+++ /dev/null
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Free Software Foundation, Inc.
-# This file is distributed under the same license as the PACKAGE package.
-# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
-#
-#, fuzzy
-msgid ""
-msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-02-04 23:33+0900\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-
-#. type: TH
-#: build/C/man2/acct.2:31 build/C/man5/acct.5:25
-#, no-wrap
-msgid "ACCT"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/acct.2:31
-#, no-wrap
-msgid "2008-06-16"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/acct.2:31 build/C/man5/acct.5:25 build/C/man7/capabilities.7:48 build/C/man2/capget.2:15 build/C/man7/cpuset.7:25 build/C/man7/credentials.7:27 build/C/man2/getgid.2:25 build/C/man2/getgroups.2:31 build/C/man2/getpid.2:25 build/C/man2/getpriority.2:45 build/C/man2/getresuid.2:28 build/C/man2/getrlimit.2:64 build/C/man2/getrusage.2:39 build/C/man2/getsid.2:26 build/C/man2/getuid.2:26 build/C/man2/iopl.2:33 build/C/man2/ioprio_set.2:24 build/C/man2/ipc.2:25 build/C/man7/namespaces.7:27 build/C/man7/pid_namespaces.7:27 build/C/man2/seteuid.2:29 build/C/man2/setfsgid.2:31 build/C/man2/setfsuid.2:31 build/C/man2/setgid.2:29 build/C/man2/setpgid.2:48 build/C/man2/setresuid.2:26 build/C/man2/setreuid.2:45 build/C/man2/setsid.2:31 build/C/man2/setuid.2:30 build/C/man7/svipc.7:40 build/C/man3/ulimit.3:27 build/C/man7/user_namespaces.7:27 build/C/man2/seccomp.2:27
-#, no-wrap
-msgid "Linux"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/acct.2:31 build/C/man5/acct.5:25 build/C/man7/capabilities.7:48 build/C/man2/capget.2:15 build/C/man7/cpuset.7:25 build/C/man7/credentials.7:27 build/C/man2/getgid.2:25 build/C/man2/getgroups.2:31 build/C/man2/getpid.2:25 build/C/man2/getpriority.2:45 build/C/man2/getresuid.2:28 build/C/man2/getrlimit.2:64 build/C/man2/getrusage.2:39 build/C/man2/getsid.2:26 build/C/man2/getuid.2:26 build/C/man3/group_member.3:25 build/C/man2/iopl.2:33 build/C/man2/ioprio_set.2:24 build/C/man2/ipc.2:25 build/C/man7/namespaces.7:27 build/C/man7/pid_namespaces.7:27 build/C/man2/seteuid.2:29 build/C/man2/setfsgid.2:31 build/C/man2/setfsuid.2:31 build/C/man2/setgid.2:29 build/C/man2/setpgid.2:48 build/C/man2/setresuid.2:26 build/C/man2/setreuid.2:45 build/C/man2/setsid.2:31 build/C/man2/setuid.2:30 build/C/man7/svipc.7:40 build/C/man3/ulimit.3:27 build/C/man7/user_namespaces.7:27 build/C/man2/seccomp.2:27
-#, no-wrap
-msgid "Linux Programmer's Manual"
-msgstr ""
-
-#. type: SH
-#: build/C/man2/acct.2:32 build/C/man5/acct.5:26 build/C/man7/capabilities.7:49 build/C/man2/capget.2:16 build/C/man7/cpuset.7:26 build/C/man7/credentials.7:28 build/C/man2/getgid.2:26 build/C/man2/getgroups.2:32 build/C/man2/getpid.2:26 build/C/man2/getpriority.2:46 build/C/man2/getresuid.2:29 build/C/man2/getrlimit.2:65 build/C/man2/getrusage.2:40 build/C/man2/getsid.2:27 build/C/man2/getuid.2:27 build/C/man3/group_member.3:26 build/C/man2/iopl.2:34 build/C/man2/ioprio_set.2:25 build/C/man2/ipc.2:26 build/C/man7/namespaces.7:28 build/C/man7/pid_namespaces.7:28 build/C/man2/seteuid.2:30 build/C/man2/setfsgid.2:32 build/C/man2/setfsuid.2:32 build/C/man2/setgid.2:30 build/C/man2/setpgid.2:49 build/C/man2/setresuid.2:27 build/C/man2/setreuid.2:46 build/C/man2/setsid.2:32 build/C/man2/setuid.2:31 build/C/man7/svipc.7:41 build/C/man3/ulimit.3:28 build/C/man7/user_namespaces.7:28 build/C/man2/seccomp.2:28
-#, no-wrap
-msgid "NAME"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:34
-msgid "acct - switch process accounting on or off"
-msgstr ""
-
-#. type: SH
-#: build/C/man2/acct.2:34 build/C/man5/acct.5:28 build/C/man2/capget.2:18 build/C/man2/getgid.2:28 build/C/man2/getgroups.2:34 build/C/man2/getpid.2:28 build/C/man2/getpriority.2:48 build/C/man2/getresuid.2:31 build/C/man2/getrlimit.2:67 build/C/man2/getrusage.2:42 build/C/man2/getsid.2:29 build/C/man2/getuid.2:29 build/C/man3/group_member.3:28 build/C/man2/iopl.2:36 build/C/man2/ioprio_set.2:27 build/C/man2/ipc.2:28 build/C/man2/seteuid.2:32 build/C/man2/setfsgid.2:34 build/C/man2/setfsuid.2:34 build/C/man2/setgid.2:32 build/C/man2/setpgid.2:51 build/C/man2/setresuid.2:29 build/C/man2/setreuid.2:48 build/C/man2/setsid.2:34 build/C/man2/setuid.2:33 build/C/man7/svipc.7:43 build/C/man3/ulimit.3:30 build/C/man2/seccomp.2:30
-#, no-wrap
-msgid "SYNOPSIS"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:38
-#, no-wrap
-msgid "B<#include E<lt>unistd.hE<gt>>\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:40
-#, no-wrap
-msgid "B<int acct(const char *>I<filename>B<);>\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:46 build/C/man2/getgroups.2:48 build/C/man2/getrlimit.2:84 build/C/man2/getsid.2:37 build/C/man3/group_member.3:36 build/C/man2/seteuid.2:44 build/C/man2/setpgid.2:71 build/C/man2/setreuid.2:60
-msgid "Feature Test Macro Requirements for glibc (see B<feature_test_macros>(7)):"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:50
-msgid "B<acct>(): _BSD_SOURCE || (_XOPEN_SOURCE && _XOPEN_SOURCE\\ E<lt>\\ 500)"
-msgstr ""
-
-#. type: SH
-#: build/C/man2/acct.2:50 build/C/man5/acct.5:30 build/C/man7/capabilities.7:51 build/C/man2/capget.2:24 build/C/man7/cpuset.7:28 build/C/man7/credentials.7:30 build/C/man2/getgid.2:36 build/C/man2/getgroups.2:52 build/C/man2/getpid.2:36 build/C/man2/getpriority.2:56 build/C/man2/getresuid.2:39 build/C/man2/getrlimit.2:88 build/C/man2/getrusage.2:48 build/C/man2/getsid.2:50 build/C/man2/getuid.2:37 build/C/man3/group_member.3:40 build/C/man2/iopl.2:40 build/C/man2/ioprio_set.2:35 build/C/man2/ipc.2:34 build/C/man7/namespaces.7:30 build/C/man7/pid_namespaces.7:30 build/C/man2/seteuid.2:53 build/C/man2/setfsgid.2:38 build/C/man2/setfsuid.2:38 build/C/man2/setgid.2:38 build/C/man2/setpgid.2:100 build/C/man2/setresuid.2:37 build/C/man2/setreuid.2:70 build/C/man2/setsid.2:41 build/C/man2/setuid.2:39 build/C/man7/svipc.7:49 build/C/man3/ulimit.3:34 build/C/man7/user_namespaces.7:30 build/C/man2/seccomp.2:43
-#, no-wrap
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:60
-msgid ""
-"The B<acct>() system call enables or disables process accounting. If "
-"called with the name of an existing file as its argument, accounting is "
-"turned on, and records for each terminating process are appended to "
-"I<filename> as it terminates. An argument of NULL causes accounting to be "
-"turned off."
-msgstr ""
-
-#. type: SH
-#: build/C/man2/acct.2:60 build/C/man2/capget.2:160 build/C/man2/getgroups.2:92 build/C/man2/getpriority.2:104 build/C/man2/getresuid.2:50 build/C/man2/getrlimit.2:461 build/C/man2/getrusage.2:188 build/C/man2/getsid.2:58 build/C/man3/group_member.3:48 build/C/man2/iopl.2:66 build/C/man2/ioprio_set.2:149 build/C/man2/seteuid.2:67 build/C/man2/setfsgid.2:68 build/C/man2/setfsuid.2:68 build/C/man2/setgid.2:53 build/C/man2/setpgid.2:195 build/C/man2/setresuid.2:64 build/C/man2/setreuid.2:93 build/C/man2/setsid.2:54 build/C/man2/setuid.2:70 build/C/man3/ulimit.3:67 build/C/man2/seccomp.2:342
-#, no-wrap
-msgid "RETURN VALUE"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:65 build/C/man2/capget.2:165 build/C/man2/getresuid.2:55 build/C/man2/getrusage.2:193 build/C/man2/iopl.2:71 build/C/man2/seteuid.2:72 build/C/man2/setgid.2:58 build/C/man2/setresuid.2:69 build/C/man2/setreuid.2:98 build/C/man2/setuid.2:75
-msgid ""
-"On success, zero is returned. On error, -1 is returned, and I<errno> is set "
-"appropriately."
-msgstr ""
-
-#. type: SH
-#: build/C/man2/acct.2:65 build/C/man2/capget.2:179 build/C/man7/cpuset.7:1100 build/C/man2/getgid.2:42 build/C/man2/getgroups.2:106 build/C/man2/getpid.2:44 build/C/man2/getpriority.2:117 build/C/man2/getresuid.2:55 build/C/man2/getrlimit.2:466 build/C/man2/getrusage.2:193 build/C/man2/getsid.2:63 build/C/man2/getuid.2:43 build/C/man2/iopl.2:71 build/C/man2/ioprio_set.2:169 build/C/man2/seteuid.2:79 build/C/man2/setgid.2:58 build/C/man2/setpgid.2:216 build/C/man2/setresuid.2:76 build/C/man2/setreuid.2:105 build/C/man2/setsid.2:61 build/C/man2/setuid.2:82 build/C/man3/ulimit.3:74 build/C/man2/seccomp.2:358
-#, no-wrap
-msgid "ERRORS"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/acct.2:66 build/C/man7/cpuset.7:1116 build/C/man7/cpuset.7:1123 build/C/man7/cpuset.7:1129 build/C/man7/cpuset.7:1137 build/C/man7/cpuset.7:1144 build/C/man2/getpriority.2:137 build/C/man2/setpgid.2:217
-#, no-wrap
-msgid "B<EACCES>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:77
-msgid ""
-"Write permission is denied for the specified file, or search permission is "
-"denied for one of the directories in the path prefix of I<filename> (see "
-"also B<path_resolution>(7)), or I<filename> is not a regular file."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/acct.2:77 build/C/man2/capget.2:180 build/C/man7/cpuset.7:1172 build/C/man2/getgroups.2:107 build/C/man2/getresuid.2:56 build/C/man2/getrlimit.2:467 build/C/man2/getrusage.2:194 build/C/man2/seccomp.2:369
-#, no-wrap
-msgid "B<EFAULT>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:81
-msgid "I<filename> points outside your accessible address space."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/acct.2:81 build/C/man7/cpuset.7:1238 build/C/man7/cpuset.7:1246
-#, no-wrap
-msgid "B<EIO>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:85
-msgid "Error writing to the file I<filename>."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/acct.2:85
-#, no-wrap
-msgid "B<EISDIR>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:89
-msgid "I<filename> is a directory."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/acct.2:89
-#, no-wrap
-msgid "B<ELOOP>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:93
-msgid "Too many symbolic links were encountered in resolving I<filename>."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/acct.2:93 build/C/man7/cpuset.7:1251 build/C/man7/cpuset.7:1258 build/C/man7/cpuset.7:1263
-#, no-wrap
-msgid "B<ENAMETOOLONG>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:97
-msgid "I<filename> was too long."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/acct.2:97
-#, no-wrap
-msgid "B<ENFILE>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:100
-msgid "The system limit on the total number of open files has been reached."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/acct.2:100 build/C/man7/cpuset.7:1275 build/C/man7/cpuset.7:1280
-#, no-wrap
-msgid "B<ENOENT>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:103
-msgid "The specified filename does not exist."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/acct.2:103 build/C/man7/cpuset.7:1287 build/C/man2/getgroups.2:127 build/C/man2/seccomp.2:413 build/C/man2/seccomp.2:416
-#, no-wrap
-msgid "B<ENOMEM>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:106 build/C/man2/getgroups.2:130 build/C/man2/seccomp.2:416
-msgid "Out of memory."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/acct.2:106 build/C/man2/iopl.2:76
-#, no-wrap
-msgid "B<ENOSYS>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:112
-msgid ""
-"BSD process accounting has not been enabled when the operating system kernel "
-"was compiled. The kernel configuration parameter controlling this feature "
-"is B<CONFIG_BSD_PROCESS_ACCT>."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/acct.2:112 build/C/man7/cpuset.7:1314
-#, no-wrap
-msgid "B<ENOTDIR>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:117
-msgid "A component used as a directory in I<filename> is not in fact a directory."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/acct.2:117 build/C/man2/capget.2:191 build/C/man2/capget.2:196 build/C/man7/cpuset.7:1319 build/C/man2/getgroups.2:130 build/C/man2/getpriority.2:149 build/C/man2/getrlimit.2:483 build/C/man2/getrlimit.2:488 build/C/man2/getrlimit.2:496 build/C/man2/getsid.2:64 build/C/man2/iopl.2:79 build/C/man2/ioprio_set.2:179 build/C/man2/seteuid.2:83 build/C/man2/setgid.2:64 build/C/man2/setpgid.2:231 build/C/man2/setresuid.2:103 build/C/man2/setreuid.2:132 build/C/man2/setsid.2:62 build/C/man2/setuid.2:110 build/C/man3/ulimit.3:75
-#, no-wrap
-msgid "B<EPERM>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:123
-msgid ""
-"The calling process has insufficient privilege to enable process "
-"accounting. On Linux the B<CAP_SYS_PACCT> capability is required."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/acct.2:123
-#, no-wrap
-msgid "B<EROFS>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:127
-msgid "I<filename> refers to a file on a read-only filesystem."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/acct.2:127
-#, no-wrap
-msgid "B<EUSERS>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:130
-msgid "There are no more free file structures or we ran out of memory."
-msgstr ""
-
-#. type: SH
-#: build/C/man2/acct.2:130 build/C/man5/acct.5:153 build/C/man7/capabilities.7:1120 build/C/man2/capget.2:218 build/C/man7/credentials.7:287 build/C/man2/getgid.2:44 build/C/man2/getgroups.2:133 build/C/man2/getpid.2:46 build/C/man2/getpriority.2:157 build/C/man2/getresuid.2:67 build/C/man2/getrlimit.2:511 build/C/man2/getrusage.2:202 build/C/man2/getsid.2:79 build/C/man2/getuid.2:45 build/C/man3/group_member.3:55 build/C/man2/iopl.2:87 build/C/man2/ioprio_set.2:196 build/C/man2/ipc.2:45 build/C/man7/namespaces.7:359 build/C/man7/pid_namespaces.7:351 build/C/man2/seteuid.2:99 build/C/man2/setfsgid.2:75 build/C/man2/setfsuid.2:75 build/C/man2/setgid.2:71 build/C/man2/setpgid.2:250 build/C/man2/setresuid.2:109 build/C/man2/setreuid.2:148 build/C/man2/setsid.2:68 build/C/man2/setuid.2:117 build/C/man3/ulimit.3:78 build/C/man7/user_namespaces.7:645 build/C/man2/seccomp.2:435
-#, no-wrap
-msgid "CONFORMING TO"
-msgstr ""
-
-#. SVr4 documents an EBUSY error condition, but no EISDIR or ENOSYS.
-#. Also AIX and HP-UX document EBUSY (attempt is made
-#. to enable accounting when it is already enabled), as does Solaris
-#. (attempt is made to enable accounting using the same file that is
-#. currently being used).
-#. type: Plain text
-#: build/C/man2/acct.2:137
-msgid "SVr4, 4.3BSD (but not POSIX)."
-msgstr ""
-
-#. type: SH
-#: build/C/man2/acct.2:137 build/C/man5/acct.5:157 build/C/man7/capabilities.7:1126 build/C/man2/capget.2:220 build/C/man7/cpuset.7:1341 build/C/man7/credentials.7:293 build/C/man2/getgid.2:46 build/C/man2/getgroups.2:141 build/C/man2/getpid.2:48 build/C/man2/getpriority.2:160 build/C/man2/getresuid.2:70 build/C/man2/getrlimit.2:534 build/C/man2/getrusage.2:213 build/C/man2/getsid.2:81 build/C/man2/getuid.2:47 build/C/man2/iopl.2:91 build/C/man2/ioprio_set.2:198 build/C/man2/ipc.2:49 build/C/man2/seteuid.2:101 build/C/man2/setfsgid.2:79 build/C/man2/setfsuid.2:79 build/C/man2/setgid.2:73 build/C/man2/setpgid.2:272 build/C/man2/setresuid.2:112 build/C/man2/setreuid.2:154 build/C/man2/setsid.2:70 build/C/man2/setuid.2:122 build/C/man7/user_namespaces.7:648 build/C/man2/seccomp.2:439
-#, no-wrap
-msgid "NOTES"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:140
-msgid ""
-"No accounting is produced for programs running when a system crash occurs. "
-"In particular, nonterminating processes are never accounted for."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:143
-msgid ""
-"The structure of the records written to the accounting file is described in "
-"B<acct>(5)."
-msgstr ""
-
-#. type: SH
-#: build/C/man2/acct.2:143 build/C/man5/acct.5:174 build/C/man7/capabilities.7:1183 build/C/man2/capget.2:228 build/C/man7/cpuset.7:1488 build/C/man7/credentials.7:304 build/C/man2/getgid.2:62 build/C/man2/getgroups.2:178 build/C/man2/getpid.2:100 build/C/man2/getpriority.2:232 build/C/man2/getresuid.2:86 build/C/man2/getrlimit.2:766 build/C/man2/getrusage.2:253 build/C/man2/getsid.2:84 build/C/man2/getuid.2:73 build/C/man3/group_member.3:57 build/C/man2/iopl.2:100 build/C/man2/ioprio_set.2:346 build/C/man2/ipc.2:57 build/C/man7/namespaces.7:364 build/C/man7/pid_namespaces.7:356 build/C/man2/seteuid.2:141 build/C/man2/setfsgid.2:123 build/C/man2/setfsuid.2:131 build/C/man2/setgid.2:83 build/C/man2/setpgid.2:340 build/C/man2/setresuid.2:132 build/C/man2/setreuid.2:194 build/C/man2/setsid.2:93 build/C/man2/setuid.2:145 build/C/man7/svipc.7:335 build/C/man3/ulimit.3:83 build/C/man7/user_namespaces.7:1011 build/C/man2/seccomp.2:662
-#, no-wrap
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:145
-msgid "B<acct>(5)"
-msgstr ""
-
-#. type: SH
-#: build/C/man2/acct.2:145 build/C/man5/acct.5:179 build/C/man7/capabilities.7:1205 build/C/man2/capget.2:232 build/C/man7/cpuset.7:1506 build/C/man7/credentials.7:340 build/C/man2/getgid.2:67 build/C/man2/getgroups.2:186 build/C/man2/getpid.2:111 build/C/man2/getpriority.2:241 build/C/man2/getresuid.2:92 build/C/man2/getrlimit.2:784 build/C/man2/getrusage.2:260 build/C/man2/getsid.2:88 build/C/man2/getuid.2:78 build/C/man3/group_member.3:62 build/C/man2/iopl.2:104 build/C/man2/ioprio_set.2:354 build/C/man2/ipc.2:70 build/C/man7/namespaces.7:377 build/C/man7/pid_namespaces.7:365 build/C/man2/seteuid.2:149 build/C/man2/setfsgid.2:128 build/C/man2/setfsuid.2:136 build/C/man2/setgid.2:90 build/C/man2/setpgid.2:347 build/C/man2/setresuid.2:142 build/C/man2/setreuid.2:203 build/C/man2/setsid.2:100 build/C/man2/setuid.2:153 build/C/man7/svipc.7:353 build/C/man3/ulimit.3:88 build/C/man7/user_namespaces.7:1027 build/C/man2/seccomp.2:679
-#, no-wrap
-msgid "COLOPHON"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/acct.2:153 build/C/man5/acct.5:187 build/C/man7/capabilities.7:1213 build/C/man2/capget.2:240 build/C/man7/cpuset.7:1514 build/C/man7/credentials.7:348 build/C/man2/getgid.2:75 build/C/man2/getgroups.2:194 build/C/man2/getpid.2:119 build/C/man2/getpriority.2:249 build/C/man2/getresuid.2:100 build/C/man2/getrlimit.2:792 build/C/man2/getrusage.2:268 build/C/man2/getsid.2:96 build/C/man2/getuid.2:86 build/C/man3/group_member.3:70 build/C/man2/iopl.2:112 build/C/man2/ioprio_set.2:362 build/C/man2/ipc.2:78 build/C/man7/namespaces.7:385 build/C/man7/pid_namespaces.7:373 build/C/man2/seteuid.2:157 build/C/man2/setfsgid.2:136 build/C/man2/setfsuid.2:144 build/C/man2/setgid.2:98 build/C/man2/setpgid.2:355 build/C/man2/setresuid.2:150 build/C/man2/setreuid.2:211 build/C/man2/setsid.2:108 build/C/man2/setuid.2:161 build/C/man7/svipc.7:361 build/C/man3/ulimit.3:96 build/C/man7/user_namespaces.7:1035 build/C/man2/seccomp.2:687
-msgid ""
-"This page is part of release 3.79 of the Linux I<man-pages> project. A "
-"description of the project, information about reporting bugs, and the latest "
-"version of this page, can be found at "
-"\\%http://www.kernel.org/doc/man-pages/."
-msgstr ""
-
-#. type: TH
-#: build/C/man5/acct.5:25
-#, no-wrap
-msgid "2008-06-15"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man5/acct.5:28
-msgid "acct - process accounting file"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man5/acct.5:30
-msgid "B<#include E<lt>sys/acct.hE<gt>>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man5/acct.5:36
-msgid ""
-"If the kernel is built with the process accounting option enabled "
-"(B<CONFIG_BSD_PROCESS_ACCT>), then calling B<acct>(2) starts process "
-"accounting, for example:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man5/acct.5:39
-msgid "acct(\"/var/log/pacct\");"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man5/acct.5:47
-msgid ""
-"When process accounting is enabled, the kernel writes a record to the "
-"accounting file as each process on the system terminates. This record "
-"contains information about the terminated process, and is defined in "
-"I<E<lt>sys/acct.hE<gt>> as follows:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man5/acct.5:51
-#, no-wrap
-msgid "#define ACCT_COMM 16\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man5/acct.5:53
-#, no-wrap
-msgid "typedef u_int16_t comp_t;\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man5/acct.5:77
-#, no-wrap
-msgid ""
-"struct acct {\n"
-" char ac_flag; /* Accounting flags */\n"
-" u_int16_t ac_uid; /* Accounting user ID */\n"
-" u_int16_t ac_gid; /* Accounting group ID */\n"
-" u_int16_t ac_tty; /* Controlling terminal */\n"
-" u_int32_t ac_btime; /* Process creation time\n"
-" (seconds since the Epoch) */\n"
-" comp_t ac_utime; /* User CPU time */\n"
-" comp_t ac_stime; /* System CPU time */\n"
-" comp_t ac_etime; /* Elapsed time */\n"
-" comp_t ac_mem; /* Average memory usage (kB) */\n"
-" comp_t ac_io; /* Characters transferred (unused) */\n"
-" comp_t ac_rw; /* Blocks read or written (unused) */\n"
-" comp_t ac_minflt; /* Minor page faults */\n"
-" comp_t ac_majflt; /* Major page faults */\n"
-" comp_t ac_swaps; /* Number of swaps (unused) */\n"
-" u_int32_t ac_exitcode; /* Process termination status\n"
-" (see wait(2)) */\n"
-" char ac_comm[ACCT_COMM+1];\n"
-" /* Command name (basename of last\n"
-" executed command; null-terminated) */\n"
-" char ac_pad[I<X>]; /* padding bytes */\n"
-"};\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man5/acct.5:84
-#, no-wrap
-msgid ""
-"enum { /* Bits that may be set in ac_flag field */\n"
-" AFORK = 0x01, /* Has executed fork, but no exec */\n"
-" ASU = 0x02, /* Used superuser privileges */\n"
-" ACORE = 0x08, /* Dumped core */\n"
-" AXSIG = 0x10 /* Killed by a signal */\n"
-"};\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man5/acct.5:94
-msgid ""
-"The I<comp_t> data type is a floating-point value consisting of a 3-bit, "
-"base-8 exponent, and a 13-bit mantissa. A value, I<c>, of this type can be "
-"converted to a (long) integer as follows:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man5/acct.5:97
-#, no-wrap
-msgid " v = (c & 0x1fff) E<lt>E<lt> (((c E<gt>E<gt> 13) & 0x7) * 3);\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man5/acct.5:107
-msgid ""
-"The I<ac_utime>, I<ac_stime>, and I<ac_etime> fields measure time in \"clock "
-"ticks\"; divide these values by I<sysconf(_SC_CLK_TCK)> to convert them to "
-"seconds."
-msgstr ""
-
-#. type: SS
-#: build/C/man5/acct.5:107
-#, no-wrap
-msgid "Version 3 accounting file format"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man5/acct.5:122
-msgid ""
-"Since kernel 2.6.8, an optional alternative version of the accounting file "
-"can be produced if the B<CONFIG_BSD_PROCESS_ACCT_V3> option is set when "
-"building the kernel. With this option is set, the records written to the "
-"accounting file contain additional fields, and the width of I<c_uid> and "
-"I<ac_gid> fields is widened from 16 to 32 bits (in line with the increased "
-"size of UID and GIDs in Linux 2.4 and later). The records are defined as "
-"follows:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man5/acct.5:147
-#, no-wrap
-msgid ""
-"struct acct_v3 {\n"
-" char ac_flag; /* Flags */\n"
-" char ac_version; /* Always set to ACCT_VERSION (3) */\n"
-" u_int16_t ac_tty; /* Controlling terminal */\n"
-" u_int32_t ac_exitcode; /* Process termination status */\n"
-" u_int32_t ac_uid; /* Real user ID */\n"
-" u_int32_t ac_gid; /* Real group ID */\n"
-" u_int32_t ac_pid; /* Process ID */\n"
-" u_int32_t ac_ppid; /* Parent process ID */\n"
-" u_int32_t ac_btime; /* Process creation time */\n"
-" float ac_etime; /* Elapsed time */\n"
-" comp_t ac_utime; /* User CPU time */\n"
-" comp_t ac_stime; /* System time */\n"
-" comp_t ac_mem; /* Average memory usage (kB) */\n"
-" comp_t ac_io; /* Characters transferred (unused) */\n"
-" comp_t ac_rw; /* Blocks read or written\n"
-" (unused) */\n"
-" comp_t ac_minflt; /* Minor page faults */\n"
-" comp_t ac_majflt; /* Major page faults */\n"
-" comp_t ac_swaps; /* Number of swaps (unused) */\n"
-" char ac_comm[ACCT_COMM]; /* Command name */\n"
-"};\n"
-msgstr ""
-
-#. type: SH
-#: build/C/man5/acct.5:149 build/C/man7/cpuset.7:1338 build/C/man2/getresuid.2:60 build/C/man2/getrlimit.2:506 build/C/man2/getsid.2:75 build/C/man2/ioprio_set.2:193 build/C/man2/setfsgid.2:71 build/C/man2/setfsuid.2:71 build/C/man2/setresuid.2:107 build/C/man2/seccomp.2:430
-#, no-wrap
-msgid "VERSIONS"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man5/acct.5:153
-msgid "The I<acct_v3> structure is defined in glibc since version 2.6."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man5/acct.5:157
-msgid ""
-"Process accounting originated on BSD. Although it is present on most "
-"systems, it is not standardized, and the details vary somewhat between "
-"systems."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man5/acct.5:160
-msgid ""
-"Records in the accounting file are ordered by termination time of the "
-"process."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man5/acct.5:167
-msgid ""
-"In kernels up to and including 2.6.9, a separate accounting record is "
-"written for each thread created using the NPTL threading library; since "
-"Linux 2.6.10, a single accounting record is written for the entire process "
-"on termination of the last thread in the process."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man5/acct.5:174
-msgid ""
-"The I<proc/sys/kernel/acct> file, described in B<proc>(5), defines settings "
-"that control the behavior of process accounting when disk space runs low."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man5/acct.5:179
-msgid "B<lastcomm>(1), B<acct>(2), B<accton>(8), B<sa>(8)"
-msgstr ""
-
-#. type: TH
-#: build/C/man7/capabilities.7:48
-#, no-wrap
-msgid "CAPABILITIES"
-msgstr ""
-
-#. type: TH
-#: build/C/man7/capabilities.7:48
-#, no-wrap
-msgid "2015-02-01"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:51
-msgid "capabilities - overview of Linux capabilities"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:63
-msgid ""
-"For the purpose of performing permission checks, traditional UNIX "
-"implementations distinguish two categories of processes: I<privileged> "
-"processes (whose effective user ID is 0, referred to as superuser or root), "
-"and I<unprivileged> processes (whose effective UID is nonzero). Privileged "
-"processes bypass all kernel permission checks, while unprivileged processes "
-"are subject to full permission checking based on the process's credentials "
-"(usually: effective UID, effective GID, and supplementary group list)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:70
-msgid ""
-"Starting with kernel 2.2, Linux divides the privileges traditionally "
-"associated with superuser into distinct units, known as I<capabilities>, "
-"which can be independently enabled and disabled. Capabilities are a "
-"per-thread attribute."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/capabilities.7:70
-#, no-wrap
-msgid "Capabilities list"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:73
-msgid ""
-"The following list shows the capabilities implemented on Linux, and the "
-"operations or behaviors that each capability permits:"
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:73
-#, no-wrap
-msgid "B<CAP_AUDIT_CONTROL> (since Linux 2.6.11)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:77
-msgid ""
-"Enable and disable kernel auditing; change auditing filter rules; retrieve "
-"auditing status and filtering rules."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:77
-#, no-wrap
-msgid "B<CAP_AUDIT_READ> (since Linux 3.16)"
-msgstr ""
-
-#. commit a29b694aa1739f9d76538e34ae25524f9c549d59
-#. commit 3a101b8de0d39403b2c7e5c23fd0b005668acf48
-#. type: Plain text
-#: build/C/man7/capabilities.7:82
-msgid "Allow reading the audit log via a multicast netlink socket."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:82
-#, no-wrap
-msgid "B<CAP_AUDIT_WRITE> (since Linux 2.6.11)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:85
-msgid "Write records to kernel auditing log."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:85
-#, no-wrap
-msgid "B<CAP_BLOCK_SUSPEND> (since Linux 3.5)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:91
-msgid ""
-"Employ features that can block system suspend (B<epoll>(7) B<EPOLLWAKEUP>, "
-"I</proc/sys/wake_lock>)."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:91
-#, no-wrap
-msgid "B<CAP_CHOWN>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:95
-msgid "Make arbitrary changes to file UIDs and GIDs (see B<chown>(2))."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:95
-#, no-wrap
-msgid "B<CAP_DAC_OVERRIDE>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:99
-msgid ""
-"Bypass file read, write, and execute permission checks. (DAC is an "
-"abbreviation of \"discretionary access control\".)"
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:99
-#, no-wrap
-msgid "B<CAP_DAC_READ_SEARCH>"
-msgstr ""
-
-#. type: IP
-#: build/C/man7/capabilities.7:103 build/C/man7/capabilities.7:106 build/C/man7/capabilities.7:116 build/C/man7/capabilities.7:126 build/C/man7/capabilities.7:130 build/C/man7/capabilities.7:132 build/C/man7/capabilities.7:134 build/C/man7/capabilities.7:204 build/C/man7/capabilities.7:206 build/C/man7/capabilities.7:208 build/C/man7/capabilities.7:210 build/C/man7/capabilities.7:212 build/C/man7/capabilities.7:214 build/C/man7/capabilities.7:216 build/C/man7/capabilities.7:218 build/C/man7/capabilities.7:220 build/C/man7/capabilities.7:244 build/C/man7/capabilities.7:246 build/C/man7/capabilities.7:296 build/C/man7/capabilities.7:306 build/C/man7/capabilities.7:312 build/C/man7/capabilities.7:317 build/C/man7/capabilities.7:323 build/C/man7/capabilities.7:327 build/C/man7/capabilities.7:334 build/C/man7/capabilities.7:337 build/C/man7/capabilities.7:345 build/C/man7/capabilities.7:347 build/C/man7/capabilities.7:356 build/C/man7/capabilities.7:365 build/C/man7/capabilities.7:368 build/C/man7/capabilities.7:372 build/C/man7/capabilities.7:380 build/C/man7/capabilities.7:383 build/C/man7/capabilities.7:390 build/C/man7/capabilities.7:395 build/C/man7/capabilities.7:401 build/C/man7/capabilities.7:405 build/C/man7/capabilities.7:409 build/C/man7/capabilities.7:413 build/C/man7/capabilities.7:417 build/C/man7/capabilities.7:444 build/C/man7/capabilities.7:449 build/C/man7/capabilities.7:455 build/C/man7/capabilities.7:458 build/C/man7/capabilities.7:461 build/C/man7/capabilities.7:471 build/C/man7/capabilities.7:475 build/C/man7/capabilities.7:492 build/C/man7/capabilities.7:495 build/C/man7/capabilities.7:499 build/C/man7/capabilities.7:504 build/C/man7/capabilities.7:513 build/C/man7/capabilities.7:518 build/C/man7/capabilities.7:521 build/C/man7/capabilities.7:526 build/C/man7/capabilities.7:529 build/C/man7/capabilities.7:532 build/C/man7/capabilities.7:535 build/C/man7/capabilities.7:538 build/C/man7/capabilities.7:543 build/C/man7/capabilities.7:545 build/C/man7/capabilities.7:551 build/C/man7/capabilities.7:559 build/C/man7/capabilities.7:561 build/C/man7/capabilities.7:565 build/C/man7/capabilities.7:567 build/C/man7/capabilities.7:570 build/C/man7/capabilities.7:574 build/C/man7/capabilities.7:576 build/C/man7/capabilities.7:578 build/C/man7/capabilities.7:580 build/C/man7/capabilities.7:589 build/C/man7/capabilities.7:596 build/C/man7/capabilities.7:601 build/C/man7/capabilities.7:606 build/C/man7/capabilities.7:611 build/C/man7/capabilities.7:636 build/C/man7/capabilities.7:643 build/C/man7/capabilities.7:844 build/C/man7/capabilities.7:852 build/C/man7/capabilities.7:1172 build/C/man7/capabilities.7:1177 build/C/man7/cpuset.7:540 build/C/man7/cpuset.7:545 build/C/man7/cpuset.7:550 build/C/man7/cpuset.7:726 build/C/man7/cpuset.7:730 build/C/man7/cpuset.7:927 build/C/man7/cpuset.7:930 build/C/man7/cpuset.7:934 build/C/man7/cpuset.7:938 build/C/man7/cpuset.7:942 build/C/man7/credentials.7:177 build/C/man7/credentials.7:183 build/C/man7/credentials.7:195 build/C/man7/credentials.7:217 build/C/man7/credentials.7:234 build/C/man7/credentials.7:266 build/C/man7/credentials.7:269 build/C/man7/credentials.7:280 build/C/man7/credentials.7:283 build/C/man2/getrlimit.2:690 build/C/man2/getrlimit.2:693 build/C/man7/namespaces.7:212 build/C/man7/namespaces.7:215 build/C/man7/namespaces.7:228 build/C/man7/pid_namespaces.7:233 build/C/man7/pid_namespaces.7:241 build/C/man7/pid_namespaces.7:252 build/C/man7/user_namespaces.7:261 build/C/man7/user_namespaces.7:266 build/C/man7/user_namespaces.7:272 build/C/man7/user_namespaces.7:285 build/C/man7/user_namespaces.7:306 build/C/man7/user_namespaces.7:474 build/C/man7/user_namespaces.7:477 build/C/man7/user_namespaces.7:479 build/C/man7/user_namespaces.7:492 build/C/man7/user_namespaces.7:505 build/C/man7/user_namespaces.7:532 build/C/man7/user_namespaces.7:541 build/C/man2/seccomp.2:265 build/C/man2/seccomp.2:269 build/C/man2/seccomp.2:272 build/C/man2/seccomp.2:277 build/C/man2/seccomp.2:281 build/C/man2/seccomp.2:455 build/C/man2/seccomp.2:463 build/C/man2/seccomp.2:469
-#, no-wrap
-msgid "*"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:106
-msgid ""
-"Bypass file read permission checks and directory read and execute permission "
-"checks;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:109
-msgid "Invoke B<open_by_handle_at>(2)."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:112
-#, no-wrap
-msgid "B<CAP_FOWNER>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:126
-msgid ""
-"Bypass permission checks on operations that normally require the filesystem "
-"UID of the process to match the UID of the file (e.g., B<chmod>(2), "
-"B<utime>(2)), excluding those operations covered by B<CAP_DAC_OVERRIDE> and "
-"B<CAP_DAC_READ_SEARCH>;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:130
-msgid "set extended file attributes (see B<chattr>(1)) on arbitrary files;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:132
-msgid "set Access Control Lists (ACLs) on arbitrary files;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:134
-msgid "ignore directory sticky bit on file deletion;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:141
-msgid "specify B<O_NOATIME> for arbitrary files in B<open>(2) and B<fcntl>(2)."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:143
-#, no-wrap
-msgid "B<CAP_FSETID>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:149
-msgid ""
-"Don't clear set-user-ID and set-group-ID permission bits when a file is "
-"modified; set the set-group-ID bit for a file whose GID does not match the "
-"filesystem or any of the supplementary GIDs of the calling process."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:149
-#, no-wrap
-msgid "B<CAP_IPC_LOCK>"
-msgstr ""
-
-#. FIXME . As at Linux 3.2, there are some strange uses of this capability
-#. in other places; they probably should be replaced with something else.
-#. type: Plain text
-#: build/C/man7/capabilities.7:158
-msgid "Lock memory (B<mlock>(2), B<mlockall>(2), B<mmap>(2), B<shmctl>(2))."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:158
-#, no-wrap
-msgid "B<CAP_IPC_OWNER>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:161
-msgid "Bypass permission checks for operations on System V IPC objects."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:161
-#, no-wrap
-msgid "B<CAP_KILL>"
-msgstr ""
-
-#. FIXME . CAP_KILL also has an effect for threads + setting child
-#. termination signal to other than SIGCHLD: without this
-#. capability, the termination signal reverts to SIGCHLD
-#. if the child does an exec(). What is the rationale
-#. for this?
-#. type: Plain text
-#: build/C/man7/capabilities.7:174
-msgid ""
-"Bypass permission checks for sending signals (see B<kill>(2)). This "
-"includes use of the B<ioctl>(2) B<KDSIGACCEPT> operation."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:174
-#, no-wrap
-msgid "B<CAP_LEASE> (since Linux 2.4)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:178
-msgid "Establish leases on arbitrary files (see B<fcntl>(2))."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:178
-#, no-wrap
-msgid "B<CAP_LINUX_IMMUTABLE>"
-msgstr ""
-
-#. These attributes are now available on ext2, ext3, Reiserfs, XFS, JFS
-#. type: Plain text
-#: build/C/man7/capabilities.7:187
-msgid ""
-"Set the B<FS_APPEND_FL> and B<FS_IMMUTABLE_FL> inode flags (see "
-"B<chattr>(1))."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:187
-#, no-wrap
-msgid "B<CAP_MAC_ADMIN> (since Linux 2.6.25)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:191
-msgid ""
-"Override Mandatory Access Control (MAC). Implemented for the Smack Linux "
-"Security Module (LSM)."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:191
-#, no-wrap
-msgid "B<CAP_MAC_OVERRIDE> (since Linux 2.6.25)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:195
-msgid "Allow MAC configuration or state changes. Implemented for the Smack LSM."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:195
-#, no-wrap
-msgid "B<CAP_MKNOD> (since Linux 2.4)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:199
-msgid "Create special files using B<mknod>(2)."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:199
-#, no-wrap
-msgid "B<CAP_NET_ADMIN>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:202
-msgid "Perform various network-related operations:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:206
-msgid "interface configuration;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:208
-msgid "administration of IP firewall, masquerading, and accounting;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:210
-msgid "modify routing tables;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:212
-msgid "bind to any address for transparent proxying;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:214
-msgid "set type-of-service (TOS)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:216
-msgid "clear driver statistics;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:218
-msgid "set promiscuous mode;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:220
-msgid "enabling multicasting;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:231
-msgid ""
-"use B<setsockopt>(2) to set the following socket options: B<SO_DEBUG>, "
-"B<SO_MARK>, B<SO_PRIORITY> (for a priority outside the range 0 to 6), "
-"B<SO_RCVBUFFORCE>, and B<SO_SNDBUFFORCE>."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:233
-#, no-wrap
-msgid "B<CAP_NET_BIND_SERVICE>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:237
-msgid ""
-"Bind a socket to Internet domain privileged ports (port numbers less than "
-"1024)."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:237
-#, no-wrap
-msgid "B<CAP_NET_BROADCAST>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:240
-msgid "(Unused) Make socket broadcasts, and listen to multicasts."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:240
-#, no-wrap
-msgid "B<CAP_NET_RAW>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:246
-msgid "use RAW and PACKET sockets;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:248
-msgid "bind to any address for transparent proxying."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:251
-#, no-wrap
-msgid "B<CAP_SETGID>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:257
-msgid ""
-"Make arbitrary manipulations of process GIDs and supplementary GID list; "
-"forge GID when passing socket credentials via UNIX domain sockets; write a "
-"group ID mapping in a user namespace (see B<user_namespaces>(7))."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:257
-#, no-wrap
-msgid "B<CAP_SETFCAP> (since Linux 2.6.24)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:260
-msgid "Set file capabilities."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:260
-#, no-wrap
-msgid "B<CAP_SETPCAP>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:271
-msgid ""
-"If file capabilities are not supported: grant or remove any capability in "
-"the caller's permitted capability set to or from any other process. (This "
-"property of B<CAP_SETPCAP> is not available when the kernel is configured to "
-"support file capabilities, since B<CAP_SETPCAP> has entirely different "
-"semantics for such kernels.)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:281
-msgid ""
-"If file capabilities are supported: add any capability from the calling "
-"thread's bounding set to its inheritable set; drop capabilities from the "
-"bounding set (via B<prctl>(2) B<PR_CAPBSET_DROP>); make changes to the "
-"I<securebits> flags."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:281
-#, no-wrap
-msgid "B<CAP_SETUID>"
-msgstr ""
-
-#. FIXME CAP_SETUID also an effect in exec(); document this.
