X-Git-Url: http://git.osdn.net/view?p=linuxjm%2FLDP_man-pages.git;a=blobdiff_plain;f=po4a%2Fprocess%2Fpo%2Fprocess.pot;fp=po4a%2Fprocess%2Fpo%2Fprocess.pot;h=0000000000000000000000000000000000000000;hp=48bd7c495e8e740ba83f3e06821420eb4b4f719e;hb=2460a0b8024ceb8570acdbc9208713d79458efcb;hpb=83f9e5d087c3464d5131604d3c9893479e6228eb diff --git a/po4a/process/po/process.pot b/po4a/process/po/process.pot deleted file mode 100644 index 48bd7c49..00000000 --- a/po4a/process/po/process.pot +++ /dev/null @@ -1,12527 +0,0 @@ -# SOME DESCRIPTIVE TITLE -# Copyright (C) YEAR Free Software Foundation, Inc. -# This file is distributed under the same license as the PACKAGE package. -# FIRST AUTHOR , YEAR. -# -#, fuzzy -msgid "" -msgstr "" -"Project-Id-Version: PACKAGE VERSION\n" -"POT-Creation-Date: 2015-02-04 23:33+0900\n" -"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" -"Last-Translator: FULL NAME \n" -"Language-Team: LANGUAGE \n" -"Language: \n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" - -#. type: TH -#: build/C/man2/acct.2:31 build/C/man5/acct.5:25 -#, no-wrap -msgid "ACCT" -msgstr "" - -#. type: TH -#: build/C/man2/acct.2:31 -#, no-wrap -msgid "2008-06-16" -msgstr "" - -#. type: TH -#: build/C/man2/acct.2:31 build/C/man5/acct.5:25 build/C/man7/capabilities.7:48 build/C/man2/capget.2:15 build/C/man7/cpuset.7:25 build/C/man7/credentials.7:27 build/C/man2/getgid.2:25 build/C/man2/getgroups.2:31 build/C/man2/getpid.2:25 build/C/man2/getpriority.2:45 build/C/man2/getresuid.2:28 build/C/man2/getrlimit.2:64 build/C/man2/getrusage.2:39 build/C/man2/getsid.2:26 build/C/man2/getuid.2:26 build/C/man2/iopl.2:33 build/C/man2/ioprio_set.2:24 build/C/man2/ipc.2:25 build/C/man7/namespaces.7:27 build/C/man7/pid_namespaces.7:27 build/C/man2/seteuid.2:29 build/C/man2/setfsgid.2:31 build/C/man2/setfsuid.2:31 build/C/man2/setgid.2:29 build/C/man2/setpgid.2:48 build/C/man2/setresuid.2:26 build/C/man2/setreuid.2:45 build/C/man2/setsid.2:31 build/C/man2/setuid.2:30 build/C/man7/svipc.7:40 build/C/man3/ulimit.3:27 build/C/man7/user_namespaces.7:27 build/C/man2/seccomp.2:27 -#, no-wrap -msgid "Linux" -msgstr "" - -#. type: TH -#: build/C/man2/acct.2:31 build/C/man5/acct.5:25 build/C/man7/capabilities.7:48 build/C/man2/capget.2:15 build/C/man7/cpuset.7:25 build/C/man7/credentials.7:27 build/C/man2/getgid.2:25 build/C/man2/getgroups.2:31 build/C/man2/getpid.2:25 build/C/man2/getpriority.2:45 build/C/man2/getresuid.2:28 build/C/man2/getrlimit.2:64 build/C/man2/getrusage.2:39 build/C/man2/getsid.2:26 build/C/man2/getuid.2:26 build/C/man3/group_member.3:25 build/C/man2/iopl.2:33 build/C/man2/ioprio_set.2:24 build/C/man2/ipc.2:25 build/C/man7/namespaces.7:27 build/C/man7/pid_namespaces.7:27 build/C/man2/seteuid.2:29 build/C/man2/setfsgid.2:31 build/C/man2/setfsuid.2:31 build/C/man2/setgid.2:29 build/C/man2/setpgid.2:48 build/C/man2/setresuid.2:26 build/C/man2/setreuid.2:45 build/C/man2/setsid.2:31 build/C/man2/setuid.2:30 build/C/man7/svipc.7:40 build/C/man3/ulimit.3:27 build/C/man7/user_namespaces.7:27 build/C/man2/seccomp.2:27 -#, no-wrap -msgid "Linux Programmer's Manual" -msgstr "" - -#. type: SH -#: build/C/man2/acct.2:32 build/C/man5/acct.5:26 build/C/man7/capabilities.7:49 build/C/man2/capget.2:16 build/C/man7/cpuset.7:26 build/C/man7/credentials.7:28 build/C/man2/getgid.2:26 build/C/man2/getgroups.2:32 build/C/man2/getpid.2:26 build/C/man2/getpriority.2:46 build/C/man2/getresuid.2:29 build/C/man2/getrlimit.2:65 build/C/man2/getrusage.2:40 build/C/man2/getsid.2:27 build/C/man2/getuid.2:27 build/C/man3/group_member.3:26 build/C/man2/iopl.2:34 build/C/man2/ioprio_set.2:25 build/C/man2/ipc.2:26 build/C/man7/namespaces.7:28 build/C/man7/pid_namespaces.7:28 build/C/man2/seteuid.2:30 build/C/man2/setfsgid.2:32 build/C/man2/setfsuid.2:32 build/C/man2/setgid.2:30 build/C/man2/setpgid.2:49 build/C/man2/setresuid.2:27 build/C/man2/setreuid.2:46 build/C/man2/setsid.2:32 build/C/man2/setuid.2:31 build/C/man7/svipc.7:41 build/C/man3/ulimit.3:28 build/C/man7/user_namespaces.7:28 build/C/man2/seccomp.2:28 -#, no-wrap -msgid "NAME" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:34 -msgid "acct - switch process accounting on or off" -msgstr "" - -#. type: SH -#: build/C/man2/acct.2:34 build/C/man5/acct.5:28 build/C/man2/capget.2:18 build/C/man2/getgid.2:28 build/C/man2/getgroups.2:34 build/C/man2/getpid.2:28 build/C/man2/getpriority.2:48 build/C/man2/getresuid.2:31 build/C/man2/getrlimit.2:67 build/C/man2/getrusage.2:42 build/C/man2/getsid.2:29 build/C/man2/getuid.2:29 build/C/man3/group_member.3:28 build/C/man2/iopl.2:36 build/C/man2/ioprio_set.2:27 build/C/man2/ipc.2:28 build/C/man2/seteuid.2:32 build/C/man2/setfsgid.2:34 build/C/man2/setfsuid.2:34 build/C/man2/setgid.2:32 build/C/man2/setpgid.2:51 build/C/man2/setresuid.2:29 build/C/man2/setreuid.2:48 build/C/man2/setsid.2:34 build/C/man2/setuid.2:33 build/C/man7/svipc.7:43 build/C/man3/ulimit.3:30 build/C/man2/seccomp.2:30 -#, no-wrap -msgid "SYNOPSIS" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:38 -#, no-wrap -msgid "B<#include Eunistd.hE>\n" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:40 -#, no-wrap -msgid "BIB<);>\n" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:46 build/C/man2/getgroups.2:48 build/C/man2/getrlimit.2:84 build/C/man2/getsid.2:37 build/C/man3/group_member.3:36 build/C/man2/seteuid.2:44 build/C/man2/setpgid.2:71 build/C/man2/setreuid.2:60 -msgid "Feature Test Macro Requirements for glibc (see B(7)):" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:50 -msgid "B(): _BSD_SOURCE || (_XOPEN_SOURCE && _XOPEN_SOURCE\\ E\\ 500)" -msgstr "" - -#. type: SH -#: build/C/man2/acct.2:50 build/C/man5/acct.5:30 build/C/man7/capabilities.7:51 build/C/man2/capget.2:24 build/C/man7/cpuset.7:28 build/C/man7/credentials.7:30 build/C/man2/getgid.2:36 build/C/man2/getgroups.2:52 build/C/man2/getpid.2:36 build/C/man2/getpriority.2:56 build/C/man2/getresuid.2:39 build/C/man2/getrlimit.2:88 build/C/man2/getrusage.2:48 build/C/man2/getsid.2:50 build/C/man2/getuid.2:37 build/C/man3/group_member.3:40 build/C/man2/iopl.2:40 build/C/man2/ioprio_set.2:35 build/C/man2/ipc.2:34 build/C/man7/namespaces.7:30 build/C/man7/pid_namespaces.7:30 build/C/man2/seteuid.2:53 build/C/man2/setfsgid.2:38 build/C/man2/setfsuid.2:38 build/C/man2/setgid.2:38 build/C/man2/setpgid.2:100 build/C/man2/setresuid.2:37 build/C/man2/setreuid.2:70 build/C/man2/setsid.2:41 build/C/man2/setuid.2:39 build/C/man7/svipc.7:49 build/C/man3/ulimit.3:34 build/C/man7/user_namespaces.7:30 build/C/man2/seccomp.2:43 -#, no-wrap -msgid "DESCRIPTION" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:60 -msgid "" -"The B() system call enables or disables process accounting. If " -"called with the name of an existing file as its argument, accounting is " -"turned on, and records for each terminating process are appended to " -"I as it terminates. An argument of NULL causes accounting to be " -"turned off." -msgstr "" - -#. type: SH -#: build/C/man2/acct.2:60 build/C/man2/capget.2:160 build/C/man2/getgroups.2:92 build/C/man2/getpriority.2:104 build/C/man2/getresuid.2:50 build/C/man2/getrlimit.2:461 build/C/man2/getrusage.2:188 build/C/man2/getsid.2:58 build/C/man3/group_member.3:48 build/C/man2/iopl.2:66 build/C/man2/ioprio_set.2:149 build/C/man2/seteuid.2:67 build/C/man2/setfsgid.2:68 build/C/man2/setfsuid.2:68 build/C/man2/setgid.2:53 build/C/man2/setpgid.2:195 build/C/man2/setresuid.2:64 build/C/man2/setreuid.2:93 build/C/man2/setsid.2:54 build/C/man2/setuid.2:70 build/C/man3/ulimit.3:67 build/C/man2/seccomp.2:342 -#, no-wrap -msgid "RETURN VALUE" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:65 build/C/man2/capget.2:165 build/C/man2/getresuid.2:55 build/C/man2/getrusage.2:193 build/C/man2/iopl.2:71 build/C/man2/seteuid.2:72 build/C/man2/setgid.2:58 build/C/man2/setresuid.2:69 build/C/man2/setreuid.2:98 build/C/man2/setuid.2:75 -msgid "" -"On success, zero is returned. On error, -1 is returned, and I is set " -"appropriately." -msgstr "" - -#. type: SH -#: build/C/man2/acct.2:65 build/C/man2/capget.2:179 build/C/man7/cpuset.7:1100 build/C/man2/getgid.2:42 build/C/man2/getgroups.2:106 build/C/man2/getpid.2:44 build/C/man2/getpriority.2:117 build/C/man2/getresuid.2:55 build/C/man2/getrlimit.2:466 build/C/man2/getrusage.2:193 build/C/man2/getsid.2:63 build/C/man2/getuid.2:43 build/C/man2/iopl.2:71 build/C/man2/ioprio_set.2:169 build/C/man2/seteuid.2:79 build/C/man2/setgid.2:58 build/C/man2/setpgid.2:216 build/C/man2/setresuid.2:76 build/C/man2/setreuid.2:105 build/C/man2/setsid.2:61 build/C/man2/setuid.2:82 build/C/man3/ulimit.3:74 build/C/man2/seccomp.2:358 -#, no-wrap -msgid "ERRORS" -msgstr "" - -#. type: TP -#: build/C/man2/acct.2:66 build/C/man7/cpuset.7:1116 build/C/man7/cpuset.7:1123 build/C/man7/cpuset.7:1129 build/C/man7/cpuset.7:1137 build/C/man7/cpuset.7:1144 build/C/man2/getpriority.2:137 build/C/man2/setpgid.2:217 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:77 -msgid "" -"Write permission is denied for the specified file, or search permission is " -"denied for one of the directories in the path prefix of I (see " -"also B(7)), or I is not a regular file." -msgstr "" - -#. type: TP -#: build/C/man2/acct.2:77 build/C/man2/capget.2:180 build/C/man7/cpuset.7:1172 build/C/man2/getgroups.2:107 build/C/man2/getresuid.2:56 build/C/man2/getrlimit.2:467 build/C/man2/getrusage.2:194 build/C/man2/seccomp.2:369 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:81 -msgid "I points outside your accessible address space." -msgstr "" - -#. type: TP -#: build/C/man2/acct.2:81 build/C/man7/cpuset.7:1238 build/C/man7/cpuset.7:1246 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:85 -msgid "Error writing to the file I." -msgstr "" - -#. type: TP -#: build/C/man2/acct.2:85 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:89 -msgid "I is a directory." -msgstr "" - -#. type: TP -#: build/C/man2/acct.2:89 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:93 -msgid "Too many symbolic links were encountered in resolving I." -msgstr "" - -#. type: TP -#: build/C/man2/acct.2:93 build/C/man7/cpuset.7:1251 build/C/man7/cpuset.7:1258 build/C/man7/cpuset.7:1263 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:97 -msgid "I was too long." -msgstr "" - -#. type: TP -#: build/C/man2/acct.2:97 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:100 -msgid "The system limit on the total number of open files has been reached." -msgstr "" - -#. type: TP -#: build/C/man2/acct.2:100 build/C/man7/cpuset.7:1275 build/C/man7/cpuset.7:1280 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:103 -msgid "The specified filename does not exist." -msgstr "" - -#. type: TP -#: build/C/man2/acct.2:103 build/C/man7/cpuset.7:1287 build/C/man2/getgroups.2:127 build/C/man2/seccomp.2:413 build/C/man2/seccomp.2:416 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:106 build/C/man2/getgroups.2:130 build/C/man2/seccomp.2:416 -msgid "Out of memory." -msgstr "" - -#. type: TP -#: build/C/man2/acct.2:106 build/C/man2/iopl.2:76 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:112 -msgid "" -"BSD process accounting has not been enabled when the operating system kernel " -"was compiled. The kernel configuration parameter controlling this feature " -"is B." -msgstr "" - -#. type: TP -#: build/C/man2/acct.2:112 build/C/man7/cpuset.7:1314 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:117 -msgid "A component used as a directory in I is not in fact a directory." -msgstr "" - -#. type: TP -#: build/C/man2/acct.2:117 build/C/man2/capget.2:191 build/C/man2/capget.2:196 build/C/man7/cpuset.7:1319 build/C/man2/getgroups.2:130 build/C/man2/getpriority.2:149 build/C/man2/getrlimit.2:483 build/C/man2/getrlimit.2:488 build/C/man2/getrlimit.2:496 build/C/man2/getsid.2:64 build/C/man2/iopl.2:79 build/C/man2/ioprio_set.2:179 build/C/man2/seteuid.2:83 build/C/man2/setgid.2:64 build/C/man2/setpgid.2:231 build/C/man2/setresuid.2:103 build/C/man2/setreuid.2:132 build/C/man2/setsid.2:62 build/C/man2/setuid.2:110 build/C/man3/ulimit.3:75 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:123 -msgid "" -"The calling process has insufficient privilege to enable process " -"accounting. On Linux the B capability is required." -msgstr "" - -#. type: TP -#: build/C/man2/acct.2:123 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:127 -msgid "I refers to a file on a read-only filesystem." -msgstr "" - -#. type: TP -#: build/C/man2/acct.2:127 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:130 -msgid "There are no more free file structures or we ran out of memory." -msgstr "" - -#. type: SH -#: build/C/man2/acct.2:130 build/C/man5/acct.5:153 build/C/man7/capabilities.7:1120 build/C/man2/capget.2:218 build/C/man7/credentials.7:287 build/C/man2/getgid.2:44 build/C/man2/getgroups.2:133 build/C/man2/getpid.2:46 build/C/man2/getpriority.2:157 build/C/man2/getresuid.2:67 build/C/man2/getrlimit.2:511 build/C/man2/getrusage.2:202 build/C/man2/getsid.2:79 build/C/man2/getuid.2:45 build/C/man3/group_member.3:55 build/C/man2/iopl.2:87 build/C/man2/ioprio_set.2:196 build/C/man2/ipc.2:45 build/C/man7/namespaces.7:359 build/C/man7/pid_namespaces.7:351 build/C/man2/seteuid.2:99 build/C/man2/setfsgid.2:75 build/C/man2/setfsuid.2:75 build/C/man2/setgid.2:71 build/C/man2/setpgid.2:250 build/C/man2/setresuid.2:109 build/C/man2/setreuid.2:148 build/C/man2/setsid.2:68 build/C/man2/setuid.2:117 build/C/man3/ulimit.3:78 build/C/man7/user_namespaces.7:645 build/C/man2/seccomp.2:435 -#, no-wrap -msgid "CONFORMING TO" -msgstr "" - -#. SVr4 documents an EBUSY error condition, but no EISDIR or ENOSYS. -#. Also AIX and HP-UX document EBUSY (attempt is made -#. to enable accounting when it is already enabled), as does Solaris -#. (attempt is made to enable accounting using the same file that is -#. currently being used). -#. type: Plain text -#: build/C/man2/acct.2:137 -msgid "SVr4, 4.3BSD (but not POSIX)." -msgstr "" - -#. type: SH -#: build/C/man2/acct.2:137 build/C/man5/acct.5:157 build/C/man7/capabilities.7:1126 build/C/man2/capget.2:220 build/C/man7/cpuset.7:1341 build/C/man7/credentials.7:293 build/C/man2/getgid.2:46 build/C/man2/getgroups.2:141 build/C/man2/getpid.2:48 build/C/man2/getpriority.2:160 build/C/man2/getresuid.2:70 build/C/man2/getrlimit.2:534 build/C/man2/getrusage.2:213 build/C/man2/getsid.2:81 build/C/man2/getuid.2:47 build/C/man2/iopl.2:91 build/C/man2/ioprio_set.2:198 build/C/man2/ipc.2:49 build/C/man2/seteuid.2:101 build/C/man2/setfsgid.2:79 build/C/man2/setfsuid.2:79 build/C/man2/setgid.2:73 build/C/man2/setpgid.2:272 build/C/man2/setresuid.2:112 build/C/man2/setreuid.2:154 build/C/man2/setsid.2:70 build/C/man2/setuid.2:122 build/C/man7/user_namespaces.7:648 build/C/man2/seccomp.2:439 -#, no-wrap -msgid "NOTES" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:140 -msgid "" -"No accounting is produced for programs running when a system crash occurs. " -"In particular, nonterminating processes are never accounted for." -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:143 -msgid "" -"The structure of the records written to the accounting file is described in " -"B(5)." -msgstr "" - -#. type: SH -#: build/C/man2/acct.2:143 build/C/man5/acct.5:174 build/C/man7/capabilities.7:1183 build/C/man2/capget.2:228 build/C/man7/cpuset.7:1488 build/C/man7/credentials.7:304 build/C/man2/getgid.2:62 build/C/man2/getgroups.2:178 build/C/man2/getpid.2:100 build/C/man2/getpriority.2:232 build/C/man2/getresuid.2:86 build/C/man2/getrlimit.2:766 build/C/man2/getrusage.2:253 build/C/man2/getsid.2:84 build/C/man2/getuid.2:73 build/C/man3/group_member.3:57 build/C/man2/iopl.2:100 build/C/man2/ioprio_set.2:346 build/C/man2/ipc.2:57 build/C/man7/namespaces.7:364 build/C/man7/pid_namespaces.7:356 build/C/man2/seteuid.2:141 build/C/man2/setfsgid.2:123 build/C/man2/setfsuid.2:131 build/C/man2/setgid.2:83 build/C/man2/setpgid.2:340 build/C/man2/setresuid.2:132 build/C/man2/setreuid.2:194 build/C/man2/setsid.2:93 build/C/man2/setuid.2:145 build/C/man7/svipc.7:335 build/C/man3/ulimit.3:83 build/C/man7/user_namespaces.7:1011 build/C/man2/seccomp.2:662 -#, no-wrap -msgid "SEE ALSO" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:145 -msgid "B(5)" -msgstr "" - -#. type: SH -#: build/C/man2/acct.2:145 build/C/man5/acct.5:179 build/C/man7/capabilities.7:1205 build/C/man2/capget.2:232 build/C/man7/cpuset.7:1506 build/C/man7/credentials.7:340 build/C/man2/getgid.2:67 build/C/man2/getgroups.2:186 build/C/man2/getpid.2:111 build/C/man2/getpriority.2:241 build/C/man2/getresuid.2:92 build/C/man2/getrlimit.2:784 build/C/man2/getrusage.2:260 build/C/man2/getsid.2:88 build/C/man2/getuid.2:78 build/C/man3/group_member.3:62 build/C/man2/iopl.2:104 build/C/man2/ioprio_set.2:354 build/C/man2/ipc.2:70 build/C/man7/namespaces.7:377 build/C/man7/pid_namespaces.7:365 build/C/man2/seteuid.2:149 build/C/man2/setfsgid.2:128 build/C/man2/setfsuid.2:136 build/C/man2/setgid.2:90 build/C/man2/setpgid.2:347 build/C/man2/setresuid.2:142 build/C/man2/setreuid.2:203 build/C/man2/setsid.2:100 build/C/man2/setuid.2:153 build/C/man7/svipc.7:353 build/C/man3/ulimit.3:88 build/C/man7/user_namespaces.7:1027 build/C/man2/seccomp.2:679 -#, no-wrap -msgid "COLOPHON" -msgstr "" - -#. type: Plain text -#: build/C/man2/acct.2:153 build/C/man5/acct.5:187 build/C/man7/capabilities.7:1213 build/C/man2/capget.2:240 build/C/man7/cpuset.7:1514 build/C/man7/credentials.7:348 build/C/man2/getgid.2:75 build/C/man2/getgroups.2:194 build/C/man2/getpid.2:119 build/C/man2/getpriority.2:249 build/C/man2/getresuid.2:100 build/C/man2/getrlimit.2:792 build/C/man2/getrusage.2:268 build/C/man2/getsid.2:96 build/C/man2/getuid.2:86 build/C/man3/group_member.3:70 build/C/man2/iopl.2:112 build/C/man2/ioprio_set.2:362 build/C/man2/ipc.2:78 build/C/man7/namespaces.7:385 build/C/man7/pid_namespaces.7:373 build/C/man2/seteuid.2:157 build/C/man2/setfsgid.2:136 build/C/man2/setfsuid.2:144 build/C/man2/setgid.2:98 build/C/man2/setpgid.2:355 build/C/man2/setresuid.2:150 build/C/man2/setreuid.2:211 build/C/man2/setsid.2:108 build/C/man2/setuid.2:161 build/C/man7/svipc.7:361 build/C/man3/ulimit.3:96 build/C/man7/user_namespaces.7:1035 build/C/man2/seccomp.2:687 -msgid "" -"This page is part of release 3.79 of the Linux I project. A " -"description of the project, information about reporting bugs, and the latest " -"version of this page, can be found at " -"\\%http://www.kernel.org/doc/man-pages/." -msgstr "" - -#. type: TH -#: build/C/man5/acct.5:25 -#, no-wrap -msgid "2008-06-15" -msgstr "" - -#. type: Plain text -#: build/C/man5/acct.5:28 -msgid "acct - process accounting file" -msgstr "" - -#. type: Plain text -#: build/C/man5/acct.5:30 -msgid "B<#include Esys/acct.hE>" -msgstr "" - -#. type: Plain text -#: build/C/man5/acct.5:36 -msgid "" -"If the kernel is built with the process accounting option enabled " -"(B), then calling B(2) starts process " -"accounting, for example:" -msgstr "" - -#. type: Plain text -#: build/C/man5/acct.5:39 -msgid "acct(\"/var/log/pacct\");" -msgstr "" - -#. type: Plain text -#: build/C/man5/acct.5:47 -msgid "" -"When process accounting is enabled, the kernel writes a record to the " -"accounting file as each process on the system terminates. This record " -"contains information about the terminated process, and is defined in " -"Isys/acct.hE> as follows:" -msgstr "" - -#. type: Plain text -#: build/C/man5/acct.5:51 -#, no-wrap -msgid "#define ACCT_COMM 16\n" -msgstr "" - -#. type: Plain text -#: build/C/man5/acct.5:53 -#, no-wrap -msgid "typedef u_int16_t comp_t;\n" -msgstr "" - -#. type: Plain text -#: build/C/man5/acct.5:77 -#, no-wrap -msgid "" -"struct acct {\n" -" char ac_flag; /* Accounting flags */\n" -" u_int16_t ac_uid; /* Accounting user ID */\n" -" u_int16_t ac_gid; /* Accounting group ID */\n" -" u_int16_t ac_tty; /* Controlling terminal */\n" -" u_int32_t ac_btime; /* Process creation time\n" -" (seconds since the Epoch) */\n" -" comp_t ac_utime; /* User CPU time */\n" -" comp_t ac_stime; /* System CPU time */\n" -" comp_t ac_etime; /* Elapsed time */\n" -" comp_t ac_mem; /* Average memory usage (kB) */\n" -" comp_t ac_io; /* Characters transferred (unused) */\n" -" comp_t ac_rw; /* Blocks read or written (unused) */\n" -" comp_t ac_minflt; /* Minor page faults */\n" -" comp_t ac_majflt; /* Major page faults */\n" -" comp_t ac_swaps; /* Number of swaps (unused) */\n" -" u_int32_t ac_exitcode; /* Process termination status\n" -" (see wait(2)) */\n" -" char ac_comm[ACCT_COMM+1];\n" -" /* Command name (basename of last\n" -" executed command; null-terminated) */\n" -" char ac_pad[I]; /* padding bytes */\n" -"};\n" -msgstr "" - -#. type: Plain text -#: build/C/man5/acct.5:84 -#, no-wrap -msgid "" -"enum { /* Bits that may be set in ac_flag field */\n" -" AFORK = 0x01, /* Has executed fork, but no exec */\n" -" ASU = 0x02, /* Used superuser privileges */\n" -" ACORE = 0x08, /* Dumped core */\n" -" AXSIG = 0x10 /* Killed by a signal */\n" -"};\n" -msgstr "" - -#. type: Plain text -#: build/C/man5/acct.5:94 -msgid "" -"The I data type is a floating-point value consisting of a 3-bit, " -"base-8 exponent, and a 13-bit mantissa. A value, I, of this type can be " -"converted to a (long) integer as follows:" -msgstr "" - -#. type: Plain text -#: build/C/man5/acct.5:97 -#, no-wrap -msgid " v = (c & 0x1fff) EE (((c EE 13) & 0x7) * 3);\n" -msgstr "" - -#. type: Plain text -#: build/C/man5/acct.5:107 -msgid "" -"The I, I, and I fields measure time in \"clock " -"ticks\"; divide these values by I to convert them to " -"seconds." -msgstr "" - -#. type: SS -#: build/C/man5/acct.5:107 -#, no-wrap -msgid "Version 3 accounting file format" -msgstr "" - -#. type: Plain text -#: build/C/man5/acct.5:122 -msgid "" -"Since kernel 2.6.8, an optional alternative version of the accounting file " -"can be produced if the B option is set when " -"building the kernel. With this option is set, the records written to the " -"accounting file contain additional fields, and the width of I and " -"I fields is widened from 16 to 32 bits (in line with the increased " -"size of UID and GIDs in Linux 2.4 and later). The records are defined as " -"follows:" -msgstr "" - -#. type: Plain text -#: build/C/man5/acct.5:147 -#, no-wrap -msgid "" -"struct acct_v3 {\n" -" char ac_flag; /* Flags */\n" -" char ac_version; /* Always set to ACCT_VERSION (3) */\n" -" u_int16_t ac_tty; /* Controlling terminal */\n" -" u_int32_t ac_exitcode; /* Process termination status */\n" -" u_int32_t ac_uid; /* Real user ID */\n" -" u_int32_t ac_gid; /* Real group ID */\n" -" u_int32_t ac_pid; /* Process ID */\n" -" u_int32_t ac_ppid; /* Parent process ID */\n" -" u_int32_t ac_btime; /* Process creation time */\n" -" float ac_etime; /* Elapsed time */\n" -" comp_t ac_utime; /* User CPU time */\n" -" comp_t ac_stime; /* System time */\n" -" comp_t ac_mem; /* Average memory usage (kB) */\n" -" comp_t ac_io; /* Characters transferred (unused) */\n" -" comp_t ac_rw; /* Blocks read or written\n" -" (unused) */\n" -" comp_t ac_minflt; /* Minor page faults */\n" -" comp_t ac_majflt; /* Major page faults */\n" -" comp_t ac_swaps; /* Number of swaps (unused) */\n" -" char ac_comm[ACCT_COMM]; /* Command name */\n" -"};\n" -msgstr "" - -#. type: SH -#: build/C/man5/acct.5:149 build/C/man7/cpuset.7:1338 build/C/man2/getresuid.2:60 build/C/man2/getrlimit.2:506 build/C/man2/getsid.2:75 build/C/man2/ioprio_set.2:193 build/C/man2/setfsgid.2:71 build/C/man2/setfsuid.2:71 build/C/man2/setresuid.2:107 build/C/man2/seccomp.2:430 -#, no-wrap -msgid "VERSIONS" -msgstr "" - -#. type: Plain text -#: build/C/man5/acct.5:153 -msgid "The I structure is defined in glibc since version 2.6." -msgstr "" - -#. type: Plain text -#: build/C/man5/acct.5:157 -msgid "" -"Process accounting originated on BSD. Although it is present on most " -"systems, it is not standardized, and the details vary somewhat between " -"systems." -msgstr "" - -#. type: Plain text -#: build/C/man5/acct.5:160 -msgid "" -"Records in the accounting file are ordered by termination time of the " -"process." -msgstr "" - -#. type: Plain text -#: build/C/man5/acct.5:167 -msgid "" -"In kernels up to and including 2.6.9, a separate accounting record is " -"written for each thread created using the NPTL threading library; since " -"Linux 2.6.10, a single accounting record is written for the entire process " -"on termination of the last thread in the process." -msgstr "" - -#. type: Plain text -#: build/C/man5/acct.5:174 -msgid "" -"The I file, described in B(5), defines settings " -"that control the behavior of process accounting when disk space runs low." -msgstr "" - -#. type: Plain text -#: build/C/man5/acct.5:179 -msgid "B(1), B(2), B(8), B(8)" -msgstr "" - -#. type: TH -#: build/C/man7/capabilities.7:48 -#, no-wrap -msgid "CAPABILITIES" -msgstr "" - -#. type: TH -#: build/C/man7/capabilities.7:48 -#, no-wrap -msgid "2015-02-01" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:51 -msgid "capabilities - overview of Linux capabilities" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:63 -msgid "" -"For the purpose of performing permission checks, traditional UNIX " -"implementations distinguish two categories of processes: I " -"processes (whose effective user ID is 0, referred to as superuser or root), " -"and I processes (whose effective UID is nonzero). Privileged " -"processes bypass all kernel permission checks, while unprivileged processes " -"are subject to full permission checking based on the process's credentials " -"(usually: effective UID, effective GID, and supplementary group list)." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:70 -msgid "" -"Starting with kernel 2.2, Linux divides the privileges traditionally " -"associated with superuser into distinct units, known as I, " -"which can be independently enabled and disabled. Capabilities are a " -"per-thread attribute." -msgstr "" - -#. type: SS -#: build/C/man7/capabilities.7:70 -#, no-wrap -msgid "Capabilities list" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:73 -msgid "" -"The following list shows the capabilities implemented on Linux, and the " -"operations or behaviors that each capability permits:" -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:73 -#, no-wrap -msgid "B (since Linux 2.6.11)" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:77 -msgid "" -"Enable and disable kernel auditing; change auditing filter rules; retrieve " -"auditing status and filtering rules." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:77 -#, no-wrap -msgid "B (since Linux 3.16)" -msgstr "" - -#. commit a29b694aa1739f9d76538e34ae25524f9c549d59 -#. commit 3a101b8de0d39403b2c7e5c23fd0b005668acf48 -#. type: Plain text -#: build/C/man7/capabilities.7:82 -msgid "Allow reading the audit log via a multicast netlink socket." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:82 -#, no-wrap -msgid "B (since Linux 2.6.11)" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:85 -msgid "Write records to kernel auditing log." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:85 -#, no-wrap -msgid "B (since Linux 3.5)" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:91 -msgid "" -"Employ features that can block system suspend (B(7) B, " -"I)." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:91 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:95 -msgid "Make arbitrary changes to file UIDs and GIDs (see B(2))." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:95 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:99 -msgid "" -"Bypass file read, write, and execute permission checks. (DAC is an " -"abbreviation of \"discretionary access control\".)" -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:99 -#, no-wrap -msgid "B" -msgstr "" - -#. type: IP -#: build/C/man7/capabilities.7:103 build/C/man7/capabilities.7:106 build/C/man7/capabilities.7:116 build/C/man7/capabilities.7:126 build/C/man7/capabilities.7:130 build/C/man7/capabilities.7:132 build/C/man7/capabilities.7:134 build/C/man7/capabilities.7:204 build/C/man7/capabilities.7:206 build/C/man7/capabilities.7:208 build/C/man7/capabilities.7:210 build/C/man7/capabilities.7:212 build/C/man7/capabilities.7:214 build/C/man7/capabilities.7:216 build/C/man7/capabilities.7:218 build/C/man7/capabilities.7:220 build/C/man7/capabilities.7:244 build/C/man7/capabilities.7:246 build/C/man7/capabilities.7:296 build/C/man7/capabilities.7:306 build/C/man7/capabilities.7:312 build/C/man7/capabilities.7:317 build/C/man7/capabilities.7:323 build/C/man7/capabilities.7:327 build/C/man7/capabilities.7:334 build/C/man7/capabilities.7:337 build/C/man7/capabilities.7:345 build/C/man7/capabilities.7:347 build/C/man7/capabilities.7:356 build/C/man7/capabilities.7:365 build/C/man7/capabilities.7:368 build/C/man7/capabilities.7:372 build/C/man7/capabilities.7:380 build/C/man7/capabilities.7:383 build/C/man7/capabilities.7:390 build/C/man7/capabilities.7:395 build/C/man7/capabilities.7:401 build/C/man7/capabilities.7:405 build/C/man7/capabilities.7:409 build/C/man7/capabilities.7:413 build/C/man7/capabilities.7:417 build/C/man7/capabilities.7:444 build/C/man7/capabilities.7:449 build/C/man7/capabilities.7:455 build/C/man7/capabilities.7:458 build/C/man7/capabilities.7:461 build/C/man7/capabilities.7:471 build/C/man7/capabilities.7:475 build/C/man7/capabilities.7:492 build/C/man7/capabilities.7:495 build/C/man7/capabilities.7:499 build/C/man7/capabilities.7:504 build/C/man7/capabilities.7:513 build/C/man7/capabilities.7:518 build/C/man7/capabilities.7:521 build/C/man7/capabilities.7:526 build/C/man7/capabilities.7:529 build/C/man7/capabilities.7:532 build/C/man7/capabilities.7:535 build/C/man7/capabilities.7:538 build/C/man7/capabilities.7:543 build/C/man7/capabilities.7:545 build/C/man7/capabilities.7:551 build/C/man7/capabilities.7:559 build/C/man7/capabilities.7:561 build/C/man7/capabilities.7:565 build/C/man7/capabilities.7:567 build/C/man7/capabilities.7:570 build/C/man7/capabilities.7:574 build/C/man7/capabilities.7:576 build/C/man7/capabilities.7:578 build/C/man7/capabilities.7:580 build/C/man7/capabilities.7:589 build/C/man7/capabilities.7:596 build/C/man7/capabilities.7:601 build/C/man7/capabilities.7:606 build/C/man7/capabilities.7:611 build/C/man7/capabilities.7:636 build/C/man7/capabilities.7:643 build/C/man7/capabilities.7:844 build/C/man7/capabilities.7:852 build/C/man7/capabilities.7:1172 build/C/man7/capabilities.7:1177 build/C/man7/cpuset.7:540 build/C/man7/cpuset.7:545 build/C/man7/cpuset.7:550 build/C/man7/cpuset.7:726 build/C/man7/cpuset.7:730 build/C/man7/cpuset.7:927 build/C/man7/cpuset.7:930 build/C/man7/cpuset.7:934 build/C/man7/cpuset.7:938 build/C/man7/cpuset.7:942 build/C/man7/credentials.7:177 build/C/man7/credentials.7:183 build/C/man7/credentials.7:195 build/C/man7/credentials.7:217 build/C/man7/credentials.7:234 build/C/man7/credentials.7:266 build/C/man7/credentials.7:269 build/C/man7/credentials.7:280 build/C/man7/credentials.7:283 build/C/man2/getrlimit.2:690 build/C/man2/getrlimit.2:693 build/C/man7/namespaces.7:212 build/C/man7/namespaces.7:215 build/C/man7/namespaces.7:228 build/C/man7/pid_namespaces.7:233 build/C/man7/pid_namespaces.7:241 build/C/man7/pid_namespaces.7:252 build/C/man7/user_namespaces.7:261 build/C/man7/user_namespaces.7:266 build/C/man7/user_namespaces.7:272 build/C/man7/user_namespaces.7:285 build/C/man7/user_namespaces.7:306 build/C/man7/user_namespaces.7:474 build/C/man7/user_namespaces.7:477 build/C/man7/user_namespaces.7:479 build/C/man7/user_namespaces.7:492 build/C/man7/user_namespaces.7:505 build/C/man7/user_namespaces.7:532 build/C/man7/user_namespaces.7:541 build/C/man2/seccomp.2:265 build/C/man2/seccomp.2:269 build/C/man2/seccomp.2:272 build/C/man2/seccomp.2:277 build/C/man2/seccomp.2:281 build/C/man2/seccomp.2:455 build/C/man2/seccomp.2:463 build/C/man2/seccomp.2:469 -#, no-wrap -msgid "*" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:106 -msgid "" -"Bypass file read permission checks and directory read and execute permission " -"checks;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:109 -msgid "Invoke B(2)." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:112 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:126 -msgid "" -"Bypass permission checks on operations that normally require the filesystem " -"UID of the process to match the UID of the file (e.g., B(2), " -"B(2)), excluding those operations covered by B and " -"B;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:130 -msgid "set extended file attributes (see B(1)) on arbitrary files;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:132 -msgid "set Access Control Lists (ACLs) on arbitrary files;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:134 -msgid "ignore directory sticky bit on file deletion;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:141 -msgid "specify B for arbitrary files in B(2) and B(2)." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:143 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:149 -msgid "" -"Don't clear set-user-ID and set-group-ID permission bits when a file is " -"modified; set the set-group-ID bit for a file whose GID does not match the " -"filesystem or any of the supplementary GIDs of the calling process." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:149 -#, no-wrap -msgid "B" -msgstr "" - -#. FIXME . As at Linux 3.2, there are some strange uses of this capability -#. in other places; they probably should be replaced with something else. -#. type: Plain text -#: build/C/man7/capabilities.7:158 -msgid "Lock memory (B(2), B(2), B(2), B(2))." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:158 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:161 -msgid "Bypass permission checks for operations on System V IPC objects." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:161 -#, no-wrap -msgid "B" -msgstr "" - -#. FIXME . CAP_KILL also has an effect for threads + setting child -#. termination signal to other than SIGCHLD: without this -#. capability, the termination signal reverts to SIGCHLD -#. if the child does an exec(). What is the rationale -#. for this? -#. type: Plain text -#: build/C/man7/capabilities.7:174 -msgid "" -"Bypass permission checks for sending signals (see B(2)). This " -"includes use of the B(2) B operation." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:174 -#, no-wrap -msgid "B (since Linux 2.4)" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:178 -msgid "Establish leases on arbitrary files (see B(2))." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:178 -#, no-wrap -msgid "B" -msgstr "" - -#. These attributes are now available on ext2, ext3, Reiserfs, XFS, JFS -#. type: Plain text -#: build/C/man7/capabilities.7:187 -msgid "" -"Set the B and B inode flags (see " -"B(1))." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:187 -#, no-wrap -msgid "B (since Linux 2.6.25)" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:191 -msgid "" -"Override Mandatory Access Control (MAC). Implemented for the Smack Linux " -"Security Module (LSM)." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:191 -#, no-wrap -msgid "B (since Linux 2.6.25)" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:195 -msgid "Allow MAC configuration or state changes. Implemented for the Smack LSM." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:195 -#, no-wrap -msgid "B (since Linux 2.4)" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:199 -msgid "Create special files using B(2)." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:199 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:202 -msgid "Perform various network-related operations:" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:206 -msgid "interface configuration;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:208 -msgid "administration of IP firewall, masquerading, and accounting;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:210 -msgid "modify routing tables;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:212 -msgid "bind to any address for transparent proxying;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:214 -msgid "set type-of-service (TOS)" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:216 -msgid "clear driver statistics;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:218 -msgid "set promiscuous mode;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:220 -msgid "enabling multicasting;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:231 -msgid "" -"use B(2) to set the following socket options: B, " -"B, B (for a priority outside the range 0 to 6), " -"B, and B." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:233 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:237 -msgid "" -"Bind a socket to Internet domain privileged ports (port numbers less than " -"1024)." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:237 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:240 -msgid "(Unused) Make socket broadcasts, and listen to multicasts." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:240 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:246 -msgid "use RAW and PACKET sockets;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:248 -msgid "bind to any address for transparent proxying." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:251 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:257 -msgid "" -"Make arbitrary manipulations of process GIDs and supplementary GID list; " -"forge GID when passing socket credentials via UNIX domain sockets; write a " -"group ID mapping in a user namespace (see B(7))." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:257 -#, no-wrap -msgid "B (since Linux 2.6.24)" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:260 -msgid "Set file capabilities." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:260 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:271 -msgid "" -"If file capabilities are not supported: grant or remove any capability in " -"the caller's permitted capability set to or from any other process. (This " -"property of B is not available when the kernel is configured to " -"support file capabilities, since B has entirely different " -"semantics for such kernels.)" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:281 -msgid "" -"If file capabilities are supported: add any capability from the calling " -"thread's bounding set to its inheritable set; drop capabilities from the " -"bounding set (via B(2) B); make changes to the " -"I flags." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:281 -#, no-wrap -msgid "B" -msgstr "" - -#. FIXME CAP_SETUID also an effect in exec(); document this. -#. type: Plain text -#: build/C/man7/capabilities.7:292 -msgid "" -"Make arbitrary manipulations of process UIDs (B(2), B(2), " -"B(2), B(2)); forge UID when passing socket credentials " -"via UNIX domain sockets; write a user ID mapping in a user namespace (see " -"B(7))." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:292 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:306 -msgid "" -"Perform a range of system administration operations including: " -"B(2), B(2), B(2), B(2), B(2), " -"B(2), and B(2);" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:312 -msgid "" -"perform privileged B(2) operations (since Linux 2.6.37, " -"B should be used to permit such operations);" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:317 -msgid "perform B B(2) command;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:323 -msgid "" -"perform B and B operations on arbitrary System V IPC " -"objects;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:327 build/C/man7/capabilities.7:574 -msgid "override B resource limit;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:334 -msgid "" -"perform operations on I and I Extended Attributes (see " -"B(5));" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:337 -msgid "use B(2);" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:345 -msgid "" -"use B(2) to assign B and (before Linux 2.6.25) " -"B I/O scheduling classes;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:347 -msgid "forge PID when passing socket credentials via UNIX domain sockets;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:356 -msgid "" -"exceed I, the system-wide limit on the number of open " -"files, in system calls that open files (e.g., B(2), B(2), " -"B(2), B(2));" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:365 -msgid "" -"employ B flags that create new namespaces with B(2) and " -"B(2) (but, since Linux 3.8, creating user namespaces does not " -"require any capability);" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:368 -msgid "call B(2);" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:372 -msgid "access privileged I event information;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:380 -msgid "call B(2) (requires B in the I namespace);" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:383 -msgid "call B(2);" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:390 -msgid "perform B and B B(2) operations;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:395 -msgid "perform B(2) B operation;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:401 -msgid "" -"employ the B B(2) to insert characters into the input queue " -"of a terminal other than the caller's controlling terminal;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:405 -msgid "employ the obsolete B(2) system call;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:409 -msgid "employ the obsolete B(2) system call;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:413 -msgid "perform various privileged block-device B(2) operations;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:417 -msgid "perform various privileged filesystem B(2) operations;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:419 -msgid "perform administrative operations on many device drivers." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:421 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:427 -msgid "Use B(2) and B(2)." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:427 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:431 -msgid "Use B(2)." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:431 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:440 -msgid "" -"Load and unload kernel modules (see B(2) and " -"B(2)); in kernels before 2.6.25: drop capabilities from the " -"system-wide capability bounding set." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:440 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:449 -msgid "" -"Raise process nice value (B(2), B(2)) and change the " -"nice value for arbitrary processes;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:455 -msgid "" -"set real-time scheduling policies for calling process, and set scheduling " -"policies and priorities for arbitrary processes (B(2), " -"B(2), B(2));" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:458 -msgid "set CPU affinity for arbitrary processes (B(2));" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:461 -msgid "" -"set I/O scheduling class and priority for arbitrary processes " -"(B(2));" -msgstr "" - -#. FIXME CAP_SYS_NICE also has the following effect for -#. migrate_pages(2): -#. do_migrate_pages(mm, &old, &new, -#. capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); -#. Document this. -#. type: Plain text -#: build/C/man7/capabilities.7:471 -msgid "" -"apply B(2) to arbitrary processes and allow processes to be " -"migrated to arbitrary nodes;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:475 -msgid "apply B(2) to arbitrary processes;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:482 -msgid "use the B flag with B(2) and B(2)." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:484 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:488 -msgid "Use B(2)." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:488 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:495 -msgid "Trace arbitrary processes using B(2);" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:499 -msgid "apply B(2) to arbitrary processes;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:504 -msgid "" -"transfer data to or from the memory of arbitrary processes using " -"B(2) and B(2)." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:507 -msgid "inspect processes using B(2)." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:509 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:518 -msgid "Perform I/O port operations (B(2) and B(2));" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:521 -msgid "access I;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:526 -msgid "employ the B B(2) operation;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:529 -msgid "" -"open devices for accessing x86 model-specific registers (MSRs, see " -"B(4))" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:532 -msgid "update I;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:535 -msgid "" -"create memory mappings at addresses below the value specified by " -"I;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:538 -msgid "map files in I;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:543 -msgid "open I and I;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:545 -msgid "perform various SCSI device commands;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:551 -msgid "perform certain operations on B(4) and B(4) devices;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:553 -msgid "perform a range of device-specific operations on other devices." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:555 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:561 -msgid "Use reserved space on ext2 filesystems;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:565 -msgid "make B(2) calls controlling ext3 journaling;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:567 -msgid "override disk quota limits;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:570 -msgid "increase resource limits (see B(2));" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:576 -msgid "override maximum number of consoles on console allocation;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:578 -msgid "override maximum number of keymaps;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:580 -msgid "allow more than 64hz interrupts from the real-time clock;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:589 -msgid "" -"raise I limit for a System V message queue above the limit in " -"I (see B(2) and B(2));" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:596 -msgid "" -"override the I limit when setting the capacity " -"of a pipe using the B B(2) command." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:601 -msgid "" -"use B to increase the capacity of a pipe above the limit " -"specified by I;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:606 -msgid "" -"override I limit when creating POSIX message " -"queues (see B(7));" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:611 -msgid "employ B(2) B operation;" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:616 -msgid "" -"set I to a value lower than the value last set by a " -"process with B." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:618 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:625 -msgid "" -"Set system clock (B(2), B(2), B(2)); set " -"real-time (hardware) clock." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:625 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:632 -msgid "" -"Use B(2); employ various privileged B(2) operations on " -"virtual terminals." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:632 -#, no-wrap -msgid "B (since Linux 2.6.37)" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:643 -msgid "" -"Perform privileged B(2) operations. See B(2) for " -"information on which operations require privilege." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:653 -msgid "" -"View kernel addresses exposed via I and other interfaces when " -"I has the value 1. (See the discussion of " -"the I in B(5).)" -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:655 -#, no-wrap -msgid "B (since Linux 3.0)" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:663 -msgid "" -"Trigger something that will wake up the system (set B " -"and B timers)." -msgstr "" - -#. type: SS -#: build/C/man7/capabilities.7:663 -#, no-wrap -msgid "Past and current implementation" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:665 -msgid "A full implementation of capabilities requires that:" -msgstr "" - -#. type: IP -#: build/C/man7/capabilities.7:665 build/C/man7/capabilities.7:816 build/C/man7/capabilities.7:963 build/C/man7/capabilities.7:1016 build/C/man7/user_namespaces.7:173 build/C/man7/user_namespaces.7:515 -#, no-wrap -msgid "1." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:669 -msgid "" -"For all privileged operations, the kernel must check whether the thread has " -"the required capability in its effective set." -msgstr "" - -#. type: IP -#: build/C/man7/capabilities.7:669 build/C/man7/capabilities.7:821 build/C/man7/capabilities.7:969 build/C/man7/capabilities.7:1022 build/C/man7/user_namespaces.7:189 build/C/man7/user_namespaces.7:521 -#, no-wrap -msgid "2." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:672 -msgid "" -"The kernel must provide system calls allowing a thread's capability sets to " -"be changed and retrieved." -msgstr "" - -#. type: IP -#: build/C/man7/capabilities.7:672 build/C/man7/capabilities.7:972 build/C/man7/capabilities.7:1026 build/C/man7/user_namespaces.7:193 build/C/man7/user_namespaces.7:526 -#, no-wrap -msgid "3." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:675 -msgid "" -"The filesystem must support attaching capabilities to an executable file, so " -"that a process gains those capabilities when the file is executed." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:679 -msgid "" -"Before kernel 2.6.24, only the first two of these requirements are met; " -"since kernel 2.6.24, all three requirements are met." -msgstr "" - -#. type: SS -#: build/C/man7/capabilities.7:679 -#, no-wrap -msgid "Thread capability sets" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:682 -msgid "" -"Each thread has three capability sets containing zero or more of the above " -"capabilities:" -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:682 -#, no-wrap -msgid "I:" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:690 -msgid "" -"This is a limiting superset for the effective capabilities that the thread " -"may assume. It is also a limiting superset for the capabilities that may be " -"added to the inheritable set by a thread that does not have the " -"B capability in its effective set." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:696 -msgid "" -"If a thread drops a capability from its permitted set, it can never " -"reacquire that capability (unless it B(2)s either a set-user-ID-root " -"program, or a program whose associated file capabilities grant that " -"capability)." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:696 -#, no-wrap -msgid "I:" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:703 -msgid "" -"This is a set of capabilities preserved across an B(2). It provides " -"a mechanism for a process to assign capabilities to the permitted set of the " -"new program during an B(2)." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:703 build/C/man7/capabilities.7:753 -#, no-wrap -msgid "I:" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:707 -msgid "" -"This is the set of capabilities used by the kernel to perform permission " -"checks for the thread." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:713 -msgid "" -"A child created via B(2) inherits copies of its parent's capability " -"sets. See below for a discussion of the treatment of capabilities during " -"B(2)." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:717 -msgid "" -"Using B(2), a thread may manipulate its own capability sets (see " -"below)." -msgstr "" - -#. commit 73efc0394e148d0e15583e13712637831f926720 -#. type: Plain text -#: build/C/man7/capabilities.7:726 -msgid "" -"Since Linux 3.2, the file I exposes the " -"numerical value of the highest capability supported by the running kernel; " -"this can be used to determine the highest bit that may be set in a " -"capability set." -msgstr "" - -#. type: SS -#: build/C/man7/capabilities.7:726 -#, no-wrap -msgid "File capabilities" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:741 -msgid "" -"Since kernel 2.6.24, the kernel supports associating capability sets with an " -"executable file using B(8). The file capability sets are stored in " -"an extended attribute (see B(2)) named I. " -"Writing to this extended attribute requires the B capability. " -"The file capability sets, in conjunction with the capability sets of the " -"thread, determine the capabilities of a thread after an B(2)." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:743 -msgid "The three file capability sets are:" -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:743 -#, no-wrap -msgid "I (formerly known as I):" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:747 -msgid "" -"These capabilities are automatically permitted to the thread, regardless of " -"the thread's inheritable capabilities." -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:747 -#, no-wrap -msgid "I (formerly known as I):" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:753 -msgid "" -"This set is ANDed with the thread's inheritable set to determine which " -"inheritable capabilities are enabled in the permitted set of the thread " -"after the B(2)." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:763 -msgid "" -"This is not a set, but rather just a single bit. If this bit is set, then " -"during an B(2) all of the new permitted capabilities for the thread " -"are also raised in the effective set. If this bit is not set, then after an " -"B(2), none of the new permitted capabilities is in the new effective " -"set." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:779 -msgid "" -"Enabling the file effective capability bit implies that any file permitted " -"or inheritable capability that causes a thread to acquire the corresponding " -"permitted capability during an B(2) (see the transformation rules " -"described below) will also acquire that capability in its effective set. " -"Therefore, when assigning capabilities to a file (B(8), " -"B(3), B(3)), if we specify the effective flag as " -"being enabled for any capability, then the effective flag must also be " -"specified as enabled for all other capabilities for which the corresponding " -"permitted or inheritable flags is enabled." -msgstr "" - -#. type: SS -#: build/C/man7/capabilities.7:779 -#, no-wrap -msgid "Transformation of capabilities during execve()" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:785 -msgid "" -"During an B(2), the kernel calculates the new capabilities of the " -"process using the following algorithm:" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:790 -#, no-wrap -msgid "" -"P'(permitted) = (P(inheritable) & F(inheritable)) |\n" -" (F(permitted) & cap_bset)\n" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:792 -#, no-wrap -msgid "P'(effective) = F(effective) ? P'(permitted) : 0\n" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:794 -#, no-wrap -msgid "P'(inheritable) = P(inheritable) [i.e., unchanged]\n" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:798 -msgid "where:" -msgstr "" - -#. type: IP -#: build/C/man7/capabilities.7:799 -#, no-wrap -msgid "P" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:802 -msgid "denotes the value of a thread capability set before the B(2)" -msgstr "" - -#. type: IP -#: build/C/man7/capabilities.7:802 -#, no-wrap -msgid "P'" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:805 -msgid "denotes the value of a capability set after the B(2)" -msgstr "" - -#. type: IP -#: build/C/man7/capabilities.7:805 -#, no-wrap -msgid "F" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:807 -msgid "denotes a file capability set" -msgstr "" - -#. type: IP -#: build/C/man7/capabilities.7:807 -#, no-wrap -msgid "cap_bset" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:809 -msgid "is the value of the capability bounding set (described below)." -msgstr "" - -#. type: SS -#: build/C/man7/capabilities.7:811 -#, no-wrap -msgid "Capabilities and execution of programs by root" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:816 -msgid "" -"In order to provide an all-powerful I using capability sets, during an " -"B(2):" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:821 -msgid "" -"If a set-user-ID-root program is being executed, or the real user ID of the " -"process is 0 (root) then the file inheritable and permitted sets are " -"defined to be all ones (i.e., all capabilities enabled)." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:824 -msgid "" -"If a set-user-ID-root program is being executed, then the file effective bit " -"is defined to be one (enabled)." -msgstr "" - -#. If a process with real UID 0, and nonzero effective UID does an -#. exec(), then it gets all capabilities in its -#. permitted set, and no effective capabilities -#. type: Plain text -#: build/C/man7/capabilities.7:839 -msgid "" -"The upshot of the above rules, combined with the capabilities " -"transformations described above, is that when a process B(2)s a " -"set-user-ID-root program, or when a process with an effective UID of 0 " -"B(2)s a program, it gains all capabilities in its permitted and " -"effective capability sets, except those masked out by the capability " -"bounding set. This provides semantics that are the same as those provided " -"by traditional UNIX systems." -msgstr "" - -#. type: SS -#: build/C/man7/capabilities.7:839 -#, no-wrap -msgid "Capability bounding set" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:844 -msgid "" -"The capability bounding set is a security mechanism that can be used to " -"limit the capabilities that can be gained during an B(2). The " -"bounding set is used in the following ways:" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:852 -msgid "" -"During an B(2), the capability bounding set is ANDed with the file " -"permitted capability set, and the result of this operation is assigned to " -"the thread's permitted capability set. The capability bounding set thus " -"places a limit on the permitted capabilities that may be granted by an " -"executable file." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:864 -msgid "" -"(Since Linux 2.6.25) The capability bounding set acts as a limiting " -"superset for the capabilities that a thread can add to its inheritable set " -"using B(2). This means that if a capability is not in the bounding " -"set, then a thread can't add this capability to its inheritable set, even if " -"it was in its permitted capabilities, and thereby cannot have this " -"capability preserved in its permitted set when it B(2)s a file that " -"has the capability in its inheritable set." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:871 -msgid "" -"Note that the bounding set masks the file permitted capabilities, but not " -"the inherited capabilities. If a thread maintains a capability in its " -"inherited set that is not in its bounding set, then it can still gain that " -"capability in its permitted set by executing a file that has the capability " -"in its inherited set." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:874 -msgid "" -"Depending on the kernel version, the capability bounding set is either a " -"system-wide attribute, or a per-process attribute." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:876 -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:884 -msgid "" -"In kernels before 2.6.25, the capability bounding set is a system-wide " -"attribute that affects all threads on the system. The bounding set is " -"accessible via the file I. (Confusingly, this " -"bit mask parameter is expressed as a signed decimal number in " -"I.)" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:891 -msgid "" -"Only the B process may set capabilities in the capability bounding " -"set; other than that, the superuser (more precisely: programs with the " -"B capability) may only clear capabilities from this set." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:900 -msgid "" -"On a standard system the capability bounding set always masks out the " -"B capability. To remove this restriction (dangerous!), modify " -"the definition of B in I and " -"rebuild the kernel." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:904 -msgid "" -"The system-wide capability bounding set feature was added to Linux starting " -"with kernel version 2.2.11." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:906 -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:911 -msgid "" -"From Linux 2.6.25, the I is a per-thread " -"attribute. (There is no longer a system-wide capability bounding set.)" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:916 -msgid "" -"The bounding set is inherited at B(2) from the thread's parent, and " -"is preserved across an B(2)." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:929 -msgid "" -"A thread may remove capabilities from its capability bounding set using the " -"B(2) B operation, provided it has the " -"B capability. Once a capability has been dropped from the " -"bounding set, it cannot be restored to that set. A thread can determine if " -"a capability is in its bounding set using the B(2) " -"B operation." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:947 -msgid "" -"Removing capabilities from the bounding set is supported only if file " -"capabilities are compiled into the kernel. In kernels before Linux 2.6.33, " -"file capabilities were an optional feature configurable via the " -"B option. Since Linux 2.6.33, the " -"configuration option has been removed and file capabilities are always part " -"of the kernel. When file capabilities are compiled into the kernel, the " -"B process (the ancestor of all processes) begins with a full bounding " -"set. If file capabilities are not compiled into the kernel, then B " -"begins with a full bounding set minus B, because this " -"capability has a different meaning when there are no file capabilities." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:954 -msgid "" -"Removing a capability from the bounding set does not remove it from the " -"thread's inherited set. However it does prevent the capability from being " -"added back into the thread's inherited set in the future." -msgstr "" - -#. type: SS -#: build/C/man7/capabilities.7:954 -#, no-wrap -msgid "Effect of user ID changes on capabilities" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:963 -msgid "" -"To preserve the traditional semantics for transitions between 0 and nonzero " -"user IDs, the kernel makes the following changes to a thread's capability " -"sets on changes to the thread's real, effective, saved set, and filesystem " -"user IDs (using B(2), B(2), or similar):" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:969 -msgid "" -"If one or more of the real, effective or saved set user IDs was previously " -"0, and as a result of the UID changes all of these IDs have a nonzero value, " -"then all capabilities are cleared from the permitted and effective " -"capability sets." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:972 -msgid "" -"If the effective user ID is changed from 0 to nonzero, then all capabilities " -"are cleared from the effective set." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:975 -msgid "" -"If the effective user ID is changed from nonzero to 0, then the permitted " -"set is copied to the effective set." -msgstr "" - -#. type: IP -#: build/C/man7/capabilities.7:975 build/C/man7/capabilities.7:1030 build/C/man7/user_namespaces.7:529 -#, no-wrap -msgid "4." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:993 -msgid "" -"If the filesystem user ID is changed from 0 to nonzero (see B(2)), " -"then the following capabilities are cleared from the effective set: " -"B, B, B, B, " -"B, B (since Linux 2.6.30), " -"B, and B (since Linux 2.6.30). If the " -"filesystem UID is changed from nonzero to 0, then any of these capabilities " -"that are enabled in the permitted set are enabled in the effective set." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1001 -msgid "" -"If a thread that has a 0 value for one or more of its user IDs wants to " -"prevent its permitted capability set being cleared when it resets all of its " -"user IDs to nonzero values, it can do so using the B(2) " -"B operation." -msgstr "" - -#. type: SS -#: build/C/man7/capabilities.7:1001 -#, no-wrap -msgid "Programmatically adjusting capability sets" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1016 -msgid "" -"A thread can retrieve and change its capability sets using the B(2) " -"and B(2) system calls. However, the use of B(3) and " -"B(3), both provided in the I package, is preferred for " -"this purpose. The following rules govern changes to the thread capability " -"sets:" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1022 -msgid "" -"If the caller does not have the B capability, the new " -"inheritable set must be a subset of the combination of the existing " -"inheritable and permitted sets." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1026 -msgid "" -"(Since Linux 2.6.25) The new inheritable set must be a subset of the " -"combination of the existing inheritable set and the capability bounding set." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1030 -msgid "" -"The new permitted set must be a subset of the existing permitted set (i.e., " -"it is not possible to acquire permitted capabilities that the thread does " -"not currently have)." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1032 -msgid "The new effective set must be a subset of the new permitted set." -msgstr "" - -#. type: SS -#: build/C/man7/capabilities.7:1032 -#, no-wrap -msgid "The securebits flags: establishing a capabilities-only environment" -msgstr "" - -#. For some background: -#. see http://lwn.net/Articles/280279/ and -#. http://article.gmane.org/gmane.linux.kernel.lsm/5476/ -#. type: Plain text -#: build/C/man7/capabilities.7:1043 -msgid "" -"Starting with kernel 2.6.26, and with a kernel in which file capabilities " -"are enabled, Linux implements a set of per-thread I flags that " -"can be used to disable special handling of capabilities for UID 0 " -"(I). These flags are as follows:" -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:1043 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1055 -msgid "" -"Setting this flag allows a thread that has one or more 0 UIDs to retain its " -"capabilities when it switches all of its UIDs to a nonzero value. If this " -"flag is not set, then such a UID switch causes the thread to lose all " -"capabilities. This flag is always cleared on an B(2). (This flag " -"provides the same functionality as the older B(2) B " -"operation.)" -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:1055 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1062 -msgid "" -"Setting this flag stops the kernel from adjusting capability sets when the " -"threads's effective and filesystem UIDs are switched between zero and " -"nonzero values. (See the subsection I.)" -msgstr "" - -#. type: TP -#: build/C/man7/capabilities.7:1062 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1070 -msgid "" -"If this bit is set, then the kernel does not grant capabilities when a " -"set-user-ID-root program is executed, or when a process with an effective or " -"real UID of 0 calls B(2). (See the subsection I.)" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1080 -msgid "" -"Each of the above \"base\" flags has a companion \"locked\" flag. Setting " -"any of the \"locked\" flags is irreversible, and has the effect of " -"preventing further changes to the corresponding \"base\" flag. The locked " -"flags are: B, B, and " -"B." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1092 -msgid "" -"The I flags can be modified and retrieved using the B(2) " -"B and B operations. The " -"B capability is required to modify the flags." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1101 -msgid "" -"The I flags are inherited by child processes. During an " -"B(2), all of the flags are preserved, except B " -"which is always cleared." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1106 -msgid "" -"An application can use the following call to lock itself, and all of its " -"descendants, into an environment where the only way of gaining capabilities " -"is by executing a program with associated file capabilities:" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1115 -#, no-wrap -msgid "" -"prctl(PR_SET_SECUREBITS,\n" -" SECBIT_KEEP_CAPS_LOCKED |\n" -" SECBIT_NO_SETUID_FIXUP |\n" -" SECBIT_NO_SETUID_FIXUP_LOCKED |\n" -" SECBIT_NOROOT |\n" -" SECBIT_NOROOT_LOCKED);\n" -msgstr "" - -#. type: SS -#: build/C/man7/capabilities.7:1117 -#, no-wrap -msgid "Interaction with user namespaces" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1120 -msgid "" -"For a discussion of the interaction of capabilities and user namespaces, see " -"B(7)." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1126 -msgid "" -"No standards govern capabilities, but the Linux capability implementation is " -"based on the withdrawn POSIX.1e draft standard; see E<.UR " -"http://wt.tuxomania.net\\:/publications\\:/posix.1e/> E<.UE .>" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1131 -msgid "" -"Since kernel 2.5.27, capabilities are an optional kernel component, and can " -"be enabled/disabled via the B kernel " -"configuration option." -msgstr "" - -#. 7b9a7ec565505699f503b4fcf61500dceb36e744 -#. type: Plain text -#: build/C/man7/capabilities.7:1145 -msgid "" -"The I file can be used to view the capability " -"sets of a thread. The I file shows the capability sets of " -"a process's main thread. Before Linux 3.8, nonexistent capabilities were " -"shown as being enabled (1) in these sets. Since Linux 3.8, all nonexistent " -"capabilities (above B) are shown as disabled (0)." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1160 -msgid "" -"The I package provides a suite of routines for setting and getting " -"capabilities that is more comfortable and less likely to change than the " -"interface provided by B(2) and B(2). This package also " -"provides the B(8) and B(8) programs. It can be found at" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1163 -msgid "" -"E<.UR " -"http://www.kernel.org\\:/pub\\:/linux\\:/libs\\:/security\\:/linux-privs> " -"E<.UE .>" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1172 -msgid "" -"Before kernel 2.6.24, and since kernel 2.6.24 if file capabilities are not " -"enabled, a thread with the B capability can manipulate the " -"capabilities of threads other than itself. However, this is only " -"theoretically possible, since no thread ever has B in either of " -"these cases:" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1177 -msgid "" -"In the pre-2.6.25 implementation the system-wide capability bounding set, " -"I, always masks out this capability, and this " -"can not be changed without modifying the kernel source and rebuilding." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1183 -msgid "" -"If file capabilities are disabled in the current implementation, then " -"B starts out with this capability removed from its per-process " -"bounding set, and that bounding set is inherited by all other processes " -"created on the system." -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1202 -msgid "" -"B(1), B(2), B(2), B(2), B(3), " -"B(3), B(3), B(3), " -"B(3), B(3), B(3), B(3), " -"B(3), B(7), B(7), B(7), " -"B(8), B(8)" -msgstr "" - -#. type: Plain text -#: build/C/man7/capabilities.7:1205 -msgid "I in the Linux kernel source tree" -msgstr "" - -#. type: TH -#: build/C/man2/capget.2:15 -#, no-wrap -msgid "CAPGET" -msgstr "" - -#. type: TH -#: build/C/man2/capget.2:15 -#, no-wrap -msgid "2013-03-11" -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:18 -msgid "capget, capset - set/get capabilities of thread(s)" -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:20 -msgid "B<#include Esys/capability.hE>" -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:22 -msgid "BIB<, cap_user_data_t >IB<);>" -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:24 -msgid "" -"BIB<, const cap_user_data_t " -">IB<);>" -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:35 -msgid "" -"As of Linux 2.2, the power of the superuser (root) has been partitioned into " -"a set of discrete capabilities. Each thread has a set of effective " -"capabilities identifying which capabilities (if any) it may currently " -"exercise. Each thread also has a set of inheritable capabilities that may " -"be passed through an B(2) call, and a set of permitted capabilities " -"that it can make effective or inheritable." -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:44 -msgid "" -"These two system calls are the raw kernel interface for getting and setting " -"thread capabilities. Not only are these system calls specific to Linux, but " -"the kernel API is likely to change and use of these system calls (in " -"particular the format of the I types) is subject to extension " -"with each kernel revision, but old programs will keep working." -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:55 -msgid "" -"The portable interfaces are B(3) and B(3); if " -"possible, you should use those interfaces in applications. If you wish to " -"use the Linux extensions in applications, you should use the easier-to-use " -"interfaces B(3) and B(3)." -msgstr "" - -#. type: SS -#: build/C/man2/capget.2:55 -#, no-wrap -msgid "Current details" -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:58 -msgid "" -"Now that you have been warned, some current kernel details. The structures " -"are defined as follows." -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:63 -#, no-wrap -msgid "" -"#define _LINUX_CAPABILITY_VERSION_1 0x19980330\n" -"#define _LINUX_CAPABILITY_U32S_1 