msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2013-07-15 16:08+0900\n"
-"PO-Revision-Date: 2013-07-15 16:36+0900\n"
+"POT-Creation-Date: 2014-04-17 13:14+0900\n"
+"PO-Revision-Date: 2014-04-14 08:53+0900\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Language: \n"
#: build/C/man2/getrusage.2:48 build/C/man2/getsid.2:50
#: build/C/man2/getuid.2:37 build/C/man2/iopl.2:40
#: build/C/man2/ioprio_set.2:35 build/C/man2/ipc.2:34
-#: build/C/man2/seteuid.2:53 build/C/man2/setfsgid.2:39
-#: build/C/man2/setfsuid.2:39 build/C/man2/setgid.2:38
-#: build/C/man2/setpgid.2:98 build/C/man2/setresuid.2:37
+#: build/C/man2/seteuid.2:53 build/C/man2/setfsgid.2:38
+#: build/C/man2/setfsuid.2:38 build/C/man2/setgid.2:38
+#: build/C/man2/setpgid.2:100 build/C/man2/setresuid.2:37
#: build/C/man2/setreuid.2:70 build/C/man2/setsid.2:40
#: build/C/man2/setuid.2:39 build/C/man7/svipc.7:49 build/C/man3/ulimit.3:34
#, no-wrap
#: build/C/man2/getresuid.2:50 build/C/man2/getrlimit.2:430
#: build/C/man2/getrusage.2:181 build/C/man2/getsid.2:58
#: build/C/man2/iopl.2:66 build/C/man2/ioprio_set.2:149
-#: build/C/man2/seteuid.2:67 build/C/man2/setfsgid.2:69
-#: build/C/man2/setfsuid.2:69 build/C/man2/setgid.2:53
-#: build/C/man2/setpgid.2:172 build/C/man2/setresuid.2:64
-#: build/C/man2/setreuid.2:91 build/C/man2/setsid.2:51
+#: build/C/man2/seteuid.2:67 build/C/man2/setfsgid.2:68
+#: build/C/man2/setfsuid.2:68 build/C/man2/setgid.2:53
+#: build/C/man2/setpgid.2:195 build/C/man2/setresuid.2:64
+#: build/C/man2/setreuid.2:93 build/C/man2/setsid.2:51
#: build/C/man2/setuid.2:70 build/C/man3/ulimit.3:67
#, no-wrap
msgid "RETURN VALUE"
#: build/C/man2/acct.2:65 build/C/man2/capget.2:165
#: build/C/man2/getresuid.2:55 build/C/man2/getrusage.2:186
#: build/C/man2/iopl.2:71 build/C/man2/seteuid.2:72 build/C/man2/setgid.2:58
-#: build/C/man2/setresuid.2:69 build/C/man2/setreuid.2:96
+#: build/C/man2/setresuid.2:69 build/C/man2/setreuid.2:98
#: build/C/man2/setuid.2:75
msgid ""
"On success, zero is returned. On error, -1 is returned, and I<errno> is set "
#: build/C/man2/getrusage.2:186 build/C/man2/getsid.2:63
#: build/C/man2/getuid.2:43 build/C/man2/iopl.2:71
#: build/C/man2/ioprio_set.2:169 build/C/man2/seteuid.2:72
-#: build/C/man2/setgid.2:58 build/C/man2/setpgid.2:193
-#: build/C/man2/setresuid.2:69 build/C/man2/setreuid.2:96
+#: build/C/man2/setgid.2:58 build/C/man2/setpgid.2:216
+#: build/C/man2/setresuid.2:69 build/C/man2/setreuid.2:98
#: build/C/man2/setsid.2:58 build/C/man2/setuid.2:75 build/C/man3/ulimit.3:74
#, no-wrap
msgid "ERRORS"
#: build/C/man2/acct.2:66 build/C/man7/cpuset.7:1116
#: build/C/man7/cpuset.7:1123 build/C/man7/cpuset.7:1129
#: build/C/man7/cpuset.7:1137 build/C/man7/cpuset.7:1144
-#: build/C/man2/getpriority.2:140 build/C/man2/setpgid.2:194
+#: build/C/man2/getpriority.2:140 build/C/man2/setpgid.2:217
#, no-wrap
msgid "B<EACCES>"
msgstr "B<EACCES>"
#: build/C/man2/getpriority.2:152 build/C/man2/getrlimit.2:452
#: build/C/man2/getsid.2:64 build/C/man2/iopl.2:79
#: build/C/man2/ioprio_set.2:179 build/C/man2/seteuid.2:75
-#: build/C/man2/setgid.2:59 build/C/man2/setpgid.2:208
-#: build/C/man2/setresuid.2:77 build/C/man2/setreuid.2:97
+#: build/C/man2/setgid.2:59 build/C/man2/setpgid.2:231
+#: build/C/man2/setresuid.2:77 build/C/man2/setreuid.2:99
#: build/C/man2/setsid.2:59 build/C/man2/setuid.2:85 build/C/man3/ulimit.3:75
#, no-wrap
msgid "B<EPERM>"
#. type: Plain text
#: build/C/man2/acct.2:127
-msgid "I<filename> refers to a file on a read-only file system."
+msgid "I<filename> refers to a file on a read-only filesystem."
msgstr ""
"読み込みだけのファイルシステム上のファイルを I<filename> が参照している。"
#. type: SH
#: build/C/man2/acct.2:130 build/C/man5/acct.5:153
-#: build/C/man7/capabilities.7:1070 build/C/man2/capget.2:218
-#: build/C/man7/credentials.7:234 build/C/man2/getgid.2:44
+#: build/C/man7/capabilities.7:1079 build/C/man2/capget.2:218
+#: build/C/man7/credentials.7:286 build/C/man2/getgid.2:44
#: build/C/man2/getgroups.2:133 build/C/man2/getpid.2:46
#: build/C/man2/getpriority.2:160 build/C/man2/getresuid.2:67
#: build/C/man2/getrlimit.2:473 build/C/man2/getrusage.2:195
#: build/C/man2/getsid.2:79 build/C/man2/getuid.2:45 build/C/man2/iopl.2:87
#: build/C/man2/ioprio_set.2:196 build/C/man2/ipc.2:45
-#: build/C/man2/seteuid.2:91 build/C/man2/setfsgid.2:80
-#: build/C/man2/setfsuid.2:80 build/C/man2/setgid.2:66
-#: build/C/man2/setpgid.2:227 build/C/man2/setresuid.2:83
-#: build/C/man2/setreuid.2:113 build/C/man2/setsid.2:65
+#: build/C/man2/seteuid.2:91 build/C/man2/setfsgid.2:75
+#: build/C/man2/setfsuid.2:75 build/C/man2/setgid.2:66
+#: build/C/man2/setpgid.2:250 build/C/man2/setresuid.2:83
+#: build/C/man2/setreuid.2:115 build/C/man2/setsid.2:65
#: build/C/man2/setuid.2:92 build/C/man3/ulimit.3:78
#, no-wrap
msgid "CONFORMING TO"
#. type: SH
#: build/C/man2/acct.2:137 build/C/man5/acct.5:157
-#: build/C/man7/capabilities.7:1076 build/C/man2/capget.2:220
-#: build/C/man7/cpuset.7:1341 build/C/man7/credentials.7:240
+#: build/C/man7/capabilities.7:1085 build/C/man2/capget.2:220
+#: build/C/man7/cpuset.7:1341 build/C/man7/credentials.7:292
#: build/C/man2/getgid.2:46 build/C/man2/getgroups.2:141
#: build/C/man2/getpid.2:48 build/C/man2/getpriority.2:163
#: build/C/man2/getresuid.2:70 build/C/man2/getrlimit.2:496
#: build/C/man2/getrusage.2:206 build/C/man2/getsid.2:81
#: build/C/man2/getuid.2:47 build/C/man2/iopl.2:91
#: build/C/man2/ioprio_set.2:198 build/C/man2/ipc.2:49
-#: build/C/man2/seteuid.2:93 build/C/man2/setfsgid.2:84
-#: build/C/man2/setfsuid.2:84 build/C/man2/setgid.2:68
-#: build/C/man2/setpgid.2:249 build/C/man2/setresuid.2:86
-#: build/C/man2/setreuid.2:119 build/C/man2/setsid.2:67
+#: build/C/man2/seteuid.2:93 build/C/man2/setfsgid.2:79
+#: build/C/man2/setfsuid.2:79 build/C/man2/setgid.2:68
+#: build/C/man2/setpgid.2:272 build/C/man2/setresuid.2:86
+#: build/C/man2/setreuid.2:121 build/C/man2/setsid.2:67
#: build/C/man2/setuid.2:97
#, no-wrap
msgid "NOTES"
#. type: SH
#: build/C/man2/acct.2:143 build/C/man5/acct.5:174
-#: build/C/man7/capabilities.7:1132 build/C/man2/capget.2:228
-#: build/C/man7/cpuset.7:1488 build/C/man7/credentials.7:251
-#: build/C/man2/getgid.2:62 build/C/man2/getgroups.2:171
+#: build/C/man7/capabilities.7:1141 build/C/man2/capget.2:228
+#: build/C/man7/cpuset.7:1488 build/C/man7/credentials.7:303
+#: build/C/man2/getgid.2:62 build/C/man2/getgroups.2:178
#: build/C/man2/getpid.2:100 build/C/man2/getpriority.2:232
-#: build/C/man2/getresuid.2:86 build/C/man2/getrlimit.2:656
+#: build/C/man2/getresuid.2:86 build/C/man2/getrlimit.2:661
#: build/C/man2/getrusage.2:246 build/C/man2/getsid.2:84
#: build/C/man2/getuid.2:73 build/C/man2/iopl.2:100
#: build/C/man2/ioprio_set.2:346 build/C/man2/ipc.2:57
-#: build/C/man2/seteuid.2:124 build/C/man2/setfsgid.2:112
-#: build/C/man2/setfsuid.2:112 build/C/man2/setgid.2:78
-#: build/C/man2/setpgid.2:317 build/C/man2/setresuid.2:106
-#: build/C/man2/setreuid.2:159 build/C/man2/setsid.2:84
+#: build/C/man2/seteuid.2:124 build/C/man2/setfsgid.2:123
+#: build/C/man2/setfsuid.2:131 build/C/man2/setgid.2:78
+#: build/C/man2/setpgid.2:340 build/C/man2/setresuid.2:106
+#: build/C/man2/setreuid.2:161 build/C/man2/setsid.2:84
#: build/C/man2/setuid.2:120 build/C/man7/svipc.7:331 build/C/man3/ulimit.3:83
#, no-wrap
msgid "SEE ALSO"
#. type: SH
#: build/C/man2/acct.2:145 build/C/man5/acct.5:179
-#: build/C/man7/capabilities.7:1152 build/C/man2/capget.2:232
-#: build/C/man7/cpuset.7:1505 build/C/man7/credentials.7:282
-#: build/C/man2/getgid.2:67 build/C/man2/getgroups.2:178
+#: build/C/man7/capabilities.7:1161 build/C/man2/capget.2:232
+#: build/C/man7/cpuset.7:1505 build/C/man7/credentials.7:335
+#: build/C/man2/getgid.2:67 build/C/man2/getgroups.2:185
#: build/C/man2/getpid.2:110 build/C/man2/getpriority.2:240
-#: build/C/man2/getresuid.2:92 build/C/man2/getrlimit.2:674
+#: build/C/man2/getresuid.2:92 build/C/man2/getrlimit.2:679
#: build/C/man2/getrusage.2:253 build/C/man2/getsid.2:88
#: build/C/man2/getuid.2:78 build/C/man2/iopl.2:104
#: build/C/man2/ioprio_set.2:354 build/C/man2/ipc.2:70
-#: build/C/man2/seteuid.2:131 build/C/man2/setfsgid.2:117
-#: build/C/man2/setfsuid.2:117 build/C/man2/setgid.2:84
-#: build/C/man2/setpgid.2:324 build/C/man2/setresuid.2:115
-#: build/C/man2/setreuid.2:167 build/C/man2/setsid.2:91
+#: build/C/man2/seteuid.2:131 build/C/man2/setfsgid.2:128
+#: build/C/man2/setfsuid.2:136 build/C/man2/setgid.2:84
+#: build/C/man2/setpgid.2:347 build/C/man2/setresuid.2:115
+#: build/C/man2/setreuid.2:169 build/C/man2/setsid.2:91
#: build/C/man2/setuid.2:127 build/C/man7/svipc.7:348 build/C/man3/ulimit.3:88
#, no-wrap
msgid "COLOPHON"
#. type: Plain text
#: build/C/man2/acct.2:152 build/C/man5/acct.5:186
-#: build/C/man7/capabilities.7:1159 build/C/man2/capget.2:239
-#: build/C/man7/cpuset.7:1512 build/C/man7/credentials.7:289
-#: build/C/man2/getgid.2:74 build/C/man2/getgroups.2:185
+#: build/C/man7/capabilities.7:1168 build/C/man2/capget.2:239
+#: build/C/man7/cpuset.7:1512 build/C/man7/credentials.7:342
+#: build/C/man2/getgid.2:74 build/C/man2/getgroups.2:192
#: build/C/man2/getpid.2:117 build/C/man2/getpriority.2:247
-#: build/C/man2/getresuid.2:99 build/C/man2/getrlimit.2:681
+#: build/C/man2/getresuid.2:99 build/C/man2/getrlimit.2:686
#: build/C/man2/getrusage.2:260 build/C/man2/getsid.2:95
#: build/C/man2/getuid.2:85 build/C/man2/iopl.2:111
#: build/C/man2/ioprio_set.2:361 build/C/man2/ipc.2:77
-#: build/C/man2/seteuid.2:138 build/C/man2/setfsgid.2:124
-#: build/C/man2/setfsuid.2:124 build/C/man2/setgid.2:91
-#: build/C/man2/setpgid.2:331 build/C/man2/setresuid.2:122
-#: build/C/man2/setreuid.2:174 build/C/man2/setsid.2:98
+#: build/C/man2/seteuid.2:138 build/C/man2/setfsgid.2:135
+#: build/C/man2/setfsuid.2:143 build/C/man2/setgid.2:91
+#: build/C/man2/setpgid.2:354 build/C/man2/setresuid.2:122
+#: build/C/man2/setreuid.2:176 build/C/man2/setsid.2:98
#: build/C/man2/setuid.2:134 build/C/man7/svipc.7:355 build/C/man3/ulimit.3:95
+#, fuzzy
+#| msgid ""
+#| "This page is part of release 3.63 of the Linux I<man-pages> project. A "
+#| "description of the project, and information about reporting bugs, can be "
+#| "found at \\%http://www.kernel.org/doc/man-pages/."
msgid ""
-"This page is part of release 3.52 of the Linux I<man-pages> project. A "
+"This page is part of release 3.64 of the Linux I<man-pages> project. A "
"description of the project, and information about reporting bugs, can be "
"found at \\%http://www.kernel.org/doc/man-pages/."
msgstr ""
-"この man ページは Linux I<man-pages> プロジェクトのリリース 3.52 の一部\n"
+"この man ページは Linux I<man-pages> プロジェクトのリリース 3.63 の一部\n"
"である。プロジェクトの説明とバグ報告に関する情報は\n"
"http://www.kernel.org/doc/man-pages/ に書かれている。"
#: build/C/man5/acct.5:149 build/C/man7/cpuset.7:1338
#: build/C/man2/getresuid.2:60 build/C/man2/getrlimit.2:468
#: build/C/man2/getsid.2:75 build/C/man2/ioprio_set.2:193
-#: build/C/man2/setfsgid.2:76 build/C/man2/setfsuid.2:76
+#: build/C/man2/setfsgid.2:71 build/C/man2/setfsuid.2:71
#: build/C/man2/setresuid.2:81
#, no-wrap
msgid "VERSIONS"
#. type: TH
#: build/C/man7/capabilities.7:48
#, no-wrap
-msgid "2013-04-17"
-msgstr "2013-04-17"
+msgid "2013-09-27"
+msgstr "2013-09-27"
#. type: Plain text
#: build/C/man7/capabilities.7:51
msgid "B<CAP_DAC_READ_SEARCH>"
msgstr "B<CAP_DAC_READ_SEARCH>"
+#. type: IP
+#: build/C/man7/capabilities.7:98 build/C/man7/capabilities.7:101
+#: build/C/man7/capabilities.7:111 build/C/man7/capabilities.7:121
+#: build/C/man7/capabilities.7:125 build/C/man7/capabilities.7:127
+#: build/C/man7/capabilities.7:129 build/C/man7/capabilities.7:199
+#: build/C/man7/capabilities.7:201 build/C/man7/capabilities.7:203
+#: build/C/man7/capabilities.7:205 build/C/man7/capabilities.7:207
+#: build/C/man7/capabilities.7:209 build/C/man7/capabilities.7:211
+#: build/C/man7/capabilities.7:213 build/C/man7/capabilities.7:215
+#: build/C/man7/capabilities.7:239 build/C/man7/capabilities.7:241
+#: build/C/man7/capabilities.7:287 build/C/man7/capabilities.7:297
+#: build/C/man7/capabilities.7:303 build/C/man7/capabilities.7:308
+#: build/C/man7/capabilities.7:314 build/C/man7/capabilities.7:321
+#: build/C/man7/capabilities.7:324 build/C/man7/capabilities.7:332
+#: build/C/man7/capabilities.7:334 build/C/man7/capabilities.7:343
+#: build/C/man7/capabilities.7:350 build/C/man7/capabilities.7:353
+#: build/C/man7/capabilities.7:357 build/C/man7/capabilities.7:360
+#: build/C/man7/capabilities.7:363 build/C/man7/capabilities.7:370
+#: build/C/man7/capabilities.7:375 build/C/man7/capabilities.7:381
+#: build/C/man7/capabilities.7:385 build/C/man7/capabilities.7:389
+#: build/C/man7/capabilities.7:393 build/C/man7/capabilities.7:397
+#: build/C/man7/capabilities.7:424 build/C/man7/capabilities.7:429
+#: build/C/man7/capabilities.7:434 build/C/man7/capabilities.7:437
+#: build/C/man7/capabilities.7:440 build/C/man7/capabilities.7:449
+#: build/C/man7/capabilities.7:453 build/C/man7/capabilities.7:479
+#: build/C/man7/capabilities.7:484 build/C/man7/capabilities.7:487
+#: build/C/man7/capabilities.7:492 build/C/man7/capabilities.7:495
+#: build/C/man7/capabilities.7:498 build/C/man7/capabilities.7:501
+#: build/C/man7/capabilities.7:504 build/C/man7/capabilities.7:509
+#: build/C/man7/capabilities.7:511 build/C/man7/capabilities.7:517
+#: build/C/man7/capabilities.7:525 build/C/man7/capabilities.7:527
+#: build/C/man7/capabilities.7:531 build/C/man7/capabilities.7:533
+#: build/C/man7/capabilities.7:536 build/C/man7/capabilities.7:540
+#: build/C/man7/capabilities.7:542 build/C/man7/capabilities.7:544
+#: build/C/man7/capabilities.7:546 build/C/man7/capabilities.7:555
+#: build/C/man7/capabilities.7:562 build/C/man7/capabilities.7:567
+#: build/C/man7/capabilities.7:572 build/C/man7/capabilities.7:577
+#: build/C/man7/capabilities.7:600 build/C/man7/capabilities.7:607
+#: build/C/man7/capabilities.7:806 build/C/man7/capabilities.7:814
+#: build/C/man7/capabilities.7:1130 build/C/man7/capabilities.7:1135
+#: build/C/man7/cpuset.7:540 build/C/man7/cpuset.7:545
+#: build/C/man7/cpuset.7:550 build/C/man7/cpuset.7:726
+#: build/C/man7/cpuset.7:730 build/C/man7/cpuset.7:927
+#: build/C/man7/cpuset.7:930 build/C/man7/cpuset.7:934
+#: build/C/man7/cpuset.7:938 build/C/man7/cpuset.7:942
+#: build/C/man7/credentials.7:177 build/C/man7/credentials.7:183
+#: build/C/man7/credentials.7:195 build/C/man7/credentials.7:217
+#: build/C/man7/credentials.7:234 build/C/man7/credentials.7:266
+#: build/C/man7/credentials.7:269 build/C/man7/credentials.7:279
+#: build/C/man7/credentials.7:282
+#, no-wrap
+msgid "*"
+msgstr "*"
+
#. type: Plain text
-#: build/C/man7/capabilities.7:98
+#: build/C/man7/capabilities.7:101
msgid ""
"Bypass file read permission checks and directory read and execute permission "
-"checks."
+"checks;"
msgstr ""
"ファイルの読み出し権限のチェックとディレクトリの読み出しと実行 の権限チェック"
"をバイパスする。"
+#. type: Plain text
+#: build/C/man7/capabilities.7:104
+msgid "Invoke B<open_by_handle_at>(2)."
