msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2012-03-19 23:50+0900\n"
+"POT-Creation-Date: 2012-03-22 04:26+0900\n"
"PO-Revision-Date: 2012-03-22 00:37+0900\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
#. type: TH
#: build/C/man2/acct.2:32 build/C/man5/acct.5:23
-#: build/C/man7/capabilities.7:47 build/C/man2/capget.2:11
+#: build/C/man7/capabilities.7:46 build/C/man2/capget.2:11
#: build/C/man7/cpuset.7:24 build/C/man7/credentials.7:25
#: build/C/man2/getgid.2:25 build/C/man2/getgroups.2:31
#: build/C/man2/getpid.2:23 build/C/man2/getpriority.2:46
#. type: TH
#: build/C/man2/acct.2:32 build/C/man5/acct.5:23
-#: build/C/man7/capabilities.7:47 build/C/man2/capget.2:11
+#: build/C/man7/capabilities.7:46 build/C/man2/capget.2:11
#: build/C/man7/cpuset.7:24 build/C/man7/credentials.7:25
#: build/C/man2/getgid.2:25 build/C/man2/getgroups.2:31
#: build/C/man2/getpid.2:23 build/C/man2/getpriority.2:46
#. type: SH
#: build/C/man2/acct.2:33 build/C/man5/acct.5:24
-#: build/C/man7/capabilities.7:48 build/C/man2/capget.2:12
+#: build/C/man7/capabilities.7:47 build/C/man2/capget.2:12
#: build/C/man7/cpuset.7:25 build/C/man7/credentials.7:26
#: build/C/man2/getgid.2:26 build/C/man2/getgroups.2:32
#: build/C/man2/getpid.2:24 build/C/man2/getpriority.2:47
#. type: SH
#: build/C/man2/acct.2:51 build/C/man5/acct.5:28
-#: build/C/man7/capabilities.7:50 build/C/man2/capget.2:20
+#: build/C/man7/capabilities.7:49 build/C/man2/capget.2:20
#: build/C/man7/cpuset.7:27 build/C/man7/credentials.7:28
#: build/C/man2/getgid.2:36 build/C/man2/getgroups.2:52
#: build/C/man2/getpid.2:34 build/C/man2/getpriority.2:57
#. type: SH
#: build/C/man2/acct.2:130 build/C/man5/acct.5:152
-#: build/C/man7/capabilities.7:890 build/C/man2/capget.2:210
+#: build/C/man7/capabilities.7:997 build/C/man2/capget.2:210
#: build/C/man7/credentials.7:232 build/C/man2/getgid.2:44
#: build/C/man2/getgroups.2:133 build/C/man2/getpid.2:44
#: build/C/man2/getpriority.2:158 build/C/man2/getresuid.2:66
#. type: SH
#: build/C/man2/acct.2:137 build/C/man5/acct.5:156
-#: build/C/man7/capabilities.7:895 build/C/man2/capget.2:212
+#: build/C/man7/capabilities.7:1002 build/C/man2/capget.2:212
#: build/C/man7/cpuset.7:1340 build/C/man7/credentials.7:238
#: build/C/man2/getgid.2:46 build/C/man2/getgroups.2:141
#: build/C/man2/getpid.2:46 build/C/man2/getpriority.2:161
#. type: SH
#: build/C/man2/acct.2:143 build/C/man5/acct.5:173
-#: build/C/man7/capabilities.7:943 build/C/man2/capget.2:219
+#: build/C/man7/capabilities.7:1050 build/C/man2/capget.2:219
#: build/C/man7/cpuset.7:1487 build/C/man7/credentials.7:250
#: build/C/man2/getgid.2:62 build/C/man2/getgroups.2:171
#: build/C/man2/getpid.2:98 build/C/man2/getpriority.2:223
#. type: SH
#: build/C/man2/acct.2:145 build/C/man5/acct.5:178
-#: build/C/man7/capabilities.7:962 build/C/man2/capget.2:223
+#: build/C/man7/capabilities.7:1071 build/C/man2/capget.2:223
#: build/C/man7/cpuset.7:1504 build/C/man7/credentials.7:281
#: build/C/man2/getgid.2:67 build/C/man2/getgroups.2:178
#: build/C/man2/getpid.2:108 build/C/man2/getpriority.2:231
#. type: Plain text
#: build/C/man2/acct.2:152 build/C/man5/acct.5:185
-#: build/C/man7/capabilities.7:969 build/C/man2/capget.2:230
+#: build/C/man7/capabilities.7:1078 build/C/man2/capget.2:230
#: build/C/man7/cpuset.7:1511 build/C/man7/credentials.7:288
#: build/C/man2/getgid.2:74 build/C/man2/getgroups.2:185
#: build/C/man2/getpid.2:115 build/C/man2/getpriority.2:238
#: build/C/man2/setreuid.2:172 build/C/man2/setsid.2:96
#: build/C/man2/setuid.2:132 build/C/man7/svipc.7:341 build/C/man3/ulimit.3:95
msgid ""
-"This page is part of release 3.35 of the Linux I<man-pages> project. A "
+"This page is part of release 3.37 of the Linux I<man-pages> project. A "
"description of the project, and information about reporting bugs, can be "
-"found at http://man7.org/linux/man-pages/."
+"found at http://www.kernel.org/doc/man-pages/."
msgstr ""
#. type: TH
msgstr "B<lastcomm>(1), B<acct>(2), B<accton>(8), B<sa>(8)"
#. type: TH
-#: build/C/man7/capabilities.7:47
+#: build/C/man7/capabilities.7:46
#, no-wrap
msgid "CAPABILITIES"
msgstr "CAPABILITIES"
#. type: TH
-#: build/C/man7/capabilities.7:47
+#: build/C/man7/capabilities.7:46
#, fuzzy, no-wrap
-#| msgid "2010-09-20"
-msgid "2011-10-04"
-msgstr "2010-09-20"
+#| msgid "2008-12-03"
+msgid "2012-03-05"
+msgstr "2008-12-03"
#. type: Plain text
-#: build/C/man7/capabilities.7:50
+#: build/C/man7/capabilities.7:49
msgid "capabilities - overview of Linux capabilities"
msgstr "capabilities - Linux のケーパビリティ (capability) の概要"
#. type: Plain text
-#: build/C/man7/capabilities.7:62
+#: build/C/man7/capabilities.7:61
msgid ""
"For the purpose of performing permission checks, traditional UNIX "
"implementations distinguish two categories of processes: I<privileged> "
"のに対し、 特権プロセスでは全てのカーネルの権限チェックがバイパスされる。"
#. type: Plain text
-#: build/C/man7/capabilities.7:69
+#: build/C/man7/capabilities.7:68
msgid ""
"Starting with kernel 2.2, Linux divides the privileges traditionally "
"associated with superuser into distinct units, known as I<capabilities>, "
"パビリティはスレッド単位の属性である。"
#. type: SS
-#: build/C/man7/capabilities.7:69
+#: build/C/man7/capabilities.7:68
#, no-wrap
msgid "Capabilities List"
msgstr "ケーパビリティのリスト"
#. type: Plain text
-#: build/C/man7/capabilities.7:72
+#: build/C/man7/capabilities.7:71
msgid ""
"The following list shows the capabilities implemented on Linux, and the "
"operations or behaviors that each capability permits:"
"可する操作と動作をまとめたものである。"
#. type: TP
-#: build/C/man7/capabilities.7:72
+#: build/C/man7/capabilities.7:71
#, no-wrap
msgid "B<CAP_AUDIT_CONTROL> (since Linux 2.6.11)"
msgstr "B<CAP_AUDIT_CONTROL> (Linux 2.6.11 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:76
+#: build/C/man7/capabilities.7:75
msgid ""
"Enable and disable kernel auditing; change auditing filter rules; retrieve "
"auditing status and filtering rules."
"査の状況やフィルタ・ルールの取得ができる。"
#. type: TP
-#: build/C/man7/capabilities.7:76
+#: build/C/man7/capabilities.7:75
#, no-wrap
msgid "B<CAP_AUDIT_WRITE> (since Linux 2.6.11)"
msgstr "B<CAP_AUDIT_WRITE> (Linux 2.6.11 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:79
+#: build/C/man7/capabilities.7:78
msgid "Write records to kernel auditing log."
msgstr "カーネル監査のログにレコードを書き込む。"
#. type: TP
-#: build/C/man7/capabilities.7:79
+#: build/C/man7/capabilities.7:78
#, no-wrap
msgid "B<CAP_CHOWN>"
msgstr "B<CAP_CHOWN>"
#. type: Plain text
-#: build/C/man7/capabilities.7:83
+#: build/C/man7/capabilities.7:82
msgid "Make arbitrary changes to file UIDs and GIDs (see B<chown>(2))."
msgstr "ファイルの UID とGID を任意に変更する (B<chown>(2) 参照)。"
#. type: TP
-#: build/C/man7/capabilities.7:83
+#: build/C/man7/capabilities.7:82
#, no-wrap
msgid "B<CAP_DAC_OVERRIDE>"
msgstr "B<CAP_DAC_OVERRIDE>"
#. type: Plain text
-#: build/C/man7/capabilities.7:87
+#: build/C/man7/capabilities.7:86
msgid ""
"Bypass file read, write, and execute permission checks. (DAC is an "
"abbreviation of \"discretionary access control\".)"
