.2:27
-#, no-wrap
-msgid "SETEUID"
-msgstr "SETEUID"
+"B<semget>(2), B<semop>(2), B<shmat>(2), B<shmctl>(2), B<shmdt>(2), "
+"B<shmget>(2)"
#. type: TH
-#: build/C/man2/seteuid.2:27
+#: build/C/man7/namespaces.7:27
#, no-wrap
-msgid "2009-10-17"
-msgstr "2009-10-17"
+msgid "NAMESPACES"
+msgstr "NAMESPACES"
#. type: Plain text
-#: build/C/man2/seteuid.2:30
-msgid "seteuid, setegid - set effective user or group ID"
-msgstr "seteuid, setegid - 実効ユーザー ID や 実効グループ ID を設定する"
+#: build/C/man7/namespaces.7:30
+msgid "namespaces - overview of Linux namespaces"
+msgstr "namespaces - Linux 名前空間の概要"
#. type: Plain text
-#: build/C/man2/seteuid.2:36
-msgid "B<int seteuid(uid_t >I<euid>B<);>"
-msgstr "B<int seteuid(uid_t >I<euid>B<);>"
+#: build/C/man7/namespaces.7:37
+msgid ""
+"A namespace wraps a global system resource in an abstraction that makes it "
+"appear to the processes within the namespace that they have their own "
+"isolated instance of the global resource. Changes to the global resource "
+"are visible to other processes that are members of the namespace, but are "
+"invisible to other processes. One use of namespaces is to implement "
+"containers."
+msgstr ""
+"名前空間は、 グローバルシステムリソースを抽象化層で覆うことで、 名前空間内の"
+"プロセスに対して、 自分たちが専用の分離されたグローバルリソースを持っているか"
+"のように見せる仕組みである。 グローバルリソースへの変更は、 名前空間のメン"
+"バーである他のプロセスには見えるが、 それ以外のプロセスには見えない。 名前空"
+"間の一つの利用方法はコンテナーの実装である。"
#. type: Plain text
-#: build/C/man2/seteuid.2:38
-msgid "B<int setegid(gid_t >I<egid>B<);>"
-msgstr "B<int setegid(gid_t >I<egid>B<);>"
+#: build/C/man7/namespaces.7:39
+msgid "Linux provides the following namespaces:"
+msgstr "Linux では以下の名前空間が提供される。"
-#. type: Plain text
-#: build/C/man2/seteuid.2:47
-msgid "B<seteuid>(), B<setegid>():"
-msgstr "B<seteuid>(), B<setegid>():"
+#. type: tbl table
+#: build/C/man7/namespaces.7:42
+#, no-wrap
+msgid "Namespace\tConstant\tIsolates\n"
+msgstr "名前空間\t定数\t分離対象\n"
-#. type: Plain text
-#: build/C/man2/seteuid.2:49
-msgid ""
-"_BSD_SOURCE || _POSIX_C_SOURCE\\ E<gt>=\\ 200112L || _XOPEN_SOURCE\\ E<gt>="
-"\\ 600"
-msgstr ""
-"_BSD_SOURCE || _POSIX_C_SOURCE\\ E<gt>=\\ 200112L || _XOPEN_SOURCE\\ E<gt>="
-"\\ 600"
+#. type: tbl table
+#: build/C/man7/namespaces.7:43
+#, no-wrap
+msgid "IPC\tCLONE_NEWIPC\tSystem V IPC, POSIX message queues\n"
+msgstr "IPC\tCLONE_NEWIPC\tSystem V IPC, POSIX メッセージキュー\n"
-#. type: Plain text
-#: build/C/man2/seteuid.2:56
-msgid ""
-"B<seteuid>() sets the effective user ID of the calling process. "
-"Unprivileged user processes may only set the effective user ID to the real "
-"user ID, the effective user ID or the saved set-user-ID."
-msgstr ""
-"B<seteuid>() は呼び出し元のプロセスの実効ユーザー ID を設定する。 非特権ユー"
-"ザーのプロセスの場合、実効ユーザー ID に設定できるのは、 実ユーザー ID・実効"
-"ユーザー ID・保存 set-user-ID のいずれかだけである。"
+#. type: tbl table
+#: build/C/man7/namespaces.7:44
+#, no-wrap
+msgid "Network\tCLONE_NEWNET\tNetwork devices, stacks, ports, etc.\n"
+msgstr "Network\tCLONE_NEWNET\tネットワークデバイス、スタック、ポートなど\n"
-#. When
-#. .I euid
-#. equals \-1, nothing is changed.
-#. (This is an artifact of the implementation in glibc of seteuid()
-#. using setresuid(2).)
+#. type: tbl table
+#: build/C/man7/namespaces.7:45
+#, no-wrap
+msgid "Mount\tCLONE_NEWNS\tMount points\n"
+msgstr "Mount\tCLONE_NEWNS\tマウントポイント\n"
+
+#. type: tbl table
+#: build/C/man7/namespaces.7:46
+#, no-wrap
+msgid "PID\tCLONE_NEWPID\tProcess IDs\n"
+msgstr "PID\tCLONE_NEWPID\tプロセス ID\n"
+
+#. type: tbl table
+#: build/C/man7/namespaces.7:47
+#, no-wrap
+msgid "User\tCLONE_NEWUSER\tUser and group IDs\n"
+msgstr "User\tCLONE_NEWUSER\tユーザー ID とグループ ID\n"
+
+#. type: tbl table
+#: build/C/man7/namespaces.7:48
+#, no-wrap
+msgid "UTS\tCLONE_NEWUTS\tHostname and NIS domain name\n"
+msgstr "UTS\tCLONE_NEWUTS\tホスト名と NIS ドメイン名\n"
+
+#
+#. ==================== The namespaces API ====================
#. type: Plain text
-#: build/C/man2/seteuid.2:65
+#: build/C/man7/namespaces.7:57
msgid ""
-"Precisely the same holds for B<setegid>() with \"group\" instead of \"user"
-"\"."
+"This page describes the various namespaces and the associated I</proc> "
+"files, and summarizes the APIs for working with namespaces."
msgstr ""
-"B<setegid>() は「ユーザー」ではなく「グループ」に対して全く同じことを行う。"
+"このページでは、各種の名前空間と関連する I</proc> ファイルの説明と、名前空間"
+"とともに動作する API の概要を紹介する。"
+
+#. type: SS
+#: build/C/man7/namespaces.7:57
+#, no-wrap
+msgid "The namespaces API"
+msgstr "名前空間 API"
#. type: Plain text
-#: build/C/man2/seteuid.2:89
+#: build/C/man7/namespaces.7:62
msgid ""
-"The calling process is not privileged (Linux: does not have the "
-"B<CAP_SETUID> capability in the case of B<seteuid>(), or the B<CAP_SETGID> "
-"capability in the case of B<setegid>()) and I<euid> (respectively, "
-"I<egid>) is not the real user (group) ID, the effective user (group) ID, or "
-"the saved set-user-ID (saved set-group-ID)."
+"As well as various I</proc> files described below, the namespaces API "
+"includes the following system calls:"
msgstr ""
-"呼び出し元のプロセスに特権がなく、 I<euid> (I<egid>) が実ユーザー (グルー"
-"プ) ID、または実効ユーザー (グループ) ID、 保存 set-user-ID (保存 set-group-"
-"ID) のいずれでもではない (Linux においては、 B<seteuid>() では "
-"B<CAP_SETUID> ケーパビリティ (capability) が、 B<setegid>() では "
-"B<CAP_SETGID> ケーパビリティがない場合に、特権がないと判断される)。"
+"後で説明する種々の I</proc> ファイル以外に、名前空間 API として以下のシステム"
+"コールがある。"
-#. type: Plain text
-#: build/C/man2/seteuid.2:91
-msgid "4.3BSD, POSIX.1-2001."
-msgstr "4.3BSD, POSIX.1-2001."
+#. type: TP
+#: build/C/man7/namespaces.7:62
+#, no-wrap
+msgid "B<clone>(2)"
+msgstr "B<clone>(2)"
#. type: Plain text
-#: build/C/man2/seteuid.2:97
+#: build/C/man7/namespaces.7:75
msgid ""
-"Setting the effective user (group) ID to the saved set-user-ID (saved set-"
-"group-ID) is possible since Linux 1.1.37 (1.1.38). On an arbitrary system "
-"one should check B<_POSIX_SAVED_IDS>."
+"The B<clone>(2) system call creates a new process. If the I<flags> "
+"argument of the call specifies one or more of the B<CLONE_NEW*> flags listed "
+"below, then new namespaces are created for each flag, and the child process "
+"is made a member of those namespaces. (This system call also implements a "
+"number of features unrelated to namespaces.)"
msgstr ""
-"実効ユーザー (グループ) ID を保存 set-user-ID (保存 set-group-ID) に 設定でき"
-"るのは、Linux 1.1.37 (1.1.38) 以降である。 全てのシステムにおいて "
-"B<_POSIX_SAVED_IDS> をチェックすべきである。"
+"B<clone>(2) システムコールは新しいプロセスを作成する。 呼び出し時に I<flags> "
+"引き数で以下のリストにある B<CLONE_NEW*> のフラグを一つ以上指定すると、 各フ"
+"ラグに対応する新しい名前空間が作成され、 子プロセスはこれらの名前空間のメン"
+"バーになる。 (このシステムコールは名前空間とは関係のない機能も多数実装してい"
+"る。)"
+
+#. type: TP
+#: build/C/man7/namespaces.7:75
+#, no-wrap
+msgid "B<setns>(2)"
+msgstr "B<setns>(2)"
#. type: Plain text
-#: build/C/man2/seteuid.2:108
+#: build/C/man7/namespaces.7:84
msgid ""
-"Under libc4, libc5 and glibc 2.0 B<seteuid(>I<euid>B<)> is equivalent to "
-"B<setreuid(-1,>I< euid>B<)> and hence may change the saved set-user-ID. "
-"Under glibc 2.1 and later it is equivalent to B<setresuid(-1,>I< euid>B<, -1)"
-"> and hence does not change the saved set-user-ID. Similar remarks hold for "
-"B<setegid>()."
+"The B<setns>(2) system call allows the calling process to join an existing "
+"namespace. The namespace to join is specified via a file descriptor that "
+"refers to one of the I</proc/[pid]/ns> files described below."
msgstr ""
-"libc4, libc5, glibc 2.0 では、 B<seteuid(>I<euid>B<)> は B<setreuid(-1,>I< "
-"euid>B<)> と等価であり、保存 set-user-ID を変更するかもしれない。 glibc 2.1 "
-"では、 B<setresuid(-1,>I< euid>B<, -1)> と等価であり、保存 set-user-ID 変更し"
-"ない。 同様のことが B<setegid>() にも言える。"
+"B<setns>(2) システムコールを使うと、呼び出したプロセスを既存の名前空間に参加"
+"させることができる。 参加する名前空間は、 以下で説明する I</proc/[pid]/ns> "
+"ファイルのいずれか一つを参照するファイルディスクリプタを使って指定する。"
+
+#. type: TP
+#: build/C/man7/namespaces.7:84
+#, no-wrap
+msgid "B<unshare>(2)"
+msgstr "B<unshare>(2)"
#. type: Plain text
-#: build/C/man2/seteuid.2:117
+#: build/C/man7/namespaces.7:97
msgid ""
-"According to POSIX.1, B<seteuid>() (B<setegid>()) need not permit I<euid> "
-"(I<egid>) to be the same value as the current effective user (group) ID, "
-"and some implementations do not permit this."
+"The B<unshare>(2) system call moves the calling process to a new "
+"namespace. If the I<flags> argument of the call specifies one or more of "
+"the B<CLONE_NEW*> flags listed below, then new namespaces are created for "
+"each flag, and the calling process is made a member of those namespaces. "
+"(This system call also implements a number of features unrelated to "
+"namespaces.)"
msgstr ""
-"POSIX.1 では、 B<seteuid>() (B<setegid>()) で、 I<euid> (I<egid>) として現"
-"在の実効ユーザ (グループ) ID と同じ値を指定可能である 必要はないとされてお"
-"り、いくつかの実装では I<euid> (I<egid>) として現在の実効ユーザ (グループ) "
-"ID と同じ値を 指定することができない。"
+"B<unshare>(2) システムコールは、 呼び出したプロセスを新しい名前空間に移動す"
+"る。 呼び出し時の I<flags> 引き数に以下のリストにある B<CLONE_NEW*> フラグを"
+"一つ以上指定すると、 各フラグに対応する新しい名前空間が作成され、 呼び出した"
+"プロセスがこれらの名前空間のメンバーになる。 (このシステムコールは名前空間と"
+"は関係のない機能も多数実装している。)"
+#
+#. ==================== The /proc/[pid]/ns/ directory ====================
#. type: Plain text
-#: build/C/man2/seteuid.2:124
+#: build/C/man7/namespaces.7:110
msgid ""
-"B<geteuid>(2), B<setresuid>(2), B<setreuid>(2), B<setuid>(2), B<capabilities>"
-"(7), B<credentials>(7)"
+"Creation of new namespaces using B<clone>(2) and B<unshare>(2) in most "
+"cases requires the B<CAP_SYS_ADMIN> capability. User namespaces are the "
+"exception: since Linux 3.8, no privilege is required to create a user "
+"namespace."
msgstr ""
-"B<geteuid>(2), B<setresuid>(2), B<setreuid>(2), B<setuid>(2), B<capabilities>"
-"(7), B<credentials>(7)"
+"B<clone>(2) と B<unshare>(2) を使った新しい名前空間の作成のほとんどの場合で "
+"B<CAP_SYS_ADMIN> ケーパビリティが必要である。 ユーザー名前空間は例外で、 "
+"Linux 3.8 以降ではユーザー名前空間を作成するのに特権が不要である。"
-#. type: TH
-#: build/C/man2/setfsgid.2:29
+#. type: SS
+#: build/C/man7/namespaces.7:110
#, no-wrap
-msgid "SETFSGID"
-msgstr "SETFSGID"
+msgid "The /proc/[pid]/ns/ directory"
+msgstr "/proc/[pid]/ns/ ディレクトリ"
+#. See commit 6b4e306aa3dc94a0545eb9279475b1ab6209a31f
#. type: Plain text
-#: build/C/man2/setfsgid.2:32
-msgid "setfsgid - set group identity used for file system checks"
+#: build/C/man7/namespaces.7:117
+msgid ""
+"Each process has a I</proc/[pid]/ns/> subdirectory containing one entry for "
+"each namespace that supports being manipulated by B<setns>(2):"
msgstr ""
-"setfsgid - ファイルシステムのチェックに用いられるグループ ID を設定する"
-
-#. type: Plain text
-#: build/C/man2/setfsgid.2:35 build/C/man2/setfsuid.2:35
-msgid "B<#include E<lt>unistd.hE<gt>> /* glibc uses E<lt>sys/fsuid.hE<gt> */"
-msgstr "B<#include E<lt>unistd.hE<gt>> /* glibc では E<lt>sys/fsuid.hE<gt> */"
-
-#. type: Plain text
-#: build/C/man2/setfsgid.2:37
-msgid "B<int setfsgid(uid_t >I<fsgid>B<);>"
-msgstr "B<int setfsgid(uid_t >I<fsgid>B<);>"
+"各プロセスには I</proc/[pid]/ns/> サブディレクトリがあり、 このサブディレクト"
+"リには B<setns>(2) での操作がサポートされている名前空間単位にエントリが存在す"
+"る。"
#. type: Plain text
-#: build/C/man2/setfsgid.2:49
+#: build/C/man7/namespaces.7:128
+#, no-wrap
msgid ""
-"The system call B<setfsgid>() sets the group ID that the Linux kernel uses "
-"to check for all accesses to the file system. Normally, the value of "
-"I<fsgid> will shadow the value of the effective group ID. In fact, whenever "
-"the effective group ID is changed, I<fsgid> will also be changed to the new "
-"value of the effective group ID."
+"$ B<ls -l /proc/$$/ns>\n"
+"total 0\n"
+"lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 ipc -E<gt> ipc:[4026531839]\n"
+"lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 mnt -E<gt> mnt:[4026531840]\n"
+"lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 net -E<gt> net:[4026531956]\n"
+"lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 pid -E<gt> pid:[4026531836]\n"
+"lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 user -E<gt> user:[4026531837]\n"
+"lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 uts -E<gt> uts:[4026531838]\n"
msgstr ""
-"システムコール B<setfsgid>() は Linux カーネルがファイルシステムに対する 全"
-"てのアクセスのチェックに使用するグループ IDを設定する。通常は I<fsgid> の値は"
-"実効 (effective) グループID と同じになる。実際、 実効グループ ID が変更される"
-"度に I<fsgid> もまた新しい実効グループID の値に変更される。"
+"$ B<ls -l /proc/$$/ns>\n"
+"total 0\n"
+"lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 ipc -E<gt> ipc:[4026531839]\n"
+"lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 mnt -E<gt> mnt:[4026531840]\n"
+"lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 net -E<gt> net:[4026531956]\n"
+"lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 pid -E<gt> pid:[4026531836]\n"
+"lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 user -E<gt> user:[4026531837]\n"
+"lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 uts -E<gt> uts:[4026531838]\n"
#. type: Plain text
-#: build/C/man2/setfsgid.2:60
+#: build/C/man7/namespaces.7:138
msgid ""
-"Explicit calls to B<setfsuid>(2) and B<setfsgid>() are usually only used "
-"by programs such as the Linux NFS server that need to change what user and "
-"group ID is used for file access without a corresponding change in the real "
-"and effective user and group IDs. A change in the normal user IDs for a "
-"program such as the NFS server is a security hole that can expose it to "
-"unwanted signals. (But see below.)"
+"Bind mounting (see B<mount>(2)) one of the files in this directory to "
+"somewhere else in the filesystem keeps the corresponding namespace of the "
+"process specified by I<pid> alive even if all processes currently in the "
+"namespace terminate."
msgstr ""
-"通常、 B<setfsuid>() や B<setfsgid>() が明示的に呼び出されるのは、Linux "
-"NFS サーバー のように、 ファイルアクセスに用いるユーザID / グループID を変更"
-"しなければならないが、 対応する実(real)/実効(effective) ユーザID / グループ"
-"ID は変更したくないような プログラムに限られる。 NFS サーバーのようなプログラ"
-"ムで、通常のユーザID を変更すると、 プロセスを望まないシグナルにさらす可能性"
-"があり、 セキュリティホールになる。(下記参照)"
+"このディレクトリ内のファイルのいずれかをファイルシステムの他のどこかにバイン"
+"ドマウント (B<mount>(2) 参照) することで、 その名前空間のすべてのプロセスが終"
+"了した場合でも、 I<pid> で指定したプロセスの対応する名前空間を保持することが"
+"できる。"
#. type: Plain text
-#: build/C/man2/setfsgid.2:67
+#: build/C/man7/namespaces.7:149
msgid ""
-"B<setfsgid>() will only succeed if the caller is the superuser or if "
-"I<fsgid> matches either the real group ID, effective group ID, saved set-"
-"group-ID, or the current value of I<fsgid>."
+"Opening one of the files in this directory (or a file that is bind mounted "
+"to one of these files) returns a file handle for the corresponding "
+"namespace of the process specified by I<pid>. As long as this file "
+"descriptor remains open, the namespace will remain alive, even if all "
+"processes in the namespace terminate. The file descriptor can be passed to "
+"B<setns>(2)."
msgstr ""
-"B<setfsgid>() は、スーパーユーザによって呼び出された場合か、 I<fsgid> が実グ"
-"ループID、実効グループID、 保存セットグループID (saved set-group-ID)、現在の "
-"I<fsgid> の値のいずれかに一致する場合にのみ成功する。"
+"このディレクトリ内のファイルのいずれか (またはこれらのファイルのいずれかにバ"
+"インドマウントされたファイル) をオープンすると、 I<pid> で指定されたプロセス"
+"の対応する名前空間に対するファイルハンドルが返される。 このファイルディスクリ"
+"プタがオープンされている限り、 その名前空間のすべてのプロセスが終了した場合で"
+"あっても、 その名前空間は存在し続ける。 このファイルディスクリプタは "
+"B<setns>(2) に渡すことができる。"
#. type: Plain text
-#: build/C/man2/setfsgid.2:74
+#: build/C/man7/namespaces.7:160
msgid ""
-"On success, the previous value of I<fsgid> is returned. On error, the "
-"current value of I<fsgid> is returned."
+"In Linux 3.7 and earlier, these files were visible as hard links. Since "
+"Linux 3.8, they appear as symbolic links. If two processes are in the same "
+"namespace, then the inode numbers of their I</proc/[pid]/ns/xxx> symbolic "
+"links will be the same; an application can check this using the I<stat."
+"st_ino> field returned by B<stat>(2). The content of this symbolic link is "
+"a string containing the namespace type and inode number as in the following "
+"example:"
msgstr ""
-"成功した場合、 I<fsgid> の以前の値を返す。エラーの場合は I<fsgid> の現在の値"
-"を返す。"
-
-#. This system call is present since Linux 1.1.44
-#. and in libc since libc 4.7.6.
-#. type: Plain text
-#: build/C/man2/setfsgid.2:78 build/C/man2/setfsuid.2:78
-msgid "This system call is present in Linux since version 1.2."
-msgstr "このシステムコールはバージョン 1.2 以降の Linux に存在する。"
+"Linux 3.7 以前では、これらのファイルはハードリンクとして見えていた。 Linux "
+"3.8 以降では、これらはシンボリックリンクとして見える。 2 つのプロセスが同じ名"
+"前空間に所属している場合、 これらのプロセスの I</proc/[pid]/ns/xxx> シンボ"
+"リックリンクの inode 番号は同じになる。 アプリケーションは、 B<stat>(2) が返"
+"す I<stat.st_ino> フィールドを使ってこれを確認することができる。 シンボリック"
+"リンクの内容は、 以下の例にあるように、名前空間種別と inode 番号を含む文字列"
+"である。"
#. type: Plain text
-#: build/C/man2/setfsgid.2:82
+#: build/C/man7/namespaces.7:165
+#, no-wrap
msgid ""
-"B<setfsgid>() is Linux-specific and should not be used in programs intended "
-"to be portable."
+"$ B<readlink /proc/$$/ns/uts>\n"
+"uts:[4026531838]\n"
msgstr ""
-"B<setfsgid>() は Linux 特有であり、移植を想定したプログラムで使用してはいけ"
-"ない。"
+"$ B<readlink /proc/$$/ns/uts>\n"
+"uts:[4026531838]\n"
#. type: Plain text
-#: build/C/man2/setfsgid.2:88
-msgid ""
-"When glibc determines that the argument is not a valid group ID, it will "
-"return -1 and set I<errno> to B<EINVAL> without attempting the system call."
-msgstr ""
-"glibc が引き数がグループID として不正だと判断した場合は、 システムコールを行"
-"わず I<errno> に B<EINVAL> を設定して -1 が返される。"
+#: build/C/man7/namespaces.7:169
+msgid "The files in this subdirectory are as follows:"
+msgstr "このサブディレクトリのファイルは以下のとおりである。"
+
+#. type: TP
+#: build/C/man7/namespaces.7:169
+#, no-wrap
+msgid "I</proc/[pid]/ns/ipc> (since Linux 3.0)"
+msgstr "I</proc/[pid]/ns/ipc> (Linux 3.0 以降)"
#. type: Plain text
-#: build/C/man2/setfsgid.2:92 build/C/man2/setfsuid.2:92
-msgid ""
-"Note that at the time this system call was introduced, a process could send "
-"a signal to a process with the same effective user ID. Today signal "
-"permission handling is slightly different."
-msgstr ""
-"このシステムコールが導入された当時、プロセスは 同じ実効ユーザIDのプロセスへシ"
-"グナルを送ることができた。 今日では、シグナル送信権限の扱いはかなり違うものに"
-"なっている。"
+#: build/C/man7/namespaces.7:172
+msgid "This file is a handle for the IPC namespace of the process."
+msgstr "このファイルはそのプロセスの IPC 名前空間の操作用である。"
+
+#. type: TP
+#: build/C/man7/namespaces.7:172
+#, no-wrap
+msgid "I</proc/[pid]/ns/mnt> (since Linux 3.8)"
+msgstr "I</proc/[pid]/ns/mnt> (Linux 3.8 以降)"
#. type: Plain text
-#: build/C/man2/setfsgid.2:102
-msgid ""
-"The original Linux B<setfsgid>() system call supported only 16-bit group "
-"IDs. Subsequently, Linux 2.4 added B<setfsgid32>() supporting 32-bit IDs. "
-"The glibc B<setfsgid>() wrapper function transparently deals with the "
-"variation across kernel versions."
-msgstr ""
-"元々の Linux の B<setfsgid>() システムコールは\n"
-"16 ビットのグループ ID だけに対応していた。\n"
-"その後、Linux 2.4 で、32 ビットの ID に対応した\n"
-"B<setfsgid32>() が追加された。\n"
-"glibc の B<setfsgid>() のラッパー関数は\n"
-"カーネルバージョンによるこの違いを吸収している。"
+#: build/C/man7/namespaces.7:175
+msgid "This file is a handle for the mount namespace of the process."
+msgstr "このファイルはそのプロセスのマウント名前空間の操作用である。"
+
+#. type: TP
+#: build/C/man7/namespaces.7:175
+#, no-wrap
+msgid "I</proc/[pid]/ns/net> (since Linux 3.0)"
+msgstr "I</proc/[pid]/ns/net> (Linux 3.0 以降)"
#. type: Plain text
-#: build/C/man2/setfsgid.2:110
-msgid ""
-"No error messages of any kind are returned to the caller. At the very "
-"least, B<EPERM> should be returned when the call fails (because the caller "
-"lacks the B<CAP_SETGID> capability)."
-msgstr ""
-"いかなる種類のエラーメッセージも返さない。 失敗した場合は (呼び出し元には "
-"B<CAP_SETGID> ケーパビリティがなかったのだから) 最低でも B<EPERM> くらいは返"
-"すべきである。"
+#: build/C/man7/namespaces.7:178
+msgid "This file is a handle for the network namespace of the process."
+msgstr "このファイルはそのプロセスのネットワーク名前空間の操作用である。"
+
+#. type: TP
+#: build/C/man7/namespaces.7:178
+#, no-wrap
+msgid "I</proc/[pid]/ns/pid> (since Linux 3.8)"
+msgstr "I</proc/[pid]/ns/pid> (Linux 3.8 以降)"
#. type: Plain text
-#: build/C/man2/setfsgid.2:115
-msgid "B<kill>(2), B<setfsuid>(2), B<capabilities>(7), B<credentials>(7)"
-msgstr "B<kill>(2), B<setfsuid>(2), B<capabilities>(7), B<credentials>(7)"
+#: build/C/man7/namespaces.7:181
+msgid "This file is a handle for the PID namespace of the process."
+msgstr "このファイルはそのプロセスの PID 名前空間の操作用である。"
-#. type: TH
-#: build/C/man2/setfsuid.2:29
+#. type: TP
+#: build/C/man7/namespaces.7:181
#, no-wrap
-msgid "SETFSUID"
-msgstr "SETFSUID"
+msgid "I</proc/[pid]/ns/user> (since Linux 3.8)"
+msgstr "I</proc/[pid]/ns/user> (Linux 3.8 以降)"
#. type: Plain text
-#: build/C/man2/setfsuid.2:32
-msgid "setfsuid - set user identity used for file system checks"
-msgstr "setfsuid - ファイルシステムのチェックに用いられるユーザ ID を設定する"
+#: build/C/man7/namespaces.7:184
+msgid "This file is a handle for the user namespace of the process."
+msgstr "このファイルはそのプロセスのユーザー名前空間の操作用である。"
+
+#. type: TP
+#: build/C/man7/namespaces.7:184
+#, no-wrap
+msgid "I</proc/[pid]/ns/uts> (since Linux 3.0)"
+msgstr "I</proc/[pid]/ns/uts> (Linux 3.0 以降)"
+#
+#. ==================== IPC namespaces ====================
#. type: Plain text
-#: build/C/man2/setfsuid.2:37
-msgid "B<int setfsuid(uid_t >I<fsuid>B<);>"
-msgstr "B<int setfsuid(uid_t >I<fsuid>B<);>"
+#: build/C/man7/namespaces.7:190
+msgid "This file is a handle for the UTS namespace of the process."
+msgstr "このファイルはそのプロセスの UTS 名前空間の操作用である。"
+#. type: SS
+#: build/C/man7/namespaces.7:190
+#, no-wrap
+msgid "IPC namespaces (CLONE_NEWIPC)"
+msgstr "IPC 名前空間 (CLONE_NEWIPC)"
+
+#. commit 7eafd7c74c3f2e67c27621b987b28397110d643f
+#. https://lwn.net/Articles/312232/
#. type: Plain text
-#: build/C/man2/setfsuid.2:49
+#: build/C/man7/namespaces.7:202
msgid ""
-"The system call B<setfsuid>() sets the user ID that the Linux kernel uses "
-"to check for all accesses to the file system. Normally, the value of "
-"I<fsuid> will shadow the value of the effective user ID. In fact, whenever "
-"the effective user ID is changed, I<fsuid> will also be changed to the new "
-"value of the effective user ID."
+"IPC namespaces isolate certain IPC resources, namely, System V IPC objects "
+"(see B<svipc>(7)) and (since Linux 2.6.30) POSIX message queues (see "
+"B<mq_overview>(7)). The common characteristic of these IPC mechanisms is "
+"that IPC objects are identified by mechanisms other than filesystem "
+"pathnames."
msgstr ""
-"B<setfsuid>() は Linux カーネルがファイルシステムに対する 全てのアクセスの"
-"チェックに使用するユーザID を設定する。通常は I<fsuid> の値は実効 "
-"(effective) ユーザID と同じになる。実際、 実効ユーザID が変更される度に "
-"I<fsuid> もまた新しい実効ユーザID の値に変更される。"
+"IPC 名前空間は、 特定の IPC リソース、すなわち、System V IPC オブジェクト "
+"(B<svipc>(7) 参照)、(Linux 2.6.30 以降では) POSIX メッセージキュー "
+"(B<mq_overview>(7) 参照) を分離する。 これらの IPC 機構に共通の特徴は、 IPC "
+"オブジェクトがファイルシステムのパス名以外の方法で識別されるという点である。"
#. type: Plain text
-#: build/C/man2/setfsuid.2:60
+#: build/C/man7/namespaces.7:208
msgid ""
-"Explicit calls to B<setfsuid>() and B<setfsgid>(2) are usually only used "
-"by programs such as the Linux NFS server that need to change what user and "
-"group ID is used for file access without a corresponding change in the real "
-"and effective user and group IDs. A change in the normal user IDs for a "
-"program such as the NFS server is a security hole that can expose it to "
-"unwanted signals. (But see below.)"
+"Each IPC namespace has its own set of System V IPC identifiers and its own "
+"POSIX message queue filesystem. Objects created in an IPC namespace are "
+"visible to all other processes that are members of that namespace, but are "
+"not visible to processes in other IPC namespaces."
msgstr ""
-"通常、 B<setfsuid>() や B<setfsgid>() が明示的に呼び出されるのは、Linux "
-"NFS サーバー のように、 ファイルアクセスに用いるユーザID / グループID を変更"
-"しなければならないが、 対応する実(real)/実効(effective) ユーザID / グループ"
-"ID は変更したくないような プログラムに限られる。 NFS サーバーのようなプログラ"
-"ムで、通常のユーザID を変更すると、 プロセスを望まないシグナルにさらす可能性"
-"があり、 セキュリティホールになる。(下記参照)"
+"各 IPC 名前空間はそれぞれ、 独自の System V IPC 識別子の集合と独自の POSIX "
+"メッセージキューファイルシステムを持つ。 IPC 名前空間に作成されたオブジェクト"
+"は、 その名前空間のメンバーの他のすべてのプロセスにも見えるが、 他の IPC 名前"
+"空間のプロセスには見えない。"
#. type: Plain text
-#: build/C/man2/setfsuid.2:67
-msgid ""
-"B<setfsuid>() will only succeed if the caller is the superuser or if "
-"I<fsuid> matches either the real user ID, effective user ID, saved set-user-"
-"ID, or the current value of I<fsuid>."
-msgstr ""
-"B<setfsuid>() は、スーパーユーザによって呼び出された場合か、 I<fsuid> が実"
-"ユーザID、実効ユーザID、 保存セットユーザID (saved set-user-ID)、現在の "
-"I<fsuid> の値のいずれかに一致する場合にのみ成功する。"
+#: build/C/man7/namespaces.7:212
+msgid "The following I</proc> interfaces are distinct in each IPC namespace:"
+msgstr "以下の I</proc> インタフェースは各 IPC 名前空間で別のものとなる。"
#. type: Plain text
-#: build/C/man2/setfsuid.2:74
-msgid ""
-"On success, the previous value of I<fsuid> is returned. On error, the "
-"current value of I<fsuid> is returned."
-msgstr ""
-"成功した場合、 I<fsuid> の以前の値を返す。エラーの場合は I<fsuid> の現在の値"
-"を返す。"
+#: build/C/man7/namespaces.7:215
+msgid "The POSIX message queue interfaces in I</proc/sys/fs/mqueue>."
+msgstr "I</proc/sys/fs/mqueue> の POSIX メッセージキューインタフェース。"
#. type: Plain text
-#: build/C/man2/setfsuid.2:82
+#: build/C/man7/namespaces.7:228
msgid ""
-"B<setfsuid>() is Linux-specific and should not be used in programs intended "
-"to be portable."
+"The System V IPC interfaces in I</proc/sys/kernel>, namely: I<msgmax>, "
+"I<msgmnb>, I<msgmni>, I<sem>, I<shmall>, I<shmmax>, I<shmmni>, and "
+"I<shm_rmid_forced>."
msgstr ""
-"B<setfsuid>() は Linux 特有であり、移植を想定したプログラムで使用してはいけ"
-"ない。"
+"I</proc/sys/kernel> の System V IPC インタフェース。 すなわち、 I<msgmax>, "
+"I<msgmnb>, I<msgmni>, I<sem>, I<shmall>, I<shmmax>, I<shmmni>, "
+"I<shm_rmid_forced>。"
#. type: Plain text
-#: build/C/man2/setfsuid.2:88
-msgid ""
-"When glibc determines that the argument is not a valid user ID, it will "
-"return -1 and set I<errno> to B<EINVAL> without attempting the system call."
-msgstr ""
-"glibc が引き数がユーザID として不正だと判断した場合は、 システムコールを行わ"
-"ず I<errno> に B<EINVAL> を設定して -1 が返される。"
+#: build/C/man7/namespaces.7:231
+msgid "The System V IPC interfaces in I</proc/sysvipc>."
+msgstr "I</proc/sysvipc> の System V IPC インタフェース。"
#. type: Plain text
-#: build/C/man2/setfsuid.2:102
+#: build/C/man7/namespaces.7:235
msgid ""
-"The original Linux B<setfsuid>() system call supported only 16-bit user "
-"IDs. Subsequently, Linux 2.4 added B<setfsuid32>() supporting 32-bit IDs. "
-"The glibc B<setfsuid>() wrapper function transparently deals with the "
-"variation across kernel versions."
+"When an IPC namespace is destroyed (i.e., when the last process that is a "
+"member of the namespace terminates), all IPC objects in the namespace are "
+"automatically destroyed."
msgstr ""
-"元々の Linux の B<setfsuid>() システムコールは\n"
-"16 ビットのグループ ID だけに対応していた。\n"
-"その後、Linux 2.4 で、32 ビットの ID に対応した\n"
-"B<setfsuid32>() が追加された。\n"
-"glibc の B<setfsuid>() のラッパー関数は\n"
-"カーネルバージョンによるこの違いを吸収している。"
+"IPC 名前空間が破棄されたときに (すなわち、その名前空間のメンバーの最後のプロ"
+"セスが終了したときに)、 その名前空間内のすべての IPC オブジェクトが自動的に破"
+"棄される。"
+#
+#. ==================== Network namespaces ====================
#. type: Plain text
-#: build/C/man2/setfsuid.2:110
+#: build/C/man7/namespaces.7:242
msgid ""
-"No error messages of any kind are returned to the caller. At the very "
-"least, B<EPERM> should be returned when the call fails (because the caller "
-"lacks the B<CAP_SETUID> capability)."
+"Use of IPC namespaces requires a kernel that is configured with the "
+"B<CONFIG_IPC_NS> option."
msgstr ""
-"いかなる種類のエラーメッセージも呼び出し元に返さない。 失敗した場合は (呼び出"
-"し元には B<CAP_SETUID> ケーパビリティがなかったのだから) 最低でも B<EPERM> く"
-"らいは返すべきである。"
-
-#. type: Plain text
-#: build/C/man2/setfsuid.2:115
-msgid "B<kill>(2), B<setfsgid>(2), B<capabilities>(7), B<credentials>(7)"
-msgstr "B<kill>(2), B<setfsgid>(2), B<capabilities>(7), B<credentials>(7)"
+"IPC 名前空間を使用するには、設定 B<CONFIG_IPC_NS> が有効になったカーネルが必"
+"要である。"
-#. type: TH
-#: build/C/man2/setgid.2:27
+#. type: SS
+#: build/C/man7/namespaces.7:242
#, no-wrap
-msgid "SETGID"
-msgstr "SETGID"
+msgid "Network namespaces (CLONE_NEWNET)"
+msgstr "ネットワーク名前空間 (CLONE_NEWNET)"
+#. FIXME Add pointer to veth(4) page when it is eventually completed
#. type: Plain text
-#: build/C/man2/setgid.2:30
-msgid "setgid - set group identity"
-msgstr "setgid - グループ識別(identity)を設定する"
+#: build/C/man7/namespaces.7:257
+msgid ""
+"Network namespaces provide isolation of the system resources associated with "
+"networking: network devices, IPv4 and IPv6 protocol stacks, IP routing "
+"tables, firewalls, the I</proc/net> directory, the I</sys/class/net> "
+"directory, port numbers (sockets), and so on. A physical network device can "
+"live in exactly one network namespace. A virtual network device (\"veth\") "
+"pair provides a pipe-like abstraction that can be used to create tunnels "
+"between network namespaces, and can be used to create a bridge to a physical "
+"network device in another namespace."
+msgstr ""
+"ネットワーク名前空間は、 ネットワークに関連するシステムリソースの分離を提供す"
+"る。 分離されるリソースは、 ネットワークデバイス、 IPv4 と IPv6 のプロトコル"
+"スタック、 IP ルーティングテーブル、 ファイアウォール、 I</proc/net> ディレク"
+"トリ、 I</sys/class/net> ディレクトリ、 (ソケットの) ポート番号などである。 "
+"物理ネットワークデバイスは 1 つのネットワーク名前空間にのみ属すことができ"
+"る。 仮想ネットワークデバイス (\"veth\") ペアは、 ネットワーク名前空間間のト"
+"ンネルを作成するのに使うことができるパイプ風の抽象概念で、 別の名前空間に属す"
+"物理ネットワークデバイスへのブリッジを作成するのに使用できる。"
#. type: Plain text
-#: build/C/man2/setgid.2:36
-msgid "B<int setgid(gid_t >I<gid>B<);>"
-msgstr "B<int setgid(gid_t >I<gid>B<);>"
+#: build/C/man7/namespaces.7:262
+msgid ""
+"When a network namespace is freed (i.e., when the last process in the "
+"namespace terminates), its physical network devices are moved back to the "
+"initial network namespace (not to the parent of the process)."
+msgstr ""
+"ネットワーク名前空間が解放されたときに (すなわち、その名前空間の最後のプロセ"
+"スがしゅうりょうしたときに)、 その名前空間に属していた物理ネットワークデバイ"
+"スは初期ネットワーク名前空間に戻される (プロセスの親プロセスに戻されるわけで"
+"はない)。"
+#
+#. ==================== Mount namespaces ====================
#. type: Plain text
-#: build/C/man2/setgid.2:41
+#: build/C/man7/namespaces.7:269
msgid ""
-"B<setgid>() sets the effective group ID of the calling process. If the "
-"caller is the superuser, the real GID and saved set-group-ID are also set."
+"Use of network namespaces requires a kernel that is configured with the "
+"B<CONFIG_NET_NS> option."
msgstr ""
-"B<setgid>() は呼び出し元のプロセスの実効 (effective) グループID を設定す"
-"る。 もしスーパーユーザーによって呼び出された場合は、 実 (real) グループID と"
-"保存 (saved) set-group-ID も設定される。"
+"ネットワーク名前空間を使用するには、設定 B<CONFIG_NET_NS> が有効になったカー"
+"ネルが必要である。"
+
+#. type: SS
+#: build/C/man7/namespaces.7:269
+#, no-wrap
+msgid "Mount namespaces (CLONE_NEWNS)"
+msgstr "マウント名前空間 (CLONE_NEWNS)"
#. type: Plain text
-#: build/C/man2/setgid.2:51
+#: build/C/man7/namespaces.7:277
msgid ""
-"Under Linux, B<setgid>() is implemented like the POSIX version with the "
-"B<_POSIX_SAVED_IDS> feature. This allows a set-group-ID program that is not "
-"set-user-ID-root to drop all of its group privileges, do some un-privileged "
-"work, and then reengage the original effective group ID in a secure manner."
+"Mount namespaces isolate the set of filesystem mount points, meaning that "
+"processes in different mount namespaces can have different views of the "
+"filesystem hierarchy. The set of mounts in a mount namespace is modified "
+"using B<mount>(2) and B<umount>(2)."
msgstr ""
-"Linux において、 B<setgid>() は B<_POSIX_SAVED_IDS> をもった POSIX 版のよう"
-"ã\81«å®\9fè£\85ã\81\95ã\82\8cã\81¦ã\81\84ã\82\8bã\80\82 ã\81\93ã\82\8cã\81¯ set-user-ID-root ã\81§ã\81ªã\81\84 set-group-ID ã\83\97ã\83ã\82°ã\83©ã\83 ã\81«ã\81\9d"
-"ã\81®ã\82°ã\83«ã\83¼ã\83\97ã\81® ç\89¹æ¨©ã\81®å\85¨ã\81¦è\90½ã\81¨ã\81\97ã\80\81ç\89¹æ¨©ã\81®å¿\85è¦\81ã\81ªã\81\84ä»\95äº\8bã\82\92ã\81\97ã\80\81æ\9c¬æ\9d¥ã\81®å®\9få\8a¹ã\82°ã\83«ã\83¼ã\83\97ID "
-"に 安全な方法で再び戻すことを許す。"
+"マウント名前空間はファイルシステムのマウントポイントの集合を分離する。 つま"
+"ã\82\8aã\80\81å\88¥ã\81®ã\83\9eã\82¦ã\83³ã\83\88å\90\8då\89\8d空é\96\93ã\81®ã\83\97ã\83ã\82»ã\82¹ã\81«ã\81¯å\88¥ã\81®ã\83\95ã\82¡ã\82¤ã\83«ã\82·ã\82¹ã\83\86ã\83 é\9a\8e層ã\81\8cè¦\8bã\81\88ã\82\8bã\81¨ã\81\84ã\81\86"
+"ã\81\93ã\81¨ã\81§ã\81\82ã\82\8bã\80\82 ã\83\9eã\82¦ã\83³ã\83\88å\90\8då\89\8d空é\96\93å\86\85ã\81®ã\83\9eã\82¦ã\83³ã\83\88ã\81®é\9b\86å\90\88ã\81¯ B<mount>(2) ã\81¨ "
+"B<umount>(2) で変更される。"
#. type: Plain text
-#: build/C/man2/setgid.2:64
+#: build/C/man7/namespaces.7:294
msgid ""
-"The calling process is not privileged (does not have the B<CAP_SETGID> "
-"capability), and I<gid> does not match the real group ID or saved set-group-"
-"ID of the calling process."