+msgstr "B<open_by_handle_at>(2) を起動する。"
+
#. type: TP
-#: build/C/man7/capabilities.7:98
+#: build/C/man7/capabilities.7:107
#, no-wrap
msgid "B<CAP_FOWNER>"
msgstr "B<CAP_FOWNER>"
-#. type: IP
-#: build/C/man7/capabilities.7:102 build/C/man7/capabilities.7:112
-#: build/C/man7/capabilities.7:116 build/C/man7/capabilities.7:118
-#: build/C/man7/capabilities.7:120 build/C/man7/capabilities.7:190
-#: build/C/man7/capabilities.7:192 build/C/man7/capabilities.7:194
-#: build/C/man7/capabilities.7:196 build/C/man7/capabilities.7:198
-#: build/C/man7/capabilities.7:200 build/C/man7/capabilities.7:202
-#: build/C/man7/capabilities.7:204 build/C/man7/capabilities.7:206
-#: build/C/man7/capabilities.7:230 build/C/man7/capabilities.7:232
-#: build/C/man7/capabilities.7:278 build/C/man7/capabilities.7:288
-#: build/C/man7/capabilities.7:294 build/C/man7/capabilities.7:299
-#: build/C/man7/capabilities.7:305 build/C/man7/capabilities.7:312
-#: build/C/man7/capabilities.7:315 build/C/man7/capabilities.7:323
-#: build/C/man7/capabilities.7:325 build/C/man7/capabilities.7:334
-#: build/C/man7/capabilities.7:341 build/C/man7/capabilities.7:344
-#: build/C/man7/capabilities.7:348 build/C/man7/capabilities.7:351
-#: build/C/man7/capabilities.7:354 build/C/man7/capabilities.7:361
-#: build/C/man7/capabilities.7:366 build/C/man7/capabilities.7:372
-#: build/C/man7/capabilities.7:376 build/C/man7/capabilities.7:380
-#: build/C/man7/capabilities.7:384 build/C/man7/capabilities.7:388
-#: build/C/man7/capabilities.7:415 build/C/man7/capabilities.7:420
-#: build/C/man7/capabilities.7:425 build/C/man7/capabilities.7:428
-#: build/C/man7/capabilities.7:431 build/C/man7/capabilities.7:440
-#: build/C/man7/capabilities.7:444 build/C/man7/capabilities.7:470
-#: build/C/man7/capabilities.7:475 build/C/man7/capabilities.7:478
-#: build/C/man7/capabilities.7:483 build/C/man7/capabilities.7:486
-#: build/C/man7/capabilities.7:489 build/C/man7/capabilities.7:492
-#: build/C/man7/capabilities.7:495 build/C/man7/capabilities.7:500
-#: build/C/man7/capabilities.7:502 build/C/man7/capabilities.7:508
-#: build/C/man7/capabilities.7:516 build/C/man7/capabilities.7:518
-#: build/C/man7/capabilities.7:522 build/C/man7/capabilities.7:524
-#: build/C/man7/capabilities.7:527 build/C/man7/capabilities.7:531
-#: build/C/man7/capabilities.7:533 build/C/man7/capabilities.7:535
-#: build/C/man7/capabilities.7:537 build/C/man7/capabilities.7:546
-#: build/C/man7/capabilities.7:553 build/C/man7/capabilities.7:558
-#: build/C/man7/capabilities.7:563 build/C/man7/capabilities.7:568
-#: build/C/man7/capabilities.7:591 build/C/man7/capabilities.7:598
-#: build/C/man7/capabilities.7:797 build/C/man7/capabilities.7:805
-#: build/C/man7/capabilities.7:1121 build/C/man7/capabilities.7:1126
-#: build/C/man7/cpuset.7:540 build/C/man7/cpuset.7:545
-#: build/C/man7/cpuset.7:550 build/C/man7/cpuset.7:726
-#: build/C/man7/cpuset.7:730 build/C/man7/cpuset.7:927
-#: build/C/man7/cpuset.7:930 build/C/man7/cpuset.7:934
-#: build/C/man7/cpuset.7:938 build/C/man7/cpuset.7:942
-#: build/C/man7/credentials.7:125 build/C/man7/credentials.7:131
-#: build/C/man7/credentials.7:143 build/C/man7/credentials.7:165
-#: build/C/man7/credentials.7:182 build/C/man7/credentials.7:214
-#: build/C/man7/credentials.7:217 build/C/man7/credentials.7:227
-#: build/C/man7/credentials.7:230
-#, no-wrap
-msgid "*"
-msgstr "*"
-
#. type: Plain text
-#: build/C/man7/capabilities.7:112
+#: build/C/man7/capabilities.7:121
msgid ""
-"Bypass permission checks on operations that normally require the file system "
+"Bypass permission checks on operations that normally require the filesystem "
"UID of the process to match the UID of the file (e.g., B<chmod>(2), B<utime>"
"(2)), excluding those operations covered by B<CAP_DAC_OVERRIDE> and "
"B<CAP_DAC_READ_SEARCH>;"
"われる操作は除く。"
#. type: Plain text
-#: build/C/man7/capabilities.7:116
+#: build/C/man7/capabilities.7:125
msgid "set extended file attributes (see B<chattr>(1)) on arbitrary files;"
msgstr ""
"任意のファイルに対して拡張ファイル属性を設定する (B<chattr>(1) 参照)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:118
+#: build/C/man7/capabilities.7:127
msgid "set Access Control Lists (ACLs) on arbitrary files;"
msgstr "任意のファイルに対してアクセス制御リスト (ACL) を設定する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:120
+#: build/C/man7/capabilities.7:129
msgid "ignore directory sticky bit on file deletion;"
msgstr "ファイルの削除の際にディレクトリのスティッキービットを無視する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:127
+#: build/C/man7/capabilities.7:136
msgid ""
"specify B<O_NOATIME> for arbitrary files in B<open>(2) and B<fcntl>(2)."
msgstr ""
"る。"
#. type: TP
-#: build/C/man7/capabilities.7:129
+#: build/C/man7/capabilities.7:138
#, no-wrap
msgid "B<CAP_FSETID>"
msgstr "B<CAP_FSETID>"
#. type: Plain text
-#: build/C/man7/capabilities.7:135
+#: build/C/man7/capabilities.7:144
msgid ""
"Don't clear set-user-ID and set-group-ID permission bits when a file is "
"modified; set the set-group-ID bit for a file whose GID does not match the "
-"file system or any of the supplementary GIDs of the calling process."
+"filesystem or any of the supplementary GIDs of the calling process."
msgstr ""
"ファイルが変更されたときに set-user-ID とset-group-ID の許可ビットをクリア し"
"ない。呼び出し元プロセスのファイルシステム GID と追加の GID のいずれとも GID "
"が一致しないファイルに対して set-group-ID ビットを設定する。"
#. type: TP
-#: build/C/man7/capabilities.7:135
+#: build/C/man7/capabilities.7:144
#, no-wrap
msgid "B<CAP_IPC_LOCK>"
msgstr "B<CAP_IPC_LOCK>"
#. FIXME As at Linux 3.2, there are some strange uses of this capability
#. in other places; they probably should be replaced with something else.
#. type: Plain text
-#: build/C/man7/capabilities.7:144
+#: build/C/man7/capabilities.7:153
msgid "Lock memory (B<mlock>(2), B<mlockall>(2), B<mmap>(2), B<shmctl>(2))."
msgstr ""
"メモリーのロック (B<mlock>(2), B<mlockall>(2), B<mmap>(2), B<shmctl>(2)) を"
"行う。"
#. type: TP
-#: build/C/man7/capabilities.7:144
+#: build/C/man7/capabilities.7:153
#, no-wrap
msgid "B<CAP_IPC_OWNER>"
msgstr "B<CAP_IPC_OWNER>"
#. type: Plain text
-#: build/C/man7/capabilities.7:147
+#: build/C/man7/capabilities.7:156
msgid "Bypass permission checks for operations on System V IPC objects."
msgstr ""
"System V IPC オブジェクトに対する操作に関して権限チェックをバイパスする。"
#. type: TP
-#: build/C/man7/capabilities.7:147
+#: build/C/man7/capabilities.7:156
#, no-wrap
msgid "B<CAP_KILL>"
msgstr "B<CAP_KILL>"
#. if the child does an exec(). What is the rationale
#. for this?
#. type: Plain text
-#: build/C/man7/capabilities.7:160
+#: build/C/man7/capabilities.7:169
msgid ""
"Bypass permission checks for sending signals (see B<kill>(2)). This "
"includes use of the B<ioctl>(2) B<KDSIGACCEPT> operation."
"は B<ioctl>(2) の B<KDSIGACCEPT> 操作の使用も含まれる。"
#. type: TP
-#: build/C/man7/capabilities.7:160
+#: build/C/man7/capabilities.7:169
#, no-wrap
msgid "B<CAP_LEASE> (since Linux 2.4)"
msgstr "B<CAP_LEASE> (Linux 2.4 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:164
+#: build/C/man7/capabilities.7:173
msgid "Establish leases on arbitrary files (see B<fcntl>(2))."
msgstr "任意のファイルに対して ファイルリースを設定する (B<fcntl>(2) 参照)。"
#. type: TP
-#: build/C/man7/capabilities.7:164
+#: build/C/man7/capabilities.7:173
#, no-wrap
msgid "B<CAP_LINUX_IMMUTABLE>"
msgstr "B<CAP_LINUX_IMMUTABLE>"
#. These attributes are now available on ext2, ext3, Reiserfs, XFS, JFS
#. type: Plain text
-#: build/C/man7/capabilities.7:173
+#: build/C/man7/capabilities.7:182
msgid ""
"Set the B<FS_APPEND_FL> and B<FS_IMMUTABLE_FL> i-node flags (see B<chattr>"
"(1))."
"(1) 参照)。"
#. type: TP
-#: build/C/man7/capabilities.7:173
+#: build/C/man7/capabilities.7:182
#, no-wrap
msgid "B<CAP_MAC_ADMIN> (since Linux 2.6.25)"
msgstr "B<CAP_MAC_ADMIN> (Linux 2.6.25 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:177
+#: build/C/man7/capabilities.7:186
msgid ""
"Override Mandatory Access Control (MAC). Implemented for the Smack Linux "
"Security Module (LSM)."
"実装されている。"
#. type: TP
-#: build/C/man7/capabilities.7:177
+#: build/C/man7/capabilities.7:186
#, no-wrap
msgid "B<CAP_MAC_OVERRIDE> (since Linux 2.6.25)"
msgstr "B<CAP_MAC_OVERRIDE> (Linux 2.6.25 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:181
+#: build/C/man7/capabilities.7:190
msgid ""
"Allow MAC configuration or state changes. Implemented for the Smack LSM."
msgstr "MAC の設定や状態を変更する。 Smack LSM 用に実装されている。"
#. type: TP
-#: build/C/man7/capabilities.7:181
+#: build/C/man7/capabilities.7:190
#, no-wrap
msgid "B<CAP_MKNOD> (since Linux 2.4)"
msgstr "B<CAP_MKNOD> (Linux 2.4 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:185
+#: build/C/man7/capabilities.7:194
msgid "Create special files using B<mknod>(2)."
msgstr ""
"(Linux 2.4 以降) B<mknod>(2) を使用してスペシャルファイルを作成する。"
#. type: TP
-#: build/C/man7/capabilities.7:185
+#: build/C/man7/capabilities.7:194
#, no-wrap
msgid "B<CAP_NET_ADMIN>"
msgstr "B<CAP_NET_ADMIN>"
#. type: Plain text
-#: build/C/man7/capabilities.7:188
+#: build/C/man7/capabilities.7:197
msgid "Perform various network-related operations:"
msgstr "各種のネットワーク関係の操作を実行する:"
#. type: Plain text
-#: build/C/man7/capabilities.7:192
+#: build/C/man7/capabilities.7:201
msgid "interface configuration;"
msgstr "インターフェースの設定"
#. type: Plain text
-#: build/C/man7/capabilities.7:194
+#: build/C/man7/capabilities.7:203
msgid "administration of IP firewall, masquerading, and accounting;"
msgstr "IP のファイアウォール、マスカレード、アカウンティング"
#. type: Plain text
-#: build/C/man7/capabilities.7:196
+#: build/C/man7/capabilities.7:205
msgid "modify routing tables;"
msgstr "ルーティングテーブルの変更"
#. type: Plain text
-#: build/C/man7/capabilities.7:198
+#: build/C/man7/capabilities.7:207
msgid "bind to any address for transparent proxying;"
msgstr "透過的プロキシでの任意のアドレスの割り当て (bind)"
#. type: Plain text
-#: build/C/man7/capabilities.7:200
+#: build/C/man7/capabilities.7:209
msgid "set type-of-service (TOS)"
msgstr "サービス種別 (type-of-service; TOS) のセット"
#. type: Plain text
-#: build/C/man7/capabilities.7:202
+#: build/C/man7/capabilities.7:211
msgid "clear driver statistics;"
msgstr "ドライバの統計情報のクリア"
#. type: Plain text
-#: build/C/man7/capabilities.7:204
+#: build/C/man7/capabilities.7:213
msgid "set promiscuous mode;"
msgstr "promiscuous モードをセットする"
#. type: Plain text
-#: build/C/man7/capabilities.7:206
+#: build/C/man7/capabilities.7:215
msgid "enabling multicasting;"
msgstr "マルチキャストを有効にする"
#. type: Plain text
-#: build/C/man7/capabilities.7:217
+#: build/C/man7/capabilities.7:226
msgid ""
"use B<setsockopt>(2) to set the following socket options: B<SO_DEBUG>, "
"B<SO_MARK>, B<SO_PRIORITY> (for a priority outside the range 0 to 6), "
"B<SO_RCVBUFFORCE>, and B<SO_SNDBUFFORCE>"
#. type: TP
-#: build/C/man7/capabilities.7:219
+#: build/C/man7/capabilities.7:228
#, no-wrap
msgid "B<CAP_NET_BIND_SERVICE>"
msgstr "B<CAP_NET_BIND_SERVICE>"
#. type: Plain text
-#: build/C/man7/capabilities.7:223
+#: build/C/man7/capabilities.7:232
msgid ""
"Bind a socket to Internet domain privileged ports (port numbers less than "
"1024)."
"る。"
#. type: TP
-#: build/C/man7/capabilities.7:223
+#: build/C/man7/capabilities.7:232
#, no-wrap
msgid "B<CAP_NET_BROADCAST>"
msgstr "B<CAP_NET_BROADCAST>"
#. type: Plain text
-#: build/C/man7/capabilities.7:226
+#: build/C/man7/capabilities.7:235
msgid "(Unused) Make socket broadcasts, and listen to multicasts."
msgstr ""
"(未使用) ソケットのブロードキャストと、マルチキャストの待ち受けを行う。"
#. type: TP
-#: build/C/man7/capabilities.7:226
+#: build/C/man7/capabilities.7:235
#, no-wrap
msgid "B<CAP_NET_RAW>"
msgstr "B<CAP_NET_RAW>"
#. type: Plain text
-#: build/C/man7/capabilities.7:232
+#: build/C/man7/capabilities.7:241
msgid "use RAW and PACKET sockets;"
msgstr "RAW ソケットと PACKET ソケットを使用する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:234
+#: build/C/man7/capabilities.7:243
msgid "bind to any address for transparent proxying."
msgstr "透過的プロキシでの任意のアドレスの割り当て (bind)"
#. type: TP
-#: build/C/man7/capabilities.7:237
+#: build/C/man7/capabilities.7:246
#, no-wrap
msgid "B<CAP_SETGID>"
msgstr "B<CAP_SETGID>"
#. type: Plain text
-#: build/C/man7/capabilities.7:241
+#: build/C/man7/capabilities.7:250
msgid ""
"Make arbitrary manipulations of process GIDs and supplementary GID list; "
"forge GID when passing socket credentials via UNIX domain sockets."
"できる。"
#. type: TP
-#: build/C/man7/capabilities.7:241
+#: build/C/man7/capabilities.7:250
#, no-wrap
msgid "B<CAP_SETFCAP> (since Linux 2.6.24)"
msgstr "B<CAP_SETFCAP> (Linux 2.6.24 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:244
+#: build/C/man7/capabilities.7:253
msgid "Set file capabilities."
msgstr "ファイルケーパビリティを設定する。"
#. type: TP
-#: build/C/man7/capabilities.7:244
+#: build/C/man7/capabilities.7:253
#, no-wrap
msgid "B<CAP_SETPCAP>"
msgstr "B<CAP_SETPCAP>"
#. type: Plain text
-#: build/C/man7/capabilities.7:255
+#: build/C/man7/capabilities.7:264
msgid ""
"If file capabilities are not supported: grant or remove any capability in "
"the caller's permitted capability set to or from any other process. (This "
"サポートしているカーネルでは B<CAP_SETPCAP> は全く別の意味を持つからである。)"
#. type: Plain text
-#: build/C/man7/capabilities.7:265
+#: build/C/man7/capabilities.7:274
msgid ""
"If file capabilities are supported: add any capability from the calling "
"thread's bounding set to its inheritable set; drop capabilities from the "
"らケーパビリティを削除できる。 I<securebits> フラグを変更できる。"
#. type: TP
-#: build/C/man7/capabilities.7:265
+#: build/C/man7/capabilities.7:274
#, no-wrap
msgid "B<CAP_SETUID>"
msgstr "B<CAP_SETUID>"
#. FIXME CAP_SETUID also an effect in exec(); document this.
#. type: Plain text
-#: build/C/man7/capabilities.7:274
+#: build/C/man7/capabilities.7:283
msgid ""
"Make arbitrary manipulations of process UIDs (B<setuid>(2), B<setreuid>(2), "
"B<setresuid>(2), B<setfsuid>(2)); make forged UID when passing socket "
"(credential) を渡す際に 偽の UID を渡すことができる。"
#. type: TP
-#: build/C/man7/capabilities.7:274
+#: build/C/man7/capabilities.7:283
#, no-wrap
msgid "B<CAP_SYS_ADMIN>"
msgstr "B<CAP_SYS_ADMIN>"
#. type: Plain text
-#: build/C/man7/capabilities.7:288
+#: build/C/man7/capabilities.7:297
msgid ""
"Perform a range of system administration operations including: B<quotactl>"
"(2), B<mount>(2), B<umount>(2), B<swapon>(2), B<swapoff>(2), B<sethostname>"
"(2), B<swapon>(2), B<swapoff>(2), B<sethostname>(2), B<setdomainname>(2)."
#. type: Plain text
-#: build/C/man7/capabilities.7:294
+#: build/C/man7/capabilities.7:303
msgid ""
"perform privileged B<syslog>(2) operations (since Linux 2.6.37, "
"B<CAP_SYSLOG> should be used to permit such operations);"
"B<CAP_SYSLOG> を使うべきである)"
#. type: Plain text
-#: build/C/man7/capabilities.7:299
+#: build/C/man7/capabilities.7:308
msgid "perform B<VM86_REQUEST_IRQ> B<vm86>(2) command;"
msgstr "B<VM86_REQUEST_IRQ> B<vm86>(2) コマンドを実行する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:305
+#: build/C/man7/capabilities.7:314
msgid ""
"perform B<IPC_SET> and B<IPC_RMID> operations on arbitrary System V IPC "
"objects;"
"する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:312
+#: build/C/man7/capabilities.7:321
msgid ""
"perform operations on I<trusted> and I<security> Extended Attributes (see "
"B<attr>(5));"
"照)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:315
+#: build/C/man7/capabilities.7:324
msgid "use B<lookup_dcookie>(2);"
msgstr "B<lookup_dcookie>(2) を呼び出す。"
#. type: Plain text
-#: build/C/man7/capabilities.7:323
+#: build/C/man7/capabilities.7:332
msgid ""
"use B<ioprio_set>(2) to assign B<IOPRIO_CLASS_RT> and (before Linux "
"2.6.25) B<IOPRIO_CLASS_IDLE> I/O scheduling classes;"
"前のバージョンのみ)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:325
+#: build/C/man7/capabilities.7:334
msgid "forge UID when passing socket credentials;"
msgstr "ソケットの資格情報 (credential) を渡す際に偽の UID を渡す。"
#. type: Plain text
-#: build/C/man7/capabilities.7:334
+#: build/C/man7/capabilities.7:343
msgid ""
"exceed I</proc/sys/fs/file-max>, the system-wide limit on the number of open "
"files, in system calls that open files (e.g., B<accept>(2), B<execve>(2), "
"proc/sys/fs/file-max> を超過する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:341
+#: build/C/man7/capabilities.7:350
msgid ""
"employ B<CLONE_*> flags that create new namespaces with B<clone>(2) and "
"B<unshare>(2);"
"フラグを利用する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:344
+#: build/C/man7/capabilities.7:353
msgid "call B<perf_event_open>(2);"
msgstr "B<perf_event_open>(2) を呼び出す。"
#. type: Plain text
-#: build/C/man7/capabilities.7:348
+#: build/C/man7/capabilities.7:357
msgid "access privileged I<perf> event information;"
msgstr "特権が必要な I<perf> イベントの情報にアクセスする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:351
+#: build/C/man7/capabilities.7:360
msgid "call B<setns>(2);"
msgstr "B<setns>(2) を呼び出す。"
#. type: Plain text
-#: build/C/man7/capabilities.7:354
+#: build/C/man7/capabilities.7:363
msgid "call B<fanotify_init>(2);"
msgstr "B<fanotify_init>(2) を呼び出す。"
#. type: Plain text
-#: build/C/man7/capabilities.7:361
+#: build/C/man7/capabilities.7:370
msgid "perform B<KEYCTL_CHOWN> and B<KEYCTL_SETPERM> B<keyctl>(2) operations;"
msgstr "B<keyctl>(2) の B<KEYCTL_CHOWN> と B<KEYCTL_SETPERM> 操作を実行する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:366
+#: build/C/man7/capabilities.7:375
msgid "perform B<madvise>(2) B<MADV_HWPOISON> operation;"
msgstr "B<madvise>(2) の B<MADV_HWPOISON> 操作を実行する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:372
+#: build/C/man7/capabilities.7:381
msgid ""
"employ the B<TIOCSTI> B<ioctl>(2) to insert characters into the input queue "
"of a terminal other than the caller's controlling terminal."