"\"discretionary access control (任意のアクセス制御)\" の略である)。"
#. type: TP
-#: build/C/man7/capabilities.7:87
+#: build/C/man7/capabilities.7:86
#, no-wrap
msgid "B<CAP_DAC_READ_SEARCH>"
msgstr "B<CAP_DAC_READ_SEARCH>"
#. type: Plain text
-#: build/C/man7/capabilities.7:91
+#: build/C/man7/capabilities.7:90
msgid ""
"Bypass file read permission checks and directory read and execute permission "
"checks."
"をバイパスする。"
#. type: TP
-#: build/C/man7/capabilities.7:91
+#: build/C/man7/capabilities.7:90
#, no-wrap
msgid "B<CAP_FOWNER>"
msgstr "B<CAP_FOWNER>"
#. type: IP
-#: build/C/man7/capabilities.7:95 build/C/man7/capabilities.7:105
-#: build/C/man7/capabilities.7:109 build/C/man7/capabilities.7:111
-#: build/C/man7/capabilities.7:113 build/C/man7/capabilities.7:234
-#: build/C/man7/capabilities.7:244 build/C/man7/capabilities.7:250
-#: build/C/man7/capabilities.7:256 build/C/man7/capabilities.7:263
-#: build/C/man7/capabilities.7:266 build/C/man7/capabilities.7:274
-#: build/C/man7/capabilities.7:276 build/C/man7/capabilities.7:285
-#: build/C/man7/capabilities.7:292 build/C/man7/capabilities.7:295
-#: build/C/man7/capabilities.7:302 build/C/man7/capabilities.7:332
-#: build/C/man7/capabilities.7:337 build/C/man7/capabilities.7:342
-#: build/C/man7/capabilities.7:345 build/C/man7/capabilities.7:348
-#: build/C/man7/capabilities.7:357 build/C/man7/capabilities.7:361
-#: build/C/man7/capabilities.7:393 build/C/man7/capabilities.7:395
-#: build/C/man7/capabilities.7:399 build/C/man7/capabilities.7:401
-#: build/C/man7/capabilities.7:404 build/C/man7/capabilities.7:408
-#: build/C/man7/capabilities.7:417 build/C/man7/capabilities.7:617
-#: build/C/man7/capabilities.7:625 build/C/man7/capabilities.7:932
-#: build/C/man7/capabilities.7:937 build/C/man7/cpuset.7:539
+#: build/C/man7/capabilities.7:94 build/C/man7/capabilities.7:104
+#: build/C/man7/capabilities.7:108 build/C/man7/capabilities.7:110
+#: build/C/man7/capabilities.7:112 build/C/man7/capabilities.7:182
+#: build/C/man7/capabilities.7:184 build/C/man7/capabilities.7:186
+#: build/C/man7/capabilities.7:188 build/C/man7/capabilities.7:190
+#: build/C/man7/capabilities.7:192 build/C/man7/capabilities.7:194
+#: build/C/man7/capabilities.7:196 build/C/man7/capabilities.7:198
+#: build/C/man7/capabilities.7:222 build/C/man7/capabilities.7:224
+#: build/C/man7/capabilities.7:270 build/C/man7/capabilities.7:280
+#: build/C/man7/capabilities.7:286 build/C/man7/capabilities.7:291
+#: build/C/man7/capabilities.7:297 build/C/man7/capabilities.7:304
+#: build/C/man7/capabilities.7:307 build/C/man7/capabilities.7:315
+#: build/C/man7/capabilities.7:317 build/C/man7/capabilities.7:326
+#: build/C/man7/capabilities.7:333 build/C/man7/capabilities.7:336
+#: build/C/man7/capabilities.7:338 build/C/man7/capabilities.7:343
+#: build/C/man7/capabilities.7:346 build/C/man7/capabilities.7:353
+#: build/C/man7/capabilities.7:358 build/C/man7/capabilities.7:364
+#: build/C/man7/capabilities.7:368 build/C/man7/capabilities.7:372
+#: build/C/man7/capabilities.7:376 build/C/man7/capabilities.7:380
+#: build/C/man7/capabilities.7:407 build/C/man7/capabilities.7:412
+#: build/C/man7/capabilities.7:417 build/C/man7/capabilities.7:420
+#: build/C/man7/capabilities.7:423 build/C/man7/capabilities.7:432
+#: build/C/man7/capabilities.7:436 build/C/man7/capabilities.7:472
+#: build/C/man7/capabilities.7:474 build/C/man7/capabilities.7:478
+#: build/C/man7/capabilities.7:480 build/C/man7/capabilities.7:483
+#: build/C/man7/capabilities.7:487 build/C/man7/capabilities.7:489
+#: build/C/man7/capabilities.7:491 build/C/man7/capabilities.7:493
+#: build/C/man7/capabilities.7:502 build/C/man7/capabilities.7:509
+#: build/C/man7/capabilities.7:514 build/C/man7/capabilities.7:724
+#: build/C/man7/capabilities.7:732 build/C/man7/capabilities.7:1039
+#: build/C/man7/capabilities.7:1044 build/C/man7/cpuset.7:539
#: build/C/man7/cpuset.7:544 build/C/man7/cpuset.7:549
#: build/C/man7/cpuset.7:725 build/C/man7/cpuset.7:729
#: build/C/man7/cpuset.7:926 build/C/man7/cpuset.7:929
msgstr "*"
#. type: Plain text
-#: build/C/man7/capabilities.7:105
+#: build/C/man7/capabilities.7:104
msgid ""
"Bypass permission checks on operations that normally require the file system "
"UID of the process to match the UID of the file (e.g., B<chmod>(2), B<utime>"
"われる操作は除く。"
#. type: Plain text
-#: build/C/man7/capabilities.7:109
+#: build/C/man7/capabilities.7:108
msgid "set extended file attributes (see B<chattr>(1)) on arbitrary files;"
msgstr ""
"任意のファイルに対して拡張ファイル属性を設定する (B<chattr>(1) 参照)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:111
+#: build/C/man7/capabilities.7:110
msgid "set Access Control Lists (ACLs) on arbitrary files;"
msgstr "任意のファイルに対してアクセス制御リスト (ACL) を設定する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:113
+#: build/C/man7/capabilities.7:112
msgid "ignore directory sticky bit on file deletion;"
msgstr "ファイルの削除の際にディレクトリのスティッキービットを無視する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:120
+#: build/C/man7/capabilities.7:119
msgid ""
"specify B<O_NOATIME> for arbitrary files in B<open>(2) and B<fcntl>(2)."
msgstr ""
"る。"
#. type: TP
-#: build/C/man7/capabilities.7:122
+#: build/C/man7/capabilities.7:121
#, no-wrap
msgid "B<CAP_FSETID>"
msgstr "B<CAP_FSETID>"
#. type: Plain text
-#: build/C/man7/capabilities.7:128
+#: build/C/man7/capabilities.7:127
msgid ""
"Don't clear set-user-ID and set-group-ID permission bits when a file is "
"modified; set the set-group-ID bit for a file whose GID does not match the "
"が一致しないファイルに対して set-group-ID ビットを設定する。"
#. type: TP
-#: build/C/man7/capabilities.7:128
+#: build/C/man7/capabilities.7:127
#, no-wrap
msgid "B<CAP_IPC_LOCK>"
msgstr "B<CAP_IPC_LOCK>"
+#. FIXME As at Linux 3.2, there are some strange uses of this capability
+#. in other places; they probably should be replaced with something else.
#. type: Plain text
-#: build/C/man7/capabilities.7:135
+#: build/C/man7/capabilities.7:136
msgid "Lock memory (B<mlock>(2), B<mlockall>(2), B<mmap>(2), B<shmctl>(2))."
msgstr ""
"メモリーのロック (B<mlock>(2), B<mlockall>(2), B<mmap>(2), B<shmctl>(2)) を"
"行う。"
#. type: TP
-#: build/C/man7/capabilities.7:135
+#: build/C/man7/capabilities.7:136
#, no-wrap
msgid "B<CAP_IPC_OWNER>"
msgstr "B<CAP_IPC_OWNER>"
#. type: Plain text
-#: build/C/man7/capabilities.7:138
+#: build/C/man7/capabilities.7:139
msgid "Bypass permission checks for operations on System V IPC objects."
msgstr ""
"System V IPC オブジェクトに対する操作に関して権限チェックをバイパスする。"
#. type: TP
-#: build/C/man7/capabilities.7:138
+#: build/C/man7/capabilities.7:139
#, no-wrap
msgid "B<CAP_KILL>"
msgstr "B<CAP_KILL>"
#. if the child does an exec(). What is the rationale
#. for this?
#. type: Plain text
-#: build/C/man7/capabilities.7:151
+#: build/C/man7/capabilities.7:152
msgid ""
"Bypass permission checks for sending signals (see B<kill>(2)). This "
"includes use of the B<ioctl>(2) B<KDSIGACCEPT> operation."