+"The I</proc/[pid]/mounts> file (present since Linux 2.4.19) lists all the "
+"filesystems currently mounted in the process's mount namespace. The format "
+"of this file is documented in B<fstab>(5). Since kernel version 2.6.15, "
+"this file is pollable: after opening the file for reading, a change in this "
+"file (i.e., a filesystem mount or unmount) causes B<select>(2) to mark the "
+"file descriptor as readable, and B<poll>(2) and B<epoll_wait>(2) mark the "
+"file as having an error condition."
msgstr ""
-"呼び出し元のプロセスに権限がなく (B<CAP_SETGID> ケーパビリティがなく)、かつ "
-"I<gid> が呼び出し元のプロセスの実グループID と保存セットグループID のどちらと"
-"も一致しない。"
+"I</proc/[pid]/mounts> ファイル (Linux 2.4.19 以降に存在) は、 そのプロセスの"
+"マウント名前空間で現在マウントされている全ファイルシステムの一覧を表示する。 "
+"このファイルのフォーマットは B<fstab>(5) に記載されている。 カーネルバージョ"
+"ン 2.6.15 以降では、このファイルをポーリングすることができる。 すなわち、この"
+"ファイルを読み出し用にオープンした後、 このファイルの変化 (ファイルシステムの"
+"マウントやアンマウント) が発生すると、 B<select>(2) はファイルディスクリプタ"
+"が読み出し可能になったと印を付け、 B<poll>(2) や B<epoll_wait>(2) はファイル"
+"がエラー状態になったかのように印を付ける。"
#. type: Plain text
-#: build/C/man2/setgid.2:74
+#: build/C/man7/namespaces.7:302
msgid ""
-"The original Linux B<setgid>() system call supported only 16-bit group "
-"IDs. Subsequently, Linux 2.4 added B<setgid32>() supporting 32-bit IDs. "
-"The glibc B<setgid>() wrapper function transparently deals with the "
-"variation across kernel versions."
+"The I</proc/[pid]/mountstats> file (present since Linux 2.6.17) exports "
+"information (statistics, configuration information) about the mount points "
+"in the process's mount namespace. This file is only readable by the owner "
+"of the process. Lines in this file have the form:"
msgstr ""
-"元々の Linux の B<setgid>() システムコールは\n"
-"16 ビットのグループ ID だけに対応していた。\n"
-"その後、Linux 2.4 で、32 ビットの ID に対応した\n"
-"B<setgid32>() が追加された。\n"
-"glibc の B<setgid>() のラッパー関数は\n"
-"カーネルバージョンによるこの違いを吸収している。"
+"I</proc/[pid]/mountstats> ファイル (Linux 2.6.17 以降に存在) は、 そのプロセ"
+"スのマウントポイントに関する情報 (統計情報、設定情報) を公開する。 このファイ"
+"ルはプロセスの所有者だけが読み出し可能である。 このファイルの各行は以下の形式"
+"である。"
#. type: Plain text
-#: build/C/man2/setgid.2:82
+#: build/C/man7/namespaces.7:308
+#, no-wrap
msgid ""
-"B<getgid>(2), B<setegid>(2), B<setregid>(2), B<capabilities>(7), "
-"B<credentials>(7)"
+"device /dev/sda7 mounted on /home with fstype ext3 [statistics]\n"
+"( 1 ) ( 2 ) (3 ) (4)\n"
msgstr ""
-"B<getgid>(2), B<setegid>(2), B<setregid>(2), B<capabilities>(7), "
-"B<credentials>(7)"
+"device /dev/sda7 mounted on /home with fstype ext3 [statistics]\n"
+"( 1 ) ( 2 ) (3 ) (4)\n"
-#. type: TH
-#: build/C/man2/setpgid.2:46
+#. type: Plain text
+#: build/C/man7/namespaces.7:312
+msgid "The fields in each line are:"
+msgstr "各行のフィールドは以下のとおりである。"
+
+#. type: IP
+#: build/C/man7/namespaces.7:312 build/C/man7/user_namespaces.7:371
#, no-wrap
-msgid "SETPGID"
-msgstr "SETPGID"
+msgid "(1)"
+msgstr "(1)"
#. type: Plain text
-#: build/C/man2/setpgid.2:49
-msgid "setpgid, getpgid, setpgrp, getpgrp - set/get process group"
-msgstr "setpgid, getpgid, setpgrp, getpgrp - プロセスグループの設定/取得を行う"
+#: build/C/man7/namespaces.7:316
+msgid ""
+"The name of the mounted device (or \"nodevice\" if there is no corresponding "
+"device)."
+msgstr ""
+"マウントされているデバイス名 (もしくは、対応するデバイスがない場合は "
+"\"nodevice\")。"
-#. type: Plain text
-#: build/C/man2/setpgid.2:53
-msgid "B<int setpgid(pid_t >I<pid>B<, pid_t >I<pgid>B<);>"
-msgstr "B<int setpgid(pid_t >I<pid>B<, pid_t >I<pgid>B<);>"
+#. type: IP
+#: build/C/man7/namespaces.7:316 build/C/man7/user_namespaces.7:375
+#, no-wrap
+msgid "(2)"
+msgstr "(2)"
#. type: Plain text
-#: build/C/man2/setpgid.2:55
-msgid "B<pid_t getpgid(pid_t >I<pid>B<);>"
-msgstr "B<pid_t getpgid(pid_t >I<pid>B<);>"
+#: build/C/man7/namespaces.7:319
+msgid "The mount point within the filesystem tree."
+msgstr "ファイルシステムツリー内のマウントポイント。"
+
+#. type: IP
+#: build/C/man7/namespaces.7:319 build/C/man7/user_namespaces.7:401
+#, no-wrap
+msgid "(3)"
+msgstr "(3)"
#. type: Plain text
-#: build/C/man2/setpgid.2:57
-msgid "B<pid_t getpgrp(void);> /* POSIX.1 version */"
-msgstr "B<pid_t getpgrp(void);> /* POSIX.1 version */"
+#: build/C/man7/namespaces.7:322
+msgid "The filesystem type."
+msgstr "ファイルシステム種別"
+
+#. type: TP
+#: build/C/man7/namespaces.7:322
+#, no-wrap
+msgid "(4)"
+msgstr "(4)"
#. type: Plain text
-#: build/C/man2/setpgid.2:60
+#: build/C/man7/namespaces.7:327
msgid ""
-"B<pid_t getpgrp(pid_t >I<pid>B<);\\ \\ \\ \\ \\ \\ \\ \\ \\ \\ \\ > /* BSD "
-"version */"
+"Optional statistics and configuration information. Currently (as at Linux "
+"2.6.26), only NFS filesystems export information via this field."
msgstr ""
-"B<pid_t getpgrp(pid_t >I<pid>B<);\\ \\ \\ \\ \\ \\ \\ \\ \\ \\ \\ > /* BSD "
-"version */"
+"統計情報と設定情報。 オプションフィールドである。 現在のところ (Linux 2.6.26 "
+"時点)、NFS ファイルシステムだけがこのフィールドで情報を公開している。"
-#. type: Plain text
-#: build/C/man2/setpgid.2:62
-msgid "B<int setpgrp(void);> /* System V version */"
-msgstr "B<int setpgrp(void);> /* System V version */"
+#
+#. ==================== PID namespaces ====================
+#. type: SS
+#: build/C/man7/namespaces.7:331
+#, no-wrap
+msgid "PID namespaces (CLONE_NEWPID)"
+msgstr "PID 名前空間 (CLONE_NEWPID)"
+#
+#. ==================== User namespaces ====================
#. type: Plain text
-#: build/C/man2/setpgid.2:65
-msgid "B<int setpgrp(pid_t >I<pid>B<, pid_t >I<pgid>B<);\\ > /* BSD version */"
-msgstr ""
-"B<int setpgrp(pid_t >I<pid>B<, pid_t >I<pgid>B<);\\ > /* BSD version */"
+#: build/C/man7/namespaces.7:337
+msgid "See B<pid_namespaces>(7)."
+msgstr "B<pid_namespaces>(7) 参照。"
+
+#. type: SS
+#: build/C/man7/namespaces.7:337
+#, no-wrap
+msgid "User namespaces (CLONE_NEWUSER)"
+msgstr "ユーザー名前空間 (CLONE_NEWUSER)"
#. type: Plain text
-#: build/C/man2/setpgid.2:74
-msgid "B<getpgid>():"
-msgstr "B<getpgid>():"
+#: build/C/man7/namespaces.7:343 build/C/man7/namespaces.7:364
+#: build/C/man7/pid_namespaces.7:356
+msgid "See B<user_namespaces>(7)."
+msgstr "B<user_namespaces>(7) 参照。"
+
+#. type: SS
+#: build/C/man7/namespaces.7:343
+#, no-wrap
+msgid "UTS namespaces (CLONE_NEWUTS)"
+msgstr "UTS 名前空間 (CLONE_NEWUTS)"
#. type: Plain text
-#: build/C/man2/setpgid.2:82
-msgid "B<setpgrp>() (POSIX.1):"
-msgstr "B<setpgrp>() (POSIX.1):"
+#: build/C/man7/namespaces.7:355
+msgid ""
+"UTS namespaces provide isolation of two system identifiers: the hostname and "
+"the NIS domain name. These identifiers are set using B<sethostname>(2) and "
+"B<setdomainname>(2), and can be retrieved using B<uname>(2), "
+"B<gethostname>(2), and B<getdomainname>(2)."
+msgstr ""
+"UTS 名前空間は、 ホスト名と NIS ドメイン名の 2 つのシステム識別子を分離す"
+"る。 これらの識別子は B<sethostname>(2) と B<setdomainname>(2) を使って設定で"
+"き、 B<uname>(2), B<gethostname>(2), B<getdomainname>(2) を使って取得できる。"
#. type: Plain text
-#: build/C/man2/setpgid.2:85
-#, no-wrap
+#: build/C/man7/namespaces.7:359
msgid ""
-" _SVID_SOURCE || _XOPEN_SOURCE\\ E<gt>=\\ 500 ||\n"
-" _XOPEN_SOURCE\\ &&\\ _XOPEN_SOURCE_EXTENDED\n"
+"Use of UTS namespaces requires a kernel that is configured with the "
+"B<CONFIG_UTS_NS> option."
msgstr ""
-" _SVID_SOURCE || _XOPEN_SOURCE\\ E<gt>=\\ 500 ||\n"
-" _XOPEN_SOURCE\\ &&\\ _XOPEN_SOURCE_EXTENDED\n"
+"UTS 名前空間を使用するには、設定 B<CONFIG_UTS_NS> が有効になったカーネルが必"
+"要である。"
#. type: Plain text
-#: build/C/man2/setpgid.2:89
-msgid "B<setpgrp>()\\ (BSD), B<getpgrp>()\\ (BSD):"
-msgstr "B<setpgrp>()\\ (BSD), B<getpgrp>()\\ (BSD):"
+#: build/C/man7/namespaces.7:361 build/C/man7/pid_namespaces.7:353
+#: build/C/man7/user_namespaces.7:648
+msgid "Namespaces are a Linux-specific feature."
+msgstr "名前空間は Linux 独自の機能である。"
#. type: Plain text
-#: build/C/man2/setpgid.2:93
-#, no-wrap
+#: build/C/man7/namespaces.7:377
msgid ""
-" _BSD_SOURCE &&\n"
-" !\\ (_POSIX_SOURCE || _POSIX_C_SOURCE || _XOPEN_SOURCE ||\n"
-" _XOPEN_SOURCE_EXTENDED || _GNU_SOURCE || _SVID_SOURCE)\n"
+"B<nsenter>(1), B<readlink>(1), B<unshare>(1), B<clone>(2), B<setns>(2), "
+"B<unshare>(2), B<proc>(5), B<credentials>(7), B<capabilities>(7), "
+"B<pid_namespaces>(7), B<user_namespaces>(7), B<switch_root>(8)"
msgstr ""
-" _BSD_SOURCE &&\n"
-" !\\ (_POSIX_SOURCE || _POSIX_C_SOURCE || _XOPEN_SOURCE ||\n"
-" _XOPEN_SOURCE_EXTENDED || _GNU_SOURCE || _SVID_SOURCE)\n"
+"B<nsenter>(1), B<readlink>(1), B<unshare>(1), B<clone>(2), B<setns>(2), "
+"B<unshare>(2), B<proc>(5), B<credentials>(7), B<capabilities>(7), "
+"B<pid_namespaces>(7), B<user_namespaces>(7), B<switch_root>(8)"
+
+#. type: TH
+#: build/C/man7/pid_namespaces.7:27
+#, no-wrap
+msgid "PID_NAMESPACES"
+msgstr "PID_NAMESPACES"
+
+#. type: TH
+#: build/C/man7/pid_namespaces.7:27 build/C/man2/seccomp.2:27
+#, no-wrap
+msgid "2015-01-10"
+msgstr "2015-01-10"
+
+#. type: Plain text
+#: build/C/man7/pid_namespaces.7:30
+msgid "pid_namespaces - overview of Linux PID namespaces"
+msgstr "pid_namespaces - Linux PID 名前空間の概要"
+
+#. type: Plain text
+#: build/C/man7/pid_namespaces.7:33 build/C/man7/user_namespaces.7:33
+msgid "For an overview of namespaces, see B<namespaces>(7)."
+msgstr "名前空間の概要については B<namespaces>(7) を参照。"
#. type: Plain text
-#: build/C/man2/setpgid.2:105
+#: build/C/man7/pid_namespaces.7:40
msgid ""
-"All of these interfaces are available on Linux, and are used for getting and "
-"setting the process group ID (PGID) of a process. The preferred, POSIX.1-"
-"specified ways of doing this are: B<getpgrp>(void), for retrieving the "
-"calling process's PGID; and B<setpgid>(), for setting a process's PGID."
+"PID namespaces isolate the process ID number space, meaning that processes "
+"in different PID namespaces can have the same PID. PID namespaces allow "
+"containers to provide functionality such as suspending/resuming the set of "
+"processes in the container and migrating the container to a new host while "
+"the processes inside the container maintain the same PIDs."
msgstr ""
-"これらのインタフェースすべてが Linux で利用可能で、 これらを使ってプロセスの"
-"プロセスグループ ID (PGID) の 取得や設定ができる。 推奨の、POSIX.1 で規定され"
-"た方法では、 B<getpgrp>(void) で呼び出し元プロセスの PGID を取得し、 "
-"B<setpgid>() で設定する。"
+"PID 名前空間はプロセス ID 番号空間を分離する。 これは、異なる PID 名前空間の"
+"プロセスは同じ PID を持つことができることを意味する。 PID 名前空間を使うこと"
+"で、コンテナー内のプロセス群を中断、再開したり、 コンテナー内のプロセスの "
+"PID を保持したままコンテナーを新しいホストに移行したりするといった機能をコン"
+"テナーが提供することが可能になる。"
#. type: Plain text
-#: build/C/man2/setpgid.2:130
+#: build/C/man7/pid_namespaces.7:48
msgid ""
-"B<setpgid>() sets the PGID of the process specified by I<pid> to I<pgid>. "
-"If I<pid> is zero, then the process ID of the calling process is used. If "
-"I<pgid> is zero, then the PGID of the process specified by I<pid> is made "
-"the same as its process ID. If B<setpgid>() is used to move a process from "
-"one process group to another (as is done by some shells when creating "
-"pipelines), both process groups must be part of the same session (see "
-"B<setsid>(2) and B<credentials>(7)). In this case, the I<pgid> specifies "
-"an existing process group to be joined and the session ID of that group must "
-"match the session ID of the joining process."
+"PIDs in a new PID namespace start at 1, somewhat like a standalone system, "
+"and calls to B<fork>(2), B<vfork>(2), or B<clone>(2) will produce processes "
+"with PIDs that are unique within the namespace."
msgstr ""
-"B<setpgid>() は I<pid> で指定したプロセスの PGID に I<pgid> を設定する。 "
-"I<pid> がゼロならば、呼び出し元プロセスのプロセス ID が pid として使用され"
-"る。 I<pgid> がゼロならば、 I<pid> で指定されたプロセスの PGID がそのプロセス"
-"のプロセス ID と 同じに設定される。 B<setpgid>() をプロセスをあるプロセスグ"
-"ループから別のグループへ 移動するために使用する場合は (一部のシェルはパイプラ"
-"インを生成 する時にこれを行う)、両方のプロセスグループは同じセッションの 一部"
-"でなければならない (B<setsid>(2) と B<credentials>(7) 参照)。この場合は "
-"I<pgid> は参加すべき既存の プロセスグループを指定し、そのセッション ID は参加"
-"するプロセスの セッション ID に一致しなければならない。"
+"新しい PID 名前空間の PID は、 独立したシステムであるかのように、 1 から始ま"
+"る。 B<fork>(2), B<vfork>(2), B<clone>(2) を呼び出すと、 その名前空間内で一意"
+"な PID でプロセスが生成される。"
+#
+#. ============================================================
#. type: Plain text
-#: build/C/man2/setpgid.2:135
+#: build/C/man7/pid_namespaces.7:55
msgid ""
-"The POSIX.1 version of B<getpgrp>(), which takes no arguments, returns the "
-"PGID of the calling process."
+"Use of PID namespaces requires a kernel that is configured with the "
+"B<CONFIG_PID_NS> option."
msgstr ""
-"POSIX.1 バージョンの B<getpgrp>() は引き数を一つもとらず、 呼び出し元プロセ"
-"スの PGID を返す。"
+"PID 名前空間を使用するには、設定 B<CONFIG_PID_NS> が有効になったカーネルが必"
+"要である。"
+
+#. type: SS
+#: build/C/man7/pid_namespaces.7:55
+#, no-wrap
+msgid "The namespace init process"
+msgstr "名前空間の init プロセス"
+
+#. type: Plain text
+#: build/C/man7/pid_namespaces.7:75
+msgid ""
+"The first process created in a new namespace (i.e., the process created "
+"using B<clone>(2) with the B<CLONE_NEWPID> flag, or the first child created "
+"by a process after a call to B<unshare>(2) using the B<CLONE_NEWPID> flag) "
+"has the PID 1, and is the \"init\" process for the namespace (see "
+"B<init>(1)). A child process that is orphaned within the namespace will be "
+"reparented to this process rather than B<init>(1) (unless one of the "
+"ancestors of the child in the same PID namespace employed the B<prctl>(2) "
+"B<PR_SET_CHILD_SUBREAPER> command to mark itself as the reaper of orphaned "
+"descendant processes)."
+msgstr ""
+"新しい名前空間で作成される最初のプロセス (すなわち、B<CLONE_NEWPID> フラグで "
+"B<clone>(2) を使って作成されたプロセスや、 B<CLONE_NEWPID> フラグで "
+"B<unshare>(2) を呼び出した後のプロセスによって作成された最初のプロセス) は "
+"PID 1 を持ち、 そのプロセスはその名前空間の \"init\" プロセスとなる "
+"(B<init>(1) 参照)。 名前空間内でみなしごになった (親プロセスがいなくなった) "
+"子プロセスは、 B<init>(1) ではなくこのプロセスが親プロセスになる (ただし、 同"
+"じ PID 名前空間内のその子プロセスの先祖が、 B<prctl>(2) の "
+"B<PR_SET_CHILD_SUBREAPER> コマンドを使って、 自分自身をみなしごとなった子孫の"
+"プロセスの引き取り手になっている場合はこの限りではなく)。"
+
+#. type: Plain text
+#: build/C/man7/pid_namespaces.7:102
+msgid ""
+"If the \"init\" process of a PID namespace terminates, the kernel terminates "
+"all of the processes in the namespace via a B<SIGKILL> signal. This "
+"behavior reflects the fact that the \"init\" process is essential for the "
+"correct operation of a PID namespace. In this case, a subsequent "
+"B<fork>(2) into this PID namespace will fail with the error B<ENOMEM>; it "
+"is not possible to create a new processes in a PID namespace whose \"init\" "
+"process has terminated. Such scenarios can occur when, for example, a "
+"process uses an open file descriptor for a I</proc/[pid]/ns/pid> file "
+"corresponding to a process that was in a namespace to B<setns>(2) into that "
+"namespace after the \"init\" process has terminated. Another possible "
+"scenario can occur after a call to B<unshare>(2): if the first child "
+"subsequently created by a B<fork>(2) terminates, then subsequent calls to "
+"B<fork>(2) will fail with B<ENOMEM>."
+msgstr ""
+"PID 名前空間の \"init\" プロセスが終了すると、 カーネルはその名前空間の全プロ"
+"セスを B<SIGKILL> シグナルで終了する。 この動作は、 PID 名前空間の正しい操作"
+"のためには \"init\" プロセスは不可欠であるという事実を反映したものである。 こ"
+"の場合、 その PID 名前空間へのそれ以降の B<fork>(2) はエラー B<ENOMEM> で失敗"
+"する。 \"init\" プロセスが終了している PID 名前空間に新しいプロセスを作成する"
+"ことはできない。 このような状況は、 例えば、 名前空間にいたプロセスに対応す"
+"る I</proc/[pid]/ns/pid> ファイルに対してオープンしたファイルディスクリプタを"
+"使って、 \"init\" プロセスが終了した後にその名前空間に B<setns>(2) を行った場"
+"合に起こり得る。 B<unshare>(2) を呼び出した後にも、この状況は起こり得る。 そ"
+"れ以降に B<fork>(2) で作成された最初の子プロセスが終了すると、 それ以降の "
+"B<fork>(2) の呼び出しは B<NOMEM> で失敗する。"
+
+#. type: Plain text
+#: build/C/man7/pid_namespaces.7:108
+msgid ""
+"Only signals for which the \"init\" process has established a signal handler "
+"can be sent to the \"init\" process by other members of the PID namespace. "
+"This restriction applies even to privileged processes, and prevents other "
+"members of the PID namespace from accidentally killing the \"init\" process."
+msgstr ""
+"PID 名前空間の他のメンバーは、 \"init\" プロセスがシグナルハンドラーを設定し"
+"たシグナルだけを、 \"init\" プロセスに送信することができる。 この制限は特権プ"
+"ロセスに対しても適用される。 この制限により、 PID 名前空間の他のメンバーが"
+"うっかり \"init\" プロセスを殺してしまうのを防ぐことができる。"
+
+#. type: Plain text
+#: build/C/man7/pid_namespaces.7:128
+msgid ""
+"Likewise, a process in an ancestor namespace can\\(emsubject to the usual "
+"permission checks described in B<kill>(2)\\(emsend signals to the \"init\" "
+"process of a child PID namespace only if the \"init\" process has "
+"established a handler for that signal. (Within the handler, the "
+"I<siginfo_t> I<si_pid> field described in B<sigaction>(2) will be zero.) "
+"B<SIGKILL> or B<SIGSTOP> are treated exceptionally: these signals are "
+"forcibly delivered when sent from an ancestor PID namespace. Neither of "
+"these signals can be caught by the \"init\" process, and so will result in "
+"the usual actions associated with those signals (respectively, terminating "
+"and stopping the process)."
+msgstr ""
+"同様に、 先祖の名前空間のプロセスは、 \"init\" プロセスがそのシグナルに対する"
+"ハンドラーを設定している場合にのみ、 B<kill>(2) で説明されている通常のアクセ"
+"ス許可のチェックを経た上で、 子供の PID 名前空間の \"init\" プロセスにシグナ"
+"ルを送信できる。 (ハンドラー内では、 I<sigaction>(2) に説明がある "
+"I<siginfo_t> の I<si_pid> フィールドは 0 になる。) B<SIGKILL> と B<SIGSTOP> "
+"は例外として扱われ、 これらのシグナルが先祖の PID 名前空間から送信された場合"
+"には強制的に配送される。 これらのシグナルはどちらも \"init\" プロセルが捕捉す"
+"ることはできない。 そのため、これらのシグナルに関連付けられた通常のアクショ"
+"ン (それぞれ、プロセスの終了とプロセスの強制停止) が実行される。"
+#
+#. ============================================================
#. type: Plain text
-#: build/C/man2/setpgid.2:146
+#: build/C/man7/pid_namespaces.7:138
msgid ""
-"B<getpgid>() returns the PGID of the process specified by I<pid>. If "
-"I<pid> is zero, the process ID of the calling process is used. (Retrieving "
-"the PGID of a process other than the caller is rarely necessary, and the "
-"POSIX.1 B<getpgrp>() is preferred for that task.)"
+"Starting with Linux 3.4, the B<reboot>(2) system call causes a signal to be "
+"sent to the namespace \"init\" process. See B<reboot>(2) for more details."
msgstr ""
-"B<getpgid>() は I<pid> で指定されたプロセスの PGID を返す。 I<pid> がゼロな"
-"らば、呼び出し元プロセスのプロセス ID が pid として使用される。 (呼び出し元プ"
-"ロセス以外のプロセスの PGID の取得が必要になることは めったになく、呼び出し元"
-"プロセスの PGID を取得するには POSIX.1 バージョンの B<getpgrp>() を使うのが"
-"望ましい。)"
+"Linux 3.4 以降では、 B<reboot>(2) システムコールを呼び出すと、 シグナルがその"
+"名前空間の \"init\" プロセスに送信される。 詳細は B<reboot>(2) を参照。"
+
+#. type: SS
+#: build/C/man7/pid_namespaces.7:138
+#, no-wrap
+msgid "Nesting PID namespaces"
+msgstr "ネストされた PID 名前空間"
#. type: Plain text
-#: build/C/man2/setpgid.2:151
+#: build/C/man7/pid_namespaces.7:149
msgid ""
-"The System V-style B<setpgrp>(), which takes no arguments, is equivalent to "
-"I<setpgid(0,\\ 0)>."
+"PID namespaces can be nested: each PID namespace has a parent, except for "
+"the initial (\"root\") PID namespace. The parent of a PID namespace is the "
+"PID namespace of the process that created the namespace using B<clone>(2) "
+"or B<unshare>(2). PID namespaces thus form a tree, with all namespaces "
+"ultimately tracing their ancestry to the root namespace."
msgstr ""
-"System V バージョンの B<setpgrp>() は引き数を一つもとらず、 I<setpgid(0,\\ "
-"0)> と等価である。"
+"PID 名前空間は入れ子にすることができる。 最初の (\"root\") PID 名前空間以外の"
+"各 PID 名前空間は親を持つ。 PID 名前空間の親は B<clone>(2) や B<unshare>(2) "
+"を使ってその名前空間を作成したプロセスの PID 名前空間である。 したがって、 "
+"PID 名前空間は木構造を構成し、 すべての名前空間は親を辿って行くと、最終的に"
+"は root 名前空間に辿り着く。"
-#. The true BSD setpgrp() system call differs in allowing the PGID
-#. to be set to arbitrary values, rather than being restricted to
-#. PGIDs in the same session.
#. type: Plain text
-#: build/C/man2/setpgid.2:163
+#: build/C/man7/pid_namespaces.7:164
msgid ""
-"The BSD-specific B<setpgrp>() call, which takes arguments I<pid> and "
-"I<pgid>, is equivalent to I<setpgid(pid, pgid)>."
+"A process is visible to other processes in its PID namespace, and to the "
+"processes in each direct ancestor PID namespace going back to the root PID "
+"namespace. In this context, \"visible\" means that one process can be the "
+"target of operations by another process using system calls that specify a "
+"process ID. Conversely, the processes in a child PID namespace can't see "
+"processes in the parent and further removed ancestor namespaces. More "
+"succinctly: a process can see (e.g., send signals with B<kill>(2), set nice "
+"values with B<setpriority>(2), etc.) only processes contained in its own PID "
+"namespace and in descendants of that namespace."
msgstr ""
-"BSD 仕様の B<setpgrp>() は I<pid> と I<pgid> を引き数にとり、 I<setpgid"
-"(pid, pgid)> と等価である。"
+"プロセスは、所属する PID 名前空間の他のプロセスから見える。また、 root PID 名"
+"前空間に向かう直径の先祖の各 PID 名前空間のプロセスからも見える。 この場合、"
+"「見える」とは、 あるプロセスが、 他のプロセスがプロセス ID を指定するシステ"
+"ムコールを使う際に操作の対象にできることを意味する。 逆に、子供 PID 名前空間"
+"のプロセスから親や先祖の名前空間のプロセスは見えない。 あるプロセスは自分自身"
+"の PID 名前空間とその子孫の名前空間のプロセスだけが見える (例えば、"
+"B<kill>(2) でシグナルを送信したり、 B<setpriority>(2) で nice 値を設定した"
+"り、など)。"
#. type: Plain text
-#: build/C/man2/setpgid.2:170
+#: build/C/man7/pid_namespaces.7:176
msgid ""
-"The BSD-specific B<getpgrp>() call, which takes a single I<pid> argument, "
-"is equivalent to I<getpgid(pid)>."
+"A process has one process ID in each of the layers of the PID namespace "
+"hierarchy in which is visible, and walking back though each direct ancestor "
+"namespace through to the root PID namespace. System calls that operate on "
+"process IDs always operate using the process ID that is visible in the PID "
+"namespace of the caller. A call to B<getpid>(2) always returns the PID "
+"associated with the namespace in which the process was created."
msgstr ""
-"BSD 仕様の B<getpgrp>() は I<pid> だけを引き数にとり、 I<getpgid(pid)> と等"
-"価である。"
+"プロセスは、そのプロセスが見える PID 名前空間の階層の各層においてプロセス ID "
+"を一つ持ち、 直接の先祖の名前空間を辿ることで通って root PID 名前空間に至るこ"
+"とができる。 プロセス ID に対して操作を行うシステムコールは、常に、呼び出し元"
+"プロセスの PID 名前空間で見えるプロセス ID を使って操作を行う。 B<getpid>(2) "
+"の呼び出しでは、 常に、 プロセスが作成された名前空間に関連付けられた PID を返"
+"す。"
+#
#. type: Plain text
-#: build/C/man2/setpgid.2:179
+#: build/C/man7/pid_namespaces.7:191
msgid ""
-"On success, B<setpgid>() and B<setpgrp>() return zero. On error, -1 is "
-"returned, and I<errno> is set appropriately."
+"Some processes in a PID namespace may have parents that are outside of the "
+"namespace. For example, the parent of the initial process in the namespace "
+"(i.e., the B<init>(1) process with PID 1) is necessarily in another "
+"namespace. Likewise, the direct children of a process that uses "
+"B<setns>(2) to cause its children to join a PID namespace are in a "
+"different PID namespace from the caller of B<setns>(2). Calls to "
+"B<getppid>(2) for such processes return 0."
msgstr ""
-"B<setpgid>() と B<setpgrp>() は成功した場合、ゼロを返す。エラーの場合は -1 "
-"を返し、 I<errno> が適切に設定される。"
+"PID 名前空間内のプロセスは名前空間の外部に親プロセスを持つことができる。 例え"
+"ば、その名前空間の初期プロセス (すなわち PID 1 を持つ B<init>(1) プロセス) の"
+"親プロセスは必然的に別の名前空間に属すことになる。 同様に、 あるプロセスが "
+"B<setns>(2) を使って子プロセスを PID 名前空間に参加させた場合、 子プロセスは "
+"B<setns>(2) の呼び出し元とは異なる PID 名前空間に属す。 子プロセスで "
+"B<getppid>(2) を呼び出すと 0 が返される。"
+#
+#. ============================================================
#. type: Plain text
-#: build/C/man2/setpgid.2:183
-msgid "The POSIX.1 B<getpgrp>() always returns the PGID of the caller."
-msgstr ""
-"POSIX.1 バージョンの B<getpgrp>() は常に呼び出しプロセスの PGID を返す。"
+#: build/C/man7/pid_namespaces.7:204
+msgid ""
+"While processes may freely descend into child PID namespaces (e.g., using "
+"B<setns>(2) with B<CLONE_NEWPID>), they may not move in the other "
+"direction. That is to say, processes may not enter any ancestor namespaces "
+"(parent, grandparent, etc.). Changing PID namespaces is a one way operation."
+msgstr "プロセスは (B<setns>(2) を B<CLONE_NEWPID> で使うなどで) 子供の PID 名前空間に自由に入ることができるが、 逆の方向には移動できない。 つまり、 プロセスは先祖の名前空間 (親、親の親など) に入ることはできない。 PID 名前空間の変更は一方向の操作である。"
+
+#. type: SS
+#: build/C/man7/pid_namespaces.7:204
+#, no-wrap
+msgid "setns(2) and unshare(2) semantics"
+msgstr "setns(2) と unshare(2) の動作"
#. type: Plain text
-#: build/C/man2/setpgid.2:191
+#: build/C/man7/pid_namespaces.7:220
msgid ""
-"B<getpgid>(), and the BSD-specific B<getpgrp>() return a process group on "
-"success. On error, -1 is returned, and I<errno> is set appropriately."
+"Calls to B<setns>(2) that specify a PID namespace file descriptor and calls "
+"to B<unshare>(2) with the B<CLONE_NEWPID> flag cause children subsequently "
+"created by the caller to be placed in a different PID namespace from the "
+"caller. These calls do not, however, change the PID namespace of the "
+"calling process, because doing so would change the caller's idea of its own "
+"PID (as reported by B<getpid>()), which would break many applications and "
+"libraries."
msgstr ""
-"B<getpgid>() と BSD 仕様の B<getpgrp>() は成功した場合プロセスグループを返"
-"す。 エラーの場合は -1 を返し、 I<errno> が適切に設定される。"
+"PID 名前空間のファイルディスクリプタを指定して B<setns>(2) を呼び出したり、 "
+"B<CLONE_NEWPID> フラグ付きで B<unshare>(2) を呼び出したりすると、 その結果作"
+"成された子プロセスは呼び出し元とは異なる PID 名前空間に置かれる。 しかし、こ"
+"れらの呼び出しでは呼び出し元プロセスの PID 名前空間は変更されない。 なぜな"
+"ら、PID 名前空間を変更してしまうと、 呼び出し元が認識する (B<getpid>() が返"
+"す) 自分の PID が変わってしまい、 多くのアプリケーションやライブラリが正しく"
+"動作しなくなるからである。"
#. type: Plain text
-#: build/C/man2/setpgid.2:200
+#: build/C/man7/pid_namespaces.7:228
msgid ""
-"An attempt was made to change the process group ID of one of the children of "
-"the calling process and the child had already performed an B<execve>(2) "
-"(B<setpgid>(), B<setpgrp>())."
+"To put things another way: a process's PID namespace membership is "
+"determined when the process is created and cannot be changed thereafter. "
+"Among other things, this means that the parental relationship between "
+"processes mirrors the parental relationship between PID namespaces: the "
+"parent of a process is either in the same namespace or resides in the "
+"immediate parent PID namespace."
msgstr ""
-"呼び出し元プロセスの子プロセスのプロセスグループ ID を変更しようとしたが、 す"
-"でにその子プロセスは B<execve>(2) を実行していた。 (B<setpgid>(), B<setpgrp>"
-"())"
+"別の言い方をすると、 あるプロセスがどの PID 名前空間に所属するかは、 そのプロ"
+"セスが作成されたときに決定され、 それ以降は変更されることはない。 いろいろあ"
+"るが、プロセス間の親子関係には、PID 名前空間の親子関係がそのまま反映されると"
+"いうことだ。 プロセスの親プロセスは、同じ名前空間にいるか、もしくは直接の親 "
+"PID 名前空間にいるかのいずれかである。"
-#. type: Plain text
-#: build/C/man2/setpgid.2:206
-msgid "I<pgid> is less than 0 (B<setpgid>(), B<setpgrp>())."
-msgstr "I<pgid> が 0 より小さい。 (B<setpgid>(), B<setpgrp>())"
+#. type: SS
+#: build/C/man7/pid_namespaces.7:228
+#, no-wrap
+msgid "Compatibility of CLONE_NEWPID with other CLONE_* flags"
+msgstr "CLONE_NEWPID の他の CLONE_* フラグとの互換性"
#. type: Plain text
-#: build/C/man2/setpgid.2:215
-msgid ""
-"An attempt was made to move a process into a process group in a different "
-"session, or to change the process group ID of one of the children of the "
-"calling process and the child was in a different session, or to change the "
-"process group ID of a session leader (B<setpgid>(), B<setpgrp>())."
+#: build/C/man7/pid_namespaces.7:233
+msgid "B<CLONE_NEWPID> can't be combined with some other B<CLONE_*> flags:"
msgstr ""
-"プロセスを異なるセッションのプロセスグループに移動させようとした。 または呼び"
-"出し元プロセスの子プロセスのプロセスグループ ID を変更しようと したが、その子"
-"プロセスは別のセッションだった。 またはセッションリーダーのプロセスグループ "
-"ID を変更しようとした。 (B<setpgid>(), B<setpgrp>())"
+"B<CLONE_NEWPID> はいくつかの他の B<CLONE_*> フラグと組み合わせることができな"
+"い。"
#. type: Plain text
-#: build/C/man2/setpgid.2:225
+#: build/C/man7/pid_namespaces.7:241
msgid ""
-"For B<getpgid>(): I<pid> does not match any process. For B<setpgid>(): "
-"I<pid> is not the calling process and not a child of the calling process."
+"B<CLONE_THREAD> requires being in the same PID namespace in order that the "
+"threads in a process can send signals to each other. Similarly, it must be "
+"possible to see all of the threads of a processes in the B<proc>(5) "
+"filesystem."
msgstr ""
-"B<getpgid>() の場合: I<pid> がどのプロセスにも一致しない。 B<setpgid>() の"
-"場合: I<pid> が呼び出し元のプロセスではなく、呼び出し元のプロセスの子プロセス"
-"ã\81§ã\82\82ã\81ªã\81\84。"
+"B<CLONE_THREAD> は、 プロセス内のスレッド間で互いにシグナルを送信できるように"
+"するため、 同じ PID 名前空間に属している必要がある。 同様に、 プロセス内の全"
+"ã\82¹ã\83¬ã\83\83ã\83\89ã\81\8c B<proc>(5) ã\83\95ã\82¡ã\82¤ã\83«ã\82·ã\82¹ã\83\86ã\83 ã\81§è¦\8bã\81\88ã\82\8bå¿\85è¦\81ã\81\8cã\81\82ã\82\8b。"
#. type: Plain text
-#: build/C/man2/setpgid.2:231
+#: build/C/man7/pid_namespaces.7:252
msgid ""
-"B<setpgid>() and the version of B<getpgrp>() with no arguments conform to "
-"POSIX.1-2001."
+"B<CLONE_SIGHAND> requires being in the same PID namespace; otherwise the "
+"process ID of the process sending a signal could not be meaningfully encoded "
+"when a signal is sent (see the description of the I<siginfo_t> type in "
+"B<sigaction>(2)). A signal queue shared by processes in multiple PID "
+"namespaces will defeat that."
msgstr ""
-"B<setpgid>() と、引き数なしバージョンの B<getpgrp>() は POSIX.1-2001 に準拠"
-"している。"
+"B<CLONE_SIGHAND> は、同じ PID 名前空間である必要がある。 さもなければ、 シグ"
+"ナルが送信された際に、シグナルを送信したプロセスのプロセス ID を意味のある形"
+"でエンコードすることができない (B<sigaction>(2) の I<siginfo_t> 型の説明を参"
+"照)。 複数の PID 名前空間に属するプロセス間で一つのシグナルキューを共有する"
+"と、うまく動かなくなる。"
#. type: Plain text
-#: build/C/man2/setpgid.2:240
+#: build/C/man7/pid_namespaces.7:262
msgid ""
-"POSIX.1-2001 also specifies B<getpgid>() and the version of B<setpgrp>() "
-"that takes no arguments. (POSIX.1-2008 marks this B<setpgrp>() "
-"specification as obsolete.)"
+"B<CLONE_VM> requires all of the threads to be in the same PID namespace, "
+"because, from the point of view of a core dump, if two processes share the "
+"same address space then they are threads and will be core dumped together. "
+"When a core dump is written, the PID of each thread is written into the core "
+"dump. Writing the process IDs could not meaningfully succeed if some of the "
+"process IDs were in a parent PID namespace."
msgstr ""
-"POSIX.1-2001 は、 B<getpgid>() と、引き数なしバージョンの B<setpgrp>() も規"
-"定している。 POSIX.1-2008 は、この B<setpgrp>() の仕様を廃止予定としている。"
+"B<CLONE_VM> は、全スレッドが同じ PID 名前空間に属している必要がある。 なぜな"
+"ら、 コアダンプの観点から見ると、 2 つのプロセスが同じアドレス空間を共有して"
+"いれば、 これらはスレッドであり、コアダンプが一緒に行われるからである。 コア"
+"ダンプが書き込まれる際に、 各スレッドの PID がコアダンプに書き込まれる。 もし"
+"プロセス ID のいくつかが親 PID 名前空間に属していたとすると、 プロセス ID の"
+"書き込みは意味を持たなくなってしまう。"
#. type: Plain text
-#: build/C/man2/setpgid.2:247
+#: build/C/man7/pid_namespaces.7:280
msgid ""
-"The version of B<getpgrp>() with one argument and the version of B<setpgrp>"
-"() that takes two arguments derive from 4.2BSD, and are not specified by "
-"POSIX.1."
+"To summarize: there is a technical requirement for each of B<CLONE_THREAD>, "
+"B<CLONE_SIGHAND>, and B<CLONE_VM> to share a PID namespace. (Note "
+"furthermore that in B<clone>(2) requires B<CLONE_VM> to be specified if "
+"B<CLONE_THREAD> or B<CLONE_SIGHAND> is specified.) Thus, call sequences "
+"such as the following will fail (with the error B<EINVAL>):"
msgstr ""
-"引き数 1 個バージョンの B<getpgrp>() と引き数 2 個バージョンの B<setpgrp>"
-"() は 4.2BSD に由来し、 POSIX.1 では規定されていない。"
+"まとめると、 B<CLONE_THREAD>, B<CLONE_SIGHAND>, B<CLONE_VM> では技術的な要件"
+"として PID 名前空間が共有されている点がある。 (さらに B<clone>(2) では "
+"B<CLONE_THREAD> か B<CLONE_SIGHAND> が指定された際には B<CLONE_VM> が指定され"
+"ている必要がある点にも注意。) したがって、以下のような順序で呼び出しを行うと "
+"(エラー B<EINVAL> で) 失敗する。"
#. type: Plain text
-#: build/C/man2/setpgid.2:253
+#: build/C/man7/pid_namespaces.7:284
+#, no-wrap
msgid ""
-"A child created via B<fork>(2) inherits its parent's process group ID. The "
-"PGID is preserved across an B<execve>(2)."
+" unshare(CLONE_NEWPID);\n"
+" clone(..., CLONE_VM, ...); /* Fails */\n"
msgstr ""
-"B<fork>(2) で作成された子プロセスは、親プロセスの PGID を継承する。 "
-"B<execve>(2) の前後で PGID は保存される。"
+" unshare(CLONE_NEWPID);\n"
+" clone(..., CLONE_VM, ...); /* Fails */\n"
#. type: Plain text
-#: build/C/man2/setpgid.2:256
+#: build/C/man7/pid_namespaces.7:287
+#, no-wrap
msgid ""
-"Each process group is a member of a session and each process is a member of "
-"the session of which its process group is a member."
+" setns(fd, CLONE_NEWPID);\n"
+" clone(..., CLONE_VM, ...); /* Fails */\n"
msgstr ""
-"各プロセスグループはセッションのメンバーであり、各プロセスは そのプロセスグ"
-"ループが所属しているセッションのメンバーである。"
+" setns(fd, CLONE_NEWPID);\n"
+" clone(..., CLONE_VM, ...); /* Fails */\n"
#. type: Plain text
-#: build/C/man2/setpgid.2:283
+#: build/C/man7/pid_namespaces.7:290
+#, no-wrap
msgid ""
-"A session can have a controlling terminal. At any time, one (and only one) "
-"of the process groups in the session can be the foreground process group for "
-"the terminal; the remaining process groups are in the background. If a "
-"signal is generated from the terminal (e.g., typing the interrupt key to "
-"generate B<SIGINT>), that signal is sent to the foreground process group. "
-"(See B<termios>(3) for a description of the characters that generate "
-"signals.) Only the foreground process group may B<read>(2) from the "
-"terminal; if a background process group tries to B<read>(2) from the "
-"terminal, then the group is sent a B<SIGTSTP> signal, which suspends it. "
-"The B<tcgetpgrp>(3) and B<tcsetpgrp>(3) functions are used to get/set the "
-"foreground process group of the controlling terminal."