"呼び出し元の制御端末以外の端末の入力キューに文字を挿入する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:376
+#: build/C/man7/capabilities.7:385
msgid "employ the obsolete B<nfsservctl>(2) system call;"
msgstr "廃止予定の B<nfsservctl>(2) システムコールを使用する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:380
+#: build/C/man7/capabilities.7:389
msgid "employ the obsolete B<bdflush>(2) system call;"
msgstr "廃止予定の B<bdflush>(2) システムコールを使用する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:384
+#: build/C/man7/capabilities.7:393
msgid "perform various privileged block-device B<ioctl>(2) operations;"
msgstr ""
"特権が必要なブロックデバイスに対する各種の B<ioctl>(2) 操作を\n"
"実行する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:388
-msgid "perform various privileged file-system B<ioctl>(2) operations;"
+#: build/C/man7/capabilities.7:397
+msgid "perform various privileged filesystem B<ioctl>(2) operations;"
msgstr ""
"特権が必要なファイルシステムに対する各種の B<ioctl>(2) 操作を\n"
"実行する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:390
+#: build/C/man7/capabilities.7:399
msgid "perform administrative operations on many device drivers."
msgstr "多くのデバイスドライバに対する管理命令を実行する。"
#. type: TP
-#: build/C/man7/capabilities.7:392
+#: build/C/man7/capabilities.7:401
#, no-wrap
msgid "B<CAP_SYS_BOOT>"
msgstr "B<CAP_SYS_BOOT>"
#. type: Plain text
-#: build/C/man7/capabilities.7:398
+#: build/C/man7/capabilities.7:407
msgid "Use B<reboot>(2) and B<kexec_load>(2)."
msgstr "B<reboot>(2) と B<kexec_load>(2) を呼び出す。"
#. type: TP
-#: build/C/man7/capabilities.7:398
+#: build/C/man7/capabilities.7:407
#, no-wrap
msgid "B<CAP_SYS_CHROOT>"
msgstr "B<CAP_SYS_CHROOT>"
#. type: Plain text
-#: build/C/man7/capabilities.7:402
+#: build/C/man7/capabilities.7:411
msgid "Use B<chroot>(2)."
msgstr "B<chroot>(2). を呼び出す。"
#. type: TP
-#: build/C/man7/capabilities.7:402
+#: build/C/man7/capabilities.7:411
#, no-wrap
msgid "B<CAP_SYS_MODULE>"
msgstr "B<CAP_SYS_MODULE>"
#. type: Plain text
-#: build/C/man7/capabilities.7:411
+#: build/C/man7/capabilities.7:420
msgid ""
"Load and unload kernel modules (see B<init_module>(2) and B<delete_module>"
"(2)); in kernels before 2.6.25: drop capabilities from the system-wide "
"からケーパビリティを外す。"
#. type: TP
-#: build/C/man7/capabilities.7:411
+#: build/C/man7/capabilities.7:420
#, no-wrap
msgid "B<CAP_SYS_NICE>"
msgstr "B<CAP_SYS_NICE>"
#. type: Plain text
-#: build/C/man7/capabilities.7:420
+#: build/C/man7/capabilities.7:429
msgid ""
"Raise process nice value (B<nice>(2), B<setpriority>(2)) and change the "
"nice value for arbitrary processes;"
"セスの nice 値の変更を行う。"
#. type: Plain text
-#: build/C/man7/capabilities.7:425
+#: build/C/man7/capabilities.7:434
msgid ""
"set real-time scheduling policies for calling process, and set scheduling "
"policies and priorities for arbitrary processes (B<sched_setscheduler>(2), "
"(2), B<sched_setparam>(2))。"
#. type: Plain text
-#: build/C/man7/capabilities.7:428
+#: build/C/man7/capabilities.7:437
msgid "set CPU affinity for arbitrary processes (B<sched_setaffinity>(2));"
msgstr ""
"任意のプロセスに対する CPU affinity を設定できる (B<sched_setaffinity>(2))。"
#. type: Plain text
-#: build/C/man7/capabilities.7:431
+#: build/C/man7/capabilities.7:440
msgid ""
"set I/O scheduling class and priority for arbitrary processes (B<ioprio_set>"
"(2));"
#. do_migrate_pages(mm, &old, &new,
#. capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
#. type: Plain text
-#: build/C/man7/capabilities.7:440
+#: build/C/man7/capabilities.7:449
msgid ""
"apply B<migrate_pages>(2) to arbitrary processes and allow processes to be "
"migrated to arbitrary nodes;"
"る。"
#. type: Plain text
-#: build/C/man7/capabilities.7:444
+#: build/C/man7/capabilities.7:453
msgid "apply B<move_pages>(2) to arbitrary processes;"
msgstr "B<move_pages>(2) を任意のプロセスに対して行う。"
#. type: Plain text
-#: build/C/man7/capabilities.7:451
+#: build/C/man7/capabilities.7:460
msgid ""
"use the B<MPOL_MF_MOVE_ALL> flag with B<mbind>(2) and B<move_pages>(2)."
msgstr ""
"B<mbind>(2) と B<move_pages>(2) で B<MPOL_MF_MOVE_ALL> フラグを使用する。"
#. type: TP
-#: build/C/man7/capabilities.7:453
+#: build/C/man7/capabilities.7:462
#, no-wrap
msgid "B<CAP_SYS_PACCT>"
msgstr "B<CAP_SYS_PACCT>"
#. type: Plain text
-#: build/C/man7/capabilities.7:457
+#: build/C/man7/capabilities.7:466
msgid "Use B<acct>(2)."
msgstr "B<acct>(2) を呼び出す。"
#. type: TP
-#: build/C/man7/capabilities.7:457
+#: build/C/man7/capabilities.7:466
#, no-wrap
msgid "B<CAP_SYS_PTRACE>"
msgstr "B<CAP_SYS_PTRACE>"
#. type: Plain text
-#: build/C/man7/capabilities.7:466
+#: build/C/man7/capabilities.7:475
msgid ""
"Trace arbitrary processes using B<ptrace>(2); apply B<get_robust_list>(2) "
"to arbitrary processes; inspect processes using B<kcmp>(2)."
"る。"
#. type: TP
-#: build/C/man7/capabilities.7:466
+#: build/C/man7/capabilities.7:475
#, no-wrap
msgid "B<CAP_SYS_RAWIO>"
msgstr "B<CAP_SYS_RAWIO>"
#. type: Plain text
-#: build/C/man7/capabilities.7:475
+#: build/C/man7/capabilities.7:484
msgid "Perform I/O port operations (B<iopl>(2) and B<ioperm>(2));"
msgstr "I/O ポート操作を実行する (B<iopl>(2)、 B<ioperm>(2))。"
#. type: Plain text
-#: build/C/man7/capabilities.7:478
+#: build/C/man7/capabilities.7:487
msgid "access I</proc/kcore>;"
msgstr "I</proc/kcore> にアクセスする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:483
+#: build/C/man7/capabilities.7:492
msgid "employ the B<FIBMAP> B<ioctl>(2) operation;"
msgstr "B<FIBMAP> B<ioctl>(2) 操作を使用する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:486
+#: build/C/man7/capabilities.7:495
msgid ""
"open devices for accessing x86 model-specific registers (MSRs, see B<msr>(4))"
msgstr ""
"めのデバイスをオープンする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:489
+#: build/C/man7/capabilities.7:498
msgid "update I</proc/sys/vm/mmap_min_addr>;"
msgstr "I</proc/sys/vm/mmap_min_addr> を更新する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:492
+#: build/C/man7/capabilities.7:501
msgid ""
"create memory mappings at addresses below the value specified by I</proc/sys/"
"vm/mmap_min_addr>;"
"ピングを作成する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:495
+#: build/C/man7/capabilities.7:504
msgid "map files in I</proc/bus/pci>;"
msgstr "I</proc/bus/pci> にあるファイルをマップする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:500
+#: build/C/man7/capabilities.7:509
msgid "open I</dev/mem> and I</dev/kmem>;"
msgstr "I</dev/mem> や I</dev/kmem> をオープンする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:502
+#: build/C/man7/capabilities.7:511
msgid "perform various SCSI device commands;"
msgstr "各種の SCSI デバイスコマンドを実行する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:508
+#: build/C/man7/capabilities.7:517
msgid "perform certain operations on B<hpsa>(4) and B<cciss>(4) devices;"
msgstr "B<hpsa>(4) デバイスや B<cciss>(4) デバイスの特定の操作を実行する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:510
+#: build/C/man7/capabilities.7:519
msgid "perform a range of device-specific operations on other devices."
msgstr "他のデバイスに対して各種のデバイス固有命令を実行する。"
#. type: TP
-#: build/C/man7/capabilities.7:512
+#: build/C/man7/capabilities.7:521
#, no-wrap
msgid "B<CAP_SYS_RESOURCE>"
msgstr "B<CAP_SYS_RESOURCE>"
#. type: Plain text
-#: build/C/man7/capabilities.7:518
-msgid "Use reserved space on ext2 file systems;"
+#: build/C/man7/capabilities.7:527
+msgid "Use reserved space on ext2 filesystems;"
msgstr "ext2 ファイルシステム上の予約されている領域を使用する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:522
+#: build/C/man7/capabilities.7:531
msgid "make B<ioctl>(2) calls controlling ext3 journaling;"
msgstr "ext3 のジャーナル機能を制御する B<ioctl>(2) を使用する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:524
+#: build/C/man7/capabilities.7:533
msgid "override disk quota limits;"
msgstr "ディスク quota の上限を上書きする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:527
+#: build/C/man7/capabilities.7:536
msgid "increase resource limits (see B<setrlimit>(2));"
msgstr "リソース上限を増やす (B<setrlimit>(2))。"
#. type: Plain text
-#: build/C/man7/capabilities.7:531
+#: build/C/man7/capabilities.7:540
msgid "override B<RLIMIT_NPROC> resource limit;"
msgstr "B<RLIMIT_NPROC> リソース制限を上書きする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:533
+#: build/C/man7/capabilities.7:542
msgid "override maximum number of consoles on console allocation;"
msgstr "コンソール割り当てにおいてコンソールの最大数を上書きする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:535
+#: build/C/man7/capabilities.7:544
msgid "override maximum number of keymaps;"
msgstr "キーマップの最大数を上書きする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:537
+#: build/C/man7/capabilities.7:546
msgid "allow more than 64hz interrupts from the real-time clock;"
msgstr "リアルタイムクロックから秒間 64 回を越える回数の割り当てが許可する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:546
+#: build/C/man7/capabilities.7:555
msgid ""
"raise I<msg_qbytes> limit for a System V message queue above the limit in I</"
"proc/sys/kernel/msgmnb> (see B<msgop>(2) and B<msgctl>(2));"
"(B<msgop>(2) と B<msgctl>(2) 参照)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:553
+#: build/C/man7/capabilities.7:562
msgid ""
"override the I</proc/sys/fs/pipe-size-max> limit when setting the capacity "
"of a pipe using the B<F_SETPIPE_SZ> B<fcntl>(2) command."
"上限 I</proc/sys/fs/pipe-size-max> を上書きする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:558
+#: build/C/man7/capabilities.7:567
msgid ""
"use B<F_SETPIPE_SZ> to increase the capacity of a pipe above the limit "
"specified by I</proc/sys/fs/pipe-max-size>;"
"を増やすのに B<F_SETPIPE_SZ> を使用する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:563
+#: build/C/man7/capabilities.7:572
msgid ""
"override I</proc/sys/fs/mqueue/queues_max> limit when creating POSIX message "
"queues (see B<mq_overview>(7));"
"(B<mq_overview>(7) 参照)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:568
+#: build/C/man7/capabilities.7:577
msgid "employ B<prctl>(2) B<PR_SET_MM> operation;"
msgstr "B<prctl>(2) B<PR_SET_MM> 操作を使用する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:573
+#: build/C/man7/capabilities.7:582
msgid ""
"set I</proc/PID/oom_score_adj> to a value lower than the value last set by a "
"process with B<CAP_SYS_RESOURCE>."
"を I</proc/PID/oom_score_adj> に設定する。"
#. type: TP
-#: build/C/man7/capabilities.7:575
+#: build/C/man7/capabilities.7:584
#, no-wrap
msgid "B<CAP_SYS_TIME>"
msgstr "B<CAP_SYS_TIME>"
#. type: Plain text
-#: build/C/man7/capabilities.7:582
+#: build/C/man7/capabilities.7:591
msgid ""
"Set system clock (B<settimeofday>(2), B<stime>(2), B<adjtimex>(2)); set real-"
"time (hardware) clock."
"(2))。 リアルタイム (ハードウェア) クロックを変更する。"
#. type: TP
-#: build/C/man7/capabilities.7:582
+#: build/C/man7/capabilities.7:591
#, no-wrap
msgid "B<CAP_SYS_TTY_CONFIG>"
msgstr "B<CAP_SYS_TTY_CONFIG>"
#. type: Plain text
-#: build/C/man7/capabilities.7:589
+#: build/C/man7/capabilities.7:598
msgid ""
"Use B<vhangup>(2); employ various privileged B<ioctl>(2) operations on "
"virtual terminals."
"特権が必要な仮想端末に関する各種の B<ioctl>(2) 操作を利用できる。"
#. type: TP
-#: build/C/man7/capabilities.7:589
+#: build/C/man7/capabilities.7:598
#, no-wrap
msgid "B<CAP_SYSLOG> (since Linux 2.6.37)"
msgstr "B<CAP_SYSLOG> (Linux 2.6.37 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:598
+#: build/C/man7/capabilities.7:607
msgid ""
"Perform privileged B<syslog>(2) operations. See B<syslog>(2) for "
"information on which operations require privilege."
"どの操作が特権が必要かについての情報は B<syslog>(2) を参照。"
#. type: Plain text
-#: build/C/man7/capabilities.7:608
+#: build/C/man7/capabilities.7:617
msgid ""
"View kernel addresses exposed via I</proc> and other interfaces when I</proc/"
"sys/kernel/kptr_restrict> has the value 1. (See the discussion of the "
"I<kptr_restrict> の議論を参照)。"
#. type: TP
-#: build/C/man7/capabilities.7:608
+#: build/C/man7/capabilities.7:617
#, no-wrap
msgid "B<CAP_WAKE_ALARM> (since Linux 3.0)"
msgstr "B<CAP_WAKE_ALARM> (Linux 3.0 以降)"
#. type: Plain text
-#: build/C/man7/capabilities.7:616
+#: build/C/man7/capabilities.7:625
msgid ""
"Trigger something that will wake up the system (set B<CLOCK_REALTIME_ALARM> "
"and B<CLOCK_BOOTTIME_ALARM> timers)."
"や B<CLOCK_BOOTTIME_ALARM> を設定する)。"
#. type: SS
-#: build/C/man7/capabilities.7:616
+#: build/C/man7/capabilities.7:625
#, no-wrap
msgid "Past and current implementation"
msgstr "過去と現在の実装"
#. type: Plain text
-#: build/C/man7/capabilities.7:618
+#: build/C/man7/capabilities.7:627
msgid "A full implementation of capabilities requires that:"
msgstr "完全な形のケーパビリティを実装するには、以下の要件を満たす必要がある:"
#. type: IP
-#: build/C/man7/capabilities.7:618 build/C/man7/capabilities.7:769
-#: build/C/man7/capabilities.7:916 build/C/man7/capabilities.7:969
+#: build/C/man7/capabilities.7:627 build/C/man7/capabilities.7:778
+#: build/C/man7/capabilities.7:925 build/C/man7/capabilities.7:978
#, no-wrap
msgid "1."
msgstr "1."
#. type: Plain text
-#: build/C/man7/capabilities.7:622
+#: build/C/man7/capabilities.7:631
msgid ""
"For all privileged operations, the kernel must check whether the thread has "
"the required capability in its effective set."
"要なケーパビリティがあるかを確認する。"
#. type: IP
-#: build/C/man7/capabilities.7:622 build/C/man7/capabilities.7:774
-#: build/C/man7/capabilities.7:922 build/C/man7/capabilities.7:975
+#: build/C/man7/capabilities.7:631 build/C/man7/capabilities.7:783
+#: build/C/man7/capabilities.7:931 build/C/man7/capabilities.7:984
#, no-wrap
msgid "2."
msgstr "2."
#. type: Plain text
-#: build/C/man7/capabilities.7:625
+#: build/C/man7/capabilities.7:634
msgid ""
"The kernel must provide system calls allowing a thread's capability sets to "
"be changed and retrieved."
"システムコールが提供される。"
#. type: IP
-#: build/C/man7/capabilities.7:625 build/C/man7/capabilities.7:925
-#: build/C/man7/capabilities.7:979
+#: build/C/man7/capabilities.7:634 build/C/man7/capabilities.7:934
+#: build/C/man7/capabilities.7:988
#, no-wrap
msgid "3."
msgstr "3."
#. type: Plain text
-#: build/C/man7/capabilities.7:628
+#: build/C/man7/capabilities.7:637
msgid ""
-"The file system must support attaching capabilities to an executable file, "
-"so that a process gains those capabilities when the file is executed."
+"The filesystem must support attaching capabilities to an executable file, so "
+"that a process gains those capabilities when the file is executed."
msgstr ""
"ファイルシステムが、実行可能ファイルにケーパビリティを付与でき、ファイル 実行"
"時にそのケーパビリティをプロセスが取得できるような機能をサポートする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:632
+#: build/C/man7/capabilities.7:641
msgid ""
"Before kernel 2.6.24, only the first two of these requirements are met; "
"since kernel 2.6.24, all three requirements are met."
"2.6.24 以降では、3つの要件すべてが満たされている。"
#. type: SS
-#: build/C/man7/capabilities.7:632
+#: build/C/man7/capabilities.7:641
#, no-wrap
msgid "Thread capability sets"
msgstr "スレッドケーパビリティセット"
#. type: Plain text
-#: build/C/man7/capabilities.7:635
+#: build/C/man7/capabilities.7:644
msgid ""
"Each thread has three capability sets containing zero or more of the above "
"capabilities:"
"もよい)。"
#. type: TP
-#: build/C/man7/capabilities.7:635
+#: build/C/man7/capabilities.7:644
#, no-wrap
msgid "I<Permitted>:"
msgstr "I<許可 (permitted)>:"
#. type: Plain text
-#: build/C/man7/capabilities.7:643
+#: build/C/man7/capabilities.7:652
msgid ""
"This is a limiting superset for the effective capabilities that the thread "
"may assume. It is also a limiting superset for the capabilities that may be "
"の限定的なスーパーセットでもある。"
#. type: Plain text
-#: build/C/man7/capabilities.7:649
+#: build/C/man7/capabilities.7:658
msgid ""
"If a thread drops a capability from its permitted set, it can never "
"reacquire that capability (unless it B<execve>(2)s either a set-user-ID-root "
"プログラムを B<execve>(2) しない限りは) もう一度獲得することはできない。"
#. type: TP
-#: build/C/man7/capabilities.7:649
+#: build/C/man7/capabilities.7:658
#, no-wrap
msgid "I<Inheritable>:"
msgstr "I<継承可能 (inheritable)>:"
#. type: Plain text
-#: build/C/man7/capabilities.7:656
+#: build/C/man7/capabilities.7:665
msgid ""
"This is a set of capabilities preserved across an B<execve>(2). It provides "
"a mechanism for a process to assign capabilities to the permitted set of the "
"リティセットとして 割り当てるケーパビリティを指定することができる。"
#. type: TP
-#: build/C/man7/capabilities.7:656 build/C/man7/capabilities.7:706
+#: build/C/man7/capabilities.7:665 build/C/man7/capabilities.7:715
#, no-wrap
msgid "I<Effective>:"
msgstr "I<実効 (effective)>:"
#. type: Plain text
-#: build/C/man7/capabilities.7:660
+#: build/C/man7/capabilities.7:669
msgid ""
"This is the set of capabilities used by the kernel to perform permission "
"checks for the thread."
"ティセットである。"
#. type: Plain text
-#: build/C/man7/capabilities.7:666
+#: build/C/man7/capabilities.7:675
msgid ""
"A child created via B<fork>(2) inherits copies of its parent's capability "
"sets. See below for a discussion of the treatment of capabilities during "
"する。 B<execve>(2) 中のケーパビリティの扱いについては下記を参照のこと。"
#. type: Plain text
-#: build/C/man7/capabilities.7:670
+#: build/C/man7/capabilities.7:679
msgid ""
"Using B<capset>(2), a thread may manipulate its own capability sets (see "
"below)."