"は B<ioctl>(2) の B<KDSIGACCEPT> 操作の使用も含まれる。"
#. type: TP
-#: build/C/man7/capabilities.7:151
+#: build/C/man7/capabilities.7:152
#, no-wrap
msgid "B<CAP_LEASE> (since Linux 2.4)"
msgstr "B<CAP_LEASE> (Linux 2.4 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:155
+#: build/C/man7/capabilities.7:156
msgid "Establish leases on arbitrary files (see B<fcntl>(2))."
msgstr "任意のファイルに対して ファイルリースを設定する (B<fcntl>(2) 参照)。"
#. type: TP
-#: build/C/man7/capabilities.7:155
+#: build/C/man7/capabilities.7:156
#, no-wrap
msgid "B<CAP_LINUX_IMMUTABLE>"
msgstr "B<CAP_LINUX_IMMUTABLE>"
#. These attributes are now available on ext2, ext3, Reiserfs, XFS, JFS
#. type: Plain text
-#: build/C/man7/capabilities.7:164
+#: build/C/man7/capabilities.7:165
msgid ""
"Set the B<FS_APPEND_FL> and B<FS_IMMUTABLE_FL> i-node flags (see B<chattr>"
"(1))."
"(1) 参照)。"
#. type: TP
-#: build/C/man7/capabilities.7:164
+#: build/C/man7/capabilities.7:165
#, no-wrap
msgid "B<CAP_MAC_ADMIN> (since Linux 2.6.25)"
msgstr "B<CAP_MAC_ADMIN> (Linux 2.6.25 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:168
+#: build/C/man7/capabilities.7:169
msgid ""
"Override Mandatory Access Control (MAC). Implemented for the Smack Linux "
"Security Module (LSM)."
"実装されている。"
#. type: TP
-#: build/C/man7/capabilities.7:168
+#: build/C/man7/capabilities.7:169
#, no-wrap
msgid "B<CAP_MAC_OVERRIDE> (since Linux 2.6.25)"
msgstr "B<CAP_MAC_OVERRIDE> (Linux 2.6.25 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:172
+#: build/C/man7/capabilities.7:173
msgid ""
"Allow MAC configuration or state changes. Implemented for the Smack LSM."
msgstr "MAC の設定や状態を変更する。 Smack LSM 用に実装されている。"
#. type: TP
-#: build/C/man7/capabilities.7:172
+#: build/C/man7/capabilities.7:173
#, no-wrap
msgid "B<CAP_MKNOD> (since Linux 2.4)"
msgstr "B<CAP_MKNOD> (Linux 2.4 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:176
+#: build/C/man7/capabilities.7:177
msgid "Create special files using B<mknod>(2)."
msgstr ""
"(Linux 2.4 以降) B<mknod>(2) を使用してスペシャル・ファイルを作成する。"
#. type: TP
-#: build/C/man7/capabilities.7:176
+#: build/C/man7/capabilities.7:177
#, no-wrap
msgid "B<CAP_NET_ADMIN>"
msgstr "B<CAP_NET_ADMIN>"
#. type: Plain text
-#: build/C/man7/capabilities.7:182
+#: build/C/man7/capabilities.7:180
+msgid "Perform various network-related operations:"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:184
+msgid "interface configuration;"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:186
+msgid "administration of IP firewall, masquerading, and accounting"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:188
+msgid "modify routing tables;"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:190
+msgid "bind to any address for transparent proxying;"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:192
+msgid "set type-of-service (TOS)"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:194
+msgid "clear driver statistics;"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:196
+msgid "set promiscuous mode;"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:198
+msgid "enabling multicasting;"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:209
msgid ""
-"Perform various network-related operations (e.g., setting privileged socket "
-"options, enabling multicasting, interface configuration, modifying routing "
-"tables)."
+"use B<setsockopt>(2) to set the following socket options: B<SO_DEBUG>, "
+"B<SO_MARK>, B<SO_PRIORITY> (for a priority outside the range 0 to 6), "
+"B<SO_RCVBUFFORCE>, and B<SO_SNDBUFFORCE>."
msgstr ""
-"各種のネットワーク関連の操作を実行する。 (例えば、特権が必要なソケットオプ"
-"ションを設定する、マルチキャストを有効にする、 インターフェースを設定する、"
-"ルーティングテーブルを変更するなど)"
#. type: TP
-#: build/C/man7/capabilities.7:182
+#: build/C/man7/capabilities.7:211
#, no-wrap
msgid "B<CAP_NET_BIND_SERVICE>"
msgstr "B<CAP_NET_BIND_SERVICE>"
#. type: Plain text
-#: build/C/man7/capabilities.7:186
+#: build/C/man7/capabilities.7:215
msgid ""
"Bind a socket to Internet domain privileged ports (port numbers less than "
"1024)."
"る。"
#. type: TP
-#: build/C/man7/capabilities.7:186
+#: build/C/man7/capabilities.7:215
#, no-wrap
msgid "B<CAP_NET_BROADCAST>"
msgstr "B<CAP_NET_BROADCAST>"
#. type: Plain text
-#: build/C/man7/capabilities.7:189
+#: build/C/man7/capabilities.7:218
msgid "(Unused) Make socket broadcasts, and listen to multicasts."
msgstr ""
"(未使用) ソケットのブロードキャストと、マルチキャストの待ち受けを行う。"
#. type: TP
-#: build/C/man7/capabilities.7:189
+#: build/C/man7/capabilities.7:218
#, no-wrap
msgid "B<CAP_NET_RAW>"
msgstr "B<CAP_NET_RAW>"
-#. Also various IP options and setsockopt(SO_BINDTODEVICE)
#. type: Plain text
-#: build/C/man7/capabilities.7:193
-msgid "Use RAW and PACKET sockets."
+#: build/C/man7/capabilities.7:224
+#, fuzzy
+#| msgid "Use RAW and PACKET sockets."
+msgid "use RAW and PACKET sockets;"
msgstr "RAW ソケットと PACKET ソケットを使用する。"
+#. type: Plain text
+#: build/C/man7/capabilities.7:226
+msgid "bind to any address for transparent proxying."
+msgstr ""
+
#. type: TP
-#: build/C/man7/capabilities.7:193
+#: build/C/man7/capabilities.7:229
#, no-wrap
msgid "B<CAP_SETGID>"
msgstr "B<CAP_SETGID>"
#. type: Plain text
-#: build/C/man7/capabilities.7:197
+#: build/C/man7/capabilities.7:233
msgid ""
"Make arbitrary manipulations of process GIDs and supplementary GID list; "
"forge GID when passing socket credentials via UNIX domain sockets."
"できる。"
#. type: TP
-#: build/C/man7/capabilities.7:197
+#: build/C/man7/capabilities.7:233
#, no-wrap
msgid "B<CAP_SETFCAP> (since Linux 2.6.24)"
msgstr "B<CAP_SETFCAP> (Linux 2.6.24 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:200
+#: build/C/man7/capabilities.7:236
msgid "Set file capabilities."
msgstr "ファイルケーパビリティを設定する。"
#. type: TP
-#: build/C/man7/capabilities.7:200
+#: build/C/man7/capabilities.7:236
#, no-wrap
msgid "B<CAP_SETPCAP>"
msgstr "B<CAP_SETPCAP>"
#. type: Plain text
-#: build/C/man7/capabilities.7:211
+#: build/C/man7/capabilities.7:247
msgid ""
"If file capabilities are not supported: grant or remove any capability in "
"the caller's permitted capability set to or from any other process. (This "
"サポートしているカーネルでは B<CAP_SETPCAP> は全く別の意味を持つからである。)"
#. type: Plain text
-#: build/C/man7/capabilities.7:221
+#: build/C/man7/capabilities.7:257
msgid ""
"If file capabilities are supported: add any capability from the calling "
"thread's bounding set to its inheritable set; drop capabilities from the "
"らケーパビリティを削除できる。 I<securebits> フラグを変更できる。"
#. type: TP
-#: build/C/man7/capabilities.7:221
+#: build/C/man7/capabilities.7:257
#, no-wrap
msgid "B<CAP_SETUID>"
msgstr "B<CAP_SETUID>"
#. FIXME CAP_SETUID also an effect in exec(); document this.
#. type: Plain text
-#: build/C/man7/capabilities.7:230
+#: build/C/man7/capabilities.7:266
msgid ""
"Make arbitrary manipulations of process UIDs (B<setuid>(2), B<setreuid>(2), "
"B<setresuid>(2), B<setfsuid>(2)); make forged UID when passing socket "
"(credential) を渡す際に 偽の UID を渡すことができる。"
#. type: TP
-#: build/C/man7/capabilities.7:230
+#: build/C/man7/capabilities.7:266
#, no-wrap
msgid "B<CAP_SYS_ADMIN>"
msgstr "B<CAP_SYS_ADMIN>"
#. type: Plain text
-#: build/C/man7/capabilities.7:244
+#: build/C/man7/capabilities.7:280
msgid ""
"Perform a range of system administration operations including: B<quotactl>"
"(2), B<mount>(2), B<umount>(2), B<swapon>(2), B<swapoff>(2), B<sethostname>"
"(2), B<swapon>(2), B<swapoff>(2), B<sethostname>(2), B<setdomainname>(2)."