+" clone(..., CLONE_VM, ...);\n"
+" setns(fd, CLONE_NEWPID); /* Fails */\n"
msgstr ""
-"セッションは制御端末 (controlling terminal) を持つことができる。 いつでも、"
-"セッションに所属するプロセスグループの一つ (だけ) が 端末のフォアグランドのプ"
-"ロセスグループになることができ、 残りのプロセスグループはバックグラウンドにな"
-"る。 端末からシグナルが生成された場合 (例えば、中断キーを叩いて B<SIGINT> が"
-"生成されるなど)、そのシグナルはフォアグラウンドのプロセスグループ に送られる "
-"(シグナルを生成する文字の説明は B<termios>(3) を参照)。 フォアグラウンドのプ"
-"ロセスグループだけが端末からの B<read>(2) ができる。 バックグラウンドのプロ"
-"セスグループが端末からの B<read>(2) を行おうとした場合、そのプロセスグループ"
-"にはシグナル B<SIGTSTP> が送られ、そのプロセスグループは一時停止 (suspend) す"
-"る。 関数 B<tcgetpgrp>(3) と B<tcsetpgrp>(3) を使うと、制御端末のフォアグラ"
-"ウンドのプロセスグループを 取得/設定できる。"
+" clone(..., CLONE_VM, ...);\n"
+" setns(fd, CLONE_NEWPID); /* Fails */\n"
#. type: Plain text
-#: build/C/man2/setpgid.2:291
+#: build/C/man7/pid_namespaces.7:293
+#, no-wrap
msgid ""
-"The B<setpgid>() and B<getpgrp>() calls are used by programs such as "
-"B<bash>(1) to create process groups in order to implement shell job control."
+" clone(..., CLONE_VM, ...);\n"
+" unshare(CLONE_NEWPID); /* Fails */\n"
msgstr ""
-"B<setpgid>() と B<getpgrp>() は、 B<bash>(1) のようなプログラムで、シェル"
-"のジョブ制御 (job control) の実装のための プロセスグループを作成するのに使わ"
-"れる。"
+" clone(..., CLONE_VM, ...);\n"
+" unshare(CLONE_NEWPID); /* Fails */\n"
+
+#
+#. ============================================================
+#. type: SS
+#: build/C/man7/pid_namespaces.7:297
+#, no-wrap
+msgid "/proc and PID namespaces"
+msgstr "/proc と PID 名前空間"
#. type: Plain text
-#: build/C/man2/setpgid.2:301
+#: build/C/man7/pid_namespaces.7:306
msgid ""
-"If a session has a controlling terminal, and the B<CLOCAL> flag for that "
-"terminal is not set, and a terminal hangup occurs, then the session leader "
-"is sent a B<SIGHUP>. If the session leader exits, then a B<SIGHUP> signal "
-"will also be sent to each process in the foreground process group of the "
-"controlling terminal."
+"A I</proc> filesystem shows (in the I</proc/PID> directories) only processes "
+"visible in the PID namespace of the process that performed the mount, even "
+"if the I</proc> filesystem is viewed from processes in other namespaces."
msgstr ""
-"セッションが制御端末を持っていて、その端末に対して B<CLOCAL> フラグが設定され"
-"ておらず、端末のハングアップが起きた場合、 セッション・リーダーに B<SIGHUP> "
-"が送られる。 セッション・リーダーが終了した場合には、その制御端末の フォアグ"
-"ランドのプロセスグループに所属する各プロセスにも B<SIGHUP> シグナルが送られ"
-"る。"
+"I</proc> ファイルシステムは、I</proc> のマウントを行ったプロセスの PID 名前空"
+"間で見えるプロセスだけを表示する。 たとえ、 その I</proc> ファイルシステムが"
+"他の名前空間のプロセスから参照されたとしても、そうである。"
-#. exit.3 refers to the following text:
#. type: Plain text
-#: build/C/man2/setpgid.2:315
+#: build/C/man7/pid_namespaces.7:325
msgid ""
-"If the exit of the process causes a process group to become orphaned, and if "
-"any member of the newly orphaned process group is stopped, then a B<SIGHUP> "
-"signal followed by a B<SIGCONT> signal will be sent to each process in the "
-"newly orphaned process group. An orphaned process group is one in which the "
-"parent of every member of process group is either itself also a member of "
-"the process group or is a member of a process group in a different session "
-"(see also B<credentials>(7))."
+"After creating a new PID namespace, it is useful for the child to change its "
+"root directory and mount a new procfs instance at I</proc> so that tools "
+"such as B<ps>(1) work correctly. If a new mount namespace is "
+"simultaneously created by including B<CLONE_NEWNS> in the I<flags> argument "
+"of B<clone>(2) or B<unshare>(2), then it isn't necessary to change the root "
+"directory: a new procfs instance can be mounted directly over I</proc>."
msgstr ""
-"プロセスの終了によってプロセスグループが孤児 (orphaned) になった際に、 その新"
-"たに孤児になったプロセスグループに停止しているメンバーがいれば、 その孤児に"
-"なったプロセスグループに属す全てのプロセスに B<SIGHUP> シグナルに続けて "
-"B<SIGCONT> シグナルが送られる。 孤児になった (orphaned) プロセスグループと"
-"は、 そのプロセスグループの全てのメンバーについて、メンバーの親プロセスが、 "
-"親プロセス自身もそのプロセスグループのメンバーか、 別のセッションに属すプロセ"
-"スグループのメンバーのいずれかであるような、 プロセスグループのことである。"
+"新しい PID 名前空間を作成した後、 子プロセスが、自身の root ディレクトリを変"
+"更し、新しい procfs インスタンスを I</proc> にマウントするのは B<ps>(1) など"
+"のツールが正しく動作するためにも有用である。 B<clone>(2) の I<flags> 引き数"
+"に B<CLONE_NEWNS> も指定されて新しいマウント名前空間が同時に作成された場合"
+"は、 root ディレクトリを変更する必要はない。 新しい procfs インスタンスを I</"
+"proc> にそのままマウントすることができる。"
#. type: Plain text
-#: build/C/man2/setpgid.2:322
-msgid ""
-"B<getuid>(2), B<setsid>(2), B<tcgetpgrp>(3), B<tcsetpgrp>(3), B<termios>(3), "
-"B<credentials>(7)"
-msgstr ""
-"B<getuid>(2), B<setsid>(2), B<tcgetpgrp>(3), B<tcsetpgrp>(3), B<termios>(3), "
-"B<credentials>(7)"
+#: build/C/man7/pid_namespaces.7:329
+msgid "From a shell, the command to mount I</proc> is:"
+msgstr "シェルから、コマンドで I</proc> のマウントを行うには次のようにする。"
-#. type: TH
-#: build/C/man2/setresuid.2:26
+#. type: Plain text
+#: build/C/man7/pid_namespaces.7:331
#, no-wrap
-msgid "SETRESUID"
-msgstr "SETRESUID"
+msgid " $ mount -t proc proc /proc\n"
+msgstr " $ mount -t proc proc /proc\n"
+
+#
+#. ============================================================
+#. type: Plain text
+#: build/C/man7/pid_namespaces.7:343
+msgid ""
+"Calling B<readlink>(2) on the path I</proc/self> yields the process ID of "
+"the caller in the PID namespace of the procfs mount (i.e., the PID namespace "
+"of the process that mounted the procfs). This can be useful for "
+"introspection purposes, when a process wants to discover its PID in other "
+"namespaces."
+msgstr ""
+"パス I</proc/self> に対して B<readlink>(2) を呼び出すと、 procfs のマウントを"
+"行ったプロセスの PID 名前空間におけるプロセス ID が得られる。 これは調査目的"
+"でプロセスが他の名前空間で自身の PID を知りたい場合などに役立つ。"
+
+#. type: SS
+#: build/C/man7/pid_namespaces.7:343 build/C/man7/user_namespaces.7:635
+#, no-wrap
+msgid "Miscellaneous"
+msgstr "その他"
+
+#. type: Plain text
+#: build/C/man7/pid_namespaces.7:351
+msgid ""
+"When a process ID is passed over a UNIX domain socket to a process in a "
+"different PID namespace (see the description of B<SCM_CREDENTIALS> in "
+"B<unix>(7)), it is translated into the corresponding PID value in the "
+"receiving process's PID namespace."
+msgstr ""
+"プロセス ID が UNIX ドメインソケット経由で別の PID 名前空間のプロセスに渡され"
+"る場合 (B<unix>(7) の B<SCM_CREDENTIALS> の説明を参照)、 プロセス ID は受信プ"
+"ロセスの PID 名前空間での対応する PID 値に翻訳される。"
+
+#. type: Plain text
+#: build/C/man7/pid_namespaces.7:365
+msgid ""
+"B<clone>(2), B<setns>(2), B<unshare>(2), B<proc>(5), B<credentials>(7), "
+"B<capabilities>(7), B<user_namespaces>(7), B<switch_root>(8)"
+msgstr ""
+"B<clone>(2), B<setns>(2), B<unshare>(2), B<proc>(5), B<credentials>(7), "
+"B<capabilities>(7), B<user_namespaces>(7), B<switch_root>(8)"
+
+#. type: TH
+#: build/C/man2/seteuid.2:29
+#, no-wrap
+msgid "SETEUID"
+msgstr "SETEUID"
+
+#. type: Plain text
+#: build/C/man2/seteuid.2:32
+msgid "seteuid, setegid - set effective user or group ID"
+msgstr "seteuid, setegid - 実効ユーザー ID や 実効グループ ID を設定する"
+
+#. type: Plain text
+#: build/C/man2/seteuid.2:38
+msgid "B<int seteuid(uid_t >I<euid>B<);>"
+msgstr "B<int seteuid(uid_t >I<euid>B<);>"
+
+#. type: Plain text
+#: build/C/man2/seteuid.2:40
+msgid "B<int setegid(gid_t >I<egid>B<);>"
+msgstr "B<int setegid(gid_t >I<egid>B<);>"
+
+#. type: Plain text
+#: build/C/man2/seteuid.2:49
+msgid "B<seteuid>(), B<setegid>():"
+msgstr "B<seteuid>(), B<setegid>():"
+
+#. type: Plain text
+#: build/C/man2/seteuid.2:51
+msgid ""
+"_BSD_SOURCE || _POSIX_C_SOURCE\\ E<gt>=\\ 200112L || _XOPEN_SOURCE\\ E<gt>="
+"\\ 600"
+msgstr ""
+"_BSD_SOURCE || _POSIX_C_SOURCE\\ E<gt>=\\ 200112L || _XOPEN_SOURCE\\ E<gt>="
+"\\ 600"
+
+#. type: Plain text
+#: build/C/man2/seteuid.2:58
+msgid ""
+"B<seteuid>() sets the effective user ID of the calling process. "
+"Unprivileged user processes may only set the effective user ID to the real "
+"user ID, the effective user ID or the saved set-user-ID."
+msgstr ""
+"B<seteuid>() は呼び出し元のプロセスの実効ユーザー ID を設定する。 非特権ユー"
+"ザーのプロセスの場合、実効ユーザー ID に設定できるのは、 実ユーザー ID・実効"
+"ユーザー ID・保存 set-user-ID のいずれかだけである。"
+
+#. When
+#. .I euid
+#. equals \-1, nothing is changed.
+#. (This is an artifact of the implementation in glibc of seteuid()
+#. using setresuid(2).)
+#. type: Plain text
+#: build/C/man2/seteuid.2:67
+msgid ""
+"Precisely the same holds for B<setegid>() with \"group\" instead of \"user"
+"\"."
+msgstr ""
+"B<setegid>() は「ユーザー」ではなく「グループ」に対して全く同じことを行う。"
+
+#. type: Plain text
+#: build/C/man2/seteuid.2:79
+msgid ""
+"I<Note>: there are cases where B<seteuid>() can fail even when the caller "
+"is UID 0; it is a grave security error to omit checking for a failure return "
+"from B<seteuid>()."
+msgstr ""
+"I<注意>: 呼び出し元が UID 0 であっても B<seteuid>() が失敗する場合がある。 "
+"B<seteuid>() からのリターンが失敗かどうかの確認を省略することは重大なセキュリ"
+"ティ上のエラーとなる。"
+
+#. type: Plain text
+#: build/C/man2/seteuid.2:83
+msgid "The target user or group ID is not valid in this user namespace."
+msgstr ""
+"対象のユーザー ID かグループ ID がこのユーザー名前空間では有効ではない。"
+
+#. type: Plain text
+#: build/C/man2/seteuid.2:99
+msgid ""
+"The calling process is not privileged (Linux: does not have the "
+"B<CAP_SETUID> capability in the case of B<seteuid>(), or the B<CAP_SETGID> "
+"capability in the case of B<setegid>()) and I<euid> (respectively, "
+"I<egid>) is not the real user (group) ID, the effective user (group) ID, or "
+"the saved set-user-ID (saved set-group-ID)."
+msgstr ""
+"呼び出し元のプロセスに特権がなく、 I<euid> (I<egid>) が実ユーザー (グルー"
+"プ) ID、または実効ユーザー (グループ) ID、 保存 set-user-ID (保存 set-group-"
+"ID) のいずれでもではない (Linux においては、 B<seteuid>() では "
+"B<CAP_SETUID> ケーパビリティ (capability) が、 B<setegid>() では "
+"B<CAP_SETGID> ケーパビリティがない場合に、特権がないと判断される)。"
+
+#. type: Plain text
+#: build/C/man2/seteuid.2:101
+msgid "4.3BSD, POSIX.1-2001."
+msgstr "4.3BSD, POSIX.1-2001."
+
+#. type: Plain text
+#: build/C/man2/seteuid.2:107
+msgid ""
+"Setting the effective user (group) ID to the saved set-user-ID (saved set-"
+"group-ID) is possible since Linux 1.1.37 (1.1.38). On an arbitrary system "
+"one should check B<_POSIX_SAVED_IDS>."
+msgstr ""
+"実効ユーザー (グループ) ID を保存 set-user-ID (保存 set-group-ID) に 設定でき"
+"るのは、Linux 1.1.37 (1.1.38) 以降である。 全てのシステムにおいて "
+"B<_POSIX_SAVED_IDS> をチェックすべきである。"
+
+#. type: Plain text
+#: build/C/man2/seteuid.2:123
+msgid ""
+"Under glibc 2.0 B<seteuid(>I<euid>B<)> is equivalent to B<setreuid(-1,>I< "
+"euid>B<)> and hence may change the saved set-user-ID. Under glibc 2.1 and "
+"later it is equivalent to B<setresuid(-1,>I< euid>B<, -1)> and hence does "
+"not change the saved set-user-ID. Analogous remarks hold for B<setegid>(), "
+"with the difference that the change in implementation from B<setregid(-1,>I< "
+"egid>B<)> to B<setresgid(-1,>I< egid>B<, -1)> occurred in glibc 2.2 or 2.3 "
+"(depending on the hardware architecture)."
+msgstr ""
+"glibc 2.0 では、 B<seteuid(>I<euid>B<)> は B<setreuid(-1,>I< euid>B<)> と等価"
+"であり、保存 set-user-ID を変更するかもしれない。 glibc 2.1 では、 "
+"B<setresuid(-1,>I< euid>B<, -1)> と等価であり、保存 set-user-ID 変更しない。 "
+"同様のことが B<setegid>() にも言えるが、 glibc 2.2 か 2.3 で、 実装が "
+"B<setregid(-1,>I< egid>B<)> から B<setresgid(-1,>I< egid>B<, -1)> へ変更され"
+"た点だけが違う (どの glibc バージョンで変更が行われたかは、ハードウェアアーキ"
+"テクチャによって異なる)。"
+
+#. type: Plain text
+#: build/C/man2/seteuid.2:132
+msgid ""
+"According to POSIX.1, B<seteuid>() (B<setegid>()) need not permit I<euid> "
+"(I<egid>) to be the same value as the current effective user (group) ID, "
+"and some implementations do not permit this."
+msgstr ""
+"POSIX.1 では、 B<seteuid>() (B<setegid>()) で、 I<euid> (I<egid>) として現"
+"在の実効ユーザ (グループ) ID と同じ値を指定可能である 必要はないとされてお"
+"り、いくつかの実装では I<euid> (I<egid>) として現在の実効ユーザ (グループ) "
+"ID と同じ値を 指定することができない。"
+
+#. type: Plain text
+#: build/C/man2/seteuid.2:141
+msgid ""
+"On Linux, B<seteuid>() and B<setegid>() are implemented as library "
+"functions that call, respectively, B<setreuid>(2) and B<setresgid>(2)."
+msgstr ""
+"Linux では、 B<seteuid>() と B<setegid>() は、それぞれ B<setreuid>(2) と "
+"B<setresgid>(2) を呼び出すライブラリ関数として実装されている。"
+
+#. type: Plain text
+#: build/C/man2/seteuid.2:149
+msgid ""
+"B<geteuid>(2), B<setresuid>(2), B<setreuid>(2), B<setuid>(2), "
+"B<capabilities>(7), B<credentials>(7), B<user_namespaces>(7)"
+msgstr ""
+"B<geteuid>(2), B<setresuid>(2), B<setreuid>(2), B<setuid>(2), "
+"B<capabilities>(7), B<credentials>(7), B<user_namespaces>(7)"
+
+#. type: TH
+#: build/C/man2/setfsgid.2:31
+#, no-wrap
+msgid "SETFSGID"
+msgstr "SETFSGID"
+
+#. type: TH
+#: build/C/man2/setfsgid.2:31 build/C/man2/setfsuid.2:31
+#, no-wrap
+msgid "2013-08-08"
+msgstr "2013-08-08"
+
+#. type: Plain text
+#: build/C/man2/setfsgid.2:34
+msgid "setfsgid - set group identity used for filesystem checks"
+msgstr ""
+"setfsgid - ファイルシステムのチェックに用いられるグループ ID を設定する"
+
+#. type: Plain text
+#: build/C/man2/setfsgid.2:36 build/C/man2/setfsuid.2:36
+msgid "B<#include E<lt>sys/fsuid.hE<gt>>"
+msgstr "B<#include E<lt>sys/fsuid.hE<gt>>"
+
+#. type: Plain text
+#: build/C/man2/setfsgid.2:38
+msgid "B<int setfsgid(uid_t >I<fsgid>B<);>"
+msgstr "B<int setfsgid(uid_t >I<fsgid>B<);>"
+
+#. type: Plain text
+#: build/C/man2/setfsgid.2:51
+msgid ""
+"The system call B<setfsgid>() changes the value of the caller's filesystem "
+"group ID\\(emthe group ID that the Linux kernel uses to check for all "
+"accesses to the filesystem. Normally, the value of the filesystem group ID "
+"will shadow the value of the effective group ID. In fact, whenever the "
+"effective group ID is changed, the filesystem group ID will also be changed "
+"to the new value of the effective group ID."
+msgstr ""
+"システムコール B<setfsgid>() は、 呼び出し元のファイルシステムグループ ID "
+"\\(em ファイルシステムへの全てのアクセスのチェックにおいて Linux カーネルが使"
+"用するグループ ID \\(em の値を変更する。通常はファイルシステムグループ ID の"
+"値は実効 (effective) グループ ID と同じになる。実際、 実効グループ ID が変更"
+"される度にファイルシステムグループ ID もまた新しい実効グループ ID の値に変更"
+"される。"
+
+#. type: Plain text
+#: build/C/man2/setfsgid.2:62
+msgid ""
+"Explicit calls to B<setfsuid>(2) and B<setfsgid>() are usually used only "
+"by programs such as the Linux NFS server that need to change what user and "
+"group ID is used for file access without a corresponding change in the real "
+"and effective user and group IDs. A change in the normal user IDs for a "
+"program such as the NFS server is a security hole that can expose it to "
+"unwanted signals. (But see below.)"
+msgstr ""
+"通常、 B<setfsuid>() や B<setfsgid>() を明示的に呼び出すのは、Linux NFS サー"
+"バー のように、 ファイルアクセスに用いるユーザID / グループID を変更しなけれ"
+"ばならないが、 対応する実(real)/実効(effective) ユーザID / グループID は変更"
+"したくないような プログラムに限られる。 NFS サーバーのようなプログラムで、通"
+"常のユーザID を変更すると、 プロセスを望まないシグナルにさらす可能性があり、 "
+"セキュリティホールになる。(下記参照)"
+
+#. type: Plain text
+#: build/C/man2/setfsgid.2:68
+msgid ""
+"B<setfsgid>() will succeed only if the caller is the superuser or if "
+"I<fsgid> matches either the caller's real group ID, effective group ID, "
+"saved set-group-ID, or current the filesystem user ID."
+msgstr ""
+"B<setfsgid>() は、スーパーユーザによって呼び出された場合か、 I<fsgid> が呼び"
+"出し元の実グループID、実効グループID、 保存セットグループID (saved set-group-"
+"ID)、現在のファイルシステムグループ ID の値のいずれかに一致する場合にのみ成功"
+"する。"
+
+#. type: Plain text
+#: build/C/man2/setfsgid.2:71
+msgid ""
+"On both success and failure, this call returns the previous filesystem group "
+"ID of the caller."
+msgstr ""
+"成功時も失敗時も、 この呼び出しは直前の呼び出し元のファイルシステムグループ "
+"ID の値を返す。"
+
+#. This system call is present since Linux 1.1.44
+#. and in libc since libc 4.7.6.
+#. type: Plain text
+#: build/C/man2/setfsgid.2:75 build/C/man2/setfsuid.2:75
+msgid "This system call is present in Linux since version 1.2."
+msgstr "このシステムコールはバージョン 1.2 以降の Linux に存在する。"
+
+#. type: Plain text
+#: build/C/man2/setfsgid.2:79
+msgid ""
+"B<setfsgid>() is Linux-specific and should not be used in programs intended "
+"to be portable."
+msgstr ""
+"B<setfsgid>() は Linux 特有であり、移植を想定したプログラムで使用してはいけ"
+"ない。"
+
+#. type: Plain text
+#: build/C/man2/setfsgid.2:85
+msgid ""
+"When glibc determines that the argument is not a valid group ID, it will "
+"return -1 and set I<errno> to B<EINVAL> without attempting the system call."
+msgstr ""
+"glibc が引き数がグループID として不正だと判断した場合は、 システムコールを行"
+"わず I<errno> に B<EINVAL> を設定して -1 が返される。"
+
+#. type: Plain text
+#: build/C/man2/setfsgid.2:96
+msgid ""
+"Note that at the time this system call was introduced, a process could send "
+"a signal to a process with the same effective user ID. Today signal "
+"permission handling is slightly different. See B<setfsuid>(2) for a "
+"discussion of why the use of both B<setfsuid>(2) and B<setfsgid>() is "
+"nowadays unneeded."
+msgstr ""
+"このシステムコールが導入された当時、プロセスは 同じ実効ユーザIDのプロセスへシ"
+"グナルを送ることができた。 今日では、シグナル送信権限の扱いはかなり違うものに"
+"なっている。 なぜ今日では B<setfsuid>(2) と B<setfsgid>() の両者が不要なのか"
+"の議論については B<setfsuid>(2) を参照のこと。"
+
+#. type: Plain text
+#: build/C/man2/setfsgid.2:106
+msgid ""
+"The original Linux B<setfsgid>() system call supported only 16-bit group "
+"IDs. Subsequently, Linux 2.4 added B<setfsgid32>() supporting 32-bit IDs. "
+"The glibc B<setfsgid>() wrapper function transparently deals with the "
+"variation across kernel versions."
+msgstr ""
+"元々の Linux の B<setfsgid>() システムコールは\n"
+"16 ビットのグループ ID だけに対応していた。\n"
+"その後、Linux 2.4 で、32 ビットの ID に対応した\n"
+"B<setfsgid32>() が追加された。\n"
+"glibc の B<setfsgid>() のラッパー関数は\n"
+"カーネルバージョンによるこの違いを吸収している。"
+
+#. type: Plain text
+#: build/C/man2/setfsgid.2:123
+msgid ""
+"No error indications of any kind are returned to the caller, and the fact "
+"that both successful and unsuccessful calls return the same value makes it "
+"impossible to directly determine whether the call succeeded or failed. "
+"Instead, the caller must resort to looking at the return value from a "
+"further call such as I<setfsgid(-1)> (which will always fail), in order to "
+"determine if a preceding call to B<setfsgid>() changed the filesystem group "
+"ID. At the very least, B<EPERM> should be returned when the call fails "
+"(because the caller lacks the B<CAP_SETGID> capability)."
+msgstr ""
+"いかなる種類のエラーメッセージも返さず、 成功した場合も失敗した場合も呼び出し"
+"は同じ値を返すため、 呼び出しが成功したか失敗したかを直接判定することはできな"
+"い。 その代わり、 直前の B<setfsgid>() の呼び出しがファイルシステムグループ "
+"ID を変更したかどうかを判定するために、 呼び出し元はこの後に I<setfsgid(-1)> "
+"などを呼び出して返り値を見なければならない (I<setfsgid(-1)> は常に失敗す"
+"る)。 最低でも、失敗した場合は B<EPERM> くらいは返すべきである (呼び出し元に"
+"は B<CAP_SETGID> ケーパビリティがなかったのだから)。"
+
+#. type: Plain text
+#: build/C/man2/setfsgid.2:128
+msgid "B<kill>(2), B<setfsuid>(2), B<capabilities>(7), B<credentials>(7)"
+msgstr "B<kill>(2), B<setfsuid>(2), B<capabilities>(7), B<credentials>(7)"
+
+#. type: TH
+#: build/C/man2/setfsuid.2:31
+#, no-wrap
+msgid "SETFSUID"
+msgstr "SETFSUID"
+
+#. type: Plain text
+#: build/C/man2/setfsuid.2:34
+msgid "setfsuid - set user identity used for filesystem checks"
+msgstr "setfsuid - ファイルシステムのチェックに用いられるユーザ ID を設定する"
+
+#. type: Plain text
+#: build/C/man2/setfsuid.2:38
+msgid "B<int setfsuid(uid_t >I<fsuid>B<);>"
+msgstr "B<int setfsuid(uid_t >I<fsuid>B<);>"
+
+#. type: Plain text
+#: build/C/man2/setfsuid.2:51
+msgid ""
+"The system call B<setfsuid>() changes the value of the caller's filesystem "
+"user ID\\(emthe user ID that the Linux kernel uses to check for all accesses "
+"to the filesystem. Normally, the value of the filesystem user ID will "
+"shadow the value of the effective user ID. In fact, whenever the effective "
+"user ID is changed, the filesystem user ID will also be changed to the new "
+"value of the effective user ID."
+msgstr ""
+"B<setfsuid>() は、 呼び出し元のファイルシステムユーザー ID \\(em ファイルシ"
+"ステムへの全てのアクセスのチェックにおいて Linux カーネルが使用するユーザ ID "
+"\\(em の値を変更する。通常はファイルシステムユーザー ID の値は実効 "
+"(effective) ユーザID と同じになる。実際、 実効ユーザID が変更される度にファイ"
+"ルシステムユーザー ID もまた新しい実効ユーザ ID の値に変更される。"
+
+#. type: Plain text
+#: build/C/man2/setfsuid.2:62
+msgid ""
+"Explicit calls to B<setfsuid>() and B<setfsgid>(2) are usually used only "
+"by programs such as the Linux NFS server that need to change what user and "
+"group ID is used for file access without a corresponding change in the real "
+"and effective user and group IDs. A change in the normal user IDs for a "
+"program such as the NFS server is a security hole that can expose it to "
+"unwanted signals. (But see below.)"
+msgstr ""
+"通常、 B<setfsuid>() や B<setfsgid>() を明示的に呼び出すのは、Linux NFS サー"
+"バー のように、 ファイルアクセスに用いるユーザID / グループID を変更しなけれ"
+"ばならないが、 対応する実(real)/実効(effective) ユーザID / グループID は変更"
+"したくないような プログラムに限られる。 NFS サーバーのようなプログラムで、通"
+"常のユーザID を変更すると、 プロセスを望まないシグナルにさらす可能性があり、 "
+"セキュリティホールになる。(下記参照)"
+
+#. type: Plain text
+#: build/C/man2/setfsuid.2:68
+msgid ""
+"B<setfsuid>() will succeed only if the caller is the superuser or if "
+"I<fsuid> matches either the caller's real user ID, effective user ID, saved "
+"set-user-ID, or current filesystem user ID."
+msgstr ""
+"B<setfsuid>() は、スーパーユーザによって呼び出された場合か、 I<fsuid> が呼び"
+"出し元の実ユーザID、実効ユーザID、 保存セットユーザID (saved set-user-ID)、現"
+"在のファイルシステムグループ ID の値のいずれかに一致する場合にのみ成功する。"
+
+#. type: Plain text
+#: build/C/man2/setfsuid.2:71
+msgid ""
+"On both success and failure, this call returns the previous filesystem user "
+"ID of the caller."
+msgstr ""
+"成功時も失敗時も、 この呼び出しは直前の呼び出し元のファイルシステムユーザー "
+"ID の値を返す。"
+
+#. type: Plain text
+#: build/C/man2/setfsuid.2:79
+msgid ""
+"B<setfsuid>() is Linux-specific and should not be used in programs intended "
+"to be portable."
+msgstr ""
+"B<setfsuid>() は Linux 特有であり、移植を想定したプログラムで使用してはいけ"
+"ない。"
+
+#. type: Plain text
+#: build/C/man2/setfsuid.2:85
+msgid ""
+"When glibc determines that the argument is not a valid user ID, it will "
+"return -1 and set I<errno> to B<EINVAL> without attempting the system call."
+msgstr ""
+"glibc が引き数がユーザID として不正だと判断した場合は、 システムコールを行わ"
+"ず I<errno> に B<EINVAL> を設定して -1 が返される。"
+
+#. type: Plain text
+#: build/C/man2/setfsuid.2:104
+msgid ""
+"At the time when this system call was introduced, one process could send a "
+"signal to another process with the same effective user ID. This meant that "
+"if a privileged process changed its effective user ID for the purpose of "
+"file permission checking, then it could become vulnerable to receiving "
+"signals sent by another (unprivileged) process with the same user ID. The "
+"filesystem user ID attribute was thus added to allow a process to change its "
+"user ID for the purposes of file permission checking without at the same "
+"time becoming vulnerable to receiving unwanted signals. Since Linux 2.0, "
+"signal permission handling is different (see B<kill>(2)), with the result "
+"that a process change can change its effective user ID without being "
+"vulnerable to receiving signals from unwanted processes. Thus, "
+"B<setfsuid>() is nowadays unneeded and should be avoided in new "
+"applications (likewise for B<setfsgid>(2))."
+msgstr ""
+"このシステムコールが導入された当時、 あるプロセスは同じ実効ユーザー ID を持つ"
+"別のプロセスにシグナルを送信できた。 これは、 特権プロセスがファイルのアクセ"
+"ス許可をチェックするために自身の実効ユーザー ID を変更すると、 同じユーザー "
+"ID を持つ別の (非特権) プロセスが送信したシグナルを受け取るようになってしまう"
+"ことを意味する。そのため、 プロセスが、 受け取りたくないシグナルを受信する状"
+"態にならずに、 ファイルのアクセス許可をチェックするために自身のユーザー ID を"
+"変更できるように、 ファイルシステムユーザー ID 属性が追加された。 Linux 2.0 "
+"以降では、 シグナルの送信許可の扱いは異なり (B<kill>(2) 参照)、 プロセスは、 "
+"望まないプロセスからシグナルを受信してしまう状態にならずに、 自身の実効ユー"
+"ザー ID を変更することができる。 したがって、 B<setfsuid>() は今日では不要で"
+"あり、 新規のアプリケーションでは使用すべきではない (B<setfsgid>(2) も同様)。"
+
+#. type: Plain text
+#: build/C/man2/setfsuid.2:114
+msgid ""
+"The original Linux B<setfsuid>() system call supported only 16-bit user "
+"IDs. Subsequently, Linux 2.4 added B<setfsuid32>() supporting 32-bit IDs. "
+"The glibc B<setfsuid>() wrapper function transparently deals with the "
+"variation across kernel versions."
+msgstr ""
+"元々の Linux の B<setfsuid>() システムコールは\n"
+"16 ビットのグループ ID だけに対応していた。\n"
+"その後、Linux 2.4 で、32 ビットの ID に対応した\n"
+"B<setfsuid32>() が追加された。\n"
+"glibc の B<setfsuid>() のラッパー関数は\n"
+"カーネルバージョンによるこの違いを吸収している。"
+
+#. type: Plain text
+#: build/C/man2/setfsuid.2:131
+msgid ""
+"No error indications of any kind are returned to the caller, and the fact "
+"that both successful and unsuccessful calls return the same value makes it "
+"impossible to directly determine whether the call succeeded or failed. "
+"Instead, the caller must resort to looking at the return value from a "
+"further call such as I<setfsuid(-1)> (which will always fail), in order to "
+"determine if a preceding call to B<setfsuid>() changed the filesystem user "
+"ID. At the very least, B<EPERM> should be returned when the call fails "
+"(because the caller lacks the B<CAP_SETUID> capability)."
+msgstr ""
+"いかなる種類のエラーメッセージも返さず、 成功した場合も失敗した場合も呼び出し"
+"は同じ値を返すため、 呼び出しが成功したか失敗したかを直接判定することはできな"
+"い。 その代わり、 直前の B<setfsuid>() の呼び出しがファイルシステムグループ "
+"ID を変更したかどうかを判定するために、 呼び出し元はこの後に I<setfsuid(-1)> "
+"などを呼び出して返り値を見なければならない (I<setfsuid(-1)> は常に失敗す"
+"る)。 最低でも、失敗した場合は B<EPERM> くらいは返すべきである (呼び出し元に"
+"は B<CAP_SETUID> ケーパビリティがなかったのだから)。"
+
+#. type: Plain text
+#: build/C/man2/setfsuid.2:136
+msgid "B<kill>(2), B<setfsgid>(2), B<capabilities>(7), B<credentials>(7)"
+msgstr "B<kill>(2), B<setfsgid>(2), B<capabilities>(7), B<credentials>(7)"
+
+#. type: TH
+#: build/C/man2/setgid.2:29
+#, no-wrap
+msgid "SETGID"
+msgstr "SETGID"
+
+#. type: Plain text
+#: build/C/man2/setgid.2:32
+msgid "setgid - set group identity"
+msgstr "setgid - グループ識別(identity)を設定する"
+
+#. type: Plain text
+#: build/C/man2/setgid.2:38
+msgid "B<int setgid(gid_t >I<gid>B<);>"
+msgstr "B<int setgid(gid_t >I<gid>B<);>"
+
+#. type: Plain text
+#: build/C/man2/setgid.2:43
+msgid ""
+"B<setgid>() sets the effective group ID of the calling process. If the "
+"caller is the superuser, the real GID and saved set-group-ID are also set."
+msgstr ""
+"B<setgid>() は呼び出し元のプロセスの実効 (effective) グループID を設定す"
+"る。 もしスーパーユーザーによって呼び出された場合は、 実 (real) グループID と"
+"保存 (saved) set-group-ID も設定される。"
+
+#. type: Plain text
+#: build/C/man2/setgid.2:53
+msgid ""
+"Under Linux, B<setgid>() is implemented like the POSIX version with the "
+"B<_POSIX_SAVED_IDS> feature. This allows a set-group-ID program that is not "
+"set-user-ID-root to drop all of its group privileges, do some un-privileged "
+"work, and then reengage the original effective group ID in a secure manner."
+msgstr ""
+"Linux において、 B<setgid>() は B<_POSIX_SAVED_IDS> をもった POSIX 版のよう"
+"に実装されている。 これは set-user-ID-root でない set-group-ID プログラムにそ"
+"のグループの 特権の全て落とし、特権の必要ない仕事をし、本来の実効グループID "
+"に 安全な方法で再び戻すことを許す。"
+
+#. type: Plain text
+#: build/C/man2/setgid.2:64
+msgid "The group ID specified in I<gid> is not valid in this user namespace."
+msgstr ""
+"I<gid> で指定されたグループ ID がこのユーザー名前空間では有効ではない。"
+
+#. type: Plain text
+#: build/C/man2/setgid.2:71
+msgid ""
+"The calling process is not privileged (does not have the B<CAP_SETGID> "
+"capability), and I<gid> does not match the real group ID or saved set-group-"
+"ID of the calling process."
+msgstr ""
+"呼び出し元のプロセスに権限がなく (B<CAP_SETGID> ケーパビリティがなく)、かつ "
+"I<gid> が呼び出し元のプロセスの実グループID と保存セットグループID のどちらと"
+"も一致しない。"
+
+#. type: Plain text
+#: build/C/man2/setgid.2:83
+msgid ""
+"The original Linux B<setgid>() system call supported only 16-bit group "
+"IDs. Subsequently, Linux 2.4 added B<setgid32>() supporting 32-bit IDs. "
+"The glibc B<setgid>() wrapper function transparently deals with the "
+"variation across kernel versions."
+msgstr ""
+"元々の Linux の B<setgid>() システムコールは\n"
+"16 ビットのグループ ID だけに対応していた。\n"
+"その後、Linux 2.4 で、32 ビットの ID に対応した\n"
+"B<setgid32>() が追加された。\n"
+"glibc の B<setgid>() のラッパー関数は\n"
+"カーネルバージョンによるこの違いを吸収している。"
+
+#. type: Plain text
+#: build/C/man2/setgid.2:90
+msgid ""
+"B<getgid>(2), B<setegid>(2), B<setregid>(2), B<capabilities>(7), "
+"B<credentials>(7), B<user_namespaces>(7)"
+msgstr ""
+"B<getgid>(2), B<setegid>(2), B<setregid>(2), B<capabilities>(7), "
+"B<credentials>(7), B<user_namespaces>(7)"
+
+#. type: TH
+#: build/C/man2/setpgid.2:48
+#, no-wrap
+msgid "SETPGID"
+msgstr "SETPGID"
+
+#. type: TH
+#: build/C/man2/setpgid.2:48
+#, no-wrap
+msgid "2014-01-07"
+msgstr "2014-01-07"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:51
+msgid "setpgid, getpgid, setpgrp, getpgrp - set/get process group"
+msgstr "setpgid, getpgid, setpgrp, getpgrp - プロセスグループの設定/取得を行う"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:55
+msgid "B<int setpgid(pid_t >I<pid>B<, pid_t >I<pgid>B<);>"
+msgstr "B<int setpgid(pid_t >I<pid>B<, pid_t >I<pgid>B<);>"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:57
+msgid "B<pid_t getpgid(pid_t >I<pid>B<);>"
+msgstr "B<pid_t getpgid(pid_t >I<pid>B<);>"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:59
+msgid "B<pid_t getpgrp(void);> /* POSIX.1 version */"
+msgstr "B<pid_t getpgrp(void);> /* POSIX.1 version */"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:62
+msgid ""
+"B<pid_t getpgrp(pid_t >I<pid>B<);\\ \\ \\ \\ \\ \\ \\ \\ \\ \\ \\ > /* BSD "
+"version */"
+msgstr ""
+"B<pid_t getpgrp(pid_t >I<pid>B<);\\ \\ \\ \\ \\ \\ \\ \\ \\ \\ \\ > /* BSD "
+"version */"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:64
+msgid "B<int setpgrp(void);> /* System V version */"
+msgstr "B<int setpgrp(void);> /* System V version */"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:67
+msgid "B<int setpgrp(pid_t >I<pid>B<, pid_t >I<pgid>B<);\\ > /* BSD version */"
+msgstr ""
+"B<int setpgrp(pid_t >I<pid>B<, pid_t >I<pgid>B<);\\ > /* BSD version */"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:76
+msgid "B<getpgid>():"
+msgstr "B<getpgid>():"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:84
+msgid "B<setpgrp>() (POSIX.1):"
+msgstr "B<setpgrp>() (POSIX.1):"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:87
+#, no-wrap
+msgid ""
+" _SVID_SOURCE || _XOPEN_SOURCE\\ E<gt>=\\ 500 ||\n"
+" _XOPEN_SOURCE\\ &&\\ _XOPEN_SOURCE_EXTENDED\n"
+msgstr ""
+" _SVID_SOURCE || _XOPEN_SOURCE\\ E<gt>=\\ 500 ||\n"
+" _XOPEN_SOURCE\\ &&\\ _XOPEN_SOURCE_EXTENDED\n"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:89
+#, no-wrap
+msgid " || /* Since glibc 2.19: */ _BSD_SOURCE\n"
+msgstr " || /* glibc 2.19 以降: */ _BSD_SOURCE\n"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:93
+msgid "B<setpgrp>()\\ (BSD), B<getpgrp>()\\ (BSD) [before glibc 2.19]:"
+msgstr "B<setpgrp>()\\ (BSD), B<getpgrp>()\\ (BSD) [glibc 2.19 より前]:"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:97
+#, no-wrap
+msgid ""
+" _BSD_SOURCE &&\n"
+" !\\ (_POSIX_SOURCE || _POSIX_C_SOURCE || _XOPEN_SOURCE ||\n"
+" _XOPEN_SOURCE_EXTENDED || _GNU_SOURCE || _SVID_SOURCE)\n"
+msgstr ""
+" _BSD_SOURCE &&\n"
+" !\\ (_POSIX_SOURCE || _POSIX_C_SOURCE || _XOPEN_SOURCE ||\n"
+" _XOPEN_SOURCE_EXTENDED || _GNU_SOURCE || _SVID_SOURCE)\n"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:109
+msgid ""
+"All of these interfaces are available on Linux, and are used for getting and "
+"setting the process group ID (PGID) of a process. The preferred, POSIX.1-"
+"specified ways of doing this are: B<getpgrp>(void), for retrieving the "
+"calling process's PGID; and B<setpgid>(), for setting a process's PGID."
+msgstr ""
+"これらのインタフェースすべてが Linux で利用可能で、 これらを使ってプロセスの"
+"プロセスグループ ID (PGID) の 取得や設定ができる。 推奨の、POSIX.1 で規定され"
+"た方法では、 B<getpgrp>(void) で呼び出し元プロセスの PGID を取得し、 "
+"B<setpgid>() で設定する。"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:134
+msgid ""
+"B<setpgid>() sets the PGID of the process specified by I<pid> to I<pgid>. "
+"If I<pid> is zero, then the process ID of the calling process is used. If "
+"I<pgid> is zero, then the PGID of the process specified by I<pid> is made "
+"the same as its process ID. If B<setpgid>() is used to move a process from "
+"one process group to another (as is done by some shells when creating "
+"pipelines), both process groups must be part of the same session (see "
+"B<setsid>(2) and B<credentials>(7)). In this case, the I<pgid> specifies "
+"an existing process group to be joined and the session ID of that group must "
+"match the session ID of the joining process."
+msgstr ""
+"B<setpgid>() は I<pid> で指定したプロセスの PGID に I<pgid> を設定する。 "
+"I<pid> がゼロならば、呼び出し元プロセスのプロセス ID が pid として使用され"
+"る。 I<pgid> がゼロならば、 I<pid> で指定されたプロセスの PGID がそのプロセス"
+"のプロセス ID と 同じに設定される。 B<setpgid>() をプロセスをあるプロセスグ"
+"ループから別のグループへ 移動するために使用する場合は (一部のシェルはパイプラ"
+"インを生成 する時にこれを行う)、両方のプロセスグループは同じセッションの 一部"
+"でなければならない (B<setsid>(2) と B<credentials>(7) 参照)。この場合は "
+"I<pgid> は参加すべき既存の プロセスグループを指定し、そのセッション ID は参加"
+"するプロセスの セッション ID に一致しなければならない。"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:139
+msgid ""
+"The POSIX.1 version of B<getpgrp>(), which takes no arguments, returns the "
+"PGID of the calling process."