#. commit 73efc0394e148d0e15583e13712637831f926720
#. type: Plain text
-#: build/C/man7/capabilities.7:679
+#: build/C/man7/capabilities.7:688
msgid ""
"Since Linux 3.2, the file I</proc/sys/kernel/cap_last_cap> exposes the "
"numerical value of the highest capability supported by the running kernel; "
"とができる。"
#. type: SS
-#: build/C/man7/capabilities.7:679
+#: build/C/man7/capabilities.7:688
#, no-wrap
msgid "File capabilities"
msgstr "ファイルケーパビリティ"
#. type: Plain text
-#: build/C/man7/capabilities.7:694
+#: build/C/man7/capabilities.7:703
msgid ""
"Since kernel 2.6.24, the kernel supports associating capability sets with an "
"executable file using B<setcap>(8). The file capability sets are stored in "
"(2) 後のスレッドのケーパビリティセットが決定される。"
#. type: Plain text
-#: build/C/man7/capabilities.7:696
+#: build/C/man7/capabilities.7:705
msgid "The three file capability sets are:"
msgstr "3 つのファイルケーパビリティセットが定義されている。"
#. type: TP
-#: build/C/man7/capabilities.7:696
+#: build/C/man7/capabilities.7:705
#, no-wrap
msgid "I<Permitted> (formerly known as I<forced>):"
msgstr "I<許可 (Permitted)> (以前のI<強制 (Forced)>):"
#. type: Plain text
-#: build/C/man7/capabilities.7:700
+#: build/C/man7/capabilities.7:709
msgid ""
"These capabilities are automatically permitted to the thread, regardless of "
"the thread's inheritable capabilities."
"ケーパビリティ。"
#. type: TP
-#: build/C/man7/capabilities.7:700
+#: build/C/man7/capabilities.7:709
#, no-wrap
msgid "I<Inheritable> (formerly known as I<allowed>):"
msgstr "I<継承可能 (Inheritable)> (以前の I<許容 (Allowed)>):"
#. type: Plain text
-#: build/C/man7/capabilities.7:706
+#: build/C/man7/capabilities.7:715
msgid ""
"This set is ANDed with the thread's inheritable set to determine which "
"inheritable capabilities are enabled in the permitted set of the thread "
"継承可能ケーパビリティが決定される。"
#. type: Plain text
-#: build/C/man7/capabilities.7:716
+#: build/C/man7/capabilities.7:725
msgid ""
"This is not a set, but rather just a single bit. If this bit is set, then "
"during an B<execve>(2) all of the new permitted capabilities for the thread "
"集合 にセットされない。"
#. type: Plain text
-#: build/C/man7/capabilities.7:732
+#: build/C/man7/capabilities.7:741
msgid ""
"Enabling the file effective capability bit implies that any file permitted "
"or inheritable capability that causes a thread to acquire the corresponding "
"ケーパビリティ についても実効フラグを有効と指定しなければならない。"
#. type: SS
-#: build/C/man7/capabilities.7:732
+#: build/C/man7/capabilities.7:741
#, no-wrap
msgid "Transformation of capabilities during execve()"
msgstr "execve() 中のケーパビリティの変換"
#. type: Plain text
-#: build/C/man7/capabilities.7:738
+#: build/C/man7/capabilities.7:747
msgid ""
"During an B<execve>(2), the kernel calculates the new capabilities of the "
"process using the following algorithm:"
"リズムを用いて計算する:"
#. type: Plain text
-#: build/C/man7/capabilities.7:743
+#: build/C/man7/capabilities.7:752
#, no-wrap
msgid ""
"P'(permitted) = (P(inheritable) & F(inheritable)) |\n"
" (F(permitted) & cap_bset)\n"
#. type: Plain text
-#: build/C/man7/capabilities.7:745
+#: build/C/man7/capabilities.7:754
#, no-wrap
msgid "P'(effective) = F(effective) ? P'(permitted) : 0\n"
msgstr "P'(effective) = F(effective) ? P'(permitted) : 0\n"
#. type: Plain text
-#: build/C/man7/capabilities.7:747
+#: build/C/man7/capabilities.7:756
#, no-wrap
msgid "P'(inheritable) = P(inheritable) [i.e., unchanged]\n"
msgstr "P'(inheritable) = P(inheritable) [つまり、変更されない]\n"
#. type: Plain text
-#: build/C/man7/capabilities.7:751
+#: build/C/man7/capabilities.7:760
msgid "where:"
msgstr "各変数の意味は以下の通り:"
#. type: IP
-#: build/C/man7/capabilities.7:752
+#: build/C/man7/capabilities.7:761
#, no-wrap
msgid "P"
msgstr "P"
#. type: Plain text
-#: build/C/man7/capabilities.7:755
+#: build/C/man7/capabilities.7:764
msgid "denotes the value of a thread capability set before the B<execve>(2)"
msgstr "B<execve>(2) 前のスレッドのケーパビリティセットの値"
#. type: IP
-#: build/C/man7/capabilities.7:755
+#: build/C/man7/capabilities.7:764
#, no-wrap
msgid "P'"
msgstr "P'"
#. type: Plain text
-#: build/C/man7/capabilities.7:758
+#: build/C/man7/capabilities.7:767
msgid "denotes the value of a capability set after the B<execve>(2)"
msgstr "B<execve>(2) 後のスレッドのケーパビリティセットの値"
#. type: IP
-#: build/C/man7/capabilities.7:758
+#: build/C/man7/capabilities.7:767
#, no-wrap
msgid "F"
msgstr "F"
#. type: Plain text
-#: build/C/man7/capabilities.7:760
+#: build/C/man7/capabilities.7:769
msgid "denotes a file capability set"
msgstr "ファイルケーパビリティセットの値"
#. type: IP
-#: build/C/man7/capabilities.7:760
+#: build/C/man7/capabilities.7:769
#, no-wrap
msgid "cap_bset"
msgstr "cap_bset"
#. type: Plain text
-#: build/C/man7/capabilities.7:762
+#: build/C/man7/capabilities.7:771
msgid "is the value of the capability bounding set (described below)."
msgstr "ケーパビリティバウンディングセットの値 (下記参照)"
#. type: SS
-#: build/C/man7/capabilities.7:764
+#: build/C/man7/capabilities.7:773
#, no-wrap
msgid "Capabilities and execution of programs by root"
msgstr "ケーパビリティと、ルートによるプログラムの実行"
#. type: Plain text
-#: build/C/man7/capabilities.7:769
+#: build/C/man7/capabilities.7:778
msgid ""
"In order to provide an all-powerful I<root> using capability sets, during an "
"B<execve>(2):"
"を実現するには、以下のようにする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:774
+#: build/C/man7/capabilities.7:783
msgid ""
"If a set-user-ID-root program is being executed, or the real user ID of the "
"process is 0 (root) then the file inheritable and permitted sets are "
"ビリティが有効) に定義する。"
#. type: Plain text
-#: build/C/man7/capabilities.7:777
+#: build/C/man7/capabilities.7:786
msgid ""
"If a set-user-ID-root program is being executed, then the file effective bit "
"is defined to be one (enabled)."
#. exec(), then it gets all capabilities in its
#. permitted set, and no effective capabilities
#. type: Plain text
-#: build/C/man7/capabilities.7:792
+#: build/C/man7/capabilities.7:801
msgid ""
"The upshot of the above rules, combined with the capabilities "
"transformations described above, is that when a process B<execve>(2)s a set-"
"により、伝統的な UNIX システムと同じ振る舞いができるようになっている。"
#. type: SS
-#: build/C/man7/capabilities.7:792
+#: build/C/man7/capabilities.7:801
#, no-wrap
msgid "Capability bounding set"
msgstr "ケーパビリティ・バウンディングセット"
#. type: Plain text
-#: build/C/man7/capabilities.7:797
+#: build/C/man7/capabilities.7:806
msgid ""
"The capability bounding set is a security mechanism that can be used to "
"limit the capabilities that can be gained during an B<execve>(2). The "
"ある。 バウンディングセットは以下のように使用される。"
#. type: Plain text
-#: build/C/man7/capabilities.7:805
+#: build/C/man7/capabilities.7:814
msgid ""
"During an B<execve>(2), the capability bounding set is ANDed with the file "
"permitted capability set, and the result of this operation is assigned to "
"る。"
#. type: Plain text
-#: build/C/man7/capabilities.7:817
+#: build/C/man7/capabilities.7:826
msgid ""
"(Since Linux 2.6.25) The capability bounding set acts as a limiting "
"superset for the capabilities that a thread can add to its inheritable set "
"できない、 ということである。"
#. type: Plain text
-#: build/C/man7/capabilities.7:824
+#: build/C/man7/capabilities.7:833
msgid ""
"Note that the bounding set masks the file permitted capabilities, but not "
"the inherited capabilities. If a thread maintains a capability in its "
"ということである。"
#. type: Plain text
-#: build/C/man7/capabilities.7:827
+#: build/C/man7/capabilities.7:836
msgid ""
"Depending on the kernel version, the capability bounding set is either a "
"system-wide attribute, or a per-process attribute."
"通の属性の場合と、プロセス単位の属性の場合がある。"
#. type: Plain text
-#: build/C/man7/capabilities.7:829
+#: build/C/man7/capabilities.7:838
msgid "B<Capability bounding set prior to Linux 2.6.25>"
msgstr "B<Linux 2.6.25 より前のケーパビリティ・バウンディングセット>"
#. type: Plain text
-#: build/C/man7/capabilities.7:837
+#: build/C/man7/capabilities.7:846
msgid ""
"In kernels before 2.6.25, the capability bounding set is a system-wide "
"attribute that affects all threads on the system. The bounding set is "
"きの十進数で表現される。)"
#. type: Plain text
-#: build/C/man7/capabilities.7:844
+#: build/C/man7/capabilities.7:853
msgid ""
"Only the B<init> process may set capabilities in the capability bounding "
"set; other than that, the superuser (more precisely: programs with the "
"ンディングセットのケーパビリティのクリアが できるだけである。"
#. type: Plain text
-#: build/C/man7/capabilities.7:853
+#: build/C/man7/capabilities.7:862
msgid ""
"On a standard system the capability bounding set always masks out the "
"B<CAP_SETPCAP> capability. To remove this restriction (dangerous!), modify "
"する必要がある。"
#. type: Plain text
-#: build/C/man7/capabilities.7:857
+#: build/C/man7/capabilities.7:866
msgid ""
"The system-wide capability bounding set feature was added to Linux starting "
"with kernel version 2.2.11."
"降で Linux に追加された。"
#. type: Plain text
-#: build/C/man7/capabilities.7:859
+#: build/C/man7/capabilities.7:868
msgid "B<Capability bounding set from Linux 2.6.25 onward>"
msgstr "B<Linux 2.6.25 以降のケーパビリティ・バウンディングセット>"
#. type: Plain text
-#: build/C/man7/capabilities.7:864
+#: build/C/man7/capabilities.7:873
msgid ""
"From Linux 2.6.25, the I<capability bounding set> is a per-thread "
"attribute. (There is no longer a system-wide capability bounding set.)"
"在しない)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:869
+#: build/C/man7/capabilities.7:878
msgid ""
"The bounding set is inherited at B<fork>(2) from the thread's parent, and "
"is preserved across an B<execve>(2)."
"B<execve>(2) の前後では保持される。"
#. type: Plain text
-#: build/C/man7/capabilities.7:882
+#: build/C/man7/capabilities.7:891
msgid ""
"A thread may remove capabilities from its capability bounding set using the "
"B<prctl>(2) B<PR_CAPBSET_DROP> operation, provided it has the "
"いるかを知ることができる。"
#. type: Plain text
-#: build/C/man7/capabilities.7:900
+#: build/C/man7/capabilities.7:909
msgid ""
"Removing capabilities from the bounding set is supported only if file "
"capabilities are compiled into the kernel. In kernels before Linux 2.6.33, "
"パビリティがサポートされていない場合には 違った意味を持つからである。"
#. type: Plain text
-#: build/C/man7/capabilities.7:907
+#: build/C/man7/capabilities.7:916
msgid ""
"Removing a capability from the bounding set does not remove it from the "
"thread's inherited set. However it does prevent the capability from being "
"こと はできなくなる。"
#. type: SS
-#: build/C/man7/capabilities.7:907
+#: build/C/man7/capabilities.7:916
#, no-wrap
msgid "Effect of user ID changes on capabilities"
msgstr "ユーザ ID 変更のケーパビリティへの影響"
#. type: Plain text
-#: build/C/man7/capabilities.7:916
+#: build/C/man7/capabilities.7:925
msgid ""
"To preserve the traditional semantics for transitions between 0 and nonzero "
"user IDs, the kernel makes the following changes to a thread's capability "
-"sets on changes to the thread's real, effective, saved set, and file system "
+"sets on changes to the thread's real, effective, saved set, and filesystem "
"user IDs (using B<setuid>(2), B<setresuid>(2), or similar):"
msgstr ""
"ユーザ ID が 0 と 0 以外の間で変化する際の振る舞いを従来と同じにするため、 ス"
"スレッドのケーパビリティセットに 以下の変更を行う:"
#. type: Plain text
-#: build/C/man7/capabilities.7:922
+#: build/C/man7/capabilities.7:931
msgid ""
"If one or more of the real, effective or saved set user IDs was previously "
"0, and as a result of the UID changes all of these IDs have a nonzero value, "
"合、許可と実効のケーパビリティセットの 全ケーパビリティをクリアする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:925
+#: build/C/man7/capabilities.7:934
msgid ""
"If the effective user ID is changed from 0 to nonzero, then all capabilities "
"are cleared from the effective set."
"パビリティをクリアする。"
#. type: Plain text
-#: build/C/man7/capabilities.7:928
+#: build/C/man7/capabilities.7:937
msgid ""
"If the effective user ID is changed from nonzero to 0, then the permitted "
"set is copied to the effective set."
"実効ケーパビリティセットにコピーする。"
#. type: IP
-#: build/C/man7/capabilities.7:928 build/C/man7/capabilities.7:983
+#: build/C/man7/capabilities.7:937 build/C/man7/capabilities.7:992
#, no-wrap
msgid "4."
msgstr "4."
#. type: Plain text
-#: build/C/man7/capabilities.7:946
-msgid ""
-"If the file system user ID is changed from 0 to nonzero (see B<setfsuid>"
-"(2)) then the following capabilities are cleared from the effective set: "
+#: build/C/man7/capabilities.7:955
+#, fuzzy
+#| msgid ""
+#| "If the filesystem user ID is changed from 0 to nonzero (see B<setfsuid>"
+#| "(2)) then the following capabilities are cleared from the effective set: "
+#| "B<CAP_CHOWN>, B<CAP_DAC_OVERRIDE>, B<CAP_DAC_READ_SEARCH>, B<CAP_FOWNER>, "
+#| "B<CAP_FSETID>, B<CAP_LINUX_IMMUTABLE> (since Linux 2.6.30), "
+#| "B<CAP_MAC_OVERRIDE>, and B<CAP_MKNOD> (since Linux 2.6.30). If the "
+#| "filesystem UID is changed from nonzero to 0, then any of these "
+#| "capabilities that are enabled in the permitted set are enabled in the "
+#| "effective set."
+msgid ""
+"If the filesystem user ID is changed from 0 to nonzero (see B<setfsuid>(2)), "
+"then the following capabilities are cleared from the effective set: "
"B<CAP_CHOWN>, B<CAP_DAC_OVERRIDE>, B<CAP_DAC_READ_SEARCH>, B<CAP_FOWNER>, "
-"B<CAP_FSETID>, B<CAP_LINUX_IMMUTABLE> (since Linux 2.2.30), "
-"B<CAP_MAC_OVERRIDE>, and B<CAP_MKNOD> (since Linux 2.2.30). If the file "
-"system UID is changed from nonzero to 0, then any of these capabilities that "
-"are enabled in the permitted set are enabled in the effective set."
+"B<CAP_FSETID>, B<CAP_LINUX_IMMUTABLE> (since Linux 2.6.30), "
+"B<CAP_MAC_OVERRIDE>, and B<CAP_MKNOD> (since Linux 2.6.30). If the "
+"filesystem UID is changed from nonzero to 0, then any of these capabilities "
+"that are enabled in the permitted set are enabled in the effective set."
msgstr ""
"ファイルシステム UID が 0 から 0 以外に変更された場合 (B<setfsuid>(2) 参"
"照)、実効ケーパビリティセットの以下のケーパビリティがクリアされる: "
"B<CAP_CHOWN>, B<CAP_DAC_OVERRIDE>, B<CAP_DAC_READ_SEARCH>, B<CAP_FOWNER>, "
-"B<CAP_FSETID>, B<CAP_LINUX_IMMUTABLE> (Linux 2.2.30 以降), "
-"B<CAP_MAC_OVERRIDE>, B<CAP_MKNOD> (Linux 2.2.30 以降)。 ファイルシステム UID "
+"B<CAP_FSETID>, B<CAP_LINUX_IMMUTABLE> (Linux 2.6.30 以降), "
+"B<CAP_MAC_OVERRIDE>, B<CAP_MKNOD> (Linux 2.6.30 以降)。 ファイルシステム UID "
"が 0 以外から 0 に変更された場合、 上記のケーパビリティのうち許可ケーパビリ"
"ティセットで有効になっているものが 実効ケーパビリティセットで有効にされる。"
#. type: Plain text
-#: build/C/man7/capabilities.7:954
+#: build/C/man7/capabilities.7:963
msgid ""
"If a thread that has a 0 value for one or more of its user IDs wants to "
"prevent its permitted capability set being cleared when it resets all of its "
"は、 B<prctl>(2) の B<PR_SET_KEEPCAPS> 操作を使えばよい。"
#. type: SS
-#: build/C/man7/capabilities.7:954
+#: build/C/man7/capabilities.7:963
#, no-wrap
msgid "Programmatically adjusting capability sets"
msgstr "プログラムでケーパビリティセットを調整する"
#. type: Plain text
-#: build/C/man7/capabilities.7:969
+#: build/C/man7/capabilities.7:978
msgid ""
"A thread can retrieve and change its capability sets using the B<capget>(2) "
"and B<capset>(2) system calls. However, the use of B<cap_get_proc>(3) and "
"望ましい。 スレッドのケーパビリティセットの変更には以下のルールが適用される。"
#. type: Plain text
-#: build/C/man7/capabilities.7:975
+#: build/C/man7/capabilities.7:984
msgid ""
"If the caller does not have the B<CAP_SETPCAP> capability, the new "
"inheritable set must be a subset of the combination of the existing "
"ばならない。"
#. type: Plain text
-#: build/C/man7/capabilities.7:979
+#: build/C/man7/capabilities.7:988
msgid ""
"(Since Linux 2.6.25) The new inheritable set must be a subset of the "
"combination of the existing inheritable set and the capability bounding set."
"ティ・ バウンディングセットの積集合 (AND) の部分集合でなければならない。"
#. type: Plain text
-#: build/C/man7/capabilities.7:983
+#: build/C/man7/capabilities.7:992
msgid ""
"The new permitted set must be a subset of the existing permitted set (i.e., "
"it is not possible to acquire permitted capabilities that the thread does "
"のスレッドが現在持っていない許可ケーパビリティを 獲得することはできない)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:985
+#: build/C/man7/capabilities.7:994
msgid "The new effective set must be a subset of the new permitted set."
msgstr ""
"新しい実効ケーパビリティセットは新しい許可ケーパビリティセットの 部分集合に"
"なっていなければならない。"
#. type: SS
-#: build/C/man7/capabilities.7:985
+#: build/C/man7/capabilities.7:994
#, no-wrap
msgid "The securebits flags: establishing a capabilities-only environment"
msgstr "securebits フラグ: ケーパビリティだけの環境を構築する"
#. see http://lwn.net/Articles/280279/ and
#. http://article.gmane.org/gmane.linux.kernel.lsm/5476/
#. type: Plain text
-#: build/C/man7/capabilities.7:996
+#: build/C/man7/capabilities.7:1005
msgid ""
"Starting with kernel 2.6.26, and with a kernel in which file capabilities "
"are enabled, Linux implements a set of per-thread I<securebits> flags that "
"ようなフラグがある。"
#. type: TP
-#: build/C/man7/capabilities.7:996
+#: build/C/man7/capabilities.7:1005
#, no-wrap
msgid "B<SECBIT_KEEP_CAPS>"
msgstr "B<SECBIT_KEEP_CAPS>"
#. type: Plain text
-#: build/C/man7/capabilities.7:1008
+#: build/C/man7/capabilities.7:1017
msgid ""
"Setting this flag allows a thread that has one or more 0 UIDs to retain its "
"capabilities when it switches all of its UIDs to a nonzero value. If this "
"同じ機能を提供するものである)。"
#. type: TP
-#: build/C/man7/capabilities.7:1008
+#: build/C/man7/capabilities.7:1017
#, no-wrap
msgid "B<SECBIT_NO_SETUID_FIXUP>"
msgstr "B<SECBIT_NO_SETUID_FIXUP>"
#. type: Plain text
-#: build/C/man7/capabilities.7:1015
+#: build/C/man7/capabilities.7:1024
msgid ""
"Setting this flag stops the kernel from adjusting capability sets when the "
-"threads's effective and file system UIDs are switched between zero and "
+"threads's effective and filesystem UIDs are switched between zero and "
"nonzero values. (See the subsection I<Effect of User ID Changes on "
"Capabilities>.)"
msgstr ""
"くなる (「ユーザ ID 変更のケーパビリティへの影響」の節を参照)。"
#. type: TP
-#: build/C/man7/capabilities.7:1015
+#: build/C/man7/capabilities.7:1024
#, no-wrap
msgid "B<SECBIT_NOROOT>"
msgstr "B<SECBIT_NOROOT>"
#. type: Plain text
-#: build/C/man7/capabilities.7:1023
+#: build/C/man7/capabilities.7:1032
msgid ""
"If this bit is set, then the kernel does not grant capabilities when a set-"
"user-ID-root program is executed, or when a process with an effective or "
"行」の節を参照)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:1033
+#: build/C/man7/capabilities.7:1042
msgid ""
"Each of the above \"base\" flags has a companion \"locked\" flag. Setting "
"any of the \"locked\" flags is irreversible, and has the effect of "
"B<SECBIT_NOROOT_LOCKED> という名前である。"
#. type: Plain text
-#: build/C/man7/capabilities.7:1045
+#: build/C/man7/capabilities.7:1054
msgid ""
"The I<securebits> flags can be modified and retrieved using the B<prctl>(2) "
"B<PR_SET_SECUREBITS> and B<PR_GET_SECUREBITS> operations. The "
"るには B<CAP_SETPCAP> ケーパビリティが必要である。"
#. type: Plain text
-#: build/C/man7/capabilities.7:1054
+#: build/C/man7/capabilities.7:1063
msgid ""
"The I<securebits> flags are inherited by child processes. During an "
"B<execve>(2), all of the flags are preserved, except B<SECBIT_KEEP_CAPS> "
"B<SECBIT_KEEP_CAPS> が常にクリアされる以外は、全てのフラグが保持される。"
#. type: Plain text
-#: build/C/man7/capabilities.7:1059
+#: build/C/man7/capabilities.7:1068
msgid ""
"An application can use the following call to lock itself, and all of its "
"descendants, into an environment where the only way of gaining capabilities "
"きる。"
#. type: Plain text
-#: build/C/man7/capabilities.7:1068
+#: build/C/man7/capabilities.7:1077
#, no-wrap
msgid ""
"prctl(PR_SET_SECUREBITS,\n"
" SECBIT_NOROOT_LOCKED);\n"
#. type: Plain text
-#: build/C/man7/capabilities.7:1076
+#: build/C/man7/capabilities.7:1085
msgid ""
"No standards govern capabilities, but the Linux capability implementation is "
"based on the withdrawn POSIX.1e draft standard; see E<.UR http://wt."