#. type: Plain text
-#: build/C/man7/capabilities.7:250
+#: build/C/man7/capabilities.7:286
msgid ""
"perform privileged B<syslog>(2) operations (since Linux 2.6.37, "
"B<CAP_SYSLOG> should be used to permit such operations);"
msgstr ""
#. type: Plain text
-#: build/C/man7/capabilities.7:256
+#: build/C/man7/capabilities.7:291
+msgid "perform B<VM86_REQUEST_IRQ> B<vm86>(2) command;"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:297
msgid ""
"perform B<IPC_SET> and B<IPC_RMID> operations on arbitrary System V IPC "
"objects;"
"する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:263
+#: build/C/man7/capabilities.7:304
msgid ""
"perform operations on I<trusted> and I<security> Extended Attributes (see "
"B<attr>(5));"
"照)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:266
+#: build/C/man7/capabilities.7:307
msgid "use B<lookup_dcookie>(2);"
msgstr "B<lookup_dcookie>(2) を呼び出す。"
#. type: Plain text
-#: build/C/man7/capabilities.7:274
+#: build/C/man7/capabilities.7:315
msgid ""
"use B<ioprio_set>(2) to assign B<IOPRIO_CLASS_RT> and (before Linux "
"2.6.25) B<IOPRIO_CLASS_IDLE> I/O scheduling classes;"
"前のバージョンのみ)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:276
+#: build/C/man7/capabilities.7:317
msgid "forge UID when passing socket credentials;"
msgstr "ソケットの資格情報 (credential) を渡す際に偽の UID を渡す。"
#. type: Plain text
-#: build/C/man7/capabilities.7:285
+#: build/C/man7/capabilities.7:326
msgid ""
"exceed I</proc/sys/fs/file-max>, the system-wide limit on the number of open "
"files, in system calls that open files (e.g., B<accept>(2), B<execve>(2), "
"proc/sys/fs/file-max> を超過する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:292
-msgid "employ B<CLONE_NEWNS> flag with B<clone>(2) and B<unshare>(2);"
+#: build/C/man7/capabilities.7:333
+#, fuzzy
+#| msgid "employ B<CLONE_NEWNS> flag with B<clone>(2) and B<unshare>(2);"
+msgid ""
+"employ B<CLONE_*> flags that create new namespaces with B<clone>(2) and "
+"B<unshare>(2);"
msgstr "B<clone>(2) と B<unshare>(2) で B<CLONE_NEWNS> フラグを利用する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:295
-msgid "call B<setns>(2);"
+#: build/C/man7/capabilities.7:336
+msgid "call B<perf_event_open>(2);"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:338
+msgid "call"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:343
+msgid "access privileged I<perf> event information; B<setns>(2);"
msgstr ""
#. type: Plain text
-#: build/C/man7/capabilities.7:302
+#: build/C/man7/capabilities.7:346
+msgid "call B<fanotify_init>(2);"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:353
msgid "perform B<KEYCTL_CHOWN> and B<KEYCTL_SETPERM> B<keyctl>(2) operations;"
msgstr "B<keyctl>(2) の B<KEYCTL_CHOWN> と B<KEYCTL_SETPERM> 操作を実行する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:307
-msgid "perform B<madvise>(2) B<MADV_HWPOISON> operation."
+#: build/C/man7/capabilities.7:358
+#, fuzzy
+#| msgid "perform B<madvise>(2) B<MADV_HWPOISON> operation."
+msgid "perform B<madvise>(2) B<MADV_HWPOISON> operation;"
msgstr "B<madvise>(2) の B<MADV_HWPOISON> 操作を実行する。"
+#. type: Plain text
+#: build/C/man7/capabilities.7:364
+msgid ""
+"employ the B<TIOCSTI> B<ioctl>(2) to insert characters into the input queue "
+"of a terminal other than the caller's controlling terminal."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:368
+#, fuzzy
+#| msgid "Time of the last B<msgrcv>(2) system call."
+msgid "employ the obsolete B<nfsservctl>(2); system call;"
+msgstr "最後に B<msgrcv>(2) を行なった時間。"
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:372
+#, fuzzy
+#| msgid "Time of the last B<shmat>(2) system call."
+msgid "employ the obsolete B<bdflush>(2) system call;"
+msgstr "最後に B<shmat>(2) システム・コールを行なった時間。"
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:376
+msgid "perform various privileged block-device B<ioctl>(2) operations;"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:380
+msgid "perform various privileged file-system B<ioctl>(2) operations;"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:382
+msgid "perform administrative operations on many device drivers."
+msgstr ""
+
#. type: TP
-#: build/C/man7/capabilities.7:309
+#: build/C/man7/capabilities.7:384
#, no-wrap
msgid "B<CAP_SYS_BOOT>"
msgstr "B<CAP_SYS_BOOT>"
#. type: Plain text
-#: build/C/man7/capabilities.7:315
+#: build/C/man7/capabilities.7:390
msgid "Use B<reboot>(2) and B<kexec_load>(2)."
msgstr "B<reboot>(2) と B<kexec_load>(2) を呼び出す。"
#. type: TP
-#: build/C/man7/capabilities.7:315
+#: build/C/man7/capabilities.7:390
#, no-wrap
msgid "B<CAP_SYS_CHROOT>"
msgstr "B<CAP_SYS_CHROOT>"
#. type: Plain text
-#: build/C/man7/capabilities.7:319
+#: build/C/man7/capabilities.7:394
msgid "Use B<chroot>(2)."
msgstr "B<chroot>(2). を呼び出す。"
#. type: TP
-#: build/C/man7/capabilities.7:319
+#: build/C/man7/capabilities.7:394
#, no-wrap
msgid "B<CAP_SYS_MODULE>"
msgstr "B<CAP_SYS_MODULE>"
#. type: Plain text
-#: build/C/man7/capabilities.7:328
+#: build/C/man7/capabilities.7:403
msgid ""
"Load and unload kernel modules (see B<init_module>(2) and B<delete_module>"
"(2)); in kernels before 2.6.25: drop capabilities from the system-wide "
"からケーパビリティを外す。"
#. type: TP
-#: build/C/man7/capabilities.7:328
+#: build/C/man7/capabilities.7:403
#, no-wrap
msgid "B<CAP_SYS_NICE>"
msgstr "B<CAP_SYS_NICE>"
#. type: Plain text
-#: build/C/man7/capabilities.7:337
+#: build/C/man7/capabilities.7:412
msgid ""
"Raise process nice value (B<nice>(2), B<setpriority>(2)) and change the "
"nice value for arbitrary processes;"
"セスの nice 値の変更を行う。"
#. type: Plain text
-#: build/C/man7/capabilities.7:342
+#: build/C/man7/capabilities.7:417
msgid ""
"set real-time scheduling policies for calling process, and set scheduling "
"policies and priorities for arbitrary processes (B<sched_setscheduler>(2), "
"(B<sched_setscheduler>(2), B<sched_setparam>(2))。"
#. type: Plain text
-#: build/C/man7/capabilities.7:345
+#: build/C/man7/capabilities.7:420
msgid "set CPU affinity for arbitrary processes (B<sched_setaffinity>(2));"
msgstr ""
"任意のプロセスに対する CPU affinity を設定できる (B<sched_setaffinity>(2))。"
#. type: Plain text
-#: build/C/man7/capabilities.7:348
+#: build/C/man7/capabilities.7:423
msgid ""
"set I/O scheduling class and priority for arbitrary processes (B<ioprio_set>"
"(2));"
#. do_migrate_pages(mm, &old, &new,
#. capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
#. type: Plain text
-#: build/C/man7/capabilities.7:357
+#: build/C/man7/capabilities.7:432
msgid ""
"apply B<migrate_pages>(2) to arbitrary processes and allow processes to be "
"migrated to arbitrary nodes;"
"る。"
#. type: Plain text
-#: build/C/man7/capabilities.7:361
+#: build/C/man7/capabilities.7:436
msgid "apply B<move_pages>(2) to arbitrary processes;"
msgstr "B<move_pages>(2) を任意のプロセスに対して行う。"
#. type: Plain text
-#: build/C/man7/capabilities.7:368
+#: build/C/man7/capabilities.7:443
msgid ""
"use the B<MPOL_MF_MOVE_ALL> flag with B<mbind>(2) and B<move_pages>(2)."
msgstr ""
"B<mbind>(2) と B<move_pages>(2) で B<MPOL_MF_MOVE_ALL> フラグを使用する。"
#. type: TP
-#: build/C/man7/capabilities.7:370
+#: build/C/man7/capabilities.7:445
#, no-wrap
msgid "B<CAP_SYS_PACCT>"
msgstr "B<CAP_SYS_PACCT>"
#. type: Plain text
-#: build/C/man7/capabilities.7:374
+#: build/C/man7/capabilities.7:449
msgid "Use B<acct>(2)."
msgstr "B<acct>(2) を呼び出す。"
#. type: TP
-#: build/C/man7/capabilities.7:374
+#: build/C/man7/capabilities.7:449
#, no-wrap
msgid "B<CAP_SYS_PTRACE>"
msgstr "B<CAP_SYS_PTRACE>"
#. type: Plain text
-#: build/C/man7/capabilities.7:381
+#: build/C/man7/capabilities.7:456
msgid ""
"Trace arbitrary processes using B<ptrace>(2); apply B<get_robust_list>(2) "
"to arbitrary processes."
"B<get_robust_list>(2) を適用する。"
#. type: TP
-#: build/C/man7/capabilities.7:381
+#: build/C/man7/capabilities.7:456
#, no-wrap
msgid "B<CAP_SYS_RAWIO>"
msgstr "B<CAP_SYS_RAWIO>"
#. type: Plain text
-#: build/C/man7/capabilities.7:389
+#: build/C/man7/capabilities.7:468
+#, fuzzy
+#| msgid ""
+#| "Perform I/O port operations (B<iopl>(2) and B<ioperm>(2)); access I</"
+#| "proc/kcore>."
msgid ""
"Perform I/O port operations (B<iopl>(2) and B<ioperm>(2)); access I</proc/"
-"kcore>."