-#. type: Plain text
-#: build/C/man7/capabilities.7:292
-msgid ""
-"Make arbitrary manipulations of process UIDs (B<setuid>(2), B<setreuid>(2), "
-"B<setresuid>(2), B<setfsuid>(2)); forge UID when passing socket credentials "
-"via UNIX domain sockets; write a user ID mapping in a user namespace (see "
-"B<user_namespaces>(7))."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:292
-#, no-wrap
-msgid "B<CAP_SYS_ADMIN>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:306
-msgid ""
-"Perform a range of system administration operations including: "
-"B<quotactl>(2), B<mount>(2), B<umount>(2), B<swapon>(2), B<swapoff>(2), "
-"B<sethostname>(2), and B<setdomainname>(2);"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:312
-msgid ""
-"perform privileged B<syslog>(2) operations (since Linux 2.6.37, "
-"B<CAP_SYSLOG> should be used to permit such operations);"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:317
-msgid "perform B<VM86_REQUEST_IRQ> B<vm86>(2) command;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:323
-msgid ""
-"perform B<IPC_SET> and B<IPC_RMID> operations on arbitrary System V IPC "
-"objects;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:327 build/C/man7/capabilities.7:574
-msgid "override B<RLIMIT_NPROC> resource limit;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:334
-msgid ""
-"perform operations on I<trusted> and I<security> Extended Attributes (see "
-"B<attr>(5));"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:337
-msgid "use B<lookup_dcookie>(2);"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:345
-msgid ""
-"use B<ioprio_set>(2) to assign B<IOPRIO_CLASS_RT> and (before Linux 2.6.25) "
-"B<IOPRIO_CLASS_IDLE> I/O scheduling classes;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:347
-msgid "forge PID when passing socket credentials via UNIX domain sockets;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:356
-msgid ""
-"exceed I</proc/sys/fs/file-max>, the system-wide limit on the number of open "
-"files, in system calls that open files (e.g., B<accept>(2), B<execve>(2), "
-"B<open>(2), B<pipe>(2));"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:365
-msgid ""
-"employ B<CLONE_*> flags that create new namespaces with B<clone>(2) and "
-"B<unshare>(2) (but, since Linux 3.8, creating user namespaces does not "
-"require any capability);"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:368
-msgid "call B<perf_event_open>(2);"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:372
-msgid "access privileged I<perf> event information;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:380
-msgid "call B<setns>(2) (requires B<CAP_SYS_ADMIN> in the I<target> namespace);"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:383
-msgid "call B<fanotify_init>(2);"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:390
-msgid "perform B<KEYCTL_CHOWN> and B<KEYCTL_SETPERM> B<keyctl>(2) operations;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:395
-msgid "perform B<madvise>(2) B<MADV_HWPOISON> operation;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:401
-msgid ""
-"employ the B<TIOCSTI> B<ioctl>(2) to insert characters into the input queue "
-"of a terminal other than the caller's controlling terminal;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:405
-msgid "employ the obsolete B<nfsservctl>(2) system call;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:409
-msgid "employ the obsolete B<bdflush>(2) system call;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:413
-msgid "perform various privileged block-device B<ioctl>(2) operations;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:417
-msgid "perform various privileged filesystem B<ioctl>(2) operations;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:419
-msgid "perform administrative operations on many device drivers."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:421
-#, no-wrap
-msgid "B<CAP_SYS_BOOT>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:427
-msgid "Use B<reboot>(2) and B<kexec_load>(2)."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:427
-#, no-wrap
-msgid "B<CAP_SYS_CHROOT>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:431
-msgid "Use B<chroot>(2)."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:431
-#, no-wrap
-msgid "B<CAP_SYS_MODULE>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:440
-msgid ""
-"Load and unload kernel modules (see B<init_module>(2) and "
-"B<delete_module>(2)); in kernels before 2.6.25: drop capabilities from the "
-"system-wide capability bounding set."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:440
-#, no-wrap
-msgid "B<CAP_SYS_NICE>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:449
-msgid ""
-"Raise process nice value (B<nice>(2), B<setpriority>(2)) and change the "
-"nice value for arbitrary processes;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:455
-msgid ""
-"set real-time scheduling policies for calling process, and set scheduling "
-"policies and priorities for arbitrary processes (B<sched_setscheduler>(2), "
-"B<sched_setparam>(2), B<shed_setattr>(2));"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:458
-msgid "set CPU affinity for arbitrary processes (B<sched_setaffinity>(2));"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:461
-msgid ""
-"set I/O scheduling class and priority for arbitrary processes "
-"(B<ioprio_set>(2));"
-msgstr ""
-
-#. FIXME CAP_SYS_NICE also has the following effect for
-#. migrate_pages(2):
-#. do_migrate_pages(mm, &old, &new,
-#. capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
-#. Document this.
-#. type: Plain text
-#: build/C/man7/capabilities.7:471
-msgid ""
-"apply B<migrate_pages>(2) to arbitrary processes and allow processes to be "
-"migrated to arbitrary nodes;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:475
-msgid "apply B<move_pages>(2) to arbitrary processes;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:482
-msgid "use the B<MPOL_MF_MOVE_ALL> flag with B<mbind>(2) and B<move_pages>(2)."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:484
-#, no-wrap
-msgid "B<CAP_SYS_PACCT>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:488
-msgid "Use B<acct>(2)."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:488
-#, no-wrap
-msgid "B<CAP_SYS_PTRACE>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:495
-msgid "Trace arbitrary processes using B<ptrace>(2);"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:499
-msgid "apply B<get_robust_list>(2) to arbitrary processes;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:504
-msgid ""
-"transfer data to or from the memory of arbitrary processes using "
-"B<process_vm_readv>(2) and B<process_vm_writev>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:507
-msgid "inspect processes using B<kcmp>(2)."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:509
-#, no-wrap
-msgid "B<CAP_SYS_RAWIO>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:518
-msgid "Perform I/O port operations (B<iopl>(2) and B<ioperm>(2));"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:521
-msgid "access I</proc/kcore>;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:526
-msgid "employ the B<FIBMAP> B<ioctl>(2) operation;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:529
-msgid ""
-"open devices for accessing x86 model-specific registers (MSRs, see "
-"B<msr>(4))"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:532
-msgid "update I</proc/sys/vm/mmap_min_addr>;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:535
-msgid ""
-"create memory mappings at addresses below the value specified by "
-"I</proc/sys/vm/mmap_min_addr>;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:538
-msgid "map files in I</proc/bus/pci>;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:543
-msgid "open I</dev/mem> and I</dev/kmem>;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:545
-msgid "perform various SCSI device commands;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:551
-msgid "perform certain operations on B<hpsa>(4) and B<cciss>(4) devices;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:553
-msgid "perform a range of device-specific operations on other devices."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:555
-#, no-wrap
-msgid "B<CAP_SYS_RESOURCE>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:561
-msgid "Use reserved space on ext2 filesystems;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:565
-msgid "make B<ioctl>(2) calls controlling ext3 journaling;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:567
-msgid "override disk quota limits;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:570
-msgid "increase resource limits (see B<setrlimit>(2));"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:576
-msgid "override maximum number of consoles on console allocation;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:578
-msgid "override maximum number of keymaps;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:580
-msgid "allow more than 64hz interrupts from the real-time clock;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:589
-msgid ""
-"raise I<msg_qbytes> limit for a System V message queue above the limit in "
-"I</proc/sys/kernel/msgmnb> (see B<msgop>(2) and B<msgctl>(2));"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:596
-msgid ""
-"override the I</proc/sys/fs/pipe-size-max> limit when setting the capacity "
-"of a pipe using the B<F_SETPIPE_SZ> B<fcntl>(2) command."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:601
-msgid ""
-"use B<F_SETPIPE_SZ> to increase the capacity of a pipe above the limit "
-"specified by I</proc/sys/fs/pipe-max-size>;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:606
-msgid ""
-"override I</proc/sys/fs/mqueue/queues_max> limit when creating POSIX message "
-"queues (see B<mq_overview>(7));"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:611
-msgid "employ B<prctl>(2) B<PR_SET_MM> operation;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:616
-msgid ""
-"set I</proc/PID/oom_score_adj> to a value lower than the value last set by a "
-"process with B<CAP_SYS_RESOURCE>."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:618
-#, no-wrap
-msgid "B<CAP_SYS_TIME>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:625
-msgid ""
-"Set system clock (B<settimeofday>(2), B<stime>(2), B<adjtimex>(2)); set "
-"real-time (hardware) clock."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:625
-#, no-wrap
-msgid "B<CAP_SYS_TTY_CONFIG>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:632
-msgid ""
-"Use B<vhangup>(2); employ various privileged B<ioctl>(2) operations on "
-"virtual terminals."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:632
-#, no-wrap
-msgid "B<CAP_SYSLOG> (since Linux 2.6.37)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:643
-msgid ""
-"Perform privileged B<syslog>(2) operations. See B<syslog>(2) for "
-"information on which operations require privilege."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:653
-msgid ""
-"View kernel addresses exposed via I</proc> and other interfaces when "
-"I</proc/sys/kernel/kptr_restrict> has the value 1. (See the discussion of "
-"the I<kptr_restrict> in B<proc>(5).)"
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:655
-#, no-wrap
-msgid "B<CAP_WAKE_ALARM> (since Linux 3.0)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:663
-msgid ""
-"Trigger something that will wake up the system (set B<CLOCK_REALTIME_ALARM> "
-"and B<CLOCK_BOOTTIME_ALARM> timers)."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/capabilities.7:663
-#, no-wrap
-msgid "Past and current implementation"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:665
-msgid "A full implementation of capabilities requires that:"
-msgstr ""
-
-#. type: IP
-#: build/C/man7/capabilities.7:665 build/C/man7/capabilities.7:816 build/C/man7/capabilities.7:963 build/C/man7/capabilities.7:1016 build/C/man7/user_namespaces.7:173 build/C/man7/user_namespaces.7:515
-#, no-wrap
-msgid "1."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:669
-msgid ""
-"For all privileged operations, the kernel must check whether the thread has "
-"the required capability in its effective set."
-msgstr ""
-
-#. type: IP
-#: build/C/man7/capabilities.7:669 build/C/man7/capabilities.7:821 build/C/man7/capabilities.7:969 build/C/man7/capabilities.7:1022 build/C/man7/user_namespaces.7:189 build/C/man7/user_namespaces.7:521
-#, no-wrap
-msgid "2."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:672
-msgid ""
-"The kernel must provide system calls allowing a thread's capability sets to "
-"be changed and retrieved."
-msgstr ""
-
-#. type: IP
-#: build/C/man7/capabilities.7:672 build/C/man7/capabilities.7:972 build/C/man7/capabilities.7:1026 build/C/man7/user_namespaces.7:193 build/C/man7/user_namespaces.7:526
-#, no-wrap
-msgid "3."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:675
-msgid ""
-"The filesystem must support attaching capabilities to an executable file, so "
-"that a process gains those capabilities when the file is executed."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:679
-msgid ""
-"Before kernel 2.6.24, only the first two of these requirements are met; "
-"since kernel 2.6.24, all three requirements are met."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/capabilities.7:679
-#, no-wrap
-msgid "Thread capability sets"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:682
-msgid ""
-"Each thread has three capability sets containing zero or more of the above "
-"capabilities:"
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:682
-#, no-wrap
-msgid "I<Permitted>:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:690
-msgid ""
-"This is a limiting superset for the effective capabilities that the thread "
-"may assume. It is also a limiting superset for the capabilities that may be "
-"added to the inheritable set by a thread that does not have the "
-"B<CAP_SETPCAP> capability in its effective set."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:696
-msgid ""
-"If a thread drops a capability from its permitted set, it can never "
-"reacquire that capability (unless it B<execve>(2)s either a set-user-ID-root "
-"program, or a program whose associated file capabilities grant that "
-"capability)."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:696
-#, no-wrap
-msgid "I<Inheritable>:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:703
-msgid ""
-"This is a set of capabilities preserved across an B<execve>(2). It provides "
-"a mechanism for a process to assign capabilities to the permitted set of the "
-"new program during an B<execve>(2)."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:703 build/C/man7/capabilities.7:753
-#, no-wrap
-msgid "I<Effective>:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:707
-msgid ""
-"This is the set of capabilities used by the kernel to perform permission "
-"checks for the thread."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:713
-msgid ""
-"A child created via B<fork>(2) inherits copies of its parent's capability "
-"sets. See below for a discussion of the treatment of capabilities during "
-"B<execve>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:717
-msgid ""
-"Using B<capset>(2), a thread may manipulate its own capability sets (see "
-"below)."
-msgstr ""
-
-#. commit 73efc0394e148d0e15583e13712637831f926720
-#. type: Plain text
-#: build/C/man7/capabilities.7:726
-msgid ""
-"Since Linux 3.2, the file I</proc/sys/kernel/cap_last_cap> exposes the "
-"numerical value of the highest capability supported by the running kernel; "
-"this can be used to determine the highest bit that may be set in a "
-"capability set."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/capabilities.7:726
-#, no-wrap
-msgid "File capabilities"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:741
-msgid ""
-"Since kernel 2.6.24, the kernel supports associating capability sets with an "
-"executable file using B<setcap>(8). The file capability sets are stored in "
-"an extended attribute (see B<setxattr>(2)) named I<security.capability>. "
-"Writing to this extended attribute requires the B<CAP_SETFCAP> capability. "
-"The file capability sets, in conjunction with the capability sets of the "
-"thread, determine the capabilities of a thread after an B<execve>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:743
-msgid "The three file capability sets are:"
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:743
-#, no-wrap
-msgid "I<Permitted> (formerly known as I<forced>):"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:747
-msgid ""
-"These capabilities are automatically permitted to the thread, regardless of "
-"the thread's inheritable capabilities."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:747
-#, no-wrap
-msgid "I<Inheritable> (formerly known as I<allowed>):"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:753
-msgid ""
-"This set is ANDed with the thread's inheritable set to determine which "
-"inheritable capabilities are enabled in the permitted set of the thread "
-"after the B<execve>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:763
-msgid ""
-"This is not a set, but rather just a single bit. If this bit is set, then "
-"during an B<execve>(2) all of the new permitted capabilities for the thread "
-"are also raised in the effective set. If this bit is not set, then after an "
-"B<execve>(2), none of the new permitted capabilities is in the new effective "
-"set."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:779
-msgid ""
-"Enabling the file effective capability bit implies that any file permitted "
-"or inheritable capability that causes a thread to acquire the corresponding "
-"permitted capability during an B<execve>(2) (see the transformation rules "
-"described below) will also acquire that capability in its effective set. "
-"Therefore, when assigning capabilities to a file (B<setcap>(8), "
-"B<cap_set_file>(3), B<cap_set_fd>(3)), if we specify the effective flag as "
-"being enabled for any capability, then the effective flag must also be "
-"specified as enabled for all other capabilities for which the corresponding "
-"permitted or inheritable flags is enabled."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/capabilities.7:779
-#, no-wrap
-msgid "Transformation of capabilities during execve()"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:785
-msgid ""
-"During an B<execve>(2), the kernel calculates the new capabilities of the "
-"process using the following algorithm:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:790
-#, no-wrap
-msgid ""
-"P'(permitted) = (P(inheritable) & F(inheritable)) |\n"
-" (F(permitted) & cap_bset)\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:792
-#, no-wrap
-msgid "P'(effective) = F(effective) ? P'(permitted) : 0\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:794
-#, no-wrap
-msgid "P'(inheritable) = P(inheritable) [i.e., unchanged]\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:798
-msgid "where:"
-msgstr ""
-
-#. type: IP
-#: build/C/man7/capabilities.7:799
-#, no-wrap
-msgid "P"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:802
-msgid "denotes the value of a thread capability set before the B<execve>(2)"
-msgstr ""
-
-#. type: IP
-#: build/C/man7/capabilities.7:802
-#, no-wrap
-msgid "P'"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:805
-msgid "denotes the value of a capability set after the B<execve>(2)"
-msgstr ""
-
-#. type: IP
-#: build/C/man7/capabilities.7:805
-#, no-wrap
-msgid "F"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:807
-msgid "denotes a file capability set"
-msgstr ""
-
-#. type: IP
-#: build/C/man7/capabilities.7:807
-#, no-wrap
-msgid "cap_bset"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:809
-msgid "is the value of the capability bounding set (described below)."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/capabilities.7:811
-#, no-wrap
-msgid "Capabilities and execution of programs by root"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:816
-msgid ""
-"In order to provide an all-powerful I<root> using capability sets, during an "
-"B<execve>(2):"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:821
-msgid ""
-"If a set-user-ID-root program is being executed, or the real user ID of the "
-"process is 0 (root) then the file inheritable and permitted sets are "
-"defined to be all ones (i.e., all capabilities enabled)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:824
-msgid ""
-"If a set-user-ID-root program is being executed, then the file effective bit "
-"is defined to be one (enabled)."
-msgstr ""
-
-#. If a process with real UID 0, and nonzero effective UID does an
-#. exec(), then it gets all capabilities in its
-#. permitted set, and no effective capabilities
-#. type: Plain text
-#: build/C/man7/capabilities.7:839
-msgid ""
-"The upshot of the above rules, combined with the capabilities "
-"transformations described above, is that when a process B<execve>(2)s a "
-"set-user-ID-root program, or when a process with an effective UID of 0 "
-"B<execve>(2)s a program, it gains all capabilities in its permitted and "
-"effective capability sets, except those masked out by the capability "
-"bounding set. This provides semantics that are the same as those provided "
-"by traditional UNIX systems."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/capabilities.7:839
-#, no-wrap
-msgid "Capability bounding set"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:844
-msgid ""
-"The capability bounding set is a security mechanism that can be used to "
-"limit the capabilities that can be gained during an B<execve>(2). The "
-"bounding set is used in the following ways:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:852
-msgid ""
-"During an B<execve>(2), the capability bounding set is ANDed with the file "
-"permitted capability set, and the result of this operation is assigned to "
-"the thread's permitted capability set. The capability bounding set thus "
-"places a limit on the permitted capabilities that may be granted by an "
-"executable file."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:864
-msgid ""
-"(Since Linux 2.6.25) The capability bounding set acts as a limiting "
-"superset for the capabilities that a thread can add to its inheritable set "
-"using B<capset>(2). This means that if a capability is not in the bounding "
-"set, then a thread can't add this capability to its inheritable set, even if "
-"it was in its permitted capabilities, and thereby cannot have this "
-"capability preserved in its permitted set when it B<execve>(2)s a file that "
-"has the capability in its inheritable set."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:871
-msgid ""
-"Note that the bounding set masks the file permitted capabilities, but not "
-"the inherited capabilities. If a thread maintains a capability in its "
-"inherited set that is not in its bounding set, then it can still gain that "
-"capability in its permitted set by executing a file that has the capability "
-"in its inherited set."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:874
-msgid ""
-"Depending on the kernel version, the capability bounding set is either a "
-"system-wide attribute, or a per-process attribute."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:876
-msgid "B<Capability bounding set prior to Linux 2.6.25>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:884
-msgid ""
-"In kernels before 2.6.25, the capability bounding set is a system-wide "
-"attribute that affects all threads on the system. The bounding set is "
-"accessible via the file I</proc/sys/kernel/cap-bound>. (Confusingly, this "
-"bit mask parameter is expressed as a signed decimal number in "
-"I</proc/sys/kernel/cap-bound>.)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:891
-msgid ""
-"Only the B<init> process may set capabilities in the capability bounding "
-"set; other than that, the superuser (more precisely: programs with the "
-"B<CAP_SYS_MODULE> capability) may only clear capabilities from this set."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:900
-msgid ""
-"On a standard system the capability bounding set always masks out the "
-"B<CAP_SETPCAP> capability. To remove this restriction (dangerous!), modify "
-"the definition of B<CAP_INIT_EFF_SET> in I<include/linux/capability.h> and "
-"rebuild the kernel."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:904
-msgid ""
-"The system-wide capability bounding set feature was added to Linux starting "
-"with kernel version 2.2.11."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:906
-msgid "B<Capability bounding set from Linux 2.6.25 onward>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:911
-msgid ""
-"From Linux 2.6.25, the I<capability bounding set> is a per-thread "
-"attribute. (There is no longer a system-wide capability bounding set.)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:916
-msgid ""
-"The bounding set is inherited at B<fork>(2) from the thread's parent, and "
-"is preserved across an B<execve>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:929
-msgid ""
-"A thread may remove capabilities from its capability bounding set using the "
-"B<prctl>(2) B<PR_CAPBSET_DROP> operation, provided it has the "
-"B<CAP_SETPCAP> capability. Once a capability has been dropped from the "
-"bounding set, it cannot be restored to that set. A thread can determine if "
-"a capability is in its bounding set using the B<prctl>(2) "
-"B<PR_CAPBSET_READ> operation."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:947
-msgid ""
-"Removing capabilities from the bounding set is supported only if file "
-"capabilities are compiled into the kernel. In kernels before Linux 2.6.33, "
-"file capabilities were an optional feature configurable via the "
-"B<CONFIG_SECURITY_FILE_CAPABILITIES> option. Since Linux 2.6.33, the "
-"configuration option has been removed and file capabilities are always part "
-"of the kernel. When file capabilities are compiled into the kernel, the "
-"B<init> process (the ancestor of all processes) begins with a full bounding "
-"set. If file capabilities are not compiled into the kernel, then B<init> "
-"begins with a full bounding set minus B<CAP_SETPCAP>, because this "
-"capability has a different meaning when there are no file capabilities."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:954
-msgid ""
-"Removing a capability from the bounding set does not remove it from the "
-"thread's inherited set. However it does prevent the capability from being "
-"added back into the thread's inherited set in the future."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/capabilities.7:954
-#, no-wrap
-msgid "Effect of user ID changes on capabilities"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:963
-msgid ""
-"To preserve the traditional semantics for transitions between 0 and nonzero "
-"user IDs, the kernel makes the following changes to a thread's capability "
-"sets on changes to the thread's real, effective, saved set, and filesystem "
-"user IDs (using B<setuid>(2), B<setresuid>(2), or similar):"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:969
-msgid ""
-"If one or more of the real, effective or saved set user IDs was previously "
-"0, and as a result of the UID changes all of these IDs have a nonzero value, "
-"then all capabilities are cleared from the permitted and effective "
-"capability sets."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:972
-msgid ""
-"If the effective user ID is changed from 0 to nonzero, then all capabilities "
-"are cleared from the effective set."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:975
-msgid ""
-"If the effective user ID is changed from nonzero to 0, then the permitted "
-"set is copied to the effective set."
-msgstr ""
-
-#. type: IP
-#: build/C/man7/capabilities.7:975 build/C/man7/capabilities.7:1030 build/C/man7/user_namespaces.7:529
-#, no-wrap
-msgid "4."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:993
-msgid ""
-"If the filesystem user ID is changed from 0 to nonzero (see B<setfsuid>(2)), "
-"then the following capabilities are cleared from the effective set: "
-"B<CAP_CHOWN>, B<CAP_DAC_OVERRIDE>, B<CAP_DAC_READ_SEARCH>, B<CAP_FOWNER>, "
-"B<CAP_FSETID>, B<CAP_LINUX_IMMUTABLE> (since Linux 2.6.30), "
-"B<CAP_MAC_OVERRIDE>, and B<CAP_MKNOD> (since Linux 2.6.30). If the "
-"filesystem UID is changed from nonzero to 0, then any of these capabilities "
-"that are enabled in the permitted set are enabled in the effective set."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1001
-msgid ""
-"If a thread that has a 0 value for one or more of its user IDs wants to "
-"prevent its permitted capability set being cleared when it resets all of its "
-"user IDs to nonzero values, it can do so using the B<prctl>(2) "
-"B<PR_SET_KEEPCAPS> operation."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/capabilities.7:1001
-#, no-wrap
-msgid "Programmatically adjusting capability sets"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1016
-msgid ""
-"A thread can retrieve and change its capability sets using the B<capget>(2) "
-"and B<capset>(2) system calls. However, the use of B<cap_get_proc>(3) and "
-"B<cap_set_proc>(3), both provided in the I<libcap> package, is preferred for "
-"this purpose. The following rules govern changes to the thread capability "
-"sets:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1022
-msgid ""
-"If the caller does not have the B<CAP_SETPCAP> capability, the new "
-"inheritable set must be a subset of the combination of the existing "
-"inheritable and permitted sets."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1026
-msgid ""
-"(Since Linux 2.6.25) The new inheritable set must be a subset of the "
-"combination of the existing inheritable set and the capability bounding set."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1030
-msgid ""
-"The new permitted set must be a subset of the existing permitted set (i.e., "
-"it is not possible to acquire permitted capabilities that the thread does "
-"not currently have)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1032
-msgid "The new effective set must be a subset of the new permitted set."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/capabilities.7:1032
-#, no-wrap
-msgid "The securebits flags: establishing a capabilities-only environment"
-msgstr ""
-
-#. For some background:
-#. see http://lwn.net/Articles/280279/ and
-#. http://article.gmane.org/gmane.linux.kernel.lsm/5476/
-#. type: Plain text
-#: build/C/man7/capabilities.7:1043
-msgid ""
-"Starting with kernel 2.6.26, and with a kernel in which file capabilities "
-"are enabled, Linux implements a set of per-thread I<securebits> flags that "
-"can be used to disable special handling of capabilities for UID 0 "
-"(I<root>). These flags are as follows:"
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:1043
-#, no-wrap
-msgid "B<SECBIT_KEEP_CAPS>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1055
-msgid ""
-"Setting this flag allows a thread that has one or more 0 UIDs to retain its "
-"capabilities when it switches all of its UIDs to a nonzero value. If this "
-"flag is not set, then such a UID switch causes the thread to lose all "
-"capabilities. This flag is always cleared on an B<execve>(2). (This flag "
-"provides the same functionality as the older B<prctl>(2) B<PR_SET_KEEPCAPS> "
-"operation.)"
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:1055
-#, no-wrap
-msgid "B<SECBIT_NO_SETUID_FIXUP>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1062
-msgid ""
-"Setting this flag stops the kernel from adjusting capability sets when the "
-"threads's effective and filesystem UIDs are switched between zero and "
-"nonzero values. (See the subsection I<Effect of User ID Changes on "
-"Capabilities>.)"
-msgstr ""
-
-#. type: TP
-#: build/C/man7/capabilities.7:1062
-#, no-wrap
-msgid "B<SECBIT_NOROOT>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1070
-msgid ""
-"If this bit is set, then the kernel does not grant capabilities when a "
-"set-user-ID-root program is executed, or when a process with an effective or "
-"real UID of 0 calls B<execve>(2). (See the subsection I<Capabilities and "
-"execution of programs by root>.)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1080
-msgid ""
-"Each of the above \"base\" flags has a companion \"locked\" flag. Setting "
-"any of the \"locked\" flags is irreversible, and has the effect of "
-"preventing further changes to the corresponding \"base\" flag. The locked "
-"flags are: B<SECBIT_KEEP_CAPS_LOCKED>, B<SECBIT_NO_SETUID_FIXUP_LOCKED>, and "
-"B<SECBIT_NOROOT_LOCKED>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1092
-msgid ""
-"The I<securebits> flags can be modified and retrieved using the B<prctl>(2) "
-"B<PR_SET_SECUREBITS> and B<PR_GET_SECUREBITS> operations. The "
-"B<CAP_SETPCAP> capability is required to modify the flags."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1101
-msgid ""
-"The I<securebits> flags are inherited by child processes. During an "
-"B<execve>(2), all of the flags are preserved, except B<SECBIT_KEEP_CAPS> "
-"which is always cleared."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1106
-msgid ""
-"An application can use the following call to lock itself, and all of its "
-"descendants, into an environment where the only way of gaining capabilities "
-"is by executing a program with associated file capabilities:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1115
-#, no-wrap
-msgid ""
-"prctl(PR_SET_SECUREBITS,\n"
-" SECBIT_KEEP_CAPS_LOCKED |\n"
-" SECBIT_NO_SETUID_FIXUP |\n"
-" SECBIT_NO_SETUID_FIXUP_LOCKED |\n"
-" SECBIT_NOROOT |\n"
-" SECBIT_NOROOT_LOCKED);\n"
-msgstr ""
-
-#. type: SS
-#: build/C/man7/capabilities.7:1117
-#, no-wrap
-msgid "Interaction with user namespaces"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1120
-msgid ""
-"For a discussion of the interaction of capabilities and user namespaces, see "
-"B<user_namespaces>(7)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1126
-msgid ""
-"No standards govern capabilities, but the Linux capability implementation is "
-"based on the withdrawn POSIX.1e draft standard; see E<.UR "
-"http://wt.tuxomania.net\\:/publications\\:/posix.1e/> E<.UE .>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1131
-msgid ""
-"Since kernel 2.5.27, capabilities are an optional kernel component, and can "
-"be enabled/disabled via the B<CONFIG_SECURITY_CAPABILITIES> kernel "
-"configuration option."
-msgstr ""
-
-#. 7b9a7ec565505699f503b4fcf61500dceb36e744
-#. type: Plain text
-#: build/C/man7/capabilities.7:1145
-msgid ""
-"The I</proc/PID/task/TID/status> file can be used to view the capability "
-"sets of a thread. The I</proc/PID/status> file shows the capability sets of "
-"a process's main thread. Before Linux 3.8, nonexistent capabilities were "
-"shown as being enabled (1) in these sets. Since Linux 3.8, all nonexistent "
-"capabilities (above B<CAP_LAST_CAP>) are shown as disabled (0)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1160
-msgid ""
-"The I<libcap> package provides a suite of routines for setting and getting "
-"capabilities that is more comfortable and less likely to change than the "
-"interface provided by B<capset>(2) and B<capget>(2). This package also "
-"provides the B<setcap>(8) and B<getcap>(8) programs. It can be found at"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1163
-msgid ""
-"E<.UR "
-"http://www.kernel.org\\:/pub\\:/linux\\:/libs\\:/security\\:/linux-privs> "
-"E<.UE .>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1172
-msgid ""
-"Before kernel 2.6.24, and since kernel 2.6.24 if file capabilities are not "
-"enabled, a thread with the B<CAP_SETPCAP> capability can manipulate the "
-"capabilities of threads other than itself. However, this is only "
-"theoretically possible, since no thread ever has B<CAP_SETPCAP> in either of "
-"these cases:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1177
-msgid ""
-"In the pre-2.6.25 implementation the system-wide capability bounding set, "
-"I</proc/sys/kernel/cap-bound>, always masks out this capability, and this "
-"can not be changed without modifying the kernel source and rebuilding."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1183
-msgid ""
-"If file capabilities are disabled in the current implementation, then "
-"B<init> starts out with this capability removed from its per-process "
-"bounding set, and that bounding set is inherited by all other processes "
-"created on the system."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1202
-msgid ""
-"B<capsh>(1), B<setpriv>(2), B<prctl>(2), B<setfsuid>(2), B<cap_clear>(3), "
-"B<cap_copy_ext>(3), B<cap_from_text>(3), B<cap_get_file>(3), "
-"B<cap_get_proc>(3), B<cap_init>(3), B<capgetp>(3), B<capsetp>(3), "
-"B<libcap>(3), B<credentials>(7), B<user_namespaces>(7), B<pthreads>(7), "
-"B<getcap>(8), B<setcap>(8)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/capabilities.7:1205
-msgid "I<include/linux/capability.h> in the Linux kernel source tree"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/capget.2:15
-#, no-wrap
-msgid "CAPGET"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/capget.2:15
-#, no-wrap
-msgid "2013-03-11"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:18
-msgid "capget, capset - set/get capabilities of thread(s)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:20
-msgid "B<#include E<lt>sys/capability.hE<gt>>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:22
-msgid "B<int capget(cap_user_header_t >I<hdrp>B<, cap_user_data_t >I<datap>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:24
-msgid ""
-"B<int capset(cap_user_header_t >I<hdrp>B<, const cap_user_data_t "
-">I<datap>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:35
-msgid ""
-"As of Linux 2.2, the power of the superuser (root) has been partitioned into "
-"a set of discrete capabilities. Each thread has a set of effective "
-"capabilities identifying which capabilities (if any) it may currently "
-"exercise. Each thread also has a set of inheritable capabilities that may "
-"be passed through an B<execve>(2) call, and a set of permitted capabilities "
-"that it can make effective or inheritable."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:44
-msgid ""
-"These two system calls are the raw kernel interface for getting and setting "
-"thread capabilities. Not only are these system calls specific to Linux, but "
-"the kernel API is likely to change and use of these system calls (in "
-"particular the format of the I<cap_user_*_t> types) is subject to extension "
-"with each kernel revision, but old programs will keep working."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:55
-msgid ""
-"The portable interfaces are B<cap_set_proc>(3) and B<cap_get_proc>(3); if "
-"possible, you should use those interfaces in applications. If you wish to "
-"use the Linux extensions in applications, you should use the easier-to-use "
-"interfaces B<capsetp>(3) and B<capgetp>(3)."
-msgstr ""
-
-#. type: SS
-#: build/C/man2/capget.2:55
-#, no-wrap
-msgid "Current details"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:58
-msgid ""
-"Now that you have been warned, some current kernel details. The structures "
-"are defined as follows."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:63
-#, no-wrap
-msgid ""
-"#define _LINUX_CAPABILITY_VERSION_1 0x19980330\n"
-"#define _LINUX_CAPABILITY_U32S_1 1\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:66
-#, no-wrap
-msgid ""
-"#define _LINUX_CAPABILITY_VERSION_2 0x20071026\n"
-"#define _LINUX_CAPABILITY_U32S_2 2\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:71
-#, no-wrap
-msgid ""
-"typedef struct __user_cap_header_struct {\n"
-" __u32 version;\n"
-" int pid;\n"
-"} *cap_user_header_t;\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:77
-#, no-wrap
-msgid ""
-"typedef struct __user_cap_data_struct {\n"
-" __u32 effective;\n"
-" __u32 permitted;\n"
-" __u32 inheritable;\n"
-"} *cap_user_data_t;\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:96
-msgid ""
-"The I<effective>, I<permitted>, and I<inheritable> fields are bit masks of "
-"the capabilities defined in B<capabilities>(7). Note the B<CAP_*> values "
-"are bit indexes and need to be bit-shifted before ORing into the bit "
-"fields. To define the structures for passing to the system call you have to "
-"use the I<struct __user_cap_header_struct> and I<struct "
-"__user_cap_data_struct> names because the typedefs are only pointers."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:108
-msgid ""
-"Kernels prior to 2.6.25 prefer 32-bit capabilities with version "
-"B<_LINUX_CAPABILITY_VERSION_1>, and kernels 2.6.25+ prefer 64-bit "
-"capabilities with version B<_LINUX_CAPABILITY_VERSION_2>. Note, 64-bit "
-"capabilities use I<datap>[0] and I<datap>[1], whereas 32-bit capabilities "
-"use only I<datap>[0]."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:112
-msgid ""
-"Another change affecting the behavior of these system calls is kernel "
-"support for file capabilities (VFS capability support). This support is "
-"currently a compile time option (added in kernel 2.6.24)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:119
-msgid ""
-"For B<capget>() calls, one can probe the capabilities of any process by "
-"specifying its process ID with the I<hdrp-E<gt>pid> field value."
-msgstr ""
-
-#. type: SS
-#: build/C/man2/capget.2:119
-#, no-wrap
-msgid "With VFS capability support"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:131
-msgid ""
-"VFS Capability support creates a file-attribute method for adding "
-"capabilities to privileged executables. This privilege model obsoletes "
-"kernel support for one process asynchronously setting the capabilities of "
-"another. That is, with VFS support, for B<capset>() calls the only "
-"permitted values for I<hdrp-E<gt>pid> are 0 or B<getpid>(2), which are "
-"equivalent."
-msgstr ""
-
-#. type: SS
-#: build/C/man2/capget.2:131
-#, no-wrap
-msgid "Without VFS capability support"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:157
-msgid ""
-"When the kernel does not support VFS capabilities, B<capset>() calls can "
-"operate on the capabilities of the thread specified by the I<pid> field of "
-"I<hdrp> when that is nonzero, or on the capabilities of the calling thread "
-"if I<pid> is 0. If I<pid> refers to a single-threaded process, then I<pid> "
-"can be specified as a traditional process ID; operating on a thread of a "
-"multithreaded process requires a thread ID of the type returned by "
-"B<gettid>(2). For B<capset>(), I<pid> can also be: -1, meaning perform the "
-"change on all threads except the caller and B<init>(1); or a value less than "
-"-1, in which case the change is applied to all members of the process group "
-"whose ID is -I<pid>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:160
-msgid "For details on the data, see B<capabilities>(7)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:179
-msgid ""
-"The calls will fail with the error B<EINVAL>, and set the I<version> field "
-"of I<hdrp> to the kernel preferred value of B<_LINUX_CAPABILITY_VERSION_?> "
-"when an unsupported I<version> value is specified. In this way, one can "
-"probe what the current preferred capability revision is."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:188
-msgid ""
-"Bad memory address. I<hdrp> must not be NULL. I<datap> may be NULL only "
-"when the user is trying to determine the preferred capability version format "
-"supported by the kernel."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/capget.2:188 build/C/man7/cpuset.7:1180 build/C/man7/cpuset.7:1189 build/C/man7/cpuset.7:1198 build/C/man7/cpuset.7:1208 build/C/man7/cpuset.7:1217 build/C/man7/cpuset.7:1224 build/C/man7/cpuset.7:1231 build/C/man2/getgroups.2:114 build/C/man2/getgroups.2:121 build/C/man2/getpriority.2:118 build/C/man2/getrlimit.2:471 build/C/man2/getrusage.2:198 build/C/man2/iopl.2:72 build/C/man2/ioprio_set.2:170 build/C/man2/seteuid.2:80 build/C/man2/setgid.2:59 build/C/man2/setpgid.2:225 build/C/man2/setresuid.2:99 build/C/man2/setreuid.2:128 build/C/man2/setuid.2:105 build/C/man2/seccomp.2:373 build/C/man2/seccomp.2:380 build/C/man2/seccomp.2:387 build/C/man2/seccomp.2:393 build/C/man2/seccomp.2:402
-#, no-wrap
-msgid "B<EINVAL>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:191
-msgid "One of the arguments was invalid."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:196
-msgid ""
-"An attempt was made to add a capability to the Permitted set, or to set a "
-"capability in the Effective or Inheritable sets that is not in the Permitted "
-"set."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:215
-msgid ""
-"The caller attempted to use B<capset>() to modify the capabilities of a "
-"thread other than itself, but lacked sufficient privilege. For kernels "
-"supporting VFS capabilities, this is never permitted. For kernels lacking "
-"VFS support, the B<CAP_SETPCAP> capability is required. (A bug in kernels "
-"before 2.6.11 meant that this error could also occur if a thread without "
-"this capability tried to change its own capabilities by specifying the "
-"I<pid> field as a nonzero value (i.e., the value returned by B<getpid>(2)) "
-"instead of 0.)"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/capget.2:215 build/C/man7/cpuset.7:1330 build/C/man2/getpriority.2:126 build/C/man2/getrlimit.2:502 build/C/man2/getsid.2:70 build/C/man2/ioprio_set.2:187 build/C/man2/setpgid.2:240 build/C/man2/seccomp.2:426
-#, no-wrap
-msgid "B<ESRCH>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:218
-msgid "No such thread."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:220 build/C/man2/ioprio_set.2:198
-msgid "These system calls are Linux-specific."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:225
-msgid ""
-"The portable interface to the capability querying and setting functions is "
-"provided by the I<libcap> library and is available here:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:228
-msgid ""
-"E<.UR "
-"http://git.kernel.org/cgit\\:/linux\\:/kernel\\:/git\\:/morgan\\:\\:/libcap.git> "
-"E<.UE>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/capget.2:232
-msgid "B<clone>(2), B<gettid>(2), B<capabilities>(7)"
-msgstr ""
-
-#. type: TH
-#: build/C/man7/cpuset.7:25
-#, no-wrap
-msgid "CPUSET"
-msgstr ""
-
-#. type: TH
-#: build/C/man7/cpuset.7:25
-#, no-wrap
-msgid "2014-05-21"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:28
-msgid "cpuset - confine processes to processor and memory node subsets"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:35
-msgid ""
-"The cpuset filesystem is a pseudo-filesystem interface to the kernel cpuset "
-"mechanism, which is used to control the processor placement and memory "
-"placement of processes. It is commonly mounted at I</dev/cpuset>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:52
-msgid ""
-"On systems with kernels compiled with built in support for cpusets, all "
-"processes are attached to a cpuset, and cpusets are always present. If a "
-"system supports cpusets, then it will have the entry B<nodev cpuset> in the "
-"file I</proc/filesystems>. By mounting the cpuset filesystem (see the "
-"B<EXAMPLE> section below), the administrator can configure the cpusets on a "
-"system to control the processor and memory placement of processes on that "
-"system. By default, if the cpuset configuration on a system is not modified "
-"or if the cpuset filesystem is not even mounted, then the cpuset mechanism, "
-"though present, has no affect on the system's behavior."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:54
-msgid "A cpuset defines a list of CPUs and memory nodes."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:63
-msgid ""
-"The CPUs of a system include all the logical processing units on which a "
-"process can execute, including, if present, multiple processor cores within "
-"a package and Hyper-Threads within a processor core. Memory nodes include "
-"all distinct banks of main memory; small and SMP systems typically have just "
-"one memory node that contains all the system's main memory, while NUMA "
-"(non-uniform memory access) systems have multiple memory nodes."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:73
-msgid ""
-"Cpusets are represented as directories in a hierarchical pseudo-filesystem, "
-"where the top directory in the hierarchy (I</dev/cpuset>) represents the "
-"entire system (all online CPUs and memory nodes) and any cpuset that is the "
-"child (descendant) of another parent cpuset contains a subset of that "
-"parent's CPUs and memory nodes. The directories and files representing "
-"cpusets have normal filesystem permissions."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:84
-msgid ""
-"Every process in the system belongs to exactly one cpuset. A process is "
-"confined to run only on the CPUs in the cpuset it belongs to, and to "
-"allocate memory only on the memory nodes in that cpuset. When a process "
-"B<fork>(2)s, the child process is placed in the same cpuset as its parent. "
-"With sufficient privilege, a process may be moved from one cpuset to another "
-"and the allowed CPUs and memory nodes of an existing cpuset may be changed."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:92
-msgid ""
-"When the system begins booting, a single cpuset is defined that includes all "
-"CPUs and memory nodes on the system, and all processes are in that cpuset. "
-"During the boot process, or later during normal system operation, other "
-"cpusets may be created, as subdirectories of this top cpuset, under the "
-"control of the system administrator, and processes may be placed in these "
-"other cpusets."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:114
-msgid ""
-"Cpusets are integrated with the B<sched_setaffinity>(2) scheduling affinity "
-"mechanism and the B<mbind>(2) and B<set_mempolicy>(2) memory-placement "
-"mechanisms in the kernel. Neither of these mechanisms let a process make "
-"use of a CPU or memory node that is not allowed by that process's cpuset. "
-"If changes to a process's cpuset placement conflict with these other "
-"mechanisms, then cpuset placement is enforced even if it means overriding "
-"these other mechanisms. The kernel accomplishes this overriding by silently "
-"restricting the CPUs and memory nodes requested by these other mechanisms to "
-"those allowed by the invoking process's cpuset. This can result in these "
-"other calls returning an error, if for example, such a call ends up "
-"requesting an empty set of CPUs or memory nodes, after that request is "
-"restricted to the invoking process's cpuset."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:120
-msgid ""
-"Typically, a cpuset is used to manage the CPU and memory-node confinement "
-"for a set of cooperating processes such as a batch scheduler job, and these "
-"other mechanisms are used to manage the placement of individual processes or "
-"memory regions within that set or job."
-msgstr ""
-
-#. type: SH
-#: build/C/man7/cpuset.7:120
-#, no-wrap
-msgid "FILES"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:125
-msgid ""
-"Each directory below I</dev/cpuset> represents a cpuset and contains a fixed "
-"set of pseudo-files describing the state of that cpuset."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:135
-msgid ""
-"New cpusets are created using the B<mkdir>(2) system call or the "
-"B<mkdir>(1) command. The properties of a cpuset, such as its flags, "
-"allowed CPUs and memory nodes, and attached processes, are queried and "
-"modified by reading or writing to the appropriate file in that cpuset's "
-"directory, as listed below."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:141
-msgid ""
-"The pseudo-files in each cpuset directory are automatically created when the "
-"cpuset is created, as a result of the B<mkdir>(2) invocation. It is not "
-"possible to directly add or remove these pseudo-files."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:149
-msgid ""
-"A cpuset directory that contains no child cpuset directories, and has no "
-"attached processes, can be removed using B<rmdir>(2) or B<rmdir>(1). It is "
-"not necessary, or possible, to remove the pseudo-files inside the directory "
-"before removing it."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:163
-msgid ""
-"The pseudo-files in each cpuset directory are small text files that may be "
-"read and written using traditional shell utilities such as B<cat>(1), and "
-"B<echo>(1), or from a program by using file I/O library functions or system "
-"calls, such as B<open>(2), B<read>(2), B<write>(2), and B<close>(2)."
-msgstr ""
-
-#. ====================== tasks ======================
-#. type: Plain text
-#: build/C/man7/cpuset.7:168
-msgid ""
-"The pseudo-files in a cpuset directory represent internal kernel state and "
-"do not have any persistent image on disk. Each of these per-cpuset files is "
-"listed and described below."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/cpuset.7:168
-#, no-wrap
-msgid "I<tasks>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:178
-msgid ""
-"List of the process IDs (PIDs) of the processes in that cpuset. The list is "
-"formatted as a series of ASCII decimal numbers, each followed by a newline. "
-"A process may be added to a cpuset (automatically removing it from the "
-"cpuset that previously contained it) by writing its PID to that cpuset's "
-"I<tasks> file (with or without a trailing newline)."