"publications\\:/posix.1e/> E<.UE> を参照。"
#. type: Plain text
-#: build/C/man7/capabilities.7:1080
+#: build/C/man7/capabilities.7:1089
msgid ""
"Since kernel 2.5.27, capabilities are an optional kernel component, and can "
"be enabled/disabled via the CONFIG_SECURITY_CAPABILITIES kernel "
#. 7b9a7ec565505699f503b4fcf61500dceb36e744
#. type: Plain text
-#: build/C/man7/capabilities.7:1094
+#: build/C/man7/capabilities.7:1103
msgid ""
"The I</proc/PID/task/TID/status> file can be used to view the capability "
"sets of a thread. The I</proc/PID/status> file shows the capability sets of "
"a process's main thread. Before Linux 3.8, nonexistent capabilities were "
-"shown as being enabled (1) in these sets. Since Linux 3.8, all non-existent "
+"shown as being enabled (1) in these sets. Since Linux 3.8, all nonexistent "
"capabilities (above B<CAP_LAST_CAP>) are shown as disabled (0)."
msgstr ""
"I</proc/PID/task/TID/status> ファイルを使うと、スレッドのケーパビリティセット"
"ケーパビリティである)。"
#. type: Plain text
-#: build/C/man7/capabilities.7:1109
+#: build/C/man7/capabilities.7:1118
msgid ""
"The I<libcap> package provides a suite of routines for setting and getting "
"capabilities that is more comfortable and less likely to change than the "
"る。 パッケージは以下で入手できる。"
#. type: Plain text
-#: build/C/man7/capabilities.7:1112
+#: build/C/man7/capabilities.7:1121
msgid ""
"E<.UR http://www.kernel.org\\:/pub\\:/linux\\:/libs\\:/security\\:/linux-"
"privs> E<.UE .>"
"privs> E<.UE .>"
#. type: Plain text
-#: build/C/man7/capabilities.7:1121
+#: build/C/man7/capabilities.7:1130
msgid ""
"Before kernel 2.6.24, and since kernel 2.6.24 if file capabilities are not "
"enabled, a thread with the B<CAP_SETPCAP> capability can manipulate the "
"B<CAP_SETPCAP> ケーパビリティを持つことはないからである。"
#. type: Plain text
-#: build/C/man7/capabilities.7:1126
+#: build/C/man7/capabilities.7:1135
msgid ""
"In the pre-2.6.25 implementation the system-wide capability bounding set, I</"
"proc/sys/kernel/cap-bound>, always masks out this capability, and this can "
"い。"
#. type: Plain text
-#: build/C/man7/capabilities.7:1132
+#: build/C/man7/capabilities.7:1141
msgid ""
"If file capabilities are disabled in the current implementation, then "
"B<init> starts out with this capability removed from its per-process "
"上で生成される他の全てのプロセスでこのバウンディングセットが 継承される。"
#. type: Plain text
-#: build/C/man7/capabilities.7:1149
+#: build/C/man7/capabilities.7:1158
msgid ""
"B<capget>(2), B<prctl>(2), B<setfsuid>(2), B<cap_clear>(3), B<cap_copy_ext>"
"(3), B<cap_from_text>(3), B<cap_get_file>(3), B<cap_get_proc>(3), B<cap_init>"
"B<libcap>(3), B<credentials>(7), B<pthreads>(7), B<getcap>(8), B<setcap>(8)"
#. type: Plain text
-#: build/C/man7/capabilities.7:1152
+#: build/C/man7/capabilities.7:1161
msgid "I<include/linux/capability.h> in the Linux kernel source tree"
msgstr "Linux カーネルソース内の I<include/linux/capability.h>"
#. type: Plain text
#: build/C/man2/capget.2:55
+#, fuzzy
+#| msgid ""
+#| "The portable interfaces are B<cap_set_proc>(3) and B<cap_get_proc>(3); "
+#| "if possible you should use those interfaces in applications. If you wish "
+#| "to use the Linux extensions in applications, you should use the easier-to-"
+#| "use interfaces B<capsetp>(3) and B<capgetp>(3)."
msgid ""
"The portable interfaces are B<cap_set_proc>(3) and B<cap_get_proc>(3); if "
-"possible you should use those interfaces in applications. If you wish to "
+"possible, you should use those interfaces in applications. If you wish to "
"use the Linux extensions in applications, you should use the easier-to-use "
"interfaces B<capsetp>(3) and B<capgetp>(3)."
msgstr ""
#: build/C/man2/capget.2:96
msgid ""
"The I<effective>, I<permitted>, and I<inheritable> fields are bit masks of "
-"the capabilities defined in I<capability(7).> Note the B<CAP_*> values are "
-"bit indexes and need to be bit-shifted before ORing into the bit fields. To "
-"define the structures for passing to the system call you have to use the "
-"I<struct __user_cap_header_struct> and I<struct __user_cap_data_struct> "
-"names because the typedefs are only pointers."
-msgstr ""
-"フィールド I<effective>, I<permitted>, I<inheritable> は、 B<capability>(7) "
-"で定義されるケーパビリティのビットマスクである。 I<CAP_*> はビット番号を表す"
-"インデックス値であり、 ビットフィールドに OR を行う前に I<CAP_*> の値の分だけ"
-"ã\83\93ã\83\83ã\83\88ã\82·ã\83\95ã\83\88ã\82\92è¡\8cã\81\86å¿\85è¦\81ã\81\8cã\81\82ã\82\8bã\80\82 typedef ã\81®æ\96¹ã\81¯ã\83\9dã\82¤ã\83³ã\82¿ã\81ªã\81®ã\81§ã\80\81 ã\81\93ã\81®ã\82·ã\82¹ã\83\86ã\83 "
-"コールに渡す構造体を定義するには、 I<struct __user_cap_header_struct> と "
+"the capabilities defined in B<capabilities>(7). Note the B<CAP_*> values "
+"are bit indexes and need to be bit-shifted before ORing into the bit "
+"fields. To define the structures for passing to the system call you have to "
+"use the I<struct __user_cap_header_struct> and I<struct "
+"__user_cap_data_struct> names because the typedefs are only pointers."
+msgstr ""
+"フィールド I<effective>, I<permitted>, I<inheritable> は、 B<capabilities>"
+"(7) で定義されるケーパビリティのビットマスクである。 I<CAP_*> はビット番号を"
+"表すインデックス値であり、 ビットフィールドに OR を行う前に I<CAP_*> の値の分"
+"ã\81 ã\81\91ã\83\93ã\83\83ã\83\88ã\82·ã\83\95ã\83\88ã\82\92è¡\8cã\81\86å¿\85è¦\81ã\81\8cã\81\82ã\82\8bã\80\82 typedef ã\81®æ\96¹ã\81¯ã\83\9dã\82¤ã\83³ã\82¿ã\81ªã\81®ã\81§ã\80\81 ã\81\93ã\81®ã\82·ã\82¹ã\83\86"
+"ã\83 ã\82³ã\83¼ã\83«ã\81«æ¸¡ã\81\99æ§\8bé\80 ä½\93ã\82\92å®\9a義ã\81\99ã\82\8bã\81«ã\81¯ã\80\81 I<struct __user_cap_header_struct> ã\81¨ "
"I<struct __user_cap_data_struct> という名前を使用しなければならない。"
#. type: Plain text
#: build/C/man2/getgroups.2:114 build/C/man2/getgroups.2:121
#: build/C/man2/getpriority.2:121 build/C/man2/getrlimit.2:440
#: build/C/man2/getrusage.2:191 build/C/man2/iopl.2:72
-#: build/C/man2/ioprio_set.2:170 build/C/man2/setpgid.2:202
+#: build/C/man2/ioprio_set.2:170 build/C/man2/setpgid.2:225
#, no-wrap
msgid "B<EINVAL>"
msgstr "B<EINVAL>"
#: build/C/man2/capget.2:215 build/C/man7/cpuset.7:1330
#: build/C/man2/getpriority.2:129 build/C/man2/getrlimit.2:464
#: build/C/man2/getsid.2:70 build/C/man2/ioprio_set.2:187
-#: build/C/man2/setpgid.2:217
+#: build/C/man2/setpgid.2:240
#, no-wrap
msgid "B<ESRCH>"
msgstr "B<ESRCH>"
#. type: Plain text
#: build/C/man7/cpuset.7:35
msgid ""
-"The cpuset file system is a pseudo-file-system interface to the kernel "
-"cpuset mechanism, which is used to control the processor placement and "
-"memory placement of processes. It is commonly mounted at I</dev/cpuset>."
+"The cpuset filesystem is a pseudo-filesystem interface to the kernel cpuset "
+"mechanism, which is used to control the processor placement and memory "
+"placement of processes. It is commonly mounted at I</dev/cpuset>."
msgstr ""
#. type: Plain text
"On systems with kernels compiled with built in support for cpusets, all "
"processes are attached to a cpuset, and cpusets are always present. If a "
"system supports cpusets, then it will have the entry B<nodev cpuset> in the "
-"file I</proc/filesystems>. By mounting the cpuset file system (see the "
+"file I</proc/filesystems>. By mounting the cpuset filesystem (see the "
"B<EXAMPLE> section below), the administrator can configure the cpusets on a "
"system to control the processor and memory placement of processes on that "
"system. By default, if the cpuset configuration on a system is not modified "
-"or if the cpuset file system is not even mounted, then the cpuset mechanism, "
+"or if the cpuset filesystem is not even mounted, then the cpuset mechanism, "
"though present, has no affect on the system's behavior."
msgstr ""
#. type: Plain text
#: build/C/man7/cpuset.7:73
msgid ""
-"Cpusets are represented as directories in a hierarchical pseudo-file system, "
+"Cpusets are represented as directories in a hierarchical pseudo-filesystem, "
"where the top directory in the hierarchy (I</dev/cpuset>) represents the "
"entire system (all online CPUs and memory nodes) and any cpuset that is the "
"child (descendant) of another parent cpuset contains a subset of that "
"parent's CPUs and memory nodes. The directories and files representing "
-"cpusets have normal file-system permissions."
+"cpusets have normal filesystem permissions."
msgstr ""
#. type: Plain text
#. type: Plain text
#: build/C/man7/cpuset.7:314
msgid ""
-"Flag (0 or 1). If set (1), pages in the kernel page cache (file-system "
+"Flag (0 or 1). If set (1), pages in the kernel page cache (filesystem "
"buffers) are uniformly spread across the cpuset. By default this is off (0) "
"in the top cpuset, and inherited from the parent cpuset in newly created "
"cpusets. See the B<Memory Spread> section, below."
"In addition to the above pseudo-files in each directory below I</dev/"
"cpuset>, each process has a pseudo-file, I</proc/E<lt>pidE<gt>/cpuset>, that "
"displays the path of the process's cpuset directory relative to the root of "
-"the cpuset file system."
+"the cpuset filesystem."
msgstr ""
#. type: Plain text
#: build/C/man7/cpuset.7:458
msgid ""
"This enables configuring a system so that several independent jobs can share "
-"common kernel data, such as file system pages, while isolating each job's "
+"common kernel data, such as filesystem pages, while isolating each job's "
"user allocation in its own cpuset. To do this, construct a large "
"I<hardwall> cpuset to hold all the jobs, and construct child cpusets for "
"each individual job which are not I<hardwall> cpusets."
"the last process in the cpuset leaves (exits or attaches to some other "
"cpuset) and the last child cpuset of that cpuset is removed, the kernel "
"will run the command I</sbin/cpuset_release_agent>, supplying the pathname "
-"(relative to the mount point of the cpuset file system) of the abandoned "
+"(relative to the mount point of the cpuset filesystem) of the abandoned "
"cpuset. This enables automatic removal of abandoned cpusets."
msgstr ""
msgid ""
"The kernel direct reclaim code is entered whenever a process has to satisfy "
"a memory page request by first finding some other page to repurpose, due to "
-"lack of any readily available already free pages. Dirty file system pages "
-"are repurposed by first writing them to disk. Unmodified file system buffer "
+"lack of any readily available already free pages. Dirty filesystem pages "
+"are repurposed by first writing them to disk. Unmodified filesystem buffer "
"pages are repurposed by simply dropping them, though if that page is needed "
"again, it will have to be reread from disk."
msgstr ""
#: build/C/man7/cpuset.7:589
msgid ""
"There are two Boolean flag files per cpuset that control where the kernel "
-"allocates pages for the file-system buffers and related in-kernel data "
+"allocates pages for the filesystem buffers and related in-kernel data "
"structures. They are called I<cpuset.memory_spread_page> and I<cpuset."
"memory_spread_slab>."
msgstr ""
#: build/C/man7/cpuset.7:596
msgid ""
"If the per-cpuset Boolean flag file I<cpuset.memory_spread_page> is set, "
-"then the kernel will spread the file-system buffers (page cache) evenly over "
+"then the kernel will spread the filesystem buffers (page cache) evenly over "
"all the nodes that the faulting process is allowed to use, instead of "
"preferring to put those pages on the node where the process is running."
msgstr ""
#: build/C/man7/cpuset.7:604
msgid ""
"If the per-cpuset Boolean flag file I<cpuset.memory_spread_slab> is set, "
-"then the kernel will spread some file-system-related slab caches, such as "
+"then the kernel will spread some filesystem-related slab caches, such as "
"those for inodes and directory entries, evenly over all the nodes that the "
"faulting process is allowed to use, instead of preferring to put those pages "
"on the node where the process is running."
#. type: Plain text
#: build/C/man7/cpuset.7:657
msgid ""
-"need to access large file-system data sets that must to be spread across the "
+"need to access large filesystem data sets that must to be spread across the "
"several nodes in the job's cpuset in order to fit."
msgstr ""
"becomes free or another task becomes runnable. This load balancing works to "
"ensure that as many CPUs as possible are usefully employed running tasks. "
"The kernel also performs periodic load balancing off the software clock "
-"described in I<time>(7). The setting of I<sched_relax_domain_level> applies "
+"described in B<time>(7). The setting of I<sched_relax_domain_level> applies "
"only to immediate load balancing. Regardless of the "
"I<sched_relax_domain_level> setting, periodic load balancing is attempted "
"over all CPUs (unless disabled by turning off I<sched_load_balance>.) In "
#: build/C/man7/cpuset.7:952
msgid ""
"The permissions of a cpuset are determined by the permissions of the "
-"directories and pseudo-files in the cpuset file system, normally mounted at "
+"directories and pseudo-files in the cpuset filesystem, normally mounted at "
"I</dev/cpuset>."
msgstr ""
#: build/C/man7/cpuset.7:1000
msgid ""
"There is one minor difference between the manner in which these permissions "
-"are evaluated and the manner in which normal file-system operation "
+"are evaluated and the manner in which normal filesystem operation "
"permissions are evaluated. The kernel interprets relative pathnames "
"starting at a process's current working directory. Even if one is operating "
"on a cpuset file, relative pathnames are interpreted relative to the "
"cpuset can be used are if either the process's current working directory is "
"its cpuset (it first did a B<cd> or B<chdir>(2) to its cpuset directory "
"beneath I</dev/cpuset>, which is a bit unusual) or if some user code "
-"converts the relative cpuset path to a full file-system path."
+"converts the relative cpuset path to a full filesystem path."
msgstr ""
#. ================== WARNINGS ==================
#: build/C/man7/cpuset.7:1015
msgid ""
"In theory, this means that user code should specify cpusets using absolute "
-"pathnames, which requires knowing the mount point of the cpuset file system "
+"pathnames, which requires knowing the mount point of the cpuset filesystem "
"(usually, but not necessarily, I</dev/cpuset>). In practice, all user level "
-"code that this author is aware of simply assumes that if the cpuset file "
-"system is mounted, then it is mounted at I</dev/cpuset>. Furthermore, it is "
-"common practice for carefully written user code to verify the presence of "
-"the pseudo-file I</dev/cpuset/tasks> in order to verify that the cpuset "
-"pseudo-file system is currently mounted."
+"code that this author is aware of simply assumes that if the cpuset "
+"filesystem is mounted, then it is mounted at I</dev/cpuset>. Furthermore, "
+"it is common practice for carefully written user code to verify the presence "
+"of the pseudo-file I</dev/cpuset/tasks> in order to verify that the cpuset "
+"pseudo-filesystem is currently mounted."
msgstr ""
#. type: SH
#. type: SH
#: build/C/man7/cpuset.7:1352 build/C/man2/getpriority.2:225
-#: build/C/man2/getrlimit.2:525 build/C/man2/ioprio_set.2:337
-#: build/C/man2/setfsgid.2:104 build/C/man2/setfsuid.2:104
+#: build/C/man2/getrlimit.2:530 build/C/man2/ioprio_set.2:337
+#: build/C/man2/setfsgid.2:106 build/C/man2/setfsuid.2:114
#, no-wrap
msgid "BUGS"
msgstr "バグ"
msgstr ""
#. type: SH
-#: build/C/man7/cpuset.7:1365 build/C/man2/getrlimit.2:600
+#: build/C/man7/cpuset.7:1365 build/C/man2/getrlimit.2:605
#, no-wrap
msgid "EXAMPLE"
msgstr "例"
#. type: TH
#: build/C/man7/credentials.7:27
#, no-wrap
-msgid "2008-06-03"
-msgstr "2008-06-03"
+msgid "2013-12-27"
+msgstr "2013-12-27"
#. type: Plain text
#: build/C/man7/credentials.7:30
"(2) を呼び出したプロセスの PID と同じ値のセッション ID を持つ 新たなセッショ"
"ンを生成する。 セッションの生成者は「セッション・リーダー」と呼ばれる。"
+#. type: Plain text
+#: build/C/man7/credentials.7:124
+msgid ""
+"All of the processes in a session share a I<controlling terminal>. The "
+"controlling terminal is established when the session leader first opens a "
+"terminal (unless the B<O_NOCTTY> flag is specified when calling B<open>"
+"(2)). A terminal may be the controlling terminal of at most one session."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/credentials.7:146
+msgid ""
+"At most one of the jobs in a session may be the I<foreground job>; other "
+"jobs in the session are I<background jobs>. Only the foreground job may "
+"read from the terminal; when a process in the background attempts to read "
+"from the terminal, its process group is sent a B<SIGTTIN> signal, which "
+"suspends the job. If the B<TOSTOP> flag has been set for the terminal (see "
+"B<termios>(3)), then only the foreground job may write to the terminal; "
+"writes from background job cause a B<SIGTTOU> signal to be generated, which "
+"suspends the job. When terminal keys that generate a signal (such as the "
+"I<interrupt> key, normally control-C) are pressed, the signal is sent to "
+"the processes in the foreground job."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man7/credentials.7:167
+msgid ""
+"Various system calls and library functions may operate on all members of a "
+"process group, including B<kill>(2), B<killpg>(2), B<getpriority>(2), "
+"B<setpriority>(2), B<ioprio_get>(2), B<ioprio_set>(2), B<waitid>(2), and "
+"B<waitpid>(2). See also the discussion of the B<F_GETOWN>, B<F_GETOWN_EX>, "
+"B<F_SETOWN>, and B<F_SETOWN_EX> operations in B<fcntl>(2)."