+msgstr ""
+"POSIX.1 バージョンの B<getpgrp>() は引き数を一つもとらず、 呼び出し元プロセ"
+"スの PGID を返す。"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:150
+msgid ""
+"B<getpgid>() returns the PGID of the process specified by I<pid>. If "
+"I<pid> is zero, the process ID of the calling process is used. (Retrieving "
+"the PGID of a process other than the caller is rarely necessary, and the "
+"POSIX.1 B<getpgrp>() is preferred for that task.)"
+msgstr ""
+"B<getpgid>() は I<pid> で指定されたプロセスの PGID を返す。 I<pid> がゼロな"
+"らば、呼び出し元プロセスのプロセス ID が pid として使用される。 (呼び出し元プ"
+"ロセス以外のプロセスの PGID の取得が必要になることは めったになく、呼び出し元"
+"プロセスの PGID を取得するには POSIX.1 バージョンの B<getpgrp>() を使うのが"
+"望ましい。)"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:155
+msgid ""
+"The System\\ V-style B<setpgrp>(), which takes no arguments, is equivalent "
+"to I<setpgid(0,\\ 0)>."
+msgstr ""
+"System\\ V バージョンの B<setpgrp>() は引き数を一つもとらず、 I<setpgid(0,"
+"\\ 0)> と等価である。"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:163
+msgid ""
+"The BSD-specific B<setpgrp>() call, which takes arguments I<pid> and "
+"I<pgid>, is is a wrapper function that calls"
+msgstr ""
+"BSD 仕様の B<setpgrp>() は I<pid> と I<pgid> を引き数にとり、 以下を呼び出す"
+"ラッパー関数である。"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:165
+#, no-wrap
+msgid " setpgid(pid, pgid)\n"
+msgstr " setpgid(pid, pgid)\n"
+
+#. The true BSD setpgrp() system call differs in allowing the PGID
+#. to be set to arbitrary values, rather than being restricted to
+#. PGIDs in the same session.
+#. type: Plain text
+#: build/C/man2/setpgid.2:176
+msgid ""
+"Since glibc 2.19, the BSD-specific B<setpgrp>() function is no longer "
+"exposed by I<E<lt>unistd.hE<gt>>; calls should be replaced with the "
+"B<setpgid>() call shown above."
+msgstr ""
+"glibc 2.19 以降、 BSD 固有の B<setpgrp>() 関数はもはや I<E<lt>unistd.hE<gt>> "
+"では公開されない。 この関数の呼び出しは上記の B<setpgid>() の呼び出しで置き換"
+"えるべきである。"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:182
+msgid ""
+"The BSD-specific B<getpgrp>() call, which takes a single I<pid> argument, "
+"is a wrapper function that calls"
+msgstr ""
+"BSD 仕様の B<getpgrp>() は I<pid> だけを引き数にとり、 以下を呼び出すラッ"
+"パー関数である。"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:184
+#, no-wrap
+msgid " getpgid(pid)\n"
+msgstr " getpgid(pid)\n"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:195
+msgid ""
+"Since glibc 2.19, the BSD-specific B<getpgrp>() function is no longer "
+"exposed by I<E<lt>unistd.hE<gt>>; calls should be replaced with calls to the "
+"POSIX.1 B<getpgrp>() which takes no arguments (if the intent is to obtain "
+"the caller's PGID), or with the B<getpgid>() call shown above."
+msgstr ""
+"glibc 2.19 以降、 BSD 固有の B<getpgrp>() 関数はもはや I<E<lt>unistd.hE<gt>> "
+"では公開されない。 この関数の呼び出しは、引き数を取らない POSIX.1 の "
+"B<getpgrp>() の呼び出し (呼び出し元の PGID を取得する目的の場合)、もしくは上"
+"記の B<getpgid>() の呼び出しで置き換えるべきである。"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:204
+msgid ""
+"On success, B<setpgid>() and B<setpgrp>() return zero. On error, -1 is "
+"returned, and I<errno> is set appropriately."
+msgstr ""
+"B<setpgid>() と B<setpgrp>() は成功した場合、ゼロを返す。エラーの場合は -1 "
+"を返し、 I<errno> が適切に設定される。"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:208
+msgid "The POSIX.1 B<getpgrp>() always returns the PGID of the caller."
+msgstr ""
+"POSIX.1 バージョンの B<getpgrp>() は常に呼び出しプロセスの PGID を返す。"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:216
+msgid ""
+"B<getpgid>(), and the BSD-specific B<getpgrp>() return a process group on "
+"success. On error, -1 is returned, and I<errno> is set appropriately."
+msgstr ""
+"B<getpgid>() と BSD 仕様の B<getpgrp>() は成功した場合プロセスグループを返"
+"す。 エラーの場合は -1 を返し、 I<errno> が適切に設定される。"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:225
+msgid ""
+"An attempt was made to change the process group ID of one of the children of "
+"the calling process and the child had already performed an B<execve>(2) "
+"(B<setpgid>(), B<setpgrp>())."
+msgstr ""
+"呼び出し元プロセスの子プロセスのプロセスグループ ID を変更しようとしたが、 す"
+"でにその子プロセスは B<execve>(2) を実行していた。 (B<setpgid>(), "
+"B<setpgrp>())"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:231
+msgid "I<pgid> is less than 0 (B<setpgid>(), B<setpgrp>())."
+msgstr "I<pgid> が 0 より小さい。 (B<setpgid>(), B<setpgrp>())"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:240
+msgid ""
+"An attempt was made to move a process into a process group in a different "
+"session, or to change the process group ID of one of the children of the "
+"calling process and the child was in a different session, or to change the "
+"process group ID of a session leader (B<setpgid>(), B<setpgrp>())."
+msgstr ""
+"プロセスを異なるセッションのプロセスグループに移動させようとした。 または呼び"
+"出し元プロセスの子プロセスのプロセスグループ ID を変更しようと したが、その子"
+"プロセスは別のセッションだった。 またはセッションリーダーのプロセスグループ "
+"ID を変更しようとした。 (B<setpgid>(), B<setpgrp>())"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:250
+msgid ""
+"For B<getpgid>(): I<pid> does not match any process. For B<setpgid>(): "
+"I<pid> is not the calling process and not a child of the calling process."
+msgstr ""
+"B<getpgid>() の場合: I<pid> がどのプロセスにも一致しない。 B<setpgid>() の"
+"場合: I<pid> が呼び出し元のプロセスではなく、呼び出し元のプロセスの子プロセス"
+"でもない。"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:256
+msgid ""
+"B<setpgid>() and the version of B<getpgrp>() with no arguments conform to "
+"POSIX.1-2001."
+msgstr ""
+"B<setpgid>() と、引き数なしバージョンの B<getpgrp>() は POSIX.1-2001 に準拠"
+"している。"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:265
+msgid ""
+"POSIX.1-2001 also specifies B<getpgid>() and the version of B<setpgrp>() "
+"that takes no arguments. (POSIX.1-2008 marks this B<setpgrp>() "
+"specification as obsolete.)"
+msgstr ""
+"POSIX.1-2001 は、 B<getpgid>() と、引き数なしバージョンの B<setpgrp>() も規"
+"定している。 POSIX.1-2008 は、この B<setpgrp>() の仕様を廃止予定としている。"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:272
+msgid ""
+"The version of B<getpgrp>() with one argument and the version of "
+"B<setpgrp>() that takes two arguments derive from 4.2BSD, and are not "
+"specified by POSIX.1."
+msgstr ""
+"引き数 1 個バージョンの B<getpgrp>() と引き数 2 個バージョンの "
+"B<setpgrp>() は 4.2BSD に由来し、 POSIX.1 では規定されていない。"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:278
+msgid ""
+"A child created via B<fork>(2) inherits its parent's process group ID. The "
+"PGID is preserved across an B<execve>(2)."
+msgstr ""
+"B<fork>(2) で作成された子プロセスは、親プロセスの PGID を継承する。 "
+"B<execve>(2) の前後で PGID は保存される。"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:281
+msgid ""
+"Each process group is a member of a session and each process is a member of "
+"the session of which its process group is a member."
+msgstr ""
+"各プロセスグループはセッションのメンバーであり、各プロセスは そのプロセスグ"
+"ループが所属しているセッションのメンバーである。"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:308
+msgid ""
+"A session can have a controlling terminal. At any time, one (and only one) "
+"of the process groups in the session can be the foreground process group for "
+"the terminal; the remaining process groups are in the background. If a "
+"signal is generated from the terminal (e.g., typing the interrupt key to "
+"generate B<SIGINT>), that signal is sent to the foreground process group. "
+"(See B<termios>(3) for a description of the characters that generate "
+"signals.) Only the foreground process group may B<read>(2) from the "
+"terminal; if a background process group tries to B<read>(2) from the "
+"terminal, then the group is sent a B<SIGTTIN> signal, which suspends it. "
+"The B<tcgetpgrp>(3) and B<tcsetpgrp>(3) functions are used to get/set the "
+"foreground process group of the controlling terminal."
+msgstr ""
+"セッションは制御端末 (controlling terminal) を持つことができる。 いつでも、"
+"セッションに所属するプロセスグループの一つ (だけ) が 端末のフォアグランドのプ"
+"ロセスグループになることができ、 残りのプロセスグループはバックグラウンドにな"
+"る。 端末からシグナルが生成された場合 (例えば、中断キーを叩いて B<SIGINT> が"
+"生成されるなど)、そのシグナルはフォアグラウンドのプロセスグループ に送られる "
+"(シグナルを生成する文字の説明は B<termios>(3) を参照)。 フォアグラウンドのプ"
+"ロセスグループだけが端末からの B<read>(2) ができる。 バックグラウンドのプロ"
+"セスグループが端末からの B<read>(2) を行おうとした場合、そのプロセスグループ"
+"にはシグナル B<SIGTTIN> が送られ、そのプロセスグループは一時停止 (suspend) す"
+"る。 関数 B<tcgetpgrp>(3) と B<tcsetpgrp>(3) を使うと、制御端末のフォアグラ"
+"ウンドのプロセスグループを 取得/設定できる。"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:316
+msgid ""
+"The B<setpgid>() and B<getpgrp>() calls are used by programs such as "
+"B<bash>(1) to create process groups in order to implement shell job control."
+msgstr ""
+"B<setpgid>() と B<getpgrp>() は、 B<bash>(1) のようなプログラムで、シェル"
+"のジョブ制御 (job control) の実装のための プロセスグループを作成するのに使わ"
+"れる。"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:326
+msgid ""
+"If a session has a controlling terminal, and the B<CLOCAL> flag for that "
+"terminal is not set, and a terminal hangup occurs, then the session leader "
+"is sent a B<SIGHUP>. If the session leader exits, then a B<SIGHUP> signal "
+"will also be sent to each process in the foreground process group of the "
+"controlling terminal."
+msgstr ""
+"セッションが制御端末を持っていて、その端末に対して B<CLOCAL> フラグが設定され"
+"ておらず、端末のハングアップが起きた場合、 セッション・リーダーに B<SIGHUP> "
+"が送られる。 セッション・リーダーが終了した場合には、その制御端末の フォアグ"
+"ランドのプロセスグループに所属する各プロセスにも B<SIGHUP> シグナルが送られ"
+"る。"
+
+#. exit.3 refers to the following text:
+#. type: Plain text
+#: build/C/man2/setpgid.2:340
+msgid ""
+"If the exit of the process causes a process group to become orphaned, and if "
+"any member of the newly orphaned process group is stopped, then a B<SIGHUP> "
+"signal followed by a B<SIGCONT> signal will be sent to each process in the "
+"newly orphaned process group. An orphaned process group is one in which the "
+"parent of every member of process group is either itself also a member of "
+"the process group or is a member of a process group in a different session "
+"(see also B<credentials>(7))."
+msgstr ""
+"プロセスの終了によってプロセスグループが孤児 (orphaned) になった際に、 その新"
+"たに孤児になったプロセスグループに停止しているメンバーがいれば、 その孤児に"
+"なったプロセスグループに属す全てのプロセスに B<SIGHUP> シグナルに続けて "
+"B<SIGCONT> シグナルが送られる。 孤児になった (orphaned) プロセスグループと"
+"は、 そのプロセスグループの全てのメンバーについて、メンバーの親プロセスが、 "
+"親プロセス自身もそのプロセスグループのメンバーか、 別のセッションに属すプロセ"
+"スグループのメンバーのいずれかであるような、 プロセスグループのことである。"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:347
+msgid ""
+"B<getuid>(2), B<setsid>(2), B<tcgetpgrp>(3), B<tcsetpgrp>(3), B<termios>(3), "
+"B<credentials>(7)"
+msgstr ""
+"B<getuid>(2), B<setsid>(2), B<tcgetpgrp>(3), B<tcsetpgrp>(3), B<termios>(3), "
+"B<credentials>(7)"
+
+#. type: TH
+#: build/C/man2/setresuid.2:26
+#, no-wrap
+msgid "SETRESUID"
+msgstr "SETRESUID"
#. type: Plain text
#: build/C/man2/setresuid.2:29
msgstr "setresuid, setresgid - ユーザやグループの 実、実効、保存 ID を設定する"
#. type: Plain text
-#: build/C/man2/setresuid.2:35
-msgid "B<int setresuid(uid_t >I<ruid>B<, uid_t >I<euid>B<, uid_t >I<suid>B<);>"
+#: build/C/man2/setresuid.2:35
+msgid "B<int setresuid(uid_t >I<ruid>B<, uid_t >I<euid>B<, uid_t >I<suid>B<);>"
+msgstr ""
+"B<int setresuid(uid_t >I<ruid>B<, uid_t >I<euid>B<, uid_t >I<suid>B<);>"
+
+#. type: Plain text
+#: build/C/man2/setresuid.2:37
+msgid "B<int setresgid(gid_t >I<rgid>B<, gid_t >I<egid>B<, gid_t >I<sgid>B<);>"
+msgstr ""
+"B<int setresgid(gid_t >I<rgid>B<, gid_t >I<egid>B<, gid_t >I<sgid>B<);>"
+
+#. type: Plain text
+#: build/C/man2/setresuid.2:41
+msgid ""
+"B<setresuid>() sets the real user ID, the effective user ID, and the saved "
+"set-user-ID of the calling process."
+msgstr ""
+"B<setresuid>() は呼び出し元のプロセスの実 (real) ユーザーID、実効 "
+"(effective) ユーザーID、 保存 set-user-ID を設定する。"
+
+#. type: Plain text
+#: build/C/man2/setresuid.2:47
+msgid ""
+"Unprivileged user processes may change the real UID, effective UID, and "
+"saved set-user-ID, each to one of: the current real UID, the current "
+"effective UID or the current saved set-user-ID."
+msgstr ""
+"非特権ユーザーのプロセスは、その実 UID、実効 UID、保存 set-user-ID を、 現在"
+"の実 UID、現在の実効 UID、現在の保存 set-user-ID のどれかに変更することができ"
+"る:"
+
+#. type: Plain text
+#: build/C/man2/setresuid.2:51
+msgid ""
+"Privileged processes (on Linux, those having the B<CAP_SETUID> capability) "
+"may set the real UID, effective UID, and saved set-user-ID to arbitrary "
+"values."
+msgstr ""
+"特権プロセス (Linux では B<CAP_SETUID> ケーパビリティ (capability) を持つ プ"
+"ロセス) は、実 UID、実効 UID、保存 set-user-ID を任意の値に設定できる。"
+
+#. type: Plain text
+#: build/C/man2/setresuid.2:53
+msgid ""
+"If one of the arguments equals -1, the corresponding value is not changed."
+msgstr "引き数のどれかが -1 の場合はその値は変更されずに残される。"
+
+#. type: Plain text
+#: build/C/man2/setresuid.2:57
+msgid ""
+"Regardless of what changes are made to the real UID, effective UID, and "
+"saved set-user-ID, the filesystem UID is always set to the same value as the "
+"(possibly new) effective UID."
+msgstr ""
+"実 UID、実効 UID、保存 set-user-ID にどんな変更が行われたかに関わらず、 ファ"
+"イルシステム UID は常に実効 UID (可能であれば変更後の新しい実効 UID) と同じ"
+"値に設定される。"
+
+#. type: Plain text
+#: build/C/man2/setresuid.2:64
+msgid ""
+"Completely analogously, B<setresgid>() sets the real GID, effective GID, "
+"and saved set-group-ID of the calling process (and always modifies the "
+"filesystem GID to be the same as the effective GID), with the same "
+"restrictions for unprivileged processes."
+msgstr ""
+"全く同じように、 B<setresgid>() は呼び出し元のプロセスの実 GID、実効 GID、保"
+"存 set-group-ID を設定する (さらにファイルシステム GID を実効 GID と同じ値に"
+"修正する)。 非特権プロセスは同様の制限を受ける。"
+
+#. type: Plain text
+#: build/C/man2/setresuid.2:76
+msgid ""
+"I<Note>: there are cases where B<setresuid>() can fail even when the caller "
+"is UID 0; it is a grave security error to omit checking for a failure return "
+"from B<setresuid>()."
+msgstr ""
+"I<注意>: 呼び出し元が UID 0 であっても B<setresuid>() が失敗する場合がある。 "
+"B<setresuid>() からのリターンが失敗かどうかの確認を省略することは重大なセキュ"
+"リティ上のエラーとなる。"
+
+#. type: TP
+#: build/C/man2/setresuid.2:77 build/C/man2/setresuid.2:84
+#: build/C/man2/setreuid.2:106 build/C/man2/setreuid.2:113
+#: build/C/man2/setuid.2:83 build/C/man2/setuid.2:90
+#, no-wrap
+msgid "B<EAGAIN>"
+msgstr "B<EAGAIN>"
+
+#. type: Plain text
+#: build/C/man2/setresuid.2:84 build/C/man2/setreuid.2:113
+msgid ""
+"The call would change the caller's real UID (i.e., I<ruid> does not match "
+"the caller's real UID), but there was a temporary failure allocating the "
+"necessary kernel data structures."
+msgstr ""
+"この呼び出しで呼び出し元の実 UID が変更されるはずだったが (つまり、 I<ruid> "
+"が呼び出し元の実 UID と一致していない)、 必要なカーネルのデータ構造体の割り当"
+"てで一時的な失敗があった。"
+
+#. type: Plain text
+#: build/C/man2/setresuid.2:99 build/C/man2/setreuid.2:128
+msgid ""
+"I<ruid> does not match the caller's real UID and this call would bring the "
+"number of processes belonging to the real user ID I<ruid> over the caller's "
+"B<RLIMIT_NPROC> resource limit. Since Linux 3.1, this error case no longer "
+"occurs (but robust applications should check for this error); see the "
+"description of B<EAGAIN> in B<execve>(2)."
+msgstr ""
+"I<ruid> は呼び出し元の実 UID と一致しておらず、 この呼び出しで実ユーザー ID "
+"I<ruid> に属するプロセス数が呼び出し元の B<RLIMIT_NPROC> リソース上限を超過す"
+"るところであった。 Linux 3.1 以降では、このエラーはもはや発生することはない "
+"(しかし、堅牢性が求められるアプリケーションではこのエラーを確認すべきであ"
+"る)。 B<execve>(2) の B<EAGAIN> の説明を参照。"
+
+#. type: Plain text
+#: build/C/man2/setresuid.2:103 build/C/man2/setreuid.2:132
+msgid ""
+"One or more of the target user or group IDs is not valid in this user "
+"namespace."
+msgstr ""
+"対象のユーザー ID やグループ ID のうち 1 つ以上がこのユーザー名前空間で有効で"
+"はない。"
+
+#. type: Plain text
+#: build/C/man2/setresuid.2:107
+msgid ""
+"The calling process is not privileged (did not have the B<CAP_SETUID> "
+"capability) and tried to change the IDs to values that are not permitted."
+msgstr ""
+"呼び出したプロセスが特権を持たないのに (B<CAP_SETUID> ケーパビリティを持たな"
+"いのに)、 ID を許されていない値に変更しようとした。"
+
+#. type: Plain text
+#: build/C/man2/setresuid.2:109
+msgid "These calls are available under Linux since Linux 2.1.44."
+msgstr "Linux ではバージョン 2.1.44 より利用可能になった。"
+
+#. type: Plain text
+#: build/C/man2/setresuid.2:116
+msgid ""
+"Under HP-UX and FreeBSD, the prototype is found in I<E<lt>unistd.hE<gt>>. "
+"Under Linux, the prototype is provided by glibc since version 2.3.2."
+msgstr ""
+"HP-UX や FreeBSD では I<E<lt>unistd.hE<gt>> にプロトタイプが存在する。 \n"
+"Linux では、glibc 2.3.2 以降で プロトタイプが提供されている。"
+
+#. type: Plain text
+#: build/C/man2/setresuid.2:132
+msgid ""
+"The original Linux B<setresuid>() and B<setresgid>() system calls "
+"supported only 16-bit user and group IDs. Subsequently, Linux 2.4 added "
+"B<setresuid32>() and B<setresgid32>(), supporting 32-bit IDs. The glibc "
+"B<setresuid>() and B<setresgid>() wrapper functions transparently deal "
+"with the variations across kernel versions."
+msgstr ""
+"元々の Linux の B<setresuid>() と B<setresgid>() システムコールは\n"
+"16 ビットのグループ ID だけに対応していた。\n"
+"その後、Linux 2.4 で、32 ビットの ID に対応した\n"
+"B<setresuid32>() と B<setresgid32>() が追加された。\n"
+"glibc の B<setresuid>() と B<setresgid>() のラッパー関数は\n"
+"カーネルバージョンによるこの違いを吸収している。"
+
+#. type: Plain text
+#: build/C/man2/setresuid.2:142
+msgid ""
+"B<getresuid>(2), B<getuid>(2), B<setfsgid>(2), B<setfsuid>(2), "
+"B<setreuid>(2), B<setuid>(2), B<capabilities>(7), B<credentials>(7), "
+"B<user_namespaces>(7)"
+msgstr ""
+"B<getresuid>(2), B<getuid>(2), B<setfsgid>(2), B<setfsuid>(2), "
+"B<setreuid>(2), B<setuid>(2), B<capabilities>(7), B<credentials>(7), "
+"B<user_namespaces>(7)"
+
+#. type: TH
+#: build/C/man2/setreuid.2:45
+#, no-wrap
+msgid "SETREUID"
+msgstr "SETREUID"
+
+#. type: Plain text
+#: build/C/man2/setreuid.2:48
+msgid "setreuid, setregid - set real and/or effective user or group ID"
+msgstr ""
+"setreuid, setregid - 実 (real) と実効 (effective) ユーザー (グループ) ID を設"
+"定する"
+
+#. type: Plain text
+#: build/C/man2/setreuid.2:54
+msgid "B<int setreuid(uid_t >I<ruid>B<, uid_t >I<euid>B<);>"
+msgstr "B<int setreuid(uid_t >I<ruid>B<, uid_t >I<euid>B<);>"
+
+#. type: Plain text
+#: build/C/man2/setreuid.2:56
+msgid "B<int setregid(gid_t >I<rgid>B<, gid_t >I<egid>B<);>"
+msgstr "B<int setregid(gid_t >I<rgid>B<, gid_t >I<egid>B<);>"
+
+#. type: Plain text
+#: build/C/man2/setreuid.2:64
+msgid "B<setreuid>(), B<setregid>():"
+msgstr "B<setreuid>(), B<setregid>():"
+
+#. type: Plain text
+#: build/C/man2/setreuid.2:68
+msgid ""
+"_BSD_SOURCE || _XOPEN_SOURCE\\ E<gt>=\\ 500 || _XOPEN_SOURCE\\ &&\\ "
+"_XOPEN_SOURCE_EXTENDED"
+msgstr ""
+"_BSD_SOURCE || _XOPEN_SOURCE\\ E<gt>=\\ 500 || _XOPEN_SOURCE\\ &&\\ "
+"_XOPEN_SOURCE_EXTENDED"
+
+#. type: Plain text
+#: build/C/man2/setreuid.2:73
+msgid "B<setreuid>() sets real and effective user IDs of the calling process."
+msgstr ""
+"B<setreuid>() は呼び出し元のプロセスの実 (real) ユーザー ID と 実効 "
+"(effective) ユーザー ID を設定する。"
+
+#. type: Plain text
+#: build/C/man2/setreuid.2:76
+msgid ""
+"Supplying a value of -1 for either the real or effective user ID forces the "
+"system to leave that ID unchanged."
+msgstr ""
+"実ユーザー ID や実効ユーザー ID に -1 を与えた場合、 システムはその ID を変更"
+"しない。"
+
+#. type: Plain text
+#: build/C/man2/setreuid.2:79
+msgid ""
+"Unprivileged processes may only set the effective user ID to the real user "
+"ID, the effective user ID, or the saved set-user-ID."
+msgstr ""
+"非特権プロセスは実効ユーザー ID を実ユーザー ID または実効ユーザー ID または "
+"保存 set-user-ID にしか設定できない。"
+
+#. type: Plain text
+#: build/C/man2/setreuid.2:82
+msgid ""
+"Unprivileged users may only set the real user ID to the real user ID or the "
+"effective user ID."
+msgstr ""
+"非特権ユーザーは、実ユーザー ID を実ユーザー ID または 実効ユーザー ID にしか"
+"設定できない。"
+
+#. type: Plain text
+#: build/C/man2/setreuid.2:88
+msgid ""
+"If the real user ID is set (i.e., I<ruid> is not -1) or the effective user "
+"ID is set to a value not equal to the previous real user ID, the saved set-"
+"user-ID will be set to the new effective user ID."
+msgstr ""
+"実ユーザーID が設定されたり (I<ruid> が -1 ではない)、実効ユーザーID が前の実"
+"ユーザーID と 異った値に設定された場合、保存 set-user-ID には新しい実効ユー"
+"ザーID の値が設定される。"
+
+#. type: Plain text
+#: build/C/man2/setreuid.2:93
+msgid ""
+"Completely analogously, B<setregid>() sets real and effective group ID's of "
+"the calling process, and all of the above holds with \"group\" instead of "
+"\"user\"."
+msgstr ""
+"これと全く同様に、 B<setregid>() は呼び出し元のプロセスの実グループ ID と実"
+"効グループ ID を設定し、 上記の説明で「ユーザー」を「グループ」に読み替えたこ"
+"とが成り立つ。"
+
+#. type: Plain text
+#: build/C/man2/setreuid.2:105
+msgid ""
+"I<Note>: there are cases where B<setreuid>() can fail even when the caller "
+"is UID 0; it is a grave security error to omit checking for a failure return "
+"from B<setreuid>()."
+msgstr ""
+"I<注意>: 呼び出し元が UID 0 であっても B<setreuid>() が失敗する場合がある。 "
+"B<setreuid>() からのリターンが失敗かどうかの確認を省略することは重大なセキュ"
+"リティ上のエラーとなる。"
+
+#. type: Plain text
+#: build/C/man2/setreuid.2:148
+msgid ""
+"The calling process is not privileged (Linux: does not have the "
+"B<CAP_SETUID> capability in the case of B<setreuid>(), or the B<CAP_SETGID> "
+"capability in the case of B<setregid>()) and a change other than (i) "
+"swapping the effective user (group) ID with the real user (group) ID, or "
+"(ii) setting one to the value of the other or (iii) setting the effective "
+"user (group) ID to the value of the saved set-user-ID (saved set-group-ID) "
+"was specified."
+msgstr ""
+"呼び出し元のプロセスに特権がなく (Linux では B<setreuid>() の場合に "
+"B<CAP_SETUID> ケーパビリティ (capability) がなく、 B<setregid>() の場合に "
+"B<CAP_SETGID> ケーパビリティがない)、 以下のいずれでもない変更が指定された: "
+"(i) 実効ユーザー (グループ) ID と実ユーザー (グループ) ID を入れ換える。 "
+"(ii) 片方の値を他方に設定する。 (iii) 実効ユーザー (グループ) ID に保存 set-"
+"user-ID (保存 set-group-ID) の値を設定する。"
+
+#. type: Plain text
+#: build/C/man2/setreuid.2:154
+msgid ""
+"POSIX.1-2001, 4.3BSD (the B<setreuid>() and B<setregid>() function calls "
+"first appeared in 4.2BSD)."
+msgstr ""
+"POSIX.1-2001, 4.3BSD (B<setreuid>() と B<setregid>() 関数コールは 4.2BSD で"
+"登場した)。"
+
+#. type: Plain text
+#: build/C/man2/setreuid.2:158
+msgid ""
+"Setting the effective user (group) ID to the saved set-user-ID (saved set-"
+"group-ID) is possible since Linux 1.1.37 (1.1.38)."
+msgstr ""
+"実効ユーザー (グループ) ID を保存ユーザー (グループ) ID に 設定することが、"
+"Linux 1.1.37 (1.1.38) から可能になった。"
+
+#. type: Plain text
+#: build/C/man2/setreuid.2:175
+msgid ""
+"POSIX.1 does not specify all of possible ID changes that are permitted on "
+"Linux for an unprivileged process. For B<setreuid>(), the effective user ID "
+"can be made the same as the real user ID or the save set-user-ID, and it is "
+"unspecified whether unprivileged processes may set the real user ID to the "
+"real user ID, the effective user ID, or the saved set-user-ID. For "
+"B<setregid>(), the real group ID can be changed to the value of the saved "
+"set-group-ID, and the effective group ID can be changed to the value of the "
+"real group ID or the saved set-group-ID. The precise details of what ID "
+"changes are permitted vary across implementations."
+msgstr ""
+"POSIX.1 では、非特権プロセスに対して Linux 上で認められている ID の変更の 全"
+"パターンを規定しているわけではない。 B<setreuid>() では、実効ユーザ ID を実"
+"ユーザ ID もしくは保存 set-user-ID と 同じ値にすることができるが、 非特権プロ"
+"セスが実ユーザ ID を実ユーザ ID、実効ユーザ ID、 保存 set-user-ID のどの値に"
+"も設定できるかは規定されていない。 B<setregid>() では、実グループ ID を保存 "
+"set-group-ID と同じ値に変更でき、 実効グループ ID を実グループ ID や保存 set-"
+"group-ID と同じ値に変更できる。 どのような ID の変更が認められているかの正確"
+"な詳細は 実装ごとに異なる。"
+
+#. type: Plain text
+#: build/C/man2/setreuid.2:178
+msgid ""
+"POSIX.1 makes no specification about the effect of these calls on the saved "
+"set-user-ID and saved set-group-ID."
+msgstr ""
+"POSIX.1 では、これらのシステムコールが保存 set-user-ID や 保存 set-group-ID "
+"に与える影響については規定していない。"
+
+#. type: Plain text
+#: build/C/man2/setreuid.2:194
+msgid ""
+"The original Linux B<setreuid>() and B<setregid>() system calls supported "
+"only 16-bit user and group IDs. Subsequently, Linux 2.4 added "
+"B<setreuid32>() and B<setregid32>(), supporting 32-bit IDs. The glibc "
+"B<setreuid>() and B<setregid>() wrapper functions transparently deal with "
+"the variations across kernel versions."
+msgstr ""
+"元々の Linux の B<setreuid>() と B<setregid>() システムコールは\n"
+"16 ビットのグループ ID だけに対応していた。\n"
+"その後、Linux 2.4 で、32 ビットの ID に対応した\n"
+"B<setreuid32>() と B<setregid32>() が追加された。\n"
+"glibc の B<setreuid>() と B<setregid>() のラッパー関数は\n"
+"カーネルバージョンによるこの違いを吸収している。"
+
+#. type: Plain text
+#: build/C/man2/setreuid.2:203
+msgid ""
+"B<getgid>(2), B<getuid>(2), B<seteuid>(2), B<setgid>(2), B<setresuid>(2), "
+"B<setuid>(2), B<capabilities>(7), B<user_namespaces>(7)"
+msgstr ""
+"B<getgid>(2), B<getuid>(2), B<seteuid>(2), B<setgid>(2), B<setresuid>(2), "
+"B<setuid>(2), B<capabilities>(7), B<user_namespaces>(7)"
+
+#. type: TH
+#: build/C/man2/setsid.2:31
+#, no-wrap
+msgid "SETSID"
+msgstr "SETSID"
+
+#. type: Plain text
+#: build/C/man2/setsid.2:34
+msgid "setsid - creates a session and sets the process group ID"
+msgstr "setsid - セッション (session) を作成し、プロセスグループ ID を設定する"
+
+#. type: Plain text
+#: build/C/man2/setsid.2:39
+msgid "B<pid_t setsid(void);>"
+msgstr "B<pid_t setsid(void);>"
+
+#. type: Plain text
+#: build/C/man2/setsid.2:50
+msgid ""
+"B<setsid>() creates a new session if the calling process is not a process "
+"group leader. The calling process is the leader of the new session (i.e., "
+"its session ID is made the same as it process ID). The calling process also "
+"becomes the process group leader of a new process group in the session (i."
+"e., its process group ID is made the same as it process ID)."
+msgstr ""
+"B<setsid>() は、 呼び出したプロセスがプロセスグループ・リーダー (process "
+"group leader) でなければ、 新しいセッションを作成する。 呼び出したプロセス"
+"は、 新しいセッションのリーダーとなる (すなわち、そのセッション ID がプロセ"
+"ス ID と同じ値になる)。 また、呼び出したプロセスは、 そのセッションの新しいプ"
+"ロセスグループのプロセスグループ・リーダーにもなる (すなわち、プロセスグルー"
+"プ ID がプロセス ID と同じ値になる)。"
+
+#. type: Plain text
+#: build/C/man2/setsid.2:54
+msgid ""
+"The calling process will be the only process in the new process group and in "
+"the new session. The new session has no controlling terminal."
+msgstr ""
+"呼び出したプロセスは、 新しいプロセスグループと新しいセッションの唯一のプロセ"
+"スとなる。 新しいセッションは制御端末を持たない。"
+
+#. type: Plain text
+#: build/C/man2/setsid.2:61
+msgid ""
+"On success, the (new) session ID of the calling process is returned. On "
+"error, I<(pid_t)\\ -1> is returned, and I<errno> is set to indicate the "
+"error."
+msgstr ""
+"成功すると、呼び出したプロセスの (新しい) セッション ID が返される。 エラーの"
+"場合は、 I<(pid_t)\\ -1> が返され、 I<errno> にエラーを示す値が設定される。"
+
+#. type: Plain text
+#: build/C/man2/setsid.2:68
+msgid ""
+"The process group ID of any process equals the PID of the calling process. "
+"Thus, in particular, B<setsid>() fails if the calling process is already a "
+"process group leader."
+msgstr ""
+"いずれかのプロセスのプロセスグループ ID が、 呼び出したプロセスの PID と等し"
+"い。 これは、呼び出したプロセスが既にプロセスリーダーの場合には B<setsid>() "
+"は失敗することを意味する。"
+
+#. type: Plain text
+#: build/C/man2/setsid.2:76
+msgid ""
+"A child created via B<fork>(2) inherits its parent's session ID. The "
+"session ID is preserved across an B<execve>(2)."
+msgstr ""
+"B<fork>(2) で作成された子プロセスは、親プロセスのセッション ID を継承する。 "
+"B<execve>(2) の前後でセッション ID は保存される。"
+
+#. type: Plain text
+#: build/C/man2/setsid.2:93
+msgid ""
+"A process group leader is a process whose process group ID equals its PID. "
+"Disallowing a process group leader from calling B<setsid>() prevents the "
+"possibility that a process group leader places itself in a new session while "
+"other processes in the process group remain in the original session; such a "
+"scenario would break the strict two-level hierarchy of sessions and process "
+"groups. In order to be sure that B<setsid>() will succeed, B<fork>(2) and "
+"B<_exit>(2), and have the child do B<setsid>()."
+msgstr ""
+"プロセスグループ・リーダーは、 プロセスグループ ID がその PID と同じ値のプロ"
+"セスである。 プロセスグループ・リーダーが B<setsid>() を呼び出すことを許可し"
+"ないと、 そのプロセスグループ内の他のプロセスを元のセッションに残したまま、 "
+"プロセスグループ・リーダーが自分自身を新しいセッションに入れるということがで"
+"きなくなる。 このようなシナリオは、 セッションとプロセスグループという厳密な "
+"2 階層モデルを壊すことになる。 B<setsid>() が成功することを保証するには、 "
+"B<fork>(2) と B<_exit>(2) を行い、 その子プロセスに B<setsid>() をさせればよ"
+"い。"
+
+#. type: Plain text
+#: build/C/man2/setsid.2:100
+msgid ""
+"B<setsid>(1), B<getsid>(2), B<setpgid>(2), B<setpgrp>(2), B<tcgetsid>(3), "
+"B<credentials>(7)"
+msgstr ""
+"B<setsid>(1), B<getsid>(2), B<setpgid>(2), B<setpgrp>(2), B<tcgetsid>(3), "
+"B<credentials>(7)"
+
+#. type: TH
+#: build/C/man2/setuid.2:30
+#, no-wrap
+msgid "SETUID"
+msgstr "SETUID"
+
+#. type: Plain text
+#: build/C/man2/setuid.2:33
+msgid "setuid - set user identity"
+msgstr "setuid - ユーザー識別 (identity) を設定する"
+
+#. type: Plain text
+#: build/C/man2/setuid.2:39
+msgid "B<int setuid(uid_t >I<uid>B<);>"
+msgstr "B<int setuid(uid_t >I<uid>B<);>"
+
+#. type: Plain text
+#: build/C/man2/setuid.2:44
+msgid ""
+"B<setuid>() sets the effective user ID of the calling process. If the "
+"effective UID of the caller is root, the real UID and saved set-user-ID are "
+"also set."
+msgstr ""
+"B<setuid>() は呼び出し元のプロセスの実効 (effective) ユーザー ID を設定す"
+"る。 もし呼び出し元プロセスの実効 UID が root ならば、 実 (real) UID と保存 "
+"(saved) set-user-ID も設定される。"
+
+#. type: Plain text
+#: build/C/man2/setuid.2:53
+msgid ""
+"Under Linux, B<setuid>() is implemented like the POSIX version with the "
+"B<_POSIX_SAVED_IDS> feature. This allows a set-user-ID (other than root) "
+"program to drop all of its user privileges, do some un-privileged work, and "
+"then reengage the original effective user ID in a secure manner."
+msgstr ""
+"Linux では、 B<setuid>() は B<_POSIX_SAVED_IDS> をもった POSIX 版のように実"
+"装されている。 これは (ルート以外の) set-user-ID プログラムにそのユーザーの特"
+"権を 全て与え、特権の必要ない仕事をし、本来の実効ユーザー ID に 安全な方法で"
+"再び戻すことを許す。"
+
+#. type: Plain text
+#: build/C/man2/setuid.2:63
+msgid ""
+"If the user is root or the program is set-user-ID-root, special care must be "
+"taken. The B<setuid>() function checks the effective user ID of the caller "
+"and if it is the superuser, all process-related user ID's are set to "
+"I<uid>. After this has occurred, it is impossible for the program to regain "
+"root privileges."
+msgstr ""
+"ユーザーが root またはプログラムが root に set-user-ID されているならば、 特"
+"別の注意が払われる。 B<setuid>() 関数は呼び出し者の実効ユーザー ID をチェッ"
+"クし、 それがスーパーユーザーならば、 プロセスに関連する全てのユーザー ID に "
+"I<uid> を設定する。 これが行なわれた後にはプログラムが再びルートの特権を得る"
+"ことはできない。"
+
+#. type: Plain text
+#: build/C/man2/setuid.2:70
+msgid ""
+"Thus, a set-user-ID-root program wishing to temporarily drop root "
+"privileges, assume the identity of an unprivileged user, and then regain "
+"root privileges afterward cannot use B<setuid>(). You can accomplish this "
+"with B<seteuid>(2)."
+msgstr ""
+"したがって、set-user-ID-root プログラムで、一時的にルート特権を解除し、 非特"
+"権ユーザであるかのように振舞い、後でルート権限をもう一度得ようと する場合に"
+"は、 B<setuid>() を使うことができない。その場合には、 B<seteuid>(2) を使う"
+"必要がある。"
+
+#. type: Plain text
+#: build/C/man2/setuid.2:82
+msgid ""
+"I<Note>: there are cases where B<setuid>() can fail even when the caller is "
+"UID 0; it is a grave security error to omit checking for a failure return "
+"from B<setuid>()."
+msgstr ""
+"I<注意>: 呼び出し元が UID 0 であっても B<setuid>() が失敗する場合がある。 "
+"B<setuid>() からのリターンが失敗かどうかの確認を省略することは重大なセキュリ"
+"ティ上のエラーとなる。"
+
+#. type: Plain text
+#: build/C/man2/setuid.2:90
+msgid ""
+"The call would change the caller's real UID (i.e., I<uid> does not match the "
+"caller's real UID), but there was a temporary failure allocating the "
+"necessary kernel data structures."
+msgstr ""
+"この呼び出しで呼び出し元の実 UID が変更されるはずだったが (つまり、 I<uid> が"
+"呼び出し元の実 UID と一致していない)、 必要なカーネルのデータ構造体の割り当て"
+"で一時的な失敗があった。"
+
+#. type: Plain text
+#: build/C/man2/setuid.2:105
+msgid ""
+"I<uid> does not match the real user ID of the caller and this call would "
+"bring the number of processes belonging to the real user ID I<uid> over the "
+"caller's B<RLIMIT_NPROC> resource limit. Since Linux 3.1, this error case "
+"no longer occurs (but robust applications should check for this error); see "
+"the description of B<EAGAIN> in B<execve>(2)."
+msgstr ""
+"I<uid> は呼び出し元の実 UID と一致しておらず、 この呼び出しで実ユーザー ID "
+"I<ruid> に属するプロセス数が呼び出し元の B<RLIMIT_NPROC> リソース上限を超過す"
+"るところであった。 Linux 3.1 以降では、このエラーはもはや発生することはない "
+"(しかし、堅牢性が求められるアプリケーションではこのエラーを確認すべきであ"
+"る)。 B<execve>(2) の B<EAGAIN> の説明を参照。"
+
+#. type: Plain text
+#: build/C/man2/setuid.2:110
+msgid "The user ID specified in I<uid> is not valid in this user namespace."
+msgstr ""
+"I<uid> で指定されたユーザー ID がこのユーザー名前空間では有効ではない。"
+
+#. type: Plain text
+#: build/C/man2/setuid.2:117
+msgid ""
+"The user is not privileged (Linux: does not have the B<CAP_SETUID> "
+"capability) and I<uid> does not match the real UID or saved set-user-ID of "
+"the calling process."
+msgstr ""
+"ユーザーが特権を持たず (Linux では B<CAP_SETUID> ケーパビリティ (capability) "
+"を持たず)、 I<uid> が呼び出し元プロセスの実 UID または保存 set-user-ID と一致"
+"しない。"
+
+#. SVr4 documents an additional EINVAL error condition.
+#. type: Plain text
+#: build/C/man2/setuid.2:122
+msgid ""
+"SVr4, POSIX.1-2001. Not quite compatible with the 4.4BSD call, which sets "
+"all of the real, saved, and effective user IDs."
+msgstr ""
+"SVr4, POSIX.1-2001. 4.4BSD のコールとは完全な互換性はない、 BSD のコールは"
+"実 (real)、保存 (saved)、実効 (effective) ID の全てを設定する。"
+
+#. type: Plain text
+#: build/C/man2/setuid.2:130
+msgid ""
+"Linux has the concept of the filesystem user ID, normally equal to the "
+"effective user ID. The B<setuid>() call also sets the filesystem user ID "
+"of the calling process. See B<setfsuid>(2)."
+msgstr ""
+"Linux はファイルシステム・ユーザー ID の概念を持つ。\n"
+"通常、これは実効ユーザー ID に等しい。 \n"
+"B<setuid>() コールは呼び出し元のプロセスの\n"
+"ファイルシステム・ユーザー ID も設定する。 \n"
+"B<setfsuid>(2) も参照すること。"
+
+#. type: Plain text
+#: build/C/man2/setuid.2:135
+msgid ""
+"If I<uid> is different from the old effective UID, the process will be "
+"forbidden from leaving core dumps."