-msgstr ""
-
-#. =================== notify_on_release ===================
-#. type: Plain text
-#: build/C/man7/cpuset.7:186
-msgid ""
-"B<Warning:> only one PID may be written to the I<tasks> file at a time. If "
-"a string is written that contains more than one PID, only the first one will "
-"be used."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/cpuset.7:186
-#, no-wrap
-msgid "I<notify_on_release>"
-msgstr ""
-
-#. ====================== cpus ======================
-#. type: Plain text
-#: build/C/man7/cpuset.7:195
-msgid ""
-"Flag (0 or 1). If set (1), that cpuset will receive special handling after "
-"it is released, that is, after all processes cease using it (i.e., terminate "
-"or are moved to a different cpuset) and all child cpuset directories have "
-"been removed. See the B<Notify On Release> section, below."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/cpuset.7:195
-#, no-wrap
-msgid "I<cpuset.cpus>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:202
-msgid ""
-"List of the physical numbers of the CPUs on which processes in that cpuset "
-"are allowed to execute. See B<List Format> below for a description of the "
-"format of I<cpus>."
-msgstr ""
-
-#. ==================== cpu_exclusive ====================
-#. type: Plain text
-#: build/C/man7/cpuset.7:208
-msgid ""
-"The CPUs allowed to a cpuset may be changed by writing a new list to its "
-"I<cpus> file."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/cpuset.7:208
-#, no-wrap
-msgid "I<cpuset.cpu_exclusive>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:215
-msgid ""
-"Flag (0 or 1). If set (1), the cpuset has exclusive use of its CPUs (no "
-"sibling or cousin cpuset may overlap CPUs). By default this is off (0). "
-"Newly created cpusets also initially default this to off (0)."
-msgstr ""
-
-#. ====================== mems ======================
-#. type: Plain text
-#: build/C/man7/cpuset.7:237
-msgid ""
-"Two cpusets are I<sibling> cpusets if they share the same parent cpuset in "
-"the I</dev/cpuset> hierarchy. Two cpusets are I<cousin> cpusets if neither "
-"is the ancestor of the other. Regardless of the I<cpu_exclusive> setting, "
-"if one cpuset is the ancestor of another, and if both of these cpusets have "
-"nonempty I<cpus>, then their I<cpus> must overlap, because the I<cpus> of "
-"any cpuset are always a subset of the I<cpus> of its parent cpuset."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/cpuset.7:237
-#, no-wrap
-msgid "I<cpuset.mems>"
-msgstr ""
-
-#. ==================== mem_exclusive ====================
-#. type: Plain text
-#: build/C/man7/cpuset.7:245
-msgid ""
-"List of memory nodes on which processes in this cpuset are allowed to "
-"allocate memory. See B<List Format> below for a description of the format "
-"of I<mems>."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/cpuset.7:245
-#, no-wrap
-msgid "I<cpuset.mem_exclusive>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:253
-msgid ""
-"Flag (0 or 1). If set (1), the cpuset has exclusive use of its memory nodes "
-"(no sibling or cousin may overlap). Also if set (1), the cpuset is a "
-"B<Hardwall> cpuset (see below). By default this is off (0). Newly created "
-"cpusets also initially default this to off (0)."
-msgstr ""
-
-#. ==================== mem_hardwall ====================
-#. type: Plain text
-#: build/C/man7/cpuset.7:261
-msgid ""
-"Regardless of the I<mem_exclusive> setting, if one cpuset is the ancestor of "
-"another, then their memory nodes must overlap, because the memory nodes of "
-"any cpuset are always a subset of the memory nodes of that cpuset's parent "
-"cpuset."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/cpuset.7:261
-#, no-wrap
-msgid "I<cpuset.mem_hardwall> (since Linux 2.6.26)"
-msgstr ""
-
-#. ==================== memory_migrate ====================
-#. type: Plain text
-#: build/C/man7/cpuset.7:272
-msgid ""
-"Flag (0 or 1). If set (1), the cpuset is a B<Hardwall> cpuset (see below). "
-"Unlike B<mem_exclusive>, there is no constraint on whether cpusets marked "
-"B<mem_hardwall> may have overlapping memory nodes with sibling or cousin "
-"cpusets. By default this is off (0). Newly created cpusets also initially "
-"default this to off (0)."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/cpuset.7:272
-#, no-wrap
-msgid "I<cpuset.memory_migrate> (since Linux 2.6.16)"
-msgstr ""
-
-#. ==================== memory_pressure ====================
-#. type: Plain text
-#: build/C/man7/cpuset.7:279
-msgid ""
-"Flag (0 or 1). If set (1), then memory migration is enabled. By default "
-"this is off (0). See the B<Memory Migration> section, below."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/cpuset.7:279
-#, no-wrap
-msgid "I<cpuset.memory_pressure> (since Linux 2.6.16)"
-msgstr ""
-
-#. ================= memory_pressure_enabled =================
-#. type: Plain text
-#: build/C/man7/cpuset.7:292
-msgid ""
-"A measure of how much memory pressure the processes in this cpuset are "
-"causing. See the B<Memory Pressure> section, below. Unless "
-"I<memory_pressure_enabled> is enabled, always has value zero (0). This file "
-"is read-only. See the B<WARNINGS> section, below."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/cpuset.7:292
-#, no-wrap
-msgid "I<cpuset.memory_pressure_enabled> (since Linux 2.6.16)"
-msgstr ""
-
-#. ================== memory_spread_page ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:304
-msgid ""
-"Flag (0 or 1). This file is present only in the root cpuset, normally "
-"I</dev/cpuset>. If set (1), the I<memory_pressure> calculations are enabled "
-"for all cpusets in the system. By default this is off (0). See the "
-"B<Memory Pressure> section, below."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/cpuset.7:304
-#, no-wrap
-msgid "I<cpuset.memory_spread_page> (since Linux 2.6.17)"
-msgstr ""
-
-#. ================== memory_spread_slab ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:314
-msgid ""
-"Flag (0 or 1). If set (1), pages in the kernel page cache (filesystem "
-"buffers) are uniformly spread across the cpuset. By default this is off (0) "
-"in the top cpuset, and inherited from the parent cpuset in newly created "
-"cpusets. See the B<Memory Spread> section, below."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/cpuset.7:314
-#, no-wrap
-msgid "I<cpuset.memory_spread_slab> (since Linux 2.6.17)"
-msgstr ""
-
-#. ================== sched_load_balance ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:325
-msgid ""
-"Flag (0 or 1). If set (1), the kernel slab caches for file I/O (directory "
-"and inode structures) are uniformly spread across the cpuset. By default "
-"this is off (0) in the top cpuset, and inherited from the parent cpuset in "
-"newly created cpusets. See the B<Memory Spread> section, below."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/cpuset.7:325
-#, no-wrap
-msgid "I<cpuset.sched_load_balance> (since Linux 2.6.24)"
-msgstr ""
-
-#. ================== sched_relax_domain_level ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:339
-msgid ""
-"Flag (0 or 1). If set (1, the default) the kernel will automatically load "
-"balance processes in that cpuset over the allowed CPUs in that cpuset. If "
-"cleared (0) the kernel will avoid load balancing processes in this cpuset, "
-"I<unless> some other cpuset with overlapping CPUs has its "
-"I<sched_load_balance> flag set. See B<Scheduler Load Balancing>, below, for "
-"further details."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/cpuset.7:339
-#, no-wrap
-msgid "I<cpuset.sched_relax_domain_level> (since Linux 2.6.26)"
-msgstr ""
-
-#. ================== proc cpuset ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:359
-msgid ""
-"Integer, between -1 and a small positive value. The "
-"I<sched_relax_domain_level> controls the width of the range of CPUs over "
-"which the kernel scheduler performs immediate rebalancing of runnable tasks "
-"across CPUs. If I<sched_load_balance> is disabled, then the setting of "
-"I<sched_relax_domain_level> does not matter, as no such load balancing is "
-"done. If I<sched_load_balance> is enabled, then the higher the value of the "
-"I<sched_relax_domain_level>, the wider the range of CPUs over which "
-"immediate load balancing is attempted. See B<Scheduler Relax Domain Level>, "
-"below, for further details."
-msgstr ""
-
-#. ================== proc status ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:367
-msgid ""
-"In addition to the above pseudo-files in each directory below "
-"I</dev/cpuset>, each process has a pseudo-file, "
-"I</proc/E<lt>pidE<gt>/cpuset>, that displays the path of the process's "
-"cpuset directory relative to the root of the cpuset filesystem."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:378
-msgid ""
-"Also the I</proc/E<lt>pidE<gt>/status> file for each process has four added "
-"lines, displaying the process's I<Cpus_allowed> (on which CPUs it may be "
-"scheduled) and I<Mems_allowed> (on which memory nodes it may obtain memory), "
-"in the two formats B<Mask Format> and B<List Format> (see below) as shown "
-"in the following example:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:385
-#, no-wrap
-msgid ""
-"Cpus_allowed: ffffffff,ffffffff,ffffffff,ffffffff\n"
-"Cpus_allowed_list: 0-127\n"
-"Mems_allowed: ffffffff,ffffffff\n"
-"Mems_allowed_list: 0-63\n"
-msgstr ""
-
-#. ================== EXTENDED CAPABILITIES ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:391
-msgid ""
-"The \"allowed\" fields were added in Linux 2.6.24; the \"allowed_list\" "
-"fields were added in Linux 2.6.26."
-msgstr ""
-
-#. type: SH
-#: build/C/man7/cpuset.7:391
-#, no-wrap
-msgid "EXTENDED CAPABILITIES"
-msgstr ""
-
-#. ================== Exclusive Cpusets ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:399
-msgid ""
-"In addition to controlling which I<cpus> and I<mems> a process is allowed to "
-"use, cpusets provide the following extended capabilities."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/cpuset.7:399
-#, no-wrap
-msgid "Exclusive cpusets"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:406
-msgid ""
-"If a cpuset is marked I<cpu_exclusive> or I<mem_exclusive>, no other cpuset, "
-"other than a direct ancestor or descendant, may share any of the same CPUs "
-"or memory nodes."
-msgstr ""
-
-#. ================== Hardwall ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:432
-msgid ""
-"A cpuset that is I<mem_exclusive> restricts kernel allocations for buffer "
-"cache pages and other internal kernel data pages commonly shared by the "
-"kernel across multiple users. All cpusets, whether I<mem_exclusive> or not, "
-"restrict allocations of memory for user space. This enables configuring a "
-"system so that several independent jobs can share common kernel data, while "
-"isolating each job's user allocation in its own cpuset. To do this, "
-"construct a large I<mem_exclusive> cpuset to hold all the jobs, and "
-"construct child, non-I<mem_exclusive> cpusets for each individual job. Only "
-"a small amount of kernel memory, such as requests from interrupt handlers, "
-"is allowed to be placed on memory nodes outside even a I<mem_exclusive> "
-"cpuset."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/cpuset.7:432
-#, no-wrap
-msgid "Hardwall"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:447
-msgid ""
-"A cpuset that has I<mem_exclusive> or I<mem_hardwall> set is a I<hardwall> "
-"cpuset. A I<hardwall> cpuset restricts kernel allocations for page, buffer, "
-"and other data commonly shared by the kernel across multiple users. All "
-"cpusets, whether I<hardwall> or not, restrict allocations of memory for user "
-"space."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:458
-msgid ""
-"This enables configuring a system so that several independent jobs can share "
-"common kernel data, such as filesystem pages, while isolating each job's "
-"user allocation in its own cpuset. To do this, construct a large "
-"I<hardwall> cpuset to hold all the jobs, and construct child cpusets for "
-"each individual job which are not I<hardwall> cpusets."
-msgstr ""
-
-#. ================== Notify On Release ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:464
-msgid ""
-"Only a small amount of kernel memory, such as requests from interrupt "
-"handlers, is allowed to be taken outside even a I<hardwall> cpuset."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/cpuset.7:464
-#, no-wrap
-msgid "Notify on release"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:476
-msgid ""
-"If the I<notify_on_release> flag is enabled (1) in a cpuset, then whenever "
-"the last process in the cpuset leaves (exits or attaches to some other "
-"cpuset) and the last child cpuset of that cpuset is removed, the kernel "
-"will run the command I</sbin/cpuset_release_agent>, supplying the pathname "
-"(relative to the mount point of the cpuset filesystem) of the abandoned "
-"cpuset. This enables automatic removal of abandoned cpusets."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:484
-msgid ""
-"The default value of I<notify_on_release> in the root cpuset at system boot "
-"is disabled (0). The default value of other cpusets at creation is the "
-"current value of their parent's I<notify_on_release> setting."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:492
-msgid ""
-"The command I</sbin/cpuset_release_agent> is invoked, with the name "
-"(I</dev/cpuset> relative path) of the to-be-released cpuset in I<argv[1]>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:496
-msgid ""
-"The usual contents of the command I</sbin/cpuset_release_agent> is simply "
-"the shell script:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:501
-#, no-wrap
-msgid ""
-"#!/bin/sh\n"
-"rmdir /dev/cpuset/$1\n"
-msgstr ""
-
-#. ================== Memory Pressure ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:509
-msgid ""
-"As with other flag values below, this flag can be changed by writing an "
-"ASCII number 0 or 1 (with optional trailing newline) into the file, to "
-"clear or set the flag, respectively."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/cpuset.7:509
-#, no-wrap
-msgid "Memory pressure"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:515
-msgid ""
-"The I<memory_pressure> of a cpuset provides a simple per-cpuset running "
-"average of the rate that the processes in a cpuset are attempting to free up "
-"in-use memory on the nodes of the cpuset to satisfy additional memory "
-"requests."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:519
-msgid ""
-"This enables batch managers that are monitoring jobs running in dedicated "
-"cpusets to efficiently detect what level of memory pressure that job is "
-"causing."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:526
-msgid ""
-"This is useful both on tightly managed systems running a wide mix of "
-"submitted jobs, which may choose to terminate or reprioritize jobs that are "
-"trying to use more memory than allowed on the nodes assigned them, and with "
-"tightly coupled, long-running, massively parallel scientific computing jobs "
-"that will dramatically fail to meet required performance goals if they start "
-"to use more memory than allowed to them."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:531
-msgid ""
-"This mechanism provides a very economical way for the batch manager to "
-"monitor a cpuset for signs of memory pressure. It's up to the batch manager "
-"or other user code to decide what action to take if it detects signs of "
-"memory pressure."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:538
-msgid ""
-"Unless memory pressure calculation is enabled by setting the pseudo-file "
-"I</dev/cpuset/cpuset.memory_pressure_enabled>, it is not computed for any "
-"cpuset, and reads from any I<memory_pressure> always return zero, as "
-"represented by the ASCII string \"0\\en\". See the B<WARNINGS> section, "
-"below."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:540
-msgid "A per-cpuset, running average is employed for the following reasons:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:545
-msgid ""
-"Because this meter is per-cpuset rather than per-process or per virtual "
-"memory region, the system load imposed by a batch scheduler monitoring this "
-"metric is sharply reduced on large systems, because a scan of the tasklist "
-"can be avoided on each set of queries."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:550
-msgid ""
-"Because this meter is a running average rather than an accumulating counter, "
-"a batch scheduler can detect memory pressure with a single read, instead of "
-"having to read and accumulate results for a period of time."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:556
-msgid ""
-"Because this meter is per-cpuset rather than per-process, the batch "
-"scheduler can obtain the key information\\(emmemory pressure in a "
-"cpuset\\(emwith a single read, rather than having to query and accumulate "
-"results over all the (dynamically changing) set of processes in the cpuset."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:564
-msgid ""
-"The I<memory_pressure> of a cpuset is calculated using a per-cpuset simple "
-"digital filter that is kept within the kernel. For each cpuset, this filter "
-"tracks the recent rate at which processes attached to that cpuset enter the "
-"kernel direct reclaim code."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:573
-msgid ""
-"The kernel direct reclaim code is entered whenever a process has to satisfy "
-"a memory page request by first finding some other page to repurpose, due to "
-"lack of any readily available already free pages. Dirty filesystem pages "
-"are repurposed by first writing them to disk. Unmodified filesystem buffer "
-"pages are repurposed by simply dropping them, though if that page is needed "
-"again, it will have to be reread from disk."
-msgstr ""
-
-#. ================== Memory Spread ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:581
-msgid ""
-"The I<cpuset.memory_pressure> file provides an integer number representing "
-"the recent (half-life of 10 seconds) rate of entries to the direct reclaim "
-"code caused by any process in the cpuset, in units of reclaims attempted per "
-"second, times 1000."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/cpuset.7:581
-#, no-wrap
-msgid "Memory spread"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:589
-msgid ""
-"There are two Boolean flag files per cpuset that control where the kernel "
-"allocates pages for the filesystem buffers and related in-kernel data "
-"structures. They are called I<cpuset.memory_spread_page> and "
-"I<cpuset.memory_spread_slab>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:596
-msgid ""
-"If the per-cpuset Boolean flag file I<cpuset.memory_spread_page> is set, "
-"then the kernel will spread the filesystem buffers (page cache) evenly over "
-"all the nodes that the faulting process is allowed to use, instead of "
-"preferring to put those pages on the node where the process is running."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:604
-msgid ""
-"If the per-cpuset Boolean flag file I<cpuset.memory_spread_slab> is set, "
-"then the kernel will spread some filesystem-related slab caches, such as "
-"those for inodes and directory entries, evenly over all the nodes that the "
-"faulting process is allowed to use, instead of preferring to put those pages "
-"on the node where the process is running."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:609
-msgid ""
-"The setting of these flags does not affect the data segment (see B<brk>(2)) "
-"or stack segment pages of a process."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:617
-msgid ""
-"By default, both kinds of memory spreading are off and the kernel prefers to "
-"allocate memory pages on the node local to where the requesting process is "
-"running. If that node is not allowed by the process's NUMA memory policy or "
-"cpuset configuration or if there are insufficient free memory pages on that "
-"node, then the kernel looks for the nearest node that is allowed and has "
-"sufficient free memory."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:620
-msgid ""
-"When new cpusets are created, they inherit the memory spread settings of "
-"their parent."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:635
-msgid ""
-"Setting memory spreading causes allocations for the affected page or slab "
-"caches to ignore the process's NUMA memory policy and be spread instead. "
-"However, the effect of these changes in memory placement caused by "
-"cpuset-specified memory spreading is hidden from the B<mbind>(2) or "
-"B<set_mempolicy>(2) calls. These two NUMA memory policy calls always "
-"appear to behave as if no cpuset-specified memory spreading is in effect, "
-"even if it is. If cpuset memory spreading is subsequently turned off, the "
-"NUMA memory policy most recently specified by these calls is automatically "
-"reapplied."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:644
-msgid ""
-"Both I<cpuset.memory_spread_page> and I<cpuset.memory_spread_slab> are "
-"Boolean flag files. By default they contain \"0\", meaning that the feature "
-"is off for that cpuset. If a \"1\" is written to that file, that turns the "
-"named feature on."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:647
-msgid ""
-"Cpuset-specified memory spreading behaves similarly to what is known (in "
-"other contexts) as round-robin or interleave memory placement."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:650
-msgid ""
-"Cpuset-specified memory spreading can provide substantial performance "
-"improvements for jobs that:"
-msgstr ""
-
-#. type: IP
-#: build/C/man7/cpuset.7:650 build/C/man7/user_namespaces.7:384
-#, no-wrap
-msgid "a)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:654
-msgid ""
-"need to place thread-local data on memory nodes close to the CPUs which are "
-"running the threads that most frequently access that data; but also"
-msgstr ""
-
-#. type: IP
-#: build/C/man7/cpuset.7:654 build/C/man7/user_namespaces.7:389
-#, no-wrap
-msgid "b)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:657
-msgid ""
-"need to access large filesystem data sets that must to be spread across the "
-"several nodes in the job's cpuset in order to fit."
-msgstr ""
-
-#. ================== Memory Migration ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:664
-msgid ""
-"Without this policy, the memory allocation across the nodes in the job's "
-"cpuset can become very uneven, especially for jobs that might have just a "
-"single thread initializing or reading in the data set."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/cpuset.7:664
-#, no-wrap
-msgid "Memory migration"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:673
-msgid ""
-"Normally, under the default setting (disabled) of I<cpuset.memory_migrate>, "
-"once a page is allocated (given a physical page of main memory), then that "
-"page stays on whatever node it was allocated, so long as it remains "
-"allocated, even if the cpuset's memory-placement policy I<mems> subsequently "
-"changes."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:679
-msgid ""
-"When memory migration is enabled in a cpuset, if the I<mems> setting of the "
-"cpuset is changed, then any memory page in use by any process in the cpuset "
-"that is on a memory node that is no longer allowed will be migrated to a "
-"memory node that is allowed."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:685
-msgid ""
-"Furthermore, if a process is moved into a cpuset with I<memory_migrate> "
-"enabled, any memory pages it uses that were on memory nodes allowed in its "
-"previous cpuset, but which are not allowed in its new cpuset, will be "
-"migrated to a memory node allowed in the new cpuset."
-msgstr ""
-
-#. ================== Scheduler Load Balancing ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:693
-msgid ""
-"The relative placement of a migrated page within the cpuset is preserved "
-"during these migration operations if possible. For example, if the page was "
-"on the second valid node of the prior cpuset, then the page will be placed "
-"on the second valid node of the new cpuset, if possible."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/cpuset.7:693
-#, no-wrap
-msgid "Scheduler load balancing"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:700
-msgid ""
-"The kernel scheduler automatically load balances processes. If one CPU is "
-"underutilized, the kernel will look for processes on other more overloaded "
-"CPUs and move those processes to the underutilized CPU, within the "
-"constraints of such placement mechanisms as cpusets and "
-"B<sched_setaffinity>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:713
-msgid ""
-"The algorithmic cost of load balancing and its impact on key shared kernel "
-"data structures such as the process list increases more than linearly with "
-"the number of CPUs being balanced. For example, it costs more to load "
-"balance across one large set of CPUs than it does to balance across two "
-"smaller sets of CPUs, each of half the size of the larger set. (The precise "
-"relationship between the number of CPUs being balanced and the cost of load "
-"balancing depends on implementation details of the kernel process scheduler, "
-"which is subject to change over time, as improved kernel scheduler "
-"algorithms are implemented.)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:719
-msgid ""
-"The per-cpuset flag I<sched_load_balance> provides a mechanism to suppress "
-"this automatic scheduler load balancing in cases where it is not needed and "
-"suppressing it would have worthwhile performance benefits."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:723
-msgid ""
-"By default, load balancing is done across all CPUs, except those marked "
-"isolated using the kernel boot time \"isolcpus=\" argument. (See "
-"B<Scheduler Relax Domain Level>, below, to change this default.)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:726
-msgid ""
-"This default load balancing across all CPUs is not well suited to the "
-"following two situations:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:730
-msgid ""
-"On large systems, load balancing across many CPUs is expensive. If the "
-"system is managed using cpusets to place independent jobs on separate sets "
-"of CPUs, full load balancing is unnecessary."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:734
-msgid ""
-"Systems supporting real-time on some CPUs need to minimize system overhead "
-"on those CPUs, including avoiding process load balancing if that is not "
-"needed."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:744
-msgid ""
-"When the per-cpuset flag I<sched_load_balance> is enabled (the default "
-"setting), it requests load balancing across all the CPUs in that cpuset's "
-"allowed CPUs, ensuring that load balancing can move a process (not otherwise "
-"pinned, as by B<sched_setaffinity>(2)) from any CPU in that cpuset to any "
-"other."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:753
-msgid ""
-"When the per-cpuset flag I<sched_load_balance> is disabled, then the "
-"scheduler will avoid load balancing across the CPUs in that cpuset, "
-"I<except> in so far as is necessary because some overlapping cpuset has "
-"I<sched_load_balance> enabled."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:761
-msgid ""
-"So, for example, if the top cpuset has the flag I<sched_load_balance> "
-"enabled, then the scheduler will load balance across all CPUs, and the "
-"setting of the I<sched_load_balance> flag in other cpusets has no effect, as "
-"we're already fully load balancing."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:766
-msgid ""
-"Therefore in the above two situations, the flag I<sched_load_balance> should "
-"be disabled in the top cpuset, and only some of the smaller, child cpusets "
-"would have this flag enabled."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:774
-msgid ""
-"When doing this, you don't usually want to leave any unpinned processes in "
-"the top cpuset that might use nontrivial amounts of CPU, as such processes "
-"may be artificially constrained to some subset of CPUs, depending on the "
-"particulars of this flag setting in descendant cpusets. Even if such a "
-"process could use spare CPU cycles in some other CPUs, the kernel scheduler "
-"might not consider the possibility of load balancing that process to the "
-"underused CPU."
-msgstr ""
-
-#. ================== Scheduler Relax Domain Level ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:780
-msgid ""
-"Of course, processes pinned to a particular CPU can be left in a cpuset that "
-"disables I<sched_load_balance> as those processes aren't going anywhere else "
-"anyway."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/cpuset.7:780
-#, no-wrap
-msgid "Scheduler relax domain level"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:801
-msgid ""
-"The kernel scheduler performs immediate load balancing whenever a CPU "
-"becomes free or another task becomes runnable. This load balancing works to "
-"ensure that as many CPUs as possible are usefully employed running tasks. "
-"The kernel also performs periodic load balancing off the software clock "
-"described in B<time>(7). The setting of I<sched_relax_domain_level> applies "
-"only to immediate load balancing. Regardless of the "
-"I<sched_relax_domain_level> setting, periodic load balancing is attempted "
-"over all CPUs (unless disabled by turning off I<sched_load_balance>.) In "
-"any case, of course, tasks will be scheduled to run only on CPUs allowed by "
-"their cpuset, as modified by B<sched_setaffinity>(2) system calls."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:809
-msgid ""
-"On small systems, such as those with just a few CPUs, immediate load "
-"balancing is useful to improve system interactivity and to minimize wasteful "
-"idle CPU cycles. But on large systems, attempting immediate load balancing "
-"across a large number of CPUs can be more costly than it is worth, depending "
-"on the particular performance characteristics of the job mix and the "
-"hardware."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:817
-msgid ""
-"The exact meaning of the small integer values of I<sched_relax_domain_level> "
-"will depend on internal implementation details of the kernel scheduler code "
-"and on the non-uniform architecture of the hardware. Both of these will "
-"evolve over time and vary by system architecture and kernel version."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:822
-msgid ""
-"As of this writing, when this capability was introduced in Linux 2.6.26, on "
-"certain popular architectures, the positive values of "
-"I<sched_relax_domain_level> have the following meanings."
-msgstr ""
-
-#. type: IP
-#: build/C/man7/cpuset.7:824
-#, no-wrap
-msgid "B<(1)>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:827
-msgid ""
-"Perform immediate load balancing across Hyper-Thread siblings on the same "
-"core."
-msgstr ""
-
-#. type: IP
-#: build/C/man7/cpuset.7:827
-#, no-wrap
-msgid "B<(2)>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:829
-msgid "Perform immediate load balancing across other cores in the same package."
-msgstr ""
-
-#. type: IP
-#: build/C/man7/cpuset.7:829
-#, no-wrap
-msgid "B<(3)>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:832
-msgid ""
-"Perform immediate load balancing across other CPUs on the same node or "
-"blade."
-msgstr ""
-
-#. type: IP
-#: build/C/man7/cpuset.7:832
-#, no-wrap
-msgid "B<(4)>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:835
-msgid ""
-"Perform immediate load balancing across over several (implementation detail) "
-"nodes [On NUMA systems]."
-msgstr ""
-
-#. type: IP
-#: build/C/man7/cpuset.7:835
-#, no-wrap
-msgid "B<(5)>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:838
-msgid ""
-"Perform immediate load balancing across over all CPUs in system [On NUMA "
-"systems]."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:847
-msgid ""
-"The I<sched_relax_domain_level> value of zero (0) always means don't perform "
-"immediate load balancing, hence that load balancing is done only "
-"periodically, not immediately when a CPU becomes available or another task "
-"becomes runnable."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:855
-msgid ""
-"The I<sched_relax_domain_level> value of minus one (-1) always means use "
-"the system default value. The system default value can vary by architecture "
-"and kernel version. This system default value can be changed by kernel "
-"boot-time \"relax_domain_level=\" argument."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:863
-msgid ""
-"In the case of multiple overlapping cpusets which have conflicting "
-"I<sched_relax_domain_level> values, then the highest such value applies to "
-"all CPUs in any of the overlapping cpusets. In such cases, the value "
-"B<minus one (-1)> is the lowest value, overridden by any other value, and "
-"the value B<zero (0)> is the next lowest value."
-msgstr ""
-
-#. type: SH
-#: build/C/man7/cpuset.7:863
-#, no-wrap
-msgid "FORMATS"
-msgstr ""
-
-#. ================== Mask Format ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:867
-msgid "The following formats are used to represent sets of CPUs and memory nodes."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/cpuset.7:867
-#, no-wrap
-msgid "Mask format"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:872
-msgid ""
-"The B<Mask Format> is used to represent CPU and memory-node bit masks in the "
-"I</proc/E<lt>pidE<gt>/status> file."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:880
-msgid ""
-"This format displays each 32-bit word in hexadecimal (using ASCII characters "
-"\"0\" - \"9\" and \"a\" - \"f\"); words are filled with leading zeros, if "
-"required. For masks longer than one word, a comma separator is used between "
-"words. Words are displayed in big-endian order, which has the most "
-"significant bit first. The hex digits within a word are also in big-endian "
-"order."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:883
-msgid ""
-"The number of 32-bit words displayed is the minimum number needed to display "
-"all bits of the bit mask, based on the size of the bit mask."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:885
-msgid "Examples of the B<Mask Format>:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:893
-#, no-wrap
-msgid ""
-"00000001 # just bit 0 set\n"
-"40000000,00000000,00000000 # just bit 94 set\n"
-"00000001,00000000,00000000 # just bit 64 set\n"
-"000000ff,00000000 # bits 32-39 set\n"
-"00000000,000e3862 # 1,5,6,11-13,17-19 set\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:897
-msgid "A mask with bits 0, 1, 2, 4, 8, 16, 32, and 64 set displays as:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:901
-#, no-wrap
-msgid "00000001,00000001,00010117\n"
-msgstr ""
-
-#. ================== List Format ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:908
-msgid ""
-"The first \"1\" is for bit 64, the second for bit 32, the third for bit 16, "
-"the fourth for bit 8, the fifth for bit 4, and the \"7\" is for bits 2, 1, "
-"and 0."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/cpuset.7:908
-#, no-wrap
-msgid "List format"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:915
-msgid ""
-"The B<List Format> for I<cpus> and I<mems> is a comma-separated list of CPU "
-"or memory-node numbers and ranges of numbers, in ASCII decimal."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:917
-msgid "Examples of the B<List Format>:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:922
-#, no-wrap
-msgid ""
-"0-4,9 # bits 0, 1, 2, 3, 4, and 9 set\n"
-"0-2,7,12-14 # bits 0, 1, 2, 7, 12, 13, and 14 set\n"
-msgstr ""
-
-#. ================== RULES ==================
-#. type: SH
-#: build/C/man7/cpuset.7:925
-#, no-wrap
-msgid "RULES"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:927
-msgid "The following rules apply to each cpuset:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:930
-msgid ""
-"Its CPUs and memory nodes must be a (possibly equal) subset of its "
-"parent's."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:934
-msgid "It can be marked I<cpu_exclusive> only if its parent is."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:938
-msgid "It can be marked I<mem_exclusive> only if its parent is."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:942
-msgid "If it is I<cpu_exclusive>, its CPUs may not overlap any sibling."
-msgstr ""
-
-#. ================== PERMISSIONS ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:947
-msgid "If it is I<memory_exclusive>, its memory nodes may not overlap any sibling."
-msgstr ""
-
-#. type: SH
-#: build/C/man7/cpuset.7:947
-#, no-wrap
-msgid "PERMISSIONS"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:952
-msgid ""
-"The permissions of a cpuset are determined by the permissions of the "
-"directories and pseudo-files in the cpuset filesystem, normally mounted at "
-"I</dev/cpuset>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:961
-msgid ""
-"For instance, a process can put itself in some other cpuset (than its "
-"current one) if it can write the I<tasks> file for that cpuset. This "
-"requires execute permission on the encompassing directories and write "
-"permission on the I<tasks> file."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:968
-msgid ""
-"An additional constraint is applied to requests to place some other process "
-"in a cpuset. One process may not attach another to a cpuset unless it would "
-"have permission to send that process a signal (see B<kill>(2))."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:979
-msgid ""
-"A process may create a child cpuset if it can access and write the parent "
-"cpuset directory. It can modify the CPUs or memory nodes in a cpuset if it "
-"can access that cpuset's directory (execute permissions on the each of the "
-"parent directories) and write the corresponding I<cpus> or I<mems> file."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1000
-msgid ""
-"There is one minor difference between the manner in which these permissions "
-"are evaluated and the manner in which normal filesystem operation "
-"permissions are evaluated. The kernel interprets relative pathnames "
-"starting at a process's current working directory. Even if one is operating "
-"on a cpuset file, relative pathnames are interpreted relative to the "
-"process's current working directory, not relative to the process's current "
-"cpuset. The only ways that cpuset paths relative to a process's current "
-"cpuset can be used are if either the process's current working directory is "
-"its cpuset (it first did a B<cd> or B<chdir>(2) to its cpuset directory "
-"beneath I</dev/cpuset>, which is a bit unusual) or if some user code "
-"converts the relative cpuset path to a full filesystem path."
-msgstr ""
-
-#. ================== WARNINGS ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:1015
-msgid ""
-"In theory, this means that user code should specify cpusets using absolute "
-"pathnames, which requires knowing the mount point of the cpuset filesystem "
-"(usually, but not necessarily, I</dev/cpuset>). In practice, all user level "
-"code that this author is aware of simply assumes that if the cpuset "
-"filesystem is mounted, then it is mounted at I</dev/cpuset>. Furthermore, "
-"it is common practice for carefully written user code to verify the presence "
-"of the pseudo-file I</dev/cpuset/tasks> in order to verify that the cpuset "
-"pseudo-filesystem is currently mounted."
-msgstr ""
-
-#. type: SH
-#: build/C/man7/cpuset.7:1015
-#, no-wrap
-msgid "WARNINGS"
-msgstr ""
-
-#. type: SS
-#: build/C/man7/cpuset.7:1016
-#, no-wrap
-msgid "Enabling memory_pressure"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1025
-msgid ""
-"By default, the per-cpuset file I<cpuset.memory_pressure> always contains "
-"zero (0). Unless this feature is enabled by writing \"1\" to the "
-"pseudo-file I</dev/cpuset/cpuset.memory_pressure_enabled>, the kernel does "
-"not compute per-cpuset I<memory_pressure>."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/cpuset.7:1025
-#, no-wrap
-msgid "Using the echo command"
-msgstr ""
-
-#. Gack! csh(1)'s echo does this
-#. type: Plain text
-#: build/C/man7/cpuset.7:1036
-msgid ""
-"When using the B<echo> command at the shell prompt to change the values of "
-"cpuset files, beware that the built-in B<echo> command in some shells does "
-"not display an error message if the B<write>(2) system call fails. For "
-"example, if the command:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1040
-#, no-wrap
-msgid "echo 19 E<gt> cpuset.mems\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1053
-msgid ""
-"failed because memory node 19 was not allowed (perhaps the current system "
-"does not have a memory node 19), then the B<echo> command might not display "
-"any error. It is better to use the B</bin/echo> external command to change "
-"cpuset file settings, as this command will display B<write>(2) errors, as "
-"in the example:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1058
-#, no-wrap
-msgid ""
-"/bin/echo 19 E<gt> cpuset.mems\n"
-"/bin/echo: write error: Invalid argument\n"
-msgstr ""
-
-#. ================== EXCEPTIONS ==================
-#. type: SH
-#: build/C/man7/cpuset.7:1061
-#, no-wrap
-msgid "EXCEPTIONS"
-msgstr ""
-
-#. type: SS
-#: build/C/man7/cpuset.7:1062
-#, no-wrap
-msgid "Memory placement"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1065
-msgid ""
-"Not all allocations of system memory are constrained by cpusets, for the "
-"following reasons."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1080
-msgid ""
-"If hot-plug functionality is used to remove all the CPUs that are currently "
-"assigned to a cpuset, then the kernel will automatically update the "
-"I<cpus_allowed> of all processes attached to CPUs in that cpuset to allow "
-"all CPUs. When memory hot-plug functionality for removing memory nodes is "
-"available, a similar exception is expected to apply there as well. In "
-"general, the kernel prefers to violate cpuset placement, rather than "
-"starving a process that has had all its allowed CPUs or memory nodes taken "
-"offline. User code should reconfigure cpusets to refer only to online CPUs "
-"and memory nodes when using hot-plug to add or remove such resources."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1088
-msgid ""
-"A few kernel-critical, internal memory-allocation requests, marked "
-"GFP_ATOMIC, must be satisfied immediately. The kernel may drop some request "
-"or malfunction if one of these allocations fail. If such a request cannot "
-"be satisfied within the current process's cpuset, then we relax the cpuset, "
-"and look for memory anywhere we can find it. It's better to violate the "
-"cpuset than stress the kernel."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1092
-msgid ""
-"Allocations of memory requested by kernel drivers while processing an "
-"interrupt lack any relevant process context, and are not confined by "
-"cpusets."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/cpuset.7:1092
-#, no-wrap
-msgid "Renaming cpusets"
-msgstr ""
-
-#. ================== ERRORS ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:1100
-msgid ""
-"You can use the B<rename>(2) system call to rename cpusets. Only simple "
-"renaming is supported; that is, changing the name of a cpuset directory is "
-"permitted, but moving a directory into a different directory is not "
-"permitted."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1104
-msgid ""
-"The Linux kernel implementation of cpusets sets I<errno> to specify the "
-"reason for a failed system call affecting cpusets."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1109
-msgid ""
-"The possible I<errno> settings and their meaning when set on a failed cpuset "
-"call are as listed below."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/cpuset.7:1109
-#, no-wrap
-msgid "B<E2BIG>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1116
-msgid ""
-"Attempted a B<write>(2) on a special cpuset file with a length larger than "
-"some kernel-determined upper limit on the length of such writes."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1123
-msgid ""
-"Attempted to B<write>(2) the process ID (PID) of a process to a cpuset "
-"I<tasks> file when one lacks permission to move that process."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1129
-msgid ""
-"Attempted to add, using B<write>(2), a CPU or memory node to a cpuset, when "
-"that CPU or memory node was not already in its parent."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1137
-msgid ""
-"Attempted to set, using B<write>(2), I<cpuset.cpu_exclusive> or "
-"I<cpuset.mem_exclusive> on a cpuset whose parent lacks the same setting."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1144
-msgid "Attempted to B<write>(2) a I<cpuset.memory_pressure> file."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1147
-msgid "Attempted to create a file in a cpuset directory."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/cpuset.7:1147 build/C/man7/cpuset.7:1152 build/C/man7/cpuset.7:1157
-#, no-wrap
-msgid "B<EBUSY>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1152
-msgid "Attempted to remove, using B<rmdir>(2), a cpuset with attached processes."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1157
-msgid "Attempted to remove, using B<rmdir>(2), a cpuset with child cpusets."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1162
-msgid ""
-"Attempted to remove a CPU or memory node from a cpuset that is also in a "
-"child of that cpuset."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/cpuset.7:1162 build/C/man7/cpuset.7:1167
-#, no-wrap
-msgid "B<EEXIST>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1167
-msgid "Attempted to create, using B<mkdir>(2), a cpuset that already exists."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1172
-msgid "Attempted to B<rename>(2) a cpuset to a name that already exists."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1180
-msgid ""
-"Attempted to B<read>(2) or B<write>(2) a cpuset file using a buffer that "
-"is outside the writing processes accessible address space."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1189
-msgid ""
-"Attempted to change a cpuset, using B<write>(2), in a way that would violate "
-"a I<cpu_exclusive> or I<mem_exclusive> attribute of that cpuset or any of "
-"its siblings."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1198
-msgid ""
-"Attempted to B<write>(2) an empty I<cpuset.cpus> or I<cpuset.mems> list to "
-"a cpuset which has attached processes or child cpusets."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1208
-msgid ""
-"Attempted to B<write>(2) a I<cpuset.cpus> or I<cpuset.mems> list which "
-"included a range with the second number smaller than the first number."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1217
-msgid ""
-"Attempted to B<write>(2) a I<cpuset.cpus> or I<cpuset.mems> list which "
-"included an invalid character in the string."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1224
-msgid ""
-"Attempted to B<write>(2) a list to a I<cpuset.cpus> file that did not "
-"include any online CPUs."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1231
-msgid ""
-"Attempted to B<write>(2) a list to a I<cpuset.mems> file that did not "
-"include any online memory nodes."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1238
-msgid ""
-"Attempted to B<write>(2) a list to a I<cpuset.mems> file that included a "
-"node that held no memory."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1246
-msgid ""
-"Attempted to B<write>(2) a string to a cpuset I<tasks> file that does not "
-"begin with an ASCII decimal integer."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1251
-msgid "Attempted to B<rename>(2) a cpuset into a different directory."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1258
-msgid ""
-"Attempted to B<read>(2) a I</proc/E<lt>pidE<gt>/cpuset> file for a cpuset "
-"path that is longer than the kernel page size."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1263
-msgid ""
-"Attempted to create, using B<mkdir>(2), a cpuset whose base directory name "
-"is longer than 255 characters."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1270
-msgid ""
-"Attempted to create, using B<mkdir>(2), a cpuset whose full pathname, "
-"including the mount point (typically \"/dev/cpuset/\") prefix, is longer "
-"than 4095 characters."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/cpuset.7:1270
-#, no-wrap
-msgid "B<ENODEV>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1275
-msgid ""
-"The cpuset was removed by another process at the same time as a B<write>(2) "
-"was attempted on one of the pseudo-files in the cpuset directory."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1280
-msgid ""
-"Attempted to create, using B<mkdir>(2), a cpuset in a parent cpuset that "
-"doesn't exist."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1287
-msgid ""
-"Attempted to B<access>(2) or B<open>(2) a nonexistent file in a cpuset "
-"directory."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1292
-msgid ""
-"Insufficient memory is available within the kernel; can occur on a variety "
-"of system calls affecting cpusets, but only if the system is extremely short "
-"of memory."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/cpuset.7:1292 build/C/man7/cpuset.7:1304
-#, no-wrap
-msgid "B<ENOSPC>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1304
-msgid ""
-"Attempted to B<write>(2) the process ID (PID) of a process to a cpuset "
-"I<tasks> file when the cpuset had an empty I<cpuset.cpus> or empty "
-"I<cpuset.mems> setting."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1314
-msgid ""
-"Attempted to B<write>(2) an empty I<cpuset.cpus> or I<cpuset.mems> setting "
-"to a cpuset that has tasks attached."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1319
-msgid "Attempted to B<rename>(2) a nonexistent cpuset."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1322
-msgid "Attempted to remove a file from a cpuset directory."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/cpuset.7:1322
-#, no-wrap
-msgid "B<ERANGE>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1330
-msgid ""
-"Specified a I<cpuset.cpus> or I<cpuset.mems> list to the kernel which "
-"included a number too large for the kernel to set in its bit masks."
-msgstr ""
-
-#. ================== VERSIONS ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:1338
-msgid ""
-"Attempted to B<write>(2) the process ID (PID) of a nonexistent process to a "
-"cpuset I<tasks> file."
-msgstr ""
-
-#. ================== NOTES ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:1341
-msgid "Cpusets appeared in version 2.6.12 of the Linux kernel."
-msgstr ""
-
-#. ================== BUGS ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:1352
-msgid ""
-"Despite its name, the I<pid> parameter is actually a thread ID, and each "
-"thread in a threaded group can be attached to a different cpuset. The value "
-"returned from a call to B<gettid>(2) can be passed in the argument I<pid>."
-msgstr ""
-
-#. type: SH
-#: build/C/man7/cpuset.7:1352 build/C/man2/getpriority.2:225 build/C/man2/getrlimit.2:577 build/C/man2/ioprio_set.2:337 build/C/man2/setfsgid.2:106 build/C/man2/setfsuid.2:114
-#, no-wrap
-msgid "BUGS"
-msgstr ""
-
-#. ================== EXAMPLE ==================
-#. type: Plain text
-#: build/C/man7/cpuset.7:1365
-msgid ""
-"I<cpuset.memory_pressure> cpuset files can be opened for writing, creation, "
-"or truncation, but then the B<write>(2) fails with I<errno> set to "
-"B<EACCES>, and the creation and truncation options on B<open>(2) have no "
-"effect."