+msgstr ""
+
#. type: SS
-#: build/C/man7/credentials.7:115
+#: build/C/man7/credentials.7:167
#, no-wrap
msgid "User and group identifiers"
msgstr "ユーザ ID とグループ ID"
#. type: Plain text
-#: build/C/man7/credentials.7:123
+#: build/C/man7/credentials.7:175
msgid ""
"Each process has various associated user and groups IDs. These IDs are "
"integers, respectively represented using the types I<uid_t> and I<gid_t> "
"types.hE<gt>> で定義されている)。"
#. type: Plain text
-#: build/C/man7/credentials.7:125
+#: build/C/man7/credentials.7:177
msgid "On Linux, each process has the following user and group identifiers:"
msgstr ""
"Linux では、各プロセスは以下のような種類のユーザ ID とグループ ID を持つ。"
#. type: Plain text
-#: build/C/man7/credentials.7:131
+#: build/C/man7/credentials.7:183
msgid ""
"Real user ID and real group ID. These IDs determine who owns the process. "
"A process can obtain its real user (group) ID using B<getuid>(2) (B<getgid>"
"B<getuid>(2), B<getgid>(2) を使用する。"
#. type: Plain text
-#: build/C/man7/credentials.7:143
+#: build/C/man7/credentials.7:195
msgid ""
"Effective user ID and effective group ID. These IDs are used by the kernel "
"to determine the permissions that the process will have when accessing "
"shared resources such as message queues, shared memory, and semaphores. On "
"most UNIX systems, these IDs also determine the permissions when accessing "
-"files. However, Linux uses the file system IDs described below for this "
+"files. However, Linux uses the filesystem IDs described below for this "
"task. A process can obtain its effective user (group) ID using B<geteuid>"
"(2) (B<getegid>(2))."
msgstr ""
"プ ID を取得するには、それぞれ B<geteuid>(2), B<getegid>(2) を使用する。"
#. type: Plain text
-#: build/C/man7/credentials.7:165
+#: build/C/man7/credentials.7:217
msgid ""
"Saved set-user-ID and saved set-group-ID. These IDs are used in set-user-ID "
"and set-group-ID programs to save a copy of the corresponding effective IDs "
"る。"
#. type: Plain text
-#: build/C/man7/credentials.7:182
+#: build/C/man7/credentials.7:234
msgid ""
-"File system user ID and file system group ID (Linux-specific). These IDs, "
-"in conjunction with the supplementary group IDs described below, are used to "
+"Filesystem user ID and filesystem group ID (Linux-specific). These IDs, in "
+"conjunction with the supplementary group IDs described below, are used to "
"determine permissions for accessing files; see B<path_resolution>(7) for "
"details. Whenever a process's effective user (group) ID is changed, the "
-"kernel also automatically changes the file system user (group) ID to the "
-"same value. Consequently, the file system IDs normally have the same values "
-"as the corresponding effective ID, and the semantics for file-permission "
-"checks are thus the same on Linux as on other UNIX systems. The file system "
-"IDs can be made to differ from the effective IDs by calling B<setfsuid>(2) "
-"and B<setfsgid>(2)."
+"kernel also automatically changes the filesystem user (group) ID to the same "
+"value. Consequently, the filesystem IDs normally have the same values as "
+"the corresponding effective ID, and the semantics for file-permission checks "
+"are thus the same on Linux as on other UNIX systems. The filesystem IDs can "
+"be made to differ from the effective IDs by calling B<setfsuid>(2) and "
+"B<setfsgid>(2)."
msgstr ""
"ファイルシステム・ユーザ ID とファイルシステム・グループ ID (Linux 固有)。 こ"
"れらの ID は、後述の補助グループ ID と組み合わせて使用され、 ファイルへのアク"
#. /proc/sys/kernel/ngroups_max.
#. As at 2.6.22-rc2, this file is still read-only.
#. type: Plain text
-#: build/C/man7/credentials.7:201
+#: build/C/man7/credentials.7:253
msgid ""
"Supplementary group IDs. This is a set of additional group IDs that are "
"used for permission checks when accessing files and other shared resources. "
"(2) で取得でき、 B<setgroups>(2) で集合を変更できる。"
#. type: Plain text
-#: build/C/man7/credentials.7:211
+#: build/C/man7/credentials.7:263
msgid ""
"A child process created by B<fork>(2) inherits copies of its parent's user "
"and groups IDs. During an B<execve>(2), a process's real user and group ID "
"(B<execve>(2) で説明されている)。"
#. type: Plain text
-#: build/C/man7/credentials.7:214
+#: build/C/man7/credentials.7:266
msgid ""
"Aside from the purposes noted above, a process's user IDs are also employed "
"in a number of other contexts:"
msgstr "上記の目的以外にも、プロセスのユーザ ID は他の様々な場面で利用される。"
#. type: Plain text
-#: build/C/man7/credentials.7:217
+#: build/C/man7/credentials.7:269
msgid ""
"when determining the permissions for sending signals\\(emsee B<kill>(2);"
msgstr "シグナルを送る許可の判定時\\(em B<kill>(2) 参照。"
#. type: Plain text
-#: build/C/man7/credentials.7:227
+#: build/C/man7/credentials.7:279
msgid ""
"when determining the permissions for setting process-scheduling parameters "
"(nice value, real time scheduling policy and priority, CPU affinity, I/O "
"B<ioprio_set>(2) が使用される。"
#. type: Plain text
-#: build/C/man7/credentials.7:230
+#: build/C/man7/credentials.7:282
msgid "when checking resource limits; see B<getrlimit>(2);"
msgstr "リソース上限のチェック時。 B<getrlimit>(2) 参照。"
#. type: Plain text
-#: build/C/man7/credentials.7:234
+#: build/C/man7/credentials.7:286
msgid ""
"when checking the limit on the number of inotify instances that the process "
"may create; see B<inotify>(7)."
"(7) 参照。"
#. type: Plain text
-#: build/C/man7/credentials.7:240
+#: build/C/man7/credentials.7:292
msgid ""
"Process IDs, parent process IDs, process group IDs, and session IDs are "
"specified in POSIX.1-2001. The real, effective, and saved set user and "
"groups IDs, and the supplementary group IDs, are specified in POSIX.1-2001. "
-"The file system user and group IDs are a Linux extension."
+"The filesystem user and group IDs are a Linux extension."
msgstr ""
"プロセス ID、親プロセス ID、プロセスグループ ID、セッション ID は "
"POSIX.1-2001 で規定されている。 実 ID、実効 ID、保存セット ID のユーザ ID / "
"ルシステム・ユーザ ID / グループ ID は Linux による拡張である。"
#. type: Plain text
-#: build/C/man7/credentials.7:251
+#: build/C/man7/credentials.7:303
msgid ""
"The POSIX threads specification requires that credentials are shared by all "
"of the threads in a process. However, at the kernel level, Linux maintains "
"れることを保証する ための処理を行っている。"
#. type: Plain text
-#: build/C/man7/credentials.7:282
+#: build/C/man7/credentials.7:335
msgid ""
"B<bash>(1), B<csh>(1), B<ps>(1), B<access>(2), B<execve>(2), B<faccessat>"
"(2), B<fork>(2), B<getpgrp>(2), B<getpid>(2), B<getppid>(2), B<getsid>(2), "
"B<setfsuid>(2), B<setgid>(2), B<setgroups>(2), B<setresgid>(2), B<setresuid>"
"(2), B<setuid>(2), B<waitpid>(2), B<euidaccess>(3), B<initgroups>(3), "
"B<tcgetpgrp>(3), B<tcsetpgrp>(3), B<capabilities>(7), B<path_resolution>(7), "
-"B<unix>(7)"
+"B<signal>(7), B<unix>(7)"
msgstr ""
"B<bash>(1), B<csh>(1), B<ps>(1), B<access>(2), B<execve>(2), B<faccessat>"
"(2), B<fork>(2), B<getpgrp>(2), B<getpid>(2), B<getppid>(2), B<getsid>(2), "
"B<setfsuid>(2), B<setgid>(2), B<setgroups>(2), B<setresgid>(2), B<setresuid>"
"(2), B<setuid>(2), B<waitpid>(2), B<euidaccess>(3), B<initgroups>(3), "
"B<tcgetpgrp>(3), B<tcsetpgrp>(3), B<capabilities>(7), B<path_resolution>(7), "
-"B<unix>(7)"
+"B<signal>(7), B<unix>(7)"
#. type: TH
#: build/C/man2/getgid.2:25
msgstr "GETGID"
#. type: TH
-#: build/C/man2/getgid.2:25 build/C/man2/getgroups.2:31
-#: build/C/man2/getresuid.2:28 build/C/man2/getuid.2:26
-#: build/C/man2/setfsgid.2:31 build/C/man2/setfsuid.2:31
-#: build/C/man2/setgid.2:29 build/C/man2/setresuid.2:26
-#: build/C/man2/setreuid.2:45 build/C/man2/setuid.2:30
+#: build/C/man2/getgid.2:25 build/C/man2/getresuid.2:28
+#: build/C/man2/getuid.2:26 build/C/man2/setgid.2:29
+#: build/C/man2/setresuid.2:26 build/C/man2/setuid.2:30
#, no-wrap
msgid "2010-11-22"
msgstr "2010-11-22"
msgid "GETGROUPS"
msgstr "GETGROUPS"
+#. type: TH
+#: build/C/man2/getgroups.2:31
+#, no-wrap
+msgid "2013-10-18"
+msgstr "2013-10-18"
+
#. type: Plain text
#: build/C/man2/getgroups.2:34
msgid "getgroups, setgroups - get/set list of supplementary group IDs"
"B<setgroups>() は特権を必要とするため、POSIX.1-2001 に従っていない。"
#. type: Plain text
-#: build/C/man2/getgroups.2:149
+#: build/C/man2/getgroups.2:153
msgid ""
"A process can have up to B<NGROUPS_MAX> supplementary group IDs in addition "
-"to the effective group ID. The set of supplementary group IDs is inherited "
-"from the parent process, and preserved across an B<execve>(2)."
+"to the effective group ID. The constant B<NGROUPS_MAX> is defined in "
+"I<E<lt>limits.hE<gt>>. The set of supplementary group IDs is inherited from "
+"the parent process, and preserved across an B<execve>(2)."
msgstr ""
"プロセスは、実効グループ ID に加え、最大 B<NGROUPS_MAX> までの補助グループ "
-"ID を持つことができる。 補助グループ ID の集合は親プロセスから継承され、 "
-"B<execve>(2) の前後で保持される。"
+"ID を持つことができる。 定数 B<NGROUPS_MAX> は I<E<lt>limits.hE<gt>> で定義さ"
+"れている。 補助グループ ID の集合は親プロセスから継承され、 B<execve>(2) の"
+"前後で保持される。"
#. type: Plain text
-#: build/C/man2/getgroups.2:152
+#: build/C/man2/getgroups.2:156
msgid ""
-"The maximum number of supplementary group IDs can be found using B<sysconf>"
-"(3):"
+"The maximum number of supplementary group IDs can be found at run time using "
+"B<sysconf>(3):"
msgstr ""
-"補助グループ ID の最大数は B<sysconf>(3) を使って以下のようにして調べること"
-"ができる:"
+"補助グループ ID の最大数は、実行時に B<sysconf>(3) を使って以下のようにして"
+"調べることができる:"
#. type: Plain text
-#: build/C/man2/getgroups.2:156
+#: build/C/man2/getgroups.2:160
#, no-wrap
msgid ""
" long ngroups_max;\n"
" ngroups_max = sysconf(_SC_NGROUPS_MAX);\n"
#. type: Plain text
-#: build/C/man2/getgroups.2:161
+#: build/C/man2/getgroups.2:168
msgid ""
"The maximum return value of B<getgroups>() cannot be larger than one more "
-"than this value."
+"than this value. Since Linux 2.6.4, the maximum number of supplementary "
+"group IDs is also exposed via the Linux-specific read-only file, I</proc/sys/"
+"kernel/ngroups_max>."
msgstr ""
-"B<getgroups>() の返り値の最大値は、この値より 1 大きい値より大きくなることは"
-"ない。"
#. type: Plain text
-#: build/C/man2/getgroups.2:171
+#: build/C/man2/getgroups.2:178
msgid ""
"The original Linux B<getgroups>() system call supported only 16-bit group "
"IDs. Subsequently, Linux 2.4 added B<getgroups32>(), supporting 32-bit "
"バージョンによるこの違いを吸収している。"
#. type: Plain text
-#: build/C/man2/getgroups.2:178
+#: build/C/man2/getgroups.2:185
msgid ""
"B<getgid>(2), B<setgid>(2), B<getgrouplist>(3), B<initgroups>(3), "
"B<capabilities>(7), B<credentials>(7)"
msgstr "GETRLIMIT"
#. type: TH
-#: build/C/man2/getrlimit.2:64 build/C/man2/setsid.2:30
+#: build/C/man2/getrlimit.2:64
#, no-wrap
-msgid "2013-02-11"
-msgstr "2013-02-11"
+msgid "2014-01-22"
+msgstr "2014-01-22"
#. type: Plain text
#: build/C/man2/getrlimit.2:67
#. type: TP
#: build/C/man2/getrlimit.2:242
#, no-wrap
-msgid "B<RLIMIT_MSGQUEUE> (Since Linux 2.6.8)"
+msgid "B<RLIMIT_MSGQUEUE> (since Linux 2.6.8)"
msgstr "B<RLIMIT_MSGQUEUE> (Linux 2.6.8 以降)"
#. type: Plain text
#. type: Plain text
#: build/C/man2/getrlimit.2:268
-#, fuzzy
-#| msgid ""
-#| "The first addend in the formula, which includes I<sizeof(struct msg_msg *)"
-#| "> (4 bytes on Linux/i386), ensures that the user cannot create an "
-#| "unlimited number of zero-length messages (such messages nevertheless each "
-#| "consume some system memory for bookkeeping overhead)."
msgid ""
"The first addend in the formula, which includes I<sizeof(struct msg_msg\\ *)"
"> (4 bytes on Linux/i386), ensures that the user cannot create an unlimited "
"number of zero-length messages (such messages nevertheless each consume some "
"system memory for bookkeeping overhead)."
msgstr ""
-"I<sizeof(struct msg_msg *)> (Linux/i386 では 4 バイト) を含む最初の加数は、 "
-"ã\83¦ã\83¼ã\82¶ã\83¼ã\81\8cé\95·ã\81\95 0 ã\81®ã\83¡ã\83\83ã\82»ã\83¼ã\82¸ã\82\92ç\84¡å\88¶é\99\90ã\81«ä½\9cã\82\8cã\81ªã\81\84ã\81\93ã\81¨ä¿\9d証ã\81\97ã\81¦ã\81\84ã\82\8b (ã\81\93ã\81®ã\82\88ã\81\86ã\81ª"
-"メッセージであっても、 記録のためのオーバーヘッドでシステムメモリを消費す"
+"I<sizeof(struct msg_msg\\ *)> (Linux/i386 では 4 バイト) を含む最初の加数"
+"ã\81¯ã\80\81 ã\83¦ã\83¼ã\82¶ã\83¼ã\81\8cé\95·ã\81\95 0 ã\81®ã\83¡ã\83\83ã\82»ã\83¼ã\82¸ã\82\92ç\84¡å\88¶é\99\90ã\81«ä½\9cã\82\8cã\81ªã\81\84ã\81\93ã\81¨ä¿\9d証ã\81\97ã\81¦ã\81\84ã\82\8b (ã\81\93ã\81®ã\82\88"
+"ã\81\86ã\81ªã\83¡ã\83\83ã\82»ã\83¼ã\82¸ã\81§ã\81\82ã\81£ã\81¦ã\82\82ã\80\81 è¨\98é\8c²ã\81®ã\81\9fã\82\81ã\81®ã\82ªã\83¼ã\83\90ã\83¼ã\83\98ã\83\83ã\83\89ã\81§ã\82·ã\82¹ã\83\86ã\83 ã\83¡ã\83¢ã\83ªã\82\92æ¶\88è²»ã\81\99"
"る)。"
#. type: TP
#. type: TP
#: build/C/man2/getrlimit.2:315
#, no-wrap
-msgid "B<RLIMIT_RTPRIO> (Since Linux 2.6.12, but see BUGS)"
+msgid "B<RLIMIT_RTPRIO> (since Linux 2.6.12, but see BUGS)"
msgstr "B<RLIMIT_RTPRIO> (Linux 2.6.12 以降, バグの節も参照)"
#. type: Plain text
#. type: TP
#: build/C/man2/getrlimit.2:322
#, no-wrap
-msgid "B<RLIMIT_RTTIME> (Since Linux 2.6.25)"
+msgid "B<RLIMIT_RTTIME> (since Linux 2.6.25)"
msgstr "B<RLIMIT_RTTIME> (Linux 2.6.25 以降)"
#. type: Plain text
#. type: TP
#: build/C/man2/getrlimit.2:348
#, no-wrap
-msgid "B<RLIMIT_SIGPENDING> (Since Linux 2.6.8)"
+msgid "B<RLIMIT_SIGPENDING> (since Linux 2.6.8)"
msgstr "B<RLIMIT_SIGPENDING> (Linux 2.6.8 以降)"
#. This replaces the /proc/sys/kernel/rtsig-max system-wide limit
"承する。 B<execve>(2) の前後でリソース制限は保存される。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:511
+#: build/C/man2/getrlimit.2:507
+msgid ""
+"Lowering the soft limit for a resource below the process's current "
+"consumption of that resource will succeed (but will prevent the process from "
+"further increasing its consumption of the resource)."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/getrlimit.2:516
msgid ""
"One can set the resource limits of the shell using the built-in I<ulimit> "
"command (I<limit> in B<csh>(1)). The shell's resource limits are inherited "
"マンドを実行してシェルが生成するプロセス に引き継がれる。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:516
+#: build/C/man2/getrlimit.2:521
msgid ""
"Since Linux 2.6.24, the resource limits of any process can be inspected via "
"I</proc/[pid]/limits>; see B<proc>(5)."
"ことができる。 B<proc>(5) 参照。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:525
+#: build/C/man2/getrlimit.2:530
msgid ""
"Ancient systems provided a B<vlimit>() function with a similar purpose to "
"B<setrlimit>(). For backward compatibility, glibc also provides B<vlimit>"
#. getrlimit() and setrlimit() that use prlimit() to work around
#. this bug.
#. type: Plain text
-#: build/C/man2/getrlimit.2:540
+#: build/C/man2/getrlimit.2:545
msgid ""
"In older Linux kernels, the B<SIGXCPU> and B<SIGKILL> signals delivered when "
"a process encountered the soft and hard B<RLIMIT_CPU> limits were delivered "
#. see http://marc.theaimsgroup.com/?l=linux-kernel&m=114008066530167&w=2
#. type: Plain text
-#: build/C/man2/getrlimit.2:548
+#: build/C/man2/getrlimit.2:553
msgid ""
"In 2.6.x kernels before 2.6.17, a B<RLIMIT_CPU> limit of 0 is wrongly "
"treated as \"no limit\" (like B<RLIM_INFINITY>). Since Linux 2.6.17, "
#. See https://lwn.net/Articles/145008/
#. type: Plain text
-#: build/C/man2/getrlimit.2:553
+#: build/C/man2/getrlimit.2:558
msgid ""
"A kernel bug means that B<RLIMIT_RTPRIO> does not work in kernel 2.6.12; the "
"problem is fixed in kernel 2.6.13."
#. see http://marc.theaimsgroup.com/?l=linux-kernel&m=112256338703880&w=2
#. type: Plain text
-#: build/C/man2/getrlimit.2:564
+#: build/C/man2/getrlimit.2:569
msgid ""
"In kernel 2.6.12, there was an off-by-one mismatch between the priority "
"ranges returned by B<getpriority>(2) and B<RLIMIT_NICE>. This had the "
#. Tested Solaris 10, FreeBSD 9, OpenBSD 5.0
#. FIXME https://bugzilla.kernel.org/show_bug.cgi?id=50951
#. type: Plain text
-#: build/C/man2/getrlimit.2:591
+#: build/C/man2/getrlimit.2:596
msgid ""
"Since Linux 2.6.12, if a process reaches its soft B<RLIMIT_CPU> limit and "
"has a handler installed for B<SIGXCPU>, then, in addition to invoking the "
"B<RLIMIT_RTTIME> でも、 ソフトリミットに達した場合に同じ動作となる。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:600
+#: build/C/man2/getrlimit.2:605
msgid ""
"Kernels before 2.4.22 did not diagnose the error B<EINVAL> for B<setrlimit>"
"() when I<rlim-E<gt>rlim_cur> was greater than I<rlim-E<gt>rlim_max>."