+msgstr ""
+"I<uid> が前の実効 UID と異っていた場合、\n"
+"プロセスはコアダンプすることを禁止される。"
+
+#. type: Plain text
+#: build/C/man2/setuid.2:145
+msgid ""
+"The original Linux B<setuid>() system call supported only 16-bit user IDs. "
+"Subsequently, Linux 2.4 added B<setuid32>() supporting 32-bit IDs. The "
+"glibc B<setuid>() wrapper function transparently deals with the variation "
+"across kernel versions."
+msgstr ""
+"元々の Linux の B<setuid>() システムコールは\n"
+"16 ビットのグループ ID だけに対応していた。\n"
+"その後、Linux 2.4 で、32 ビットの ID に対応した\n"
+"B<setuid32>() が追加された。\n"
+"glibc の B<setuid>() のラッパー関数は\n"
+"カーネルバージョンによるこの違いを吸収している。"
+
+#. type: Plain text
+#: build/C/man2/setuid.2:153
+msgid ""
+"B<getuid>(2), B<seteuid>(2), B<setfsuid>(2), B<setreuid>(2), "
+"B<capabilities>(7), B<credentials>(7), B<user_namespaces>(7)"
+msgstr ""
+"B<getuid>(2), B<seteuid>(2), B<setfsuid>(2), B<setreuid>(2), "
+"B<capabilities>(7), B<credentials>(7), B<user_namespaces>(7)"
+
+#. type: TH
+#: build/C/man7/svipc.7:40
+#, no-wrap
+msgid "SVIPC"
+msgstr "SVIPC"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:43
+msgid "svipc - System V interprocess communication mechanisms"
+msgstr "svipc - System V プロセス間通信機構"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:48
+#, no-wrap
+msgid ""
+"B<#include E<lt>sys/msg.hE<gt>>\n"
+"B<#include E<lt>sys/sem.hE<gt>>\n"
+"B<#include E<lt>sys/shm.hE<gt>>\n"
+msgstr ""
+"B<#include E<lt>sys/msg.hE<gt>>\n"
+"B<#include E<lt>sys/sem.hE<gt>>\n"
+"B<#include E<lt>sys/shm.hE<gt>>\n"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:56
+msgid ""
+"This manual page refers to the Linux implementation of the System V "
+"interprocess communication (IPC) mechanisms: message queues, semaphore sets, "
+"and shared memory segments. In the following, the word I<resource> means an "
+"instantiation of one among such mechanisms."
+msgstr ""
+"このマニュアルページは System V プロセス間通信 (interprocess communication; "
+"IPC) 機構の Linux に おける実装を説明する。 このプロセス間通信機構には、 メッ"
+"セージキュー (message queue)、セマフォー集合 (semaphore set)、 共有メモリセグ"
+"メント (shared memory segment) などがある。以下で I<資源 (resource)> という用"
+"語を使用した場合にはこれらの機構のどれかを意味する。"
+
+#. type: SS
+#: build/C/man7/svipc.7:56
+#, no-wrap
+msgid "Resource access permissions"
+msgstr "資源へのアクセス許可"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:64
+msgid ""
+"For each resource, the system uses a common structure of type I<struct "
+"ipc_perm> to store information needed in determining permissions to perform "
+"an IPC operation. The I<ipc_perm> structure includes the following members:"
+msgstr ""
+"システムのそれぞれの資源は、IPC への操作を許可するかどうかを決定する ための情"
+"報を共通の構造体 I<struct ipc_perm> に格納して使用する。 I<ipc_perm> 構造体に"
+"は以下のメンバーが定義されている:"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:74
+#, no-wrap
+msgid ""
+"struct ipc_perm {\n"
+" uid_t cuid; /* creator user ID */\n"
+" gid_t cgid; /* creator group ID */\n"
+" uid_t uid; /* owner user ID */\n"
+" gid_t gid; /* owner group ID */\n"
+" unsigned short mode; /* r/w permissions */\n"
+"};\n"
+msgstr ""
+"struct ipc_perm {\n"
+" uid_t cuid; /* 作成者のユーザーID */\n"
+" gid_t cgid; /* 作成者のグループID */\n"
+" uid_t uid; /* 所有者のユーザーID */\n"
+" gid_t gid; /* 所有者のグループID */\n"
+" unsigned short mode; /* 読み書きの許可 */\n"
+"};\n"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:84
+msgid ""
+"The I<mode> member of the I<ipc_perm> structure defines, with its lower 9 "
+"bits, the access permissions to the resource for a process executing an IPC "
+"system call. The permissions are interpreted as follows:"
+msgstr ""
+"I<ipc_perm> 構造体の I<mode> メンバーは以下の 9 ビットで、プロセスの IPC シス"
+"テムコール による資源へのアクセス許可を定義する。 許可は以下のように解釈され"
+"る:"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:88
+#, no-wrap
+msgid ""
+" 0400 Read by user.\n"
+" 0200 Write by user.\n"
+msgstr ""
+" 0400 ユーザーによる読み込み。\n"
+" 0200 ユーザーによる書き込み。\n"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:91
+#, no-wrap
+msgid ""
+" 0040 Read by group.\n"
+" 0020 Write by group.\n"
+msgstr ""
+" 0040 グループによる読み込み。\n"
+" 0020 グループによる書き込み。\n"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:94
+#, no-wrap
+msgid ""
+" 0004 Read by others.\n"
+" 0002 Write by others.\n"
+msgstr ""
+" 0004 他人による読み込み。\n"
+" 0002 他人による書き込み。\n"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:102
+msgid ""
+"Bits 0100, 0010, and 0001 (the execute bits) are unused by the system. "
+"Furthermore, \"write\" effectively means \"alter\" for a semaphore set."
+msgstr ""
+"システムはビット 0100, 0010, 0001 (実行ビット) は使用しない。 さらに、セマ"
+"フォーの場合には \"書き込み(write)\" は実際には \"変更(alter)\" を意味する。"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:105
+msgid ""
+"The same system header file also defines the following symbolic constants:"
+msgstr "同じヘッダーファイルには以下のシンボルの定義が含まれている:"
+
+#. type: TP
+#: build/C/man7/svipc.7:105
+#, no-wrap
+msgid "B<IPC_CREAT>"
+msgstr "B<IPC_CREAT>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:108
+msgid "Create entry if key doesn't exist."
+msgstr "キー(key)が存在しない場合には新たなエントリを作成する。"
+
+#. type: TP
+#: build/C/man7/svipc.7:108
+#, no-wrap
+msgid "B<IPC_EXCL>"
+msgstr "B<IPC_EXCL>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:111
+msgid "Fail if key exists."
+msgstr "キー(key)が存在する場合には失敗する。"
+
+#. type: TP
+#: build/C/man7/svipc.7:111
+#, no-wrap
+msgid "B<IPC_NOWAIT>"
+msgstr "B<IPC_NOWAIT>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:114
+msgid "Error if request must wait."
+msgstr "要求が待たされる場合にはエラーになる。"
+
+#. type: TP
+#: build/C/man7/svipc.7:114
+#, no-wrap
+msgid "B<IPC_PRIVATE>"
+msgstr "B<IPC_PRIVATE>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:117
+msgid "Private key."
+msgstr "プライベートキー。"
+
+#. type: TP
+#: build/C/man7/svipc.7:117
+#, no-wrap
+msgid "B<IPC_RMID>"
+msgstr "B<IPC_RMID>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:120
+msgid "Remove resource."
+msgstr "資源を削除する。"
+
+#. type: TP
+#: build/C/man7/svipc.7:120
+#, no-wrap
+msgid "B<IPC_SET>"
+msgstr "B<IPC_SET>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:123
+msgid "Set resource options."
+msgstr "資源にオプションを設定する。"
+
+#. type: TP
+#: build/C/man7/svipc.7:123
+#, no-wrap
+msgid "B<IPC_STAT>"
+msgstr "B<IPC_STAT>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:126
+msgid "Get resource options."
+msgstr "資源のオプションを取得する。"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:135
+msgid ""
+"Note that B<IPC_PRIVATE> is a I<key_t> type, while all the other symbolic "
+"constants are flag fields and can be OR'ed into an I<int> type variable."
+msgstr ""
+"B<IPC_PRIVATE> は I<key_t> 型である。その他の全てのシンボルはフラグフィールド"
+"として I<int> 変数に OR 演算で格納することができる。"
+
+#. type: SS
+#: build/C/man7/svipc.7:135
+#, no-wrap
+msgid "Message queues"
+msgstr "メッセージキュー"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:143
+msgid ""
+"A message queue is uniquely identified by a positive integer (its I<msqid>) "
+"and has an associated data structure of type I<struct msqid_ds>, defined in "
+"I<E<lt>sys/msg.hE<gt>>, containing the following members:"
+msgstr ""
+"メッセージキューは正の整数 (I<msqid>) によって識別され、 I<E<lt>sys/msg."
+"hE<gt>> に定義されている構造体 I<struct msqid_ds> に結びつけられている。 この"
+"構造体は以下のメンバーを含んでいる:"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:156
+#, no-wrap
+msgid ""
+"struct msqid_ds {\n"
+" struct ipc_perm msg_perm;\n"
+" msgqnum_t msg_qnum; /* no of messages on queue */\n"
+" msglen_t msg_qbytes; /* bytes max on a queue */\n"
+" pid_t msg_lspid; /* PID of last msgsnd(2) call */\n"
+" pid_t msg_lrpid; /* PID of last msgrcv(2) call */\n"
+" time_t msg_stime; /* last msgsnd(2) time */\n"
+" time_t msg_rtime; /* last msgrcv(2) time */\n"
+" time_t msg_ctime; /* last change time */\n"
+"};\n"
+msgstr ""
+"struct msqid_ds {\n"
+" struct ipc_perm msg_perm;\n"
+" msgqnum_t msg_qnum; /* キューにあるメッセージの数 */\n"
+" msglen_t msg_qbytes; /* キューの最大バイト数 */\n"
+" pid_t msg_lspid; /* 最後に msgsnd(2) をした PID */\n"
+" pid_t msg_lrpid; /* 最後に msgrcv(2) をした PID */\n"
+" time_t msg_stime; /* 最後に msgsnd(2) をした時間 */\n"
+" time_t msg_rtime; /* 最後に msgrcv(2) をした時間 */\n"
+" time_t msg_ctime; /* 最後に変更された時間 */\n"
+"};\n"
+
+#. type: TP
+#: build/C/man7/svipc.7:158
+#, no-wrap
+msgid "I<msg_perm>"
+msgstr "I<msg_perm>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:163
+msgid ""
+"I<ipc_perm> structure that specifies the access permissions on the message "
+"queue."
+msgstr "メッセージキューへのアクセス許可を指定する I<ipc_perm> 構造体。"
+
+#. type: TP
+#: build/C/man7/svipc.7:163
+#, no-wrap
+msgid "I<msg_qnum>"
+msgstr "I<msg_qnum>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:166
+msgid "Number of messages currently on the message queue."
+msgstr "現在、このメッセージキューにあるメッセージの数。"
+
+#. type: TP
+#: build/C/man7/svipc.7:166
+#, no-wrap
+msgid "I<msg_qbytes>"
+msgstr "I<msg_qbytes>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:170
+msgid "Maximum number of bytes of message text allowed on the message queue."
+msgstr "メッセージキューに入れることができるメッセージの最大バイト数。"
+
+#. type: TP
+#: build/C/man7/svipc.7:170
+#, no-wrap
+msgid "I<msg_lspid>"
+msgstr "I<msg_lspid>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:175
+msgid "ID of the process that performed the last B<msgsnd>(2) system call."
+msgstr "最後に B<msgsnd>(2) システムコールを行なったプロセスの ID。"
+
+#. type: TP
+#: build/C/man7/svipc.7:175
+#, no-wrap
+msgid "I<msg_lrpid>"
+msgstr "I<msg_lrpid>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:180
+msgid "ID of the process that performed the last B<msgrcv>(2) system call."
+msgstr "最後に B<msgrcv>(2) システムコールを行なったプロセスの ID。"
+
+#. type: TP
+#: build/C/man7/svipc.7:180
+#, no-wrap
+msgid "I<msg_stime>"
+msgstr "I<msg_stime>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:185
+msgid "Time of the last B<msgsnd>(2) system call."
+msgstr "最後に B<msgsnd>(2) システムコールを行なった時間。"
+
+#. type: TP
+#: build/C/man7/svipc.7:185
+#, no-wrap
+msgid "I<msg_rtime>"
+msgstr "I<msg_rtime>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:190
+msgid "Time of the last B<msgrcv>(2) system call."
+msgstr "最後に B<msgrcv>(2) を行なった時間。"
+
+#. type: TP
+#: build/C/man7/svipc.7:190
+#, no-wrap
+msgid "I<msg_ctime>"
+msgstr "I<msg_ctime>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:196
+msgid ""
+"Time of the last system call that changed a member of the I<msqid_ds> "
+"structure."
+msgstr "最後に I<msqid_ds> 構造体のメンバーが変更された時間。"
+
+#. type: SS
+#: build/C/man7/svipc.7:196
+#, no-wrap
+msgid "Semaphore sets"
+msgstr "セマフォー集合"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:204
+msgid ""
+"A semaphore set is uniquely identified by a positive integer (its I<semid>) "
+"and has an associated data structure of type I<struct semid_ds>, defined in "
+"I<E<lt>sys/sem.hE<gt>>, containing the following members:"
+msgstr ""
+"セマフォー集合は正の整数 (I<semid>) によって識別され、 I<E<lt>sys/sem."
+"hE<gt>> に定義されている構造体 I<struct semid_ds> に結びつけられている。 この"
+"構造体は以下のメンバーを含んでいる:"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:213
+#, no-wrap
+msgid ""
+"struct semid_ds {\n"
+" struct ipc_perm sem_perm;\n"
+" time_t sem_otime; /* last operation time */\n"
+" time_t sem_ctime; /* last change time */\n"
+" unsigned long sem_nsems; /* count of sems in set */\n"
+"};\n"
+msgstr ""
+"struct semid_ds {\n"
+" struct ipc_perm sem_perm;\n"
+" time_t sem_otime; /* 最後に操作した時間 */\n"
+" time_t sem_ctime; /* 最後に変更した時間 */\n"
+" unsigned long sem_nsems; /* 集合の中にあるセマフォー数 */\n"
+"};\n"
+
+#. type: TP
+#: build/C/man7/svipc.7:215
+#, no-wrap
+msgid "I<sem_perm>"
+msgstr "I<sem_perm>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:220
+msgid ""
+"I<ipc_perm> structure that specifies the access permissions on the semaphore "
+"set."
+msgstr "セマフォー集合へのアクセス許可を指定する I<ipc_perm> 構造体。"
+
+#. type: TP
+#: build/C/man7/svipc.7:220
+#, no-wrap
+msgid "I<sem_otime>"
+msgstr "I<sem_otime>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:225
+msgid "Time of last B<semop>(2) system call."
+msgstr "最後に B<semop>(2) システムコールを行なった時間。"
+
+#. type: TP
+#: build/C/man7/svipc.7:225
+#, no-wrap
+msgid "I<sem_ctime>"
+msgstr "I<sem_ctime>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:231
+msgid ""
+"Time of last B<semctl>(2) system call that changed a member of the above "
+"structure or of one semaphore belonging to the set."
+msgstr ""
+"最後に B<semctl>(2) を行なって上記の構造体のメンバーを変更するか、セマフォー"
+"集合に属する セマフォーを変更した時間。"
+
+#. type: TP
+#: build/C/man7/svipc.7:231
+#, no-wrap
+msgid "I<sem_nsems>"
+msgstr "I<sem_nsems>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:239
+msgid ""
+"Number of semaphores in the set. Each semaphore of the set is referenced by "
+"a nonnegative integer ranging from B<0> to I<sem_nsems-1>."
+msgstr ""
+"セマフォー集合の中にあるセマフォーの数。 集合の中にあるそれぞれのセマフォーは"
+"負でない整数によって参照され、 B<0> から I<sem_nsems-1> までの番号を持つ。"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:243
+msgid ""
+"A semaphore is a data structure of type I<struct sem> containing the "
+"following members:"
+msgstr ""
+"セマフォーは I<struct sem> 型のデータ構造体であり、以下のメンバーを含んでい"
+"る:"
+
+#. unsigned short semncnt; /* nr awaiting semval to increase */
+#. unsigned short semzcnt; /* nr awaiting semval = 0 */
+#. type: Plain text
+#: build/C/man7/svipc.7:252
+#, no-wrap
+msgid ""
+"struct sem {\n"
+" int semval; /* semaphore value */\n"
+" int sempid; /* PID for last operation */\n"
+"};\n"
+msgstr ""
+"struct sem {\n"
+" int semval; /* セマフォーの値 */\n"
+" int sempid; /* 最後に操作したプロセス ID */\n"
+"};\n"
+
+#. type: TP
+#: build/C/man7/svipc.7:254
+#, no-wrap
+msgid "I<semval>"
+msgstr "I<semval>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:257
+msgid "Semaphore value: a nonnegative integer."
+msgstr "セマフォー値: 負でない整数。"
+
+#. type: TP
+#: build/C/man7/svipc.7:257
+#, no-wrap
+msgid "I<sempid>"
+msgstr "I<sempid>"
+
+#. .TP
+#. .I semncnt
+#. Number of processes suspended awaiting for
+#. .I semval
+#. to increase.
+#. .TP
+#. .I semznt
+#. Number of processes suspended awaiting for
+#. .I semval
+#. to become zero.
+#. type: Plain text
+#: build/C/man7/svipc.7:271
+msgid ""
+"ID of the last process that performed a semaphore operation on this "
+"semaphore."
+msgstr "このセマフォーを最後に操作したプロセスの ID。"
+
+#. type: SS
+#: build/C/man7/svipc.7:271
+#, no-wrap
+msgid "Shared memory segments"
+msgstr "共有メモリセグメント"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:279
+msgid ""
+"A shared memory segment is uniquely identified by a positive integer (its "
+"I<shmid>) and has an associated data structure of type I<struct shmid_ds>, "
+"defined in I<E<lt>sys/shm.hE<gt>>, containing the following members:"
+msgstr ""
+"共有メモリセグメントは正の整数 (I<shmid>) によって識別され、 I<E<lt>sys/shm."
+"hE<gt>> に定義されている I<struct shmid_ds> 構造体に結びつけられている。 この"
+"構造体は以下のメンバーを含んでいる:"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:292
+#, no-wrap
+msgid ""
+"struct shmid_ds {\n"
+" struct ipc_perm shm_perm;\n"
+" size_t shm_segsz; /* size of segment */\n"
+" pid_t shm_cpid; /* PID of creator */\n"
+" pid_t shm_lpid; /* PID, last operation */\n"
+" shmatt_t shm_nattch; /* no. of current attaches */\n"
+" time_t shm_atime; /* time of last attach */\n"
+" time_t shm_dtime; /* time of last detach */\n"
+" time_t shm_ctime; /* time of last change */\n"
+"};\n"
+msgstr ""
+"struct shmid_ds {\n"
+" struct ipc_perm shm_perm;\n"
+" size_t shm_segsz; /* セグメントのサイズ */\n"
+" pid_t shm_cpid; /* 作成者のプロセス ID */\n"
+" pid_t shm_lpid; /* 最後に操作したプロセス ID */\n"
+" shmatt_t shm_nattch; /* 現在、付加している数 */\n"
+" time_t shm_atime; /* 最後に付加した時間 */\n"
+" time_t shm_dtime; /* 最後に分離した時間 */\n"
+" time_t shm_ctime; /* 最後に変更した時間 */\n"
+"};\n"
+
+#. type: TP
+#: build/C/man7/svipc.7:294
+#, no-wrap
+msgid "I<shm_perm>"
+msgstr "I<shm_perm>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:299
+msgid ""
+"I<ipc_perm> structure that specifies the access permissions on the shared "
+"memory segment."
+msgstr "共有メモリセグメントへのアクセス許可を指定した I<ipc_perm> 構造体。"
+
+#. type: TP
+#: build/C/man7/svipc.7:299
+#, no-wrap
+msgid "I<shm_segsz>"
+msgstr "I<shm_segsz>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:302
+msgid "Size in bytes of the shared memory segment."
+msgstr "共有メモリセグメントのバイト数。"
+
+#. type: TP
+#: build/C/man7/svipc.7:302
+#, no-wrap
+msgid "I<shm_cpid>"
+msgstr "I<shm_cpid>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:305
+msgid "ID of the process that created the shared memory segment."
+msgstr "共有メモリセグメントを作成したプロセスの ID。"
+
+#. type: TP
+#: build/C/man7/svipc.7:305
+#, no-wrap
+msgid "I<shm_lpid>"
+msgstr "I<shm_lpid>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:312
+msgid ""
+"ID of the last process that executed a B<shmat>(2) or B<shmdt>(2) system "
+"call."
+msgstr ""
+"最後に B<shmat>(2) または B<shmdt>(2) システムコールを実行したプロセスの "
+"ID。"
+
+#. type: TP
+#: build/C/man7/svipc.7:312
+#, no-wrap
+msgid "I<shm_nattch>"
+msgstr "I<shm_nattch>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:315
+msgid "Number of current alive attaches for this shared memory segment."
+msgstr "この共有メモリセグメントをメモリに付加 (attach) しているプロセスの数。"
+
+#. type: TP
+#: build/C/man7/svipc.7:315
+#, no-wrap
+msgid "I<shm_atime>"
+msgstr "I<shm_atime>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:320
+msgid "Time of the last B<shmat>(2) system call."
+msgstr "最後に B<shmat>(2) システムコールを行なった時間。"
+
+#. type: TP
+#: build/C/man7/svipc.7:320
+#, no-wrap
+msgid "I<shm_dtime>"
+msgstr "I<shm_dtime>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:325
+msgid "Time of the last B<shmdt>(2) system call."
+msgstr "最後に B<shmdt>(2) システムコールを行なった時間。"
+
+#. type: TP
+#: build/C/man7/svipc.7:325
+#, no-wrap
+msgid "I<shm_ctime>"
+msgstr "I<shm_ctime>"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:331
+msgid "Time of the last B<shmctl>(2) system call that changed I<shmid_ds>."
+msgstr ""
+"最後に B<shmctl>(2) システムコールを行なって、 I<shmid_ds> 構造体を変更した"
+"時間。"
+
+#. type: SS
+#: build/C/man7/svipc.7:331
+#, no-wrap
+msgid "IPC namespaces"
+msgstr "IPC 名前空間"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:335
+msgid ""
+"For a discussion of the interaction of System V IPC objects and IPC "
+"namespaces, see B<namespaces>(7)."
+msgstr ""
+"System V IPC オブジェクトと IPC 名前空間の相互の影響に関する議論は "
+"B<namespaces>(7) を参照。"
+
+#. type: Plain text
+#: build/C/man7/svipc.7:353
+msgid ""
+"B<ipcmk>(1), B<ipcrm>(1), B<ipcs>(1), B<ipc>(2), B<msgctl>(2), B<msgget>(2), "
+"B<msgrcv>(2), B<msgsnd>(2), B<semctl>(2), B<semget>(2), B<semop>(2), "
+"B<shmat>(2), B<shmctl>(2), B<shmdt>(2), B<shmget>(2), B<ftok>(3), "
+"B<namespaces>(7)"
+msgstr ""
+"B<ipcmk>(1), B<ipcrm>(1), B<ipcs>(1), B<ipc>(2), B<msgctl>(2), B<msgget>(2), "
+"B<msgrcv>(2), B<msgsnd>(2), B<semctl>(2), B<semget>(2), B<semop>(2), "
+"B<shmat>(2), B<shmctl>(2), B<shmdt>(2), B<shmget>(2), B<ftok>(3), "
+"B<namespaces>(7)"
+
+#. type: TH
+#: build/C/man3/ulimit.3:27
+#, no-wrap
+msgid "ULIMIT"
+msgstr "ULIMIT"
+
+#. type: TH
+#: build/C/man3/ulimit.3:27
+#, no-wrap
+msgid "2008-08-06"
+msgstr "2008-08-06"
+
+#. type: Plain text
+#: build/C/man3/ulimit.3:30
+msgid "ulimit - get and set user limits"
+msgstr "ulimit - ユーザー制限を取得・設定する"
+
+#. type: Plain text
+#: build/C/man3/ulimit.3:32
+msgid "B<#include E<lt>ulimit.hE<gt>>"
+msgstr "B<#include E<lt>ulimit.hE<gt>>"
+
+#. type: Plain text
+#: build/C/man3/ulimit.3:34
+msgid "B<long ulimit(int >I<cmd>B<, long >I<newlimit>B<);>"
+msgstr "B<long ulimit(int >I<cmd>B<, long >I<newlimit>B<);>"
+
+#. type: Plain text
+#: build/C/man3/ulimit.3:46
+msgid ""
+"Warning: This routine is obsolete. Use B<getrlimit>(2), B<setrlimit>(2), "
+"and B<sysconf>(3) instead. For the shell command B<ulimit>(), see "
+"B<bash>(1)."
+msgstr ""
+"注意: このルーチンは古い。 代わりに B<getrlimit>(2), B<setrlimit>(2), "
+"B<sysconf>(3) などを用いること。 シェルコマンドとしての B<ulimit>() につい"
+"ては、 B<bash>(1) を見ること。"
+
+#. type: Plain text
+#: build/C/man3/ulimit.3:53
+msgid ""
+"The B<ulimit>() call will get or set some limit for the calling process. "
+"The I<cmd> argument can have one of the following values."
+msgstr ""
+"B<ulimit>() は呼び出し元のプロセスに関する制限のいくつかを取得・設定する。 "
+"I<cmd> 引き数には、以下の値のうちのどれか一つを与えることができる。"
+
+#. type: TP
+#: build/C/man3/ulimit.3:53
+#, no-wrap
+msgid "B<UL_GETFSIZE>"
+msgstr "B<UL_GETFSIZE>"
+
+#. type: Plain text
+#: build/C/man3/ulimit.3:56
+msgid "Return the limit on the size of a file, in units of 512 bytes."
+msgstr "ファイルサイズに関する制限を返す。単位は 512 バイト。"
+
+#. type: TP
+#: build/C/man3/ulimit.3:56
+#, no-wrap
+msgid "B<UL_SETFSIZE>"
+msgstr "B<UL_SETFSIZE>"
+
+#. type: Plain text
+#: build/C/man3/ulimit.3:59
+msgid "Set the limit on the size of a file."
+msgstr "ファイルサイズに関する制限を設定する。"
+
+#. type: TP
+#: build/C/man3/ulimit.3:59
+#, no-wrap
+msgid "B<3>"
+msgstr "B<3>"
+
+#. type: Plain text
+#: build/C/man3/ulimit.3:63
+msgid ""
+"(Not implemented for Linux.) Return the maximum possible address of the "
+"data segment."
+msgstr ""
+"(Linux では実装されていない) データセグメントで指定できるアドレスの最大値を"
+"返す。"
+
+#. type: TP
+#: build/C/man3/ulimit.3:63
+#, no-wrap
+msgid "B<4>"
+msgstr "B<4>"
+
+#. type: Plain text
+#: build/C/man3/ulimit.3:67
+msgid ""
+"(Implemented but no symbolic constant provided.) Return the maximum number "
+"of files that the calling process can open."
+msgstr ""
+"(実装されているが、対応するシンボリックな定数は存在しない) プロセスがオープ"
+"ンできるファイル数の最大値を返す。"
+
+#. type: Plain text
+#: build/C/man3/ulimit.3:74
+msgid ""
+"On success, B<ulimit>() returns a nonnegative value. On error, -1 is "
+"returned, and I<errno> is set appropriately."
+msgstr ""
+"成功すると B<ulimit>() は 0 または正の値を返す。 エラーが生じると -1 を返"
+"し、 I<errno> を適切な値に設定する。"
+
+#. type: Plain text
+#: build/C/man3/ulimit.3:78
+msgid "A unprivileged process tried to increase a limit."
+msgstr "非特権プロセスが制限値を増加させようとした。"
+
+#. type: Plain text
+#: build/C/man3/ulimit.3:83
+msgid "SVr4, POSIX.1-2001. POSIX.1-2008 marks B<ulimit>() as obsolete."
+msgstr ""
+"SVr4, POSIX.1-2001. POSIX.1-2008 は B<ulimit>() を廃止予定としている。"
+
+#. type: Plain text
+#: build/C/man3/ulimit.3:88
+msgid "B<bash>(1), B<getrlimit>(2), B<setrlimit>(2), B<sysconf>(3)"
+msgstr "B<bash>(1), B<getrlimit>(2), B<setrlimit>(2), B<sysconf>(3)"
+
+#. type: TH
+#: build/C/man7/user_namespaces.7:27
+#, no-wrap
+msgid "USER_NAMESPACES"
+msgstr "USER_NAMESPACES"
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:30
+msgid "user_namespaces - overview of Linux user namespaces"
+msgstr "user_namespaces - Linux ユーザー名前空間の概要"
+
+#
+#. FIXME: This page says very little about the interaction
+#. of user namespaces and keys. Add something on this topic.
+#. ============================================================
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:56
+msgid ""
+"User namespaces isolate security-related identifiers and attributes, in "
+"particular, user IDs and group IDs (see B<credentials>(7)), the root "
+"directory, keys (see B<keyctl>(2)), and capabilities (see "
+"B<capabilities>(7)). A process's user and group IDs can be different inside "
+"and outside a user namespace. In particular, a process can have a normal "
+"unprivileged user ID outside a user namespace while at the same time having "
+"a user ID of 0 inside the namespace; in other words, the process has full "
+"privileges for operations inside the user namespace, but is unprivileged for "
+"operations outside the namespace."
+msgstr "ユーザー名前空間は、 セキュリティに関連する識別子や属性、 特にユーザー ID やグループ ID (B<credentials>(7) 参照)、 root ディレクトリ、 キー (B<keyctl>(2) 参照)、 ケーパビリティを分離する。 プロセスのユーザー ID とグループ ID はユーザー名前空間の内部と外部で異なる場合がある。 特に、 あるプロセスがユーザー名前空間の外部では通常の非特権ユーザー ID を持つが、 同時にユーザー名前空間の内部ではユーザー ID 0 を持つという場合がある。 言い換えると、 そのプロセスはそのユーザー名前空間の内部での操作に対してすべての特権を持つが、 名前空間の外部での操作では特権を持たない。"
+
+#. type: SS
+#: build/C/man7/user_namespaces.7:56
+#, no-wrap
+msgid "Nested namespaces, namespace membership"
+msgstr "ネストされた名前空間、名前空間のメンバー"
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:69
+msgid ""
+"User namespaces can be nested; that is, each user namespace\\(emexcept the "
+"initial (\"root\") namespace\\(emhas a parent user namespace, and can have "
+"zero or more child user namespaces. The parent user namespace is the user "
+"namespace of the process that creates the user namespace via a call to "
+"B<unshare>(2) or B<clone>(2) with the B<CLONE_NEWUSER> flag."
+msgstr "ユーザー名前空間は入れ子にすることができる。 つまり、 最初の (\"root\") 名前空間以外の各名前空間は親のユーザー名前空間を持ち、 0 個以上のユーザー名前空間を持つということである。 親のユーザー名前空間は、 B<CLONE_NEWUSER> フラグを指定して B<unshare>(2) や B<clone>(2) を呼び出してユーザー名前空間を作成したプロセスのユーザー名前空間である。"
+
+#. commit 8742f229b635bf1c1c84a3dfe5e47c814c20b5c8
+#. FIXME Explain the rationale for this limit. (What is the rationale?)
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:80
+msgid ""
+"The kernel imposes (since version 3.11) a limit of 32 nested levels of user "
+"namespaces. Calls to B<unshare>(2) or B<clone>(2) that would cause this "
+"limit to be exceeded fail with the error B<EUSERS>."
+msgstr "カーネルにより (バージョン 3.11 以降では) ユーザー名前空間のネスト数に 32 という上限が課される。 B<unshare>(2) や B<clone>(2) の呼び出しでこの上限を超えてしまう場合はエラー B<EUSERS> で失敗する。"
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:95
+msgid ""
+"Each process is a member of exactly one user namespace. A process created "
+"via B<fork>(2) or B<clone>(2) without the B<CLONE_NEWUSER> flag is a "
+"member of the same user namespace as its parent. A single-threaded process "
+"can join another user namespace with B<setns>(2) if it has the "
+"B<CAP_SYS_ADMIN> in that namespace; upon doing so, it gains a full set of "
+"capabilities in that namespace."
+msgstr "各プロセスは必ず 1 個のユーザー名前空間のメンバーとなる。 B<CLONE_NEWUSER> フラグを指定せずに B<fork>(2) や B<clone>(2) でプロセスを作成した場合、 そのプロセスは親プロセスと同じユーザー名前空間のメンバーとなる。 シングルスレッドのプログラムは、 変更先のユーザー名前空間で B<CAP_SYS_ADMIN> を持っていれば、 B<setns>(2) を使って別のユーザー名前空間に参加することができる。 変更時に、 変更後の名前空間ですべてのケーパビリティを獲得する。"
+
+#
+#. ============================================================
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:110
+msgid ""
+"A call to B<clone>(2) or B<unshare>(2) with the B<CLONE_NEWUSER> flag "
+"makes the new child process (for B<clone>(2)) or the caller (for "
+"B<unshare>(2)) a member of the new user namespace created by the call."
+msgstr "B<CLONE_NEWUSER> を指定して B<clone>(2) や B<unshare>(2) を呼び出すと、 新しいプロセス (B<clone>(2) の場合) や呼び出したプロセス (B<unshare>(2) の場合) がその呼び出しで作成された新しいユーザー名前空間のメンバーとなる。"
+
+#. type: SS
+#: build/C/man7/user_namespaces.7:110
+#, no-wrap
+msgid "Capabilities"
+msgstr "ケーパビリティ"
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:132
+msgid ""
+"The child process created by B<clone>(2) with the B<CLONE_NEWUSER> flag "
+"starts out with a complete set of capabilities in the new user namespace. "
+"Likewise, a process that creates a new user namespace using B<unshare>(2) "
+"or joins an existing user namespace using B<setns>(2) gains a full set of "
+"capabilities in that namespace. On the other hand, that process has no "
+"capabilities in the parent (in the case of B<clone>(2)) or previous (in the "
+"case of B<unshare>(2) and B<setns>(2)) user namespace, even if the new "
+"namespace is created or joined by the root user (i.e., a process with user "
+"ID 0 in the root namespace)."
+msgstr "B<CLONE_NEWUSER> フラグが指定された B<clone>(2) で作成された子プロセスは、 新しい名前空間ですべてのケーパビリティを持った状態で開始される。 同様に、 B<unshare>(2) を使って新しいユーザー名前空間を作成したり、 B<setns>(2) を使って既存のユーザー名前空間に参加したりしたプロセスは、 その名前空間ですべてのケーパビリティを獲得する。 一方、 そのプロセスは、親のユーザー名前空間 (B<clone>(2) の場合) や直前のユーザー名前空間 (B<unshare>(2) や B<setns>(2) の場合) では、 root ユーザー (root 名前空間のユーザー ID 0 のプロセス) により新しい名前空間の作成や参加が行われた場合であっても、 ケーパビリティを全く持たない。"
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:142
+msgid ""
+"Note that a call to B<execve>(2) will cause a process's capabilities to be "
+"recalculated in the usual way (see B<capabilities>(7)), so that usually, "
+"unless it has a user ID of 0 within the namespace or the executable file has "
+"a nonempty inheritable capabilities mask, it will lose all capabilities. "
+"See the discussion of user and group ID mappings, below."
+msgstr "B<execve>(2) の呼び出しでは、 プロセスのケーパビリティは通常の方法 (B<capabilities>(7) 参照) で再計算され、 通常は、 名前空間内でユーザー ID 0 を持つ場合や実行ファイルが空でない継承可能ケーパビリティマスクを持っている場合を除くと、 すべてのケーパビリティを失うことになる。 下記の、ユーザー ID やグループ ID のマッピングの議論を参照。"
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:167
+msgid ""
+"A call to B<clone>(2), B<unshare>(2), or B<setns>(2) using the "
+"B<CLONE_NEWUSER> flag sets the \"securebits\" flags (see "
+"B<capabilities>(7)) to their default values (all flags disabled) in the "
+"child (for B<clone>(2)) or caller (for B<unshare>(2), or B<setns>(2)). "
+"Note that because the caller no longer has capabilities in its original user "
+"namespace after a call to B<setns>(2), it is not possible for a process to "
+"reset its \"securebits\" flags while retaining its user namespace membership "
+"by using a pair of B<setns>(2) calls to move to another user namespace and "
+"then return to its original user namespace."
+msgstr "B<CLONE_NEWUSER> フラグを使って B<clone>(2), B<unshare>(2), B<setns>(2) を呼び出すと、 子プロセス (B<clone>(2) の場合) や呼び出し元 (B<unshare>(2) や B<setns>(2) の場合) では \"securebits\" フラグ (B<capabilities>(7) 参照) がデフォルト値に設定される。 呼び出し元は B<setns>(2) の呼び出し後は元のユーザー名前空間ではケーパビリティを持たないので、 B<setns>(2) を 2 回呼び出して一度別のユーザー名前空間に移動して元のユーザー名前空間に戻ることで、 プロセスが元のユーザー名前空間にとどまりつつ自身の \"securebits\" フラグを再設定することはできない。"
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:173
+msgid ""
+"Having a capability inside a user namespace permits a process to perform "
+"operations (that require privilege) only on resources governed by that "
+"namespace. The rules for determining whether or not a process has a "
+"capability in a particular user namespace are as follows:"
+msgstr "ユーザー名前空間内部でケーパビリティを持つというのは、 そのプロセスがその名前空間の支配下にあるリソースに対してのみ (特権を必要とする) 操作を実行できるということである。 プロセスが特定のユーザー名前空間でケーパビリティを持つかどうかを判定するルールは以下の通りである。"
+
+#. In the 3.8 sources, see security/commoncap.c::cap_capable():
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:189
+msgid ""
+"A process has a capability inside a user namespace if it is a member of that "
+"namespace and it has the capability in its effective capability set. A "
+"process can gain capabilities in its effective capability set in various "
+"ways. For example, it may execute a set-user-ID program or an executable "
+"with associated file capabilities. In addition, a process may gain "
+"capabilities via the effect of B<clone>(2), B<unshare>(2), or B<setns>(2), "
+"as already described."
+msgstr "プロセスがその名前空間のメンバーで、実効ケーパビリティセットにそのケーパビリティがあれば、 そのプロセスはユーザー名前空間内でケーパビリティを持つ。 プロセスが実効ケーパビリティセットでケーパビリティを得るにはいくつかの方法がある。 例えば、 set-user-ID プログラムや関連するファイルケーパビリティを持った実行ファイルを実行する。 また、 すでに説明したとおり、 プロセスは B<clone>(2), B<unshare>(2), B<setns>(2) の結果としてケーパビリティを獲得することもできる。"
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:193
+msgid ""
+"If a process has a capability in a user namespace, then it has that "
+"capability in all child (and further removed descendant) namespaces as well."
+msgstr "プロセスがユーザー名前空間でケーパビリティを持っている場合、 そのプロセスはすべての子供の名前空間 (および削除された子孫の名前空間) でケーパビリティを持つ。"
+
+#
+#. * The owner of the user namespace in the parent of the
+#. * user namespace has all caps.
+#. (and likewise associates the effective group ID of the creating process
+#. with the namespace).
+#. See kernel commit 520d9eabce18edfef76a60b7b839d54facafe1f9 for a fix
+#. on this point
+#. This includes the case where the process executes a set-user-ID
+#. program that confers the effective UID of the creator of the namespace.
+#. ============================================================
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:214
+msgid ""
+"When a user namespace is created, the kernel records the effective user ID "
+"of the creating process as being the \"owner\" of the namespace. A process "
+"that resides in the parent of the user namespace and whose effective user ID "
+"matches the owner of the namespace has all capabilities in the namespace. "
+"By virtue of the previous rule, this means that the process has all "
+"capabilities in all further removed descendant user namespaces as well."
+msgstr "ユーザー名前空間が作成された際、 カーネルはその名前空間の「所有者」として作成したプロセスの実効ユーザー ID を記録する。 親のユーザー名前空間に属するプロセスで、 そのプロセスの実効ユーザー ID が名前空間の所有者と一致する場合、 そのプロセスはその名前空間ですべてのケーパビリティを持つ。 一つ前のルールも合わせて考えると、 このプロセスはすべての削除された子孫のユーザー名前空間ですべてのケーパビリティを持つことを意味する。"
+
+#. type: SS
+#: build/C/man7/user_namespaces.7:214
+#, no-wrap
+msgid "Interaction of user namespaces and other types of namespaces"
+msgstr "ユーザー名前空間と他の名前空間の関係"
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:219
+msgid ""
+"Starting in Linux 3.8, unprivileged processes can create user namespaces, "
+"and mount, PID, IPC, network, and UTS namespaces can be created with just "
+"the B<CAP_SYS_ADMIN> capability in the caller's user namespace."
+msgstr "Linux 3.8 以降では、 非特権プロセスがユーザー名前空間を作成することができる。 また、 呼び出し元のユーザー名前空間で B<CAP_SYS_ADMIN> ケーパビリティを持っているだけで、 マウント名前空間、 PID 名前空間、 IPC 名前空間、 ネットワーク名前空間、 UTS 名前空間を作成できる。"
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:225
+msgid ""
+"When a non-user-namespace is created, it is owned by the user namespace in "
+"which the creating process was a member at the time of the creation of the "
+"namespace. Actions on the non-user-namespace require capabilities in the "
+"corresponding user namespace."
+msgstr "ユーザー名前空間以外の名前空間が作成された場合、 その名前空間は呼び出したプロセスが名前空間の作成時にメンバーであったユーザー名前空間により所有される。 ユーザー名前空間以外の名前空間における操作には、 対応するユーザー名前空間でのケーパビリティが必要である。"
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:242
+msgid ""
+"If B<CLONE_NEWUSER> is specified along with other B<CLONE_NEW*> flags in a "
+"single B<clone>(2) or B<unshare>(2) call, the user namespace is guaranteed "
+"to be created first, giving the child (B<clone>(2)) or caller "
+"(B<unshare>(2)) privileges over the remaining namespaces created by the "
+"call. Thus, it is possible for an unprivileged caller to specify this "
+"combination of flags."
+msgstr "一つの B<clone>(2) や B<unshare>(2) の呼び出しで B<CLONE_NEWUSER> が他の B<CLONE_NEW*> フラグと一緒に指定された場合、 そのユーザー名前空間が最初に作成されることが保証され、 子プロセス (B<clone>(2) の場合) や呼び出し元 (B<unshare>(2) の場合) はその呼び出しで作成される残りの名前空間で特権を持つ。 したがって、 特権を持たない呼び出し元がフラグを組み合わせて指定することができる。"
+
+#
+#. ============================================================
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:258
+msgid ""
+"When a new IPC, mount, network, PID, or UTS namespace is created via "
+"B<clone>(2) or B<unshare>(2), the kernel records the user namespace of the "
+"creating process against the new namespace. (This association can't be "
+"changed.) When a process in the new namespace subsequently performs "
+"privileged operations that operate on global resources isolated by the "
+"namespace, the permission checks are performed according to the process's "
+"capabilities in the user namespace that the kernel associated with the new "
+"namespace."
+msgstr "新しい IPC 名前空間、 マウント名前空間、 ネットワーク名前空間、 PID 名前空間、 UTS 名前空間が B<clone>(2) や B<unshare>(2) で作成される際、 カーネルは新しい名前空間に対して作成したプロセスのユーザー名前空間を記録する (この関連付けは変更できない)。 その新しい名前空間のプロセスがその後名前空間で分離されたグローバルリソースに対して特権操作を行う場合、 カーネルが新しい名前空間に対して関連付けたユーザー名前空間でのプロセスのケーパビリティに基づいてアクセス許可のチェックが行われる。"
+
+#. type: SS
+#: build/C/man7/user_namespaces.7:258
+#, no-wrap
+msgid "Restrictions on mount namespaces"
+msgstr "マウント名前空間における制限"
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:261
+msgid "Note the following points with respect to mount namespaces:"
+msgstr "マウント名前空間に関しては以下の点に注意すること。"
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:266
+msgid ""
+"A mount namespace has an owner user namespace. A mount namespace whose "
+"owner user namespace is different from the owner user namespace of its "
+"parent mount namespace is considered a less privileged mount namespace."