-msgstr ""
-
-#. type: SH
-#: build/C/man7/cpuset.7:1365 build/C/man2/getrlimit.2:710 build/C/man7/namespaces.7:361 build/C/man7/pid_namespaces.7:353 build/C/man7/user_namespaces.7:677 build/C/man2/seccomp.2:476
-#, no-wrap
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1368
-msgid ""
-"The following examples demonstrate querying and setting cpuset options using "
-"shell commands."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/cpuset.7:1368
-#, no-wrap
-msgid "Creating and attaching to a cpuset."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1371
-msgid ""
-"To create a new cpuset and attach the current command shell to it, the steps "
-"are:"
-msgstr ""
-
-#. type: IP
-#: build/C/man7/cpuset.7:1373 build/C/man7/cpuset.7:1412
-#, no-wrap
-msgid "1)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1375
-msgid "mkdir /dev/cpuset (if not already done)"
-msgstr ""
-
-#. type: IP
-#: build/C/man7/cpuset.7:1375 build/C/man7/cpuset.7:1418
-#, no-wrap
-msgid "2)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1377
-msgid "mount -t cpuset none /dev/cpuset (if not already done)"
-msgstr ""
-
-#. type: IP
-#: build/C/man7/cpuset.7:1377 build/C/man7/cpuset.7:1421
-#, no-wrap
-msgid "3)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1380
-msgid "Create the new cpuset using B<mkdir>(1)."
-msgstr ""
-
-#. type: IP
-#: build/C/man7/cpuset.7:1380 build/C/man7/cpuset.7:1424
-#, no-wrap
-msgid "4)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1382
-msgid "Assign CPUs and memory nodes to the new cpuset."
-msgstr ""
-
-#. type: IP
-#: build/C/man7/cpuset.7:1382 build/C/man7/cpuset.7:1429
-#, no-wrap
-msgid "5)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1384
-msgid "Attach the shell to the new cpuset."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1389
-msgid ""
-"For example, the following sequence of commands will set up a cpuset named "
-"\"Charlie\", containing just CPUs 2 and 3, and memory node 1, and then "
-"attach the current shell to that cpuset."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1403
-#, no-wrap
-msgid ""
-"$B< mkdir /dev/cpuset>\n"
-"$B< mount -t cpuset cpuset /dev/cpuset>\n"
-"$B< cd /dev/cpuset>\n"
-"$B< mkdir Charlie>\n"
-"$B< cd Charlie>\n"
-"$B< /bin/echo 2-3 E<gt> cpuset.cpus>\n"
-"$B< /bin/echo 1 E<gt> cpuset.mems>\n"
-"$B< /bin/echo $$ E<gt> tasks>\n"
-"# The current shell is now running in cpuset Charlie\n"
-"# The next line should display '/Charlie'\n"
-"$B< cat /proc/self/cpuset>\n"
-msgstr ""
-
-#. type: SS
-#: build/C/man7/cpuset.7:1405
-#, no-wrap
-msgid "Migrating a job to different memory nodes."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1410
-msgid ""
-"To migrate a job (the set of processes attached to a cpuset) to different "
-"CPUs and memory nodes in the system, including moving the memory pages "
-"currently allocated to that job, perform the following steps."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1418
-msgid ""
-"Let's say we want to move the job in cpuset I<alpha> (CPUs 4-7 and memory "
-"nodes 2-3) to a new cpuset I<beta> (CPUs 16-19 and memory nodes 8-9)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1421
-msgid "First create the new cpuset I<beta>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1424
-msgid "Then allow CPUs 16-19 and memory nodes 8-9 in I<beta>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1429
-msgid "Then enable I<memory_migration> in I<beta>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1434
-msgid "Then move each process from I<alpha> to I<beta>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1437
-msgid "The following sequence of commands accomplishes this."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1447
-#, no-wrap
-msgid ""
-"$B< cd /dev/cpuset>\n"
-"$B< mkdir beta>\n"
-"$B< cd beta>\n"
-"$B< /bin/echo 16-19 E<gt> cpuset.cpus>\n"
-"$B< /bin/echo 8-9 E<gt> cpuset.mems>\n"
-"$B< /bin/echo 1 E<gt> cpuset.memory_migrate>\n"
-"$B< while read i; do /bin/echo $i; done E<lt> ../alpha/tasks E<gt> tasks>\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1456
-msgid ""
-"The above should move any processes in I<alpha> to I<beta>, and any memory "
-"held by these processes on memory nodes 2-3 to memory nodes 8-9, "
-"respectively."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1458
-msgid "Notice that the last step of the above sequence did not do:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1462
-#, no-wrap
-msgid "$B< cp ../alpha/tasks tasks>\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1473
-msgid ""
-"The I<while> loop, rather than the seemingly easier use of the B<cp>(1) "
-"command, was necessary because only one process PID at a time may be written "
-"to the I<tasks> file."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1481
-msgid ""
-"The same effect (writing one PID at a time) as the I<while> loop can be "
-"accomplished more efficiently, in fewer keystrokes and in syntax that works "
-"on any shell, but alas more obscurely, by using the B<-u> (unbuffered) "
-"option of B<sed>(1):"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1485
-#, no-wrap
-msgid "$B< sed -un p E<lt> ../alpha/tasks E<gt> tasks>\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1503
-msgid ""
-"B<taskset>(1), B<get_mempolicy>(2), B<getcpu>(2), B<mbind>(2), "
-"B<sched_getaffinity>(2), B<sched_setaffinity>(2), B<sched_setscheduler>(2), "
-"B<set_mempolicy>(2), B<CPU_SET>(3), B<proc>(5), B<numa>(7), B<sched>(7), "
-"B<migratepages>(8), B<numactl>(8)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/cpuset.7:1506
-msgid "I<Documentation/cpusets.txt> in the Linux kernel source tree"
-msgstr ""
-
-#. type: TH
-#: build/C/man7/credentials.7:27
-#, no-wrap
-msgid "CREDENTIALS"
-msgstr ""
-
-#. type: TH
-#: build/C/man7/credentials.7:27 build/C/man2/setsid.2:31
-#, no-wrap
-msgid "2014-12-31"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:30
-msgid "credentials - process identifiers"
-msgstr ""
-
-#. type: SS
-#: build/C/man7/credentials.7:31
-#, no-wrap
-msgid "Process ID (PID)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:41
-msgid ""
-"Each process has a unique nonnegative integer identifier that is assigned "
-"when the process is created using B<fork>(2). A process can obtain its PID "
-"using B<getpid>(2). A PID is represented using the type I<pid_t> (defined "
-"in I<E<lt>sys/types.hE<gt>>)."
-msgstr ""
-
-#. .BR sched_rr_get_interval (2),
-#. .BR sched_getaffinity (2),
-#. .BR sched_setaffinity (2),
-#. .BR sched_getparam (2),
-#. .BR sched_setparam (2),
-#. .BR sched_setscheduler (2),
-#. .BR sched_getscheduler (2),
-#. .BR getsid (2),
-#. .BR waitid (2),
-#. .BR wait4 (2),
-#. type: Plain text
-#: build/C/man7/credentials.7:62
-msgid ""
-"PIDs are used in a range of system calls to identify the process affected by "
-"the call, for example: B<kill>(2), B<ptrace>(2), B<setpriority>(2) "
-"B<setpgid>(2), B<setsid>(2), B<sigqueue>(3), and B<waitpid>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:65
-msgid "A process's PID is preserved across an B<execve>(2)."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/credentials.7:65
-#, no-wrap
-msgid "Parent process ID (PPID)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:73
-msgid ""
-"A process's parent process ID identifies the process that created this "
-"process using B<fork>(2). A process can obtain its PPID using "
-"B<getppid>(2). A PPID is represented using the type I<pid_t>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:76
-msgid "A process's PPID is preserved across an B<execve>(2)."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/credentials.7:76
-#, no-wrap
-msgid "Process group ID and session ID"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:84
-msgid ""
-"Each process has a session ID and a process group ID, both represented using "
-"the type I<pid_t>. A process can obtain its session ID using B<getsid>(2), "
-"and its process group ID using B<getpgrp>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:90
-msgid ""
-"A child created by B<fork>(2) inherits its parent's session ID and process "
-"group ID. A process's session ID and process group ID are preserved across "
-"an B<execve>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:103
-msgid ""
-"Sessions and process groups are abstractions devised to support shell job "
-"control. A process group (sometimes called a \"job\") is a collection of "
-"processes that share the same process group ID; the shell creates a new "
-"process group for the process(es) used to execute single command or pipeline "
-"(e.g., the two processes created to execute the command \"ls\\ |\\ wc\" are "
-"placed in the same process group). A process's group membership can be set "
-"using B<setpgid>(2). The process whose process ID is the same as its "
-"process group ID is the I<process group leader> for that group."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:115
-msgid ""
-"A session is a collection of processes that share the same session ID. All "
-"of the members of a process group also have the same session ID (i.e., all "
-"of the members of a process group always belong to the same session, so that "
-"sessions and process groups form a strict two-level hierarchy of processes.) "
-"A new session is created when a process calls B<setsid>(2), which creates a "
-"new session whose session ID is the same as the PID of the process that "
-"called B<setsid>(2). The creator of the session is called the I<session "
-"leader>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:124
-msgid ""
-"All of the processes in a session share a I<controlling terminal>. The "
-"controlling terminal is established when the session leader first opens a "
-"terminal (unless the B<O_NOCTTY> flag is specified when calling "
-"B<open>(2)). A terminal may be the controlling terminal of at most one "
-"session."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:146
-msgid ""
-"At most one of the jobs in a session may be the I<foreground job>; other "
-"jobs in the session are I<background jobs>. Only the foreground job may "
-"read from the terminal; when a process in the background attempts to read "
-"from the terminal, its process group is sent a B<SIGTTIN> signal, which "
-"suspends the job. If the B<TOSTOP> flag has been set for the terminal (see "
-"B<termios>(3)), then only the foreground job may write to the terminal; "
-"writes from background job cause a B<SIGTTOU> signal to be generated, which "
-"suspends the job. When terminal keys that generate a signal (such as the "
-"I<interrupt> key, normally control-C) are pressed, the signal is sent to "
-"the processes in the foreground job."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:167
-msgid ""
-"Various system calls and library functions may operate on all members of a "
-"process group, including B<kill>(2), B<killpg>(2), B<getpriority>(2), "
-"B<setpriority>(2), B<ioprio_get>(2), B<ioprio_set>(2), B<waitid>(2), and "
-"B<waitpid>(2). See also the discussion of the B<F_GETOWN>, B<F_GETOWN_EX>, "
-"B<F_SETOWN>, and B<F_SETOWN_EX> operations in B<fcntl>(2)."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/credentials.7:167
-#, no-wrap
-msgid "User and group identifiers"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:175
-msgid ""
-"Each process has various associated user and groups IDs. These IDs are "
-"integers, respectively represented using the types I<uid_t> and I<gid_t> "
-"(defined in I<E<lt>sys/types.hE<gt>>)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:177
-msgid "On Linux, each process has the following user and group identifiers:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:183
-msgid ""
-"Real user ID and real group ID. These IDs determine who owns the process. "
-"A process can obtain its real user (group) ID using B<getuid>(2) "
-"(B<getgid>(2))."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:195
-msgid ""
-"Effective user ID and effective group ID. These IDs are used by the kernel "
-"to determine the permissions that the process will have when accessing "
-"shared resources such as message queues, shared memory, and semaphores. On "
-"most UNIX systems, these IDs also determine the permissions when accessing "
-"files. However, Linux uses the filesystem IDs described below for this "
-"task. A process can obtain its effective user (group) ID using "
-"B<geteuid>(2) (B<getegid>(2))."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:217
-msgid ""
-"Saved set-user-ID and saved set-group-ID. These IDs are used in set-user-ID "
-"and set-group-ID programs to save a copy of the corresponding effective IDs "
-"that were set when the program was executed (see B<execve>(2)). A "
-"set-user-ID program can assume and drop privileges by switching its "
-"effective user ID back and forth between the values in its real user ID and "
-"saved set-user-ID. This switching is done via calls to B<seteuid>(2), "
-"B<setreuid>(2), or B<setresuid>(2). A set-group-ID program performs the "
-"analogous tasks using B<setegid>(2), B<setregid>(2), or B<setresgid>(2). A "
-"process can obtain its saved set-user-ID (set-group-ID) using "
-"B<getresuid>(2) (B<getresgid>(2))."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:234
-msgid ""
-"Filesystem user ID and filesystem group ID (Linux-specific). These IDs, in "
-"conjunction with the supplementary group IDs described below, are used to "
-"determine permissions for accessing files; see B<path_resolution>(7) for "
-"details. Whenever a process's effective user (group) ID is changed, the "
-"kernel also automatically changes the filesystem user (group) ID to the same "
-"value. Consequently, the filesystem IDs normally have the same values as "
-"the corresponding effective ID, and the semantics for file-permission checks "
-"are thus the same on Linux as on other UNIX systems. The filesystem IDs can "
-"be made to differ from the effective IDs by calling B<setfsuid>(2) and "
-"B<setfsgid>(2)."
-msgstr ""
-
-#. Since kernel 2.6.4, the limit is visible via the read-only file
-#. /proc/sys/kernel/ngroups_max.
-#. As at 2.6.22-rc2, this file is still read-only.
-#. type: Plain text
-#: build/C/man7/credentials.7:253
-msgid ""
-"Supplementary group IDs. This is a set of additional group IDs that are "
-"used for permission checks when accessing files and other shared resources. "
-"On Linux kernels before 2.6.4, a process can be a member of up to 32 "
-"supplementary groups; since kernel 2.6.4, a process can be a member of up to "
-"65536 supplementary groups. The call I<sysconf(_SC_NGROUPS_MAX)> can be "
-"used to determine the number of supplementary groups of which a process may "
-"be a member. A process can obtain its set of supplementary group IDs using "
-"B<getgroups>(2), and can modify the set using B<setgroups>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:263
-msgid ""
-"A child process created by B<fork>(2) inherits copies of its parent's user "
-"and groups IDs. During an B<execve>(2), a process's real user and group ID "
-"and supplementary group IDs are preserved; the effective and saved set IDs "
-"may be changed, as described in B<execve>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:266
-msgid ""
-"Aside from the purposes noted above, a process's user IDs are also employed "
-"in a number of other contexts:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:269
-msgid "when determining the permissions for sending signals (see B<kill>(2));"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:280
-msgid ""
-"when determining the permissions for setting process-scheduling parameters "
-"(nice value, real time scheduling policy and priority, CPU affinity, I/O "
-"priority) using B<setpriority>(2), B<sched_setaffinity>(2), "
-"B<sched_setscheduler>(2), B<sched_setparam>(2), B<sched_setattr>(2), and "
-"B<ioprio_set>(2);"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:283
-msgid "when checking resource limits (see B<getrlimit>(2));"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:287
-msgid ""
-"when checking the limit on the number of inotify instances that the process "
-"may create (see B<inotify>(7))."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:293
-msgid ""
-"Process IDs, parent process IDs, process group IDs, and session IDs are "
-"specified in POSIX.1-2001. The real, effective, and saved set user and "
-"groups IDs, and the supplementary group IDs, are specified in POSIX.1-2001. "
-"The filesystem user and group IDs are a Linux extension."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:304
-msgid ""
-"The POSIX threads specification requires that credentials are shared by all "
-"of the threads in a process. However, at the kernel level, Linux maintains "
-"separate user and group credentials for each thread. The NPTL threading "
-"implementation does some work to ensure that any change to user or group "
-"credentials (e.g., calls to B<setuid>(2), B<setresuid>(2)) is carried "
-"through to all of the POSIX threads in a process."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/credentials.7:340
-msgid ""
-"B<bash>(1), B<csh>(1), B<ps>(1), B<access>(2), B<execve>(2), "
-"B<faccessat>(2), B<fork>(2), B<getgroups>(2), B<getpgrp>(2), B<getpid>(2), "
-"B<getppid>(2), B<getsid>(2), B<kill>(2), B<killpg>(2), B<setegid>(2), "
-"B<seteuid>(2), B<setfsgid>(2), B<setfsuid>(2), B<setgid>(2), "
-"B<setgroups>(2), B<setresgid>(2), B<setresuid>(2), B<setuid>(2), "
-"B<waitpid>(2), B<euidaccess>(3), B<initgroups>(3), B<tcgetpgrp>(3), "
-"B<tcsetpgrp>(3), B<capabilities>(7), B<namespaces>(7), "
-"B<path_resolution>(7), B<pid_namespaces>(7), B<signal>(7), "
-"B<user_namespaces>(7), B<unix>(7)"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/getgid.2:25
-#, no-wrap
-msgid "GETGID"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/getgid.2:25 build/C/man2/getresuid.2:28 build/C/man2/getuid.2:26
-#, no-wrap
-msgid "2010-11-22"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgid.2:28
-msgid "getgid, getegid - get group identity"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgid.2:30 build/C/man2/getgroups.2:38 build/C/man2/getpid.2:32 build/C/man2/getresuid.2:35 build/C/man2/getsid.2:31 build/C/man2/getuid.2:31 build/C/man3/group_member.3:30 build/C/man2/seteuid.2:36 build/C/man2/setgid.2:36 build/C/man2/setpgid.2:53 build/C/man2/setresuid.2:33 build/C/man2/setreuid.2:52 build/C/man2/setsid.2:37 build/C/man2/setuid.2:37
-msgid "B<#include E<lt>unistd.hE<gt>>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgid.2:32 build/C/man2/getgroups.2:36 build/C/man2/getpid.2:30 build/C/man2/getuid.2:33 build/C/man2/seteuid.2:34 build/C/man2/setgid.2:34 build/C/man2/setreuid.2:50 build/C/man2/setuid.2:35
-msgid "B<#include E<lt>sys/types.hE<gt>>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgid.2:34
-msgid "B<gid_t getgid(void);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgid.2:36
-msgid "B<gid_t getegid(void);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgid.2:39
-msgid "B<getgid>() returns the real group ID of the calling process."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgid.2:42
-msgid "B<getegid>() returns the effective group ID of the calling process."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgid.2:44 build/C/man2/getpid.2:46 build/C/man2/getuid.2:45
-msgid "These functions are always successful."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgid.2:46 build/C/man2/getuid.2:47
-msgid "POSIX.1-2001, 4.3BSD."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgid.2:62
-msgid ""
-"The original Linux B<getgid>() and B<getegid>() system calls supported "
-"only 16-bit group IDs. Subsequently, Linux 2.4 added B<getgid32>() and "
-"B<getegid32>(), supporting 32-bit IDs. The glibc B<getgid>() and "
-"B<getegid>() wrapper functions transparently deal with the variations "
-"across kernel versions."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgid.2:67
-msgid "B<getresgid>(2), B<setgid>(2), B<setregid>(2), B<credentials>(7)"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/getgroups.2:31
-#, no-wrap
-msgid "GETGROUPS"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/getgroups.2:31 build/C/man2/getpriority.2:45
-#, no-wrap
-msgid "2014-08-19"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgroups.2:34
-msgid "getgroups, setgroups - get/set list of supplementary group IDs"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgroups.2:40
-msgid "B<int getgroups(int >I<size>B<, gid_t >I<list>B<[]);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgroups.2:42
-msgid "B<#include E<lt>grp.hE<gt>>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgroups.2:44
-msgid "B<int setgroups(size_t >I<size>B<, const gid_t *>I<list>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgroups.2:52
-msgid "B<setgroups>(): _BSD_SOURCE"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgroups.2:70
-msgid ""
-"B<getgroups>() returns the supplementary group IDs of the calling process "
-"in I<list>. The argument I<size> should be set to the maximum number of "
-"items that can be stored in the buffer pointed to by I<list>. If the "
-"calling process is a member of more than I<size> supplementary groups, then "
-"an error results. It is unspecified whether the effective group ID of the "
-"calling process is included in the returned list. (Thus, an application "
-"should also call B<getegid>(2) and add or remove the resulting value.)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgroups.2:81
-msgid ""
-"If I<size> is zero, I<list> is not modified, but the total number of "
-"supplementary group IDs for the process is returned. This allows the caller "
-"to determine the size of a dynamically allocated I<list> to be used in a "
-"further call to B<getgroups>()."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgroups.2:92
-msgid ""
-"B<setgroups>() sets the supplementary group IDs for the calling process. "
-"Appropriate privileges (Linux: the B<CAP_SETGID> capability) are required. "
-"The I<size> argument specifies the number of supplementary group IDs in the "
-"buffer pointed to by I<list>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgroups.2:99
-msgid ""
-"On success, B<getgroups>() returns the number of supplementary group IDs. "
-"On error, -1 is returned, and I<errno> is set appropriately."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgroups.2:106
-msgid ""
-"On success, B<setgroups>() returns 0. On error, -1 is returned, and "
-"I<errno> is set appropriately."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgroups.2:111
-msgid "I<list> has an invalid address."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgroups.2:114
-msgid "B<getgroups>() can additionally fail with the following error:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgroups.2:118
-msgid "I<size> is less than the number of supplementary group IDs, but is not zero."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgroups.2:121
-msgid "B<setgroups>() can additionally fail with the following errors:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgroups.2:127
-msgid ""
-"I<size> is greater than B<NGROUPS_MAX> (32 before Linux 2.6.4; 65536 since "
-"Linux 2.6.4)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgroups.2:133
-msgid "The calling process has insufficient privilege."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgroups.2:141
-msgid ""
-"SVr4, 4.3BSD. The B<getgroups>() function is in POSIX.1-2001. Since "
-"B<setgroups>() requires privilege, it is not covered by POSIX.1-2001."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgroups.2:153
-msgid ""
-"A process can have up to B<NGROUPS_MAX> supplementary group IDs in addition "
-"to the effective group ID. The constant B<NGROUPS_MAX> is defined in "
-"I<E<lt>limits.hE<gt>>. The set of supplementary group IDs is inherited from "
-"the parent process, and preserved across an B<execve>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgroups.2:156
-msgid ""
-"The maximum number of supplementary group IDs can be found at run time using "
-"B<sysconf>(3):"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgroups.2:160
-#, no-wrap
-msgid ""
-" long ngroups_max;\n"
-" ngroups_max = sysconf(_SC_NGROUPS_MAX);\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgroups.2:168
-msgid ""
-"The maximum return value of B<getgroups>() cannot be larger than one more "
-"than this value. Since Linux 2.6.4, the maximum number of supplementary "
-"group IDs is also exposed via the Linux-specific read-only file, "
-"I</proc/sys/kernel/ngroups_max>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgroups.2:178
-msgid ""
-"The original Linux B<getgroups>() system call supported only 16-bit group "
-"IDs. Subsequently, Linux 2.4 added B<getgroups32>(), supporting 32-bit "
-"IDs. The glibc B<getgroups>() wrapper function transparently deals with "
-"the variation across kernel versions."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getgroups.2:186
-msgid ""
-"B<getgid>(2), B<setgid>(2), B<getgrouplist>(3), B<group_member>(3), "
-"B<initgroups>(3), B<capabilities>(7), B<credentials>(7)"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/getpid.2:25
-#, no-wrap
-msgid "GETPID"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/getpid.2:25 build/C/man7/namespaces.7:27 build/C/man2/seteuid.2:29 build/C/man2/setgid.2:29 build/C/man2/setresuid.2:26 build/C/man2/setreuid.2:45 build/C/man2/setuid.2:30 build/C/man7/svipc.7:40 build/C/man7/user_namespaces.7:27
-#, no-wrap
-msgid "2014-09-21"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpid.2:28
-msgid "getpid, getppid - get process identification"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpid.2:34
-msgid "B<pid_t getpid(void);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpid.2:36
-msgid "B<pid_t getppid(void);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpid.2:41
-msgid ""
-"B<getpid>() returns the process ID of the calling process. (This is often "
-"used by routines that generate unique temporary filenames.)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpid.2:44
-msgid "B<getppid>() returns the process ID of the parent of the calling process."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpid.2:48
-msgid "POSIX.1-2001, 4.3BSD, SVr4."
-msgstr ""
-
-#. The following program demonstrates this "feature":
-#
-#. #define _GNU_SOURCE
-#. #include <sys/syscall.h>
-#. #include <sys/wait.h>
-#. #include <stdio.h>
-#. #include <stdlib.h>
-#. #include <unistd.h>
-#
-#. int
-#. main(int argc, char *argv[])
-#. {
-#. /* The following statement fills the getpid() cache */
-#
-#. printf("parent PID = %ld
-#. ", (long) getpid());
-#
-#. if (syscall(SYS_fork) == 0) {
-#. if (getpid() != syscall(SYS_getpid))
-#. printf("child getpid() mismatch: getpid()=%ld; "
-#. "syscall(SYS_getpid)=%ld
-#. ",
-#. (long) getpid(), (long) syscall(SYS_getpid));
-#. exit(EXIT_SUCCESS);
-#. }
-#. wait(NULL);
-#. }
-#. type: Plain text
-#: build/C/man2/getpid.2:100
-msgid ""
-"Since glibc version 2.3.4, the glibc wrapper function for B<getpid>() "
-"caches PIDs, so as to avoid additional system calls when a process calls "
-"B<getpid>() repeatedly. Normally this caching is invisible, but its "
-"correct operation relies on support in the wrapper functions for B<fork>(2), "
-"B<vfork>(2), and B<clone>(2): if an application bypasses the glibc wrappers "
-"for these system calls by using B<syscall>(2), then a call to B<getpid>() "
-"in the child will return the wrong value (to be precise: it will return the "
-"PID of the parent process). See also B<clone>(2) for discussion of a case "
-"where B<getpid>() may return the wrong value even when invoking B<clone>(2) "
-"via the glibc wrapper function."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpid.2:111
-msgid ""
-"B<clone>(2), B<fork>(2), B<kill>(2), B<exec>(3), B<mkstemp>(3), "
-"B<tempnam>(3), B<tmpfile>(3), B<tmpnam>(3), B<credentials>(7), "
-"B<pid_namespaces>(7)"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/getpriority.2:45
-#, no-wrap
-msgid "GETPRIORITY"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:48
-msgid "getpriority, setpriority - get/set program scheduling priority"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:50 build/C/man2/getrlimit.2:69 build/C/man2/getrusage.2:44
-msgid "B<#include E<lt>sys/time.hE<gt>>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:52 build/C/man2/getrlimit.2:71 build/C/man2/getrusage.2:46
-msgid "B<#include E<lt>sys/resource.hE<gt>>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:54
-msgid "B<int getpriority(int >I<which>B<, id_t >I<who>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:56
-msgid "B<int setpriority(int >I<which>B<, id_t >I<who>B<, int >I<prio>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:67
-msgid ""
-"The scheduling priority of the process, process group, or user, as indicated "
-"by I<which> and I<who> is obtained with the B<getpriority>() call and set "
-"with the B<setpriority>() call."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:94
-msgid ""
-"The value I<which> is one of B<PRIO_PROCESS>, B<PRIO_PGRP>, or B<PRIO_USER>, "
-"and I<who> is interpreted relative to I<which> (a process identifier for "
-"B<PRIO_PROCESS>, process group identifier for B<PRIO_PGRP>, and a user ID "
-"for B<PRIO_USER>). A zero value for I<who> denotes (respectively) the "
-"calling process, the process group of the calling process, or the real user "
-"ID of the calling process. I<Prio> is a value in the range -20 to 19 (but "
-"see the Notes below). The default priority is 0; lower priorities cause "
-"more favorable scheduling."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:104
-msgid ""
-"The B<getpriority>() call returns the highest priority (lowest numerical "
-"value) enjoyed by any of the specified processes. The B<setpriority>() "
-"call sets the priorities of all of the specified processes to the specified "
-"value. Only the superuser may lower priorities."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:117
-msgid ""
-"Since B<getpriority>() can legitimately return the value -1, it is "
-"necessary to clear the external variable I<errno> prior to the call, then "
-"check it afterward to determine if -1 is an error or a legitimate value. "
-"The B<setpriority>() call returns 0 if there is no error, or -1 if there "
-"is."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:126
-msgid "I<which> was not one of B<PRIO_PROCESS>, B<PRIO_PGRP>, or B<PRIO_USER>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:133
-msgid "No process was located using the I<which> and I<who> values specified."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:137
-msgid "In addition to the errors indicated above, B<setpriority>() may fail if:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:149
-msgid ""
-"The caller attempted to lower a process priority, but did not have the "
-"required privilege (on Linux: did not have the B<CAP_SYS_NICE> capability). "
-"Since Linux 2.6.12, this error occurs only if the caller attempts to set a "
-"process priority outside the range of the B<RLIMIT_NICE> soft resource limit "
-"of the target process; see B<getrlimit>(2) for details."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:157
-msgid ""
-"A process was located, but its effective user ID did not match either the "
-"effective or the real user ID of the caller, and was not privileged (on "
-"Linux: did not have the B<CAP_SYS_NICE> capability). But see NOTES below."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:160
-msgid "SVr4, 4.4BSD (these function calls first appeared in 4.2BSD), POSIX.1-2001."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:166
-msgid ""
-"A child created by B<fork>(2) inherits its parent's nice value. The nice "
-"value is preserved across B<execve>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:177
-msgid ""
-"The degree to which their relative nice value affects the scheduling of "
-"processes varies across UNIX systems, and, on Linux, across kernel "
-"versions. Starting with kernel 2.6.23, Linux adopted an algorithm that "
-"causes relative differences in nice values to have a much stronger effect. "
-"This causes very low nice values (+19) to truly provide little CPU to a "
-"process whenever there is any other higher priority load on the system, and "
-"makes high nice values (-20) deliver most of the CPU to applications that "
-"require it (e.g., some audio applications)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:192
-msgid ""
-"The details on the condition for B<EPERM> depend on the system. The above "
-"description is what POSIX.1-2001 says, and seems to be followed on all "
-"System\\ V-like systems. Linux kernels before 2.6.12 required the real or "
-"effective user ID of the caller to match the real user of the process I<who> "
-"(instead of its effective user ID). Linux 2.6.12 and later require the "
-"effective user ID of the caller to match the real or effective user ID of "
-"the process I<who>. All BSD-like systems (SunOS 4.1.3, Ultrix 4.2, 4.3BSD, "
-"FreeBSD 4.3, OpenBSD-2.5, ...) behave in the same manner as Linux 2.6.12 and "
-"later."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:197
-msgid ""
-"The actual priority range varies between kernel versions. Linux before "
-"1.3.36 had -infinity..15. Since kernel 1.3.43, Linux has the range "
-"-20..19. On some other systems, the range of nice values is -20..20."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:210
-msgid ""
-"Including I<E<lt>sys/time.hE<gt>> is not required these days, but increases "
-"portability. (Indeed, I<E<lt>sys/resource.hE<gt>> defines the I<rusage> "
-"structure with fields of type I<struct timeval> defined in "
-"I<E<lt>sys/time.hE<gt>>.)"
-msgstr ""
-
-#. type: SS
-#: build/C/man2/getpriority.2:210 build/C/man2/seteuid.2:132
-#, no-wrap
-msgid "C library/kernel ABI differences"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:225
-msgid ""
-"Within the kernel, nice values are actually represented using the range "
-"40..1 (since negative numbers are error codes) and these are the values "
-"employed by the B<setpriority>() and B<getpriority>() system calls. The "
-"glibc wrapper functions for these system calls handle the translations "
-"between the user-land and kernel representations of the nice value according "
-"to the formula I<unice\\ =\\ 20\\ -\\ knice>. (Thus, the kernels 40..1 "
-"range corresponds to the range -20..19 as seen by user space.)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:232
-msgid ""
-"According to POSIX, the nice value is a per-process setting. However, under "
-"the current Linux/NPTL implementation of POSIX threads, the nice value is a "
-"per-thread attribute: different threads in the same process can have "
-"different nice values. Portable applications should avoid relying on the "
-"Linux behavior, which may be made standards conformant in the future."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:238
-msgid "B<nice>(1), B<renice>(1), B<fork>(2), B<capabilities>(7), B<sched>(7)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getpriority.2:241
-msgid ""
-"I<Documentation/scheduler/sched-nice-design.txt> in the Linux kernel source "
-"tree (since Linux 2.6.23)"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/getresuid.2:28
-#, no-wrap
-msgid "GETRESUID"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getresuid.2:31
-msgid "getresuid, getresgid - get real, effective and saved user/group IDs"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getresuid.2:33 build/C/man2/setresuid.2:31
-msgid "B<#define _GNU_SOURCE> /* See feature_test_macros(7) */"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getresuid.2:37
-msgid "B<int getresuid(uid_t *>I<ruid>B<, uid_t *>I<euid>B<, uid_t *>I<suid>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getresuid.2:39
-msgid "B<int getresgid(gid_t *>I<rgid>B<, gid_t *>I<egid>B<, gid_t *>I<sgid>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getresuid.2:50
-msgid ""
-"B<getresuid>() returns the real UID, the effective UID, and the saved "
-"set-user-ID of the calling process, in the arguments I<ruid>, I<euid>, and "
-"I<suid>, respectively. B<getresgid>() performs the analogous task for the "
-"process's group IDs."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getresuid.2:60
-msgid ""
-"One of the arguments specified an address outside the calling program's "
-"address space."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getresuid.2:62
-msgid "These system calls appeared on Linux starting with kernel 2.1.44."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getresuid.2:67
-msgid ""
-"The prototypes are given by glibc since version 2.3.2, provided "
-"B<_GNU_SOURCE> is defined."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getresuid.2:70 build/C/man2/setresuid.2:112
-msgid "These calls are nonstandard; they also appear on HP-UX and some of the BSDs."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getresuid.2:86
-msgid ""
-"The original Linux B<getresuid>() and B<getresgid>() system calls "
-"supported only 16-bit user and group IDs. Subsequently, Linux 2.4 added "
-"B<getresuid32>() and B<getresgid32>(), supporting 32-bit IDs. The glibc "
-"B<getresuid>() and B<getresgid>() wrapper functions transparently deal "
-"with the variations across kernel versions."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getresuid.2:92
-msgid ""
-"B<getuid>(2), B<setresuid>(2), B<setreuid>(2), B<setuid>(2), "
-"B<credentials>(7)"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/getrlimit.2:64
-#, no-wrap
-msgid "GETRLIMIT"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/getrlimit.2:64
-#, no-wrap
-msgid "2015-01-22"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:67
-msgid "getrlimit, setrlimit, prlimit - get/set resource limits"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:73
-msgid "B<int getrlimit(int >I<resource>B<, struct rlimit *>I<rlim>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:75
-msgid "B<int setrlimit(int >I<resource>B<, const struct rlimit *>I<rlim>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:78
-msgid ""
-"B<int prlimit(pid_t >I<pid>B<, int >I<resource>B<, const struct rlimit "
-"*>I<new_limit>B<,>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:80
-msgid "B< struct rlimit *>I<old_limit>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:88
-msgid "B<prlimit>(): _GNU_SOURCE && _FILE_OFFSET_BITS == 64"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:97
-msgid ""
-"The B<getrlimit>() and B<setrlimit>() system calls get and set resource "
-"limits respectively. Each resource has an associated soft and hard limit, "
-"as defined by the I<rlimit> structure:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:104
-#, no-wrap
-msgid ""
-"struct rlimit {\n"
-" rlim_t rlim_cur; /* Soft limit */\n"
-" rlim_t rlim_max; /* Hard limit (ceiling for rlim_cur) */\n"
-"};\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:115
-msgid ""
-"The soft limit is the value that the kernel enforces for the corresponding "
-"resource. The hard limit acts as a ceiling for the soft limit: an "
-"unprivileged process may set only its soft limit to a value in the range "
-"from 0 up to the hard limit, and (irreversibly) lower its hard limit. A "
-"privileged process (under Linux: one with the B<CAP_SYS_RESOURCE> "
-"capability) may make arbitrary changes to either limit value."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:122
-msgid ""
-"The value B<RLIM_INFINITY> denotes no limit on a resource (both in the "
-"structure returned by B<getrlimit>() and in the structure passed to "
-"B<setrlimit>())."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:126
-msgid "The I<resource> argument must be one of:"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrlimit.2:126
-#, no-wrap
-msgid "B<RLIMIT_AS>"
-msgstr ""
-
-#. since 2.0.27 / 2.1.12
-#. type: Plain text
-#: build/C/man2/getrlimit.2:146
-msgid ""
-"The maximum size of the process's virtual memory (address space) in bytes. "
-"This limit affects calls to B<brk>(2), B<mmap>(2), and B<mremap>(2), which "
-"fail with the error B<ENOMEM> upon exceeding this limit. Also automatic "
-"stack expansion will fail (and generate a B<SIGSEGV> that kills the process "
-"if no alternate stack has been made available via B<sigaltstack>(2)). Since "
-"the value is a I<long>, on machines with a 32-bit I<long> either this limit "
-"is at most 2 GiB, or this resource is unlimited."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrlimit.2:146
-#, no-wrap
-msgid "B<RLIMIT_CORE>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:154
-msgid ""
-"Maximum size of a I<core> file (see B<core>(5)). When 0 no core dump files "
-"are created. When nonzero, larger dumps are truncated to this size."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrlimit.2:154
-#, no-wrap
-msgid "B<RLIMIT_CPU>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:174
-msgid ""
-"CPU time limit in seconds. When the process reaches the soft limit, it is "
-"sent a B<SIGXCPU> signal. The default action for this signal is to "
-"terminate the process. However, the signal can be caught, and the handler "
-"can return control to the main program. If the process continues to consume "
-"CPU time, it will be sent B<SIGXCPU> once per second until the hard limit is "
-"reached, at which time it is sent B<SIGKILL>. (This latter point describes "
-"Linux behavior. Implementations vary in how they treat processes which "
-"continue to consume CPU time after reaching the soft limit. Portable "
-"applications that need to catch this signal should perform an orderly "
-"termination upon first receipt of B<SIGXCPU>.)"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrlimit.2:174
-#, no-wrap
-msgid "B<RLIMIT_DATA>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:185
-msgid ""
-"The maximum size of the process's data segment (initialized data, "
-"uninitialized data, and heap). This limit affects calls to B<brk>(2) and "
-"B<sbrk>(2), which fail with the error B<ENOMEM> upon encountering the soft "
-"limit of this resource."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrlimit.2:185
-#, no-wrap
-msgid "B<RLIMIT_FSIZE>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:197
-msgid ""
-"The maximum size of files that the process may create. Attempts to extend a "
-"file beyond this limit result in delivery of a B<SIGXFSZ> signal. By "
-"default, this signal terminates a process, but a process can catch this "
-"signal instead, in which case the relevant system call (e.g., B<write>(2), "
-"B<truncate>(2)) fails with the error B<EFBIG>."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrlimit.2:197
-#, no-wrap
-msgid "B<RLIMIT_LOCKS> (Early Linux 2.4 only)"
-msgstr ""
-
-#. to be precise: Linux 2.4.0-test9; no longer in 2.4.25 / 2.5.65
-#. type: Plain text
-#: build/C/man2/getrlimit.2:205
-msgid ""
-"A limit on the combined number of B<flock>(2) locks and B<fcntl>(2) leases "
-"that this process may establish."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrlimit.2:205
-#, no-wrap
-msgid "B<RLIMIT_MEMLOCK>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:243
-msgid ""
-"The maximum number of bytes of memory that may be locked into RAM. In "
-"effect this limit is rounded down to the nearest multiple of the system page "
-"size. This limit affects B<mlock>(2) and B<mlockall>(2) and the "
-"B<mmap>(2) B<MAP_LOCKED> operation. Since Linux 2.6.9 it also affects the "
-"B<shmctl>(2) B<SHM_LOCK> operation, where it sets a maximum on the total "
-"bytes in shared memory segments (see B<shmget>(2)) that may be locked by "
-"the real user ID of the calling process. The B<shmctl>(2) B<SHM_LOCK> "
-"locks are accounted for separately from the per-process memory locks "
-"established by B<mlock>(2), B<mlockall>(2), and B<mmap>(2) B<MAP_LOCKED>; a "
-"process can lock bytes up to this limit in each of these two categories. In "
-"Linux kernels before 2.6.9, this limit controlled the amount of memory that "
-"could be locked by a privileged process. Since Linux 2.6.9, no limits are "
-"placed on the amount of memory that a privileged process may lock, and this "
-"limit instead governs the amount of memory that an unprivileged process may "
-"lock."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrlimit.2:243
-#, no-wrap
-msgid "B<RLIMIT_MSGQUEUE> (since Linux 2.6.8)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:251
-msgid ""
-"Specifies the limit on the number of bytes that can be allocated for POSIX "
-"message queues for the real user ID of the calling process. This limit is "
-"enforced for B<mq_open>(3). Each message queue that the user creates counts "
-"(until it is removed) against this limit according to the formula:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:260
-#, no-wrap
-msgid ""
-" Since Linux 3.5:\n"
-" bytes = attr.mq_maxmsg * sizeof(struct msg_msg) +\n"
-" min(attr.mq_maxmsg, MQ_PRIO_MAX) *\n"
-" sizeof(struct posix_msg_tree_node)+\n"
-" /* For overhead */\n"
-" attr.mq_maxmsg * attr.mq_msgsize;\n"
-" /* For message data */\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:266
-#, no-wrap
-msgid ""
-" Linux 3.4 and earlier:\n"
-" bytes = attr.mq_maxmsg * sizeof(struct msg_msg *) +\n"
-" /* For overhead */\n"
-" attr.mq_maxmsg * attr.mq_msgsize;\n"
-" /* For message data */\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:279
-msgid ""
-"where I<attr> is the I<mq_attr> structure specified as the fourth argument "
-"to B<mq_open>(3), and the I<msg_msg> and I<posix_msg_tree_node> structures "
-"are kernel-internal structures."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:285
-msgid ""
-"The \"overhead\" addend in the formula accounts for overhead bytes required "
-"by the implementation and ensures that the user cannot create an unlimited "
-"number of zero-length messages (such messages nevertheless each consume some "
-"system memory for bookkeeping overhead)."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrlimit.2:285
-#, no-wrap
-msgid "B<RLIMIT_NICE> (since Linux 2.6.12, but see BUGS below)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:298
-msgid ""
-"Specifies a ceiling to which the process's nice value can be raised using "
-"B<setpriority>(2) or B<nice>(2). The actual ceiling for the nice value is "
-"calculated as I<20\\ -\\ rlim_cur>. (This strangeness occurs because "
-"negative numbers cannot be specified as resource limit values, since they "
-"typically have special meanings. For example, B<RLIM_INFINITY> typically is "
-"the same as -1.)"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrlimit.2:298
-#, no-wrap
-msgid "B<RLIMIT_NOFILE>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:312
-msgid ""
-"Specifies a value one greater than the maximum file descriptor number that "
-"can be opened by this process. Attempts (B<open>(2), B<pipe>(2), B<dup>(2), "
-"etc.) to exceed this limit yield the error B<EMFILE>. (Historically, this "
-"limit was named B<RLIMIT_OFILE> on BSD.)"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrlimit.2:312
-#, no-wrap
-msgid "B<RLIMIT_NPROC>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:325
-msgid ""
-"The maximum number of processes (or, more precisely on Linux, threads) that "
-"can be created for the real user ID of the calling process. Upon "
-"encountering this limit, B<fork>(2) fails with the error B<EAGAIN>. This "
-"limit is not enforced for processes that have either the B<CAP_SYS_ADMIN> or "
-"the B<CAP_SYS_RESOURCE> capability."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrlimit.2:325
-#, no-wrap
-msgid "B<RLIMIT_RSS>"
-msgstr ""
-
-#. As at kernel 2.6.12, this limit still does nothing in 2.6 though
-#. talk of making it do something has surfaced from time to time in LKML
-#. -- MTK, Jul 05
-#. type: Plain text
-#: build/C/man2/getrlimit.2:337
-msgid ""
-"Specifies the limit (in pages) of the process's resident set (the number of "
-"virtual pages resident in RAM). This limit has effect only in Linux 2.4.x, "
-"x E<lt> 30, and there affects only calls to B<madvise>(2) specifying "
-"B<MADV_WILLNEED>."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrlimit.2:337
-#, no-wrap
-msgid "B<RLIMIT_RTPRIO> (since Linux 2.6.12, but see BUGS)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:344
-msgid ""
-"Specifies a ceiling on the real-time priority that may be set for this "
-"process using B<sched_setscheduler>(2) and B<sched_setparam>(2)."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrlimit.2:344
-#, no-wrap
-msgid "B<RLIMIT_RTTIME> (since Linux 2.6.25)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:356
-msgid ""
-"Specifies a limit (in microseconds) on the amount of CPU time that a "
-"process scheduled under a real-time scheduling policy may consume without "
-"making a blocking system call. For the purpose of this limit, each time a "
-"process makes a blocking system call, the count of its consumed CPU time is "
-"reset to zero. The CPU time count is not reset if the process continues "
-"trying to use the CPU but is preempted, its time slice expires, or it calls "
-"B<sched_yield>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:367
-msgid ""
-"Upon reaching the soft limit, the process is sent a B<SIGXCPU> signal. If "
-"the process catches or ignores this signal and continues consuming CPU time, "
-"then B<SIGXCPU> will be generated once each second until the hard limit is "
-"reached, at which point the process is sent a B<SIGKILL> signal."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:370
-msgid ""
-"The intended use of this limit is to stop a runaway real-time process from "
-"locking up the system."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrlimit.2:370
-#, no-wrap
-msgid "B<RLIMIT_SIGPENDING> (since Linux 2.6.8)"
-msgstr ""
-
-#. This replaces the /proc/sys/kernel/rtsig-max system-wide limit
-#. that was present in kernels <= 2.6.7. MTK Dec 04
-#. type: Plain text
-#: build/C/man2/getrlimit.2:384
-msgid ""
-"Specifies the limit on the number of signals that may be queued for the real "
-"user ID of the calling process. Both standard and real-time signals are "
-"counted for the purpose of checking this limit. However, the limit is "
-"enforced only for B<sigqueue>(3); it is always possible to use B<kill>(2) "
-"to queue one instance of any of the signals that are not already queued to "
-"the process."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrlimit.2:384
-#, no-wrap
-msgid "B<RLIMIT_STACK>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:392
-msgid ""
-"The maximum size of the process stack, in bytes. Upon reaching this limit, "
-"a B<SIGSEGV> signal is generated. To handle this signal, a process must "
-"employ an alternate signal stack (B<sigaltstack>(2))."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:397
-msgid ""
-"Since Linux 2.6.23, this limit also determines the amount of space used for "
-"the process's command-line arguments and environment variables; for details, "
-"see B<execve>(2)."