"より大きかった場合、 B<setrlimit>() での B<EINVAL> エラーを検出できない。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:603
+#: build/C/man2/getrlimit.2:608
msgid "The program below demonstrates the use of B<prlimit>()."
msgstr "以下のプログラムに B<prlimit>() の使用例を示す。"
#. type: Plain text
-#: build/C/man2/getrlimit.2:612
+#: build/C/man2/getrlimit.2:617
#, no-wrap
msgid ""
"#define _GNU_SOURCE\n"
"#include E<lt>sys/resource.hE<gt>\n"
#. type: Plain text
-#: build/C/man2/getrlimit.2:615
+#: build/C/man2/getrlimit.2:620
#, no-wrap
msgid ""
"#define errExit(msg) \tdo { perror(msg); exit(EXIT_FAILURE); \\e\n"
" } while (0)\n"
#. type: Plain text
-#: build/C/man2/getrlimit.2:622
+#: build/C/man2/getrlimit.2:627
#, no-wrap
msgid ""
"int\n"
" pid_t pid;\n"
#. type: Plain text
-#: build/C/man2/getrlimit.2:628
+#: build/C/man2/getrlimit.2:633
#, no-wrap
msgid ""
" if (!(argc == 2 || argc == 4)) {\n"
" }\n"
#. type: Plain text
-#: build/C/man2/getrlimit.2:630
+#: build/C/man2/getrlimit.2:635
#, no-wrap
msgid " pid = atoi(argv[1]); /* PID of target process */\n"
msgstr " pid = atoi(argv[1]); /* PID of target process */\n"
#. type: Plain text
-#: build/C/man2/getrlimit.2:637
+#: build/C/man2/getrlimit.2:642
#, no-wrap
msgid ""
" newp = NULL;\n"
" }\n"
#. type: Plain text
-#: build/C/man2/getrlimit.2:640
+#: build/C/man2/getrlimit.2:645
#, no-wrap
msgid ""
" /* Set CPU time limit of target process; retrieve and display\n"
" previous limit */\n"
#. type: Plain text
-#: build/C/man2/getrlimit.2:645
+#: build/C/man2/getrlimit.2:650
#, no-wrap
msgid ""
" if (prlimit(pid, RLIMIT_CPU, newp, &old) == -1)\n"
" (long long) old.rlim_cur, (long long) old.rlim_max);\n"
#. type: Plain text
-#: build/C/man2/getrlimit.2:647
+#: build/C/man2/getrlimit.2:652
#, no-wrap
msgid " /* Retrieve and display new CPU time limit */\n"
msgstr " /* Retrieve and display new CPU time limit */\n"
#. type: Plain text
-#: build/C/man2/getrlimit.2:652
+#: build/C/man2/getrlimit.2:657
#, no-wrap
msgid ""
" if (prlimit(pid, RLIMIT_CPU, NULL, &old) == -1)\n"
" (long long) old.rlim_cur, (long long) old.rlim_max);\n"
#. type: Plain text
-#: build/C/man2/getrlimit.2:655
+#: build/C/man2/getrlimit.2:660
#, no-wrap
msgid ""
" exit(EXIT_FAILURE);\n"
"}\n"
#. type: Plain text
-#: build/C/man2/getrlimit.2:674
+#: build/C/man2/getrlimit.2:679
msgid ""
"B<prlimit>(1), B<dup>(2), B<fcntl>(2), B<fork>(2), B<getrusage>(2), B<mlock>"
"(2), B<mmap>(2), B<open>(2), B<quotactl>(2), B<sbrk>(2), B<shmctl>(2), "
#. type: TH
#: build/C/man2/getrusage.2:39 build/C/man2/getsid.2:26
-#: build/C/man2/setpgid.2:48
#, no-wrap
msgid "2010-09-26"
msgstr "2010-09-26"
#. type: Plain text
#: build/C/man2/getrusage.2:151
-msgid "The number of times the file system had to perform input."
+msgid "The number of times the filesystem had to perform input."
msgstr "ファイルシステムが入力を実行する必要があった回数。"
#. type: TP
#. type: Plain text
#: build/C/man2/getrusage.2:154
-msgid "The number of times the file system had to perform output."
+msgid "The number of times the filesystem had to perform output."
msgstr "ファイルシステムが出力を実行する必要があった回数。"
#. type: TP
#. type: Plain text
#: build/C/man2/ioprio_set.2:235
msgid ""
-"One can view the current I/O scheduler via the I</sys> file system. For "
+"One can view the current I/O scheduler via the I</sys> filesystem. For "
"example, the following command displays a list of all schedulers currently "
"loaded in the kernel:"
msgstr ""
"> and hence does not change the saved set-user-ID. Analogous remarks hold "
"for B<setegid>(), with the difference that the change in implementation from "
"B<setregid(-1,>I< egid>B<)> to B<setresgid(-1,>I< egid>B<, -1)> occurred in "
-"glibc 2.2 or 2.3 (dependeing on the hardware architecture)."
+"glibc 2.2 or 2.3 (depending on the hardware architecture)."
msgstr ""
"libc4, libc5, glibc 2.0 では、 B<seteuid(>I<euid>B<)> は B<setreuid(-1,>I< "
"euid>B<)> と等価であり、保存 set-user-ID を変更するかもしれない。 glibc 2.1 "
msgid "SETFSGID"
msgstr "SETFSGID"
+#. type: TH
+#: build/C/man2/setfsgid.2:31 build/C/man2/setfsuid.2:31
+#, no-wrap
+msgid "2013-08-08"
+msgstr "2013-08-08"
+
#. type: Plain text
#: build/C/man2/setfsgid.2:34
-msgid "setfsgid - set group identity used for file system checks"
+msgid "setfsgid - set group identity used for filesystem checks"
msgstr ""
"setfsgid - ファイルシステムのチェックに用いられるグループ ID を設定する"
#. type: Plain text
-#: build/C/man2/setfsgid.2:37 build/C/man2/setfsuid.2:37
-msgid "B<#include E<lt>unistd.hE<gt>> /* glibc uses E<lt>sys/fsuid.hE<gt> */"
-msgstr "B<#include E<lt>unistd.hE<gt>> /* glibc では E<lt>sys/fsuid.hE<gt> */"
+#: build/C/man2/setfsgid.2:36 build/C/man2/setfsuid.2:36
+msgid "B<#include E<lt>sys/fsuid.hE<gt>>"
+msgstr "B<#include E<lt>sys/fsuid.hE<gt>>"
#. type: Plain text
-#: build/C/man2/setfsgid.2:39
+#: build/C/man2/setfsgid.2:38
msgid "B<int setfsgid(uid_t >I<fsgid>B<);>"
msgstr "B<int setfsgid(uid_t >I<fsgid>B<);>"
#. type: Plain text
#: build/C/man2/setfsgid.2:51
msgid ""
-"The system call B<setfsgid>() sets the group ID that the Linux kernel uses "
-"to check for all accesses to the file system. Normally, the value of "
-"I<fsgid> will shadow the value of the effective group ID. In fact, whenever "
-"the effective group ID is changed, I<fsgid> will also be changed to the new "
-"value of the effective group ID."
+"The system call B<setfsgid>() changes the value of the caller's filesystem "
+"group ID\\(emthe group ID that the Linux kernel uses to check for all "
+"accesses to the filesystem. Normally, the value of the filesystem group ID "
+"will shadow the value of the effective group ID. In fact, whenever the "
+"effective group ID is changed, the filesystem group ID will also be changed "
+"to the new value of the effective group ID."
msgstr ""
-"システムコール B<setfsgid>() は Linux カーネルがファイルシステムに対する 全"
-"てのアクセスのチェックに使用するグループ IDを設定する。通常は I<fsgid> の値は"
-"実効 (effective) グループID と同じになる。実際、 実効グループ ID が変更される"
-"度に I<fsgid> もまた新しい実効グループID の値に変更される。"
+"システムコール B<setfsgid>() は、 呼び出し元のファイルシステムグループ ID "
+"\\(em ファイルシステムへの全てのアクセスのチェックにおいて Linux カーネルが使"
+"用するグループ ID \\(em の値を変更する。通常はファイルシステムグループ ID の"
+"値は実効 (effective) グループ ID と同じになる。実際、 実効グループ ID が変更"
+"される度にファイルシステムグループ ID もまた新しい実効グループ ID の値に変更"
+"される。"
#. type: Plain text
#: build/C/man2/setfsgid.2:62
"セキュリティホールになる。(下記参照)"
#. type: Plain text
-#: build/C/man2/setfsgid.2:69
+#: build/C/man2/setfsgid.2:68
msgid ""
"B<setfsgid>() will succeed only if the caller is the superuser or if "
-"I<fsgid> matches either the real group ID, effective group ID, saved set-"
-"group-ID, or the current value of I<fsgid>."
+"I<fsgid> matches either the caller's real group ID, effective group ID, "
+"saved set-group-ID, or current the filesystem user ID."
msgstr ""
-"B<setfsgid>() は、スーパーユーザによって呼び出された場合か、 I<fsgid> が実グ"
-"ループID、実効グループID、 保存セットグループID (saved set-group-ID)、現在の "
-"I<fsgid> の値のいずれかに一致する場合にのみ成功する。"
+"B<setfsgid>() は、スーパーユーザによって呼び出された場合か、 I<fsgid> が呼び"
+"出し元の実グループID、実効グループID、 保存セットグループID (saved set-group-"
+"ID)、現在のファイルシステムグループ ID の値のいずれかに一致する場合にのみ成功"
+"する。"
#. type: Plain text
-#: build/C/man2/setfsgid.2:76
+#: build/C/man2/setfsgid.2:71
msgid ""
-"On success, the previous value of I<fsgid> is returned. On error, the "
-"current value of I<fsgid> is returned."
+"On both success and failure, this call returns the previous filesystem group "
+"ID of the caller."
msgstr ""
-"成功した場合、 I<fsgid> の以前の値を返す。エラーの場合は I<fsgid> の現在の値"
-"を返す。"
+"成功時も失敗時も、 この呼び出しは直前の呼び出し元のファイルシステムグループ "
+"ID の値を返す。"
#. This system call is present since Linux 1.1.44
#. and in libc since libc 4.7.6.
#. type: Plain text
-#: build/C/man2/setfsgid.2:80 build/C/man2/setfsuid.2:80
+#: build/C/man2/setfsgid.2:75 build/C/man2/setfsuid.2:75
msgid "This system call is present in Linux since version 1.2."
msgstr "このシステムコールはバージョン 1.2 以降の Linux に存在する。"
#. type: Plain text
-#: build/C/man2/setfsgid.2:84
+#: build/C/man2/setfsgid.2:79
msgid ""
"B<setfsgid>() is Linux-specific and should not be used in programs intended "
"to be portable."
"ない。"
#. type: Plain text
-#: build/C/man2/setfsgid.2:90
+#: build/C/man2/setfsgid.2:85
msgid ""
"When glibc determines that the argument is not a valid group ID, it will "
"return -1 and set I<errno> to B<EINVAL> without attempting the system call."
"わず I<errno> に B<EINVAL> を設定して -1 が返される。"
#. type: Plain text
-#: build/C/man2/setfsgid.2:94 build/C/man2/setfsuid.2:94
+#: build/C/man2/setfsgid.2:96
msgid ""
"Note that at the time this system call was introduced, a process could send "
"a signal to a process with the same effective user ID. Today signal "
-"permission handling is slightly different."
+"permission handling is slightly different. See B<setfsuid>(2) for a "
+"discussion of why the use of both B<setfsuid>(2) and B<setfsgid>() is "
+"nowadays unneeded."
msgstr ""
"このシステムコールが導入された当時、プロセスは 同じ実効ユーザIDのプロセスへシ"
"グナルを送ることができた。 今日では、シグナル送信権限の扱いはかなり違うものに"
-"なっている。"
+"なっている。 なぜ今日では B<setfsuid>(2) と B<setfsgid>() の両者が不要なのか"
+"の議論については B<setfsuid>(2) を参照のこと。"
#. type: Plain text
-#: build/C/man2/setfsgid.2:104
+#: build/C/man2/setfsgid.2:106
msgid ""
"The original Linux B<setfsgid>() system call supported only 16-bit group "
"IDs. Subsequently, Linux 2.4 added B<setfsgid32>() supporting 32-bit IDs. "
"カーネルバージョンによるこの違いを吸収している。"
#. type: Plain text
-#: build/C/man2/setfsgid.2:112
+#: build/C/man2/setfsgid.2:123
msgid ""
-"No error messages of any kind are returned to the caller. At the very "
-"least, B<EPERM> should be returned when the call fails (because the caller "
-"lacks the B<CAP_SETGID> capability)."
+"No error indications of any kind are returned to the caller, and the fact "
+"that both successful and unsuccessful calls return the same value makes it "
+"impossible to directly determine whether the call succeeded or failed. "
+"Instead, the caller must resort to looking at the return value from a "
+"further call such as I<setfsgid(-1)> (which will always fail), in order to "
+"determine if a preceding call to B<setfsgid>() changed the filesystem group "
+"ID. At the very least, B<EPERM> should be returned when the call fails "
+"(because the caller lacks the B<CAP_SETGID> capability)."
msgstr ""
-"いかなる種類のエラーメッセージも返さない。 失敗した場合は (呼び出し元には "
-"B<CAP_SETGID> ケーパビリティがなかったのだから) 最低でも B<EPERM> くらいは返"
-"すべきである。"
+"いかなる種類のエラーメッセージも返さず、 成功した場合も失敗した場合も呼び出し"
+"は同じ値を返すため、 呼び出しが成功したか失敗したかを直接判定することはできな"
+"い。 その代わり、 直前の B<setfsgid>() の呼び出しがファイルシステムグループ "
+"ID を変更したかどうかを判定するために、 呼び出し元はこの後に I<setfsgid(-1)> "
+"などを呼び出して返り値を見なければならない (I<setfsgid(-1)> は常に失敗す"
+"る)。 最低でも、失敗した場合は B<EPERM> くらいは返すべきである (呼び出し元に"
+"は B<CAP_SETGID> ケーパビリティがなかったのだから)。"
#. type: Plain text
-#: build/C/man2/setfsgid.2:117
+#: build/C/man2/setfsgid.2:128
msgid "B<kill>(2), B<setfsuid>(2), B<capabilities>(7), B<credentials>(7)"
msgstr "B<kill>(2), B<setfsuid>(2), B<capabilities>(7), B<credentials>(7)"
#. type: Plain text
#: build/C/man2/setfsuid.2:34
-msgid "setfsuid - set user identity used for file system checks"
+msgid "setfsuid - set user identity used for filesystem checks"
msgstr "setfsuid - ファイルシステムのチェックに用いられるユーザ ID を設定する"
#. type: Plain text
-#: build/C/man2/setfsuid.2:39
+#: build/C/man2/setfsuid.2:38
msgid "B<int setfsuid(uid_t >I<fsuid>B<);>"
msgstr "B<int setfsuid(uid_t >I<fsuid>B<);>"
#. type: Plain text
#: build/C/man2/setfsuid.2:51
msgid ""
-"The system call B<setfsuid>() sets the user ID that the Linux kernel uses "
-"to check for all accesses to the file system. Normally, the value of "
-"I<fsuid> will shadow the value of the effective user ID. In fact, whenever "
-"the effective user ID is changed, I<fsuid> will also be changed to the new "
+"The system call B<setfsuid>() changes the value of the caller's filesystem "
+"user ID\\(emthe user ID that the Linux kernel uses to check for all accesses "
+"to the filesystem. Normally, the value of the filesystem user ID will "
+"shadow the value of the effective user ID. In fact, whenever the effective "
+"user ID is changed, the filesystem user ID will also be changed to the new "
"value of the effective user ID."
msgstr ""
-"B<setfsuid>() は Linux カーネルがファイルシステムに対する 全てのアクセスの"
-"チェックに使用するユーザID を設定する。通常は I<fsuid> の値は実効 "
-"(effective) ユーザID と同じになる。実際、 実効ユーザID が変更される度に "
-"I<fsuid> もまた新しい実効ユーザID の値に変更される。"
+"B<setfsuid>() は、 呼び出し元のファイルシステムユーザー ID \\(em ファイルシ"
+"ステムへの全てのアクセスのチェックにおいて Linux カーネルが使用するユーザ ID "
+"\\(em の値を変更する。通常はファイルシステムユーザー ID の値は実効 "
+"(effective) ユーザID と同じになる。実際、 実効ユーザID が変更される度にファイ"
+"ルシステムユーザー ID もまた新しい実効ユーザ ID の値に変更される。"
#. type: Plain text
#: build/C/man2/setfsuid.2:62
"セキュリティホールになる。(下記参照)"
#. type: Plain text
-#: build/C/man2/setfsuid.2:69
+#: build/C/man2/setfsuid.2:68
msgid ""
"B<setfsuid>() will succeed only if the caller is the superuser or if "
-"I<fsuid> matches either the real user ID, effective user ID, saved set-user-"
-"ID, or the current value of I<fsuid>."
+"I<fsuid> matches either the caller's real user ID, effective user ID, saved "
+"set-user-ID, or current filesystem user ID."
msgstr ""
-"B<setfsuid>() ã\81¯ã\80\81ã\82¹ã\83¼ã\83\91ã\83¼ã\83¦ã\83¼ã\82¶ã\81«ã\82\88ã\81£ã\81¦å\91¼ã\81³å\87ºã\81\95ã\82\8cã\81\9få ´å\90\88ã\81\8bã\80\81 I<fsuid> ã\81\8cå®\9f"
-"ユーザID、実効ユーザID、 保存セットユーザID (saved set-user-ID)、現在の "
-"I<fsuid> の値のいずれかに一致する場合にのみ成功する。"
+"B<setfsuid>() ã\81¯ã\80\81ã\82¹ã\83¼ã\83\91ã\83¼ã\83¦ã\83¼ã\82¶ã\81«ã\82\88ã\81£ã\81¦å\91¼ã\81³å\87ºã\81\95ã\82\8cã\81\9få ´å\90\88ã\81\8bã\80\81 I<fsuid> ã\81\8cå\91¼ã\81³"
+"出し元の実ユーザID、実効ユーザID、 保存セットユーザID (saved set-user-ID)、現"
+"在のファイルシステムグループ ID の値のいずれかに一致する場合にのみ成功する。"
#. type: Plain text
-#: build/C/man2/setfsuid.2:76
+#: build/C/man2/setfsuid.2:71
msgid ""
-"On success, the previous value of I<fsuid> is returned. On error, the "
-"current value of I<fsuid> is returned."
+"On both success and failure, this call returns the previous filesystem user "
+"ID of the caller."
msgstr ""
-"成功した場合、 I<fsuid> の以前の値を返す。エラーの場合は I<fsuid> の現在の値"
-"を返す。"
+"成功時も失敗時も、 この呼び出しは直前の呼び出し元のファイルシステムユーザー "
+"ID の値を返す。"
#. type: Plain text
-#: build/C/man2/setfsuid.2:84
+#: build/C/man2/setfsuid.2:79
msgid ""
"B<setfsuid>() is Linux-specific and should not be used in programs intended "
"to be portable."
"ない。"
#. type: Plain text
-#: build/C/man2/setfsuid.2:90
+#: build/C/man2/setfsuid.2:85
msgid ""
"When glibc determines that the argument is not a valid user ID, it will "
"return -1 and set I<errno> to B<EINVAL> without attempting the system call."
#. type: Plain text
#: build/C/man2/setfsuid.2:104
msgid ""
+"At the time when this system call was introduced, one process could send a "
+"signal to another process with the same effective user ID. This meant that "
+"if a privileged process changed its effective user ID for the purpose of "
+"file permission checking, then it could become vulnerable to receiving "
+"signals sent by another (unprivileged) process with the same user ID. The "
+"filesystem user ID attribute was thus added to allow a process to change its "
+"user ID for the purposes of file permission checking without at the same "
+"time becoming vulnerable to receiving unwanted signals. Since Linux 2.0, "
+"signal permission handling is different (see B<kill>(2)), with the result "
+"that a process change can change its effective user ID without being "
+"vulnerable to receiving signals from unwanted processes. Thus, B<setfsuid>"
+"() is nowadays unneeded and should be avoided in new applications (likewise "
+"for B<setfsgid>(2))."
+msgstr ""
+"このシステムコールが導入された当時、 あるプロセスは同じ実効ユーザー ID を持つ"
+"別のプロセスにシグナルを送信できた。 これは、 特権プロセスがファイルのアクセ"
+"ス許可をチェックするために自身の実効ユーザー ID を変更すると、 同じユーザー "
+"ID を持つ別の (非特権) プロセスが送信したシグナルを受け取るようになってしまう"
+"ことを意味する。そのため、 プロセスが、 受け取りたくないシグナルを受信する状"
+"態にならずに、 ファイルのアクセス許可をチェックするために自身のユーザー ID を"
+"変更できるように、 ファイルシステムユーザー ID 属性が追加された。 Linux 2.0 "
+"以降では、 シグナルの送信許可の扱いは異なり (B<kill>(2) 参照)、 プロセスは、 "
+"望まないプロセスからシグナルを受信してしまう状態にならずに、 自身の実効ユー"
+"ザー ID を変更することができる。 したがって、 B<setfsuid>() は今日では不要で"
+"あり、 新規のアプリケーションでは使用すべきではない (B<setfsgid>(2) も同様)。"
+
+#. type: Plain text
+#: build/C/man2/setfsuid.2:114
+msgid ""
"The original Linux B<setfsuid>() system call supported only 16-bit user "
"IDs. Subsequently, Linux 2.4 added B<setfsuid32>() supporting 32-bit IDs. "
"The glibc B<setfsuid>() wrapper function transparently deals with the "
"カーネルバージョンによるこの違いを吸収している。"
#. type: Plain text
-#: build/C/man2/setfsuid.2:112
+#: build/C/man2/setfsuid.2:131
msgid ""
-"No error messages of any kind are returned to the caller. At the very "
-"least, B<EPERM> should be returned when the call fails (because the caller "
-"lacks the B<CAP_SETUID> capability)."