+"kcore>; employ the B<FIBMAP> B<ioctl>(2) operation."
msgstr ""
"I/O ポート操作を実行する (B<iopl>(2) 、 B<ioperm>(2))。 I</proc/kcore> にア"
"クセスできる。"
#. type: TP
-#: build/C/man7/capabilities.7:389
+#: build/C/man7/capabilities.7:468
#, no-wrap
msgid "B<CAP_SYS_RESOURCE>"
msgstr "B<CAP_SYS_RESOURCE>"
#. type: Plain text
-#: build/C/man7/capabilities.7:395
+#: build/C/man7/capabilities.7:474
msgid "Use reserved space on ext2 file systems;"
msgstr "ext2 ファイルシステム上の予約されている領域を使用する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:399
+#: build/C/man7/capabilities.7:478
msgid "make B<ioctl>(2) calls controlling ext3 journaling;"
msgstr "ext3 のジャーナル機能を制御する B<ioctl>(2) を使用する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:401
+#: build/C/man7/capabilities.7:480
msgid "override disk quota limits;"
msgstr "ディスク quota の上限を上書きする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:404
+#: build/C/man7/capabilities.7:483
msgid "increase resource limits (see B<setrlimit>(2));"
msgstr "リソース上限を増やす (B<setrlimit>(2))。"
#. type: Plain text
-#: build/C/man7/capabilities.7:408
+#: build/C/man7/capabilities.7:487
msgid "override B<RLIMIT_NPROC> resource limit;"
msgstr "B<RLIMIT_NPROC> リソース制限を上書きする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:417
+#: build/C/man7/capabilities.7:489
+msgid "override maximum number of consoles on console allocation;"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:491
+msgid "override maximum number of keymaps;"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:493
+msgid "allow more than 64hz interrupts from the real-time clock;"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:502
+#, fuzzy
+#| msgid ""
+#| "raise I<msg_qbytes> limit for a System V message queue above the limit in "
+#| "I</proc/sys/kernel/msgmnb> (see B<msgop>(2) and B<msgctl>(2))."
msgid ""
"raise I<msg_qbytes> limit for a System V message queue above the limit in I</"
-"proc/sys/kernel/msgmnb> (see B<msgop>(2) and B<msgctl>(2))."
+"proc/sys/kernel/msgmnb> (see B<msgop>(2) and B<msgctl>(2));"
msgstr ""
"メッセージキューに関する上限 I<msg_qbytes> を I</proc/sys/kernel/msgmnb> に指"
"定されている上限よりも大きく設定する (B<msgop>(2) と B<msgctl>(2) 参照)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:422
+#: build/C/man7/capabilities.7:509
+msgid ""
+"override the I</proc/sys/fs/pipe-size-max> limit when setting the capacity "
+"of a pipe using the B<F_SETPIPE_SZ> B<fcntl>(2) command."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:514
+#, fuzzy
+#| msgid ""
+#| "use B<F_SETPIPE_SZ> to increase the capacity of a pipe above the limit "
+#| "specified by I</proc/sys/fs/pipe-max-size>."
msgid ""
"use B<F_SETPIPE_SZ> to increase the capacity of a pipe above the limit "
-"specified by I</proc/sys/fs/pipe-max-size>."
+"specified by I</proc/sys/fs/pipe-max-size>;"
msgstr ""
"I</proc/sys/fs/pipe-max-size> に指定されている上限を超えてパイプの容量を増や"
"すのに B<F_SETPIPE_SZ> を使用する。"
+#. type: Plain text
+#: build/C/man7/capabilities.7:519
+msgid ""
+"override I</proc/sys/fs/mqueue/queues_max> limit when creating POSIX message "
+"queues (see B<mq_overview>(7))."
+msgstr ""
+
#. type: TP
-#: build/C/man7/capabilities.7:424
+#: build/C/man7/capabilities.7:521
#, no-wrap
msgid "B<CAP_SYS_TIME>"
msgstr "B<CAP_SYS_TIME>"
#. type: Plain text
-#: build/C/man7/capabilities.7:431
+#: build/C/man7/capabilities.7:528
msgid ""
"Set system clock (B<settimeofday>(2), B<stime>(2), B<adjtimex>(2)); set real-"
"time (hardware) clock."
"(2))。 リアルタイム (ハードウェア) クロックを変更する。"
#. type: TP
-#: build/C/man7/capabilities.7:431
+#: build/C/man7/capabilities.7:528
#, no-wrap
msgid "B<CAP_SYS_TTY_CONFIG>"
msgstr "B<CAP_SYS_TTY_CONFIG>"
#. type: Plain text
-#: build/C/man7/capabilities.7:435
-msgid "Use B<vhangup>(2)."
-msgstr "B<vhangup>(2) を呼び出す。"
+#: build/C/man7/capabilities.7:535
+msgid ""
+"Use B<vhangup>(2); employ various privileged B<ioctl>(2) operations on "
+"virtual terminals."
+msgstr ""
#. type: TP
-#: build/C/man7/capabilities.7:435
+#: build/C/man7/capabilities.7:535
#, fuzzy, no-wrap
#| msgid "B<CAP_SETFCAP> (since Linux 2.6.24)"
msgid "B<CAP_SYSLOG> (since Linux 2.6.37)"
msgstr "B<CAP_SETFCAP> (Linux 2.6.24 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:444
+#: build/C/man7/capabilities.7:543
msgid ""
"Perform privileged B<syslog>(2) operations. See B<syslog>(2) for "
"information on which operations require privilege."
msgstr ""
+#. type: TP
+#: build/C/man7/capabilities.7:543
+#, fuzzy, no-wrap
+#| msgid "B<CAP_LEASE> (since Linux 2.4)"
+msgid "B<CAP_WAKE_ALARM> (since Linux 3.0)"
+msgstr "B<CAP_LEASE> (Linux 2.4 以降)"
+
+#. type: Plain text
+#: build/C/man7/capabilities.7:551
+msgid ""
+"Trigger something that will wake up the system (set B<CLOCK_REALTIME_ALARM> "
+"and B<CLOCK_BOOTTIME_ALARM> timers)."
+msgstr ""
+
#. type: SS
-#: build/C/man7/capabilities.7:444
+#: build/C/man7/capabilities.7:551
#, no-wrap
msgid "Past and Current Implementation"
msgstr "過去と現在の実装"
#. type: Plain text
-#: build/C/man7/capabilities.7:446
+#: build/C/man7/capabilities.7:553
msgid "A full implementation of capabilities requires that:"
msgstr "完全な形のケーパビリティを実装するには、以下の要件を満たす必要がある:"
#. type: IP
-#: build/C/man7/capabilities.7:446 build/C/man7/capabilities.7:589
-#: build/C/man7/capabilities.7:736 build/C/man7/capabilities.7:789
+#: build/C/man7/capabilities.7:553 build/C/man7/capabilities.7:696
+#: build/C/man7/capabilities.7:843 build/C/man7/capabilities.7:896
#, no-wrap
msgid "1."
msgstr "1."
#. type: Plain text
-#: build/C/man7/capabilities.7:450
+#: build/C/man7/capabilities.7:557
msgid ""
"For all privileged operations, the kernel must check whether the thread has "
"the required capability in its effective set."
"要なケーパビリティがあるかを確認する。"
#. type: IP
-#: build/C/man7/capabilities.7:450 build/C/man7/capabilities.7:594
-#: build/C/man7/capabilities.7:742 build/C/man7/capabilities.7:795
+#: build/C/man7/capabilities.7:557 build/C/man7/capabilities.7:701
+#: build/C/man7/capabilities.7:849 build/C/man7/capabilities.7:902
#, no-wrap
msgid "2."
msgstr "2."
#. type: Plain text
-#: build/C/man7/capabilities.7:453
+#: build/C/man7/capabilities.7:560
msgid ""
"The kernel must provide system calls allowing a thread's capability sets to "
"be changed and retrieved."
"システムコールが提供される。"
#. type: IP
-#: build/C/man7/capabilities.7:453 build/C/man7/capabilities.7:745
-#: build/C/man7/capabilities.7:799
+#: build/C/man7/capabilities.7:560 build/C/man7/capabilities.7:852
+#: build/C/man7/capabilities.7:906
#, no-wrap
msgid "3."
msgstr "3."
#. type: Plain text
-#: build/C/man7/capabilities.7:456
+#: build/C/man7/capabilities.7:563
msgid ""
"The file system must support attaching capabilities to an executable file, "
"so that a process gains those capabilities when the file is executed."
"時にそのケーパビリティをプロセスが取得できるような機能をサポートする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:460
+#: build/C/man7/capabilities.7:567
msgid ""
"Before kernel 2.6.24, only the first two of these requirements are met; "
"since kernel 2.6.24, all three requirements are met."