-msgstr ""
-
-#. type: SS
-#: build/C/man2/getrlimit.2:397
-#, no-wrap
-msgid "prlimit()"
-msgstr ""
-
-#. commit c022a0acad534fd5f5d5f17280f6d4d135e74e81
-#. Author: Jiri Slaby <jslaby@suse.cz>
-#. Date: Tue May 4 18:03:50 2010 +0200
-#
-#. rlimits: implement prlimit64 syscall
-#
-#. commit 6a1d5e2c85d06da35cdfd93f1a27675bfdc3ad8c
-#. Author: Jiri Slaby <jslaby@suse.cz>
-#. Date: Wed Mar 24 17:06:58 2010 +0100
-#
-#. rlimits: add rlimit64 structure
-#. type: Plain text
-#: build/C/man2/getrlimit.2:417
-msgid ""
-"The Linux-specific B<prlimit>() system call combines and extends the "
-"functionality of B<setrlimit>() and B<getrlimit>(). It can be used to both "
-"set and get the resource limits of an arbitrary process."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:424
-msgid ""
-"The I<resource> argument has the same meaning as for B<setrlimit>() and "
-"B<getrlimit>()."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:442
-msgid ""
-"If the I<new_limit> argument is a not NULL, then the I<rlimit> structure to "
-"which it points is used to set new values for the soft and hard limits for "
-"I<resource>. If the I<old_limit> argument is a not NULL, then a successful "
-"call to B<prlimit>() places the previous soft and hard limits for "
-"I<resource> in the I<rlimit> structure pointed to by I<old_limit>."
-msgstr ""
-
-#. FIXME . this permission check is strange
-#. Asked about this on LKML, 7 Nov 2010
-#. "Inconsistent credential checking in prlimit() syscall"
-#. type: Plain text
-#: build/C/man2/getrlimit.2:461
-msgid ""
-"The I<pid> argument specifies the ID of the process on which the call is to "
-"operate. If I<pid> is 0, then the call applies to the calling process. To "
-"set or get the resources of a process other than itself, the caller must "
-"have the B<CAP_SYS_RESOURCE> capability, or the real, effective, and saved "
-"set user IDs of the target process must match the real user ID of the caller "
-"I<and> the real, effective, and saved set group IDs of the target process "
-"must match the real group ID of the caller."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:466
-msgid ""
-"On success, these system calls return 0. On error, -1 is returned, and "
-"I<errno> is set appropriately."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:471
-msgid ""
-"A pointer argument points to a location outside the accessible address "
-"space."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:483
-msgid ""
-"The value specified in I<resource> is not valid; or, for B<setrlimit>() or "
-"B<prlimit>(): I<rlim-E<gt>rlim_cur> was greater than I<rlim-E<gt>rlim_max>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:488
-msgid ""
-"An unprivileged process tried to raise the hard limit; the "
-"B<CAP_SYS_RESOURCE> capability is required to do this."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:496
-msgid ""
-"The caller tried to increase the hard B<RLIMIT_NOFILE> limit above the "
-"maximum defined by I</proc/sys/fs/nr_open> (see B<proc>(5))"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:502
-msgid ""
-"(B<prlimit>()) The calling process did not have permission to set limits "
-"for the process specified by I<pid>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:506
-msgid "Could not find a process with the ID specified in I<pid>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:511
-msgid ""
-"The B<prlimit>() system call is available since Linux 2.6.36. Library "
-"support is available since glibc 2.13."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:515
-msgid "B<getrlimit>(), B<setrlimit>(): SVr4, 4.3BSD, POSIX.1-2001."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:518
-msgid "B<prlimit>(): Linux-specific."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:534
-msgid ""
-"B<RLIMIT_MEMLOCK> and B<RLIMIT_NPROC> derive from BSD and are not specified "
-"in POSIX.1-2001; they are present on the BSDs and Linux, but on few other "
-"implementations. B<RLIMIT_RSS> derives from BSD and is not specified in "
-"POSIX.1-2001; it is nevertheless present on most implementations. "
-"B<RLIMIT_MSGQUEUE>, B<RLIMIT_NICE>, B<RLIMIT_RTPRIO>, B<RLIMIT_RTTIME>, and "
-"B<RLIMIT_SIGPENDING> are Linux-specific."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:540
-msgid ""
-"A child process created via B<fork>(2) inherits its parent's resource "
-"limits. Resource limits are preserved across B<execve>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:545
-msgid ""
-"Lowering the soft limit for a resource below the process's current "
-"consumption of that resource will succeed (but will prevent the process from "
-"further increasing its consumption of the resource)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:554
-msgid ""
-"One can set the resource limits of the shell using the built-in I<ulimit> "
-"command (I<limit> in B<csh>(1)). The shell's resource limits are inherited "
-"by the processes that it creates to execute commands."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:559
-msgid ""
-"Since Linux 2.6.24, the resource limits of any process can be inspected via "
-"I</proc/[pid]/limits>; see B<proc>(5)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:568
-msgid ""
-"Ancient systems provided a B<vlimit>() function with a similar purpose to "
-"B<setrlimit>(). For backward compatibility, glibc also provides "
-"B<vlimit>(). All new applications should be written using B<setrlimit>()."
-msgstr ""
-
-#. type: SS
-#: build/C/man2/getrlimit.2:568
-#, no-wrap
-msgid "C library/ kernel ABI differences"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:577
-msgid ""
-"Since version 2.13, the glibc B<getrlimit>() and B<setrlimit>() wrapper "
-"functions no longer invoke the corresponding system calls, but instead "
-"employ B<prlimit>(), for the reasons described in BUGS."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:586
-msgid ""
-"In older Linux kernels, the B<SIGXCPU> and B<SIGKILL> signals delivered when "
-"a process encountered the soft and hard B<RLIMIT_CPU> limits were delivered "
-"one (CPU) second later than they should have been. This was fixed in kernel "
-"2.6.8."
-msgstr ""
-
-#. see http://marc.theaimsgroup.com/?l=linux-kernel&m=114008066530167&w=2
-#. type: Plain text
-#: build/C/man2/getrlimit.2:594
-msgid ""
-"In 2.6.x kernels before 2.6.17, a B<RLIMIT_CPU> limit of 0 is wrongly "
-"treated as \"no limit\" (like B<RLIM_INFINITY>). Since Linux 2.6.17, "
-"setting a limit of 0 does have an effect, but is actually treated as a limit "
-"of 1 second."
-msgstr ""
-
-#. See https://lwn.net/Articles/145008/
-#. type: Plain text
-#: build/C/man2/getrlimit.2:599
-msgid ""
-"A kernel bug means that B<RLIMIT_RTPRIO> does not work in kernel 2.6.12; the "
-"problem is fixed in kernel 2.6.13."
-msgstr ""
-
-#. see http://marc.theaimsgroup.com/?l=linux-kernel&m=112256338703880&w=2
-#. type: Plain text
-#: build/C/man2/getrlimit.2:610
-msgid ""
-"In kernel 2.6.12, there was an off-by-one mismatch between the priority "
-"ranges returned by B<getpriority>(2) and B<RLIMIT_NICE>. This had the "
-"effect that the actual ceiling for the nice value was calculated as I<19\\ "
-"-\\ rlim_cur>. This was fixed in kernel 2.6.13."
-msgstr ""
-
-#. The relevant patch, sent to LKML, seems to be
-#. http://thread.gmane.org/gmane.linux.kernel/273462
-#. From: Roland McGrath <roland <at> redhat.com>
-#. Subject: [PATCH 7/7] make RLIMIT_CPU/SIGXCPU per-process
-#. Date: 2005-01-23 23:27:46 GMT
-#. Tested Solaris 10, FreeBSD 9, OpenBSD 5.0
-#. FIXME . https://bugzilla.kernel.org/show_bug.cgi?id=50951
-#. type: Plain text
-#: build/C/man2/getrlimit.2:637
-msgid ""
-"Since Linux 2.6.12, if a process reaches its soft B<RLIMIT_CPU> limit and "
-"has a handler installed for B<SIGXCPU>, then, in addition to invoking the "
-"signal handler, the kernel increases the soft limit by one second. This "
-"behavior repeats if the process continues to consume CPU time, until the "
-"hard limit is reached, at which point the process is killed. Other "
-"implementations do not change the B<RLIMIT_CPU> soft limit in this manner, "
-"and the Linux behavior is probably not standards conformant; portable "
-"applications should avoid relying on this Linux-specific behavior. The "
-"Linux-specific B<RLIMIT_RTTIME> limit exhibits the same behavior when the "
-"soft limit is encountered."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:647
-msgid ""
-"Kernels before 2.4.22 did not diagnose the error B<EINVAL> for "
-"B<setrlimit>() when I<rlim-E<gt>rlim_cur> was greater than "
-"I<rlim-E<gt>rlim_max>."
-msgstr ""
-
-#. type: SS
-#: build/C/man2/getrlimit.2:647
-#, no-wrap
-msgid "Representation of \"large\" resource limit values on 32-bit platforms"
-msgstr ""
-
-#. https://bugzilla.kernel.org/show_bug.cgi?id=5042
-#. http://sources.redhat.com/bugzilla/show_bug.cgi?id=12201
-#. type: Plain text
-#: build/C/man2/getrlimit.2:678
-msgid ""
-"The glibc B<getrlimit>() and B<setrlimit>() wrapper functions use a 64-bit "
-"I<rlim_t> data type, even on 32-bit platforms. However, the I<rlim_t> data "
-"type used in the B<getrlimit>() and B<setrlimit>() system calls is a "
-"(32-bit) I<unsigned long>. Furthermore, in Linux versions before 2.6.36, "
-"the kernel represents resource limits on 32-bit platforms as I<unsigned "
-"long>. However, a 32-bit data type is not wide enough. The most pertinent "
-"limit here is B<RLIMIT_FSIZE>, which specifies the maximum size to which a "
-"file can grow: to be useful, this limit must be represented using a type "
-"that is as wide as the type used to represent file offsets\\(emthat is, as "
-"wide as a 64-bit B<off_t> (assuming a program compiled with "
-"I<_FILE_OFFSET_BITS=64>)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:688
-msgid ""
-"To work around this kernel limitation, if a program tried to set a resource "
-"limit to a value larger than can be represented in a 32-bit I<unsigned "
-"long>, then the glibc B<setrlimit>() wrapper function silently converted "
-"the limit value to B<RLIM_INFINITY>. In other words, the requested resource "
-"limit setting was silently ignored."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:690
-msgid "This problem was addressed in Linux 2.6.36 with two principal changes:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:693
-msgid ""
-"the addition of a new kernel representation of resource limits that uses 64 "
-"bits, even on 32-bit platforms;"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:697
-msgid ""
-"the addition of the B<prlimit>() system call, which employs 64-bit values "
-"for its resource limit arguments."
-msgstr ""
-
-#. https://www.sourceware.org/bugzilla/show_bug.cgi?id=12201
-#. type: Plain text
-#: build/C/man2/getrlimit.2:710
-msgid ""
-"Since version 2.13, glibc works around the limitations of the B<getrlimit>() "
-"and B<setrlimit>() system calls by implementing B<setrlimit>() and "
-"B<getrlimit>() as wrapper functions that call B<prlimit>()."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:713
-msgid "The program below demonstrates the use of B<prlimit>()."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:722
-#, no-wrap
-msgid ""
-"#define _GNU_SOURCE\n"
-"#define _FILE_OFFSET_BITS 64\n"
-"#include E<lt>stdio.hE<gt>\n"
-"#include E<lt>time.hE<gt>\n"
-"#include E<lt>stdlib.hE<gt>\n"
-"#include E<lt>unistd.hE<gt>\n"
-"#include E<lt>sys/resource.hE<gt>\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:725
-#, no-wrap
-msgid ""
-"#define errExit(msg) \tdo { perror(msg); exit(EXIT_FAILURE); \\e\n"
-" } while (0)\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:732
-#, no-wrap
-msgid ""
-"int\n"
-"main(int argc, char *argv[])\n"
-"{\n"
-" struct rlimit old, new;\n"
-" struct rlimit *newp;\n"
-" pid_t pid;\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:738
-#, no-wrap
-msgid ""
-" if (!(argc == 2 || argc == 4)) {\n"
-" fprintf(stderr, \"Usage: %s E<lt>pidE<gt> [E<lt>new-soft-limitE<gt> "
-"\"\n"
-" \"E<lt>new-hard-limitE<gt>]\\en\", argv[0]);\n"
-" exit(EXIT_FAILURE);\n"
-" }\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:740
-#, no-wrap
-msgid " pid = atoi(argv[1]); /* PID of target process */\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:747
-#, no-wrap
-msgid ""
-" newp = NULL;\n"
-" if (argc == 4) {\n"
-" new.rlim_cur = atoi(argv[2]);\n"
-" new.rlim_max = atoi(argv[3]);\n"
-" newp = &new;\n"
-" }\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:750
-#, no-wrap
-msgid ""
-" /* Set CPU time limit of target process; retrieve and display\n"
-" previous limit */\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:755
-#, no-wrap
-msgid ""
-" if (prlimit(pid, RLIMIT_CPU, newp, &old) == -1)\n"
-" errExit(\"prlimit-1\");\n"
-" printf(\"Previous limits: soft=%lld; hard=%lld\\en\",\n"
-" (long long) old.rlim_cur, (long long) old.rlim_max);\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:757
-#, no-wrap
-msgid " /* Retrieve and display new CPU time limit */\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:762
-#, no-wrap
-msgid ""
-" if (prlimit(pid, RLIMIT_CPU, NULL, &old) == -1)\n"
-" errExit(\"prlimit-2\");\n"
-" printf(\"New limits: soft=%lld; hard=%lld\\en\",\n"
-" (long long) old.rlim_cur, (long long) old.rlim_max);\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:765 build/C/man7/user_namespaces.7:829
-#, no-wrap
-msgid ""
-" exit(EXIT_FAILURE);\n"
-"}\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrlimit.2:784
-msgid ""
-"B<prlimit>(1), B<dup>(2), B<fcntl>(2), B<fork>(2), B<getrusage>(2), "
-"B<mlock>(2), B<mmap>(2), B<open>(2), B<quotactl>(2), B<sbrk>(2), "
-"B<shmctl>(2), B<malloc>(3), B<sigqueue>(3), B<ulimit>(3), B<core>(5), "
-"B<capabilities>(7), B<signal>(7)"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/getrusage.2:39
-#, no-wrap
-msgid "GETRUSAGE"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/getrusage.2:39
-#, no-wrap
-msgid "2014-05-10"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:42
-msgid "getrusage - get resource usage"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:48
-msgid "B<int getrusage(int >I<who>B<, struct rusage *>I<usage>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:54
-msgid ""
-"B<getrusage>() returns resource usage measures for I<who>, which can be one "
-"of the following:"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrusage.2:54
-#, no-wrap
-msgid "B<RUSAGE_SELF>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:58
-msgid ""
-"Return resource usage statistics for the calling process, which is the sum "
-"of resources used by all threads in the process."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrusage.2:58
-#, no-wrap
-msgid "B<RUSAGE_CHILDREN>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:65
-msgid ""
-"Return resource usage statistics for all children of the calling process "
-"that have terminated and been waited for. These statistics will include the "
-"resources used by grandchildren, and further removed descendants, if all of "
-"the intervening descendants waited on their terminated children."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrusage.2:65
-#, no-wrap
-msgid "B<RUSAGE_THREAD> (since Linux 2.6.26)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:75
-msgid ""
-"Return resource usage statistics for the calling thread. The B<_GNU_SOURCE> "
-"feature test macro must be defined (before including I<any> header file) in "
-"order to obtain the definition of this constant from "
-"I<E<lt>sys/resource.hE<gt>>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:79
-msgid ""
-"The resource usages are returned in the structure pointed to by I<usage>, "
-"which has the following form:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:100
-#, no-wrap
-msgid ""
-"struct rusage {\n"
-" struct timeval ru_utime; /* user CPU time used */\n"
-" struct timeval ru_stime; /* system CPU time used */\n"
-" long ru_maxrss; /* maximum resident set size */\n"
-" long ru_ixrss; /* integral shared memory size */\n"
-" long ru_idrss; /* integral unshared data size */\n"
-" long ru_isrss; /* integral unshared stack size */\n"
-" long ru_minflt; /* page reclaims (soft page faults) */\n"
-" long ru_majflt; /* page faults (hard page faults) */\n"
-" long ru_nswap; /* swaps */\n"
-" long ru_inblock; /* block input operations */\n"
-" long ru_oublock; /* block output operations */\n"
-" long ru_msgsnd; /* IPC messages sent */\n"
-" long ru_msgrcv; /* IPC messages received */\n"
-" long ru_nsignals; /* signals received */\n"
-" long ru_nvcsw; /* voluntary context switches */\n"
-" long ru_nivcsw; /* involuntary context switches */\n"
-"};\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:108
-msgid ""
-"Not all fields are completed; unmaintained fields are set to zero by the "
-"kernel. (The unmaintained fields are provided for compatibility with other "
-"systems, and because they may one day be supported on Linux.) The fields "
-"are interpreted as follows:"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrusage.2:108
-#, no-wrap
-msgid "I<ru_utime>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:114
-msgid ""
-"This is the total amount of time spent executing in user mode, expressed in "
-"a I<timeval> structure (seconds plus microseconds)."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrusage.2:114
-#, no-wrap
-msgid "I<ru_stime>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:120
-msgid ""
-"This is the total amount of time spent executing in kernel mode, expressed "
-"in a I<timeval> structure (seconds plus microseconds)."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrusage.2:120
-#, no-wrap
-msgid "I<ru_maxrss> (since Linux 2.6.32)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:127
-msgid ""
-"This is the maximum resident set size used (in kilobytes). For "
-"B<RUSAGE_CHILDREN>, this is the resident set size of the largest child, not "
-"the maximum resident set size of the process tree."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrusage.2:127
-#, no-wrap
-msgid "I<ru_ixrss> (unmaintained)"
-msgstr ""
-
-#. On some systems, this field records the number of signals received.
-#. type: Plain text
-#: build/C/man2/getrusage.2:133 build/C/man2/getrusage.2:138 build/C/man2/getrusage.2:143 build/C/man2/getrusage.2:155 build/C/man2/getrusage.2:167 build/C/man2/getrusage.2:173 build/C/man2/getrusage.2:177
-msgid "This field is currently unused on Linux."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrusage.2:133
-#, no-wrap
-msgid "I<ru_idrss> (unmaintained)"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrusage.2:138
-#, no-wrap
-msgid "I<ru_isrss> (unmaintained)"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrusage.2:143
-#, no-wrap
-msgid "I<ru_minflt>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:148
-msgid ""
-"The number of page faults serviced without any I/O activity; here I/O "
-"activity is avoided by ``reclaiming'' a page frame from the list of pages "
-"awaiting reallocation."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrusage.2:148
-#, no-wrap
-msgid "I<ru_majflt>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:151
-msgid "The number of page faults serviced that required I/O activity."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrusage.2:151
-#, no-wrap
-msgid "I<ru_nswap> (unmaintained)"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrusage.2:155
-#, no-wrap
-msgid "I<ru_inblock> (since Linux 2.6.22)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:158
-msgid "The number of times the filesystem had to perform input."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrusage.2:158
-#, no-wrap
-msgid "I<ru_oublock> (since Linux 2.6.22)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:161
-msgid "The number of times the filesystem had to perform output."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrusage.2:161
-#, no-wrap
-msgid "I<ru_msgsnd> (unmaintained)"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrusage.2:167
-#, no-wrap
-msgid "I<ru_msgrcv> (unmaintained)"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrusage.2:173
-#, no-wrap
-msgid "I<ru_nsignals> (unmaintained)"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrusage.2:177
-#, no-wrap
-msgid "I<ru_nvcsw> (since Linux 2.6)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:182
-msgid ""
-"The number of times a context switch resulted due to a process voluntarily "
-"giving up the processor before its time slice was completed (usually to "
-"await availability of a resource)."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/getrusage.2:182
-#, no-wrap
-msgid "I<ru_nivcsw> (since Linux 2.6)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:187
-msgid ""
-"The number of times a context switch resulted due to a higher priority "
-"process becoming runnable or because the current process exceeded its time "
-"slice."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:198
-msgid "I<usage> points outside the accessible address space."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:202
-msgid "I<who> is invalid."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:210
-msgid ""
-"SVr4, 4.3BSD. POSIX.1-2001 specifies B<getrusage>(), but specifies only the "
-"fields I<ru_utime> and I<ru_stime>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:213
-msgid "B<RUSAGE_THREAD> is Linux-specific."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:216
-msgid "Resource usage metrics are preserved across an B<execve>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:224
-msgid ""
-"Including I<E<lt>sys/time.hE<gt>> is not required these days, but increases "
-"portability. (Indeed, I<struct timeval> is defined in "
-"I<E<lt>sys/time.hE<gt>>.)"
-msgstr ""
-
-#. See the description of getrusage() in XSH.
-#. A similar statement was also in SUSv2.
-#. type: Plain text
-#: build/C/man2/getrusage.2:236
-msgid ""
-"In Linux kernel versions before 2.6.9, if the disposition of B<SIGCHLD> is "
-"set to B<SIG_IGN> then the resource usages of child processes are "
-"automatically included in the value returned by B<RUSAGE_CHILDREN>, although "
-"POSIX.1-2001 explicitly prohibits this. This nonconformance is rectified in "
-"Linux 2.6.9 and later."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:239
-msgid ""
-"The structure definition shown at the start of this page was taken from "
-"4.3BSD Reno."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:248
-msgid ""
-"Ancient systems provided a B<vtimes>() function with a similar purpose to "
-"B<getrusage>(). For backward compatibility, glibc also provides "
-"B<vtimes>(). All new applications should be written using B<getrusage>()."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:253
-msgid "See also the description of I</proc/PID/stat> in B<proc>(5)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getrusage.2:260
-msgid ""
-"B<clock_gettime>(2), B<getrlimit>(2), B<times>(2), B<wait>(2), B<wait4>(2), "
-"B<clock>(3)"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/getsid.2:26
-#, no-wrap
-msgid "GETSID"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/getsid.2:26
-#, no-wrap
-msgid "2010-09-26"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getsid.2:29
-msgid "getsid - get session ID"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getsid.2:33
-msgid "B<pid_t getsid(pid_t>I< pid>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getsid.2:42
-msgid "B<getsid>():"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getsid.2:45 build/C/man2/setpgid.2:79
-msgid "_XOPEN_SOURCE\\ E<gt>=\\ 500 || _XOPEN_SOURCE\\ &&\\ _XOPEN_SOURCE_EXTENDED"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getsid.2:47 build/C/man2/setpgid.2:81
-msgid "|| /* Since glibc 2.12: */ _POSIX_C_SOURCE\\ E<gt>=\\ 200809L"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getsid.2:58
-msgid ""
-"I<getsid(0)> returns the session ID of the calling process. I<getsid(p)> "
-"returns the session ID of the process with process ID I<p>. (The session ID "
-"of a process is the process group ID of the session leader.)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getsid.2:63
-msgid ""
-"On success, a session ID is returned. On error, I<(pid_t)\\ -1> will be "
-"returned, and I<errno> is set appropriately."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getsid.2:70
-msgid ""
-"A process with process ID I<p> exists, but it is not in the same session as "
-"the calling process, and the implementation considers this an error."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getsid.2:75
-msgid "No process with process ID I<p> was found."
-msgstr ""
-
-#. Linux has this system call since Linux 1.3.44.
-#. There is libc support since libc 5.2.19.
-#. type: Plain text
-#: build/C/man2/getsid.2:79
-msgid "This system call is available on Linux since version 2.0."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getsid.2:81 build/C/man2/setgid.2:73 build/C/man2/setsid.2:70
-msgid "SVr4, POSIX.1-2001."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getsid.2:84
-msgid "Linux does not return B<EPERM>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getsid.2:88
-msgid "B<getpgid>(2), B<setsid>(2), B<credentials>(7)"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/getuid.2:26
-#, no-wrap
-msgid "GETUID"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getuid.2:29
-msgid "getuid, geteuid - get user identity"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getuid.2:35
-msgid "B<uid_t getuid(void);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getuid.2:37
-msgid "B<uid_t geteuid(void);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getuid.2:40
-msgid "B<getuid>() returns the real user ID of the calling process."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getuid.2:43
-msgid "B<geteuid>() returns the effective user ID of the calling process."
-msgstr ""
-
-#. type: SS
-#: build/C/man2/getuid.2:48
-#, no-wrap
-msgid "History"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getuid.2:57
-msgid ""
-"In UNIX\\ V6 the B<getuid>() call returned I<(euid E<lt>E<lt> 8) + uid>. "
-"UNIX\\ V7 introduced separate calls B<getuid>() and B<geteuid>()."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getuid.2:73
-msgid ""
-"The original Linux B<getuid>() and B<geteuid>() system calls supported "
-"only 16-bit user IDs. Subsequently, Linux 2.4 added B<getuid32>() and "
-"B<geteuid32>(), supporting 32-bit IDs. The glibc B<getuid>() and "
-"B<geteuid>() wrapper functions transparently deal with the variations "
-"across kernel versions."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/getuid.2:78
-msgid "B<getresuid>(2), B<setreuid>(2), B<setuid>(2), B<credentials>(7)"
-msgstr ""
-
-#. type: TH
-#: build/C/man3/group_member.3:25
-#, no-wrap
-msgid "GROUP_MEMBER"
-msgstr ""
-
-#. type: TH
-#: build/C/man3/group_member.3:25
-#, no-wrap
-msgid "2014-03-30"
-msgstr ""
-
-#. type: TH
-#: build/C/man3/group_member.3:25
-#, no-wrap
-msgid "GNU"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man3/group_member.3:28
-msgid "group_member - test whether a process is in a group"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man3/group_member.3:32
-msgid "B<int group_member(gid_t >I<gid>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man3/group_member.3:40
-msgid "B<group_member>(): _GNU_SOURCE"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man3/group_member.3:48
-msgid ""
-"The B<group_member>() function tests whether any of the caller's "
-"supplementary group IDs (as returned by B<getgroups>(2)) matches I<gid>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man3/group_member.3:55
-msgid ""
-"The B<group_member>() function returns nonzero if any of the caller's "
-"supplementary group IDs matches I<gid>, and zero otherwise."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man3/group_member.3:57
-msgid "This function is a nonstandard GNU extension."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man3/group_member.3:62
-msgid "B<getgid>(2), B<getgroups>(2), B<getgrouplist>(3), B<group>(5)"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/iopl.2:33
-#, no-wrap
-msgid "IOPL"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/iopl.2:33
-#, no-wrap
-msgid "2013-03-15"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/iopl.2:36
-msgid "iopl - change I/O privilege level"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/iopl.2:38
-msgid "B<#include E<lt>sys/io.hE<gt>>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/iopl.2:40
-msgid "B<int iopl(int >I<level>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/iopl.2:45
-msgid ""
-"B<iopl>() changes the I/O privilege level of the calling process, as "
-"specified by the two least significant bits in I<level>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/iopl.2:51
-msgid ""
-"This call is necessary to allow 8514-compatible X servers to run under "
-"Linux. Since these X servers require access to all 65536 I/O ports, the "
-"B<ioperm>(2) call is not sufficient."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/iopl.2:55
-msgid ""
-"In addition to granting unrestricted I/O port access, running at a higher "
-"I/O privilege level also allows the process to disable interrupts. This "
-"will probably crash the system, and is not recommended."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/iopl.2:60
-msgid "Permissions are inherited by B<fork>(2) and B<execve>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/iopl.2:62
-msgid "The I/O privilege level for a normal process is 0."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/iopl.2:66
-msgid ""
-"This call is mostly for the i386 architecture. On many other architectures "
-"it does not exist or will always return an error."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/iopl.2:76
-msgid "I<level> is greater than 3."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/iopl.2:79
-msgid "This call is unimplemented."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/iopl.2:87
-msgid ""
-"The calling process has insufficient privilege to call B<iopl>(); the "
-"B<CAP_SYS_RAWIO> capability is required to raise the I/O privilege level "
-"above its current value."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/iopl.2:91
-msgid ""
-"B<iopl>() is Linux-specific and should not be used in programs that are "
-"intended to be portable."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/iopl.2:100
-msgid ""
-"Libc5 treats it as a system call and has a prototype in "
-"I<E<lt>unistd.hE<gt>>. Glibc1 does not have a prototype. Glibc2 has a "
-"prototype both in I<E<lt>sys/io.hE<gt>> and in I<E<lt>sys/perm.hE<gt>>. "
-"Avoid the latter, it is available on i386 only."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/iopl.2:104
-msgid "B<ioperm>(2), B<outb>(2), B<capabilities>(7)"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/ioprio_set.2:24
-#, no-wrap
-msgid "IOPRIO_SET"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/ioprio_set.2:24
-#, no-wrap
-msgid "2013-02-12"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:27
-msgid "ioprio_get, ioprio_set - get/set I/O scheduling class and priority"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:31
-#, no-wrap
-msgid ""
-"B<int ioprio_get(int >I<which>B<, int >I<who>B<);>\n"
-"B<int ioprio_set(int >I<which>B<, int >I<who>B<, int >I<ioprio>B<);>\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:35
-msgid "I<Note>: There are no glibc wrappers for these system calls; see NOTES."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:42
-msgid ""
-"The B<ioprio_get>() and B<ioprio_set>() system calls respectively get and "
-"set the I/O scheduling class and priority of one or more threads."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:54
-msgid ""
-"The I<which> and I<who> arguments identify the thread(s) on which the system "
-"calls operate. The I<which> argument determines how I<who> is interpreted, "
-"and has one of the following values:"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/ioprio_set.2:54
-#, no-wrap
-msgid "B<IOPRIO_WHO_PROCESS>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:61
-msgid ""
-"I<who> is a process ID or thread ID identifying a single process or thread. "
-"If I<who> is 0, then operate on the calling thread."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/ioprio_set.2:61
-#, no-wrap
-msgid "B<IOPRIO_WHO_PGRP>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:68
-msgid ""
-"I<who> is a process group ID identifying all the members of a process "
-"group. If I<who> is 0, then operate on the process group of which the "
-"caller is a member."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/ioprio_set.2:68
-#, no-wrap
-msgid "B<IOPRIO_WHO_USER>"
-msgstr ""
-
-#. FIXME . Need to document the behavior when 'who" is specified as 0
-#. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652443
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:75
-msgid ""
-"I<who> is a user ID identifying all of the processes that have a matching "
-"real UID."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:98
-msgid ""
-"If I<which> is specified as B<IOPRIO_WHO_PGRP> or B<IOPRIO_WHO_USER> when "
-"calling B<ioprio_get>(), and more than one process matches I<who>, then the "
-"returned priority will be the highest one found among all of the matching "
-"processes. One priority is said to be higher than another one if it belongs "
-"to a higher priority class (B<IOPRIO_CLASS_RT> is the highest priority "
-"class; B<IOPRIO_CLASS_IDLE> is the lowest) or if it belongs to the same "
-"priority class as the other process but has a higher priority level (a lower "
-"priority number means a higher priority level)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:108
-msgid ""
-"The I<ioprio> argument given to B<ioprio_set>() is a bit mask that "
-"specifies both the scheduling class and the priority to be assigned to the "
-"target process(es). The following macros are used for assembling and "
-"dissecting I<ioprio> values:"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/ioprio_set.2:108
-#, no-wrap
-msgid "B<IOPRIO_PRIO_VALUE(>I<class>B<, >I<data>B<)>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:117
-msgid ""
-"Given a scheduling I<class> and priority (I<data>), this macro combines the "
-"two values to produce an I<ioprio> value, which is returned as the result of "
-"the macro."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/ioprio_set.2:117
-#, no-wrap
-msgid "B<IOPRIO_PRIO_CLASS(>I<mask>B<)>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:129
-msgid ""
-"Given I<mask> (an I<ioprio> value), this macro returns its I/O class "
-"component, that is, one of the values B<IOPRIO_CLASS_RT>, "
-"B<IOPRIO_CLASS_BE>, or B<IOPRIO_CLASS_IDLE>."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/ioprio_set.2:129
-#, no-wrap
-msgid "B<IOPRIO_PRIO_DATA(>I<mask>B<)>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:138
-msgid ""
-"Given I<mask> (an I<ioprio> value), this macro returns its priority "
-"(I<data>) component."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:141
-msgid ""
-"See the NOTES section for more information on scheduling classes and "
-"priorities."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:149
-msgid ""
-"I/O priorities are supported for reads and for synchronous (B<O_DIRECT>, "
-"B<O_SYNC>) writes. I/O priorities are not supported for asynchronous "
-"writes because they are issued outside the context of the program dirtying "
-"the memory, and thus program-specific priorities do not apply."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:162
-msgid ""
-"On success, B<ioprio_get>() returns the I<ioprio> value of the process with "
-"highest I/O priority of any of the processes that match the criteria "
-"specified in I<which> and I<who>. On error, -1 is returned, and I<errno> is "
-"set to indicate the error."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:169
-msgid ""
-"On success, B<ioprio_set>() returns 0. On error, -1 is returned, and "
-"I<errno> is set to indicate the error."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:179
-msgid ""
-"Invalid value for I<which> or I<ioprio>. Refer to the NOTES section for "
-"available scheduler classes and priority levels for I<ioprio>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:187
-msgid ""
-"The calling process does not have the privilege needed to assign this "
-"I<ioprio> to the specified process(es). See the NOTES section for more "
-"information on required privileges for B<ioprio_set>()."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:193
-msgid ""
-"No process(es) could be found that matched the specification in I<which> and "
-"I<who>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:196
-msgid "These system calls have been available on Linux since kernel 2.6.13."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:201
-msgid ""
-"Glibc does not provide a wrapper for these system calls; call them using "
-"B<syscall>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:220
-msgid ""
-"Two or more processes or threads can share an I/O context. This will be the "
-"case when B<clone>(2) was called with the B<CLONE_IO> flag. However, by "
-"default, the distinct threads of a process will B<not> share the same I/O "
-"context. This means that if you want to change the I/O priority of all "
-"threads in a process, you may need to call B<ioprio_set>() on each of the "
-"threads. The thread ID that you would need for this operation is the one "
-"that is returned by B<gettid>(2) or B<clone>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:225
-msgid ""
-"These system calls have an effect only when used in conjunction with an I/O "
-"scheduler that supports I/O priorities. As at kernel 2.6.17 the only such "
-"scheduler is the Completely Fair Queuing (CFQ) I/O scheduler."
-msgstr ""
-
-#. type: SS
-#: build/C/man2/ioprio_set.2:225
-#, no-wrap
-msgid "Selecting an I/O scheduler"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:229
-msgid ""
-"I/O Schedulers are selected on a per-device basis via the special file "
-"I</sys/block/E<lt>deviceE<gt>/queue/scheduler>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:235
-msgid ""
-"One can view the current I/O scheduler via the I</sys> filesystem. For "
-"example, the following command displays a list of all schedulers currently "
-"loaded in the kernel:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:240
-#, no-wrap
-msgid ""
-"$B< cat /sys/block/hda/queue/scheduler>\n"
-"noop anticipatory deadline [cfq]\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:254
-msgid ""
-"The scheduler surrounded by brackets is the one actually in use for the "
-"device (I<hda> in the example). Setting another scheduler is done by "
-"writing the name of the new scheduler to this file. For example, the "
-"following command will set the scheduler for the I<hda> device to I<cfq>:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:260
-#, no-wrap
-msgid ""
-"$B< su>\n"
-"Password:\n"
-"#B< echo cfq E<gt> /sys/block/hda/queue/scheduler>\n"
-msgstr ""
-
-#. type: SS
-#: build/C/man2/ioprio_set.2:262
-#, no-wrap
-msgid "The Completely Fair Queuing (CFQ) I/O scheduler"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:268
-msgid ""
-"Since v3 (aka CFQ Time Sliced) CFQ implements I/O nice levels similar to "
-"those of CPU scheduling. These nice levels are grouped in three scheduling "
-"classes each one containing one or more priority levels:"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/ioprio_set.2:268
-#, no-wrap
-msgid "B<IOPRIO_CLASS_RT> (1)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:283
-msgid ""
-"This is the real-time I/O class. This scheduling class is given higher "
-"priority than any other class: processes from this class are given first "
-"access to the disk every time. Thus this I/O class needs to be used with "
-"some care: one I/O real-time process can starve the entire system. Within "
-"the real-time class, there are 8 levels of class data (priority) that "
-"determine exactly how much time this process needs the disk for on each "
-"service. The highest real-time priority level is 0; the lowest is 7. In "
-"the future this might change to be more directly mappable to performance, by "
-"passing in a desired data rate instead."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/ioprio_set.2:283
-#, no-wrap
-msgid "B<IOPRIO_CLASS_BE> (2)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:296
-msgid ""
-"This is the best-effort scheduling class, which is the default for any "
-"process that hasn't set a specific I/O priority. The class data (priority) "
-"determines how much I/O bandwidth the process will get. Best-effort "
-"priority levels are analogous to CPU nice values (see B<getpriority>(2)). "
-"The priority level determines a priority relative to other processes in the "
-"best-effort scheduling class. Priority levels range from 0 (highest) to 7 "
-"(lowest)."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/ioprio_set.2:296
-#, no-wrap
-msgid "B<IOPRIO_CLASS_IDLE> (3)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:305
-msgid ""
-"This is the idle scheduling class. Processes running at this level get I/O "
-"time only when no-one else needs the disk. The idle class has no class "
-"data. Attention is required when assigning this priority class to a "
-"process, since it may become starved if higher priority processes are "
-"constantly accessing the disk."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:309
-msgid ""
-"Refer to I<Documentation/block/ioprio.txt> for more information on the CFQ "
-"I/O Scheduler and an example program."
-msgstr ""
-
-#. type: SS
-#: build/C/man2/ioprio_set.2:309
-#, no-wrap
-msgid "Required permissions to set I/O priorities"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:312
-msgid ""
-"Permission to change a process's priority is granted or denied based on two "
-"assertions:"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/ioprio_set.2:312
-#, no-wrap
-msgid "B<Process ownership>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:320
-msgid ""
-"An unprivileged process may set only the I/O priority of a process whose "
-"real UID matches the real or effective UID of the calling process. A "
-"process which has the B<CAP_SYS_NICE> capability can change the priority of "
-"any process."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/ioprio_set.2:320
-#, no-wrap
-msgid "B<What is the desired priority>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:332
-msgid ""
-"Attempts to set very high priorities (B<IOPRIO_CLASS_RT>) require the "
-"B<CAP_SYS_ADMIN> capability. Kernel versions up to 2.6.24 also required "
-"B<CAP_SYS_ADMIN> to set a very low priority (B<IOPRIO_CLASS_IDLE>), but "
-"since Linux 2.6.25, this is no longer required."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:337
-msgid ""
-"A call to B<ioprio_set>() must follow both rules, or the call will fail "
-"with the error B<EPERM>."
-msgstr ""
-
-#. 6 May 07: Bug report raised:
-#. http://sources.redhat.com/bugzilla/show_bug.cgi?id=4464
-#. Ulrich Drepper replied that he wasn't going to add these
-#. to glibc.
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:346
-msgid ""
-"Glibc does not yet provide a suitable header file defining the function "
-"prototypes and macros described on this page. Suitable definitions can be "
-"found in I<linux/ioprio.h>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:351
-msgid "B<ionice>(1), B<getpriority>(2), B<open>(2), B<capabilities>(7)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ioprio_set.2:354
-msgid "I<Documentation/block/ioprio.txt> in the Linux kernel source tree"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/ipc.2:25
-#, no-wrap
-msgid "IPC"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/ipc.2:25
-#, no-wrap
-msgid "2012-10-16"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ipc.2:28
-msgid "ipc - System V IPC system calls"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ipc.2:33
-#, no-wrap
-msgid ""
-"B<int ipc(unsigned int >I<call>B<, int >I<first>B<, int >I<second>B<, int "
-">I<third>B<,>\n"
-"B< void *>I<ptr>B<, long >I<fifth>B<);>\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ipc.2:41
-msgid ""
-"B<ipc>() is a common kernel entry point for the System\\ V IPC calls for "
-"messages, semaphores, and shared memory. I<call> determines which IPC "
-"function to invoke; the other arguments are passed through to the "
-"appropriate call."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ipc.2:45
-msgid ""
-"User programs should call the appropriate functions by their usual names. "
-"Only standard library implementors and kernel hackers need to know about "
-"B<ipc>()."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ipc.2:49
-msgid ""
-"B<ipc>() is Linux-specific, and should not be used in programs intended to "
-"be portable."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ipc.2:57
-msgid ""
-"On some architectures\\(emfor example x86-64 and ARM\\(emthere is no "
-"B<ipc>() system call; instead B<msgctl>(2), B<semctl>(2), B<shmctl>(2), and "
-"so on really are implemented as separate system calls."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/ipc.2:70
-msgid ""
-"B<msgctl>(2), B<msgget>(2), B<msgrcv>(2), B<msgsnd>(2), B<semctl>(2), "
-"B<semget>(2), B<semop>(2), B<semtimedop>(2), B<shmat>(2), B<shmctl>(2), "
-"B<shmdt>(2), B<shmget>(2)"
-msgstr ""
-
-#. type: TH
-#: build/C/man7/namespaces.7:27
-#, no-wrap
-msgid "NAMESPACES"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:30
-msgid "namespaces - overview of Linux namespaces"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:37
-msgid ""
-"A namespace wraps a global system resource in an abstraction that makes it "
-"appear to the processes within the namespace that they have their own "
-"isolated instance of the global resource. Changes to the global resource "
-"are visible to other processes that are members of the namespace, but are "
-"invisible to other processes. One use of namespaces is to implement "
-"containers."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:39
-msgid "Linux provides the following namespaces:"
-msgstr ""
-
-#. type: tbl table
-#: build/C/man7/namespaces.7:42
-#, no-wrap
-msgid "Namespace\tConstant\tIsolates\n"
-msgstr ""
-
-#. type: tbl table
-#: build/C/man7/namespaces.7:43
-#, no-wrap
-msgid "IPC\tCLONE_NEWIPC\tSystem V IPC, POSIX message queues\n"
-msgstr ""
-
-#. type: tbl table
-#: build/C/man7/namespaces.7:44
-#, no-wrap
-msgid "Network\tCLONE_NEWNET\tNetwork devices, stacks, ports, etc.\n"
-msgstr ""
-
-#. type: tbl table
-#: build/C/man7/namespaces.7:45
-#, no-wrap
-msgid "Mount\tCLONE_NEWNS\tMount points\n"
-msgstr ""
-
-#. type: tbl table
-#: build/C/man7/namespaces.7:46
-#, no-wrap
-msgid "PID\tCLONE_NEWPID\tProcess IDs\n"
-msgstr ""
-
-#. type: tbl table
-#: build/C/man7/namespaces.7:47
-#, no-wrap
-msgid "User\tCLONE_NEWUSER\tUser and group IDs\n"
-msgstr ""
-
-#. type: tbl table
-#: build/C/man7/namespaces.7:48
-#, no-wrap
-msgid "UTS\tCLONE_NEWUTS\tHostname and NIS domain name\n"
-msgstr ""
-
-#
-#. ==================== The namespaces API ====================
-#. type: Plain text
-#: build/C/man7/namespaces.7:57
-msgid ""
-"This page describes the various namespaces and the associated I</proc> "
-"files, and summarizes the APIs for working with namespaces."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/namespaces.7:57
-#, no-wrap
-msgid "The namespaces API"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:62
-msgid ""
-"As well as various I</proc> files described below, the namespaces API "
-"includes the following system calls:"
-msgstr ""
-
-#. type: TP
-#: build/C/man7/namespaces.7:62
-#, no-wrap
-msgid "B<clone>(2)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:75
-msgid ""
-"The B<clone>(2) system call creates a new process. If the I<flags> "
-"argument of the call specifies one or more of the B<CLONE_NEW*> flags listed "
-"below, then new namespaces are created for each flag, and the child process "
-"is made a member of those namespaces. (This system call also implements a "
-"number of features unrelated to namespaces.)"