+msgstr "マウント名前空間は所有者のユーザー名前空間を持つ。 所有者のユーザー名前空間が親のマウント名前空間の所有者のユーザー名前空間と異なるマウント名前空間は、 特権が少ないマウント名前空間 (less privileged mount namespace) である。"
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:272
+msgid ""
+"When creating a less privileged mount namespace, shared mounts are reduced "
+"to slave mounts. This ensures that mappings performed in less privileged "
+"mount namespaces will not propagate to more privileged mount namespaces."
+msgstr "特権が少ないマウント名前空間を作成する場合、 共有マウントは slave マウントに縮小される。 これにより、 特権の少ないマウント名前空間で実行されるマッピングが、 より特権を持つマウント名前空間 (more privileged mount namespace) に伝搬しないことが保証される。"
+
+#. FIXME .
+#. What does "come as a single unit from more privileged mount" mean?
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:285
+msgid ""
+"Mounts that come as a single unit from more privileged mount are locked "
+"together and may not be separated in a less privileged mount namespace. "
+"(The B<unshare>(2) B<CLONE_NEWNS> operation brings across all of the mounts "
+"from the original mount namespace as a single unit, and recursive mounts "
+"that propagate between mount namespaces propagate as a single unit.)"
+msgstr "より特権を持つマウントで一つのまとまりとして行われたマウントは一つにまとまったままとなり、 特権が少ないマウント名前空間で分割することはできない。 (B<unshare>(2) の B<CLONE_NEWNS> 操作では、 元のマウント名前空間のすべてのマウントは一つのまとまりとして扱われ、 マウント名前空間間で伝わる再帰的なマウントでは一つのまとまりとして伝わる。)"
+
+#
+#. commit 9566d6742852c527bf5af38af5cbb878dad75705
+#. Author: Eric W. Biederman <ebiederm@xmission.com>
+#. Date: Mon Jul 28 17:26:07 2014 -0700
+#. mnt: Correct permission checks in do_remount
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:306
+msgid ""
+"The B<mount>(2) flags B<MS_RDONLY>, B<MS_NOSUID>, B<MS_NOEXEC>, and the "
+"\"atime\" flags (B<MS_NOATIME>, B<MS_NODIRATIME>, B<MS_RELATIME)> settings "
+"become locked when propagated from a more privileged to a less privileged "
+"mount namespace, and may not be changed in the less privileged mount "
+"namespace."
+msgstr "より特権を持つマウント名前空間から特権の少ないマウント名前空間に伝わる際に、 B<mount>(2) の B<MS_RDONLY>, B<MS_NOSUID>, B<MS_NOEXEC> フラグと \"atime\" フラグ (B<MS_NOATIME>, B<MS_NODIRATIME>, B<MS_REALTIME>) 設定はロックされ、 特権の少ないマウント名前空間では変更することはできない。"
+
+#. (As of 3.18-rc1 (in Al Viro's 2014-08-30 vfs.git#for-next tree))
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:313
+msgid ""
+"A file or directory that is a mount point in one namespace that is not a "
+"mount point in another namespace, may be renamed, unlinked, or removed "
+"(B<rmdir>(2)) in the mount namespace in which it is not a mount point "
+"(subject to the usual permission checks)."
+msgstr "ある名前空間でマウントポイントとなっているが別の名前空間でのマウントポイントになっていないファイルやディレクトリは、 マウントポイントになっていないマウント名前空間では (通常のアクセス許可チェックにもとづいて) rename, unlink, remove (B<rmdir>(2)) を行うことができる。"
+
+#
+#. ============================================================
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:324
+msgid ""
+"Previously, attempting to unlink, rename, or remove a file or directory that "
+"was a mount point in another mount namespace would result in the error "
+"B<EBUSY>. That behavior had technical problems of enforcement (e.g., for "
+"NFS) and permitted denial-of-service attacks against more privileged "
+"users. (i.e., preventing individual files from being updated by bind "
+"mounting on top of them)."
+msgstr "以前は、 別のマウント名前空間でマウントポイントとなっていたファイルやディレクトリを rename, unlink, remove しようとすると、 エラー B<EBUSY> が返されていた。 この動作は、 (NFS などで) 適用にあたっての技術的な問題があるとともに、 より特権を持つユーザーに対してサービス不能攻撃 (denial-of-service attack) を許してしまっていた (ファイルをバインドマウントで更新することができなくなっていた)。"
+
+#. type: SS
+#: build/C/man7/user_namespaces.7:324
+#, no-wrap
+msgid "User and group ID mappings: uid_map and gid_map"
+msgstr "ユーザー ID とグループ ID のマッピング: uid_map と gid_map"
+
+#. commit 22d917d80e842829d0ca0a561967d728eb1d6303
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:339
+msgid ""
+"When a user namespace is created, it starts out without a mapping of user "
+"IDs (group IDs) to the parent user namespace. The I</proc/[pid]/uid_map> "
+"and I</proc/[pid]/gid_map> files (available since Linux 3.5) expose the "
+"mappings for user and group IDs inside the user namespace for the process "
+"I<pid>. These files can be read to view the mappings in a user namespace "
+"and written to (once) to define the mappings."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:345
+msgid ""
+"The description in the following paragraphs explains the details for "
+"I<uid_map>; I<gid_map> is exactly the same, but each instance of \"user ID\" "
+"is replaced by \"group ID\"."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:359
+msgid ""
+"The I<uid_map> file exposes the mapping of user IDs from the user namespace "
+"of the process I<pid> to the user namespace of the process that opened "
+"I<uid_map> (but see a qualification to this point below). In other words, "
+"processes that are in different user namespaces will potentially see "
+"different values when reading from a particular I<uid_map> file, depending "
+"on the user ID mappings for the user namespaces of the reading processes."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:371
+msgid ""
+"Each line in the I<uid_map> file specifies a 1-to-1 mapping of a range of "
+"contiguous user IDs between two user namespaces. (When a user namespace is "
+"first created, this file is empty.) The specification in each line takes "
+"the form of three numbers delimited by white space. The first two numbers "
+"specify the starting user ID in each of the two user namespaces. The third "
+"number specifies the length of the mapped range. In detail, the fields are "
+"interpreted as follows:"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:375
+msgid ""
+"The start of the range of user IDs in the user namespace of the process "
+"I<pid>."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:383
+msgid ""
+"The start of the range of user IDs to which the user IDs specified by field "
+"one map. How field two is interpreted depends on whether the process that "
+"opened I<uid_map> and the process I<pid> are in the same user namespace, as "
+"follows:"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:389
+msgid ""
+"If the two processes are in different user namespaces: field two is the "
+"start of a range of user IDs in the user namespace of the process that "
+"opened I<uid_map>."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:400
+msgid ""
+"If the two processes are in the same user namespace: field two is the start "
+"of the range of user IDs in the parent user namespace of the process "
+"I<pid>. This case enables the opener of I<uid_map> (the common case here is "
+"opening I</proc/self/uid_map>) to see the mapping of user IDs into the user "
+"namespace of the process that created this user namespace."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:404
+msgid ""
+"The length of the range of user IDs that is mapped between the two user "
+"namespaces."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:411
+msgid ""
+"System calls that return user IDs (group IDs)\\(emfor example, B<getuid>(2), "
+"B<getgid>(2), and the credential fields in the structure returned by "
+"B<stat>(2)\\(emreturn the user ID (group ID) mapped into the caller's user "
+"namespace."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:419
+msgid ""
+"When a process accesses a file, its user and group IDs are mapped into the "
+"initial user namespace for the purpose of permission checking and assigning "
+"IDs when creating a file. When a process retrieves file user and group IDs "
+"via B<stat>(2), the IDs are mapped in the opposite direction, to produce "
+"values relative to the process user and group ID mappings."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:428
+msgid ""
+"The initial user namespace has no parent namespace, but, for consistency, "
+"the kernel provides dummy user and group ID mapping files for this "
+"namespace. Looking at the I<uid_map> file (I<gid_map> is the same) from a "
+"shell in the initial namespace shows:"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:433
+#, no-wrap
+msgid ""
+"$ B<cat /proc/$$/uid_map>\n"
+" 0 0 4294967295\n"
+msgstr ""
+"$ B<cat /proc/$$/uid_map>\n"
+" 0 0 4294967295\n"
+
+#
+#. ============================================================
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:453
+msgid ""
+"This mapping tells us that the range starting at user ID 0 in this namespace "
+"maps to a range starting at 0 in the (nonexistent) parent namespace, and the "
+"length of the range is the largest 32-bit unsigned integer. (This "
+"deliberately leaves 4294967295 (the 32-bit signed -1 value) unmapped. This "
+"is deliberate: I<(uid_t)\\ -\\1> is used in several interfaces (e.g., "
+"B<setreuid>(2)) as a way to specify \"no user ID\". Leaving I<(uid_t)\\ -"
+"\\1> unmapped and unusable guarantees that there will be no confusion when "
+"using these interfaces."
+msgstr ""
+
+#. type: SS
+#: build/C/man7/user_namespaces.7:453
+#, no-wrap
+msgid "Defining user and group ID mappings: writing to uid_map and gid_map"
+msgstr "ユーザー ID とグループ ID のマッピングの定義: uid_map と gid_map への書き込み"
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:469
+msgid ""
+"After the creation of a new user namespace, the I<uid_map> file of I<one> of "
+"the processes in the namespace may be written to I<once> to define the "
+"mapping of user IDs in the new user namespace. An attempt to write more "
+"than once to a I<uid_map> file in a user namespace fails with the error "
+"B<EPERM>. Similar rules apply for I<gid_map> files."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:474
+msgid ""
+"The lines written to I<uid_map> (I<gid_map>) must conform to the following "
+"rules:"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:477
+msgid ""
+"The three fields must be valid numbers, and the last field must be greater "
+"than 0."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:479
+msgid "Lines are terminated by newline characters."
+msgstr ""
+
+#. FIXME(Eric): the restriction "less than" rather than "less than or equal"
+#. seems strangely arbitrary. Furthermore, the comment does not agree
+#. with the code in kernel/user_namespace.c. Which is correct?
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:492
+msgid ""
+"There is an (arbitrary) limit on the number of lines in the file. As at "
+"Linux 3.8, the limit is five lines. In addition, the number of bytes "
+"written to the file must be less than the system page size, and the write "
+"must be performed at the start of the file (i.e., B<lseek>(2) and "
+"B<pwrite>(2) can't be used to write to nonzero offsets in the file)."
+msgstr ""
+
+#. commit 0bd14b4fd72afd5df41e9fd59f356740f22fceba
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:505
+msgid ""
+"The range of user IDs (group IDs) specified in each line cannot overlap "
+"with the ranges in any other lines. In the initial implementation (Linux "
+"3.8), this requirement was satisfied by a simplistic implementation that "
+"imposed the further requirement that the values in both field 1 and field 2 "
+"of successive lines must be in ascending numerical order, which prevented "
+"some otherwise valid maps from being created. Linux 3.9 and later fix this "
+"limitation, allowing any valid set of nonoverlapping maps."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:507
+msgid "At least one line must be written to the file."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:510
+msgid "Writes that violate the above rules fail with the error B<EINVAL>."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:515
+msgid ""
+"In order for a process to write to the I</proc/[pid]/uid_map> (I</proc/[pid]/"
+"gid_map>) file, all of the following requirements must be met:"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:521
+msgid ""
+"The writing process must have the B<CAP_SETUID> (B<CAP_SETGID>) capability "
+"in the user namespace of the process I<pid>."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:526
+msgid ""
+"The writing process must be in either the user namespace of the process "
+"I<pid> or inside the parent user namespace of the process I<pid>."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:529
+msgid ""
+"The mapped user IDs (group IDs) must in turn have a mapping in the parent "
+"user namespace."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:531
+msgid "One of the following is true:"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:541
+msgid ""
+"The data written to I<uid_map> (I<gid_map>) consists of a single line that "
+"maps the writing process's filesystem user ID (group ID) in the parent user "
+"namespace to a user ID (group ID) in the user namespace. The usual case "
+"here is that this single line provides a mapping for user ID of the process "
+"that created the namespace."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:548
+msgid ""
+"The opening process has the B<CAP_SETUID> (B<CAP_SETGID>) capability in the "
+"parent user namespace. Thus, a privileged process can make mappings to "
+"arbitrary user IDs (group IDs) in the parent user namespace."
+msgstr ""
+
+#
+#. ============================================================
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:555
+msgid "Writes that violate the above rules fail with the error B<EPERM>."
+msgstr ""
+
+#. type: SS
+#: build/C/man7/user_namespaces.7:555
+#, no-wrap
+msgid "Unmapped user and group IDs"
+msgstr "ユーザー ID とグループ ID のマッピング解除"
+
+#. from_kuid_munged(), from_kgid_munged()
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:572
+msgid ""
+"There are various places where an unmapped user ID (group ID) may be "
+"exposed to user space. For example, the first process in a new user "
+"namespace may call B<getuid>() before a user ID mapping has been defined "
+"for the namespace. In most such cases, an unmapped user ID is converted to "
+"the overflow user ID (group ID); the default value for the overflow user ID "
+"(group ID) is 65534. See the descriptions of I</proc/sys/kernel/"
+"overflowuid> and I</proc/sys/kernel/overflowgid> in B<proc>(5)."
+msgstr ""
+
+#. also SO_PEERCRED
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:600
+msgid ""
+"The cases where unmapped IDs are mapped in this fashion include system calls "
+"that return user IDs (B<getuid>(2), B<getgid>(2), and similar), credentials "
+"passed over a UNIX domain socket, credentials returned by B<stat>(2), "
+"B<waitid>(2), and the System V IPC \"ctl\" B<IPC_STAT> operations, "
+"credentials exposed by I</proc/PID/status> and the files in I</proc/sysvipc/"
+"*>, credentials returned via the I<si_uid> field in the I<siginfo_t> "
+"received with a signal (see B<sigaction>(2)), credentials written to the "
+"process accounting file (see B<acct>(5)), and credentials returned with "
+"POSIX message queue notifications (see B<mq_notify>(3))."
+msgstr ""
+
+#
+#. from_kuid(), from_kgid()
+#. Also F_GETOWNER_UIDS is an exception
+#. ============================================================
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:615
+msgid ""
+"There is one notable case where unmapped user and group IDs are I<not> "
+"converted to the corresponding overflow ID value. When viewing a I<uid_map> "
+"or I<gid_map> file in which there is no mapping for the second field, that "
+"field is displayed as 4294967295 (-1 as an unsigned integer);"
+msgstr ""
+
+#. type: SS
+#: build/C/man7/user_namespaces.7:615
+#, no-wrap
+msgid "Set-user-ID and set-group-ID programs"
+msgstr "set-user-ID や set-group-ID されたプログラム"
+
+#
+#. ============================================================
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:635
+msgid ""
+"When a process inside a user namespace executes a set-user-ID (set-group-ID) "
+"program, the process's effective user (group) ID inside the namespace is "
+"changed to whatever value is mapped for the user (group) ID of the file. "
+"However, if either the user I<or> the group ID of the file has no mapping "
+"inside the namespace, the set-user-ID (set-group-ID) bit is silently "
+"ignored: the new program is executed, but the process's effective user "
+"(group) ID is left unchanged. (This mirrors the semantics of executing a "
+"set-user-ID or set-group-ID program that resides on a filesystem that was "
+"mounted with the B<MS_NOSUID> flag, as described in B<mount>(2).)"
msgstr ""
-"B<int setresuid(uid_t >I<ruid>B<, uid_t >I<euid>B<, uid_t >I<suid>B<);>"
#. type: Plain text
-#: build/C/man2/setresuid.2:37
-msgid "B<int setresgid(gid_t >I<rgid>B<, gid_t >I<egid>B<, gid_t >I<sgid>B<);>"
+#: build/C/man7/user_namespaces.7:645
+msgid ""
+"When a process's user and group IDs are passed over a UNIX domain socket to "
+"a process in a different user namespace (see the description of "
+"B<SCM_CREDENTIALS> in B<unix>(7)), they are translated into the "
+"corresponding values as per the receiving process's user and group ID "
+"mappings."
msgstr ""
-"B<int setresgid(gid_t >I<rgid>B<, gid_t >I<egid>B<, gid_t >I<sgid>B<);>"
+#
+#. ============================================================
#. type: Plain text
-#: build/C/man2/setresuid.2:41
+#: build/C/man7/user_namespaces.7:658
msgid ""
-"B<setresuid>() sets the real user ID, the effective user ID, and the saved "
-"set-user-ID of the calling process."
+"Over the years, there have been a lot of features that have been added to "
+"the Linux kernel that have been made available only to privileged users "
+"because of their potential to confuse set-user-ID-root applications. In "
+"general, it becomes safe to allow the root user in a user namespace to use "
+"those features because it is impossible, while in a user namespace, to gain "
+"more privilege than the root user of a user namespace has."
msgstr ""
-"B<setresuid>() は呼び出し元のプロセスの実 (real) ユーザーID、実効 "
-"(effective) ユーザーID、 保存 set-user-ID を設定する。"
+
+#. type: SS
+#: build/C/man7/user_namespaces.7:658
+#, no-wrap
+msgid "Availability"
+msgstr "可用性"
#. type: Plain text
-#: build/C/man2/setresuid.2:47
+#: build/C/man7/user_namespaces.7:666
msgid ""
-"Unprivileged user processes may change the real UID, effective UID, and "
-"saved set-user-ID, each to one of: the current real UID, the current "
-"effective UID or the current saved set-user-ID."
+"Use of user namespaces requires a kernel that is configured with the "
+"B<CONFIG_USER_NS> option. User namespaces require support in a range of "
+"subsystems across the kernel. When an unsupported subsystem is configured "
+"into the kernel, it is not possible to configure user namespaces support."
msgstr ""
-"非特権ユーザーのプロセスは、その実 UID、実効 UID、保存 set-user-ID を、 現在"
-"の実 UID、現在の実効 UID、現在の保存 set-user-ID のどれかに変更することができ"
-"る:"
+#. commit d6970d4b726cea6d7a9bc4120814f95c09571fc3
#. type: Plain text
-#: build/C/man2/setresuid.2:51
+#: build/C/man7/user_namespaces.7:677
msgid ""
-"Privileged processes (on Linux, those having the B<CAP_SETUID> capability) "
-"may set the real UID, effective UID, and saved set-user-ID to arbitrary "
-"values."
+"As at Linux 3.8, most relevant subsystems supported user namespaces, but a "
+"number of filesystems did not have the infrastructure needed to map user and "
+"group IDs between user namespaces. Linux 3.9 added the required "
+"infrastructure support for many of the remaining unsupported filesystems "
+"(Plan 9 (9P), Andrew File System (AFS), Ceph, CIFS, CODA, NFS, and OCFS2). "
+"Linux 3.11 added support the last of the unsupported major filesystems, XFS."
msgstr ""
-"特権プロセス (Linux では B<CAP_SETUID> ケーパビリティ (capability) を持つ プ"
-"ロセス) は、実 UID、実効 UID、保存 set-user-ID を任意の値に設定できる。"
#. type: Plain text
-#: build/C/man2/setresuid.2:53
+#: build/C/man7/user_namespaces.7:686
msgid ""
-"If one of the arguments equals -1, the corresponding value is not changed."
-msgstr "引き数のどれかが -1 の場合はその値は変更されずに残される。"
+"The program below is designed to allow experimenting with user namespaces, "
+"as well as other types of namespaces. It creates namespaces as specified by "
+"command-line options and then executes a command inside those namespaces. "
+"The comments and I<usage()> function inside the program provide a full "
+"explanation of the program. The following shell session demonstrates its "
+"use."
+msgstr ""
+"以下のプログラムは、ユーザー名前空間で実験を行えるように設計されている。 他の"
+"種類の名前空間も扱える。 このプログラムはコマンドライン引き数で指定された名前"
+"空間を作成し、作成した名前空間内でコマンドを実行する。 コメントとプログラム内"
+"の I<usage()> 関数に、プログラムの詳しい説明が書かれている。 以下のシェルセッ"
+"ションに実行例を示す。"
#. type: Plain text
-#: build/C/man2/setresuid.2:57
+#: build/C/man7/user_namespaces.7:688
+msgid "First, we look at the run-time environment:"
+msgstr "まず最初に、実行環境を確認しておく。"
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:697
+#, no-wrap
msgid ""
-"Regardless of what changes are made to the real UID, effective UID, and "
-"saved set-user-ID, the file system UID is always set to the same value as "
-"the (possibly new) effective UID."
+"$ B<uname -rs> # Need Linux 3.8 or later\n"
+"Linux 3.8.0\n"
+"$ B<id -u> # Running as unprivileged user\n"
+"1000\n"
+"$ B<id -g>\n"
+"1000\n"
msgstr ""
-"実 UID、実効 UID、保存 set-user-ID にどんな変更が行われたかに関わらず、 ファ"
-"イルシステム UID は常に実効 UID (可能であれば変更後の新しい実効 UID) と同じ"
-"値に設定される。"
+"$ B<uname -rs> # Linux 3.8 以降が必要\n"
+"Linux 3.8.0\n"
+"$ B<id -u> # 非特権ユーザーで実行する\n"
+"1000\n"
+"$ B<id -g>\n"
+"1000\n"
#. type: Plain text
-#: build/C/man2/setresuid.2:64
+#: build/C/man7/user_namespaces.7:711
msgid ""
-"Completely analogously, B<setresgid>() sets the real GID, effective GID, "
-"and saved set-group-ID of the calling process (and always modifies the file "
-"system GID to be the same as the effective GID), with the same restrictions "
-"for unprivileged processes."
+"Now start a new shell in new user (I<-U>), mount (I<-m>), and PID (I<-p>) "
+"namespaces, with user ID (I<-M>) and group ID (I<-G>) 1000 mapped to 0 "
+"inside the user namespace:"
msgstr ""
-"全く同じように、 B<setresgid>() は呼び出し元のプロセスの実 GID、実効 GID、保"
-"存 set-group-ID を設定する (さらにファイルシステム GID を実効 GID と同じ値に"
-"修正する)。 非特権プロセスは同様の制限を受ける。"
+"新しいユーザー名前空間 (I<-U>), マウント名前空間 (I<-m>), PID 名前空間 (I<-"
+"p>) で新しいシェルを開始する。ユーザー ID (I<-M>) 1000 とグループ ID (I<-G>) "
+"1000 をユーザー名前空間内で 0 にマッピングしている。"
-#. type: TP
-#: build/C/man2/setresuid.2:70 build/C/man2/setuid.2:74
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:715
#, no-wrap
-msgid "B<EAGAIN>"
-msgstr "B<EAGAIN>"
+msgid "$ B<./userns_child_exec -p -m -U -M '0 1000 1' -G '0 1000 1' bash>\n"
+msgstr "$ B<./userns_child_exec -p -m -U -M '0 1000 1' -G '0 1000 1' bash>\n"
#. type: Plain text
-#: build/C/man2/setresuid.2:77
+#: build/C/man7/user_namespaces.7:720
msgid ""
-"I<uid> does not match the current UID and this call would bring that user ID "
-"over its B<RLIMIT_NPROC> resource limit."
+"The shell has PID 1, because it is the first process in the new PID "
+"namespace:"
msgstr ""
-"I<uid> が現在のユーザー ID と違う値で、 この呼び出しにより ユーザー ID が リ"
-"ã\82½ã\83¼ã\82¹ä¸\8aé\99\90 B<RLIMIT_NPROC> ã\82\92è¶\85ã\81\88ã\81¦ã\81\97ã\81¾ã\81\86。"
+"シェルは PID 1 を持つ。このシェルは新しい PID 名前空間の最初のプロセスだから"
+"ã\81§ã\81\82ã\82\8b。"
#. type: Plain text
-#: build/C/man2/setresuid.2:81
+#: build/C/man7/user_namespaces.7:725
+#, no-wrap
msgid ""
-"The calling process is not privileged (did not have the B<CAP_SETUID> "
-"capability) and tried to change the IDs to values that are not permitted."
+"bash$ B<echo $$>\n"
+"1\n"
msgstr ""
-"呼び出したプロセスが特権を持たないのに (B<CAP_SETUID> ケーパビリティを持たな"
-"いのに)、 ID を許されていない値に変更しようとした。"
+"bash$ B<echo $$>\n"
+"1\n"
#. type: Plain text
-#: build/C/man2/setresuid.2:83
-msgid "These calls are available under Linux since Linux 2.1.44."
-msgstr "Linux ではバージョン 2.1.44 より利用可能になった。"
+#: build/C/man7/user_namespaces.7:730
+msgid ""
+"Inside the user namespace, the shell has user and group ID 0, and a full set "
+"of permitted and effective capabilities:"
+msgstr ""
+"ユーザー名前空間内では、シェルのユーザー ID とグループ ID ともに 0 で、すべて"
+"の許可ケーパビリティと実効ケーパビリティが有効になっている。"
#. type: Plain text
-#: build/C/man2/setresuid.2:90
+#: build/C/man7/user_namespaces.7:740
+#, no-wrap
msgid ""
-"Under HP-UX and FreeBSD, the prototype is found in I<E<lt>unistd.hE<gt>>. "
-"Under Linux the prototype is provided by glibc since version 2.3.2."
+"bash$ B<cat /proc/$$/status | egrep '^[UG]id'>\n"
+"Uid:\t0\t0\t0\t0\n"
+"Gid:\t0\t0\t0\t0\n"
+"bash$ B<cat /proc/$$/status | egrep '^Cap(Prm|Inh|Eff)'>\n"
+"CapInh:\t0000000000000000\n"
+"CapPrm:\t0000001fffffffff\n"
+"CapEff:\t0000001fffffffff\n"
msgstr ""
-"HP-UX や FreeBSD では I<E<lt>unistd.hE<gt>> にプロトタイプが存在する。 \n"
-"Linux では、glibc 2.3.2 以降で プロトタイプが提供されている。"
+"bash$ B<cat /proc/$$/status | egrep '^[UG]id'>\n"
+"Uid:\t0\t0\t0\t0\n"
+"Gid:\t0\t0\t0\t0\n"
+"bash$ B<cat /proc/$$/status | egrep '^Cap(Prm|Inh|Eff)'>\n"
+"CapInh:\t0000000000000000\n"
+"CapPrm:\t0000001fffffffff\n"
+"CapEff:\t0000001fffffffff\n"
#. type: Plain text
-#: build/C/man2/setresuid.2:106
+#: build/C/man7/user_namespaces.7:748
msgid ""
-"The original Linux B<setresuid>() and B<setresgid>() system calls "
-"supported only 16-bit user and group IDs. Subsequently, Linux 2.4 added "
-"B<setresuid32>() and B<setresgid32>(), supporting 32-bit IDs. The glibc "
-"B<setresuid>() and B<setresgid>() wrapper functions transparently deal "
-"with the variations across kernel versions."
+"Mounting a new I</proc> filesystem and listing all of the processes visible "
+"in the new PID namespace shows that the shell can't see any processes "
+"outside the PID namespace:"
msgstr ""
-"元々の Linux の B<setresuid>() と B<setresgid>() システムコールは\n"
-"16 ビットのグループ ID だけに対応していた。\n"
-"その後、Linux 2.4 で、32 ビットの ID に対応した\n"
-"B<setresuid32>() と B<setresgid32>() が追加された。\n"
-"glibc の B<setresuid>() と B<setresgid>() のラッパー関数は\n"
-"カーネルバージョンによるこの違いを吸収している。"
+"I</proc> ファイルシステムをマウントし、新しい PID 名前空間で見えるプロセス一"
+"覧を表示すると、 シェルからは PID 名前空間外のプロセスが見えないことが分か"
+"る。"
#. type: Plain text
-#: build/C/man2/setresuid.2:115
+#: build/C/man7/user_namespaces.7:756
+#, no-wrap
msgid ""
-"B<getresuid>(2), B<getuid>(2), B<setfsgid>(2), B<setfsuid>(2), B<setreuid>"
-"(2), B<setuid>(2), B<capabilities>(7), B<credentials>(7)"
+"bash$ B<mount -t proc proc /proc>\n"
+"bash$ B<ps ax>\n"
+" PID TTY STAT TIME COMMAND\n"
+" 1 pts/3 S 0:00 bash\n"
+" 22 pts/3 R+ 0:00 ps ax\n"
msgstr ""
-"B<getresuid>(2), B<getuid>(2), B<setfsgid>(2), B<setfsuid>(2), B<setreuid>"
-"(2), B<setuid>(2), B<capabilities>(7), B<credentials>(7)"
+"bash$ B<mount -t proc proc /proc>\n"
+"bash$ B<ps ax>\n"
+" PID TTY STAT TIME COMMAND\n"
+" 1 pts/3 S 0:00 bash\n"
+" 22 pts/3 R+ 0:00 ps ax\n"
-#. type: TH
-#: build/C/man2/setreuid.2:43
+#. type: SS
+#: build/C/man7/user_namespaces.7:758 build/C/man2/seccomp.2:574
#, no-wrap
-msgid "SETREUID"
-msgstr "SETREUID"
+msgid "Program source"
+msgstr "プログラムのソース"
#. type: Plain text
-#: build/C/man2/setreuid.2:46
-msgid "setreuid, setregid - set real and/or effective user or group ID"
-msgstr ""
-"setreuid, setregid - 実 (real) と実効 (effective) ユーザー (グループ) ID を設"
-"定する"
+#: build/C/man7/user_namespaces.7:762
+#, no-wrap
+msgid "/* userns_child_exec.c\n"
+msgstr "/* userns_child_exec.c\n"
#. type: Plain text
-#: build/C/man2/setreuid.2:52
-msgid "B<int setreuid(uid_t >I<ruid>B<, uid_t >I<euid>B<);>"
-msgstr "B<int setreuid(uid_t >I<ruid>B<, uid_t >I<euid>B<);>"
+#: build/C/man7/user_namespaces.7:764
+#, no-wrap
+msgid " Licensed under GNU General Public License v2 or later\n"
+msgstr " GNU General Public License v2 以降の元でライセンスされる\n"
#. type: Plain text
-#: build/C/man2/setreuid.2:54
-msgid "B<int setregid(gid_t >I<rgid>B<, gid_t >I<egid>B<);>"
-msgstr "B<int setregid(gid_t >I<rgid>B<, gid_t >I<egid>B<);>"
+#: build/C/man7/user_namespaces.7:780
+#, no-wrap
+msgid ""
+" Create a child process that executes a shell command in new\n"
+" namespace(s); allow UID and GID mappings to be specified when\n"
+" creating a user namespace.\n"
+"*/\n"
+"#define _GNU_SOURCE\n"
+"#include E<lt>sched.hE<gt>\n"
+"#include E<lt>unistd.hE<gt>\n"
+"#include E<lt>stdlib.hE<gt>\n"
+"#include E<lt>sys/wait.hE<gt>\n"
+"#include E<lt>signal.hE<gt>\n"
+"#include E<lt>fcntl.hE<gt>\n"
+"#include E<lt>stdio.hE<gt>\n"
+"#include E<lt>string.hE<gt>\n"
+"#include E<lt>limits.hE<gt>\n"
+"#include E<lt>errno.hE<gt>\n"
+msgstr ""
+" 新しい名前空間でシェルコマンドを実行する子プロセスを作成する。\n"
+" ユーザー名前空間を作成する際に UID と GID のマッピングを\n"
+" 指定することができる。\n"
+"*/\n"
+"#define _GNU_SOURCE\n"
+"#include E<lt>sched.hE<gt>\n"
+"#include E<lt>unistd.hE<gt>\n"
+"#include E<lt>stdlib.hE<gt>\n"
+"#include E<lt>sys/wait.hE<gt>\n"
+"#include E<lt>signal.hE<gt>\n"
+"#include E<lt>fcntl.hE<gt>\n"
+"#include E<lt>stdio.hE<gt>\n"
+"#include E<lt>string.hE<gt>\n"
+"#include E<lt>limits.hE<gt>\n"
+"#include E<lt>errno.hE<gt>\n"
#. type: Plain text
-#: build/C/man2/setreuid.2:62
-msgid "B<setreuid>(), B<setregid>():"
-msgstr "B<setreuid>(), B<setregid>():"
+#: build/C/man7/user_namespaces.7:783
+#, no-wrap
+msgid ""
+"/* A simple error-handling function: print an error message based\n"
+" on the value in \\(aqerrno\\(aq and terminate the calling process */\n"
+msgstr ""
+"/* 簡単なエラー処理関数: \\\\(aqerrno\\\\(aq の値に基づいて\n"
+" エラーメッセージを出力し、呼び出し元プロセスを終了する。 */\n"
#. type: Plain text
-#: build/C/man2/setreuid.2:66
+#: build/C/man7/user_namespaces.7:786
+#, no-wrap
msgid ""
-"_BSD_SOURCE || _XOPEN_SOURCE\\ E<gt>=\\ 500 || _XOPEN_SOURCE\\ &&\\ "
-"_XOPEN_SOURCE_EXTENDED"
+"#define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \\e\n"
+" } while (0)\n"
msgstr ""
-"_BSD_SOURCE || _XOPEN_SOURCE\\ E<gt>=\\ 500 || _XOPEN_SOURCE\\ &&\\ "
-"_XOPEN_SOURCE_EXTENDED"
+"#define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \\e\n"
+" } while (0)\n"
#. type: Plain text
-#: build/C/man2/setreuid.2:71
-msgid "B<setreuid>() sets real and effective user IDs of the calling process."
+#: build/C/man7/user_namespaces.7:791
+#, no-wrap
+msgid ""
+"struct child_args {\n"
+" char **argv; /* Command to be executed by child, with args */\n"
+" int pipe_fd[2]; /* Pipe used to synchronize parent and child */\n"
+"};\n"
msgstr ""
-"B<setreuid>() は呼び出し元のプロセスの実 (real) ユーザー ID と 実効 "
-"(effective) ユーザー ID を設定する。"
+"struct child_args {\n"
+" char **argv; /* 子プロセスが実行するコマンドと引き数 */\n"
+" int pipe_fd[2]; /* 親プロセスと子プロセスを同期するためのパイプ */\n"
+"};\n"
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:793
+#, no-wrap
+msgid "static int verbose;\n"
+msgstr "static int verbose;\n"
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:826
+#, no-wrap
+msgid ""
+"static void\n"
+"usage(char *pname)\n"
+"{\n"
+" fprintf(stderr, \"Usage: %s [options] cmd [arg...]\\en\\en\", pname);\n"
+" fprintf(stderr, \"Create a child process that executes a shell \"\n"
+" \"command in a new user namespace,\\en\"\n"
+" \"and possibly also other new namespace(s).\\en\\en\");\n"
+" fprintf(stderr, \"Options can be:\\en\\en\");\n"
+"#define fpe(str) fprintf(stderr, \" %s\", str);\n"
+" fpe(\"-i New IPC namespace\\en\");\n"
+" fpe(\"-m New mount namespace\\en\");\n"
+" fpe(\"-n New network namespace\\en\");\n"
+" fpe(\"-p New PID namespace\\en\");\n"
+" fpe(\"-u New UTS namespace\\en\");\n"
+" fpe(\"-U New user namespace\\en\");\n"
+" fpe(\"-M uid_map Specify UID map for user namespace\\en\");\n"
+" fpe(\"-G gid_map Specify GID map for user namespace\\en\");\n"
+" fpe(\"-z Map user\\(aqs UID and GID to 0 in user namespace\\en\");\n"
+" fpe(\" (equivalent to: -M \\(aq0 E<lt>uidE<gt> 1\\(aq -G \\(aq0 E<lt>gidE<gt> 1\\(aq)\\en\");\n"
+" fpe(\"-v Display verbose messages\\en\");\n"
+" fpe(\"\\en\");\n"
+" fpe(\"If -z, -M, or -G is specified, -U is required.\\en\");\n"
+" fpe(\"It is not permitted to specify both -z and either -M or -G.\\en\");\n"
+" fpe(\"\\en\");\n"
+" fpe(\"Map strings for -M and -G consist of records of the form:\\en\");\n"
+" fpe(\"\\en\");\n"
+" fpe(\" ID-inside-ns ID-outside-ns len\\en\");\n"
+" fpe(\"\\en\");\n"
+" fpe(\"A map string can contain multiple records, separated\"\n"
+" \" by commas;\\en\");\n"
+" fpe(\"the commas are replaced by newlines before writing\"\n"
+" \" to map files.\\en\");\n"
+msgstr ""
+"static void\n"
+"usage(char *pname)\n"
+"{\n"
+" fprintf(stderr, \"Usage: %s [options] cmd [arg...]\\en\\en\", pname);\n"
+" fprintf(stderr, \"Create a child process that executes a shell \"\n"
+" \"command in a new user namespace,\\en\"\n"
+" \"and possibly also other new namespace(s).\\en\\en\");\n"
+" fprintf(stderr, \"Options can be:\\en\\en\");\n"
+"#define fpe(str) fprintf(stderr, \" %s\", str);\n"
+" fpe(\"-i New IPC namespace\\en\");\n"
+" fpe(\"-m New mount namespace\\en\");\n"
+" fpe(\"-n New network namespace\\en\");\n"
+" fpe(\"-p New PID namespace\\en\");\n"
+" fpe(\"-u New UTS namespace\\en\");\n"
+" fpe(\"-U New user namespace\\en\");\n"
+" fpe(\"-M uid_map Specify UID map for user namespace\\en\");\n"
+" fpe(\"-G gid_map Specify GID map for user namespace\\en\");\n"
+" fpe(\"-z Map user\\(aqs UID and GID to 0 in user namespace\\en\");\n"
+" fpe(\" (equivalent to: -M \\(aq0 E<lt>uidE<gt> 1\\(aq -G \\(aq0 E<lt>gidE<gt> 1\\(aq)\\en\");\n"
+" fpe(\"-v Display verbose messages\\en\");\n"
+" fpe(\"\\en\");\n"
+" fpe(\"If -z, -M, or -G is specified, -U is required.\\en\");\n"
+" fpe(\"It is not permitted to specify both -z and either -M or -G.\\en\");\n"
+" fpe(\"\\en\");\n"
+" fpe(\"Map strings for -M and -G consist of records of the form:\\en\");\n"
+" fpe(\"\\en\");\n"
+" fpe(\" ID-inside-ns ID-outside-ns len\\en\");\n"
+" fpe(\"\\en\");\n"
+" fpe(\"A map string can contain multiple records, separated\"\n"
+" \" by commas;\\en\");\n"
+" fpe(\"the commas are replaced by newlines before writing\"\n"
+" \" to map files.\\en\");\n"
#. type: Plain text
-#: build/C/man2/setreuid.2:74
+#: build/C/man7/user_namespaces.7:834
+#, no-wrap
msgid ""
-"Supplying a value of -1 for either the real or effective user ID forces the "
-"system to leave that ID unchanged."
+"/* Update the mapping file \\(aqmap_file\\(aq, with the value provided in\n"
+" \\(aqmapping\\(aq, a string that defines a UID or GID mapping. A UID or\n"
+" GID mapping consists of one or more newline-delimited records\n"
+" of the form:\n"
msgstr ""
-"実ユーザー ID や実効ユーザー ID に -1 を与えた場合、 システムはその ID を変更"
-"しない。"
#. type: Plain text
-#: build/C/man2/setreuid.2:77
-msgid ""
-"Unprivileged processes may only set the effective user ID to the real user "
-"ID, the effective user ID, or the saved set-user-ID."
+#: build/C/man7/user_namespaces.7:836
+#, no-wrap
+msgid " ID_inside-ns ID-outside-ns length\n"
msgstr ""
-"非特権プロセスは実効ユーザー ID を実ユーザー ID または実効ユーザー ID または "
-"保存 set-user-ID にしか設定できない。"
#. type: Plain text
-#: build/C/man2/setreuid.2:80
+#: build/C/man7/user_namespaces.7:841
+#, no-wrap
msgid ""
-"Unprivileged users may only set the real user ID to the real user ID or the "
-"effective user ID."
+" Requiring the user to supply a string that contains newlines is\n"
+" of course inconvenient for command-line use. Thus, we permit the\n"
+" use of commas to delimit records in this string, and replace them\n"
+" with newlines before writing the string to the file. */\n"
msgstr ""
-"非特権ユーザーは、実ユーザー ID を実ユーザー ID または 実効ユーザー ID にしか"
-"設定できない。"
#. type: Plain text
-#: build/C/man2/setreuid.2:84
+#: build/C/man7/user_namespaces.7:847
+#, no-wrap
msgid ""
-"If the real user ID is set or the effective user ID is set to a value not "
-"equal to the previous real user ID, the saved set-user-ID will be set to the "
-"new effective user ID."
+"static void\n"
+"update_map(char *mapping, char *map_file)\n"
+"{\n"
+" int fd, j;\n"
+" size_t map_len; /* Length of \\(aqmapping\\(aq */\n"
msgstr ""
-"実ユーザーID が設定されたり、実効ユーザーID が前の実ユーザーID と 異った値に"
-"設定された場合、保存 set-user-ID には新しい実効ユーザーID の値が設定される。"
+"static void\n"
+"update_map(char *mapping, char *map_file)\n"
+"{\n"
+" int fd, j;\n"
+" size_t map_len; /* Length of \\(aqmapping\\(aq */\n"
#. type: Plain text
-#: build/C/man2/setreuid.2:89
+#: build/C/man7/user_namespaces.7:849
+#, no-wrap
+msgid " /* Replace commas in mapping string with newlines */\n"
+msgstr " /* Replace commas in mapping string with newlines */\n"
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:854
+#, no-wrap
msgid ""
-"Completely analogously, B<setregid>() sets real and effective group ID's of "
-"the calling process, and all of the above holds with \"group\" instead of "
-"\"user\"."
+" map_len = strlen(mapping);\n"
+" for (j = 0; j E<lt> map_len; j++)\n"
+" if (mapping[j] == \\(aq,\\(aq)\n"
+" mapping[j] = \\(aq\\en\\(aq;\n"
msgstr ""
-"これと全く同様に、 B<setregid>() は呼び出し元のプロセスの実グループ ID と実"
-"効グループ ID を設定し、 上記の説明で「ユーザー」を「グループ」に読み替えたこ"
-"とが成り立つ。"
+" map_len = strlen(mapping);\n"
+" for (j = 0; j E<lt> map_len; j++)\n"
+" if (mapping[j] == \\(aq,\\(aq)\n"
+" mapping[j] = \\(aq\\en\\(aq;\n"
#. type: Plain text
-#: build/C/man2/setreuid.2:111
+#: build/C/man7/user_namespaces.7:861
+#, no-wrap
msgid ""
-"The calling process is not privileged (Linux: does not have the "
-"B<CAP_SETUID> capability in the case of B<setreuid>(), or the B<CAP_SETGID> "
-"capability in the case of B<setregid>()) and a change other than (i) "
-"swapping the effective user (group) ID with the real user (group) ID, or "
-"(ii) setting one to the value of the other or (iii) setting the effective "
-"user (group) ID to the value of the saved set-user-ID (saved set-group-ID) "
-"was specified."