"2.6.24 以降では、3つの要件すべてが満たされている。"
#. type: SS
-#: build/C/man7/capabilities.7:460
+#: build/C/man7/capabilities.7:567
#, no-wrap
msgid "Thread Capability Sets"
msgstr "スレッドケーパビリティセット"
#. type: Plain text
-#: build/C/man7/capabilities.7:463
+#: build/C/man7/capabilities.7:570
msgid ""
"Each thread has three capability sets containing zero or more of the above "
"capabilities:"
"もよい)。"
#. type: TP
-#: build/C/man7/capabilities.7:463
+#: build/C/man7/capabilities.7:570
#, no-wrap
msgid "I<Permitted>:"
msgstr "I<許可 (permitted)>:"
#. type: Plain text
-#: build/C/man7/capabilities.7:471
+#: build/C/man7/capabilities.7:578
msgid ""
"This is a limiting superset for the effective capabilities that the thread "
"may assume. It is also a limiting superset for the capabilities that may be "
"の限定的なスーパーセットでもある。"
#. type: Plain text
-#: build/C/man7/capabilities.7:477
+#: build/C/man7/capabilities.7:584
msgid ""
"If a thread drops a capability from its permitted set, it can never "
"reacquire that capability (unless it B<execve>(2)s either a set-user-ID-root "
"プログラムを B<execve>(2) しない限りは) もう一度獲得することはできない。"
#. type: TP
-#: build/C/man7/capabilities.7:477
+#: build/C/man7/capabilities.7:584
#, no-wrap
msgid "I<Inheritable>:"
msgstr "I<継承可能 (inheritable)>:"
#. type: Plain text
-#: build/C/man7/capabilities.7:484
+#: build/C/man7/capabilities.7:591
msgid ""
"This is a set of capabilities preserved across an B<execve>(2). It provides "
"a mechanism for a process to assign capabilities to the permitted set of the "
"リティセットとして 割り当てるケーパビリティを指定することができる。"
#. type: TP
-#: build/C/man7/capabilities.7:484 build/C/man7/capabilities.7:526
+#: build/C/man7/capabilities.7:591 build/C/man7/capabilities.7:633
#, no-wrap
msgid "I<Effective>:"
msgstr "I<実効 (effective)>:"
#. type: Plain text
-#: build/C/man7/capabilities.7:488
+#: build/C/man7/capabilities.7:595
msgid ""
"This is the set of capabilities used by the kernel to perform permission "
"checks for the thread."
"ティセットである。"
#. type: Plain text
-#: build/C/man7/capabilities.7:494
+#: build/C/man7/capabilities.7:601
msgid ""
"A child created via B<fork>(2) inherits copies of its parent's capability "
"sets. See below for a discussion of the treatment of capabilities during "
"する。 B<execve>(2) 中のケーパビリティの扱いについては下記を参照のこと。"
#. type: Plain text
-#: build/C/man7/capabilities.7:499
+#: build/C/man7/capabilities.7:606
msgid ""
"Using B<capset>(2), a thread may manipulate its own capability sets (see "
"below)."
"とができる (下記参照)。"
#. type: SS
-#: build/C/man7/capabilities.7:499
+#: build/C/man7/capabilities.7:606
#, no-wrap
msgid "File Capabilities"
msgstr "ファイルケーパビリティ"
#. type: Plain text
-#: build/C/man7/capabilities.7:514
+#: build/C/man7/capabilities.7:621
msgid ""
"Since kernel 2.6.24, the kernel supports associating capability sets with an "
"executable file using B<setcap>(8). The file capability sets are stored in "
"(2) 後のスレッドのケーパビリティセットが決定される。"
#. type: Plain text
-#: build/C/man7/capabilities.7:516
+#: build/C/man7/capabilities.7:623
msgid "The three file capability sets are:"
msgstr "3 つのファイルケーパビリティセットが定義されている。"
#. type: TP
-#: build/C/man7/capabilities.7:516
+#: build/C/man7/capabilities.7:623
#, no-wrap
msgid "I<Permitted> (formerly known as I<forced>):"
msgstr "I<許可 (Permitted)> (以前のI<強制 (Forced)>):"
#. type: Plain text
-#: build/C/man7/capabilities.7:520
+#: build/C/man7/capabilities.7:627
msgid ""
"These capabilities are automatically permitted to the thread, regardless of "
"the thread's inheritable capabilities."
"ケーパビリティ。"
#. type: TP
-#: build/C/man7/capabilities.7:520
+#: build/C/man7/capabilities.7:627
#, no-wrap
msgid "I<Inheritable> (formerly known as I<allowed>):"
msgstr "I<継承可能 (Inheritable)> (以前の I<許容 (Allowed)>):"
#. type: Plain text
-#: build/C/man7/capabilities.7:526
+#: build/C/man7/capabilities.7:633
msgid ""
"This set is ANDed with the thread's inheritable set to determine which "
"inheritable capabilities are enabled in the permitted set of the thread "
"継承可能ケーパビリティが決定される。"
#. type: Plain text
-#: build/C/man7/capabilities.7:536
+#: build/C/man7/capabilities.7:643
msgid ""
"This is not a set, but rather just a single bit. If this bit is set, then "
"during an B<execve>(2) all of the new permitted capabilities for the thread "
"集合 にセットされない。"
#. type: Plain text
-#: build/C/man7/capabilities.7:552
+#: build/C/man7/capabilities.7:659
msgid ""
"Enabling the file effective capability bit implies that any file permitted "
"or inheritable capability that causes a thread to acquire the corresponding "
"ケーパビリティ についても実効フラグを有効と指定しなければならない。"
#. type: SS
-#: build/C/man7/capabilities.7:552
+#: build/C/man7/capabilities.7:659
#, no-wrap
msgid "Transformation of Capabilities During execve()"
msgstr "execve() 中のケーパビリティの変換"
#. type: Plain text
-#: build/C/man7/capabilities.7:558
+#: build/C/man7/capabilities.7:665
msgid ""
"During an B<execve>(2), the kernel calculates the new capabilities of the "
"process using the following algorithm:"
"リズムを用いて計算する:"
#. type: Plain text
-#: build/C/man7/capabilities.7:563
+#: build/C/man7/capabilities.7:670
#, no-wrap
msgid ""
"P'(permitted) = (P(inheritable) & F(inheritable)) |\n"
" (F(permitted) & cap_bset)\n"
#. type: Plain text
-#: build/C/man7/capabilities.7:565
+#: build/C/man7/capabilities.7:672
#, no-wrap
msgid "P'(effective) = F(effective) ? P'(permitted) : 0\n"
msgstr "P'(effective) = F(effective) ? P'(permitted) : 0\n"
#. type: Plain text
-#: build/C/man7/capabilities.7:567
+#: build/C/man7/capabilities.7:674
#, no-wrap
msgid "P'(inheritable) = P(inheritable) [i.e., unchanged]\n"
msgstr "P'(inheritable) = P(inheritable) [つまり、変更されない]\n"
#. type: Plain text
-#: build/C/man7/capabilities.7:571
+#: build/C/man7/capabilities.7:678
msgid "where:"
msgstr "各変数の意味は以下の通り:"
#. type: IP
-#: build/C/man7/capabilities.7:572
+#: build/C/man7/capabilities.7:679
#, no-wrap
msgid "P"
msgstr "P"
#. type: Plain text
-#: build/C/man7/capabilities.7:575
+#: build/C/man7/capabilities.7:682
msgid "denotes the value of a thread capability set before the B<execve>(2)"
msgstr "B<execve>(2) 前のスレッドのケーパビリティセットの値"
#. type: IP
-#: build/C/man7/capabilities.7:575
+#: build/C/man7/capabilities.7:682
#, no-wrap
msgid "P'"
msgstr "P'"
#. type: Plain text
-#: build/C/man7/capabilities.7:578
+#: build/C/man7/capabilities.7:685
msgid "denotes the value of a capability set after the B<execve>(2)"
msgstr "B<execve>(2) 後のスレッドのケーパビリティセットの値"
#. type: IP
-#: build/C/man7/capabilities.7:578
+#: build/C/man7/capabilities.7:685
#, no-wrap
msgid "F"
msgstr "F"
#. type: Plain text
-#: build/C/man7/capabilities.7:580
+#: build/C/man7/capabilities.7:687
msgid "denotes a file capability set"
msgstr "ファイルケーパビリティセットの値"
#. type: IP
-#: build/C/man7/capabilities.7:580
+#: build/C/man7/capabilities.7:687
#, no-wrap
msgid "cap_bset"
msgstr "cap_bset"
#. type: Plain text
-#: build/C/man7/capabilities.7:582
+#: build/C/man7/capabilities.7:689
msgid "is the value of the capability bounding set (described below)."
msgstr "ケーパビリティバウンディングセットの値 (下記参照)"
#. type: SS
-#: build/C/man7/capabilities.7:584
+#: build/C/man7/capabilities.7:691
#, no-wrap
msgid "Capabilities and execution of programs by root"
msgstr "ケーパビリティと、ルートによるプログラムの実行"
#. type: Plain text
-#: build/C/man7/capabilities.7:589
+#: build/C/man7/capabilities.7:696
msgid ""
"In order to provide an all-powerful I<root> using capability sets, during an "
"B<execve>(2):"
"を実現するには、以下のようにする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:594
+#: build/C/man7/capabilities.7:701
msgid ""
"If a set-user-ID-root program is being executed, or the real user ID of the "
"process is 0 (root) then the file inheritable and permitted sets are "
"ビリティが有効) に定義する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:597
+#: build/C/man7/capabilities.7:704
msgid ""
"If a set-user-ID-root program is being executed, then the file effective bit "
"is defined to be one (enabled)."