-msgstr ""
-
-#. type: TP
-#: build/C/man7/namespaces.7:75
-#, no-wrap
-msgid "B<setns>(2)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:84
-msgid ""
-"The B<setns>(2) system call allows the calling process to join an existing "
-"namespace. The namespace to join is specified via a file descriptor that "
-"refers to one of the I</proc/[pid]/ns> files described below."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/namespaces.7:84
-#, no-wrap
-msgid "B<unshare>(2)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:97
-msgid ""
-"The B<unshare>(2) system call moves the calling process to a new "
-"namespace. If the I<flags> argument of the call specifies one or more of "
-"the B<CLONE_NEW*> flags listed below, then new namespaces are created for "
-"each flag, and the calling process is made a member of those namespaces. "
-"(This system call also implements a number of features unrelated to "
-"namespaces.)"
-msgstr ""
-
-#
-#. ==================== The /proc/[pid]/ns/ directory ====================
-#. type: Plain text
-#: build/C/man7/namespaces.7:110
-msgid ""
-"Creation of new namespaces using B<clone>(2) and B<unshare>(2) in most "
-"cases requires the B<CAP_SYS_ADMIN> capability. User namespaces are the "
-"exception: since Linux 3.8, no privilege is required to create a user "
-"namespace."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/namespaces.7:110
-#, no-wrap
-msgid "The /proc/[pid]/ns/ directory"
-msgstr ""
-
-#. See commit 6b4e306aa3dc94a0545eb9279475b1ab6209a31f
-#. type: Plain text
-#: build/C/man7/namespaces.7:117
-msgid ""
-"Each process has a I</proc/[pid]/ns/> subdirectory containing one entry for "
-"each namespace that supports being manipulated by B<setns>(2):"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:128
-#, no-wrap
-msgid ""
-"$ B<ls -l /proc/$$/ns>\n"
-"total 0\n"
-"lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 ipc -E<gt> ipc:[4026531839]\n"
-"lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 mnt -E<gt> mnt:[4026531840]\n"
-"lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 net -E<gt> net:[4026531956]\n"
-"lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 pid -E<gt> pid:[4026531836]\n"
-"lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 user -E<gt> user:[4026531837]\n"
-"lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 uts -E<gt> uts:[4026531838]\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:138
-msgid ""
-"Bind mounting (see B<mount>(2)) one of the files in this directory to "
-"somewhere else in the filesystem keeps the corresponding namespace of the "
-"process specified by I<pid> alive even if all processes currently in the "
-"namespace terminate."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:149
-msgid ""
-"Opening one of the files in this directory (or a file that is bind mounted "
-"to one of these files) returns a file handle for the corresponding "
-"namespace of the process specified by I<pid>. As long as this file "
-"descriptor remains open, the namespace will remain alive, even if all "
-"processes in the namespace terminate. The file descriptor can be passed to "
-"B<setns>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:160
-msgid ""
-"In Linux 3.7 and earlier, these files were visible as hard links. Since "
-"Linux 3.8, they appear as symbolic links. If two processes are in the same "
-"namespace, then the inode numbers of their I</proc/[pid]/ns/xxx> symbolic "
-"links will be the same; an application can check this using the "
-"I<stat.st_ino> field returned by B<stat>(2). The content of this symbolic "
-"link is a string containing the namespace type and inode number as in the "
-"following example:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:165
-#, no-wrap
-msgid ""
-"$ B<readlink /proc/$$/ns/uts>\n"
-"uts:[4026531838]\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:169
-msgid "The files in this subdirectory are as follows:"
-msgstr ""
-
-#. type: TP
-#: build/C/man7/namespaces.7:169
-#, no-wrap
-msgid "I</proc/[pid]/ns/ipc> (since Linux 3.0)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:172
-msgid "This file is a handle for the IPC namespace of the process."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/namespaces.7:172
-#, no-wrap
-msgid "I</proc/[pid]/ns/mnt> (since Linux 3.8)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:175
-msgid "This file is a handle for the mount namespace of the process."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/namespaces.7:175
-#, no-wrap
-msgid "I</proc/[pid]/ns/net> (since Linux 3.0)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:178
-msgid "This file is a handle for the network namespace of the process."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/namespaces.7:178
-#, no-wrap
-msgid "I</proc/[pid]/ns/pid> (since Linux 3.8)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:181
-msgid "This file is a handle for the PID namespace of the process."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/namespaces.7:181
-#, no-wrap
-msgid "I</proc/[pid]/ns/user> (since Linux 3.8)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:184
-msgid "This file is a handle for the user namespace of the process."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/namespaces.7:184
-#, no-wrap
-msgid "I</proc/[pid]/ns/uts> (since Linux 3.0)"
-msgstr ""
-
-#
-#. ==================== IPC namespaces ====================
-#. type: Plain text
-#: build/C/man7/namespaces.7:190
-msgid "This file is a handle for the UTS namespace of the process."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/namespaces.7:190
-#, no-wrap
-msgid "IPC namespaces (CLONE_NEWIPC)"
-msgstr ""
-
-#. commit 7eafd7c74c3f2e67c27621b987b28397110d643f
-#. https://lwn.net/Articles/312232/
-#. type: Plain text
-#: build/C/man7/namespaces.7:202
-msgid ""
-"IPC namespaces isolate certain IPC resources, namely, System V IPC objects "
-"(see B<svipc>(7)) and (since Linux 2.6.30) POSIX message queues (see "
-"B<mq_overview>(7)). The common characteristic of these IPC mechanisms is "
-"that IPC objects are identified by mechanisms other than filesystem "
-"pathnames."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:208
-msgid ""
-"Each IPC namespace has its own set of System V IPC identifiers and its own "
-"POSIX message queue filesystem. Objects created in an IPC namespace are "
-"visible to all other processes that are members of that namespace, but are "
-"not visible to processes in other IPC namespaces."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:212
-msgid "The following I</proc> interfaces are distinct in each IPC namespace:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:215
-msgid "The POSIX message queue interfaces in I</proc/sys/fs/mqueue>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:228
-msgid ""
-"The System V IPC interfaces in I</proc/sys/kernel>, namely: I<msgmax>, "
-"I<msgmnb>, I<msgmni>, I<sem>, I<shmall>, I<shmmax>, I<shmmni>, and "
-"I<shm_rmid_forced>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:231
-msgid "The System V IPC interfaces in I</proc/sysvipc>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:235
-msgid ""
-"When an IPC namespace is destroyed (i.e., when the last process that is a "
-"member of the namespace terminates), all IPC objects in the namespace are "
-"automatically destroyed."
-msgstr ""
-
-#
-#. ==================== Network namespaces ====================
-#. type: Plain text
-#: build/C/man7/namespaces.7:242
-msgid ""
-"Use of IPC namespaces requires a kernel that is configured with the "
-"B<CONFIG_IPC_NS> option."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/namespaces.7:242
-#, no-wrap
-msgid "Network namespaces (CLONE_NEWNET)"
-msgstr ""
-
-#. FIXME Add pointer to veth(4) page when it is eventually completed
-#. type: Plain text
-#: build/C/man7/namespaces.7:257
-msgid ""
-"Network namespaces provide isolation of the system resources associated with "
-"networking: network devices, IPv4 and IPv6 protocol stacks, IP routing "
-"tables, firewalls, the I</proc/net> directory, the I</sys/class/net> "
-"directory, port numbers (sockets), and so on. A physical network device can "
-"live in exactly one network namespace. A virtual network device (\"veth\") "
-"pair provides a pipe-like abstraction that can be used to create tunnels "
-"between network namespaces, and can be used to create a bridge to a physical "
-"network device in another namespace."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:262
-msgid ""
-"When a network namespace is freed (i.e., when the last process in the "
-"namespace terminates), its physical network devices are moved back to the "
-"initial network namespace (not to the parent of the process)."
-msgstr ""
-
-#
-#. ==================== Mount namespaces ====================
-#. type: Plain text
-#: build/C/man7/namespaces.7:269
-msgid ""
-"Use of network namespaces requires a kernel that is configured with the "
-"B<CONFIG_NET_NS> option."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/namespaces.7:269
-#, no-wrap
-msgid "Mount namespaces (CLONE_NEWNS)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:277
-msgid ""
-"Mount namespaces isolate the set of filesystem mount points, meaning that "
-"processes in different mount namespaces can have different views of the "
-"filesystem hierarchy. The set of mounts in a mount namespace is modified "
-"using B<mount>(2) and B<umount>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:294
-msgid ""
-"The I</proc/[pid]/mounts> file (present since Linux 2.4.19) lists all the "
-"filesystems currently mounted in the process's mount namespace. The format "
-"of this file is documented in B<fstab>(5). Since kernel version 2.6.15, "
-"this file is pollable: after opening the file for reading, a change in this "
-"file (i.e., a filesystem mount or unmount) causes B<select>(2) to mark the "
-"file descriptor as readable, and B<poll>(2) and B<epoll_wait>(2) mark the "
-"file as having an error condition."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:302
-msgid ""
-"The I</proc/[pid]/mountstats> file (present since Linux 2.6.17) exports "
-"information (statistics, configuration information) about the mount points "
-"in the process's mount namespace. This file is readable only by the owner "
-"of the process. Lines in this file have the form:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:308
-#, no-wrap
-msgid ""
-"device /dev/sda7 mounted on /home with fstype ext3 [statistics]\n"
-"( 1 ) ( 2 ) (3 ) (4)\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:312
-msgid "The fields in each line are:"
-msgstr ""
-
-#. type: IP
-#: build/C/man7/namespaces.7:312 build/C/man7/user_namespaces.7:371
-#, no-wrap
-msgid "(1)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:316
-msgid ""
-"The name of the mounted device (or \"nodevice\" if there is no corresponding "
-"device)."
-msgstr ""
-
-#. type: IP
-#: build/C/man7/namespaces.7:316 build/C/man7/user_namespaces.7:375
-#, no-wrap
-msgid "(2)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:319
-msgid "The mount point within the filesystem tree."
-msgstr ""
-
-#. type: IP
-#: build/C/man7/namespaces.7:319 build/C/man7/user_namespaces.7:401
-#, no-wrap
-msgid "(3)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:322
-msgid "The filesystem type."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/namespaces.7:322
-#, no-wrap
-msgid "(4)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:327
-msgid ""
-"Optional statistics and configuration information. Currently (as at Linux "
-"2.6.26), only NFS filesystems export information via this field."
-msgstr ""
-
-#
-#. ==================== PID namespaces ====================
-#. type: SS
-#: build/C/man7/namespaces.7:331
-#, no-wrap
-msgid "PID namespaces (CLONE_NEWPID)"
-msgstr ""
-
-#
-#. ==================== User namespaces ====================
-#. type: Plain text
-#: build/C/man7/namespaces.7:337
-msgid "See B<pid_namespaces>(7)."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/namespaces.7:337
-#, no-wrap
-msgid "User namespaces (CLONE_NEWUSER)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:343 build/C/man7/namespaces.7:364 build/C/man7/pid_namespaces.7:356
-msgid "See B<user_namespaces>(7)."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/namespaces.7:343
-#, no-wrap
-msgid "UTS namespaces (CLONE_NEWUTS)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:355
-msgid ""
-"UTS namespaces provide isolation of two system identifiers: the hostname and "
-"the NIS domain name. These identifiers are set using B<sethostname>(2) and "
-"B<setdomainname>(2), and can be retrieved using B<uname>(2), "
-"B<gethostname>(2), and B<getdomainname>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:359
-msgid ""
-"Use of UTS namespaces requires a kernel that is configured with the "
-"B<CONFIG_UTS_NS> option."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:361 build/C/man7/pid_namespaces.7:353 build/C/man7/user_namespaces.7:648
-msgid "Namespaces are a Linux-specific feature."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/namespaces.7:377
-msgid ""
-"B<nsenter>(1), B<readlink>(1), B<unshare>(1), B<clone>(2), B<setns>(2), "
-"B<unshare>(2), B<proc>(5), B<credentials>(7), B<capabilities>(7), "
-"B<pid_namespaces>(7), B<user_namespaces>(7), B<switch_root>(8)"
-msgstr ""
-
-#. type: TH
-#: build/C/man7/pid_namespaces.7:27
-#, no-wrap
-msgid "PID_NAMESPACES"
-msgstr ""
-
-#. type: TH
-#: build/C/man7/pid_namespaces.7:27 build/C/man2/seccomp.2:27
-#, no-wrap
-msgid "2015-01-10"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:30
-msgid "pid_namespaces - overview of Linux PID namespaces"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:33 build/C/man7/user_namespaces.7:33
-msgid "For an overview of namespaces, see B<namespaces>(7)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:40
-msgid ""
-"PID namespaces isolate the process ID number space, meaning that processes "
-"in different PID namespaces can have the same PID. PID namespaces allow "
-"containers to provide functionality such as suspending/resuming the set of "
-"processes in the container and migrating the container to a new host while "
-"the processes inside the container maintain the same PIDs."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:48
-msgid ""
-"PIDs in a new PID namespace start at 1, somewhat like a standalone system, "
-"and calls to B<fork>(2), B<vfork>(2), or B<clone>(2) will produce processes "
-"with PIDs that are unique within the namespace."
-msgstr ""
-
-#
-#. ============================================================
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:55
-msgid ""
-"Use of PID namespaces requires a kernel that is configured with the "
-"B<CONFIG_PID_NS> option."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/pid_namespaces.7:55
-#, no-wrap
-msgid "The namespace init process"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:75
-msgid ""
-"The first process created in a new namespace (i.e., the process created "
-"using B<clone>(2) with the B<CLONE_NEWPID> flag, or the first child created "
-"by a process after a call to B<unshare>(2) using the B<CLONE_NEWPID> flag) "
-"has the PID 1, and is the \"init\" process for the namespace (see "
-"B<init>(1)). A child process that is orphaned within the namespace will be "
-"reparented to this process rather than B<init>(1) (unless one of the "
-"ancestors of the child in the same PID namespace employed the B<prctl>(2) "
-"B<PR_SET_CHILD_SUBREAPER> command to mark itself as the reaper of orphaned "
-"descendant processes)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:102
-msgid ""
-"If the \"init\" process of a PID namespace terminates, the kernel terminates "
-"all of the processes in the namespace via a B<SIGKILL> signal. This "
-"behavior reflects the fact that the \"init\" process is essential for the "
-"correct operation of a PID namespace. In this case, a subsequent B<fork>(2) "
-"into this PID namespace will fail with the error B<ENOMEM>; it is not "
-"possible to create a new processes in a PID namespace whose \"init\" process "
-"has terminated. Such scenarios can occur when, for example, a process uses "
-"an open file descriptor for a I</proc/[pid]/ns/pid> file corresponding to a "
-"process that was in a namespace to B<setns>(2) into that namespace after "
-"the \"init\" process has terminated. Another possible scenario can occur "
-"after a call to B<unshare>(2): if the first child subsequently created by a "
-"B<fork>(2) terminates, then subsequent calls to B<fork>(2) will fail with "
-"B<ENOMEM>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:108
-msgid ""
-"Only signals for which the \"init\" process has established a signal handler "
-"can be sent to the \"init\" process by other members of the PID namespace. "
-"This restriction applies even to privileged processes, and prevents other "
-"members of the PID namespace from accidentally killing the \"init\" process."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:128
-msgid ""
-"Likewise, a process in an ancestor namespace can\\(emsubject to the usual "
-"permission checks described in B<kill>(2)\\(emsend signals to the \"init\" "
-"process of a child PID namespace only if the \"init\" process has "
-"established a handler for that signal. (Within the handler, the "
-"I<siginfo_t> I<si_pid> field described in B<sigaction>(2) will be zero.) "
-"B<SIGKILL> or B<SIGSTOP> are treated exceptionally: these signals are "
-"forcibly delivered when sent from an ancestor PID namespace. Neither of "
-"these signals can be caught by the \"init\" process, and so will result in "
-"the usual actions associated with those signals (respectively, terminating "
-"and stopping the process)."
-msgstr ""
-
-#
-#. ============================================================
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:138
-msgid ""
-"Starting with Linux 3.4, the B<reboot>(2) system call causes a signal to be "
-"sent to the namespace \"init\" process. See B<reboot>(2) for more details."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/pid_namespaces.7:138
-#, no-wrap
-msgid "Nesting PID namespaces"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:149
-msgid ""
-"PID namespaces can be nested: each PID namespace has a parent, except for "
-"the initial (\"root\") PID namespace. The parent of a PID namespace is the "
-"PID namespace of the process that created the namespace using B<clone>(2) "
-"or B<unshare>(2). PID namespaces thus form a tree, with all namespaces "
-"ultimately tracing their ancestry to the root namespace."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:164
-msgid ""
-"A process is visible to other processes in its PID namespace, and to the "
-"processes in each direct ancestor PID namespace going back to the root PID "
-"namespace. In this context, \"visible\" means that one process can be the "
-"target of operations by another process using system calls that specify a "
-"process ID. Conversely, the processes in a child PID namespace can't see "
-"processes in the parent and further removed ancestor namespaces. More "
-"succinctly: a process can see (e.g., send signals with B<kill>(2), set nice "
-"values with B<setpriority>(2), etc.) only processes contained in its own PID "
-"namespace and in descendants of that namespace."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:176
-msgid ""
-"A process has one process ID in each of the layers of the PID namespace "
-"hierarchy in which is visible, and walking back though each direct ancestor "
-"namespace through to the root PID namespace. System calls that operate on "
-"process IDs always operate using the process ID that is visible in the PID "
-"namespace of the caller. A call to B<getpid>(2) always returns the PID "
-"associated with the namespace in which the process was created."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:191
-msgid ""
-"Some processes in a PID namespace may have parents that are outside of the "
-"namespace. For example, the parent of the initial process in the namespace "
-"(i.e., the B<init>(1) process with PID 1) is necessarily in another "
-"namespace. Likewise, the direct children of a process that uses B<setns>(2) "
-"to cause its children to join a PID namespace are in a different PID "
-"namespace from the caller of B<setns>(2). Calls to B<getppid>(2) for such "
-"processes return 0."
-msgstr ""
-
-#
-#. ============================================================
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:204
-msgid ""
-"While processes may freely descend into child PID namespaces (e.g., using "
-"B<setns>(2) with B<CLONE_NEWPID>), they may not move in the other "
-"direction. That is to say, processes may not enter any ancestor namespaces "
-"(parent, grandparent, etc.). Changing PID namespaces is a one way "
-"operation."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/pid_namespaces.7:204
-#, no-wrap
-msgid "setns(2) and unshare(2) semantics"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:220
-msgid ""
-"Calls to B<setns>(2) that specify a PID namespace file descriptor and calls "
-"to B<unshare>(2) with the B<CLONE_NEWPID> flag cause children subsequently "
-"created by the caller to be placed in a different PID namespace from the "
-"caller. These calls do not, however, change the PID namespace of the "
-"calling process, because doing so would change the caller's idea of its own "
-"PID (as reported by B<getpid>()), which would break many applications and "
-"libraries."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:228
-msgid ""
-"To put things another way: a process's PID namespace membership is "
-"determined when the process is created and cannot be changed thereafter. "
-"Among other things, this means that the parental relationship between "
-"processes mirrors the parental relationship between PID namespaces: the "
-"parent of a process is either in the same namespace or resides in the "
-"immediate parent PID namespace."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/pid_namespaces.7:228
-#, no-wrap
-msgid "Compatibility of CLONE_NEWPID with other CLONE_* flags"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:233
-msgid "B<CLONE_NEWPID> can't be combined with some other B<CLONE_*> flags:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:241
-msgid ""
-"B<CLONE_THREAD> requires being in the same PID namespace in order that the "
-"threads in a process can send signals to each other. Similarly, it must be "
-"possible to see all of the threads of a processes in the B<proc>(5) "
-"filesystem."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:252
-msgid ""
-"B<CLONE_SIGHAND> requires being in the same PID namespace; otherwise the "
-"process ID of the process sending a signal could not be meaningfully encoded "
-"when a signal is sent (see the description of the I<siginfo_t> type in "
-"B<sigaction>(2)). A signal queue shared by processes in multiple PID "
-"namespaces will defeat that."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:262
-msgid ""
-"B<CLONE_VM> requires all of the threads to be in the same PID namespace, "
-"because, from the point of view of a core dump, if two processes share the "
-"same address space then they are threads and will be core dumped together. "
-"When a core dump is written, the PID of each thread is written into the core "
-"dump. Writing the process IDs could not meaningfully succeed if some of the "
-"process IDs were in a parent PID namespace."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:280
-msgid ""
-"To summarize: there is a technical requirement for each of B<CLONE_THREAD>, "
-"B<CLONE_SIGHAND>, and B<CLONE_VM> to share a PID namespace. (Note "
-"furthermore that in B<clone>(2) requires B<CLONE_VM> to be specified if "
-"B<CLONE_THREAD> or B<CLONE_SIGHAND> is specified.) Thus, call sequences "
-"such as the following will fail (with the error B<EINVAL>):"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:284
-#, no-wrap
-msgid ""
-" unshare(CLONE_NEWPID);\n"
-" clone(..., CLONE_VM, ...); /* Fails */\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:287
-#, no-wrap
-msgid ""
-" setns(fd, CLONE_NEWPID);\n"
-" clone(..., CLONE_VM, ...); /* Fails */\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:290
-#, no-wrap
-msgid ""
-" clone(..., CLONE_VM, ...);\n"
-" setns(fd, CLONE_NEWPID); /* Fails */\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:293
-#, no-wrap
-msgid ""
-" clone(..., CLONE_VM, ...);\n"
-" unshare(CLONE_NEWPID); /* Fails */\n"
-msgstr ""
-
-#
-#. ============================================================
-#. type: SS
-#: build/C/man7/pid_namespaces.7:297
-#, no-wrap
-msgid "/proc and PID namespaces"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:306
-msgid ""
-"A I</proc> filesystem shows (in the I</proc/PID> directories) only processes "
-"visible in the PID namespace of the process that performed the mount, even "
-"if the I</proc> filesystem is viewed from processes in other namespaces."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:325
-msgid ""
-"After creating a new PID namespace, it is useful for the child to change its "
-"root directory and mount a new procfs instance at I</proc> so that tools "
-"such as B<ps>(1) work correctly. If a new mount namespace is "
-"simultaneously created by including B<CLONE_NEWNS> in the I<flags> argument "
-"of B<clone>(2) or B<unshare>(2), then it isn't necessary to change the root "
-"directory: a new procfs instance can be mounted directly over I</proc>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:329
-msgid "From a shell, the command to mount I</proc> is:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:331
-#, no-wrap
-msgid " $ mount -t proc proc /proc\n"
-msgstr ""
-
-#
-#. ============================================================
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:343
-msgid ""
-"Calling B<readlink>(2) on the path I</proc/self> yields the process ID of "
-"the caller in the PID namespace of the procfs mount (i.e., the PID namespace "
-"of the process that mounted the procfs). This can be useful for "
-"introspection purposes, when a process wants to discover its PID in other "
-"namespaces."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/pid_namespaces.7:343 build/C/man7/user_namespaces.7:635
-#, no-wrap
-msgid "Miscellaneous"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:351
-msgid ""
-"When a process ID is passed over a UNIX domain socket to a process in a "
-"different PID namespace (see the description of B<SCM_CREDENTIALS> in "
-"B<unix>(7)), it is translated into the corresponding PID value in the "
-"receiving process's PID namespace."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/pid_namespaces.7:365
-msgid ""
-"B<clone>(2), B<setns>(2), B<unshare>(2), B<proc>(5), B<credentials>(7), "
-"B<capabilities>(7), B<user_namespaces>(7), B<switch_root>(8)"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/seteuid.2:29
-#, no-wrap
-msgid "SETEUID"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seteuid.2:32
-msgid "seteuid, setegid - set effective user or group ID"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seteuid.2:38
-msgid "B<int seteuid(uid_t >I<euid>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seteuid.2:40
-msgid "B<int setegid(gid_t >I<egid>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seteuid.2:49
-msgid "B<seteuid>(), B<setegid>():"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seteuid.2:51
-msgid ""
-"_BSD_SOURCE || _POSIX_C_SOURCE\\ E<gt>=\\ 200112L || _XOPEN_SOURCE\\ "
-"E<gt>=\\ 600"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seteuid.2:58
-msgid ""
-"B<seteuid>() sets the effective user ID of the calling process. "
-"Unprivileged user processes may only set the effective user ID to the real "
-"user ID, the effective user ID or the saved set-user-ID."
-msgstr ""
-
-#. When
-#. .I euid
-#. equals \-1, nothing is changed.
-#. (This is an artifact of the implementation in glibc of seteuid()
-#. using setresuid(2).)
-#. type: Plain text
-#: build/C/man2/seteuid.2:67
-msgid ""
-"Precisely the same holds for B<setegid>() with \"group\" instead of "
-"\"user\"."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seteuid.2:79
-msgid ""
-"I<Note>: there are cases where B<seteuid>() can fail even when the caller "
-"is UID 0; it is a grave security error to omit checking for a failure return "
-"from B<seteuid>()."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seteuid.2:83
-msgid "The target user or group ID is not valid in this user namespace."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seteuid.2:99
-msgid ""
-"The calling process is not privileged (Linux: does not have the "
-"B<CAP_SETUID> capability in the case of B<seteuid>(), or the B<CAP_SETGID> "
-"capability in the case of B<setegid>()) and I<euid> (respectively, I<egid>) "
-"is not the real user (group) ID, the effective user (group) ID, or the saved "
-"set-user-ID (saved set-group-ID)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seteuid.2:101
-msgid "4.3BSD, POSIX.1-2001."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seteuid.2:107
-msgid ""
-"Setting the effective user (group) ID to the saved set-user-ID (saved "
-"set-group-ID) is possible since Linux 1.1.37 (1.1.38). On an arbitrary "
-"system one should check B<_POSIX_SAVED_IDS>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seteuid.2:123
-msgid ""
-"Under glibc 2.0 B<seteuid(>I<euid>B<)> is equivalent to B<setreuid(-1,>I< "
-"euid>B<)> and hence may change the saved set-user-ID. Under glibc 2.1 and "
-"later it is equivalent to B<setresuid(-1,>I< euid>B<, -1)> and hence does "
-"not change the saved set-user-ID. Analogous remarks hold for B<setegid>(), "
-"with the difference that the change in implementation from B<setregid(-1,>I< "
-"egid>B<)> to B<setresgid(-1,>I< egid>B<, -1)> occurred in glibc 2.2 or 2.3 "
-"(depending on the hardware architecture)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seteuid.2:132
-msgid ""
-"According to POSIX.1, B<seteuid>() (B<setegid>()) need not permit I<euid> "
-"(I<egid>) to be the same value as the current effective user (group) ID, "
-"and some implementations do not permit this."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seteuid.2:141
-msgid ""
-"On Linux, B<seteuid>() and B<setegid>() are implemented as library "
-"functions that call, respectively, B<setreuid>(2) and B<setresgid>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seteuid.2:149
-msgid ""
-"B<geteuid>(2), B<setresuid>(2), B<setreuid>(2), B<setuid>(2), "
-"B<capabilities>(7), B<credentials>(7), B<user_namespaces>(7)"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/setfsgid.2:31
-#, no-wrap
-msgid "SETFSGID"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/setfsgid.2:31 build/C/man2/setfsuid.2:31
-#, no-wrap
-msgid "2013-08-08"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsgid.2:34
-msgid "setfsgid - set group identity used for filesystem checks"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsgid.2:36 build/C/man2/setfsuid.2:36
-msgid "B<#include E<lt>sys/fsuid.hE<gt>>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsgid.2:38
-msgid "B<int setfsgid(uid_t >I<fsgid>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsgid.2:51
-msgid ""
-"The system call B<setfsgid>() changes the value of the caller's filesystem "
-"group ID\\(emthe group ID that the Linux kernel uses to check for all "
-"accesses to the filesystem. Normally, the value of the filesystem group ID "
-"will shadow the value of the effective group ID. In fact, whenever the "
-"effective group ID is changed, the filesystem group ID will also be changed "
-"to the new value of the effective group ID."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsgid.2:62
-msgid ""
-"Explicit calls to B<setfsuid>(2) and B<setfsgid>() are usually used only "
-"by programs such as the Linux NFS server that need to change what user and "
-"group ID is used for file access without a corresponding change in the real "
-"and effective user and group IDs. A change in the normal user IDs for a "
-"program such as the NFS server is a security hole that can expose it to "
-"unwanted signals. (But see below.)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsgid.2:68
-msgid ""
-"B<setfsgid>() will succeed only if the caller is the superuser or if "
-"I<fsgid> matches either the caller's real group ID, effective group ID, "
-"saved set-group-ID, or current the filesystem user ID."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsgid.2:71
-msgid ""
-"On both success and failure, this call returns the previous filesystem group "
-"ID of the caller."
-msgstr ""
-
-#. This system call is present since Linux 1.1.44
-#. and in libc since libc 4.7.6.
-#. type: Plain text
-#: build/C/man2/setfsgid.2:75 build/C/man2/setfsuid.2:75
-msgid "This system call is present in Linux since version 1.2."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsgid.2:79
-msgid ""
-"B<setfsgid>() is Linux-specific and should not be used in programs intended "
-"to be portable."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsgid.2:85
-msgid ""
-"When glibc determines that the argument is not a valid group ID, it will "
-"return -1 and set I<errno> to B<EINVAL> without attempting the system call."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsgid.2:96
-msgid ""
-"Note that at the time this system call was introduced, a process could send "
-"a signal to a process with the same effective user ID. Today signal "
-"permission handling is slightly different. See B<setfsuid>(2) for a "
-"discussion of why the use of both B<setfsuid>(2) and B<setfsgid>() is "
-"nowadays unneeded."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsgid.2:106
-msgid ""
-"The original Linux B<setfsgid>() system call supported only 16-bit group "
-"IDs. Subsequently, Linux 2.4 added B<setfsgid32>() supporting 32-bit IDs. "
-"The glibc B<setfsgid>() wrapper function transparently deals with the "
-"variation across kernel versions."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsgid.2:123
-msgid ""
-"No error indications of any kind are returned to the caller, and the fact "
-"that both successful and unsuccessful calls return the same value makes it "
-"impossible to directly determine whether the call succeeded or failed. "
-"Instead, the caller must resort to looking at the return value from a "
-"further call such as I<setfsgid(-1)> (which will always fail), in order to "
-"determine if a preceding call to B<setfsgid>() changed the filesystem group "
-"ID. At the very least, B<EPERM> should be returned when the call fails "
-"(because the caller lacks the B<CAP_SETGID> capability)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsgid.2:128
-msgid "B<kill>(2), B<setfsuid>(2), B<capabilities>(7), B<credentials>(7)"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/setfsuid.2:31
-#, no-wrap
-msgid "SETFSUID"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsuid.2:34
-msgid "setfsuid - set user identity used for filesystem checks"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsuid.2:38
-msgid "B<int setfsuid(uid_t >I<fsuid>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsuid.2:51
-msgid ""
-"The system call B<setfsuid>() changes the value of the caller's filesystem "
-"user ID\\(emthe user ID that the Linux kernel uses to check for all accesses "
-"to the filesystem. Normally, the value of the filesystem user ID will "
-"shadow the value of the effective user ID. In fact, whenever the effective "
-"user ID is changed, the filesystem user ID will also be changed to the new "
-"value of the effective user ID."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsuid.2:62
-msgid ""
-"Explicit calls to B<setfsuid>() and B<setfsgid>(2) are usually used only "
-"by programs such as the Linux NFS server that need to change what user and "
-"group ID is used for file access without a corresponding change in the real "
-"and effective user and group IDs. A change in the normal user IDs for a "
-"program such as the NFS server is a security hole that can expose it to "
-"unwanted signals. (But see below.)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsuid.2:68
-msgid ""
-"B<setfsuid>() will succeed only if the caller is the superuser or if "
-"I<fsuid> matches either the caller's real user ID, effective user ID, saved "
-"set-user-ID, or current filesystem user ID."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsuid.2:71
-msgid ""
-"On both success and failure, this call returns the previous filesystem user "
-"ID of the caller."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsuid.2:79
-msgid ""
-"B<setfsuid>() is Linux-specific and should not be used in programs intended "
-"to be portable."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsuid.2:85
-msgid ""
-"When glibc determines that the argument is not a valid user ID, it will "
-"return -1 and set I<errno> to B<EINVAL> without attempting the system call."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsuid.2:104
-msgid ""
-"At the time when this system call was introduced, one process could send a "
-"signal to another process with the same effective user ID. This meant that "
-"if a privileged process changed its effective user ID for the purpose of "
-"file permission checking, then it could become vulnerable to receiving "
-"signals sent by another (unprivileged) process with the same user ID. The "
-"filesystem user ID attribute was thus added to allow a process to change its "
-"user ID for the purposes of file permission checking without at the same "
-"time becoming vulnerable to receiving unwanted signals. Since Linux 2.0, "
-"signal permission handling is different (see B<kill>(2)), with the result "
-"that a process change can change its effective user ID without being "
-"vulnerable to receiving signals from unwanted processes. Thus, "
-"B<setfsuid>() is nowadays unneeded and should be avoided in new "
-"applications (likewise for B<setfsgid>(2))."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsuid.2:114
-msgid ""
-"The original Linux B<setfsuid>() system call supported only 16-bit user "
-"IDs. Subsequently, Linux 2.4 added B<setfsuid32>() supporting 32-bit IDs. "
-"The glibc B<setfsuid>() wrapper function transparently deals with the "
-"variation across kernel versions."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsuid.2:131
-msgid ""
-"No error indications of any kind are returned to the caller, and the fact "
-"that both successful and unsuccessful calls return the same value makes it "
-"impossible to directly determine whether the call succeeded or failed. "
-"Instead, the caller must resort to looking at the return value from a "
-"further call such as I<setfsuid(-1)> (which will always fail), in order to "
-"determine if a preceding call to B<setfsuid>() changed the filesystem user "
-"ID. At the very least, B<EPERM> should be returned when the call fails "
-"(because the caller lacks the B<CAP_SETUID> capability)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setfsuid.2:136
-msgid "B<kill>(2), B<setfsgid>(2), B<capabilities>(7), B<credentials>(7)"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/setgid.2:29
-#, no-wrap
-msgid "SETGID"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setgid.2:32
-msgid "setgid - set group identity"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setgid.2:38
-msgid "B<int setgid(gid_t >I<gid>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setgid.2:43
-msgid ""
-"B<setgid>() sets the effective group ID of the calling process. If the "
-"caller is the superuser, the real GID and saved set-group-ID are also set."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setgid.2:53
-msgid ""
-"Under Linux, B<setgid>() is implemented like the POSIX version with the "
-"B<_POSIX_SAVED_IDS> feature. This allows a set-group-ID program that is not "
-"set-user-ID-root to drop all of its group privileges, do some un-privileged "
-"work, and then reengage the original effective group ID in a secure manner."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setgid.2:64
-msgid "The group ID specified in I<gid> is not valid in this user namespace."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setgid.2:71
-msgid ""
-"The calling process is not privileged (does not have the B<CAP_SETGID> "
-"capability), and I<gid> does not match the real group ID or saved "
-"set-group-ID of the calling process."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setgid.2:83
-msgid ""
-"The original Linux B<setgid>() system call supported only 16-bit group "
-"IDs. Subsequently, Linux 2.4 added B<setgid32>() supporting 32-bit IDs. "
-"The glibc B<setgid>() wrapper function transparently deals with the "
-"variation across kernel versions."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setgid.2:90
-msgid ""
-"B<getgid>(2), B<setegid>(2), B<setregid>(2), B<capabilities>(7), "
-"B<credentials>(7), B<user_namespaces>(7)"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/setpgid.2:48
-#, no-wrap
-msgid "SETPGID"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/setpgid.2:48
-#, no-wrap
-msgid "2014-01-07"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:51
-msgid "setpgid, getpgid, setpgrp, getpgrp - set/get process group"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:55
-msgid "B<int setpgid(pid_t >I<pid>B<, pid_t >I<pgid>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:57
-msgid "B<pid_t getpgid(pid_t >I<pid>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:59
-msgid "B<pid_t getpgrp(void);> /* POSIX.1 version */"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:62
-msgid ""
-"B<pid_t getpgrp(pid_t >I<pid>B<);\\ \\ \\ \\ \\ \\ \\ \\ \\ \\ \\ > /* BSD "
-"version */"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:64
-msgid "B<int setpgrp(void);> /* System V version */"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:67
-msgid "B<int setpgrp(pid_t >I<pid>B<, pid_t >I<pgid>B<);\\ > /* BSD version */"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:76
-msgid "B<getpgid>():"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:84
-msgid "B<setpgrp>() (POSIX.1):"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:87
-#, no-wrap
-msgid ""
-" _SVID_SOURCE || _XOPEN_SOURCE\\ E<gt>=\\ 500 ||\n"
-" _XOPEN_SOURCE\\ &&\\ _XOPEN_SOURCE_EXTENDED\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:89
-#, no-wrap
-msgid " || /* Since glibc 2.19: */ _BSD_SOURCE\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:93
-msgid "B<setpgrp>()\\ (BSD), B<getpgrp>()\\ (BSD) [before glibc 2.19]:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:97
-#, no-wrap
-msgid ""
-" _BSD_SOURCE &&\n"
-" !\\ (_POSIX_SOURCE || _POSIX_C_SOURCE || _XOPEN_SOURCE ||\n"
-" _XOPEN_SOURCE_EXTENDED || _GNU_SOURCE || _SVID_SOURCE)\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:109
-msgid ""
-"All of these interfaces are available on Linux, and are used for getting and "
-"setting the process group ID (PGID) of a process. The preferred, "
-"POSIX.1-specified ways of doing this are: B<getpgrp>(void), for retrieving "
-"the calling process's PGID; and B<setpgid>(), for setting a process's PGID."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:134
-msgid ""
-"B<setpgid>() sets the PGID of the process specified by I<pid> to I<pgid>. "
-"If I<pid> is zero, then the process ID of the calling process is used. If "
-"I<pgid> is zero, then the PGID of the process specified by I<pid> is made "
-"the same as its process ID. If B<setpgid>() is used to move a process from "
-"one process group to another (as is done by some shells when creating "
-"pipelines), both process groups must be part of the same session (see "
-"B<setsid>(2) and B<credentials>(7)). In this case, the I<pgid> specifies "
-"an existing process group to be joined and the session ID of that group must "
-"match the session ID of the joining process."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:139
-msgid ""
-"The POSIX.1 version of B<getpgrp>(), which takes no arguments, returns the "
-"PGID of the calling process."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:150
-msgid ""
-"B<getpgid>() returns the PGID of the process specified by I<pid>. If "
-"I<pid> is zero, the process ID of the calling process is used. (Retrieving "
-"the PGID of a process other than the caller is rarely necessary, and the "
-"POSIX.1 B<getpgrp>() is preferred for that task.)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:155
-msgid ""
-"The System\\ V-style B<setpgrp>(), which takes no arguments, is equivalent "
-"to I<setpgid(0,\\ 0)>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:163
-msgid ""
-"The BSD-specific B<setpgrp>() call, which takes arguments I<pid> and "
-"I<pgid>, is is a wrapper function that calls"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:165
-#, no-wrap
-msgid " setpgid(pid, pgid)\n"
-msgstr ""
-
-#. The true BSD setpgrp() system call differs in allowing the PGID
-#. to be set to arbitrary values, rather than being restricted to
-#. PGIDs in the same session.
-#. type: Plain text
-#: build/C/man2/setpgid.2:176
-msgid ""
-"Since glibc 2.19, the BSD-specific B<setpgrp>() function is no longer "
-"exposed by I<E<lt>unistd.hE<gt>>; calls should be replaced with the "
-"B<setpgid>() call shown above."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:182
-msgid ""
-"The BSD-specific B<getpgrp>() call, which takes a single I<pid> argument, "
-"is a wrapper function that calls"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:184
-#, no-wrap
-msgid " getpgid(pid)\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:195
-msgid ""
-"Since glibc 2.19, the BSD-specific B<getpgrp>() function is no longer "
-"exposed by I<E<lt>unistd.hE<gt>>; calls should be replaced with calls to the "
-"POSIX.1 B<getpgrp>() which takes no arguments (if the intent is to obtain "
-"the caller's PGID), or with the B<getpgid>() call shown above."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:204
-msgid ""
-"On success, B<setpgid>() and B<setpgrp>() return zero. On error, -1 is "
-"returned, and I<errno> is set appropriately."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:208
-msgid "The POSIX.1 B<getpgrp>() always returns the PGID of the caller."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:216
-msgid ""
-"B<getpgid>(), and the BSD-specific B<getpgrp>() return a process group on "
-"success. On error, -1 is returned, and I<errno> is set appropriately."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:225
-msgid ""
-"An attempt was made to change the process group ID of one of the children of "
-"the calling process and the child had already performed an B<execve>(2) "
-"(B<setpgid>(), B<setpgrp>())."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:231
-msgid "I<pgid> is less than 0 (B<setpgid>(), B<setpgrp>())."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:240
-msgid ""
-"An attempt was made to move a process into a process group in a different "
-"session, or to change the process group ID of one of the children of the "
-"calling process and the child was in a different session, or to change the "
-"process group ID of a session leader (B<setpgid>(), B<setpgrp>())."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:250
-msgid ""
-"For B<getpgid>(): I<pid> does not match any process. For B<setpgid>(): "
-"I<pid> is not the calling process and not a child of the calling process."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:256
-msgid ""
-"B<setpgid>() and the version of B<getpgrp>() with no arguments conform to "
-"POSIX.1-2001."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:265
-msgid ""
-"POSIX.1-2001 also specifies B<getpgid>() and the version of B<setpgrp>() "
-"that takes no arguments. (POSIX.1-2008 marks this B<setpgrp>() "
-"specification as obsolete.)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:272
-msgid ""
-"The version of B<getpgrp>() with one argument and the version of "
-"B<setpgrp>() that takes two arguments derive from 4.2BSD, and are not "
-"specified by POSIX.1."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:278
-msgid ""
-"A child created via B<fork>(2) inherits its parent's process group ID. The "
-"PGID is preserved across an B<execve>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:281
-msgid ""
-"Each process group is a member of a session and each process is a member of "
-"the session of which its process group is a member."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:308
-msgid ""
-"A session can have a controlling terminal. At any time, one (and only one) "
-"of the process groups in the session can be the foreground process group for "
-"the terminal; the remaining process groups are in the background. If a "
-"signal is generated from the terminal (e.g., typing the interrupt key to "
-"generate B<SIGINT>), that signal is sent to the foreground process group. "
-"(See B<termios>(3) for a description of the characters that generate "
-"signals.) Only the foreground process group may B<read>(2) from the "
-"terminal; if a background process group tries to B<read>(2) from the "
-"terminal, then the group is sent a B<SIGTTIN> signal, which suspends it. "
-"The B<tcgetpgrp>(3) and B<tcsetpgrp>(3) functions are used to get/set the "
-"foreground process group of the controlling terminal."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:316
-msgid ""
-"The B<setpgid>() and B<getpgrp>() calls are used by programs such as "
-"B<bash>(1) to create process groups in order to implement shell job "
-"control."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:326
-msgid ""
-"If a session has a controlling terminal, and the B<CLOCAL> flag for that "
-"terminal is not set, and a terminal hangup occurs, then the session leader "
-"is sent a B<SIGHUP>. If the session leader exits, then a B<SIGHUP> signal "
-"will also be sent to each process in the foreground process group of the "
-"controlling terminal."