+" fd = open(map_file, O_RDWR);\n"
+" if (fd == -1) {\n"
+" fprintf(stderr, \"ERROR: open %s: %s\\en\", map_file,\n"
+" strerror(errno));\n"
+" exit(EXIT_FAILURE);\n"
+" }\n"
msgstr ""
-"呼び出し元のプロセスに特権がなく (Linux では B<setreuid>() の場合に "
-"B<CAP_SETUID> ケーパビリティ (capability) がなく、 B<setregid>() の場合に "
-"B<CAP_SETGID> ケーパビリティがない)、 以下のいずれでもない変更が指定された: "
-"(i) 実効ユーザー (グループ) ID と実ユーザー (グループ) ID を入れ換える。 "
-"(ii) 片方の値を他方に設定する。 (iii) 実効ユーザー (グループ) ID に保存 set-"
-"user-ID (保存 set-group-ID) の値を設定する。"
+" fd = open(map_file, O_RDWR);\n"
+" if (fd == -1) {\n"
+" fprintf(stderr, \"ERROR: open %s: %s\\en\", map_file,\n"
+" strerror(errno));\n"
+" exit(EXIT_FAILURE);\n"
+" }\n"
#. type: Plain text
-#: build/C/man2/setreuid.2:117
+#: build/C/man7/user_namespaces.7:867
+#, no-wrap
msgid ""
-"POSIX.1-2001, 4.3BSD (the B<setreuid>() and B<setregid>() function calls "
-"first appeared in 4.2BSD)."
+" if (write(fd, mapping, map_len) != map_len) {\n"
+" fprintf(stderr, \"ERROR: write %s: %s\\en\", map_file,\n"
+" strerror(errno));\n"
+" exit(EXIT_FAILURE);\n"
+" }\n"
msgstr ""
-"POSIX.1-2001, 4.3BSD (B<setreuid>() と B<setregid>() 関数コールは 4.2BSD で"
-"登場した)。"
+" if (write(fd, mapping, map_len) != map_len) {\n"
+" fprintf(stderr, \"ERROR: write %s: %s\\en\", map_file,\n"
+" strerror(errno));\n"
+" exit(EXIT_FAILURE);\n"
+" }\n"
#. type: Plain text
-#: build/C/man2/setreuid.2:121
+#: build/C/man7/user_namespaces.7:870
+#, no-wrap
msgid ""
-"Setting the effective user (group) ID to the saved set-user-ID (saved set-"
-"group-ID) is possible since Linux 1.1.37 (1.1.38)."
+" close(fd);\n"
+"}\n"
msgstr ""
-"実効ユーザー (グループ) ID を保存ユーザー (グループ) ID に 設定することが、"
-"Linux 1.1.37 (1.1.38) から可能になった。"
+" close(fd);\n"
+"}\n"
#. type: Plain text
-#: build/C/man2/setreuid.2:138
+#: build/C/man7/user_namespaces.7:876
+#, no-wrap
msgid ""
-"POSIX.1 does not specify all of possible ID changes that are permitted on "
-"Linux for an unprivileged process. For B<setreuid>(), the effective user ID "
-"can be made the same as the real user ID or the save set-user-ID, and it is "
-"unspecified whether unprivileged processes may set the real user ID to the "
-"real user ID, the effective user ID, or the saved set-user-ID. For "
-"B<setregid>(), the real group ID can be changed to the value of the saved "
-"set-group-ID, and the effective group ID can be changed to the value of the "
-"real group ID or the saved set-group-ID. The precise details of what ID "
-"changes are permitted vary across implementations."
+"static int /* Start function for cloned child */\n"
+"childFunc(void *arg)\n"
+"{\n"
+" struct child_args *args = (struct child_args *) arg;\n"
+" char ch;\n"
msgstr ""
-"POSIX.1 では、非特権プロセスに対して Linux 上で認められている ID の変更の 全"
-"パターンを規定しているわけではない。 B<setreuid>() では、実効ユーザ ID を実"
-"ユーザ ID もしくは保存 set-user-ID と 同じ値にすることができるが、 非特権プロ"
-"セスが実ユーザ ID を実ユーザ ID、実効ユーザ ID、 保存 set-user-ID のどの値に"
-"も設定できるかは規定されていない。 B<setregid>() では、実グループ ID を保存 "
-"set-group-ID と同じ値に変更でき、 実効グループ ID を実グループ ID や保存 set-"
-"group-ID と同じ値に変更できる。 どのような ID の変更が認められているかの正確"
-"な詳細は 実装ごとに異なる。"
+"static int /* Start function for cloned child */\n"
+"childFunc(void *arg)\n"
+"{\n"
+" struct child_args *args = (struct child_args *) arg;\n"
+" char ch;\n"
#. type: Plain text
-#: build/C/man2/setreuid.2:141
+#: build/C/man7/user_namespaces.7:881
+#, no-wrap
msgid ""
-"POSIX.1 makes no specification about the effect of these calls on the saved "
-"set-user-ID and saved set-group-ID."
+" /* Wait until the parent has updated the UID and GID mappings.\n"
+" See the comment in main(). We wait for end of file on a\n"
+" pipe that will be closed by the parent process once it has\n"
+" updated the mappings. */\n"
msgstr ""
-"POSIX.1 では、これらのシステムコールが保存 set-user-ID や 保存 set-group-ID "
-"に与える影響については規定していない。"
#. type: Plain text
-#: build/C/man2/setreuid.2:157
+#: build/C/man7/user_namespaces.7:890
+#, no-wrap
msgid ""
-"The original Linux B<setreuid>() and B<setregid>() system calls supported "
-"only 16-bit user and group IDs. Subsequently, Linux 2.4 added B<setreuid32>"
-"() and B<setregid32>(), supporting 32-bit IDs. The glibc B<setreuid>() "
-"and B<setregid>() wrapper functions transparently deal with the variations "
-"across kernel versions."
+" close(args-E<gt>pipe_fd[1]); /* Close our descriptor for the write\n"
+" end of the pipe so that we see EOF\n"
+" when parent closes its descriptor */\n"
+" if (read(args-E<gt>pipe_fd[0], &ch, 1) != 0) {\n"
+" fprintf(stderr,\n"
+" \"Failure in child: read from pipe returned != 0\\en\");\n"
+" exit(EXIT_FAILURE);\n"
+" }\n"
msgstr ""
-"元々の Linux の B<setreuid>() と B<setregid>() システムコールは\n"
-"16 ビットのグループ ID だけに対応していた。\n"
-"その後、Linux 2.4 で、32 ビットの ID に対応した\n"
-"B<setreuid32>() と B<setregid32>() が追加された。\n"
-"glibc の B<setreuid>() と B<setregid>() のラッパー関数は\n"
-"カーネルバージョンによるこの違いを吸収している。"
#. type: Plain text
-#: build/C/man2/setreuid.2:165
+#: build/C/man7/user_namespaces.7:892
+#, no-wrap
+msgid " /* Execute a shell command */\n"
+msgstr " /* シェルコマンドを実行する */\n"
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:897
+#, no-wrap
msgid ""
-"B<getgid>(2), B<getuid>(2), B<seteuid>(2), B<setgid>(2), B<setresuid>(2), "
-"B<setuid>(2), B<capabilities>(7)"
+" printf(\"About to exec %s\\en\", args-E<gt>argv[0]);\n"
+" execvp(args-E<gt>argv[0], args-E<gt>argv);\n"
+" errExit(\"execvp\");\n"
+"}\n"
msgstr ""
-"B<getgid>(2), B<getuid>(2), B<seteuid>(2), B<setgid>(2), B<setresuid>(2), "
-"B<setuid>(2), B<capabilities>(7)"
+" printf(\"About to exec %s\\en\", args-E<gt>argv[0]);\n"
+" execvp(args-E<gt>argv[0], args-E<gt>argv);\n"
+" errExit(\"execvp\");\n"
+"}\n"
-#. type: TH
-#: build/C/man2/setsid.2:29
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:899
#, no-wrap
-msgid "SETSID"
-msgstr "SETSID"
+msgid "#define STACK_SIZE (1024 * 1024)\n"
+msgstr "#define STACK_SIZE (1024 * 1024)\n"
-#. type: TH
-#: build/C/man2/setsid.2:29
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:901
#, no-wrap
-msgid "2008-12-03"
-msgstr "2008-12-03"
+msgid "static char child_stack[STACK_SIZE]; /* Space for child\\(aqs stack */\n"
+msgstr "static char child_stack[STACK_SIZE]; /* 子プロセスのスタック空間 */\n"
#. type: Plain text
-#: build/C/man2/setsid.2:32
-msgid "setsid - creates a session and sets the process group ID"
-msgstr "setsid - セッション (session) を作成し、プロセスグループ ID を設定する"
+#: build/C/man7/user_namespaces.7:912
+#, no-wrap
+msgid ""
+"int\n"
+"main(int argc, char *argv[])\n"
+"{\n"
+" int flags, opt, map_zero;\n"
+" pid_t child_pid;\n"
+" struct child_args args;\n"
+" char *uid_map, *gid_map;\n"
+" const int MAP_BUF_SIZE = 100;\n"
+" char map_buf[MAP_BUF_SIZE];\n"
+" char map_path[PATH_MAX];\n"
+msgstr ""
+"int\n"
+"main(int argc, char *argv[])\n"
+"{\n"
+" int flags, opt, map_zero;\n"
+" pid_t child_pid;\n"
+" struct child_args args;\n"
+" char *uid_map, *gid_map;\n"
+" const int MAP_BUF_SIZE = 100;\n"
+" char map_buf[MAP_BUF_SIZE];\n"
+" char map_path[PATH_MAX];\n"
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:919
+#, no-wrap
+msgid ""
+" /* Parse command-line options. The initial \\(aq+\\(aq character in\n"
+" the final getopt() argument prevents GNU-style permutation\n"
+" of command-line options. That\\(aqs useful, since sometimes\n"
+" the \\(aqcommand\\(aq to be executed by this program itself\n"
+" has command-line options. We don\\(aqt want getopt() to treat\n"
+" those as options to this program. */\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:940
+#, no-wrap
+msgid ""
+" flags = 0;\n"
+" verbose = 0;\n"
+" gid_map = NULL;\n"
+" uid_map = NULL;\n"
+" map_zero = 0;\n"
+" while ((opt = getopt(argc, argv, \"+imnpuUM:G:zv\")) != -1) {\n"
+" switch (opt) {\n"
+" case \\(aqi\\(aq: flags |= CLONE_NEWIPC; break;\n"
+" case \\(aqm\\(aq: flags |= CLONE_NEWNS; break;\n"
+" case \\(aqn\\(aq: flags |= CLONE_NEWNET; break;\n"
+" case \\(aqp\\(aq: flags |= CLONE_NEWPID; break;\n"
+" case \\(aqu\\(aq: flags |= CLONE_NEWUTS; break;\n"
+" case \\(aqv\\(aq: verbose = 1; break;\n"
+" case \\(aqz\\(aq: map_zero = 1; break;\n"
+" case \\(aqM\\(aq: uid_map = optarg; break;\n"
+" case \\(aqG\\(aq: gid_map = optarg; break;\n"
+" case \\(aqU\\(aq: flags |= CLONE_NEWUSER; break;\n"
+" default: usage(argv[0]);\n"
+" }\n"
+" }\n"
+msgstr ""
+" flags = 0;\n"
+" verbose = 0;\n"
+" gid_map = NULL;\n"
+" uid_map = NULL;\n"
+" map_zero = 0;\n"
+" while ((opt = getopt(argc, argv, \"+imnpuUM:G:zv\")) != -1) {\n"
+" switch (opt) {\n"
+" case \\(aqi\\(aq: flags |= CLONE_NEWIPC; break;\n"
+" case \\(aqm\\(aq: flags |= CLONE_NEWNS; break;\n"
+" case \\(aqn\\(aq: flags |= CLONE_NEWNET; break;\n"
+" case \\(aqp\\(aq: flags |= CLONE_NEWPID; break;\n"
+" case \\(aqu\\(aq: flags |= CLONE_NEWUTS; break;\n"
+" case \\(aqv\\(aq: verbose = 1; break;\n"
+" case \\(aqz\\(aq: map_zero = 1; break;\n"
+" case \\(aqM\\(aq: uid_map = optarg; break;\n"
+" case \\(aqG\\(aq: gid_map = optarg; break;\n"
+" case \\(aqU\\(aq: flags |= CLONE_NEWUSER; break;\n"
+" default: usage(argv[0]);\n"
+" }\n"
+" }\n"
#. type: Plain text
-#: build/C/man2/setsid.2:37
-msgid "B<pid_t setsid(void);>"
-msgstr "B<pid_t setsid(void);>"
+#: build/C/man7/user_namespaces.7:942
+#, no-wrap
+msgid " /* -M or -G without -U is nonsensical */\n"
+msgstr " /* -U なしの -M や -G の指定は意味がない */\n"
#. type: Plain text
-#: build/C/man2/setsid.2:50
+#: build/C/man7/user_namespaces.7:947
+#, no-wrap
msgid ""
-"B<setsid>() creates a new session if the calling process is not a process "
-"group leader. The calling process is the leader of the new session, the "
-"process group leader of the new process group, and has no controlling tty. "
-"The process group ID and session ID of the calling process are set to the "
-"PID of the calling process. The calling process will be the only process in "
-"this new process group and in this new session."
+" if (((uid_map != NULL || gid_map != NULL || map_zero) &&\n"
+" !(flags & CLONE_NEWUSER)) ||\n"
+" (map_zero && (uid_map != NULL || gid_map != NULL)))\n"
+" usage(argv[0]);\n"
msgstr ""
-"B<setsid>() は呼び出したプロセスがプロセスグループ・リーダー (process group "
-"leader) でなければ、新しいセッションを作成する。 呼び出したプロセスは新しい"
-"セッションのリーダー、新しいプロセスグループの プロセスグループ・リーダーとな"
-"り、tty の制御を持たない。 呼び出したプロセスのプロセスグループ ID とセッショ"
-"ン ID には、 呼び出したプロセスの PID が設定される。呼び出したプロセスはこの "
-"新しいプロセスグループ、この新しいセッションの唯一のプロセスとなる。"
+" if (((uid_map != NULL || gid_map != NULL || map_zero) &&\n"
+" !(flags & CLONE_NEWUSER)) ||\n"
+" (map_zero && (uid_map != NULL || gid_map != NULL)))\n"
+" usage(argv[0]);\n"
#. type: Plain text
-#: build/C/man2/setsid.2:57
-msgid ""
-"On success, the (new) session ID of the calling process is returned. On "
-"error, I<(pid_t)\\ -1> is returned, and I<errno> is set to indicate the "
-"error."
-msgstr ""
-"成功すると、呼び出したプロセスの (新しい) セッション ID が返される。 エラーの"
-"場合は、 I<(pid_t)\\ -1> が返され、 I<error> にエラーを示す値が設定される。"
+#: build/C/man7/user_namespaces.7:949
+#, no-wrap
+msgid " args.argv = &argv[optind];\n"
+msgstr " args.argv = &argv[optind];\n"
#. type: Plain text
-#: build/C/man2/setsid.2:64
+#: build/C/man7/user_namespaces.7:959
+#, no-wrap
msgid ""
-"The process group ID of any process equals the PID of the calling process. "
-"Thus, in particular, B<setsid>() fails if the calling process is already a "
-"process group leader."
+" /* We use a pipe to synchronize the parent and child, in order to\n"
+" ensure that the parent sets the UID and GID maps before the child\n"
+" calls execve(). This ensures that the child maintains its\n"
+" capabilities during the execve() in the common case where we\n"
+" want to map the child\\(aqs effective user ID to 0 in the new user\n"
+" namespace. Without this synchronization, the child would lose\n"
+" its capabilities if it performed an execve() with nonzero\n"
+" user IDs (see the capabilities(7) man page for details of the\n"
+" transformation of a process\\(aqs capabilities during execve()). */\n"
msgstr ""
-"いずれかのプロセスのプロセスグループ ID が、 呼び出したプロセスの PID と等し"
-"い。 これは、呼び出したプロセスが既にプロセスリーダーの場合には B<setsid>() "
-"は失敗することを意味する。"
#. type: Plain text
-#: build/C/man2/setsid.2:72
+#: build/C/man7/user_namespaces.7:962
+#, no-wrap
msgid ""
-"A child created via B<fork>(2) inherits its parent's session ID. The "
-"session ID is preserved across an B<execve>(2)."
+" if (pipe(args.pipe_fd) == -1)\n"
+" errExit(\"pipe\");\n"
msgstr ""
-"B<fork>(2) で作成された子プロセスは、親プロセスのセッション ID を継承する。 "
-"B<execve>(2) の前後でセッション ID は保存される。"
+" if (pipe(args.pipe_fd) == -1)\n"
+" errExit(\"pipe\");\n"
#. type: Plain text
-#: build/C/man2/setsid.2:83
-msgid ""
-"A process group leader is a process with process group ID equal to its PID. "
-"In order to be sure that B<setsid>() will succeed, B<fork>(2) and B<_exit>"
-"(2), and have the child do B<setsid>()."
-msgstr ""
-"プロセスグループ・リーダーとは、そのプロセスのプロセスグループ ID が その "
-"PID に等しいプロセスである。 B<setsid>() を確実に成功させるためには、 "
-"B<fork>(2) して B<exit>(2) し、子プロセスで B<setsid>() を行なえば良い。"
+#: build/C/man7/user_namespaces.7:964
+#, no-wrap
+msgid " /* Create the child in new namespace(s) */\n"
+msgstr " /* 新しい名前空間で子プロセスを作成する */\n"
#. type: Plain text
-#: build/C/man2/setsid.2:89
+#: build/C/man7/user_namespaces.7:969
+#, no-wrap
msgid ""
-"B<getsid>(2), B<setpgid>(2), B<setpgrp>(2), B<tcgetsid>(3), B<credentials>(7)"
+" child_pid = clone(childFunc, child_stack + STACK_SIZE,\n"
+" flags | SIGCHLD, &args);\n"
+" if (child_pid == -1)\n"
+" errExit(\"clone\");\n"
msgstr ""
-"B<getsid>(2), B<setpgid>(2), B<setpgrp>(2), B<tcgetsid>(3), B<credentials>(7)"
+" child_pid = clone(childFunc, child_stack + STACK_SIZE,\n"
+" flags | SIGCHLD, &args);\n"
+" if (child_pid == -1)\n"
+" errExit(\"clone\");\n"
-#. type: TH
-#: build/C/man2/setuid.2:28
+#. type: Plain text
+#: build/C/man7/user_namespaces.7:971
#, no-wrap
-msgid "SETUID"
-msgstr "SETUID"
+msgid " /* Parent falls through to here */\n"
+msgstr " /* 親プロセスはここを実行する */\n"
#. type: Plain text
-#: build/C/man2/setuid.2:31
-msgid "setuid - set user identity"
-msgstr "setuid - ユーザー識別 (identity) を設定する"
+#: build/C/man7/user_namespaces.7:975
+#, no-wrap
+msgid ""
+" if (verbose)\n"
+" printf(\"%s: PID of child created by clone() is %ld\\en\",\n"
+" argv[0], (long) child_pid);\n"
+msgstr ""
+" if (verbose)\n"
+" printf(\"%s: PID of child created by clone() is %ld\\en\",\n"
+" argv[0], (long) child_pid);\n"
#. type: Plain text
-#: build/C/man2/setuid.2:37
-msgid "B<int setuid(uid_t >I<uid>B<);>"
-msgstr "B<int setuid(uid_t >I<uid>B<);>"
+#: build/C/man7/user_namespaces.7:977
+#, no-wrap
+msgid " /* Update the UID and GID maps in the child */\n"
+msgstr " /* 子プロセスの UID と GID のマッピングを更新する */\n"
#. type: Plain text
-#: build/C/man2/setuid.2:42
+#: build/C/man7/user_namespaces.7:996
+#, no-wrap
msgid ""
-"B<setuid>() sets the effective user ID of the calling process. If the "
-"effective UID of the caller is root, the real UID and saved set-user-ID are "
-"also set."
+" if (uid_map != NULL || map_zero) {\n"
+" snprintf(map_path, PATH_MAX, \"/proc/%ld/uid_map\",\n"
+" (long) child_pid);\n"
+" if (map_zero) {\n"
+" snprintf(map_buf, MAP_BUF_SIZE, \"0 %ld 1\", (long) getuid());\n"
+" uid_map = map_buf;\n"
+" }\n"
+" update_map(uid_map, map_path);\n"
+" }\n"
+" if (gid_map != NULL || map_zero) {\n"
+" snprintf(map_path, PATH_MAX, \"/proc/%ld/gid_map\",\n"
+" (long) child_pid);\n"
+" if (map_zero) {\n"
+" snprintf(map_buf, MAP_BUF_SIZE, \"0 %ld 1\", (long) getgid());\n"
+" gid_map = map_buf;\n"
+" }\n"
+" update_map(gid_map, map_path);\n"
+" }\n"
msgstr ""
-"B<setuid>() は呼び出し元のプロセスの実効 (effective) ユーザー ID を設定す"
-"る。 もし呼び出し元プロセスの実効 UID が root ならば、 実 (real) UID と保存 "
-"(saved) set-user-ID も設定される。"
+" if (uid_map != NULL || map_zero) {\n"
+" snprintf(map_path, PATH_MAX, \"/proc/%ld/uid_map\",\n"
+" (long) child_pid);\n"
+" if (map_zero) {\n"
+" snprintf(map_buf, MAP_BUF_SIZE, \"0 %ld 1\", (long) getuid());\n"
+" uid_map = map_buf;\n"
+" }\n"
+" update_map(uid_map, map_path);\n"
+" }\n"
+" if (gid_map != NULL || map_zero) {\n"
+" snprintf(map_path, PATH_MAX, \"/proc/%ld/gid_map\",\n"
+" (long) child_pid);\n"
+" if (map_zero) {\n"
+" snprintf(map_buf, MAP_BUF_SIZE, \"0 %ld 1\", (long) getgid());\n"
+" gid_map = map_buf;\n"
+" }\n"
+" update_map(gid_map, map_path);\n"
+" }\n"
#. type: Plain text
-#: build/C/man2/setuid.2:51
+#: build/C/man7/user_namespaces.7:999
+#, no-wrap
msgid ""
-"Under Linux, B<setuid>() is implemented like the POSIX version with the "
-"B<_POSIX_SAVED_IDS> feature. This allows a set-user-ID (other than root) "
-"program to drop all of its user privileges, do some un-privileged work, and "
-"then reengage the original effective user ID in a secure manner."
+" /* Close the write end of the pipe, to signal to the child that we\n"
+" have updated the UID and GID maps */\n"
msgstr ""
-"Linux では、 B<setuid>() は B<_POSIX_SAVED_IDS> をもった POSIX 版のように実"
-"装されている。 これは (ルート以外の) set-user-ID プログラムにそのユーザーの特"
-"権を 全て与え、特権の必要ない仕事をし、本来の実効ユーザー ID に 安全な方法で"
-"再び戻すことを許す。"
+" /* パイプの書き込み端をクローズし、子プロセスに UID と GID の\n"
+" マッピングが更新されたことを知らせる */\n"
#. type: Plain text
-#: build/C/man2/setuid.2:61
-msgid ""
-"If the user is root or the program is set-user-ID-root, special care must be "
-"taken. The B<setuid>() function checks the effective user ID of the caller "
-"and if it is the superuser, all process-related user ID's are set to "
-"I<uid>. After this has occurred, it is impossible for the program to regain "
-"root privileges."
-msgstr ""
-"ユーザーが root またはプログラムが root に set-user-ID されているならば、 特"
-"別の注意が払われる。 B<setuid>() 関数は呼び出し者の実効ユーザー ID をチェッ"
-"クし、 それがスーパーユーザーならば、 プロセスに関連する全てのユーザー ID に "
-"I<uid> を設定する。 これが行なわれた後にはプログラムが再びルートの特権を得る"
-"ことはできない。"
+#: build/C/man7/user_namespaces.7:1001
+#, no-wrap
+msgid " close(args.pipe_fd[1]);\n"
+msgstr " close(args.pipe_fd[1]);\n"
#. type: Plain text
-#: build/C/man2/setuid.2:68
+#: build/C/man7/user_namespaces.7:1004
+#, no-wrap
msgid ""
-"Thus, a set-user-ID-root program wishing to temporarily drop root "
-"privileges, assume the identity of an unprivileged user, and then regain "
-"root privileges afterward cannot use B<setuid>(). You can accomplish this "
-"with B<seteuid>(2)."
+" if (waitpid(child_pid, NULL, 0) == -1) /* Wait for child */\n"
+" errExit(\"waitpid\");\n"
msgstr ""
-"したがって、set-user-ID-root プログラムで、一時的にルート特権を解除し、 非特"
-"権ユーザであるかのように振舞い、後でルート権限をもう一度得ようと する場合に"
-"は、 B<setuid>() を使うことができない。その場合には、 B<seteuid>(2) を使う"
-"必要がある。"
+" if (waitpid(child_pid, NULL, 0) == -1) /* 子プロセスを待つ */\n"
+" errExit(\"waitpid\");\n"
#. type: Plain text
-#: build/C/man2/setuid.2:83
+#: build/C/man7/user_namespaces.7:1007
+#, no-wrap
msgid ""
-"The I<uid> does not match the current uid and I<uid> brings process over its "
-"B<RLIMIT_NPROC> resource limit."
+" if (verbose)\n"
+" printf(\"%s: terminating\\en\", argv[0]);\n"
msgstr ""
-"I<uid> が現在のユーザー ID とマッチせず、この I<uid> によってプロセスがリソー"
-"ス上限 B<RLIMIT_NPROC> を超えた。"
+" if (verbose)\n"
+" printf(\"%s: terminating\\en\", argv[0]);\n"
#. type: Plain text
-#: build/C/man2/setuid.2:90
+#: build/C/man7/user_namespaces.7:1010
+#, no-wrap
msgid ""
-"The user is not privileged (Linux: does not have the B<CAP_SETUID> "
-"capability) and I<uid> does not match the real UID or saved set-user-ID of "
-"the calling process."
+" exit(EXIT_SUCCESS);\n"
+"}\n"
msgstr ""
-"ユーザーが特権を持たず (Linux では B<CAP_SETUID> ケーパビリティ (capability) "
-"を持たず)、 I<uid> が呼び出し元プロセスの実 UID または保存 set-user-ID と一致"
-"しない。"
+" exit(EXIT_SUCCESS);\n"
+"}\n"
-#. SVr4 documents an additional EINVAL error condition.
+#. From the shadow package
+#. From the shadow package
+#. From the shadow package
+#. From the shadow package
#. type: Plain text
-#: build/C/man2/setuid.2:95
+#: build/C/man7/user_namespaces.7:1024
msgid ""
-"SVr4, POSIX.1-2001. Not quite compatible with the 4.4BSD call, which sets "
-"all of the real, saved, and effective user IDs."
+"B<newgidmap>(1), B<newuidmap>(1), B<clone>(2), B<setns>(2), B<unshare>(2), "
+"B<proc>(5), B<subgid>(5), B<subuid>(5), B<credentials>(7), "
+"B<capabilities>(7), B<namespaces>(7), B<pid_namespaces>(7)"
msgstr ""
-"SVr4, POSIX.1-2001. 4.4BSD のコールとは完全な互換性はない、 BSD のコールは"
-"実 (real)、保存 (saved)、実効 (effective) ID の全てを設定する。"
+"B<newgidmap>(1), B<newuidmap>(1), B<clone>(2), B<setns>(2), B<unshare>(2), "
+"B<proc>(5), B<subgid>(5), B<subuid>(5), B<credentials>(7), "
+"B<capabilities>(7), B<namespaces>(7), B<pid_namespaces>(7)"
#. type: Plain text
-#: build/C/man2/setuid.2:103
+#: build/C/man7/user_namespaces.7:1027
msgid ""
-"Linux has the concept of the file system user ID, normally equal to the "
-"effective user ID. The B<setuid>() call also sets the file system user ID "
-"of the calling process. See B<setfsuid>(2)."
-msgstr ""
-"Linux はファイルシステム・ユーザー ID の概念を持つ。\n"
-"通常、これは実効ユーザー ID に等しい。 \n"
-"B<setuid>() コールは呼び出し元のプロセスの\n"
-"ファイルシステム・ユーザー ID も設定する。 \n"
-"B<setfsuid>(2) も参照すること。"
+"The kernel source file I<Documentation/namespaces/resource-control.txt>."
+msgstr "カーネルのソースファイル I<Documentation/namespaces/resource-control.txt>"
-#. type: Plain text
-#: build/C/man2/setuid.2:108
-msgid ""
-"If I<uid> is different from the old effective UID, the process will be "
-"forbidden from leaving core dumps."
+#. type: TH
+#: build/C/man2/seccomp.2:27
+#, no-wrap
+msgid "SECCOMP"
msgstr ""
-"I<uid> が前の実効 UID と異っていた場合、\n"
-"プロセスはコアダンプすることを禁止される。"
#. type: Plain text
-#: build/C/man2/setuid.2:118
-msgid ""
-"The original Linux B<setuid>() system call supported only 16-bit user IDs. "
-"Subsequently, Linux 2.4 added B<setuid32>() supporting 32-bit IDs. The "
-"glibc B<setuid>() wrapper function transparently deals with the variation "
-"across kernel versions."
+#: build/C/man2/seccomp.2:30
+msgid "seccomp - operate on Secure Computing state of the process"
msgstr ""
-"元々の Linux の B<setuid>() システムコールは\n"
-"16 ビットのグループ ID だけに対応していた。\n"
-"その後、Linux 2.4 で、32 ビットの ID に対応した\n"
-"B<setuid32>() が追加された。\n"
-"glibc の B<setuid>() のラッパー関数は\n"
-"カーネルバージョンによるこの違いを吸収している。"
+#. Kees Cook noted: Anything that uses SECCOMP_RET_TRACE returns will
+#. need <sys/ptrace.h>
#. type: Plain text
-#: build/C/man2/setuid.2:125
+#: build/C/man2/seccomp.2:39
+#, no-wrap
msgid ""
-"B<getuid>(2), B<seteuid>(2), B<setfsuid>(2), B<setreuid>(2), B<capabilities>"
-"(7), B<credentials>(7)"
+"B<#include E<lt>linux/seccomp.hE<gt>>\n"
+"B<#include E<lt>linux/filter.hE<gt>>\n"
+"B<#include E<lt>linux/audit.hE<gt>>\n"
+"B<#include E<lt>linux/signal.hE<gt>>\n"
+"B<#include E<lt>sys/ptrace.hE<gt>>\n"
msgstr ""
-"B<getuid>(2), B<seteuid>(2), B<setfsuid>(2), B<setreuid>(2), B<capabilities>"
-"(7), B<credentials>(7)"
-
-#. type: TH
-#: build/C/man7/svipc.7:25
-#, no-wrap
-msgid "SVIPC"
-msgstr "SVIPC"
-
-#. type: TH
-#: build/C/man7/svipc.7:25
-#, no-wrap
-msgid "2009-01-26"
-msgstr "2009-01-26"
+"B<#include E<lt>linux/seccomp.hE<gt>>\n"
+"B<#include E<lt>linux/filter.hE<gt>>\n"
+"B<#include E<lt>linux/audit.hE<gt>>\n"
+"B<#include E<lt>linux/signal.hE<gt>>\n"
+"B<#include E<lt>sys/ptrace.hE<gt>>\n"
#. type: Plain text
-#: build/C/man7/svipc.7:28
-msgid "svipc - System V interprocess communication mechanisms"
-msgstr "svipc - System V プロセス間通信機構"
+#: build/C/man2/seccomp.2:42
+#, no-wrap
+msgid "B<int seccomp(unsigned int >I<operation>B<, unsigned int >I<flags>B<, void *>I<args>B<);>\n"
+msgstr "B<int seccomp(unsigned int >I<operation>B<, unsigned int >I<flags>B<, void *>I<args>B<);>\n"
#. type: Plain text
-#: build/C/man7/svipc.7:35
-#, no-wrap
+#: build/C/man2/seccomp.2:48
msgid ""
-"B<#include E<lt>sys/types.hE<gt>>\n"
-"B<#include E<lt>sys/ipc.hE<gt>>\n"
-"B<#include E<lt>sys/msg.hE<gt>>\n"
-"B<#include E<lt>sys/sem.hE<gt>>\n"
-"B<#include E<lt>sys/shm.hE<gt>>\n"
+"The B<seccomp>() system call operates on the Secure Computing (seccomp) "
+"state of the calling process."
msgstr ""
-"B<#include E<lt>sys/types.hE<gt>>\n"
-"B<#include E<lt>sys/ipc.hE<gt>>\n"
-"B<#include E<lt>sys/msg.hE<gt>>\n"
-"B<#include E<lt>sys/sem.hE<gt>>\n"
-"B<#include E<lt>sys/shm.hE<gt>>\n"
#. type: Plain text
-#: build/C/man7/svipc.7:43
-msgid ""
-"This manual page refers to the Linux implementation of the System V "
-"interprocess communication (IPC) mechanisms: message queues, semaphore sets, "
-"and shared memory segments. In the following, the word I<resource> means an "
-"instantiation of one among such mechanisms."
+#: build/C/man2/seccomp.2:52
+msgid "Currently, Linux supports the following I<operation> values:"
msgstr ""
-"このマニュアルページは System V プロセス間通信 (interprocess communication; "
-"IPC) 機構の Linux に おける実装を説明する。 このプロセス間通信機構には、 メッ"
-"セージキュー (message queue)、セマフォー集合 (semaphore set)、 共有メモリセグ"
-"メント (shared memory segment) などがある。以下で I<資源 (resource)> という用"
-"語を使用した場合にはこれらの機構のどれかを意味する。"
-#. type: SS
-#: build/C/man7/svipc.7:43
+#. type: TP
+#: build/C/man2/seccomp.2:52
#, no-wrap
-msgid "Resource Access Permissions"
-msgstr "資源へのアクセス許可"
+msgid "B<SECCOMP_SET_MODE_STRICT>"
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:53
+#: build/C/man2/seccomp.2:66
msgid ""
-"For each resource, the system uses a common structure of type I<struct "
-"ipc_perm> to store information needed in determining permissions to perform "
-"an IPC operation. The I<ipc_perm> structure, defined by the I<E<lt>sys/ipc."
-"hE<gt>> system header file, includes the following members:"
+"The only system calls that the calling thread is permitted to make are "
+"B<read>(2), B<write>(2), B<_exit>(2), and B<sigreturn>(2). Other system "
+"calls result in the delivery of a B<SIGKILL> signal. Strict secure "
+"computing mode is useful for number-crunching applications that may need to "
+"execute untrusted byte code, perhaps obtained by reading from a pipe or "
+"socket."
msgstr ""
-"システムのそれぞれの資源は、IPC への操作を許可するかどうかを決定する ための情"
-"報を共通の構造体 I<struct ipc_perm> に格納して使用する。 I<ipc_perm> 構造体"
-"は、ヘッダーファイルの I<E<lt>sys/ipc.hE<gt>> に定義されており、以下のメン"
-"バーが含まれている:"
#. type: Plain text
-#: build/C/man7/svipc.7:63
-#, no-wrap
+#: build/C/man2/seccomp.2:70
msgid ""
-"struct ipc_perm {\n"
-" uid_t cuid; /* creator user ID */\n"
-" gid_t cgid; /* creator group ID */\n"
-" uid_t uid; /* owner user ID */\n"
-" gid_t gid; /* owner group ID */\n"
-" unsigned short mode; /* r/w permissions */\n"
-"};\n"
+"This operation is available only if the kernel is configured with "
+"B<CONFIG_SECCOMP> enabled."
msgstr ""
-"struct ipc_perm {\n"
-" uid_t cuid; /* 作成者のユーザーID */\n"
-" gid_t cgid; /* 作成者のグループID */\n"
-" uid_t uid; /* 所有者のユーザーID */\n"
-" gid_t gid; /* 所有者のグループID */\n"
-" unsigned short mode; /* 読み書きの許可 */\n"
-"};\n"
#. type: Plain text
-#: build/C/man7/svipc.7:73
-msgid ""
-"The I<mode> member of the I<ipc_perm> structure defines, with its lower 9 "
-"bits, the access permissions to the resource for a process executing an IPC "
-"system call. The permissions are interpreted as follows:"
+#: build/C/man2/seccomp.2:76
+msgid "The value of I<flags> must be 0, and I<args> must be NULL."
msgstr ""
-"I<ipc_perm> 構造体の I<mode> メンバーは以下の 9 ビットで、プロセスの IPC シス"
-"テムコール による資源へのアクセス許可を定義する。 許可は以下のように解釈され"
-"る:"
#. type: Plain text
-#: build/C/man7/svipc.7:77
-#, no-wrap
-msgid ""
-" 0400 Read by user.\n"
-" 0200 Write by user.\n"
+#: build/C/man2/seccomp.2:78
+msgid "This operation is functionally identical to the call:"
msgstr ""
-" 0400 ユーザーによる読み込み。\n"
-" 0200 ユーザーによる書き込み。\n"
#. type: Plain text
-#: build/C/man7/svipc.7:80
+#: build/C/man2/seccomp.2:80
#, no-wrap
-msgid ""
-" 0040 Read by group.\n"
-" 0020 Write by group.\n"
+msgid " prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT);\n"
msgstr ""
-" 0040 グループによる読み込み。\n"
-" 0020 グループによる書き込み。\n"
-#. type: Plain text
-#: build/C/man7/svipc.7:83
+#. type: TP
+#: build/C/man2/seccomp.2:80
#, no-wrap
-msgid ""
-" 0004 Read by others.\n"
-" 0002 Write by others.\n"
-msgstr ""
-" 0004 他人による読み込み。\n"
-" 0002 他人による書き込み。\n"
+msgid "B<SECCOMP_SET_MODE_FILTER>"
+msgstr "B<SECCOMP_SET_MODE_FILTER>"
#. type: Plain text
-#: build/C/man7/svipc.7:91
+#: build/C/man2/seccomp.2:95
msgid ""
-"Bits 0100, 0010, and 0001 (the execute bits) are unused by the system. "
-"Furthermore, \"write\" effectively means \"alter\" for a semaphore set."
+"The system calls allowed are defined by a pointer to a Berkeley Packet "
+"Filter (BPF) passed via I<args>. This argument is a pointer to a I<struct\\ "
+"sock_fprog>; it can be designed to filter arbitrary system calls and system "
+"call arguments. If the filter is invalid, B<seccomp>() fails, returning "
+"B<EINVAL> in I<errno>."
msgstr ""
-"システムはビット 0100, 0010, 0001 (実行ビット) は使用しない。 さらに、セマ"
-"フォーの場合には \"書き込み(write)\" は実際には \"変更(alter)\" を意味する。"
#. type: Plain text
-#: build/C/man7/svipc.7:94
+#: build/C/man2/seccomp.2:107
msgid ""
-"The same system header file also defines the following symbolic constants:"
-msgstr "同じヘッダーファイルには以下のシンボルの定義が含まれている:"
-
-#. type: TP
-#: build/C/man7/svipc.7:94
-#, no-wrap
-msgid "B<IPC_CREAT>"
-msgstr "B<IPC_CREAT>"
+"If B<fork>(2) or B<clone>(2) is allowed by the filter, any child processes "
+"will be constrained to the same system call filters as the parent. If "
+"B<execve>(2) is allowed, the existing filters will be preserved across a "
+"call to B<execve>(2)."
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:97
-msgid "Create entry if key doesn't exist."
-msgstr "キー(key)が存在しない場合には新たなエントリを作成する。"
-
-#. type: TP
-#: build/C/man7/svipc.7:97
-#, no-wrap
-msgid "B<IPC_EXCL>"
-msgstr "B<IPC_EXCL>"
+#: build/C/man2/seccomp.2:117
+msgid ""
+"In order to use the B<SECCOMP_SET_MODE_FILTER> operation, either the caller "
+"must have the B<CAP_SYS_ADMIN> capability, or the thread must already have "
+"the I<no_new_privs> bit set. If that bit was not already set by an ancestor "
+"of this thread, the thread must make the following call:"
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:100
-msgid "Fail if key exists."
-msgstr "キー(key)が存在する場合には失敗する。"
-
-#. type: TP
-#: build/C/man7/svipc.7:100
+#: build/C/man2/seccomp.2:119
#, no-wrap
-msgid "B<IPC_NOWAIT>"
-msgstr "B<IPC_NOWAIT>"
+msgid " prctl(PR_SET_NO_NEW_PRIVS, 1);\n"
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:103
-msgid "Error if request must wait."
-msgstr "要求が待たされる場合にはエラーになる。"
-
-#. type: TP
-#: build/C/man7/svipc.7:103
-#, no-wrap
-msgid "B<IPC_PRIVATE>"
-msgstr "B<IPC_PRIVATE>"
+#: build/C/man2/seccomp.2:138
+msgid ""
+"Otherwise, the B<SECCOMP_SET_MODE_FILTER> operation will fail and return "
+"B<EACCES> in I<errno>. This requirement ensures that an unprivileged "
+"process cannot apply a malicious filter and then invoke a set-user-ID or "
+"other privileged program using B<execve>(2), thus potentially compromising "
+"that program. (Such a malicious filter might, for example, cause an attempt "
+"to use B<setuid>(2) to set the caller's user IDs to non-zero values to "
+"instead return 0 without actually making the system call. Thus, the program "
+"might be tricked into retaining superuser privileges in circumstances where "
+"it is possible to influence it to do dangerous things because it did not "
+"actually drop privileges.)"
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:106
-msgid "Private key."
-msgstr "プライベートキー。"
-
-#. type: TP
-#: build/C/man7/svipc.7:106
-#, no-wrap
-msgid "B<IPC_RMID>"
-msgstr "B<IPC_RMID>"
+#: build/C/man2/seccomp.2:146
+msgid ""
+"If B<prctl>(2) or B<seccomp>(2) is allowed by the attached filter, further "
+"filters may be added. This will increase evaluation time, but allows for "
+"further reduction of the attack surface during execution of a thread."
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:109
-msgid "Remove resource."
-msgstr "資源を削除する。"
+#: build/C/man2/seccomp.2:152
+msgid ""
+"The B<SECCOMP_SET_MODE_FILTER> operation is available only if the kernel is "
+"configured with B<CONFIG_SECCOMP_FILTER> enabled."
+msgstr ""
-#. type: TP
-#: build/C/man7/svipc.7:109
+#. type: Plain text
+#: build/C/man2/seccomp.2:156
+msgid ""
+"When I<flags> is 0, this operation is functionally identical to the call:"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:158
#, no-wrap
-msgid "B<IPC_SET>"
-msgstr "B<IPC_SET>"
+msgid " prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, args);\n"
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:112
-msgid "Set resource options."
-msgstr "資源にオプションを設定する。"
+#: build/C/man2/seccomp.2:162
+msgid "The recognized I<flags> are:"
+msgstr ""
#. type: TP
-#: build/C/man7/svipc.7:112
+#: build/C/man2/seccomp.2:163
#, no-wrap
-msgid "B<IPC_STAT>"
-msgstr "B<IPC_STAT>"
+msgid "B<SECCOMP_FILTER_FLAG_TSYNC>"
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:115
-msgid "Get resource options."
-msgstr "資源のオプションを取得する。"
+#: build/C/man2/seccomp.2:171
+msgid ""
+"When adding a new filter, synchronize all other threads of the calling "
+"process to the same seccomp filter tree. A \"filter tree\" is the ordered "
+"list of filters attached to a thread. (Attaching identical filters in "
+"separate B<seccomp>() calls results in different filters from this "
+"perspective.)"
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:124
+#: build/C/man2/seccomp.2:179
msgid ""
-"Note that B<IPC_PRIVATE> is a I<key_t> type, while all the other symbolic "
-"constants are flag fields and can be OR'ed into an I<int> type variable."