#. exec(), then it gets all capabilities in its
#. permitted set, and no effective capabilities
#. type: Plain text
-#: build/C/man7/capabilities.7:612
+#: build/C/man7/capabilities.7:719
msgid ""
"The upshot of the above rules, combined with the capabilities "
"transformations described above, is that when a process B<execve>(2)s a set-"
"により、伝統的な UNIX システムと同じ振る舞いができるようになっている。"
#. type: SS
-#: build/C/man7/capabilities.7:612
+#: build/C/man7/capabilities.7:719
#, no-wrap
msgid "Capability bounding set"
msgstr "ケーパビリティ・バウンディングセット"
#. type: Plain text
-#: build/C/man7/capabilities.7:617
+#: build/C/man7/capabilities.7:724
msgid ""
"The capability bounding set is a security mechanism that can be used to "
"limit the capabilities that can be gained during an B<execve>(2). The "
"ある。 バウンディングセットは以下のように使用される。"
#. type: Plain text
-#: build/C/man7/capabilities.7:625
+#: build/C/man7/capabilities.7:732
msgid ""
"During an B<execve>(2), the capability bounding set is ANDed with the file "
"permitted capability set, and the result of this operation is assigned to "
"る。"
#. type: Plain text
-#: build/C/man7/capabilities.7:637
+#: build/C/man7/capabilities.7:744
msgid ""
"(Since Linux 2.6.25) The capability bounding set acts as a limiting "
"superset for the capabilities that a thread can add to its inheritable set "
"できない、 ということである。"
#. type: Plain text
-#: build/C/man7/capabilities.7:644
+#: build/C/man7/capabilities.7:751
msgid ""
"Note that the bounding set masks the file permitted capabilities, but not "
"the inherited capabilities. If a thread maintains a capability in its "
"ということである。"
#. type: Plain text
-#: build/C/man7/capabilities.7:647
+#: build/C/man7/capabilities.7:754
msgid ""
"Depending on the kernel version, the capability bounding set is either a "
"system-wide attribute, or a per-process attribute."
"通の属性の場合と、プロセス単位の属性の場合がある。"
#. type: Plain text
-#: build/C/man7/capabilities.7:649
+#: build/C/man7/capabilities.7:756
msgid "B<Capability bounding set prior to Linux 2.6.25>"
msgstr "B<Linux 2.6.25 より前のケーパビリティ・バウンディングセット>"
#. type: Plain text
-#: build/C/man7/capabilities.7:657
+#: build/C/man7/capabilities.7:764
msgid ""
"In kernels before 2.6.25, the capability bounding set is a system-wide "
"attribute that affects all threads on the system. The bounding set is "
"きの十進数で表現される。)"
#. type: Plain text
-#: build/C/man7/capabilities.7:664
+#: build/C/man7/capabilities.7:771
msgid ""
"Only the B<init> process may set capabilities in the capability bounding "
"set; other than that, the superuser (more precisely: programs with the "
"ンディングセットのケーパビリティのクリアが できるだけである。"
#. type: Plain text
-#: build/C/man7/capabilities.7:673
+#: build/C/man7/capabilities.7:780
msgid ""
"On a standard system the capability bounding set always masks out the "
"B<CAP_SETPCAP> capability. To remove this restriction (dangerous!), modify "
"する必要がある。"
#. type: Plain text
-#: build/C/man7/capabilities.7:677
+#: build/C/man7/capabilities.7:784
msgid ""
"The system-wide capability bounding set feature was added to Linux starting "
"with kernel version 2.2.11."
"降で Linux に追加された。"
#. type: Plain text
-#: build/C/man7/capabilities.7:679
+#: build/C/man7/capabilities.7:786
msgid "B<Capability bounding set from Linux 2.6.25 onward>"
msgstr "B<Linux 2.6.25 以降のケーパビリティ・バウンディングセット>"
#. type: Plain text
-#: build/C/man7/capabilities.7:684
+#: build/C/man7/capabilities.7:791
msgid ""
"From Linux 2.6.25, the I<capability bounding set> is a per-thread "
"attribute. (There is no longer a system-wide capability bounding set.)"
"在しない)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:689
+#: build/C/man7/capabilities.7:796
msgid ""
"The bounding set is inherited at B<fork>(2) from the thread's parent, and "
"is preserved across an B<execve>(2)."
"B<execve>(2) の前後では保持される。"
#. type: Plain text
-#: build/C/man7/capabilities.7:702
+#: build/C/man7/capabilities.7:809
msgid ""
"A thread may remove capabilities from its capability bounding set using the "
"B<prctl>(2) B<PR_CAPBSET_DROP> operation, provided it has the "
"いるかを知ることができる。"
#. type: Plain text
-#: build/C/man7/capabilities.7:720
+#: build/C/man7/capabilities.7:827
#, fuzzy
#| msgid ""
#| "Removing capabilities from the bounding set is only supported if file "
"合には 違った意味を持つからである。"
#. type: Plain text
-#: build/C/man7/capabilities.7:727
+#: build/C/man7/capabilities.7:834
msgid ""
"Removing a capability from the bounding set does not remove it from the "
"thread's inherited set. However it does prevent the capability from being "
"こと はできなくなる。"
#. type: SS
-#: build/C/man7/capabilities.7:727
+#: build/C/man7/capabilities.7:834
#, no-wrap
msgid "Effect of User ID Changes on Capabilities"
msgstr "ユーザ ID 変更のケーパビリティへの影響"
#. type: Plain text
-#: build/C/man7/capabilities.7:736
+#: build/C/man7/capabilities.7:843
msgid ""
"To preserve the traditional semantics for transitions between 0 and nonzero "
"user IDs, the kernel makes the following changes to a thread's capability "
"スレッドのケーパビリティセットに 以下の変更を行う:"
#. type: Plain text
-#: build/C/man7/capabilities.7:742
+#: build/C/man7/capabilities.7:849
msgid ""
"If one or more of the real, effective or saved set user IDs was previously "
"0, and as a result of the UID changes all of these IDs have a nonzero value, "
"合、許可と実効のケーパビリティセットの 全ケーパビリティをクリアする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:745
+#: build/C/man7/capabilities.7:852
msgid ""
"If the effective user ID is changed from 0 to nonzero, then all capabilities "
"are cleared from the effective set."
"パビリティをクリアする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:748
+#: build/C/man7/capabilities.7:855
msgid ""
"If the effective user ID is changed from nonzero to 0, then the permitted "
"set is copied to the effective set."
"実効ケーパビリティセットにコピーする。"
#. type: IP
-#: build/C/man7/capabilities.7:748 build/C/man7/capabilities.7:803
+#: build/C/man7/capabilities.7:855 build/C/man7/capabilities.7:910
#, no-wrap
msgid "4."
msgstr "4."
#. type: Plain text
-#: build/C/man7/capabilities.7:766
+#: build/C/man7/capabilities.7:873
msgid ""
"If the file system user ID is changed from 0 to nonzero (see B<setfsuid>"
"(2)) then the following capabilities are cleared from the effective set: "
"ティセットで有効になっているものが 実効ケーパビリティセットで有効にされる。"
#. type: Plain text
-#: build/C/man7/capabilities.7:774
+#: build/C/man7/capabilities.7:881
msgid ""
"If a thread that has a 0 value for one or more of its user IDs wants to "
"prevent its permitted capability set being cleared when it resets all of its "
"は、 B<prctl>(2) の B<PR_SET_KEEPCAPS> 操作を使えばよい。"
#. type: SS
-#: build/C/man7/capabilities.7:774
+#: build/C/man7/capabilities.7:881
#, no-wrap
msgid "Programmatically adjusting capability sets"
msgstr "プログラムでケーパビリティセットを調整する"
#. type: Plain text
-#: build/C/man7/capabilities.7:789
+#: build/C/man7/capabilities.7:896
msgid ""
"A thread can retrieve and change its capability sets using the B<capget>(2) "
"and B<capset>(2) system calls. However, the use of B<cap_get_proc>(3) and "
"望ましい。 スレッドのケーパビリティセットの変更には以下のルールが適用される。"
#. type: Plain text
-#: build/C/man7/capabilities.7:795
+#: build/C/man7/capabilities.7:902
msgid ""
"If the caller does not have the B<CAP_SETPCAP> capability, the new "
"inheritable set must be a subset of the combination of the existing "
"ばならない。"
#. type: Plain text
-#: build/C/man7/capabilities.7:799
+#: build/C/man7/capabilities.7:906
msgid ""
"(Since kernel 2.6.25) The new inheritable set must be a subset of the "
"combination of the existing inheritable set and the capability bounding set."