-msgstr ""
-
-#. exit.3 refers to the following text:
-#. type: Plain text
-#: build/C/man2/setpgid.2:340
-msgid ""
-"If the exit of the process causes a process group to become orphaned, and if "
-"any member of the newly orphaned process group is stopped, then a B<SIGHUP> "
-"signal followed by a B<SIGCONT> signal will be sent to each process in the "
-"newly orphaned process group. An orphaned process group is one in which the "
-"parent of every member of process group is either itself also a member of "
-"the process group or is a member of a process group in a different session "
-"(see also B<credentials>(7))."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setpgid.2:347
-msgid ""
-"B<getuid>(2), B<setsid>(2), B<tcgetpgrp>(3), B<tcsetpgrp>(3), B<termios>(3), "
-"B<credentials>(7)"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/setresuid.2:26
-#, no-wrap
-msgid "SETRESUID"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setresuid.2:29
-msgid "setresuid, setresgid - set real, effective and saved user or group ID"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setresuid.2:35
-msgid "B<int setresuid(uid_t >I<ruid>B<, uid_t >I<euid>B<, uid_t >I<suid>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setresuid.2:37
-msgid "B<int setresgid(gid_t >I<rgid>B<, gid_t >I<egid>B<, gid_t >I<sgid>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setresuid.2:41
-msgid ""
-"B<setresuid>() sets the real user ID, the effective user ID, and the saved "
-"set-user-ID of the calling process."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setresuid.2:47
-msgid ""
-"Unprivileged user processes may change the real UID, effective UID, and "
-"saved set-user-ID, each to one of: the current real UID, the current "
-"effective UID or the current saved set-user-ID."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setresuid.2:51
-msgid ""
-"Privileged processes (on Linux, those having the B<CAP_SETUID> capability) "
-"may set the real UID, effective UID, and saved set-user-ID to arbitrary "
-"values."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setresuid.2:53
-msgid "If one of the arguments equals -1, the corresponding value is not changed."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setresuid.2:57
-msgid ""
-"Regardless of what changes are made to the real UID, effective UID, and "
-"saved set-user-ID, the filesystem UID is always set to the same value as the "
-"(possibly new) effective UID."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setresuid.2:64
-msgid ""
-"Completely analogously, B<setresgid>() sets the real GID, effective GID, "
-"and saved set-group-ID of the calling process (and always modifies the "
-"filesystem GID to be the same as the effective GID), with the same "
-"restrictions for unprivileged processes."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setresuid.2:76
-msgid ""
-"I<Note>: there are cases where B<setresuid>() can fail even when the caller "
-"is UID 0; it is a grave security error to omit checking for a failure return "
-"from B<setresuid>()."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/setresuid.2:77 build/C/man2/setresuid.2:84 build/C/man2/setreuid.2:106 build/C/man2/setreuid.2:113 build/C/man2/setuid.2:83 build/C/man2/setuid.2:90
-#, no-wrap
-msgid "B<EAGAIN>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setresuid.2:84 build/C/man2/setreuid.2:113
-msgid ""
-"The call would change the caller's real UID (i.e., I<ruid> does not match "
-"the caller's real UID), but there was a temporary failure allocating the "
-"necessary kernel data structures."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setresuid.2:99 build/C/man2/setreuid.2:128
-msgid ""
-"I<ruid> does not match the caller's real UID and this call would bring the "
-"number of processes belonging to the real user ID I<ruid> over the caller's "
-"B<RLIMIT_NPROC> resource limit. Since Linux 3.1, this error case no longer "
-"occurs (but robust applications should check for this error); see the "
-"description of B<EAGAIN> in B<execve>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setresuid.2:103 build/C/man2/setreuid.2:132
-msgid ""
-"One or more of the target user or group IDs is not valid in this user "
-"namespace."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setresuid.2:107
-msgid ""
-"The calling process is not privileged (did not have the B<CAP_SETUID> "
-"capability) and tried to change the IDs to values that are not permitted."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setresuid.2:109
-msgid "These calls are available under Linux since Linux 2.1.44."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setresuid.2:116
-msgid ""
-"Under HP-UX and FreeBSD, the prototype is found in I<E<lt>unistd.hE<gt>>. "
-"Under Linux, the prototype is provided by glibc since version 2.3.2."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setresuid.2:132
-msgid ""
-"The original Linux B<setresuid>() and B<setresgid>() system calls "
-"supported only 16-bit user and group IDs. Subsequently, Linux 2.4 added "
-"B<setresuid32>() and B<setresgid32>(), supporting 32-bit IDs. The glibc "
-"B<setresuid>() and B<setresgid>() wrapper functions transparently deal "
-"with the variations across kernel versions."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setresuid.2:142
-msgid ""
-"B<getresuid>(2), B<getuid>(2), B<setfsgid>(2), B<setfsuid>(2), "
-"B<setreuid>(2), B<setuid>(2), B<capabilities>(7), B<credentials>(7), "
-"B<user_namespaces>(7)"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/setreuid.2:45
-#, no-wrap
-msgid "SETREUID"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setreuid.2:48
-msgid "setreuid, setregid - set real and/or effective user or group ID"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setreuid.2:54
-msgid "B<int setreuid(uid_t >I<ruid>B<, uid_t >I<euid>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setreuid.2:56
-msgid "B<int setregid(gid_t >I<rgid>B<, gid_t >I<egid>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setreuid.2:64
-msgid "B<setreuid>(), B<setregid>():"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setreuid.2:68
-msgid ""
-"_BSD_SOURCE || _XOPEN_SOURCE\\ E<gt>=\\ 500 || _XOPEN_SOURCE\\ &&\\ "
-"_XOPEN_SOURCE_EXTENDED"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setreuid.2:73
-msgid "B<setreuid>() sets real and effective user IDs of the calling process."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setreuid.2:76
-msgid ""
-"Supplying a value of -1 for either the real or effective user ID forces the "
-"system to leave that ID unchanged."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setreuid.2:79
-msgid ""
-"Unprivileged processes may only set the effective user ID to the real user "
-"ID, the effective user ID, or the saved set-user-ID."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setreuid.2:82
-msgid ""
-"Unprivileged users may only set the real user ID to the real user ID or the "
-"effective user ID."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setreuid.2:88
-msgid ""
-"If the real user ID is set (i.e., I<ruid> is not -1) or the effective user "
-"ID is set to a value not equal to the previous real user ID, the saved "
-"set-user-ID will be set to the new effective user ID."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setreuid.2:93
-msgid ""
-"Completely analogously, B<setregid>() sets real and effective group ID's of "
-"the calling process, and all of the above holds with \"group\" instead of "
-"\"user\"."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setreuid.2:105
-msgid ""
-"I<Note>: there are cases where B<setreuid>() can fail even when the caller "
-"is UID 0; it is a grave security error to omit checking for a failure return "
-"from B<setreuid>()."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setreuid.2:148
-msgid ""
-"The calling process is not privileged (Linux: does not have the "
-"B<CAP_SETUID> capability in the case of B<setreuid>(), or the B<CAP_SETGID> "
-"capability in the case of B<setregid>()) and a change other than (i) "
-"swapping the effective user (group) ID with the real user (group) ID, or "
-"(ii) setting one to the value of the other or (iii) setting the effective "
-"user (group) ID to the value of the saved set-user-ID (saved set-group-ID) "
-"was specified."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setreuid.2:154
-msgid ""
-"POSIX.1-2001, 4.3BSD (the B<setreuid>() and B<setregid>() function calls "
-"first appeared in 4.2BSD)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setreuid.2:158
-msgid ""
-"Setting the effective user (group) ID to the saved set-user-ID (saved "
-"set-group-ID) is possible since Linux 1.1.37 (1.1.38)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setreuid.2:175
-msgid ""
-"POSIX.1 does not specify all of possible ID changes that are permitted on "
-"Linux for an unprivileged process. For B<setreuid>(), the effective user ID "
-"can be made the same as the real user ID or the save set-user-ID, and it is "
-"unspecified whether unprivileged processes may set the real user ID to the "
-"real user ID, the effective user ID, or the saved set-user-ID. For "
-"B<setregid>(), the real group ID can be changed to the value of the saved "
-"set-group-ID, and the effective group ID can be changed to the value of the "
-"real group ID or the saved set-group-ID. The precise details of what ID "
-"changes are permitted vary across implementations."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setreuid.2:178
-msgid ""
-"POSIX.1 makes no specification about the effect of these calls on the saved "
-"set-user-ID and saved set-group-ID."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setreuid.2:194
-msgid ""
-"The original Linux B<setreuid>() and B<setregid>() system calls supported "
-"only 16-bit user and group IDs. Subsequently, Linux 2.4 added "
-"B<setreuid32>() and B<setregid32>(), supporting 32-bit IDs. The glibc "
-"B<setreuid>() and B<setregid>() wrapper functions transparently deal with "
-"the variations across kernel versions."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setreuid.2:203
-msgid ""
-"B<getgid>(2), B<getuid>(2), B<seteuid>(2), B<setgid>(2), B<setresuid>(2), "
-"B<setuid>(2), B<capabilities>(7), B<user_namespaces>(7)"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/setsid.2:31
-#, no-wrap
-msgid "SETSID"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setsid.2:34
-msgid "setsid - creates a session and sets the process group ID"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setsid.2:39
-msgid "B<pid_t setsid(void);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setsid.2:50
-msgid ""
-"B<setsid>() creates a new session if the calling process is not a process "
-"group leader. The calling process is the leader of the new session (i.e., "
-"its session ID is made the same as it process ID). The calling process also "
-"becomes the process group leader of a new process group in the session "
-"(i.e., its process group ID is made the same as it process ID)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setsid.2:54
-msgid ""
-"The calling process will be the only process in the new process group and in "
-"the new session. The new session has no controlling terminal."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setsid.2:61
-msgid ""
-"On success, the (new) session ID of the calling process is returned. On "
-"error, I<(pid_t)\\ -1> is returned, and I<errno> is set to indicate the "
-"error."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setsid.2:68
-msgid ""
-"The process group ID of any process equals the PID of the calling process. "
-"Thus, in particular, B<setsid>() fails if the calling process is already a "
-"process group leader."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setsid.2:76
-msgid ""
-"A child created via B<fork>(2) inherits its parent's session ID. The "
-"session ID is preserved across an B<execve>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setsid.2:93
-msgid ""
-"A process group leader is a process whose process group ID equals its PID. "
-"Disallowing a process group leader from calling B<setsid>() prevents the "
-"possibility that a process group leader places itself in a new session while "
-"other processes in the process group remain in the original session; such a "
-"scenario would break the strict two-level hierarchy of sessions and process "
-"groups. In order to be sure that B<setsid>() will succeed, B<fork>(2) and "
-"B<_exit>(2), and have the child do B<setsid>()."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setsid.2:100
-msgid ""
-"B<setsid>(1), B<getsid>(2), B<setpgid>(2), B<setpgrp>(2), B<tcgetsid>(3), "
-"B<credentials>(7)"
-msgstr ""
-
-#. type: TH
-#: build/C/man2/setuid.2:30
-#, no-wrap
-msgid "SETUID"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setuid.2:33
-msgid "setuid - set user identity"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setuid.2:39
-msgid "B<int setuid(uid_t >I<uid>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setuid.2:44
-msgid ""
-"B<setuid>() sets the effective user ID of the calling process. If the "
-"effective UID of the caller is root, the real UID and saved set-user-ID are "
-"also set."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setuid.2:53
-msgid ""
-"Under Linux, B<setuid>() is implemented like the POSIX version with the "
-"B<_POSIX_SAVED_IDS> feature. This allows a set-user-ID (other than root) "
-"program to drop all of its user privileges, do some un-privileged work, and "
-"then reengage the original effective user ID in a secure manner."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setuid.2:63
-msgid ""
-"If the user is root or the program is set-user-ID-root, special care must be "
-"taken. The B<setuid>() function checks the effective user ID of the caller "
-"and if it is the superuser, all process-related user ID's are set to "
-"I<uid>. After this has occurred, it is impossible for the program to regain "
-"root privileges."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setuid.2:70
-msgid ""
-"Thus, a set-user-ID-root program wishing to temporarily drop root "
-"privileges, assume the identity of an unprivileged user, and then regain "
-"root privileges afterward cannot use B<setuid>(). You can accomplish this "
-"with B<seteuid>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setuid.2:82
-msgid ""
-"I<Note>: there are cases where B<setuid>() can fail even when the caller is "
-"UID 0; it is a grave security error to omit checking for a failure return "
-"from B<setuid>()."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setuid.2:90
-msgid ""
-"The call would change the caller's real UID (i.e., I<uid> does not match the "
-"caller's real UID), but there was a temporary failure allocating the "
-"necessary kernel data structures."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setuid.2:105
-msgid ""
-"I<uid> does not match the real user ID of the caller and this call would "
-"bring the number of processes belonging to the real user ID I<uid> over the "
-"caller's B<RLIMIT_NPROC> resource limit. Since Linux 3.1, this error case "
-"no longer occurs (but robust applications should check for this error); see "
-"the description of B<EAGAIN> in B<execve>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setuid.2:110
-msgid "The user ID specified in I<uid> is not valid in this user namespace."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setuid.2:117
-msgid ""
-"The user is not privileged (Linux: does not have the B<CAP_SETUID> "
-"capability) and I<uid> does not match the real UID or saved set-user-ID of "
-"the calling process."
-msgstr ""
-
-#. SVr4 documents an additional EINVAL error condition.
-#. type: Plain text
-#: build/C/man2/setuid.2:122
-msgid ""
-"SVr4, POSIX.1-2001. Not quite compatible with the 4.4BSD call, which sets "
-"all of the real, saved, and effective user IDs."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setuid.2:130
-msgid ""
-"Linux has the concept of the filesystem user ID, normally equal to the "
-"effective user ID. The B<setuid>() call also sets the filesystem user ID "
-"of the calling process. See B<setfsuid>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setuid.2:135
-msgid ""
-"If I<uid> is different from the old effective UID, the process will be "
-"forbidden from leaving core dumps."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setuid.2:145
-msgid ""
-"The original Linux B<setuid>() system call supported only 16-bit user IDs. "
-"Subsequently, Linux 2.4 added B<setuid32>() supporting 32-bit IDs. The "
-"glibc B<setuid>() wrapper function transparently deals with the variation "
-"across kernel versions."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/setuid.2:153
-msgid ""
-"B<getuid>(2), B<seteuid>(2), B<setfsuid>(2), B<setreuid>(2), "
-"B<capabilities>(7), B<credentials>(7), B<user_namespaces>(7)"
-msgstr ""
-
-#. type: TH
-#: build/C/man7/svipc.7:40
-#, no-wrap
-msgid "SVIPC"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:43
-msgid "svipc - System V interprocess communication mechanisms"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:48
-#, no-wrap
-msgid ""
-"B<#include E<lt>sys/msg.hE<gt>>\n"
-"B<#include E<lt>sys/sem.hE<gt>>\n"
-"B<#include E<lt>sys/shm.hE<gt>>\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:56
-msgid ""
-"This manual page refers to the Linux implementation of the System V "
-"interprocess communication (IPC) mechanisms: message queues, semaphore sets, "
-"and shared memory segments. In the following, the word I<resource> means an "
-"instantiation of one among such mechanisms."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/svipc.7:56
-#, no-wrap
-msgid "Resource access permissions"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:64
-msgid ""
-"For each resource, the system uses a common structure of type I<struct "
-"ipc_perm> to store information needed in determining permissions to perform "
-"an IPC operation. The I<ipc_perm> structure includes the following members:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:74
-#, no-wrap
-msgid ""
-"struct ipc_perm {\n"
-" uid_t cuid; /* creator user ID */\n"
-" gid_t cgid; /* creator group ID */\n"
-" uid_t uid; /* owner user ID */\n"
-" gid_t gid; /* owner group ID */\n"
-" unsigned short mode; /* r/w permissions */\n"
-"};\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:84
-msgid ""
-"The I<mode> member of the I<ipc_perm> structure defines, with its lower 9 "
-"bits, the access permissions to the resource for a process executing an IPC "
-"system call. The permissions are interpreted as follows:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:88
-#, no-wrap
-msgid ""
-" 0400 Read by user.\n"
-" 0200 Write by user.\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:91
-#, no-wrap
-msgid ""
-" 0040 Read by group.\n"
-" 0020 Write by group.\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:94
-#, no-wrap
-msgid ""
-" 0004 Read by others.\n"
-" 0002 Write by others.\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:102
-msgid ""
-"Bits 0100, 0010, and 0001 (the execute bits) are unused by the system. "
-"Furthermore, \"write\" effectively means \"alter\" for a semaphore set."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:105
-msgid "The same system header file also defines the following symbolic constants:"
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:105
-#, no-wrap
-msgid "B<IPC_CREAT>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:108
-msgid "Create entry if key doesn't exist."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:108
-#, no-wrap
-msgid "B<IPC_EXCL>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:111
-msgid "Fail if key exists."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:111
-#, no-wrap
-msgid "B<IPC_NOWAIT>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:114
-msgid "Error if request must wait."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:114
-#, no-wrap
-msgid "B<IPC_PRIVATE>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:117
-msgid "Private key."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:117
-#, no-wrap
-msgid "B<IPC_RMID>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:120
-msgid "Remove resource."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:120
-#, no-wrap
-msgid "B<IPC_SET>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:123
-msgid "Set resource options."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:123
-#, no-wrap
-msgid "B<IPC_STAT>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:126
-msgid "Get resource options."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:135
-msgid ""
-"Note that B<IPC_PRIVATE> is a I<key_t> type, while all the other symbolic "
-"constants are flag fields and can be OR'ed into an I<int> type variable."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/svipc.7:135
-#, no-wrap
-msgid "Message queues"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:143
-msgid ""
-"A message queue is uniquely identified by a positive integer (its I<msqid>) "
-"and has an associated data structure of type I<struct msqid_ds>, defined in "
-"I<E<lt>sys/msg.hE<gt>>, containing the following members:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:156
-#, no-wrap
-msgid ""
-"struct msqid_ds {\n"
-" struct ipc_perm msg_perm;\n"
-" msgqnum_t msg_qnum; /* no of messages on queue */\n"
-" msglen_t msg_qbytes; /* bytes max on a queue */\n"
-" pid_t msg_lspid; /* PID of last msgsnd(2) call */\n"
-" pid_t msg_lrpid; /* PID of last msgrcv(2) call */\n"
-" time_t msg_stime; /* last msgsnd(2) time */\n"
-" time_t msg_rtime; /* last msgrcv(2) time */\n"
-" time_t msg_ctime; /* last change time */\n"
-"};\n"
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:158
-#, no-wrap
-msgid "I<msg_perm>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:163
-msgid ""
-"I<ipc_perm> structure that specifies the access permissions on the message "
-"queue."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:163
-#, no-wrap
-msgid "I<msg_qnum>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:166
-msgid "Number of messages currently on the message queue."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:166
-#, no-wrap
-msgid "I<msg_qbytes>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:170
-msgid "Maximum number of bytes of message text allowed on the message queue."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:170
-#, no-wrap
-msgid "I<msg_lspid>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:175
-msgid "ID of the process that performed the last B<msgsnd>(2) system call."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:175
-#, no-wrap
-msgid "I<msg_lrpid>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:180
-msgid "ID of the process that performed the last B<msgrcv>(2) system call."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:180
-#, no-wrap
-msgid "I<msg_stime>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:185
-msgid "Time of the last B<msgsnd>(2) system call."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:185
-#, no-wrap
-msgid "I<msg_rtime>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:190
-msgid "Time of the last B<msgrcv>(2) system call."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:190
-#, no-wrap
-msgid "I<msg_ctime>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:196
-msgid ""
-"Time of the last system call that changed a member of the I<msqid_ds> "
-"structure."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/svipc.7:196
-#, no-wrap
-msgid "Semaphore sets"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:204
-msgid ""
-"A semaphore set is uniquely identified by a positive integer (its I<semid>) "
-"and has an associated data structure of type I<struct semid_ds>, defined in "
-"I<E<lt>sys/sem.hE<gt>>, containing the following members:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:213
-#, no-wrap
-msgid ""
-"struct semid_ds {\n"
-" struct ipc_perm sem_perm;\n"
-" time_t sem_otime; /* last operation time */\n"
-" time_t sem_ctime; /* last change time */\n"
-" unsigned long sem_nsems; /* count of sems in set */\n"
-"};\n"
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:215
-#, no-wrap
-msgid "I<sem_perm>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:220
-msgid ""
-"I<ipc_perm> structure that specifies the access permissions on the semaphore "
-"set."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:220
-#, no-wrap
-msgid "I<sem_otime>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:225
-msgid "Time of last B<semop>(2) system call."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:225
-#, no-wrap
-msgid "I<sem_ctime>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:231
-msgid ""
-"Time of last B<semctl>(2) system call that changed a member of the above "
-"structure or of one semaphore belonging to the set."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:231
-#, no-wrap
-msgid "I<sem_nsems>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:239
-msgid ""
-"Number of semaphores in the set. Each semaphore of the set is referenced by "
-"a nonnegative integer ranging from B<0> to I<sem_nsems-1>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:243
-msgid ""
-"A semaphore is a data structure of type I<struct sem> containing the "
-"following members:"
-msgstr ""
-
-#. unsigned short semncnt; /* nr awaiting semval to increase */
-#. unsigned short semzcnt; /* nr awaiting semval = 0 */
-#. type: Plain text
-#: build/C/man7/svipc.7:252
-#, no-wrap
-msgid ""
-"struct sem {\n"
-" int semval; /* semaphore value */\n"
-" int sempid; /* PID for last operation */\n"
-"};\n"
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:254
-#, no-wrap
-msgid "I<semval>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:257
-msgid "Semaphore value: a nonnegative integer."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:257
-#, no-wrap
-msgid "I<sempid>"
-msgstr ""
-
-#. .TP
-#. .I semncnt
-#. Number of processes suspended awaiting for
-#. .I semval
-#. to increase.
-#. .TP
-#. .I semznt
-#. Number of processes suspended awaiting for
-#. .I semval
-#. to become zero.
-#. type: Plain text
-#: build/C/man7/svipc.7:271
-msgid ""
-"ID of the last process that performed a semaphore operation on this "
-"semaphore."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/svipc.7:271
-#, no-wrap
-msgid "Shared memory segments"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:279
-msgid ""
-"A shared memory segment is uniquely identified by a positive integer (its "
-"I<shmid>) and has an associated data structure of type I<struct shmid_ds>, "
-"defined in I<E<lt>sys/shm.hE<gt>>, containing the following members:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:292
-#, no-wrap
-msgid ""
-"struct shmid_ds {\n"
-" struct ipc_perm shm_perm;\n"
-" size_t shm_segsz; /* size of segment */\n"
-" pid_t shm_cpid; /* PID of creator */\n"
-" pid_t shm_lpid; /* PID, last operation */\n"
-" shmatt_t shm_nattch; /* no. of current attaches */\n"
-" time_t shm_atime; /* time of last attach */\n"
-" time_t shm_dtime; /* time of last detach */\n"
-" time_t shm_ctime; /* time of last change */\n"
-"};\n"
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:294
-#, no-wrap
-msgid "I<shm_perm>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:299
-msgid ""
-"I<ipc_perm> structure that specifies the access permissions on the shared "
-"memory segment."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:299
-#, no-wrap
-msgid "I<shm_segsz>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:302
-msgid "Size in bytes of the shared memory segment."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:302
-#, no-wrap
-msgid "I<shm_cpid>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:305
-msgid "ID of the process that created the shared memory segment."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:305
-#, no-wrap
-msgid "I<shm_lpid>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:312
-msgid ""
-"ID of the last process that executed a B<shmat>(2) or B<shmdt>(2) system "
-"call."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:312
-#, no-wrap
-msgid "I<shm_nattch>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:315
-msgid "Number of current alive attaches for this shared memory segment."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:315
-#, no-wrap
-msgid "I<shm_atime>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:320
-msgid "Time of the last B<shmat>(2) system call."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:320
-#, no-wrap
-msgid "I<shm_dtime>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:325
-msgid "Time of the last B<shmdt>(2) system call."
-msgstr ""
-
-#. type: TP
-#: build/C/man7/svipc.7:325
-#, no-wrap
-msgid "I<shm_ctime>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:331
-msgid "Time of the last B<shmctl>(2) system call that changed I<shmid_ds>."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/svipc.7:331
-#, no-wrap
-msgid "IPC namespaces"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:335
-msgid ""
-"For a discussion of the interaction of System V IPC objects and IPC "
-"namespaces, see B<namespaces>(7)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/svipc.7:353
-msgid ""
-"B<ipcmk>(1), B<ipcrm>(1), B<ipcs>(1), B<ipc>(2), B<msgctl>(2), B<msgget>(2), "
-"B<msgrcv>(2), B<msgsnd>(2), B<semctl>(2), B<semget>(2), B<semop>(2), "
-"B<shmat>(2), B<shmctl>(2), B<shmdt>(2), B<shmget>(2), B<ftok>(3), "
-"B<namespaces>(7)"
-msgstr ""
-
-#. type: TH
-#: build/C/man3/ulimit.3:27
-#, no-wrap
-msgid "ULIMIT"
-msgstr ""
-
-#. type: TH
-#: build/C/man3/ulimit.3:27
-#, no-wrap
-msgid "2008-08-06"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man3/ulimit.3:30
-msgid "ulimit - get and set user limits"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man3/ulimit.3:32
-msgid "B<#include E<lt>ulimit.hE<gt>>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man3/ulimit.3:34
-msgid "B<long ulimit(int >I<cmd>B<, long >I<newlimit>B<);>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man3/ulimit.3:46
-msgid ""
-"Warning: This routine is obsolete. Use B<getrlimit>(2), B<setrlimit>(2), "
-"and B<sysconf>(3) instead. For the shell command B<ulimit>(), see "
-"B<bash>(1)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man3/ulimit.3:53
-msgid ""
-"The B<ulimit>() call will get or set some limit for the calling process. "
-"The I<cmd> argument can have one of the following values."
-msgstr ""
-
-#. type: TP
-#: build/C/man3/ulimit.3:53
-#, no-wrap
-msgid "B<UL_GETFSIZE>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man3/ulimit.3:56
-msgid "Return the limit on the size of a file, in units of 512 bytes."
-msgstr ""
-
-#. type: TP
-#: build/C/man3/ulimit.3:56
-#, no-wrap
-msgid "B<UL_SETFSIZE>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man3/ulimit.3:59
-msgid "Set the limit on the size of a file."
-msgstr ""
-
-#. type: TP
-#: build/C/man3/ulimit.3:59
-#, no-wrap
-msgid "B<3>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man3/ulimit.3:63
-msgid ""
-"(Not implemented for Linux.) Return the maximum possible address of the "
-"data segment."
-msgstr ""
-
-#. type: TP
-#: build/C/man3/ulimit.3:63
-#, no-wrap
-msgid "B<4>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man3/ulimit.3:67
-msgid ""
-"(Implemented but no symbolic constant provided.) Return the maximum number "
-"of files that the calling process can open."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man3/ulimit.3:74
-msgid ""
-"On success, B<ulimit>() returns a nonnegative value. On error, -1 is "
-"returned, and I<errno> is set appropriately."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man3/ulimit.3:78
-msgid "A unprivileged process tried to increase a limit."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man3/ulimit.3:83
-msgid "SVr4, POSIX.1-2001. POSIX.1-2008 marks B<ulimit>() as obsolete."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man3/ulimit.3:88
-msgid "B<bash>(1), B<getrlimit>(2), B<setrlimit>(2), B<sysconf>(3)"
-msgstr ""
-
-#. type: TH
-#: build/C/man7/user_namespaces.7:27
-#, no-wrap
-msgid "USER_NAMESPACES"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:30
-msgid "user_namespaces - overview of Linux user namespaces"
-msgstr ""
-
-#. FIXME: This page says very little about the interaction
-#. of user namespaces and keys. Add something on this topic.
-#
-#. ============================================================
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:56
-msgid ""
-"User namespaces isolate security-related identifiers and attributes, in "
-"particular, user IDs and group IDs (see B<credentials>(7)), the root "
-"directory, keys (see B<keyctl>(2)), and capabilities (see "
-"B<capabilities>(7)). A process's user and group IDs can be different inside "
-"and outside a user namespace. In particular, a process can have a normal "
-"unprivileged user ID outside a user namespace while at the same time having "
-"a user ID of 0 inside the namespace; in other words, the process has full "
-"privileges for operations inside the user namespace, but is unprivileged for "
-"operations outside the namespace."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/user_namespaces.7:56
-#, no-wrap
-msgid "Nested namespaces, namespace membership"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:69
-msgid ""
-"User namespaces can be nested; that is, each user namespace\\(emexcept the "
-"initial (\"root\") namespace\\(emhas a parent user namespace, and can have "
-"zero or more child user namespaces. The parent user namespace is the user "
-"namespace of the process that creates the user namespace via a call to "
-"B<unshare>(2) or B<clone>(2) with the B<CLONE_NEWUSER> flag."
-msgstr ""
-
-#. commit 8742f229b635bf1c1c84a3dfe5e47c814c20b5c8
-#. FIXME Explain the rationale for this limit. (What is the rationale?)
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:80
-msgid ""
-"The kernel imposes (since version 3.11) a limit of 32 nested levels of user "
-"namespaces. Calls to B<unshare>(2) or B<clone>(2) that would cause this "
-"limit to be exceeded fail with the error B<EUSERS>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:95
-msgid ""
-"Each process is a member of exactly one user namespace. A process created "
-"via B<fork>(2) or B<clone>(2) without the B<CLONE_NEWUSER> flag is a "
-"member of the same user namespace as its parent. A single-threaded process "
-"can join another user namespace with B<setns>(2) if it has the "
-"B<CAP_SYS_ADMIN> in that namespace; upon doing so, it gains a full set of "
-"capabilities in that namespace."
-msgstr ""
-
-#
-#. ============================================================
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:110
-msgid ""
-"A call to B<clone>(2) or B<unshare>(2) with the B<CLONE_NEWUSER> flag "
-"makes the new child process (for B<clone>(2)) or the caller (for "
-"B<unshare>(2)) a member of the new user namespace created by the call."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/user_namespaces.7:110
-#, no-wrap
-msgid "Capabilities"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:132
-msgid ""
-"The child process created by B<clone>(2) with the B<CLONE_NEWUSER> flag "
-"starts out with a complete set of capabilities in the new user namespace. "
-"Likewise, a process that creates a new user namespace using B<unshare>(2) "
-"or joins an existing user namespace using B<setns>(2) gains a full set of "
-"capabilities in that namespace. On the other hand, that process has no "
-"capabilities in the parent (in the case of B<clone>(2)) or previous (in the "
-"case of B<unshare>(2) and B<setns>(2)) user namespace, even if the new "
-"namespace is created or joined by the root user (i.e., a process with user "
-"ID 0 in the root namespace)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:142
-msgid ""
-"Note that a call to B<execve>(2) will cause a process's capabilities to be "
-"recalculated in the usual way (see B<capabilities>(7)), so that usually, "
-"unless it has a user ID of 0 within the namespace or the executable file has "
-"a nonempty inheritable capabilities mask, it will lose all capabilities. "
-"See the discussion of user and group ID mappings, below."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:167
-msgid ""
-"A call to B<clone>(2), B<unshare>(2), or B<setns>(2) using the "
-"B<CLONE_NEWUSER> flag sets the \"securebits\" flags (see B<capabilities>(7)) "
-"to their default values (all flags disabled) in the child (for B<clone>(2)) "
-"or caller (for B<unshare>(2), or B<setns>(2)). Note that because the caller "
-"no longer has capabilities in its original user namespace after a call to "
-"B<setns>(2), it is not possible for a process to reset its \"securebits\" "
-"flags while retaining its user namespace membership by using a pair of "
-"B<setns>(2) calls to move to another user namespace and then return to its "
-"original user namespace."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:173
-msgid ""
-"Having a capability inside a user namespace permits a process to perform "
-"operations (that require privilege) only on resources governed by that "
-"namespace. The rules for determining whether or not a process has a "
-"capability in a particular user namespace are as follows:"
-msgstr ""
-
-#. In the 3.8 sources, see security/commoncap.c::cap_capable():
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:189
-msgid ""
-"A process has a capability inside a user namespace if it is a member of that "
-"namespace and it has the capability in its effective capability set. A "
-"process can gain capabilities in its effective capability set in various "
-"ways. For example, it may execute a set-user-ID program or an executable "
-"with associated file capabilities. In addition, a process may gain "
-"capabilities via the effect of B<clone>(2), B<unshare>(2), or B<setns>(2), "
-"as already described."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:193
-msgid ""
-"If a process has a capability in a user namespace, then it has that "
-"capability in all child (and further removed descendant) namespaces as "
-"well."
-msgstr ""
-
-#. * The owner of the user namespace in the parent of the
-#. * user namespace has all caps.
-#. (and likewise associates the effective group ID of the creating process
-#. with the namespace).
-#. See kernel commit 520d9eabce18edfef76a60b7b839d54facafe1f9 for a fix
-#. on this point
-#. This includes the case where the process executes a set-user-ID
-#. program that confers the effective UID of the creator of the namespace.
-#
-#. ============================================================
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:214
-msgid ""
-"When a user namespace is created, the kernel records the effective user ID "
-"of the creating process as being the \"owner\" of the namespace. A process "
-"that resides in the parent of the user namespace and whose effective user ID "
-"matches the owner of the namespace has all capabilities in the namespace. "
-"By virtue of the previous rule, this means that the process has all "
-"capabilities in all further removed descendant user namespaces as well."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/user_namespaces.7:214
-#, no-wrap
-msgid "Interaction of user namespaces and other types of namespaces"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:219
-msgid ""
-"Starting in Linux 3.8, unprivileged processes can create user namespaces, "
-"and mount, PID, IPC, network, and UTS namespaces can be created with just "
-"the B<CAP_SYS_ADMIN> capability in the caller's user namespace."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:225
-msgid ""
-"When a non-user-namespace is created, it is owned by the user namespace in "
-"which the creating process was a member at the time of the creation of the "
-"namespace. Actions on the non-user-namespace require capabilities in the "
-"corresponding user namespace."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:242
-msgid ""
-"If B<CLONE_NEWUSER> is specified along with other B<CLONE_NEW*> flags in a "
-"single B<clone>(2) or B<unshare>(2) call, the user namespace is guaranteed "
-"to be created first, giving the child (B<clone>(2)) or caller "
-"(B<unshare>(2)) privileges over the remaining namespaces created by the "
-"call. Thus, it is possible for an unprivileged caller to specify this "
-"combination of flags."
-msgstr ""
-
-#
-#. ============================================================
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:258
-msgid ""
-"When a new IPC, mount, network, PID, or UTS namespace is created via "
-"B<clone>(2) or B<unshare>(2), the kernel records the user namespace of the "
-"creating process against the new namespace. (This association can't be "
-"changed.) When a process in the new namespace subsequently performs "
-"privileged operations that operate on global resources isolated by the "
-"namespace, the permission checks are performed according to the process's "
-"capabilities in the user namespace that the kernel associated with the new "
-"namespace."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/user_namespaces.7:258
-#, no-wrap
-msgid "Restrictions on mount namespaces"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:261
-msgid "Note the following points with respect to mount namespaces:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:266
-msgid ""
-"A mount namespace has an owner user namespace. A mount namespace whose "
-"owner user namespace is different from the owner user namespace of its "
-"parent mount namespace is considered a less privileged mount namespace."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:272
-msgid ""
-"When creating a less privileged mount namespace, shared mounts are reduced "
-"to slave mounts. This ensures that mappings performed in less privileged "
-"mount namespaces will not propagate to more privileged mount namespaces."
-msgstr ""
-
-#. FIXME .
-#. What does "come as a single unit from more privileged mount" mean?
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:285
-msgid ""
-"Mounts that come as a single unit from more privileged mount are locked "
-"together and may not be separated in a less privileged mount namespace. "
-"(The B<unshare>(2) B<CLONE_NEWNS> operation brings across all of the mounts "
-"from the original mount namespace as a single unit, and recursive mounts "
-"that propagate between mount namespaces propagate as a single unit.)"
-msgstr ""
-
-#. commit 9566d6742852c527bf5af38af5cbb878dad75705
-#. Author: Eric W. Biederman <ebiederm@xmission.com>
-#. Date: Mon Jul 28 17:26:07 2014 -0700
-#
-#. mnt: Correct permission checks in do_remount
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:306
-msgid ""
-"The B<mount>(2) flags B<MS_RDONLY>, B<MS_NOSUID>, B<MS_NOEXEC>, and the "
-"\"atime\" flags (B<MS_NOATIME>, B<MS_NODIRATIME>, B<MS_RELATIME>) settings "
-"become locked when propagated from a more privileged to a less privileged "
-"mount namespace, and may not be changed in the less privileged mount "
-"namespace."
-msgstr ""
-
-#. (As of 3.18-rc1 (in Al Viro's 2014-08-30 vfs.git#for-next tree))
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:313
-msgid ""
-"A file or directory that is a mount point in one namespace that is not a "
-"mount point in another namespace, may be renamed, unlinked, or removed "
-"(B<rmdir>(2)) in the mount namespace in which it is not a mount point "
-"(subject to the usual permission checks)."
-msgstr ""
-
-#
-#. ============================================================
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:324
-msgid ""
-"Previously, attempting to unlink, rename, or remove a file or directory that "
-"was a mount point in another mount namespace would result in the error "
-"B<EBUSY>. That behavior had technical problems of enforcement (e.g., for "
-"NFS) and permitted denial-of-service attacks against more privileged "
-"users. (i.e., preventing individual files from being updated by bind "
-"mounting on top of them)."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/user_namespaces.7:324
-#, no-wrap
-msgid "User and group ID mappings: uid_map and gid_map"
-msgstr ""
-
-#. commit 22d917d80e842829d0ca0a561967d728eb1d6303
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:339
-msgid ""
-"When a user namespace is created, it starts out without a mapping of user "
-"IDs (group IDs) to the parent user namespace. The I</proc/[pid]/uid_map> "
-"and I</proc/[pid]/gid_map> files (available since Linux 3.5) expose the "
-"mappings for user and group IDs inside the user namespace for the process "
-"I<pid>. These files can be read to view the mappings in a user namespace "
-"and written to (once) to define the mappings."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:345
-msgid ""
-"The description in the following paragraphs explains the details for "
-"I<uid_map>; I<gid_map> is exactly the same, but each instance of \"user ID\" "
-"is replaced by \"group ID\"."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:359
-msgid ""
-"The I<uid_map> file exposes the mapping of user IDs from the user namespace "
-"of the process I<pid> to the user namespace of the process that opened "
-"I<uid_map> (but see a qualification to this point below). In other words, "
-"processes that are in different user namespaces will potentially see "
-"different values when reading from a particular I<uid_map> file, depending "
-"on the user ID mappings for the user namespaces of the reading processes."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:371
-msgid ""
-"Each line in the I<uid_map> file specifies a 1-to-1 mapping of a range of "
-"contiguous user IDs between two user namespaces. (When a user namespace is "
-"first created, this file is empty.) The specification in each line takes "
-"the form of three numbers delimited by white space. The first two numbers "
-"specify the starting user ID in each of the two user namespaces. The third "
-"number specifies the length of the mapped range. In detail, the fields are "
-"interpreted as follows:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:375
-msgid ""
-"The start of the range of user IDs in the user namespace of the process "
-"I<pid>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:383
-msgid ""
-"The start of the range of user IDs to which the user IDs specified by field "
-"one map. How field two is interpreted depends on whether the process that "
-"opened I<uid_map> and the process I<pid> are in the same user namespace, as "
-"follows:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:389
-msgid ""
-"If the two processes are in different user namespaces: field two is the "
-"start of a range of user IDs in the user namespace of the process that "
-"opened I<uid_map>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:400
-msgid ""
-"If the two processes are in the same user namespace: field two is the start "
-"of the range of user IDs in the parent user namespace of the process "
-"I<pid>. This case enables the opener of I<uid_map> (the common case here is "
-"opening I</proc/self/uid_map>) to see the mapping of user IDs into the user "
-"namespace of the process that created this user namespace."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:404
-msgid ""
-"The length of the range of user IDs that is mapped between the two user "
-"namespaces."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:411
-msgid ""
-"System calls that return user IDs (group IDs)\\(emfor example, B<getuid>(2), "
-"B<getgid>(2), and the credential fields in the structure returned by "
-"B<stat>(2)\\(emreturn the user ID (group ID) mapped into the caller's user "
-"namespace."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:419
-msgid ""
-"When a process accesses a file, its user and group IDs are mapped into the "
-"initial user namespace for the purpose of permission checking and assigning "
-"IDs when creating a file. When a process retrieves file user and group IDs "
-"via B<stat>(2), the IDs are mapped in the opposite direction, to produce "
-"values relative to the process user and group ID mappings."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:428
-msgid ""
-"The initial user namespace has no parent namespace, but, for consistency, "
-"the kernel provides dummy user and group ID mapping files for this "
-"namespace. Looking at the I<uid_map> file (I<gid_map> is the same) from a "
-"shell in the initial namespace shows:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:433
-#, no-wrap
-msgid ""
-"$ B<cat /proc/$$/uid_map>\n"
-" 0 0 4294967295\n"
-msgstr ""
-
-#
-#. ============================================================
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:453
-msgid ""
-"This mapping tells us that the range starting at user ID 0 in this namespace "
-"maps to a range starting at 0 in the (nonexistent) parent namespace, and the "
-"length of the range is the largest 32-bit unsigned integer. (This "
-"deliberately leaves 4294967295 (the 32-bit signed -1 value) unmapped. This "
-"is deliberate: I<(uid_t)\\ -\\1> is used in several interfaces (e.g., "
-"B<setreuid>(2)) as a way to specify \"no user ID\". Leaving I<(uid_t)\\ "
-"-\\1> unmapped and unusable guarantees that there will be no confusion when "
-"using these interfaces."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/user_namespaces.7:453
-#, no-wrap
-msgid "Defining user and group ID mappings: writing to uid_map and gid_map"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:469
-msgid ""
-"After the creation of a new user namespace, the I<uid_map> file of I<one> of "
-"the processes in the namespace may be written to I<once> to define the "
-"mapping of user IDs in the new user namespace. An attempt to write more "
-"than once to a I<uid_map> file in a user namespace fails with the error "
-"B<EPERM>. Similar rules apply for I<gid_map> files."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:474
-msgid ""
-"The lines written to I<uid_map> (I<gid_map>) must conform to the following "
-"rules:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:477
-msgid ""
-"The three fields must be valid numbers, and the last field must be greater "
-"than 0."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:479
-msgid "Lines are terminated by newline characters."
-msgstr ""
-
-#. FIXME(Eric): the restriction "less than" rather than "less than or equal"
-#. seems strangely arbitrary. Furthermore, the comment does not agree
-#. with the code in kernel/user_namespace.c. Which is correct?
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:492
-msgid ""
-"There is an (arbitrary) limit on the number of lines in the file. As at "
-"Linux 3.8, the limit is five lines. In addition, the number of bytes "
-"written to the file must be less than the system page size, and the write "
-"must be performed at the start of the file (i.e., B<lseek>(2) and "
-"B<pwrite>(2) can't be used to write to nonzero offsets in the file)."
-msgstr ""
-
-#. commit 0bd14b4fd72afd5df41e9fd59f356740f22fceba
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:505
-msgid ""
-"The range of user IDs (group IDs) specified in each line cannot overlap "
-"with the ranges in any other lines. In the initial implementation (Linux "
-"3.8), this requirement was satisfied by a simplistic implementation that "
-"imposed the further requirement that the values in both field 1 and field 2 "
-"of successive lines must be in ascending numerical order, which prevented "
-"some otherwise valid maps from being created. Linux 3.9 and later fix this "
-"limitation, allowing any valid set of nonoverlapping maps."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:507
-msgid "At least one line must be written to the file."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:510
-msgid "Writes that violate the above rules fail with the error B<EINVAL>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:515
-msgid ""
-"In order for a process to write to the I</proc/[pid]/uid_map> "
-"(I</proc/[pid]/gid_map>) file, all of the following requirements must be "
-"met:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:521
-msgid ""
-"The writing process must have the B<CAP_SETUID> (B<CAP_SETGID>) capability "
-"in the user namespace of the process I<pid>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:526
-msgid ""
-"The writing process must be in either the user namespace of the process "
-"I<pid> or inside the parent user namespace of the process I<pid>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:529
-msgid ""
-"The mapped user IDs (group IDs) must in turn have a mapping in the parent "
-"user namespace."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:531
-msgid "One of the following is true:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:541
-msgid ""
-"The data written to I<uid_map> (I<gid_map>) consists of a single line that "
-"maps the writing process's filesystem user ID (group ID) in the parent user "
-"namespace to a user ID (group ID) in the user namespace. The usual case "
-"here is that this single line provides a mapping for user ID of the process "
-"that created the namespace."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:548
-msgid ""
-"The opening process has the B<CAP_SETUID> (B<CAP_SETGID>) capability in the "
-"parent user namespace. Thus, a privileged process can make mappings to "
-"arbitrary user IDs (group IDs) in the parent user namespace."