+"No error indications of any kind are returned to the caller, and the fact "
+"that both successful and unsuccessful calls return the same value makes it "
+"impossible to directly determine whether the call succeeded or failed. "
+"Instead, the caller must resort to looking at the return value from a "
+"further call such as I<setfsuid(-1)> (which will always fail), in order to "
+"determine if a preceding call to B<setfsuid>() changed the filesystem user "
+"ID. At the very least, B<EPERM> should be returned when the call fails "
+"(because the caller lacks the B<CAP_SETUID> capability)."
msgstr ""
-"いかなる種類のエラーメッセージも呼び出し元に返さない。 失敗した場合は (呼び出"
-"し元には B<CAP_SETUID> ケーパビリティがなかったのだから) 最低でも B<EPERM> く"
-"らいは返すべきである。"
+"いかなる種類のエラーメッセージも返さず、 成功した場合も失敗した場合も呼び出し"
+"は同じ値を返すため、 呼び出しが成功したか失敗したかを直接判定することはできな"
+"い。 その代わり、 直前の B<setfsuid>() の呼び出しがファイルシステムグループ "
+"ID を変更したかどうかを判定するために、 呼び出し元はこの後に I<setfsuid(-1)> "
+"などを呼び出して返り値を見なければならない (I<setfsuid(-1)> は常に失敗す"
+"る)。 最低でも、失敗した場合は B<EPERM> くらいは返すべきである (呼び出し元に"
+"は B<CAP_SETUID> ケーパビリティがなかったのだから)。"
#. type: Plain text
-#: build/C/man2/setfsuid.2:117
+#: build/C/man2/setfsuid.2:136
msgid "B<kill>(2), B<setfsgid>(2), B<capabilities>(7), B<credentials>(7)"
msgstr "B<kill>(2), B<setfsgid>(2), B<capabilities>(7), B<credentials>(7)"
msgid "SETPGID"
msgstr "SETPGID"
+#. type: TH
+#: build/C/man2/setpgid.2:48
+#, no-wrap
+msgid "2014-01-07"
+msgstr "2014-01-07"
+
#. type: Plain text
#: build/C/man2/setpgid.2:51
msgid "setpgid, getpgid, setpgrp, getpgrp - set/get process group"
" _XOPEN_SOURCE\\ &&\\ _XOPEN_SOURCE_EXTENDED\n"
#. type: Plain text
-#: build/C/man2/setpgid.2:91
-msgid "B<setpgrp>()\\ (BSD), B<getpgrp>()\\ (BSD):"
-msgstr "B<setpgrp>()\\ (BSD), B<getpgrp>()\\ (BSD):"
+#: build/C/man2/setpgid.2:89
+#, no-wrap
+msgid " || /* Since glibc 2.19: */ _BSD_SOURCE\n"
+msgstr " || /* glibc 2.19 以降: */ _BSD_SOURCE\n"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:93
+msgid "B<setpgrp>()\\ (BSD), B<getpgrp>()\\ (BSD) [before glibc 2.19]:"
+msgstr "B<setpgrp>()\\ (BSD), B<getpgrp>()\\ (BSD) [glibc 2.19 より前]:"
#. type: Plain text
-#: build/C/man2/setpgid.2:95
+#: build/C/man2/setpgid.2:97
#, no-wrap
msgid ""
" _BSD_SOURCE &&\n"
" _XOPEN_SOURCE_EXTENDED || _GNU_SOURCE || _SVID_SOURCE)\n"
#. type: Plain text
-#: build/C/man2/setpgid.2:107
+#: build/C/man2/setpgid.2:109
msgid ""
"All of these interfaces are available on Linux, and are used for getting and "
"setting the process group ID (PGID) of a process. The preferred, POSIX.1-"
"B<setpgid>() で設定する。"
#. type: Plain text
-#: build/C/man2/setpgid.2:132
+#: build/C/man2/setpgid.2:134
msgid ""
"B<setpgid>() sets the PGID of the process specified by I<pid> to I<pgid>. "
"If I<pid> is zero, then the process ID of the calling process is used. If "
"するプロセスの セッション ID に一致しなければならない。"
#. type: Plain text
-#: build/C/man2/setpgid.2:137
+#: build/C/man2/setpgid.2:139
msgid ""
"The POSIX.1 version of B<getpgrp>(), which takes no arguments, returns the "
"PGID of the calling process."
"スの PGID を返す。"
#. type: Plain text
-#: build/C/man2/setpgid.2:148
+#: build/C/man2/setpgid.2:150
msgid ""
"B<getpgid>() returns the PGID of the process specified by I<pid>. If "
"I<pid> is zero, the process ID of the calling process is used. (Retrieving "
"望ましい。)"
#. type: Plain text
-#: build/C/man2/setpgid.2:153
+#: build/C/man2/setpgid.2:155
msgid ""
"The System V-style B<setpgrp>(), which takes no arguments, is equivalent to "
"I<setpgid(0,\\ 0)>."
"System V バージョンの B<setpgrp>() は引き数を一つもとらず、 I<setpgid(0,\\ "
"0)> と等価である。"
+#. type: Plain text
+#: build/C/man2/setpgid.2:163
+msgid ""
+"The BSD-specific B<setpgrp>() call, which takes arguments I<pid> and "
+"I<pgid>, is is a wrapper function that calls"
+msgstr ""
+"BSD 仕様の B<setpgrp>() は I<pid> と I<pgid> を引き数にとり、 以下を呼び出す"
+"ラッパー関数である。"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:165
+#, no-wrap
+msgid " setpgid(pid, pgid)\n"
+msgstr " setpgid(pid, pgid)\n"
+
#. The true BSD setpgrp() system call differs in allowing the PGID
#. to be set to arbitrary values, rather than being restricted to
#. PGIDs in the same session.
#. type: Plain text
-#: build/C/man2/setpgid.2:165
+#: build/C/man2/setpgid.2:176
msgid ""
-"The BSD-specific B<setpgrp>() call, which takes arguments I<pid> and "
-"I<pgid>, is equivalent to I<setpgid(pid, pgid)>."
+"Since glibc 2.19, the BSD-specific B<setpgrp>() function is no longer "
+"exposed by I<E<lt>unistd.hE<gt>>; calls should be replaced with the "
+"B<setpgid>() call shown above."
msgstr ""
-"BSD 仕様の B<setpgrp>() は I<pid> と I<pgid> を引き数にとり、 I<setpgid"
-"(pid, pgid)> と等価である。"
+"glibc 2.19 以降、 BSD 固有の B<setpgrp>() 関数はもはや I<E<lt>unistd.hE<gt>> "
+"では公開されない。 この関数の呼び出しは上記の B<setpgid>() の呼び出しで置き換"
+"えるべきである。"
#. type: Plain text
-#: build/C/man2/setpgid.2:172
+#: build/C/man2/setpgid.2:182
msgid ""
"The BSD-specific B<getpgrp>() call, which takes a single I<pid> argument, "
-"is equivalent to I<getpgid(pid)>."
+"is a wrapper function that calls"
+msgstr ""
+"BSD 仕様の B<getpgrp>() は I<pid> だけを引き数にとり、 以下を呼び出すラッ"
+"パー関数である。"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:184
+#, no-wrap
+msgid " getpgid(pid)\n"
+msgstr " getpgid(pid)\n"
+
+#. type: Plain text
+#: build/C/man2/setpgid.2:195
+msgid ""
+"Since glibc 2.19, the BSD-specific B<getpgrp>() function is no longer "
+"exposed by I<E<lt>unistd.hE<gt>>; calls should be replaced with calls to the "
+"POSIX.1 B<getpgrp>() which takes no arguments (if the intent is to obtain "
+"the caller's PGID), or with the B<getpgid>() call shown above."
msgstr ""
-"BSD 仕様の B<getpgrp>() は I<pid> だけを引き数にとり、 I<getpgid(pid)> と等"
-"価である。"
+"glibc 2.19 以降、 BSD 固有の B<getpgrp>() 関数はもはや I<E<lt>unistd.hE<gt>> "
+"では公開されない。 この関数の呼び出しは、引き数を取らない POSIX.1 の "
+"B<getpgrp>() の呼び出し (呼び出し元の PGID を取得する目的の場合)、もしくは上"
+"記の B<getpgid>() の呼び出しで置き換えるべきである。"
#. type: Plain text
-#: build/C/man2/setpgid.2:181
+#: build/C/man2/setpgid.2:204
msgid ""
"On success, B<setpgid>() and B<setpgrp>() return zero. On error, -1 is "
"returned, and I<errno> is set appropriately."
"を返し、 I<errno> が適切に設定される。"
#. type: Plain text
-#: build/C/man2/setpgid.2:185
+#: build/C/man2/setpgid.2:208
msgid "The POSIX.1 B<getpgrp>() always returns the PGID of the caller."
msgstr ""
"POSIX.1 バージョンの B<getpgrp>() は常に呼び出しプロセスの PGID を返す。"
#. type: Plain text
-#: build/C/man2/setpgid.2:193
+#: build/C/man2/setpgid.2:216
msgid ""
"B<getpgid>(), and the BSD-specific B<getpgrp>() return a process group on "
"success. On error, -1 is returned, and I<errno> is set appropriately."
"す。 エラーの場合は -1 を返し、 I<errno> が適切に設定される。"
#. type: Plain text
-#: build/C/man2/setpgid.2:202
+#: build/C/man2/setpgid.2:225
msgid ""
"An attempt was made to change the process group ID of one of the children of "
"the calling process and the child had already performed an B<execve>(2) "
"())"
#. type: Plain text
-#: build/C/man2/setpgid.2:208
+#: build/C/man2/setpgid.2:231
msgid "I<pgid> is less than 0 (B<setpgid>(), B<setpgrp>())."
msgstr "I<pgid> が 0 より小さい。 (B<setpgid>(), B<setpgrp>())"
#. type: Plain text
-#: build/C/man2/setpgid.2:217
+#: build/C/man2/setpgid.2:240
msgid ""
"An attempt was made to move a process into a process group in a different "
"session, or to change the process group ID of one of the children of the "
"ID を変更しようとした。 (B<setpgid>(), B<setpgrp>())"
#. type: Plain text
-#: build/C/man2/setpgid.2:227
+#: build/C/man2/setpgid.2:250
msgid ""
"For B<getpgid>(): I<pid> does not match any process. For B<setpgid>(): "
"I<pid> is not the calling process and not a child of the calling process."
"でもない。"
#. type: Plain text
-#: build/C/man2/setpgid.2:233
+#: build/C/man2/setpgid.2:256
msgid ""
"B<setpgid>() and the version of B<getpgrp>() with no arguments conform to "
"POSIX.1-2001."
"している。"
#. type: Plain text
-#: build/C/man2/setpgid.2:242
+#: build/C/man2/setpgid.2:265
msgid ""
"POSIX.1-2001 also specifies B<getpgid>() and the version of B<setpgrp>() "
"that takes no arguments. (POSIX.1-2008 marks this B<setpgrp>() "
"定している。 POSIX.1-2008 は、この B<setpgrp>() の仕様を廃止予定としている。"
#. type: Plain text
-#: build/C/man2/setpgid.2:249
+#: build/C/man2/setpgid.2:272
msgid ""
"The version of B<getpgrp>() with one argument and the version of B<setpgrp>"
"() that takes two arguments derive from 4.2BSD, and are not specified by "
"() は 4.2BSD に由来し、 POSIX.1 では規定されていない。"
#. type: Plain text
-#: build/C/man2/setpgid.2:255
+#: build/C/man2/setpgid.2:278
msgid ""
"A child created via B<fork>(2) inherits its parent's process group ID. The "
"PGID is preserved across an B<execve>(2)."
"B<execve>(2) の前後で PGID は保存される。"
#. type: Plain text
-#: build/C/man2/setpgid.2:258
+#: build/C/man2/setpgid.2:281
msgid ""
"Each process group is a member of a session and each process is a member of "
"the session of which its process group is a member."
"ループが所属しているセッションのメンバーである。"
#. type: Plain text
-#: build/C/man2/setpgid.2:285
+#: build/C/man2/setpgid.2:308
msgid ""
"A session can have a controlling terminal. At any time, one (and only one) "
"of the process groups in the session can be the foreground process group for "
"(See B<termios>(3) for a description of the characters that generate "
"signals.) Only the foreground process group may B<read>(2) from the "
"terminal; if a background process group tries to B<read>(2) from the "
-"terminal, then the group is sent a B<SIGTSTP> signal, which suspends it. "
+"terminal, then the group is sent a B<SIGTTIN> signal, which suspends it. "
"The B<tcgetpgrp>(3) and B<tcsetpgrp>(3) functions are used to get/set the "
"foreground process group of the controlling terminal."
msgstr ""
"(シグナルを生成する文字の説明は B<termios>(3) を参照)。 フォアグラウンドのプ"
"ロセスグループだけが端末からの B<read>(2) ができる。 バックグラウンドのプロ"
"セスグループが端末からの B<read>(2) を行おうとした場合、そのプロセスグループ"
-"にはシグナル B<SIGTSTP> が送られ、そのプロセスグループは一時停止 (suspend) す"
+"にはシグナル B<SIGTTIN> が送られ、そのプロセスグループは一時停止 (suspend) す"
"る。 関数 B<tcgetpgrp>(3) と B<tcsetpgrp>(3) を使うと、制御端末のフォアグラ"
"ウンドのプロセスグループを 取得/設定できる。"
#. type: Plain text
-#: build/C/man2/setpgid.2:293
+#: build/C/man2/setpgid.2:316
msgid ""
"The B<setpgid>() and B<getpgrp>() calls are used by programs such as "
"B<bash>(1) to create process groups in order to implement shell job control."
"れる。"
#. type: Plain text
-#: build/C/man2/setpgid.2:303
+#: build/C/man2/setpgid.2:326
msgid ""
"If a session has a controlling terminal, and the B<CLOCAL> flag for that "
"terminal is not set, and a terminal hangup occurs, then the session leader "
#. exit.3 refers to the following text:
#. type: Plain text
-#: build/C/man2/setpgid.2:317
+#: build/C/man2/setpgid.2:340
msgid ""
"If the exit of the process causes a process group to become orphaned, and if "
"any member of the newly orphaned process group is stopped, then a B<SIGHUP> "
"スグループのメンバーのいずれかであるような、 プロセスグループのことである。"
#. type: Plain text
-#: build/C/man2/setpgid.2:324
+#: build/C/man2/setpgid.2:347
msgid ""
"B<getuid>(2), B<setsid>(2), B<tcgetpgrp>(3), B<tcsetpgrp>(3), B<termios>(3), "
"B<credentials>(7)"
#: build/C/man2/setresuid.2:57
msgid ""
"Regardless of what changes are made to the real UID, effective UID, and "
-"saved set-user-ID, the file system UID is always set to the same value as "
-"the (possibly new) effective UID."
+"saved set-user-ID, the filesystem UID is always set to the same value as the "
+"(possibly new) effective UID."
msgstr ""
"実 UID、実効 UID、保存 set-user-ID にどんな変更が行われたかに関わらず、 ファ"
"イルシステム UID は常に実効 UID (可能であれば変更後の新しい実効 UID) と同じ"
#: build/C/man2/setresuid.2:64
msgid ""
"Completely analogously, B<setresgid>() sets the real GID, effective GID, "
-"and saved set-group-ID of the calling process (and always modifies the file "
-"system GID to be the same as the effective GID), with the same restrictions "
-"for unprivileged processes."
+"and saved set-group-ID of the calling process (and always modifies the "
+"filesystem GID to be the same as the effective GID), with the same "
+"restrictions for unprivileged processes."
msgstr ""
"全く同じように、 B<setresgid>() は呼び出し元のプロセスの実 GID、実効 GID、保"
"存 set-group-ID を設定する (さらにファイルシステム GID を実効 GID と同じ値に"
msgid "SETREUID"
msgstr "SETREUID"
+#. type: TH
+#: build/C/man2/setreuid.2:45
+#, no-wrap
+msgid "2013-12-12"
+msgstr "2013-12-12"
+
#. type: Plain text
#: build/C/man2/setreuid.2:48
msgid "setreuid, setregid - set real and/or effective user or group ID"
"設定できない。"
#. type: Plain text
-#: build/C/man2/setreuid.2:86
+#: build/C/man2/setreuid.2:88
msgid ""
-"If the real user ID is set or the effective user ID is set to a value not "
-"equal to the previous real user ID, the saved set-user-ID will be set to the "
-"new effective user ID."
+"If the real user ID is set (i.e., I<ruid> is not -1) or the effective user "
+"ID is set to a value not equal to the previous real user ID, the saved set-"
+"user-ID will be set to the new effective user ID."
msgstr ""
-"実ユーザーID が設定されたり、実効ユーザーID が前の実ユーザーID と 異った値に"
-"設定された場合、保存 set-user-ID には新しい実効ユーザーID の値が設定される。"
+"実ユーザーID が設定されたり (I<ruid> が -1 ではない)、実効ユーザーID が前の実"
+"ユーザーID と 異った値に設定された場合、保存 set-user-ID には新しい実効ユー"
+"ザーID の値が設定される。"
#. type: Plain text
-#: build/C/man2/setreuid.2:91
+#: build/C/man2/setreuid.2:93
msgid ""
"Completely analogously, B<setregid>() sets real and effective group ID's of "
"the calling process, and all of the above holds with \"group\" instead of "
"とが成り立つ。"
#. type: Plain text
-#: build/C/man2/setreuid.2:113
+#: build/C/man2/setreuid.2:115
msgid ""
"The calling process is not privileged (Linux: does not have the "
"B<CAP_SETUID> capability in the case of B<setreuid>(), or the B<CAP_SETGID> "
"user-ID (保存 set-group-ID) の値を設定する。"
#. type: Plain text
-#: build/C/man2/setreuid.2:119
+#: build/C/man2/setreuid.2:121
msgid ""
"POSIX.1-2001, 4.3BSD (the B<setreuid>() and B<setregid>() function calls "
"first appeared in 4.2BSD)."
"登場した)。"
#. type: Plain text
-#: build/C/man2/setreuid.2:123
+#: build/C/man2/setreuid.2:125
msgid ""
"Setting the effective user (group) ID to the saved set-user-ID (saved set-"
"group-ID) is possible since Linux 1.1.37 (1.1.38)."
"Linux 1.1.37 (1.1.38) から可能になった。"
#. type: Plain text
-#: build/C/man2/setreuid.2:140
+#: build/C/man2/setreuid.2:142
msgid ""
"POSIX.1 does not specify all of possible ID changes that are permitted on "
"Linux for an unprivileged process. For B<setreuid>(), the effective user ID "
"な詳細は 実装ごとに異なる。"
#. type: Plain text
-#: build/C/man2/setreuid.2:143
+#: build/C/man2/setreuid.2:145
msgid ""
"POSIX.1 makes no specification about the effect of these calls on the saved "
"set-user-ID and saved set-group-ID."
"に与える影響については規定していない。"
#. type: Plain text
-#: build/C/man2/setreuid.2:159
+#: build/C/man2/setreuid.2:161
msgid ""
"The original Linux B<setreuid>() and B<setregid>() system calls supported "
"only 16-bit user and group IDs. Subsequently, Linux 2.4 added B<setreuid32>"
"カーネルバージョンによるこの違いを吸収している。"
#. type: Plain text
-#: build/C/man2/setreuid.2:167
+#: build/C/man2/setreuid.2:169
msgid ""
"B<getgid>(2), B<getuid>(2), B<seteuid>(2), B<setgid>(2), B<setresuid>(2), "
"B<setuid>(2), B<capabilities>(7)"
msgid "SETSID"
msgstr "SETSID"
+#. type: TH
+#: build/C/man2/setsid.2:30
+#, no-wrap
+msgid "2013-02-11"
+msgstr "2013-02-11"
+
#. type: Plain text
#: build/C/man2/setsid.2:33
msgid "setsid - creates a session and sets the process group ID"
#. type: Plain text
#: build/C/man2/setuid.2:105
msgid ""
-"Linux has the concept of the file system user ID, normally equal to the "
-"effective user ID. The B<setuid>() call also sets the file system user ID "
+"Linux has the concept of the filesystem user ID, normally equal to the "
+"effective user ID. The B<setuid>() call also sets the filesystem user ID "
"of the calling process. See B<setfsuid>(2)."
msgstr ""
"Linux はファイルシステム・ユーザー ID の概念を持つ。\n"
#: build/C/man3/ulimit.3:88
msgid "B<bash>(1), B<getrlimit>(2), B<setrlimit>(2), B<sysconf>(3)"
msgstr "B<bash>(1), B<getrlimit>(2), B<setrlimit>(2), B<sysconf>(3)"
+
+#~ msgid "2008-06-03"
+#~ msgstr "2008-06-03"
+
+#~ msgid ""
+#~ "The maximum return value of B<getgroups>() cannot be larger than one "
+#~ "more than this value."
+#~ msgstr ""
+#~ "B<getgroups>() の返り値の最大値は、この値より 1 大きい値より大きくなるこ"
+#~ "とはない。"
+
+#~ msgid "2013-07-31"
+#~ msgstr "2013-07-31"