+"If any thread cannot synchronize to the same filter tree, the call will not "
+"attach the new seccomp filter, and will fail, returning the first thread ID "
+"found that cannot synchronize. Synchronization will fail if another thread "
+"in the same process is in B<SECCOMP_MODE_STRICT> or if it has attached new "
+"seccomp filters to itself, diverging from the calling thread's filter tree."
msgstr ""
-"B<IPC_PRIVATE> は I<key_t> 型である。その他の全てのシンボルはフラグフィールド"
-"として I<int> 変数に OR 演算で格納することができる。"
#. type: SS
-#: build/C/man7/svipc.7:124
+#: build/C/man2/seccomp.2:180
#, no-wrap
-msgid "Message Queues"
-msgstr "メッセージキュー"
+msgid "Filters"
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:132
+#: build/C/man2/seccomp.2:185
msgid ""
-"A message queue is uniquely identified by a positive integer (its I<msqid>) "
-"and has an associated data structure of type I<struct msqid_ds>, defined in "
-"I<E<lt>sys/msg.hE<gt>>, containing the following members:"
+"When adding filters via B<SECCOMP_SET_MODE_FILTER>, I<args> points to a "
+"filter program:"
msgstr ""
-"メッセージキューは正の整数 (I<msqid>) によって識別され、 I<E<lt>sys/msg."
-"hE<gt>> に定義されている構造体 I<struct msqid_ds> に結びつけられている。 この"
-"構造体は以下のメンバーを含んでいる:"
#. type: Plain text
-#: build/C/man7/svipc.7:145
+#: build/C/man2/seccomp.2:193
#, no-wrap
msgid ""
-"struct msqid_ds {\n"
-" struct ipc_perm msg_perm;\n"
-" msgqnum_t msg_qnum; /* no of messages on queue */\n"
-" msglen_t msg_qbytes; /* bytes max on a queue */\n"
-" pid_t msg_lspid; /* PID of last msgsnd(2) call */\n"
-" pid_t msg_lrpid; /* PID of last msgrcv(2) call */\n"
-" time_t msg_stime; /* last msgsnd(2) time */\n"
-" time_t msg_rtime; /* last msgrcv(2) time */\n"
-" time_t msg_ctime; /* last change time */\n"
+"struct sock_fprog {\n"
+" unsigned short len; /* Number of BPF instructions */\n"
+" struct sock_filter *filter; /* Pointer to array of\n"
+" BPF instructions */\n"
"};\n"
msgstr ""
-"struct msqid_ds {\n"
-" struct ipc_perm msg_perm;\n"
-" msgqnum_t msg_qnum; /* キューにあるメッセージの数 */\n"
-" msglen_t msg_qbytes; /* キューの最大バイト数 */\n"
-" pid_t msg_lspid; /* 最後に msgsnd(2) をした PID */\n"
-" pid_t msg_lrpid; /* 最後に msgrcv(2) をした PID */\n"
-" time_t msg_stime; /* 最後に msgsnd(2) をした時間 */\n"
-" time_t msg_rtime; /* 最後に msgrcv(2) をした時間 */\n"
-" time_t msg_ctime; /* 最後に変更された時間 */\n"
-"};\n"
-#. type: TP
-#: build/C/man7/svipc.7:147
+#. type: Plain text
+#: build/C/man2/seccomp.2:197
+msgid "Each program must contain one or more BPF instructions:"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:206
#, no-wrap
-msgid "I<msg_perm>"
-msgstr "I<msg_perm>"
+msgid ""
+"struct sock_filter { /* Filter block */\n"
+" __u16 code; /* Actual filter code */\n"
+" __u8 jt; /* Jump true */\n"
+" __u8 jf; /* Jump false */\n"
+" __u32 k; /* Generic multiuse field */\n"
+"};\n"
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:152
+#: build/C/man2/seccomp.2:213
msgid ""
-"I<ipc_perm> structure that specifies the access permissions on the message "
-"queue."
-msgstr "メッセージキューへのアクセス許可を指定する I<ipc_perm> 構造体。"
+"When executing the instructions, the BPF program operates on the system call "
+"information made available (i.e., use the B<BPF_ABS> addressing mode) as a "
+"buffer of the following form:"
+msgstr ""
-#. type: TP
-#: build/C/man7/svipc.7:152
+#. type: Plain text
+#: build/C/man2/seccomp.2:223
#, no-wrap
-msgid "I<msg_qnum>"
-msgstr "I<msg_qnum>"
+msgid ""
+"struct seccomp_data {\n"
+" int nr; /* System call number */\n"
+" __u32 arch; /* AUDIT_ARCH_* value\n"
+" (see E<lt>linux/audit.hE<gt>) */\n"
+" __u64 instruction_pointer; /* CPU instruction pointer */\n"
+" __u64 args[6]; /* Up to 6 system call arguments */\n"
+"};\n"
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:155
-msgid "Number of messages currently on the message queue."
-msgstr "現在、このメッセージキューにあるメッセージの数。"
+#: build/C/man2/seccomp.2:234
+msgid ""
+"A seccomp filter returns a 32-bit value consisting of two parts: the most "
+"significant 16 bits (corresponding to the mask defined by the constant "
+"B<SECCOMP_RET_ACTION>) contain one of the \"action\" values listed below; "
+"the least significant 16-bits (defined by the constant B<SECCOMP_RET_DATA>) "
+"are \"data\" to be associated with this return value."
+msgstr ""
-#. type: TP
-#: build/C/man7/svipc.7:155
-#, no-wrap
-msgid "I<msg_qbytes>"
-msgstr "I<msg_qbytes>"
+#. type: Plain text
+#: build/C/man2/seccomp.2:242
+msgid ""
+"If multiple filters exist, they are all executed, in reverse order of their "
+"addition to the filter tree (i.e., the most recently installed filter is "
+"executed first). The return value for the evaluation of a given system call "
+"is the first-seen B<SECCOMP_RET_ACTION> value of highest precedence (along "
+"with its accompanying data) returned by execution of all of the filters."
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:159
-msgid "Maximum number of bytes of message text allowed on the message queue."
-msgstr "メッセージキューに入れることができるメッセージの最大バイト数。"
+#: build/C/man2/seccomp.2:245
+msgid ""
+"In decreasing order of precedence, the values that may be returned by a "
+"seccomp filter are:"
+msgstr ""
#. type: TP
-#: build/C/man7/svipc.7:159
+#: build/C/man2/seccomp.2:245
#, no-wrap
-msgid "I<msg_lspid>"
-msgstr "I<msg_lspid>"
+msgid "B<SECCOMP_RET_KILL>"
+msgstr "B<SECCOMP_RET_KILL>"
#. type: Plain text
-#: build/C/man7/svipc.7:164
-msgid "ID of the process that performed the last B<msgsnd>(2) system call."
-msgstr "最後に B<msgsnd>(2) システムコールを行なったプロセスの ID。"
+#: build/C/man2/seccomp.2:254
+msgid ""
+"This value results in the process exiting immediately without executing the "
+"system call. The process terminates as though killed by a B<SIGSYS> signal "
+"(I<not> B<SIGKILL>)."
+msgstr ""
#. type: TP
-#: build/C/man7/svipc.7:164
+#: build/C/man2/seccomp.2:254
#, no-wrap
-msgid "I<msg_lrpid>"
-msgstr "I<msg_lrpid>"
+msgid "B<SECCOMP_RET_TRAP>"
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:169
-msgid "ID of the process that performed the last B<msgrcv>(2) system call."
-msgstr "最後に B<msgrcv>(2) システムコールを行なったプロセスの ID。"
+#: build/C/man2/seccomp.2:264
+msgid ""
+"This value results in the kernel sending a B<SIGSYS> signal to the "
+"triggering process without executing the system call. Various fields will "
+"be set in the I<siginfo_t> structure (see B<sigaction>(2)) associated with "
+"signal:"
+msgstr ""
-#. type: TP
-#: build/C/man7/svipc.7:169
-#, no-wrap
-msgid "I<msg_stime>"
-msgstr "I<msg_stime>"
+#. type: Plain text
+#: build/C/man2/seccomp.2:269
+msgid "I<si_signo> will contain B<SIGSYS>."
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:174
-msgid "Time of the last B<msgsnd>(2) system call."
-msgstr "最後に B<msgsnd>(2) システムコールを行なった時間。"
+#: build/C/man2/seccomp.2:272
+msgid "I<si_call_addr> will show the address of the system call instruction."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:277
+msgid ""
+"I<si_syscall> and I<si_arch> will indicate which system call was attempted."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:281
+msgid "I<si_code> will contain B<SYS_SECCOMP>."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:286
+msgid ""
+"I<si_errno> will contain the B<SECCOMP_RET_DATA> portion of the filter "
+"return value."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:295
+msgid ""
+"The program counter will be as though the system call happened (i.e., it "
+"will not point to the system call instruction). The return value register "
+"will contain an architecture-dependent value; if resuming execution, set it "
+"to something appropriate for the system call. (The architecture dependency "
+"is because replacing it with B<ENOSYS> could overwrite some useful "
+"information.)"
+msgstr ""
#. type: TP
-#: build/C/man7/svipc.7:174
+#: build/C/man2/seccomp.2:295
#, no-wrap
-msgid "I<msg_rtime>"
-msgstr "I<msg_rtime>"
+msgid "B<SECCOMP_RET_ERRNO>"
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:179
-msgid "Time of the last B<msgrcv>(2) system call."
-msgstr "最後に B<msgrcv>(2) を行なった時間。"
+#: build/C/man2/seccomp.2:302
+msgid ""
+"This value results in the B<SECCOMP_RET_DATA> portion of the filter's return "
+"value being passed to user space as the I<errno> value without executing the "
+"system call."
+msgstr ""
#. type: TP
-#: build/C/man7/svipc.7:179
+#: build/C/man2/seccomp.2:302
#, no-wrap
-msgid "I<msg_ctime>"
-msgstr "I<msg_ctime>"
+msgid "B<SECCOMP_RET_TRACE>"
+msgstr "B<SECCOMP_RET_TRACE>"
#. type: Plain text
-#: build/C/man7/svipc.7:185
+#: build/C/man2/seccomp.2:312
msgid ""
-"Time of the last system call that changed a member of the I<msqid_ds> "
-"structure."
-msgstr "最後に I<msqid_ds> 構造体のメンバーが変更された時間。"
+"When returned, this value will cause the kernel to attempt to notify a "
+"B<ptrace>(2)-based tracer prior to executing the system call. If there is "
+"no tracer present, the system call is not executed and returns a failure "
+"status with I<errno> set to B<ENOSYS>."
+msgstr ""
-#. type: SS
-#: build/C/man7/svipc.7:185
-#, no-wrap
-msgid "Semaphore Sets"
-msgstr "セマフォー集合"
+#. type: Plain text
+#: build/C/man2/seccomp.2:323
+msgid ""
+"A tracer will be notified if it requests B<PTRACE_O_TRACESECCOMP> using "
+"I<ptrace(PTRACE_SETOPTIONS)>. The tracer will be notified of a "
+"B<PTRACE_EVENT_SECCOMP> and the B<SECCOMP_RET_DATA> portion of the filter's "
+"return value will be available to the tracer via B<PTRACE_GETEVENTMSG>."
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:193
+#: build/C/man2/seccomp.2:330
msgid ""
-"A semaphore set is uniquely identified by a positive integer (its I<semid>) "
-"and has an associated data structure of type I<struct semid_ds>, defined in "
-"I<E<lt>sys/sem.hE<gt>>, containing the following members:"
+"The tracer can skip the system call by changing the system call number to "
+"-1. Alternatively, the tracer can change the system call requested by "
+"changing the system call to a valid system call number. If the tracer asks "
+"to skip the system call, then the system call will appear to return the "
+"value that the tracer puts in the return value register."
msgstr ""
-"セマフォー集合は正の整数 (I<semid>) によって識別され、 I<E<lt>sys/sem."
-"hE<gt>> に定義されている構造体 I<struct semid_ds> に結びつけられている。 この"
-"構造体は以下のメンバーを含んでいる:"
#. type: Plain text
-#: build/C/man7/svipc.7:202
-#, no-wrap
+#: build/C/man2/seccomp.2:339
msgid ""
-"struct semid_ds {\n"
-" struct ipc_perm sem_perm;\n"
-" time_t sem_otime; /* last operation time */\n"
-" time_t sem_ctime; /* last change time */\n"
-" unsigned long sem_nsems; /* count of sems in set */\n"
-"};\n"
+"The seccomp check will not be run again after the tracer is notified. (This "
+"means that seccomp-based sandboxes B<must not> allow use of "
+"B<ptrace>(2)\\(emeven of other sandboxed processes\\(emwithout extreme care; "
+"ptracers can use this mechanism to escape from the seccomp sandbox.)"
msgstr ""
-"struct semid_ds {\n"
-" struct ipc_perm sem_perm;\n"
-" time_t sem_otime; /* 最後に操作した時間 */\n"
-" time_t sem_ctime; /* 最後に変更した時間 */\n"
-" unsigned long sem_nsems; /* 集合の中にあるセマフォー数 */\n"
-"};\n"
#. type: TP
-#: build/C/man7/svipc.7:204
+#: build/C/man2/seccomp.2:339
#, no-wrap
-msgid "I<sem_perm>"
-msgstr "I<sem_perm>"
+msgid "B<SECCOMP_RET_ALLOW>"
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:209
+#: build/C/man2/seccomp.2:342
+msgid "This value results in the system call being executed."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:358
msgid ""
-"I<ipc_perm> structure that specifies the access permissions on the semaphore "
-"set."
-msgstr "セマフォー集合へのアクセス許可を指定する I<ipc_perm> 構造体。"
+"On success, B<seccomp>() returns 0. On error, if "
+"B<SECCOMP_FILTER_FLAG_TSYNC> was used, the return value is the ID of the "
+"thread that caused the synchronization failure. (This ID is a kernel thread "
+"ID of the type returned by B<clone>(2) and B<gettid>(2).) On other errors, "
+"-1 is returned, and I<errno> is set to indicate the cause of the error."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:361
+msgid "B<seccomp>() can fail for the following reasons:"
+msgstr "B<seccomp>() は以下のエラーで失敗する。"
#. type: TP
-#: build/C/man7/svipc.7:209
+#: build/C/man2/seccomp.2:361
#, no-wrap
-msgid "I<sem_otime>"
-msgstr "I<sem_otime>"
+msgid "B<EACCESS>"
+msgstr "B<EACCESS>"
#. type: Plain text
-#: build/C/man7/svipc.7:214
-msgid "Time of last B<semop>(2) system call."
-msgstr "最後に B<semop>(2) システムコールを行なった時間。"
+#: build/C/man2/seccomp.2:369
+msgid ""
+"The caller did not have the B<CAP_SYS_ADMIN> capability, or had not set "
+"I<no_new_privs> before using B<SECCOMP_SET_MODE_FILTER>."
+msgstr ""
-#. type: TP
-#: build/C/man7/svipc.7:214
-#, no-wrap
-msgid "I<sem_ctime>"
-msgstr "I<sem_ctime>"
+#. type: Plain text
+#: build/C/man2/seccomp.2:373
+msgid "I<args> was not a valid address."
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:220
+#: build/C/man2/seccomp.2:380
msgid ""
-"Time of last B<semctl>(2) system call that changed a member of the above "
-"structure or of one semaphore belonging to the set."
+"I<operation> is unknown; or I<flags> are invalid for the given I<operation>."
msgstr ""
-"最後に B<semctl>(2) を行なって上記の構造体のメンバーを変更するか、セマフォー"
-"集合に属する セマフォーを変更した時間。"
-#. type: TP
-#: build/C/man7/svipc.7:220
-#, no-wrap
-msgid "I<sem_nsems>"
-msgstr "I<sem_nsems>"
+#. type: Plain text
+#: build/C/man2/seccomp.2:387
+msgid ""
+"I<operation> included B<BPF_ABS>, but the specified offset was not aligned "
+"to a 32-bit boundary or exceeded I<sizeof(struct\\ seccomp_data)>."
+msgstr ""
+#. See kernel/seccomp.c::seccomp_may_assign_mode() in 3.18 sources
#. type: Plain text
-#: build/C/man7/svipc.7:228
+#: build/C/man2/seccomp.2:393
msgid ""
-"Number of semaphores in the set. Each semaphore of the set is referenced by "
-"a nonnegative integer ranging from B<0> to I<sem_nsems-1>."
+"A secure computing mode has already been set, and I<operation> differs from "
+"the existing setting."
msgstr ""
-"セマフォー集合の中にあるセマフォーの数。 集合の中にあるそれぞれのセマフォーは"
-"負でない整数によって参照され、 B<0> から I<sem_nsems-1> までの番号を持つ。"
+#. See stub kernel/seccomp.c::seccomp_set_mode_filter() in 3.18 sources
#. type: Plain text
-#: build/C/man7/svipc.7:232
+#: build/C/man2/seccomp.2:402
msgid ""
-"A semaphore is a data structure of type I<struct sem> containing the "
-"following members:"
+"I<operation> specified B<SECCOMP_SET_MODE_FILTER>, but the kernel was not "
+"built with B<CONFIG_SECCOMP_FILTER> enabled."
msgstr ""
-"セマフォーは I<struct sem> 型のデータ構造体であり、以下のメンバーを含んでい"
-"る:"
-#. unsigned short semncnt; /* nr awaiting semval to increase */
-#. unsigned short semzcnt; /* nr awaiting semval = 0 */
#. type: Plain text
-#: build/C/man7/svipc.7:241
-#, no-wrap
+#: build/C/man2/seccomp.2:413
msgid ""
-"struct sem {\n"
-" int semval; /* semaphore value */\n"
-" int sempid; /* PID for last operation */\n"
-"};\n"
+"I<operation> specified B<SECCOMP_SET_MODE_FILTER>, but the filter program "
+"pointed to by I<args> was not valid or the length of the filter program was "
+"zero or exceeded B<BPF_MAXINSNS> (4096) instructions. B<EINVAL>"
msgstr ""
-"struct sem {\n"
-" int semval; /* セマフォーの値 */\n"
-" int sempid; /* 最後に操作したプロセス ID */\n"
-"};\n"
-#. type: TP
-#: build/C/man7/svipc.7:243
-#, no-wrap
-msgid "I<semval>"
-msgstr "I<semval>"
+#. ENOMEM in kernel/seccomp.c::seccomp_attach_filter() in 3.18 sources
+#. type: Plain text
+#: build/C/man2/seccomp.2:426
+msgid ""
+"The total length of all filter programs attached to the calling thread would "
+"exceed B<MAX_INSNS_PER_PATH> (32768) instructions. Note that for the "
+"purposes of calculating this limit, each already existing filter program "
+"incurs an overhead penalty of 4 instructions."
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:246
-msgid "Semaphore value: a nonnegative integer."
-msgstr "セマフォー値: 負でない整数。"
+#: build/C/man2/seccomp.2:430
+msgid ""
+"Another thread caused a failure during thread sync, but its ID could not be "
+"determined."
+msgstr ""
-#. type: TP
-#: build/C/man7/svipc.7:246
-#, no-wrap
-msgid "I<sempid>"
-msgstr "I<sempid>"
+#. FIXME . Add glibc version
+#. type: Plain text
+#: build/C/man2/seccomp.2:435
+msgid "The B<seccomp()> system call first appeared in Linux 3.17."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:439
+msgid "The B<seccomp()> system call is a nonstandard Linux extension."
+msgstr ""
-#. .TP
-#. .I semncnt
-#. Number of processes suspended awaiting for
-#. .I semval
-#. to increase.
-#. .TP
-#. .I semznt
-#. Number of processes suspended awaiting for
-#. .I semval
-#. to become zero.
#. type: Plain text
-#: build/C/man7/svipc.7:260
+#: build/C/man2/seccomp.2:446
msgid ""
-"ID of the last process that performed a semaphore operation on this "
-"semaphore."
-msgstr "このセマフォーを最後に操作したプロセスの ID。"
+"The I<Seccomp> field of the I</proc/[pid]/status> file provides a method of "
+"viewing the seccomp mode of a process; see B<proc>(5)."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:453
+msgid ""
+"B<seccomp>() provides a superset of the functionality provided by the "
+"B<prctl>(2) B<PR_SET_SECCOMP> operation (which does not support I<flags>)."
+msgstr ""
#. type: SS
-#: build/C/man7/svipc.7:260
+#: build/C/man2/seccomp.2:453
#, no-wrap
-msgid "Shared Memory Segments"
-msgstr "共有メモリセグメント"
+msgid "Seccomp-specific BPF details"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:455
+msgid "Note the following BPF details specific to seccomp filters:"
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:268
+#: build/C/man2/seccomp.2:463
msgid ""
-"A shared memory segment is uniquely identified by a positive integer (its "
-"I<shmid>) and has an associated data structure of type I<struct shmid_ds>, "
-"defined in I<E<lt>sys/shm.hE<gt>>, containing the following members:"
+"The B<BPF_H> and B<BPF_B> size modifiers are not supported: all operations "
+"must load and store (4-byte) words (B<BPF_W>)."
msgstr ""
-"共有メモリセグメントは正の整数 (I<shmid>) によって識別され、 I<E<lt>sys/shm."
-"hE<gt>> に定義されている I<struct shmid_ds> 構造体に結びつけられている。 この"
-"構造体は以下のメンバーを含んでいる:"
#. type: Plain text
-#: build/C/man7/svipc.7:281
-#, no-wrap
+#: build/C/man2/seccomp.2:469
msgid ""
-"struct shmid_ds {\n"
-" struct ipc_perm shm_perm;\n"
-" size_t shm_segsz; /* size of segment */\n"
-" pid_t shm_cpid; /* PID of creator */\n"
-" pid_t shm_lpid; /* PID, last operation */\n"
-" shmatt_t shm_nattch; /* no. of current attaches */\n"
-" time_t shm_atime; /* time of last attach */\n"
-" time_t shm_dtime; /* time of last detach */\n"
-" time_t shm_ctime; /* time of last change */\n"
-"};\n"
+"To access the contents of the I<seccomp_data> buffer, use the B<BPF_ABS> "
+"addressing mode modifier."
msgstr ""
-"struct shmid_ds {\n"
-" struct ipc_perm shm_perm;\n"
-" size_t shm_segsz; /* セグメントのサイズ */\n"
-" pid_t shm_cpid; /* 作成者のプロセス ID */\n"
-" pid_t shm_lpid; /* 最後に操作したプロセス ID */\n"
-" shmatt_t shm_nattch; /* 現在、付加している数 */\n"
-" time_t shm_atime; /* 最後に付加した時間 */\n"
-" time_t shm_dtime; /* 最後に分離した時間 */\n"
-" time_t shm_ctime; /* 最後に変更した時間 */\n"
-"};\n"
-#. type: TP
-#: build/C/man7/svipc.7:283
-#, no-wrap
-msgid "I<shm_perm>"
-msgstr "I<shm_perm>"
+#. type: Plain text
+#: build/C/man2/seccomp.2:476
+msgid ""
+"The B<BPF_LEN> addressing mode modifier yields an immediate mode operand "
+"whose value is the size of the I<seccomp_data> buffer."
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:288
+#: build/C/man2/seccomp.2:482
msgid ""
-"I<ipc_perm> structure that specifies the access permissions on the shared "
-"memory segment."
-msgstr "共有メモリセグメントへのアクセス許可を指定した I<ipc_perm> 構造体。"
+"The program below accepts four or more arguments. The first three arguments "
+"are a system call number, a numeric architecture identifier, and an error "
+"number. The program uses these values to construct a BPF filter that is "
+"used at run time to perform the following checks:"
+msgstr ""
-#. type: TP
-#: build/C/man7/svipc.7:288
+#. type: IP
+#: build/C/man2/seccomp.2:482
#, no-wrap
-msgid "I<shm_segsz>"
-msgstr "I<shm_segsz>"
+msgid "[1]"
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:291
-msgid "Size in bytes of the shared memory segment."
-msgstr "共有メモリセグメントのバイト数。"
+#: build/C/man2/seccomp.2:486
+msgid ""
+"If the program is not running on the specified architecture, the BPF filter "
+"causes system calls to fail with the error B<ENOSYS>."
+msgstr ""
-#. type: TP
-#: build/C/man7/svipc.7:291
+#. type: IP
+#: build/C/man2/seccomp.2:486
#, no-wrap
-msgid "I<shm_cpid>"
-msgstr "I<shm_cpid>"
+msgid "[2]"
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:294
-msgid "ID of the process that created the shared memory segment."
-msgstr "共有メモリセグメントを作成したプロセスの ID。"
+#: build/C/man2/seccomp.2:491
+msgid ""
+"If the program attempts to execute the system call with the specified "
+"number, the BPF filter causes the system call to fail, with I<errno> being "
+"set to the specified error number."
+msgstr ""
-#. type: TP
-#: build/C/man7/svipc.7:294
-#, no-wrap
-msgid "I<shm_lpid>"
-msgstr "I<shm_lpid>"
+#. type: Plain text
+#: build/C/man2/seccomp.2:500
+msgid ""
+"The remaining command-line arguments specify the pathname and additional "
+"arguments of a program that the example program should attempt to execute "
+"using B<execve>(3) (a library function that employs the B<execve>(2) "
+"system call). Some example runs of the program are shown below."
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:301
+#: build/C/man2/seccomp.2:504
msgid ""
-"ID of the last process that executed a B<shmat>(2) or B<shmdt>(2) system "
-"call."
+"First, we display the architecture that we are running on (x86-64) and then "
+"construct a shell function that looks up system call numbers on this "
+"architecture:"
msgstr ""
-"最後に B<shmat>(2) または B<shmdt>(2) システムコールを実行したプロセスの "
-"ID。"
-#. type: TP
-#: build/C/man7/svipc.7:301
+#. type: Plain text
+#: build/C/man2/seccomp.2:513
#, no-wrap
-msgid "I<shm_nattch>"
-msgstr "I<shm_nattch>"
+msgid ""
+"$ B<uname -m>\n"
+"x86_64\n"
+"$ B<syscall_nr() {\n"
+" cat /usr/src/linux/arch/x86/syscalls/syscall_64.tbl | \\e\n"
+" awk '$2 != \"x32\" && $3 == \"'$1'\" { print $1 }'\n"
+"}>\n"
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:304
-msgid "Number of current alive attaches for this shared memory segment."
-msgstr "この共有メモリセグメントをメモリに付加 (attach) しているプロセスの数。"
+#: build/C/man2/seccomp.2:520
+msgid ""
+"When the BPF filter rejects a system call (case [2] above), it causes the "
+"system call to fail with the error number specified on the command line. In "
+"the experiments shown here, we'll use error number 99:"
+msgstr ""
-#. type: TP
-#: build/C/man7/svipc.7:304
+#. type: Plain text
+#: build/C/man2/seccomp.2:525
#, no-wrap
-msgid "I<shm_atime>"
-msgstr "I<shm_atime>"
+msgid ""
+"$ B<errno 99>\n"
+"EADDRNOTAVAIL 99 Cannot assign requested address\n"
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:309
-msgid "Time of the last B<shmat>(2) system call."
-msgstr "最後に B<shmat>(2) システムコールを行なった時間。"
+#: build/C/man2/seccomp.2:533
+msgid ""
+"In the following example, we attempt to run the command B<whoami>(1), but "
+"the BPF filter rejects the B<execve>(2) system call, so that the command is "
+"not even executed:"
+msgstr ""
-#. type: TP
-#: build/C/man7/svipc.7:309
+#. type: Plain text
+#: build/C/man2/seccomp.2:544
#, no-wrap
-msgid "I<shm_dtime>"
-msgstr "I<shm_dtime>"
+msgid ""
+"$ B<syscall_nr execve>\n"
+"59\n"
+"$ B<./a.out>\n"
+"Usage: ./a.out E<lt>syscall_nrE<gt> E<lt>archE<gt> E<lt>errnoE<gt> E<lt>progE<gt> [E<lt>argsE<gt>]\n"
+"Hint for E<lt>archE<gt>: AUDIT_ARCH_I386: 0x40000003\n"
+" AUDIT_ARCH_X86_64: 0xC000003E\n"
+"$ B<./a.out 59 0xC000003E 99 /bin/whoami>\n"
+"execv: Cannot assign requested address\n"
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:314
-msgid "Time of the last B<shmdt>(2) system call."
-msgstr "最後に B<shmdt>(2) システムコールを行なった時間。"
+#: build/C/man2/seccomp.2:552
+msgid ""
+"In the next example, the BPF filter rejects the B<write>(2) system call, so "
+"that, although it is successfully started, the B<whoami>(1) command is not "
+"able to write output:"
+msgstr ""
-#. type: TP
-#: build/C/man7/svipc.7:314
+#. type: Plain text
+#: build/C/man2/seccomp.2:558
#, no-wrap
-msgid "I<shm_ctime>"
-msgstr "I<shm_ctime>"
+msgid ""
+"$ B<syscall_nr write>\n"
+"1\n"
+"$ B<./a.out 1 0xC000003E 99 /bin/whoami>\n"
+msgstr ""
#. type: Plain text
-#: build/C/man7/svipc.7:320
-msgid "Time of the last B<shmctl>(2) system call that changed I<shmid_ds>."
+#: build/C/man2/seccomp.2:565
+msgid ""
+"In the final example, the BPF filter rejects a system call that is not used "
+"by the B<whoami>(1) command, so it is able to successfully execute and "
+"produce output:"
msgstr ""
-"最後に B<shmctl>(2) システムコールを行なって、 I<shmid_ds> 構造体を変更した"
-"時間。"
#. type: Plain text
-#: build/C/man7/svipc.7:334
+#: build/C/man2/seccomp.2:572
+#, no-wrap
msgid ""
-"B<ipc>(2), B<msgctl>(2), B<msgget>(2), B<msgrcv>(2), B<msgsnd>(2), B<semctl>"
-"(2), B<semget>(2), B<semop>(2), B<shmat>(2), B<shmctl>(2), B<shmdt>(2), "
-"B<shmget>(2), B<ftok>(3)"
+"$ B<syscall_nr preadv>\n"
+"295\n"
+"$ B<./a.out 295 0xC000003E 99 /bin/whoami>\n"
+"cecilia\n"
msgstr ""
-"B<ipc>(2), B<msgctl>(2), B<msgget>(2), B<msgrcv>(2), B<msgsnd>(2), B<semctl>"
-"(2), B<semget>(2), B<semop>(2), B<shmat>(2), B<shmctl>(2), B<shmdt>(2), "
-"B<shmget>(2), B<ftok>(3)"
-#. type: TH
-#: build/C/man3/ulimit.3:27
+#. type: Plain text
+#: build/C/man2/seccomp.2:586
#, no-wrap
-msgid "ULIMIT"
-msgstr "ULIMIT"
+msgid ""
+"#include E<lt>errno.hE<gt>\n"
+"#include E<lt>stddef.hE<gt>\n"
+"#include E<lt>stdio.hE<gt>\n"
+"#include E<lt>stdlib.hE<gt>\n"
+"#include E<lt>unistd.hE<gt>\n"
+"#include E<lt>linux/audit.hE<gt>\n"
+"#include E<lt>linux/filter.hE<gt>\n"
+"#include E<lt>linux/seccomp.hE<gt>\n"
+"#include E<lt>sys/prctl.hE<gt>\n"
+msgstr ""
+"#include E<lt>errno.hE<gt>\n"
+"#include E<lt>stddef.hE<gt>\n"
+"#include E<lt>stdio.hE<gt>\n"
+"#include E<lt>stdlib.hE<gt>\n"
+"#include E<lt>unistd.hE<gt>\n"
+"#include E<lt>linux/audit.hE<gt>\n"
+"#include E<lt>linux/filter.hE<gt>\n"
+"#include E<lt>linux/seccomp.hE<gt>\n"
+"#include E<lt>sys/prctl.hE<gt>\n"
-#. type: TH
-#: build/C/man3/ulimit.3:27
+#. type: Plain text
+#: build/C/man2/seccomp.2:595
#, no-wrap
-msgid "2008-08-06"
-msgstr "2008-08-06"
+msgid ""
+"static int\n"
+"install_filter(int syscall_nr, int t_arch, int f_errno)\n"
+"{\n"
+" struct sock_filter filter[] = {\n"
+" /* [0] Load architecture from 'seccomp_data' buffer into\n"
+" accumulator */\n"
+" BPF_STMT(BPF_LD | BPF_W | BPF_ABS,\n"
+" (offsetof(struct seccomp_data, arch))),\n"
+msgstr ""
#. type: Plain text
-#: build/C/man3/ulimit.3:30
-msgid "ulimit - get and set user limits"
-msgstr "ulimit - ユーザー制限を取得・設定する"
+#: build/C/man2/seccomp.2:599
+#, no-wrap
+msgid ""
+" /* [1] Jump forward 4 instructions if architecture does not\n"
+" match 't_arch' */\n"
+" BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, t_arch, 0, 4),\n"
+msgstr ""
#. type: Plain text
-#: build/C/man3/ulimit.3:32
-msgid "B<#include E<lt>ulimit.hE<gt>>"
-msgstr "B<#include E<lt>ulimit.hE<gt>>"
+#: build/C/man2/seccomp.2:604
+#, no-wrap
+msgid ""
+" /* [2] Load system call number from 'seccomp_data' buffer into\n"
+" accumulator */\n"
+" BPF_STMT(BPF_LD | BPF_W | BPF_ABS,\n"
+" (offsetof(struct seccomp_data, nr))),\n"
+msgstr ""
#. type: Plain text
-#: build/C/man3/ulimit.3:34
-msgid "B<long ulimit(int >I<cmd>B<, long >I<newlimit>B<);>"
-msgstr "B<long ulimit(int >I<cmd>B<, long >I<newlimit>B<);>"
+#: build/C/man2/seccomp.2:608
+#, no-wrap
+msgid ""
+" /* [3] Jump forward 1 instruction if system call number\n"
+" does not match 'syscall_nr' */\n"
+" BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, syscall_nr, 0, 1),\n"
+msgstr ""
#. type: Plain text
-#: build/C/man3/ulimit.3:46
+#: build/C/man2/seccomp.2:613
+#, no-wrap
msgid ""
-"Warning: This routine is obsolete. Use B<getrlimit>(2), B<setrlimit>(2), "
-"and B<sysconf>(3) instead. For the shell command B<ulimit>(), see B<bash>"
-"(1)."
+" /* [4] Matching architecture and system call: don't execute\n"
+"\t the system call, and return 'f_errno' in 'errno' */\n"
+" BPF_STMT(BPF_RET | BPF_K,\n"
+" SECCOMP_RET_ERRNO | (f_errno & SECCOMP_RET_DATA)),\n"
msgstr ""
-"注意: このルーチンは古い。 代わりに B<getrlimit>(2), B<setrlimit>(2), "
-"B<sysconf>(3) などを用いること。 シェルコマンドとしての B<ulimit>() につい"
-"ては、 B<bash>(1) を見ること。"
#. type: Plain text
-#: build/C/man3/ulimit.3:53
+#: build/C/man2/seccomp.2:617
+#, no-wrap
msgid ""
-"The B<ulimit>() call will get or set some limit for the calling process. "
-"The I<cmd> argument can have one of the following values."
+" /* [5] Destination of system call number mismatch: allow other\n"
+" system calls */\n"
+" BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),\n"
msgstr ""
-"B<ulimit>() は呼び出し元のプロセスに関する制限のいくつかを取得・設定する。 "
-"I<cmd> 引き数には、以下の値のうちのどれか一つを与えることができる。"
-#. type: TP
-#: build/C/man3/ulimit.3:53
+#. type: Plain text
+#: build/C/man2/seccomp.2:621
#, no-wrap
-msgid "B<UL_GETFSIZE>"
-msgstr "B<UL_GETFSIZE>"
+msgid ""
+" /* [6] Destination of architecture mismatch: kill process */\n"
+" BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_KILL),\n"
+" };\n"
+msgstr ""
#. type: Plain text
-#: build/C/man3/ulimit.3:56
-msgid "Return the limit on the size of a file, in units of 512 bytes."
-msgstr "ファイルサイズに関する制限を返す。単位は 512 バイト。"
-
-#. type: TP
-#: build/C/man3/ulimit.3:56
+#: build/C/man2/seccomp.2:626
#, no-wrap
-msgid "B<UL_SETFSIZE>"
-msgstr "B<UL_SETFSIZE>"
+msgid ""
+" struct sock_fprog prog = {\n"
+" .len = (unsigned short) (sizeof(filter) / sizeof(filter[0])),\n"
+" .filter = filter,\n"
+" };\n"
+msgstr ""
#. type: Plain text
-#: build/C/man3/ulimit.3:59
-msgid "Set the limit on the size of a file."
-msgstr "ファイルサイズに関する制限を設定する。"
+#: build/C/man2/seccomp.2:631
+#, no-wrap
+msgid ""
+" if (seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog)) {\n"
+" perror(\"seccomp\");\n"
+" return 1;\n"
+" }\n"
+msgstr ""
-#. type: TP
-#: build/C/man3/ulimit.3:59
+#. type: Plain text
+#: build/C/man2/seccomp.2:634
#, no-wrap
-msgid "B<3>"
-msgstr "B<3>"
+msgid ""
+" return 0;\n"
+"}\n"
+msgstr ""
#. type: Plain text
-#: build/C/man3/ulimit.3:63
+#: build/C/man2/seccomp.2:646
+#, no-wrap
msgid ""
-"(Not implemented for Linux.) Return the maximum possible address of the "
-"data segment."
+"int\n"
+"main(int argc, char **argv)\n"
+"{\n"
+" if (argc E<lt> 5) {\n"
+" fprintf(stderr, \"Usage: \"\n"
+" \"%s E<lt>syscall_nrE<gt> E<lt>archE<gt> E<lt>errnoE<gt> E<lt>progE<gt> [E<lt>argsE<gt>]\\en\"\n"
+" \"Hint for E<lt>archE<gt>: AUDIT_ARCH_I386: 0x%X\\en\"\n"
+" \" AUDIT_ARCH_X86_64: 0x%X\\en\"\n"
+" \"\\en\", argv[0], AUDIT_ARCH_I386, AUDIT_ARCH_X86_64);\n"
+" exit(EXIT_FAILURE);\n"
+" }\n"
msgstr ""
-"(Linux では実装されていない) データセグメントで指定できるアドレスの最大値を"
-"返す。"
-#. type: TP
-#: build/C/man3/ulimit.3:63
+#. type: Plain text
+#: build/C/man2/seccomp.2:651
#, no-wrap
-msgid "B<4>"
-msgstr "B<4>"
+msgid ""
+" if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {\n"
+" perror(\"prctl\");\n"
+" exit(EXIT_FAILURE);\n"
+" }\n"
+msgstr ""
#. type: Plain text
-#: build/C/man3/ulimit.3:67
+#: build/C/man2/seccomp.2:656
+#, no-wrap
msgid ""
-"(Implemented but no symbolic constant provided.) Return the maximum number "
-"of files that the calling process can open."
+" if (install_filter(strtol(argv[1], NULL, 0),\n"
+" strtol(argv[2], NULL, 0),\n"
+" strtol(argv[3], NULL, 0)))\n"
+" exit(EXIT_FAILURE);\n"
msgstr ""
-"(実装されているが、対応するシンボリックな定数は存在しない) プロセスがオープ"
-"ンできるファイル数の最大値を返す。"
#. type: Plain text
-#: build/C/man3/ulimit.3:74
+#: build/C/man2/seccomp.2:661
+#, no-wrap
msgid ""
-"On success, B<ulimit>() returns a nonnegative value. On error, -1 is "
-"returned, and I<errno> is set appropriately."
+" execv(argv[4], &argv[4]);\n"
+" perror(\"execv\");\n"
+" exit(EXIT_FAILURE);\n"
+"}\n"
msgstr ""
-"成功すると B<ulimit>() は 0 または正の値を返す。 エラーが生じると -1 を返"
-"し、 I<errno> を適切な値に設定する。"
#. type: Plain text
-#: build/C/man3/ulimit.3:78
-msgid "A unprivileged process tried to increase a limit."
-msgstr "非特権プロセスが制限値を増加させようとした。"
+#: build/C/man2/seccomp.2:667
+msgid "B<prctl>(2), B<ptrace>(2), B<signal>(7), B<socket>(7)"
+msgstr "B<prctl>(2), B<ptrace>(2), B<signal>(7), B<socket>(7)"
#. type: Plain text
-#: build/C/man3/ulimit.3:83
-msgid "SVr4, POSIX.1-2001. POSIX.1-2008 marks B<ulimit>() as obsolete."
-msgstr ""
-"SVr4, POSIX.1-2001. POSIX.1-2008 は B<ulimit>() を廃止予定としている。"
+#: build/C/man2/seccomp.2:672
+msgid ""
+"The kernel source files I<Documentation/networking/filter.txt> and "
+"I<Documentation/prctl/seccomp_filter.txt>."
+msgstr "カーネルのソースファイル I<Documentation/networking/filter.txt> と I<Documentation/prctl/seccomp_filter.txt>"
#. type: Plain text
-#: build/C/man3/ulimit.3:88
-msgid "B<bash>(1), B<getrlimit>(2), B<setrlimit>(2), B<sysconf>(3)"
-msgstr "B<bash>(1), B<getrlimit>(2), B<setrlimit>(2), B<sysconf>(3)"
+#: build/C/man2/seccomp.2:678
+msgid ""
+"McCanne, S. and Jacobson, V. (1992) I<The BSD Packet Filter: A New "
+"Architecture for User-level Packet Capture>, Proceedings of the USENIX "
+"Winter 1993 Conference E<.UR http://www.tcpdump.org/papers/bpf-usenix93.pdf> "
+"E<.UE>"
+msgstr ""
#~ msgid ""
-#~ "Perform various network-related operations (e.g., setting privileged "
-#~ "socket options, enabling multicasting, interface configuration, modifying "
-#~ "routing tables)."
+#~ "A process group leader is a process with process group ID equal to its "
+#~ "PID. In order to be sure that B<setsid>() will succeed, B<fork>(2) and "
+#~ "B<_exit>(2), and have the child do B<setsid>()."
#~ msgstr ""
-#~ "各種のネットワーク関連の操作を実行する。 (例えば、特権が必要なソケットオプ"
-#~ "ションを設定する、マルチキャストを有効にする、 インターフェースを設定す"
-#~ "る、ルーティングテーブルを変更するなど)"
-
-#~ msgid "Use B<vhangup>(2)."
-#~ msgstr "B<vhangup>(2) を呼び出す。"
-
-#~ msgid "I<rlim> points outside the accessible address space."
-#~ msgstr "I<rlim> がアクセス可能なアドレス空間の外を指している。"
+#~ "プロセスグループ・リーダーとは、そのプロセスのプロセスグループ ID が その "
+#~ "PID に等しいプロセスである。 B<setsid>() を確実に成功させるためには、 "
+#~ "B<fork>(2) して B<exit>(2) し、子プロセスで B<setsid>() を行なえば良"
+#~ "い。"
#~ msgid ""
-#~ "The structure definition shown at the start of this page was taken from "
-#~ "4.3BSD Reno. Not all fields are meaningful under Linux. In Linux 2.4 "
-#~ "only the fields I<ru_utime>, I<ru_stime>, I<ru_minflt>, and I<ru_majflt> "
-#~ "are maintained. Since Linux 2.6, I<ru_nvcsw> and I<ru_nivcsw> are also "
-#~ "maintained. Since Linux 2.6.22, I<ru_inblock> and I<ru_oublock> are also "
-#~ "maintained."
+#~ "I<uid> does not match the current UID and this call would bring that user "
+#~ "ID over its B<RLIMIT_NPROC> resource limit."
#~ msgstr ""
-#~ "このページの最初で示した構造体の定義は 4.3BSD Reno のものを採用した。 "
-#~ "Linux では全てのフィールドが意味を持つというわけではない。 Linux 2.4 で"
-#~ "は、フィールド I<ru_utime>, I<ru_stime>, I<ru_minflt>, I<ru_majflt> のみが"
-#~ "メンテナンスされている。 Linux 2.6 以降では I<ru_nvcsw>, I<ru_nivcsw> もメ"
-#~ "ンテナンスされている。 Linux 2.6.22 以降では I<ru_inblock>, I<ru_oublock> "
-#~ "もメンテナンスされている。"
-
-#~ msgid "Linux Notes"
-#~ msgstr "Linux での注意"
+#~ "I<uid> が現在のユーザー ID と違う値で、 この呼び出しにより ユーザー ID が "
+#~ "リソース上限 B<RLIMIT_NPROC> を超えてしまう。"
OSDN Git Service