-msgstr ""
-
-#
-#. ============================================================
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:555
-msgid "Writes that violate the above rules fail with the error B<EPERM>."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/user_namespaces.7:555
-#, no-wrap
-msgid "Unmapped user and group IDs"
-msgstr ""
-
-#. from_kuid_munged(), from_kgid_munged()
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:572
-msgid ""
-"There are various places where an unmapped user ID (group ID) may be "
-"exposed to user space. For example, the first process in a new user "
-"namespace may call B<getuid>() before a user ID mapping has been defined "
-"for the namespace. In most such cases, an unmapped user ID is converted to "
-"the overflow user ID (group ID); the default value for the overflow user ID "
-"(group ID) is 65534. See the descriptions of "
-"I</proc/sys/kernel/overflowuid> and I</proc/sys/kernel/overflowgid> in "
-"B<proc>(5)."
-msgstr ""
-
-#. also SO_PEERCRED
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:600
-msgid ""
-"The cases where unmapped IDs are mapped in this fashion include system calls "
-"that return user IDs (B<getuid>(2), B<getgid>(2), and similar), credentials "
-"passed over a UNIX domain socket, credentials returned by B<stat>(2), "
-"B<waitid>(2), and the System V IPC \"ctl\" B<IPC_STAT> operations, "
-"credentials exposed by I</proc/PID/status> and the files in "
-"I</proc/sysvipc/*>, credentials returned via the I<si_uid> field in the "
-"I<siginfo_t> received with a signal (see B<sigaction>(2)), credentials "
-"written to the process accounting file (see B<acct>(5)), and credentials "
-"returned with POSIX message queue notifications (see B<mq_notify>(3))."
-msgstr ""
-
-#. from_kuid(), from_kgid()
-#. Also F_GETOWNER_UIDS is an exception
-#
-#. ============================================================
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:615
-msgid ""
-"There is one notable case where unmapped user and group IDs are I<not> "
-"converted to the corresponding overflow ID value. When viewing a I<uid_map> "
-"or I<gid_map> file in which there is no mapping for the second field, that "
-"field is displayed as 4294967295 (-1 as an unsigned integer);"
-msgstr ""
-
-#. type: SS
-#: build/C/man7/user_namespaces.7:615
-#, no-wrap
-msgid "Set-user-ID and set-group-ID programs"
-msgstr ""
-
-#
-#. ============================================================
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:635
-msgid ""
-"When a process inside a user namespace executes a set-user-ID (set-group-ID) "
-"program, the process's effective user (group) ID inside the namespace is "
-"changed to whatever value is mapped for the user (group) ID of the file. "
-"However, if either the user I<or> the group ID of the file has no mapping "
-"inside the namespace, the set-user-ID (set-group-ID) bit is silently "
-"ignored: the new program is executed, but the process's effective user "
-"(group) ID is left unchanged. (This mirrors the semantics of executing a "
-"set-user-ID or set-group-ID program that resides on a filesystem that was "
-"mounted with the B<MS_NOSUID> flag, as described in B<mount>(2).)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:645
-msgid ""
-"When a process's user and group IDs are passed over a UNIX domain socket to "
-"a process in a different user namespace (see the description of "
-"B<SCM_CREDENTIALS> in B<unix>(7)), they are translated into the "
-"corresponding values as per the receiving process's user and group ID "
-"mappings."
-msgstr ""
-
-#
-#. ============================================================
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:658
-msgid ""
-"Over the years, there have been a lot of features that have been added to "
-"the Linux kernel that have been made available only to privileged users "
-"because of their potential to confuse set-user-ID-root applications. In "
-"general, it becomes safe to allow the root user in a user namespace to use "
-"those features because it is impossible, while in a user namespace, to gain "
-"more privilege than the root user of a user namespace has."
-msgstr ""
-
-#. type: SS
-#: build/C/man7/user_namespaces.7:658
-#, no-wrap
-msgid "Availability"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:666
-msgid ""
-"Use of user namespaces requires a kernel that is configured with the "
-"B<CONFIG_USER_NS> option. User namespaces require support in a range of "
-"subsystems across the kernel. When an unsupported subsystem is configured "
-"into the kernel, it is not possible to configure user namespaces support."
-msgstr ""
-
-#. commit d6970d4b726cea6d7a9bc4120814f95c09571fc3
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:677
-msgid ""
-"As at Linux 3.8, most relevant subsystems supported user namespaces, but a "
-"number of filesystems did not have the infrastructure needed to map user and "
-"group IDs between user namespaces. Linux 3.9 added the required "
-"infrastructure support for many of the remaining unsupported filesystems "
-"(Plan 9 (9P), Andrew File System (AFS), Ceph, CIFS, CODA, NFS, and OCFS2). "
-"Linux 3.11 added support the last of the unsupported major filesystems, XFS."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:686
-msgid ""
-"The program below is designed to allow experimenting with user namespaces, "
-"as well as other types of namespaces. It creates namespaces as specified by "
-"command-line options and then executes a command inside those namespaces. "
-"The comments and I<usage()> function inside the program provide a full "
-"explanation of the program. The following shell session demonstrates its "
-"use."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:688
-msgid "First, we look at the run-time environment:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:697
-#, no-wrap
-msgid ""
-"$ B<uname -rs> # Need Linux 3.8 or later\n"
-"Linux 3.8.0\n"
-"$ B<id -u> # Running as unprivileged user\n"
-"1000\n"
-"$ B<id -g>\n"
-"1000\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:711
-msgid ""
-"Now start a new shell in new user (I<-U>), mount (I<-m>), and PID (I<-p>) "
-"namespaces, with user ID (I<-M>) and group ID (I<-G>) 1000 mapped to 0 "
-"inside the user namespace:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:715
-#, no-wrap
-msgid "$ B<./userns_child_exec -p -m -U -M '0 1000 1' -G '0 1000 1' bash>\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:720
-msgid ""
-"The shell has PID 1, because it is the first process in the new PID "
-"namespace:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:725
-#, no-wrap
-msgid ""
-"bash$ B<echo $$>\n"
-"1\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:730
-msgid ""
-"Inside the user namespace, the shell has user and group ID 0, and a full set "
-"of permitted and effective capabilities:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:740
-#, no-wrap
-msgid ""
-"bash$ B<cat /proc/$$/status | egrep '^[UG]id'>\n"
-"Uid:\t0\t0\t0\t0\n"
-"Gid:\t0\t0\t0\t0\n"
-"bash$ B<cat /proc/$$/status | egrep '^Cap(Prm|Inh|Eff)'>\n"
-"CapInh:\t0000000000000000\n"
-"CapPrm:\t0000001fffffffff\n"
-"CapEff:\t0000001fffffffff\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:748
-msgid ""
-"Mounting a new I</proc> filesystem and listing all of the processes visible "
-"in the new PID namespace shows that the shell can't see any processes "
-"outside the PID namespace:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:756
-#, no-wrap
-msgid ""
-"bash$ B<mount -t proc proc /proc>\n"
-"bash$ B<ps ax>\n"
-" PID TTY STAT TIME COMMAND\n"
-" 1 pts/3 S 0:00 bash\n"
-" 22 pts/3 R+ 0:00 ps ax\n"
-msgstr ""
-
-#. type: SS
-#: build/C/man7/user_namespaces.7:758 build/C/man2/seccomp.2:574
-#, no-wrap
-msgid "Program source"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:762
-#, no-wrap
-msgid "/* userns_child_exec.c\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:764
-#, no-wrap
-msgid " Licensed under GNU General Public License v2 or later\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:780
-#, no-wrap
-msgid ""
-" Create a child process that executes a shell command in new\n"
-" namespace(s); allow UID and GID mappings to be specified when\n"
-" creating a user namespace.\n"
-"*/\n"
-"#define _GNU_SOURCE\n"
-"#include E<lt>sched.hE<gt>\n"
-"#include E<lt>unistd.hE<gt>\n"
-"#include E<lt>stdlib.hE<gt>\n"
-"#include E<lt>sys/wait.hE<gt>\n"
-"#include E<lt>signal.hE<gt>\n"
-"#include E<lt>fcntl.hE<gt>\n"
-"#include E<lt>stdio.hE<gt>\n"
-"#include E<lt>string.hE<gt>\n"
-"#include E<lt>limits.hE<gt>\n"
-"#include E<lt>errno.hE<gt>\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:783
-#, no-wrap
-msgid ""
-"/* A simple error-handling function: print an error message based\n"
-" on the value in \\(aqerrno\\(aq and terminate the calling process */\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:786
-#, no-wrap
-msgid ""
-"#define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \\e\n"
-" } while (0)\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:791
-#, no-wrap
-msgid ""
-"struct child_args {\n"
-" char **argv; /* Command to be executed by child, with args */\n"
-" int pipe_fd[2]; /* Pipe used to synchronize parent and child */\n"
-"};\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:793
-#, no-wrap
-msgid "static int verbose;\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:826
-#, no-wrap
-msgid ""
-"static void\n"
-"usage(char *pname)\n"
-"{\n"
-" fprintf(stderr, \"Usage: %s [options] cmd [arg...]\\en\\en\", pname);\n"
-" fprintf(stderr, \"Create a child process that executes a shell \"\n"
-" \"command in a new user namespace,\\en\"\n"
-" \"and possibly also other new namespace(s).\\en\\en\");\n"
-" fprintf(stderr, \"Options can be:\\en\\en\");\n"
-"#define fpe(str) fprintf(stderr, \" %s\", str);\n"
-" fpe(\"-i New IPC namespace\\en\");\n"
-" fpe(\"-m New mount namespace\\en\");\n"
-" fpe(\"-n New network namespace\\en\");\n"
-" fpe(\"-p New PID namespace\\en\");\n"
-" fpe(\"-u New UTS namespace\\en\");\n"
-" fpe(\"-U New user namespace\\en\");\n"
-" fpe(\"-M uid_map Specify UID map for user namespace\\en\");\n"
-" fpe(\"-G gid_map Specify GID map for user namespace\\en\");\n"
-" fpe(\"-z Map user\\(aqs UID and GID to 0 in user "
-"namespace\\en\");\n"
-" fpe(\" (equivalent to: -M \\(aq0 E<lt>uidE<gt> 1\\(aq -G "
-"\\(aq0 E<lt>gidE<gt> 1\\(aq)\\en\");\n"
-" fpe(\"-v Display verbose messages\\en\");\n"
-" fpe(\"\\en\");\n"
-" fpe(\"If -z, -M, or -G is specified, -U is required.\\en\");\n"
-" fpe(\"It is not permitted to specify both -z and either -M or "
-"-G.\\en\");\n"
-" fpe(\"\\en\");\n"
-" fpe(\"Map strings for -M and -G consist of records of the "
-"form:\\en\");\n"
-" fpe(\"\\en\");\n"
-" fpe(\" ID-inside-ns ID-outside-ns len\\en\");\n"
-" fpe(\"\\en\");\n"
-" fpe(\"A map string can contain multiple records, separated\"\n"
-" \" by commas;\\en\");\n"
-" fpe(\"the commas are replaced by newlines before writing\"\n"
-" \" to map files.\\en\");\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:834
-#, no-wrap
-msgid ""
-"/* Update the mapping file \\(aqmap_file\\(aq, with the value provided in\n"
-" \\(aqmapping\\(aq, a string that defines a UID or GID mapping. A UID or\n"
-" GID mapping consists of one or more newline-delimited records\n"
-" of the form:\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:836
-#, no-wrap
-msgid " ID_inside-ns ID-outside-ns length\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:841
-#, no-wrap
-msgid ""
-" Requiring the user to supply a string that contains newlines is\n"
-" of course inconvenient for command-line use. Thus, we permit the\n"
-" use of commas to delimit records in this string, and replace them\n"
-" with newlines before writing the string to the file. */\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:847
-#, no-wrap
-msgid ""
-"static void\n"
-"update_map(char *mapping, char *map_file)\n"
-"{\n"
-" int fd, j;\n"
-" size_t map_len; /* Length of \\(aqmapping\\(aq */\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:849
-#, no-wrap
-msgid " /* Replace commas in mapping string with newlines */\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:854
-#, no-wrap
-msgid ""
-" map_len = strlen(mapping);\n"
-" for (j = 0; j E<lt> map_len; j++)\n"
-" if (mapping[j] == \\(aq,\\(aq)\n"
-" mapping[j] = \\(aq\\en\\(aq;\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:861
-#, no-wrap
-msgid ""
-" fd = open(map_file, O_RDWR);\n"
-" if (fd == -1) {\n"
-" fprintf(stderr, \"ERROR: open %s: %s\\en\", map_file,\n"
-" strerror(errno));\n"
-" exit(EXIT_FAILURE);\n"
-" }\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:867
-#, no-wrap
-msgid ""
-" if (write(fd, mapping, map_len) != map_len) {\n"
-" fprintf(stderr, \"ERROR: write %s: %s\\en\", map_file,\n"
-" strerror(errno));\n"
-" exit(EXIT_FAILURE);\n"
-" }\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:870
-#, no-wrap
-msgid ""
-" close(fd);\n"
-"}\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:876
-#, no-wrap
-msgid ""
-"static int /* Start function for cloned child */\n"
-"childFunc(void *arg)\n"
-"{\n"
-" struct child_args *args = (struct child_args *) arg;\n"
-" char ch;\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:881
-#, no-wrap
-msgid ""
-" /* Wait until the parent has updated the UID and GID mappings.\n"
-" See the comment in main(). We wait for end of file on a\n"
-" pipe that will be closed by the parent process once it has\n"
-" updated the mappings. */\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:890
-#, no-wrap
-msgid ""
-" close(args-E<gt>pipe_fd[1]); /* Close our descriptor for the write\n"
-" end of the pipe so that we see EOF\n"
-" when parent closes its descriptor */\n"
-" if (read(args-E<gt>pipe_fd[0], &ch, 1) != 0) {\n"
-" fprintf(stderr,\n"
-" \"Failure in child: read from pipe returned != 0\\en\");\n"
-" exit(EXIT_FAILURE);\n"
-" }\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:892
-#, no-wrap
-msgid " /* Execute a shell command */\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:897
-#, no-wrap
-msgid ""
-" printf(\"About to exec %s\\en\", args-E<gt>argv[0]);\n"
-" execvp(args-E<gt>argv[0], args-E<gt>argv);\n"
-" errExit(\"execvp\");\n"
-"}\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:899
-#, no-wrap
-msgid "#define STACK_SIZE (1024 * 1024)\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:901
-#, no-wrap
-msgid "static char child_stack[STACK_SIZE]; /* Space for child\\(aqs stack */\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:912
-#, no-wrap
-msgid ""
-"int\n"
-"main(int argc, char *argv[])\n"
-"{\n"
-" int flags, opt, map_zero;\n"
-" pid_t child_pid;\n"
-" struct child_args args;\n"
-" char *uid_map, *gid_map;\n"
-" const int MAP_BUF_SIZE = 100;\n"
-" char map_buf[MAP_BUF_SIZE];\n"
-" char map_path[PATH_MAX];\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:919
-#, no-wrap
-msgid ""
-" /* Parse command-line options. The initial \\(aq+\\(aq character in\n"
-" the final getopt() argument prevents GNU-style permutation\n"
-" of command-line options. That\\(aqs useful, since sometimes\n"
-" the \\(aqcommand\\(aq to be executed by this program itself\n"
-" has command-line options. We don\\(aqt want getopt() to treat\n"
-" those as options to this program. */\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:940
-#, no-wrap
-msgid ""
-" flags = 0;\n"
-" verbose = 0;\n"
-" gid_map = NULL;\n"
-" uid_map = NULL;\n"
-" map_zero = 0;\n"
-" while ((opt = getopt(argc, argv, \"+imnpuUM:G:zv\")) != -1) {\n"
-" switch (opt) {\n"
-" case \\(aqi\\(aq: flags |= CLONE_NEWIPC; break;\n"
-" case \\(aqm\\(aq: flags |= CLONE_NEWNS; break;\n"
-" case \\(aqn\\(aq: flags |= CLONE_NEWNET; break;\n"
-" case \\(aqp\\(aq: flags |= CLONE_NEWPID; break;\n"
-" case \\(aqu\\(aq: flags |= CLONE_NEWUTS; break;\n"
-" case \\(aqv\\(aq: verbose = 1; break;\n"
-" case \\(aqz\\(aq: map_zero = 1; break;\n"
-" case \\(aqM\\(aq: uid_map = optarg; break;\n"
-" case \\(aqG\\(aq: gid_map = optarg; break;\n"
-" case \\(aqU\\(aq: flags |= CLONE_NEWUSER; break;\n"
-" default: usage(argv[0]);\n"
-" }\n"
-" }\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:942
-#, no-wrap
-msgid " /* -M or -G without -U is nonsensical */\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:947
-#, no-wrap
-msgid ""
-" if (((uid_map != NULL || gid_map != NULL || map_zero) &&\n"
-" !(flags & CLONE_NEWUSER)) ||\n"
-" (map_zero && (uid_map != NULL || gid_map != NULL)))\n"
-" usage(argv[0]);\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:949
-#, no-wrap
-msgid " args.argv = &argv[optind];\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:959
-#, no-wrap
-msgid ""
-" /* We use a pipe to synchronize the parent and child, in order to\n"
-" ensure that the parent sets the UID and GID maps before the child\n"
-" calls execve(). This ensures that the child maintains its\n"
-" capabilities during the execve() in the common case where we\n"
-" want to map the child\\(aqs effective user ID to 0 in the new user\n"
-" namespace. Without this synchronization, the child would lose\n"
-" its capabilities if it performed an execve() with nonzero\n"
-" user IDs (see the capabilities(7) man page for details of the\n"
-" transformation of a process\\(aqs capabilities during execve()). */\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:962
-#, no-wrap
-msgid ""
-" if (pipe(args.pipe_fd) == -1)\n"
-" errExit(\"pipe\");\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:964
-#, no-wrap
-msgid " /* Create the child in new namespace(s) */\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:969
-#, no-wrap
-msgid ""
-" child_pid = clone(childFunc, child_stack + STACK_SIZE,\n"
-" flags | SIGCHLD, &args);\n"
-" if (child_pid == -1)\n"
-" errExit(\"clone\");\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:971
-#, no-wrap
-msgid " /* Parent falls through to here */\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:975
-#, no-wrap
-msgid ""
-" if (verbose)\n"
-" printf(\"%s: PID of child created by clone() is %ld\\en\",\n"
-" argv[0], (long) child_pid);\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:977
-#, no-wrap
-msgid " /* Update the UID and GID maps in the child */\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:996
-#, no-wrap
-msgid ""
-" if (uid_map != NULL || map_zero) {\n"
-" snprintf(map_path, PATH_MAX, \"/proc/%ld/uid_map\",\n"
-" (long) child_pid);\n"
-" if (map_zero) {\n"
-" snprintf(map_buf, MAP_BUF_SIZE, \"0 %ld 1\", (long) getuid());\n"
-" uid_map = map_buf;\n"
-" }\n"
-" update_map(uid_map, map_path);\n"
-" }\n"
-" if (gid_map != NULL || map_zero) {\n"
-" snprintf(map_path, PATH_MAX, \"/proc/%ld/gid_map\",\n"
-" (long) child_pid);\n"
-" if (map_zero) {\n"
-" snprintf(map_buf, MAP_BUF_SIZE, \"0 %ld 1\", (long) getgid());\n"
-" gid_map = map_buf;\n"
-" }\n"
-" update_map(gid_map, map_path);\n"
-" }\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:999
-#, no-wrap
-msgid ""
-" /* Close the write end of the pipe, to signal to the child that we\n"
-" have updated the UID and GID maps */\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:1001
-#, no-wrap
-msgid " close(args.pipe_fd[1]);\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:1004
-#, no-wrap
-msgid ""
-" if (waitpid(child_pid, NULL, 0) == -1) /* Wait for child */\n"
-" errExit(\"waitpid\");\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:1007
-#, no-wrap
-msgid ""
-" if (verbose)\n"
-" printf(\"%s: terminating\\en\", argv[0]);\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:1010
-#, no-wrap
-msgid ""
-" exit(EXIT_SUCCESS);\n"
-"}\n"
-msgstr ""
-
-#. From the shadow package
-#. From the shadow package
-#. From the shadow package
-#. From the shadow package
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:1024
-msgid ""
-"B<newgidmap>(1), B<newuidmap>(1), B<clone>(2), B<setns>(2), B<unshare>(2), "
-"B<proc>(5), B<subgid>(5), B<subuid>(5), B<credentials>(7), "
-"B<capabilities>(7), B<namespaces>(7), B<pid_namespaces>(7)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man7/user_namespaces.7:1027
-msgid "The kernel source file I<Documentation/namespaces/resource-control.txt>."
-msgstr ""
-
-#. type: TH
-#: build/C/man2/seccomp.2:27
-#, no-wrap
-msgid "SECCOMP"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:30
-msgid "seccomp - operate on Secure Computing state of the process"
-msgstr ""
-
-#. Kees Cook noted: Anything that uses SECCOMP_RET_TRACE returns will
-#. need <sys/ptrace.h>
-#. type: Plain text
-#: build/C/man2/seccomp.2:39
-#, no-wrap
-msgid ""
-"B<#include E<lt>linux/seccomp.hE<gt>>\n"
-"B<#include E<lt>linux/filter.hE<gt>>\n"
-"B<#include E<lt>linux/audit.hE<gt>>\n"
-"B<#include E<lt>linux/signal.hE<gt>>\n"
-"B<#include E<lt>sys/ptrace.hE<gt>>\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:42
-#, no-wrap
-msgid ""
-"B<int seccomp(unsigned int >I<operation>B<, unsigned int >I<flags>B<, void "
-"*>I<args>B<);>\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:48
-msgid ""
-"The B<seccomp>() system call operates on the Secure Computing (seccomp) "
-"state of the calling process."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:52
-msgid "Currently, Linux supports the following I<operation> values:"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/seccomp.2:52
-#, no-wrap
-msgid "B<SECCOMP_SET_MODE_STRICT>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:66
-msgid ""
-"The only system calls that the calling thread is permitted to make are "
-"B<read>(2), B<write>(2), B<_exit>(2), and B<sigreturn>(2). Other system "
-"calls result in the delivery of a B<SIGKILL> signal. Strict secure "
-"computing mode is useful for number-crunching applications that may need to "
-"execute untrusted byte code, perhaps obtained by reading from a pipe or "
-"socket."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:70
-msgid ""
-"This operation is available only if the kernel is configured with "
-"B<CONFIG_SECCOMP> enabled."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:76
-msgid "The value of I<flags> must be 0, and I<args> must be NULL."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:78
-msgid "This operation is functionally identical to the call:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:80
-#, no-wrap
-msgid " prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT);\n"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/seccomp.2:80
-#, no-wrap
-msgid "B<SECCOMP_SET_MODE_FILTER>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:95
-msgid ""
-"The system calls allowed are defined by a pointer to a Berkeley Packet "
-"Filter (BPF) passed via I<args>. This argument is a pointer to a I<struct\\ "
-"sock_fprog>; it can be designed to filter arbitrary system calls and system "
-"call arguments. If the filter is invalid, B<seccomp>() fails, returning "
-"B<EINVAL> in I<errno>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:107
-msgid ""
-"If B<fork>(2) or B<clone>(2) is allowed by the filter, any child processes "
-"will be constrained to the same system call filters as the parent. If "
-"B<execve>(2) is allowed, the existing filters will be preserved across a "
-"call to B<execve>(2)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:117
-msgid ""
-"In order to use the B<SECCOMP_SET_MODE_FILTER> operation, either the caller "
-"must have the B<CAP_SYS_ADMIN> capability, or the thread must already have "
-"the I<no_new_privs> bit set. If that bit was not already set by an ancestor "
-"of this thread, the thread must make the following call:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:119
-#, no-wrap
-msgid " prctl(PR_SET_NO_NEW_PRIVS, 1);\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:138
-msgid ""
-"Otherwise, the B<SECCOMP_SET_MODE_FILTER> operation will fail and return "
-"B<EACCES> in I<errno>. This requirement ensures that an unprivileged "
-"process cannot apply a malicious filter and then invoke a set-user-ID or "
-"other privileged program using B<execve>(2), thus potentially compromising "
-"that program. (Such a malicious filter might, for example, cause an attempt "
-"to use B<setuid>(2) to set the caller's user IDs to non-zero values to "
-"instead return 0 without actually making the system call. Thus, the program "
-"might be tricked into retaining superuser privileges in circumstances where "
-"it is possible to influence it to do dangerous things because it did not "
-"actually drop privileges.)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:146
-msgid ""
-"If B<prctl>(2) or B<seccomp>(2) is allowed by the attached filter, further "
-"filters may be added. This will increase evaluation time, but allows for "
-"further reduction of the attack surface during execution of a thread."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:152
-msgid ""
-"The B<SECCOMP_SET_MODE_FILTER> operation is available only if the kernel is "
-"configured with B<CONFIG_SECCOMP_FILTER> enabled."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:156
-msgid "When I<flags> is 0, this operation is functionally identical to the call:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:158
-#, no-wrap
-msgid " prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, args);\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:162
-msgid "The recognized I<flags> are:"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/seccomp.2:163
-#, no-wrap
-msgid "B<SECCOMP_FILTER_FLAG_TSYNC>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:171
-msgid ""
-"When adding a new filter, synchronize all other threads of the calling "
-"process to the same seccomp filter tree. A \"filter tree\" is the ordered "
-"list of filters attached to a thread. (Attaching identical filters in "
-"separate B<seccomp>() calls results in different filters from this "
-"perspective.)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:179
-msgid ""
-"If any thread cannot synchronize to the same filter tree, the call will not "
-"attach the new seccomp filter, and will fail, returning the first thread ID "
-"found that cannot synchronize. Synchronization will fail if another thread "
-"in the same process is in B<SECCOMP_MODE_STRICT> or if it has attached new "
-"seccomp filters to itself, diverging from the calling thread's filter tree."
-msgstr ""
-
-#. type: SS
-#: build/C/man2/seccomp.2:180
-#, no-wrap
-msgid "Filters"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:185
-msgid ""
-"When adding filters via B<SECCOMP_SET_MODE_FILTER>, I<args> points to a "
-"filter program:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:193
-#, no-wrap
-msgid ""
-"struct sock_fprog {\n"
-" unsigned short len; /* Number of BPF instructions */\n"
-" struct sock_filter *filter; /* Pointer to array of\n"
-" BPF instructions */\n"
-"};\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:197
-msgid "Each program must contain one or more BPF instructions:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:206
-#, no-wrap
-msgid ""
-"struct sock_filter { /* Filter block */\n"
-" __u16 code; /* Actual filter code */\n"
-" __u8 jt; /* Jump true */\n"
-" __u8 jf; /* Jump false */\n"
-" __u32 k; /* Generic multiuse field */\n"
-"};\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:213
-msgid ""
-"When executing the instructions, the BPF program operates on the system call "
-"information made available (i.e., use the B<BPF_ABS> addressing mode) as a "
-"buffer of the following form:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:223
-#, no-wrap
-msgid ""
-"struct seccomp_data {\n"
-" int nr; /* System call number */\n"
-" __u32 arch; /* AUDIT_ARCH_* value\n"
-" (see E<lt>linux/audit.hE<gt>) */\n"
-" __u64 instruction_pointer; /* CPU instruction pointer */\n"
-" __u64 args[6]; /* Up to 6 system call arguments */\n"
-"};\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:234
-msgid ""
-"A seccomp filter returns a 32-bit value consisting of two parts: the most "
-"significant 16 bits (corresponding to the mask defined by the constant "
-"B<SECCOMP_RET_ACTION>) contain one of the \"action\" values listed below; "
-"the least significant 16-bits (defined by the constant B<SECCOMP_RET_DATA>) "
-"are \"data\" to be associated with this return value."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:242
-msgid ""
-"If multiple filters exist, they are all executed, in reverse order of their "
-"addition to the filter tree (i.e., the most recently installed filter is "
-"executed first). The return value for the evaluation of a given system call "
-"is the first-seen B<SECCOMP_RET_ACTION> value of highest precedence (along "
-"with its accompanying data) returned by execution of all of the filters."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:245
-msgid ""
-"In decreasing order of precedence, the values that may be returned by a "
-"seccomp filter are:"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/seccomp.2:245
-#, no-wrap
-msgid "B<SECCOMP_RET_KILL>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:254
-msgid ""
-"This value results in the process exiting immediately without executing the "
-"system call. The process terminates as though killed by a B<SIGSYS> signal "
-"(I<not> B<SIGKILL>)."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/seccomp.2:254
-#, no-wrap
-msgid "B<SECCOMP_RET_TRAP>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:264
-msgid ""
-"This value results in the kernel sending a B<SIGSYS> signal to the "
-"triggering process without executing the system call. Various fields will "
-"be set in the I<siginfo_t> structure (see B<sigaction>(2)) associated with "
-"signal:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:269
-msgid "I<si_signo> will contain B<SIGSYS>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:272
-msgid "I<si_call_addr> will show the address of the system call instruction."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:277
-msgid "I<si_syscall> and I<si_arch> will indicate which system call was attempted."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:281
-msgid "I<si_code> will contain B<SYS_SECCOMP>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:286
-msgid ""
-"I<si_errno> will contain the B<SECCOMP_RET_DATA> portion of the filter "
-"return value."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:295
-msgid ""
-"The program counter will be as though the system call happened (i.e., it "
-"will not point to the system call instruction). The return value register "
-"will contain an architecture-dependent value; if resuming execution, set it "
-"to something appropriate for the system call. (The architecture dependency "
-"is because replacing it with B<ENOSYS> could overwrite some useful "
-"information.)"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/seccomp.2:295
-#, no-wrap
-msgid "B<SECCOMP_RET_ERRNO>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:302
-msgid ""
-"This value results in the B<SECCOMP_RET_DATA> portion of the filter's return "
-"value being passed to user space as the I<errno> value without executing the "
-"system call."
-msgstr ""
-
-#. type: TP
-#: build/C/man2/seccomp.2:302
-#, no-wrap
-msgid "B<SECCOMP_RET_TRACE>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:312
-msgid ""
-"When returned, this value will cause the kernel to attempt to notify a "
-"B<ptrace>(2)-based tracer prior to executing the system call. If there is "
-"no tracer present, the system call is not executed and returns a failure "
-"status with I<errno> set to B<ENOSYS>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:323
-msgid ""
-"A tracer will be notified if it requests B<PTRACE_O_TRACESECCOMP> using "
-"I<ptrace(PTRACE_SETOPTIONS)>. The tracer will be notified of a "
-"B<PTRACE_EVENT_SECCOMP> and the B<SECCOMP_RET_DATA> portion of the filter's "
-"return value will be available to the tracer via B<PTRACE_GETEVENTMSG>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:330
-msgid ""
-"The tracer can skip the system call by changing the system call number to "
-"-1. Alternatively, the tracer can change the system call requested by "
-"changing the system call to a valid system call number. If the tracer asks "
-"to skip the system call, then the system call will appear to return the "
-"value that the tracer puts in the return value register."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:339
-msgid ""
-"The seccomp check will not be run again after the tracer is notified. (This "
-"means that seccomp-based sandboxes B<must not> allow use of "
-"B<ptrace>(2)\\(emeven of other sandboxed processes\\(emwithout extreme care; "
-"ptracers can use this mechanism to escape from the seccomp sandbox.)"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/seccomp.2:339
-#, no-wrap
-msgid "B<SECCOMP_RET_ALLOW>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:342
-msgid "This value results in the system call being executed."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:358
-msgid ""
-"On success, B<seccomp>() returns 0. On error, if "
-"B<SECCOMP_FILTER_FLAG_TSYNC> was used, the return value is the ID of the "
-"thread that caused the synchronization failure. (This ID is a kernel thread "
-"ID of the type returned by B<clone>(2) and B<gettid>(2).) On other errors, "
-"-1 is returned, and I<errno> is set to indicate the cause of the error."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:361
-msgid "B<seccomp>() can fail for the following reasons:"
-msgstr ""
-
-#. type: TP
-#: build/C/man2/seccomp.2:361
-#, no-wrap
-msgid "B<EACCESS>"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:369
-msgid ""
-"The caller did not have the B<CAP_SYS_ADMIN> capability, or had not set "
-"I<no_new_privs> before using B<SECCOMP_SET_MODE_FILTER>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:373
-msgid "I<args> was not a valid address."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:380
-msgid "I<operation> is unknown; or I<flags> are invalid for the given I<operation>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:387
-msgid ""
-"I<operation> included B<BPF_ABS>, but the specified offset was not aligned "
-"to a 32-bit boundary or exceeded I<sizeof(struct\\ seccomp_data)>."
-msgstr ""
-
-#. See kernel/seccomp.c::seccomp_may_assign_mode() in 3.18 sources
-#. type: Plain text
-#: build/C/man2/seccomp.2:393
-msgid ""
-"A secure computing mode has already been set, and I<operation> differs from "
-"the existing setting."
-msgstr ""
-
-#. See stub kernel/seccomp.c::seccomp_set_mode_filter() in 3.18 sources
-#. type: Plain text
-#: build/C/man2/seccomp.2:402
-msgid ""
-"I<operation> specified B<SECCOMP_SET_MODE_FILTER>, but the kernel was not "
-"built with B<CONFIG_SECCOMP_FILTER> enabled."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:413
-msgid ""
-"I<operation> specified B<SECCOMP_SET_MODE_FILTER>, but the filter program "
-"pointed to by I<args> was not valid or the length of the filter program was "
-"zero or exceeded B<BPF_MAXINSNS> (4096) instructions. B<EINVAL>"
-msgstr ""
-
-#. ENOMEM in kernel/seccomp.c::seccomp_attach_filter() in 3.18 sources
-#. type: Plain text
-#: build/C/man2/seccomp.2:426
-msgid ""
-"The total length of all filter programs attached to the calling thread would "
-"exceed B<MAX_INSNS_PER_PATH> (32768) instructions. Note that for the "
-"purposes of calculating this limit, each already existing filter program "
-"incurs an overhead penalty of 4 instructions."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:430
-msgid ""
-"Another thread caused a failure during thread sync, but its ID could not be "
-"determined."
-msgstr ""
-
-#. FIXME . Add glibc version
-#. type: Plain text
-#: build/C/man2/seccomp.2:435
-msgid "The B<seccomp>() system call first appeared in Linux 3.17."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:439
-msgid "The B<seccomp>() system call is a nonstandard Linux extension."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:446
-msgid ""
-"The I<Seccomp> field of the I</proc/[pid]/status> file provides a method of "
-"viewing the seccomp mode of a process; see B<proc>(5)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:453
-msgid ""
-"B<seccomp>() provides a superset of the functionality provided by the "
-"B<prctl>(2) B<PR_SET_SECCOMP> operation (which does not support I<flags>)."
-msgstr ""
-
-#. type: SS
-#: build/C/man2/seccomp.2:453
-#, no-wrap
-msgid "Seccomp-specific BPF details"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:455
-msgid "Note the following BPF details specific to seccomp filters:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:463
-msgid ""
-"The B<BPF_H> and B<BPF_B> size modifiers are not supported: all operations "
-"must load and store (4-byte) words (B<BPF_W>)."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:469
-msgid ""
-"To access the contents of the I<seccomp_data> buffer, use the B<BPF_ABS> "
-"addressing mode modifier."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:476
-msgid ""
-"The B<BPF_LEN> addressing mode modifier yields an immediate mode operand "
-"whose value is the size of the I<seccomp_data> buffer."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:482
-msgid ""
-"The program below accepts four or more arguments. The first three arguments "
-"are a system call number, a numeric architecture identifier, and an error "
-"number. The program uses these values to construct a BPF filter that is "
-"used at run time to perform the following checks:"
-msgstr ""
-
-#. type: IP
-#: build/C/man2/seccomp.2:482
-#, no-wrap
-msgid "[1]"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:486
-msgid ""
-"If the program is not running on the specified architecture, the BPF filter "
-"causes system calls to fail with the error B<ENOSYS>."
-msgstr ""
-
-#. type: IP
-#: build/C/man2/seccomp.2:486
-#, no-wrap
-msgid "[2]"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:491
-msgid ""
-"If the program attempts to execute the system call with the specified "
-"number, the BPF filter causes the system call to fail, with I<errno> being "
-"set to the specified error number."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:500
-msgid ""
-"The remaining command-line arguments specify the pathname and additional "
-"arguments of a program that the example program should attempt to execute "
-"using B<execve>(3) (a library function that employs the B<execve>(2) "
-"system call). Some example runs of the program are shown below."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:504
-msgid ""
-"First, we display the architecture that we are running on (x86-64) and then "
-"construct a shell function that looks up system call numbers on this "
-"architecture:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:513
-#, no-wrap
-msgid ""
-"$ B<uname -m>\n"
-"x86_64\n"
-"$ B<syscall_nr() {\n"
-" cat /usr/src/linux/arch/x86/syscalls/syscall_64.tbl | \\e\n"
-" awk '$2 != \"x32\" && $3 == \"'$1'\" { print $1 }'\n"
-"}>\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:520
-msgid ""
-"When the BPF filter rejects a system call (case [2] above), it causes the "
-"system call to fail with the error number specified on the command line. In "
-"the experiments shown here, we'll use error number 99:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:525
-#, no-wrap
-msgid ""
-"$ B<errno 99>\n"
-"EADDRNOTAVAIL 99 Cannot assign requested address\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:533
-msgid ""
-"In the following example, we attempt to run the command B<whoami>(1), but "
-"the BPF filter rejects the B<execve>(2) system call, so that the command is "
-"not even executed:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:544
-#, no-wrap
-msgid ""
-"$ B<syscall_nr execve>\n"
-"59\n"
-"$ B<./a.out>\n"
-"Usage: ./a.out E<lt>syscall_nrE<gt> E<lt>archE<gt> E<lt>errnoE<gt> "
-"E<lt>progE<gt> [E<lt>argsE<gt>]\n"
-"Hint for E<lt>archE<gt>: AUDIT_ARCH_I386: 0x40000003\n"
-" AUDIT_ARCH_X86_64: 0xC000003E\n"
-"$ B<./a.out 59 0xC000003E 99 /bin/whoami>\n"
-"execv: Cannot assign requested address\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:552
-msgid ""
-"In the next example, the BPF filter rejects the B<write>(2) system call, so "
-"that, although it is successfully started, the B<whoami>(1) command is not "
-"able to write output:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:558
-#, no-wrap
-msgid ""
-"$ B<syscall_nr write>\n"
-"1\n"
-"$ B<./a.out 1 0xC000003E 99 /bin/whoami>\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:565
-msgid ""
-"In the final example, the BPF filter rejects a system call that is not used "
-"by the B<whoami>(1) command, so it is able to successfully execute and "
-"produce output:"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:572
-#, no-wrap
-msgid ""
-"$ B<syscall_nr preadv>\n"
-"295\n"
-"$ B<./a.out 295 0xC000003E 99 /bin/whoami>\n"
-"cecilia\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:586
-#, no-wrap
-msgid ""
-"#include E<lt>errno.hE<gt>\n"
-"#include E<lt>stddef.hE<gt>\n"
-"#include E<lt>stdio.hE<gt>\n"
-"#include E<lt>stdlib.hE<gt>\n"
-"#include E<lt>unistd.hE<gt>\n"
-"#include E<lt>linux/audit.hE<gt>\n"
-"#include E<lt>linux/filter.hE<gt>\n"
-"#include E<lt>linux/seccomp.hE<gt>\n"
-"#include E<lt>sys/prctl.hE<gt>\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:595
-#, no-wrap
-msgid ""
-"static int\n"
-"install_filter(int syscall_nr, int t_arch, int f_errno)\n"
-"{\n"
-" struct sock_filter filter[] = {\n"
-" /* [0] Load architecture from 'seccomp_data' buffer into\n"
-" accumulator */\n"
-" BPF_STMT(BPF_LD | BPF_W | BPF_ABS,\n"
-" (offsetof(struct seccomp_data, arch))),\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:599
-#, no-wrap
-msgid ""
-" /* [1] Jump forward 4 instructions if architecture does not\n"
-" match 't_arch' */\n"
-" BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, t_arch, 0, 4),\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:604
-#, no-wrap
-msgid ""
-" /* [2] Load system call number from 'seccomp_data' buffer into\n"
-" accumulator */\n"
-" BPF_STMT(BPF_LD | BPF_W | BPF_ABS,\n"
-" (offsetof(struct seccomp_data, nr))),\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:608
-#, no-wrap
-msgid ""
-" /* [3] Jump forward 1 instruction if system call number\n"
-" does not match 'syscall_nr' */\n"
-" BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, syscall_nr, 0, 1),\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:613
-#, no-wrap
-msgid ""
-" /* [4] Matching architecture and system call: don't execute\n"
-"\t the system call, and return 'f_errno' in 'errno' */\n"
-" BPF_STMT(BPF_RET | BPF_K,\n"
-" SECCOMP_RET_ERRNO | (f_errno & SECCOMP_RET_DATA)),\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:617
-#, no-wrap
-msgid ""
-" /* [5] Destination of system call number mismatch: allow other\n"
-" system calls */\n"
-" BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:621
-#, no-wrap
-msgid ""
-" /* [6] Destination of architecture mismatch: kill process */\n"
-" BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_KILL),\n"
-" };\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:626
-#, no-wrap
-msgid ""
-" struct sock_fprog prog = {\n"
-" .len = (unsigned short) (sizeof(filter) / sizeof(filter[0])),\n"
-" .filter = filter,\n"
-" };\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:631
-#, no-wrap
-msgid ""
-" if (seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog)) {\n"
-" perror(\"seccomp\");\n"
-" return 1;\n"
-" }\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:634
-#, no-wrap
-msgid ""
-" return 0;\n"
-"}\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:646
-#, no-wrap
-msgid ""
-"int\n"
-"main(int argc, char **argv)\n"
-"{\n"
-" if (argc E<lt> 5) {\n"
-" fprintf(stderr, \"Usage: \"\n"
-" \"%s E<lt>syscall_nrE<gt> E<lt>archE<gt> E<lt>errnoE<gt> "
-"E<lt>progE<gt> [E<lt>argsE<gt>]\\en\"\n"
-" \"Hint for E<lt>archE<gt>: AUDIT_ARCH_I386: 0x%X\\en\"\n"
-" \" AUDIT_ARCH_X86_64: 0x%X\\en\"\n"
-" \"\\en\", argv[0], AUDIT_ARCH_I386, AUDIT_ARCH_X86_64);\n"
-" exit(EXIT_FAILURE);\n"
-" }\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:651
-#, no-wrap
-msgid ""
-" if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {\n"
-" perror(\"prctl\");\n"
-" exit(EXIT_FAILURE);\n"
-" }\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:656
-#, no-wrap
-msgid ""
-" if (install_filter(strtol(argv[1], NULL, 0),\n"
-" strtol(argv[2], NULL, 0),\n"
-" strtol(argv[3], NULL, 0)))\n"
-" exit(EXIT_FAILURE);\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:661
-#, no-wrap
-msgid ""
-" execv(argv[4], &argv[4]);\n"
-" perror(\"execv\");\n"
-" exit(EXIT_FAILURE);\n"
-"}\n"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:668
-msgid "B<prctl>(2), B<ptrace>(2), B<sigaction>(2), B<signal>(7), B<socket>(7)"
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:673
-msgid ""
-"The kernel source files I<Documentation/networking/filter.txt> and "
-"I<Documentation/prctl/seccomp_filter.txt>."
-msgstr ""
-
-#. type: Plain text
-#: build/C/man2/seccomp.2:679
-msgid ""
-"McCanne, S. and Jacobson, V. (1992) I<The BSD Packet Filter: A New "
-"Architecture for User-level Packet Capture>, Proceedings of the USENIX "
-"Winter 1993 Conference E<.UR http://www.tcpdump.org/papers/bpf-usenix93.pdf> "
-"E<.UE>"
-msgstr ""
OSDN Git Service