"ビリティ・ バウンディングセットの積集合 (AND) の部分集合でなければならない。"
#. type: Plain text
-#: build/C/man7/capabilities.7:803
+#: build/C/man7/capabilities.7:910
msgid ""
"The new permitted set must be a subset of the existing permitted set (i.e., "
"it is not possible to acquire permitted capabilities that the thread does "
"のスレッドが現在持っていない許可ケーパビリティを 獲得することはできない)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:805
+#: build/C/man7/capabilities.7:912
msgid "The new effective set must be a subset of the new permitted set."
msgstr ""
"新しい実効ケーパビリティセットは新しい許可ケーパビリティセットの 部分集合に"
"なっていなければならない。"
#. type: SS
-#: build/C/man7/capabilities.7:805
+#: build/C/man7/capabilities.7:912
#, no-wrap
msgid "The \"securebits\" flags: establishing a capabilities-only environment"
msgstr "securebits フラグ: ケーパビリティだけの環境を構築する"
#. see http://lwn.net/Articles/280279/ and
#. http://article.gmane.org/gmane.linux.kernel.lsm/5476/
#. type: Plain text
-#: build/C/man7/capabilities.7:816
+#: build/C/man7/capabilities.7:923
msgid ""
"Starting with kernel 2.6.26, and with a kernel in which file capabilities "
"are enabled, Linux implements a set of per-thread I<securebits> flags that "
"ようなフラグがある。"
#. type: TP
-#: build/C/man7/capabilities.7:816
+#: build/C/man7/capabilities.7:923
#, no-wrap
msgid "B<SECBIT_KEEP_CAPS>"
msgstr "B<SECBIT_KEEP_CAPS>"
#. type: Plain text
-#: build/C/man7/capabilities.7:828
+#: build/C/man7/capabilities.7:935
msgid ""
"Setting this flag allows a thread that has one or more 0 UIDs to retain its "
"capabilities when it switches all of its UIDs to a nonzero value. If this "
"同じ機能を提供するものである)。"
#. type: TP
-#: build/C/man7/capabilities.7:828
+#: build/C/man7/capabilities.7:935
#, no-wrap
msgid "B<SECBIT_NO_SETUID_FIXUP>"
msgstr "B<SECBIT_NO_SETUID_FIXUP>"
#. type: Plain text
-#: build/C/man7/capabilities.7:835
+#: build/C/man7/capabilities.7:942
msgid ""
"Setting this flag stops the kernel from adjusting capability sets when the "
"threads's effective and file system UIDs are switched between zero and "
"くなる (「ユーザ ID 変更のケーパビリティへの影響」の節を参照)。"
#. type: TP
-#: build/C/man7/capabilities.7:835
+#: build/C/man7/capabilities.7:942
#, no-wrap
msgid "B<SECBIT_NOROOT>"
msgstr "B<SECBIT_NOROOT>"
#. type: Plain text
-#: build/C/man7/capabilities.7:843
+#: build/C/man7/capabilities.7:950
msgid ""
"If this bit is set, then the kernel does not grant capabilities when a set-"
"user-ID-root program is executed, or when a process with an effective or "
"行」の節を参照)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:853
+#: build/C/man7/capabilities.7:960
msgid ""
"Each of the above \"base\" flags has a companion \"locked\" flag. Setting "
"any of the \"locked\" flags is irreversible, and has the effect of "
"B<SECBIT_NOROOT_LOCKED> という名前である。"
#. type: Plain text
-#: build/C/man7/capabilities.7:865
+#: build/C/man7/capabilities.7:972
msgid ""
"The I<securebits> flags can be modified and retrieved using the B<prctl>(2) "
"B<PR_SET_SECUREBITS> and B<PR_GET_SECUREBITS> operations. The "
"るには B<CAP_SETPCAP> ケーパビリティが必要である。"
#. type: Plain text
-#: build/C/man7/capabilities.7:874
+#: build/C/man7/capabilities.7:981
#, fuzzy
#| msgid ""
#| "The I<securebits> flags are inherited by child processes. During an "
"B<SECURE_KEEP_CAPS> が常にクリアされる以外は、全てのフラグが保持される。"
#. type: Plain text
-#: build/C/man7/capabilities.7:879
+#: build/C/man7/capabilities.7:986
msgid ""
"An application can use the following call to lock itself, and all of its "
"descendants, into an environment where the only way of gaining capabilities "
"きる。"
#. type: Plain text
-#: build/C/man7/capabilities.7:888
+#: build/C/man7/capabilities.7:995
#, no-wrap
msgid ""
"prctl(PR_SET_SECUREBITS,\n"
" SECBIT_NOROOT_LOCKED);\n"
#. type: Plain text
-#: build/C/man7/capabilities.7:895
+#: build/C/man7/capabilities.7:1002
msgid ""
"No standards govern capabilities, but the Linux capability implementation is "
"based on the withdrawn POSIX.1e draft standard; see I<http://wt.xpilot.org/"
"posix.1e/> を参照。"
#. type: Plain text
-#: build/C/man7/capabilities.7:899
+#: build/C/man7/capabilities.7:1006
msgid ""
"Since kernel 2.5.27, capabilities are an optional kernel component, and can "
"be enabled/disabled via the CONFIG_SECURITY_CAPABILITIES kernel "
"り替えることができる。"
#. type: Plain text
-#: build/C/man7/capabilities.7:906
+#: build/C/man7/capabilities.7:1013
msgid ""
"The I</proc/PID/task/TID/status> file can be used to view the capability "
"sets of a thread. The I</proc/PID/status> file shows the capability sets of "
"ドのケーパビリティセットが表示される。"
#. type: Plain text
-#: build/C/man7/capabilities.7:921
+#: build/C/man7/capabilities.7:1028
msgid ""
"The I<libcap> package provides a suite of routines for setting and getting "
"capabilities that is more comfortable and less likely to change than the "
"る。 パッケージは以下で入手できる。"
#. type: Plain text
-#: build/C/man7/capabilities.7:923
+#: build/C/man7/capabilities.7:1030
msgid "I<http://www.kernel.org/pub/linux/libs/security/linux-privs>."
msgstr "I<http://www.kernel.org/pub/linux/libs/security/linux-privs>"
#. type: Plain text
-#: build/C/man7/capabilities.7:932
+#: build/C/man7/capabilities.7:1039
msgid ""
"Before kernel 2.6.24, and since kernel 2.6.24 if file capabilities are not "
"enabled, a thread with the B<CAP_SETPCAP> capability can manipulate the "
"B<CAP_SETPCAP> ケーパビリティを持つことはないからである。"
#. type: Plain text
-#: build/C/man7/capabilities.7:937
+#: build/C/man7/capabilities.7:1044
msgid ""
"In the pre-2.6.25 implementation the system-wide capability bounding set, I</"
"proc/sys/kernel/cap-bound>, always masks out this capability, and this can "
"い。"
#. type: Plain text
-#: build/C/man7/capabilities.7:943
+#: build/C/man7/capabilities.7:1050
msgid ""
"If file capabilities are disabled in the current implementation, then "
"B<init> starts out with this capability removed from its per-process "
"上で生成される他の全てのプロセスでこのバウンディングセットが 継承される。"
#. type: Plain text
-#: build/C/man7/capabilities.7:959
+#: build/C/man7/capabilities.7:1067
+#, fuzzy
+#| msgid ""
+#| "B<capget>(2), B<prctl>(2), B<setfsuid>(2), B<cap_clear>(3), "
+#| "B<cap_copy_ext>(3), B<cap_from_text>(3), B<cap_get_file>(3), "
+#| "B<cap_get_proc>(3), B<cap_init>(3), B<capgetp>(3), B<capsetp>(3), "
+#| "B<credentials>(7), B<pthreads>(7), B<getcap>(8), B<setcap>(8)"
msgid ""
"B<capget>(2), B<prctl>(2), B<setfsuid>(2), B<cap_clear>(3), B<cap_copy_ext>"
"(3), B<cap_from_text>(3), B<cap_get_file>(3), B<cap_get_proc>(3), B<cap_init>"
-"(3), B<capgetp>(3), B<capsetp>(3), B<credentials>(7), B<pthreads>(7), "
-"B<getcap>(8), B<setcap>(8)"
+"(3), B<capgetp>(3), B<capsetp>(3), B<libcap>(3), B<credentials>(7), "
+"B<pthreads>(7), B<getcap>(8), B<setcap>(8)"
msgstr ""
"B<capget>(2), B<prctl>(2), B<setfsuid>(2), B<cap_clear>(3), B<cap_copy_ext>"
"(3), B<cap_from_text>(3), B<cap_get_file>(3), B<cap_get_proc>(3), B<cap_init>"
"B<getcap>(8), B<setcap>(8)"
#. type: Plain text
-#: build/C/man7/capabilities.7:962
-msgid "I<include/linux/capability.h> in the kernel source"
+#: build/C/man7/capabilities.7:1071
+#, fuzzy
+#| msgid "I<include/linux/capability.h> in the kernel source"
+msgid ""
+"Comments on the purposes of various capabilities in I<include/linux/"
+"capability.h> in the kernel source"
msgstr "カーネルソース内の I<include/linux/capability.h>"
#. type: TH
msgid "B<bash>(1), B<getrlimit>(2), B<setrlimit>(2), B<sysconf>(3)"
msgstr "B<bash>(1), B<getrlimit>(2), B<setrlimit>(2), B<sysconf>(3)"
+#, fuzzy
+#~| msgid "2010-09-20"
+#~ msgid "2011-10-04"
+#~ msgstr "2010-09-20"
+
+#~ msgid ""
+#~ "Perform various network-related operations (e.g., setting privileged "
+#~ "socket options, enabling multicasting, interface configuration, modifying "
+#~ "routing tables)."
+#~ msgstr ""
+#~ "各種のネットワーク関連の操作を実行する。 (例えば、特権が必要なソケットオプ"
+#~ "ションを設定する、マルチキャストを有効にする、 インターフェースを設定す"
+#~ "る、ルーティングテーブルを変更するなど)"
+
+#~ msgid "Use B<vhangup>(2)."
+#~ msgstr "B<vhangup>(2) を呼び出す。"
+
#~ msgid "2010-06-19"
#~ msgstr "2010-06-19"