1\n" -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:66 -#, no-wrap -msgid "" -"#define _LINUX_CAPABILITY_VERSION_2 0x20071026\n" -"#define _LINUX_CAPABILITY_U32S_2 2\n" -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:71 -#, no-wrap -msgid "" -"typedef struct __user_cap_header_struct {\n" -" __u32 version;\n" -" int pid;\n" -"} *cap_user_header_t;\n" -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:77 -#, no-wrap -msgid "" -"typedef struct __user_cap_data_struct {\n" -" __u32 effective;\n" -" __u32 permitted;\n" -" __u32 inheritable;\n" -"} *cap_user_data_t;\n" -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:96 -msgid "" -"The I, I, and I fields are bit masks of " -"the capabilities defined in B(7). Note the B values " -"are bit indexes and need to be bit-shifted before ORing into the bit " -"fields. To define the structures for passing to the system call you have to " -"use the I and I names because the typedefs are only pointers." -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:108 -msgid "" -"Kernels prior to 2.6.25 prefer 32-bit capabilities with version " -"B<_LINUX_CAPABILITY_VERSION_1>, and kernels 2.6.25+ prefer 64-bit " -"capabilities with version B<_LINUX_CAPABILITY_VERSION_2>. Note, 64-bit " -"capabilities use I[0] and I[1], whereas 32-bit capabilities " -"use only I[0]." -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:112 -msgid "" -"Another change affecting the behavior of these system calls is kernel " -"support for file capabilities (VFS capability support). This support is " -"currently a compile time option (added in kernel 2.6.24)." -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:119 -msgid "" -"For B() calls, one can probe the capabilities of any process by " -"specifying its process ID with the Ipid> field value." -msgstr "" - -#. type: SS -#: build/C/man2/capget.2:119 -#, no-wrap -msgid "With VFS capability support" -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:131 -msgid "" -"VFS Capability support creates a file-attribute method for adding " -"capabilities to privileged executables. This privilege model obsoletes " -"kernel support for one process asynchronously setting the capabilities of " -"another. That is, with VFS support, for B() calls the only " -"permitted values for Ipid> are 0 or B(2), which are " -"equivalent." -msgstr "" - -#. type: SS -#: build/C/man2/capget.2:131 -#, no-wrap -msgid "Without VFS capability support" -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:157 -msgid "" -"When the kernel does not support VFS capabilities, B() calls can " -"operate on the capabilities of the thread specified by the I field of " -"I when that is nonzero, or on the capabilities of the calling thread " -"if I is 0. If I refers to a single-threaded process, then I " -"can be specified as a traditional process ID; operating on a thread of a " -"multithreaded process requires a thread ID of the type returned by " -"B(2). For B(), I can also be: -1, meaning perform the " -"change on all threads except the caller and B(1); or a value less than " -"-1, in which case the change is applied to all members of the process group " -"whose ID is -I." -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:160 -msgid "For details on the data, see B(7)." -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:179 -msgid "" -"The calls will fail with the error B, and set the I field " -"of I to the kernel preferred value of B<_LINUX_CAPABILITY_VERSION_?> " -"when an unsupported I value is specified. In this way, one can " -"probe what the current preferred capability revision is." -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:188 -msgid "" -"Bad memory address. I must not be NULL. I may be NULL only " -"when the user is trying to determine the preferred capability version format " -"supported by the kernel." -msgstr "" - -#. type: TP -#: build/C/man2/capget.2:188 build/C/man7/cpuset.7:1180 build/C/man7/cpuset.7:1189 build/C/man7/cpuset.7:1198 build/C/man7/cpuset.7:1208 build/C/man7/cpuset.7:1217 build/C/man7/cpuset.7:1224 build/C/man7/cpuset.7:1231 build/C/man2/getgroups.2:114 build/C/man2/getgroups.2:121 build/C/man2/getpriority.2:118 build/C/man2/getrlimit.2:471 build/C/man2/getrusage.2:198 build/C/man2/iopl.2:72 build/C/man2/ioprio_set.2:170 build/C/man2/seteuid.2:80 build/C/man2/setgid.2:59 build/C/man2/setpgid.2:225 build/C/man2/setresuid.2:99 build/C/man2/setreuid.2:128 build/C/man2/setuid.2:105 build/C/man2/seccomp.2:373 build/C/man2/seccomp.2:380 build/C/man2/seccomp.2:387 build/C/man2/seccomp.2:393 build/C/man2/seccomp.2:402 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:191 -msgid "One of the arguments was invalid." -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:196 -msgid "" -"An attempt was made to add a capability to the Permitted set, or to set a " -"capability in the Effective or Inheritable sets that is not in the Permitted " -"set." -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:215 -msgid "" -"The caller attempted to use B() to modify the capabilities of a " -"thread other than itself, but lacked sufficient privilege. For kernels " -"supporting VFS capabilities, this is never permitted. For kernels lacking " -"VFS support, the B capability is required. (A bug in kernels " -"before 2.6.11 meant that this error could also occur if a thread without " -"this capability tried to change its own capabilities by specifying the " -"I field as a nonzero value (i.e., the value returned by B(2)) " -"instead of 0.)" -msgstr "" - -#. type: TP -#: build/C/man2/capget.2:215 build/C/man7/cpuset.7:1330 build/C/man2/getpriority.2:126 build/C/man2/getrlimit.2:502 build/C/man2/getsid.2:70 build/C/man2/ioprio_set.2:187 build/C/man2/setpgid.2:240 build/C/man2/seccomp.2:426 -#, no-wrap -msgid "B" -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:218 -msgid "No such thread." -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:220 build/C/man2/ioprio_set.2:198 -msgid "These system calls are Linux-specific." -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:225 -msgid "" -"The portable interface to the capability querying and setting functions is " -"provided by the I library and is available here:" -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:228 -msgid "" -"E<.UR " -"http://git.kernel.org/cgit\\:/linux\\:/kernel\\:/git\\:/morgan\\:\\:/libcap.git> " -"E<.UE>" -msgstr "" - -#. type: Plain text -#: build/C/man2/capget.2:232 -msgid "B(2), B(2), B(7)" -msgstr "" - -#. type: TH -#: build/C/man7/cpuset.7:25 -#, no-wrap -msgid "CPUSET" -msgstr "" - -#. type: TH -#: build/C/man7/cpuset.7:25 -#, no-wrap -msgid "2014-05-21" -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:28 -msgid "cpuset - confine processes to processor and memory node subsets" -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:35 -msgid "" -"The cpuset filesystem is a pseudo-filesystem interface to the kernel cpuset " -"mechanism, which is used to control the processor placement and memory " -"placement of processes. It is commonly mounted at I." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:52 -msgid "" -"On systems with kernels compiled with built in support for cpusets, all " -"processes are attached to a cpuset, and cpusets are always present. If a " -"system supports cpusets, then it will have the entry B in the " -"file I. By mounting the cpuset filesystem (see the " -"B section below), the administrator can configure the cpusets on a " -"system to control the processor and memory placement of processes on that " -"system. By default, if the cpuset configuration on a system is not modified " -"or if the cpuset filesystem is not even mounted, then the cpuset mechanism, " -"though present, has no affect on the system's behavior." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:54 -msgid "A cpuset defines a list of CPUs and memory nodes." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:63 -msgid "" -"The CPUs of a system include all the logical processing units on which a " -"process can execute, including, if present, multiple processor cores within " -"a package and Hyper-Threads within a processor core. Memory nodes include " -"all distinct banks of main memory; small and SMP systems typically have just " -"one memory node that contains all the system's main memory, while NUMA " -"(non-uniform memory access) systems have multiple memory nodes." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:73 -msgid "" -"Cpusets are represented as directories in a hierarchical pseudo-filesystem, " -"where the top directory in the hierarchy (I) represents the " -"entire system (all online CPUs and memory nodes) and any cpuset that is the " -"child (descendant) of another parent cpuset contains a subset of that " -"parent's CPUs and memory nodes. The directories and files representing " -"cpusets have normal filesystem permissions." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:84 -msgid "" -"Every process in the system belongs to exactly one cpuset. A process is " -"confined to run only on the CPUs in the cpuset it belongs to, and to " -"allocate memory only on the memory nodes in that cpuset. When a process " -"B(2)s, the child process is placed in the same cpuset as its parent. " -"With sufficient privilege, a process may be moved from one cpuset to another " -"and the allowed CPUs and memory nodes of an existing cpuset may be changed." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:92 -msgid "" -"When the system begins booting, a single cpuset is defined that includes all " -"CPUs and memory nodes on the system, and all processes are in that cpuset. " -"During the boot process, or later during normal system operation, other " -"cpusets may be created, as subdirectories of this top cpuset, under the " -"control of the system administrator, and processes may be placed in these " -"other cpusets." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:114 -msgid "" -"Cpusets are integrated with the B(2) scheduling affinity " -"mechanism and the B(2) and B(2) memory-placement " -"mechanisms in the kernel. Neither of these mechanisms let a process make " -"use of a CPU or memory node that is not allowed by that process's cpuset. " -"If changes to a process's cpuset placement conflict with these other " -"mechanisms, then cpuset placement is enforced even if it means overriding " -"these other mechanisms. The kernel accomplishes this overriding by silently " -"restricting the CPUs and memory nodes requested by these other mechanisms to " -"those allowed by the invoking process's cpuset. This can result in these " -"other calls returning an error, if for example, such a call ends up " -"requesting an empty set of CPUs or memory nodes, after that request is " -"restricted to the invoking process's cpuset." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:120 -msgid "" -"Typically, a cpuset is used to manage the CPU and memory-node confinement " -"for a set of cooperating processes such as a batch scheduler job, and these " -"other mechanisms are used to manage the placement of individual processes or " -"memory regions within that set or job." -msgstr "" - -#. type: SH -#: build/C/man7/cpuset.7:120 -#, no-wrap -msgid "FILES" -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:125 -msgid "" -"Each directory below I represents a cpuset and contains a fixed " -"set of pseudo-files describing the state of that cpuset." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:135 -msgid "" -"New cpusets are created using the B(2) system call or the " -"B(1) command. The properties of a cpuset, such as its flags, " -"allowed CPUs and memory nodes, and attached processes, are queried and " -"modified by reading or writing to the appropriate file in that cpuset's " -"directory, as listed below." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:141 -msgid "" -"The pseudo-files in each cpuset directory are automatically created when the " -"cpuset is created, as a result of the B(2) invocation. It is not " -"possible to directly add or remove these pseudo-files." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:149 -msgid "" -"A cpuset directory that contains no child cpuset directories, and has no " -"attached processes, can be removed using B(2) or B(1). It is " -"not necessary, or possible, to remove the pseudo-files inside the directory " -"before removing it." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:163 -msgid "" -"The pseudo-files in each cpuset directory are small text files that may be " -"read and written using traditional shell utilities such as B(1), and " -"B(1), or from a program by using file I/O library functions or system " -"calls, such as B(2), B(2), B(2), and B(2)." -msgstr "" - -#. ====================== tasks ====================== -#. type: Plain text -#: build/C/man7/cpuset.7:168 -msgid "" -"The pseudo-files in a cpuset directory represent internal kernel state and " -"do not have any persistent image on disk. Each of these per-cpuset files is " -"listed and described below." -msgstr "" - -#. type: TP -#: build/C/man7/cpuset.7:168 -#, no-wrap -msgid "I" -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:178 -msgid "" -"List of the process IDs (PIDs) of the processes in that cpuset. The list is " -"formatted as a series of ASCII decimal numbers, each followed by a newline. " -"A process may be added to a cpuset (automatically removing it from the " -"cpuset that previously contained it) by writing its PID to that cpuset's " -"I file (with or without a trailing newline)." -msgstr "" - -#. =================== notify_on_release =================== -#. type: Plain text -#: build/C/man7/cpuset.7:186 -msgid "" -"B only one PID may be written to the I file at a time. If " -"a string is written that contains more than one PID, only the first one will " -"be used." -msgstr "" - -#. type: TP -#: build/C/man7/cpuset.7:186 -#, no-wrap -msgid "I" -msgstr "" - -#. ====================== cpus ====================== -#. type: Plain text -#: build/C/man7/cpuset.7:195 -msgid "" -"Flag (0 or 1). If set (1), that cpuset will receive special handling after " -"it is released, that is, after all processes cease using it (i.e., terminate " -"or are moved to a different cpuset) and all child cpuset directories have " -"been removed. See the B section, below." -msgstr "" - -#. type: TP -#: build/C/man7/cpuset.7:195 -#, no-wrap -msgid "I" -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:202 -msgid "" -"List of the physical numbers of the CPUs on which processes in that cpuset " -"are allowed to execute. See B below for a description of the " -"format of I." -msgstr "" - -#. ==================== cpu_exclusive ==================== -#. type: Plain text -#: build/C/man7/cpuset.7:208 -msgid "" -"The CPUs allowed to a cpuset may be changed by writing a new list to its " -"I file." -msgstr "" - -#. type: TP -#: build/C/man7/cpuset.7:208 -#, no-wrap -msgid "I" -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:215 -msgid "" -"Flag (0 or 1). If set (1), the cpuset has exclusive use of its CPUs (no " -"sibling or cousin cpuset may overlap CPUs). By default this is off (0). " -"Newly created cpusets also initially default this to off (0)." -msgstr "" - -#. ====================== mems ====================== -#. type: Plain text -#: build/C/man7/cpuset.7:237 -msgid "" -"Two cpusets are I cpusets if they share the same parent cpuset in " -"the I hierarchy. Two cpusets are I cpusets if neither " -"is the ancestor of the other. Regardless of the I setting, " -"if one cpuset is the ancestor of another, and if both of these cpusets have " -"nonempty I, then their I must overlap, because the I of " -"any cpuset are always a subset of the I of its parent cpuset." -msgstr "" - -#. type: TP -#: build/C/man7/cpuset.7:237 -#, no-wrap -msgid "I" -msgstr "" - -#. ==================== mem_exclusive ==================== -#. type: Plain text -#: build/C/man7/cpuset.7:245 -msgid "" -"List of memory nodes on which processes in this cpuset are allowed to " -"allocate memory. See B below for a description of the format " -"of I." -msgstr "" - -#. type: TP -#: build/C/man7/cpuset.7:245 -#, no-wrap -msgid "I" -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:253 -msgid "" -"Flag (0 or 1). If set (1), the cpuset has exclusive use of its memory nodes " -"(no sibling or cousin may overlap). Also if set (1), the cpuset is a " -"B cpuset (see below). By default this is off (0). Newly created " -"cpusets also initially default this to off (0)." -msgstr "" - -#. ==================== mem_hardwall ==================== -#. type: Plain text -#: build/C/man7/cpuset.7:261 -msgid "" -"Regardless of the I setting, if one cpuset is the ancestor of " -"another, then their memory nodes must overlap, because the memory nodes of " -"any cpuset are always a subset of the memory nodes of that cpuset's parent " -"cpuset." -msgstr "" - -#. type: TP -#: build/C/man7/cpuset.7:261 -#, no-wrap -msgid "I (since Linux 2.6.26)" -msgstr "" - -#. ==================== memory_migrate ==================== -#. type: Plain text -#: build/C/man7/cpuset.7:272 -msgid "" -"Flag (0 or 1). If set (1), the cpuset is a B cpuset (see below). " -"Unlike B, there is no constraint on whether cpusets marked " -"B may have overlapping memory nodes with sibling or cousin " -"cpusets. By default this is off (0). Newly created cpusets also initially " -"default this to off (0)." -msgstr "" - -#. type: TP -#: build/C/man7/cpuset.7:272 -#, no-wrap -msgid "I (since Linux 2.6.16)" -msgstr "" - -#. ==================== memory_pressure ==================== -#. type: Plain text -#: build/C/man7/cpuset.7:279 -msgid "" -"Flag (0 or 1). If set (1), then memory migration is enabled. By default " -"this is off (0). See the B section, below." -msgstr "" - -#. type: TP -#: build/C/man7/cpuset.7:279 -#, no-wrap -msgid "I (since Linux 2.6.16)" -msgstr "" - -#. ================= memory_pressure_enabled ================= -#. type: Plain text -#: build/C/man7/cpuset.7:292 -msgid "" -"A measure of how much memory pressure the processes in this cpuset are " -"causing. See the B section, below. Unless " -"I is enabled, always has value zero (0). This file " -"is read-only. See the B section, below." -msgstr "" - -#. type: TP -#: build/C/man7/cpuset.7:292 -#, no-wrap -msgid "I (since Linux 2.6.16)" -msgstr "" - -#. ================== memory_spread_page ================== -#. type: Plain text -#: build/C/man7/cpuset.7:304 -msgid "" -"Flag (0 or 1). This file is present only in the root cpuset, normally " -"I. If set (1), the I calculations are enabled " -"for all cpusets in the system. By default this is off (0). See the " -"B section, below." -msgstr "" - -#. type: TP -#: build/C/man7/cpuset.7:304 -#, no-wrap -msgid "I (since Linux 2.6.17)" -msgstr "" - -#. ================== memory_spread_slab ================== -#. type: Plain text -#: build/C/man7/cpuset.7:314 -msgid "" -"Flag (0 or 1). If set (1), pages in the kernel page cache (filesystem " -"buffers) are uniformly spread across the cpuset. By default this is off (0) " -"in the top cpuset, and inherited from the parent cpuset in newly created " -"cpusets. See the B section, below." -msgstr "" - -#. type: TP -#: build/C/man7/cpuset.7:314 -#, no-wrap -msgid "I (since Linux 2.6.17)" -msgstr "" - -#. ================== sched_load_balance ================== -#. type: Plain text -#: build/C/man7/cpuset.7:325 -msgid "" -"Flag (0 or 1). If set (1), the kernel slab caches for file I/O (directory " -"and inode structures) are uniformly spread across the cpuset. By default " -"this is off (0) in the top cpuset, and inherited from the parent cpuset in " -"newly created cpusets. See the B section, below." -msgstr "" - -#. type: TP -#: build/C/man7/cpuset.7:325 -#, no-wrap -msgid "I (since Linux 2.6.24)" -msgstr "" - -#. ================== sched_relax_domain_level ================== -#. type: Plain text -#: build/C/man7/cpuset.7:339 -msgid "" -"Flag (0 or 1). If set (1, the default) the kernel will automatically load " -"balance processes in that cpuset over the allowed CPUs in that cpuset. If " -"cleared (0) the kernel will avoid load balancing processes in this cpuset, " -"I some other cpuset with overlapping CPUs has its " -"I flag set. See B, below, for " -"further details." -msgstr "" - -#. type: TP -#: build/C/man7/cpuset.7:339 -#, no-wrap -msgid "I (since Linux 2.6.26)" -msgstr "" - -#. ================== proc cpuset ================== -#. type: Plain text -#: build/C/man7/cpuset.7:359 -msgid "" -"Integer, between -1 and a small positive value. The " -"I controls the width of the range of CPUs over " -"which the kernel scheduler performs immediate rebalancing of runnable tasks " -"across CPUs. If I is disabled, then the setting of " -"I does not matter, as no such load balancing is " -"done. If I is enabled, then the higher the value of the " -"I, the wider the range of CPUs over which " -"immediate load balancing is attempted. See B, " -"below, for further details." -msgstr "" - -#. ================== proc status ================== -#. type: Plain text -#: build/C/man7/cpuset.7:367 -msgid "" -"In addition to the above pseudo-files in each directory below " -"I, each process has a pseudo-file, " -"IpidE/cpuset>, that displays the path of the process's " -"cpuset directory relative to the root of the cpuset filesystem." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:378 -msgid "" -"Also the IpidE/status> file for each process has four added " -"lines, displaying the process's I (on which CPUs it may be " -"scheduled) and I (on which memory nodes it may obtain memory), " -"in the two formats B and B (see below) as shown " -"in the following example:" -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:385 -#, no-wrap -msgid "" -"Cpus_allowed: ffffffff,ffffffff,ffffffff,ffffffff\n" -"Cpus_allowed_list: 0-127\n" -"Mems_allowed: ffffffff,ffffffff\n" -"Mems_allowed_list: 0-63\n" -msgstr "" - -#. ================== EXTENDED CAPABILITIES ================== -#. type: Plain text -#: build/C/man7/cpuset.7:391 -msgid "" -"The \"allowed\" fields were added in Linux 2.6.24; the \"allowed_list\" " -"fields were added in Linux 2.6.26." -msgstr "" - -#. type: SH -#: build/C/man7/cpuset.7:391 -#, no-wrap -msgid "EXTENDED CAPABILITIES" -msgstr "" - -#. ================== Exclusive Cpusets ================== -#. type: Plain text -#: build/C/man7/cpuset.7:399 -msgid "" -"In addition to controlling which I and I a process is allowed to " -"use, cpusets provide the following extended capabilities." -msgstr "" - -#. type: SS -#: build/C/man7/cpuset.7:399 -#, no-wrap -msgid "Exclusive cpusets" -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:406 -msgid "" -"If a cpuset is marked I or I, no other cpuset, " -"other than a direct ancestor or descendant, may share any of the same CPUs " -"or memory nodes." -msgstr "" - -#. ================== Hardwall ================== -#. type: Plain text -#: build/C/man7/cpuset.7:432 -msgid "" -"A cpuset that is I restricts kernel allocations for buffer " -"cache pages and other internal kernel data pages commonly shared by the " -"kernel across multiple users. All cpusets, whether I or not, " -"restrict allocations of memory for user space. This enables configuring a " -"system so that several independent jobs can share common kernel data, while " -"isolating each job's user allocation in its own cpuset. To do this, " -"construct a large I cpuset to hold all the jobs, and " -"construct child, non-I cpusets for each individual job. Only " -"a small amount of kernel memory, such as requests from interrupt handlers, " -"is allowed to be placed on memory nodes outside even a I " -"cpuset." -msgstr "" - -#. type: SS -#: build/C/man7/cpuset.7:432 -#, no-wrap -msgid "Hardwall" -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:447 -msgid "" -"A cpuset that has I or I set is a I " -"cpuset. A I cpuset restricts kernel allocations for page, buffer, " -"and other data commonly shared by the kernel across multiple users. All " -"cpusets, whether I or not, restrict allocations of memory for user " -"space." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:458 -msgid "" -"This enables configuring a system so that several independent jobs can share " -"common kernel data, such as filesystem pages, while isolating each job's " -"user allocation in its own cpuset. To do this, construct a large " -"I cpuset to hold all the jobs, and construct child cpusets for " -"each individual job which are not I cpusets." -msgstr "" - -#. ================== Notify On Release ================== -#. type: Plain text -#: build/C/man7/cpuset.7:464 -msgid "" -"Only a small amount of kernel memory, such as requests from interrupt " -"handlers, is allowed to be taken outside even a I cpuset." -msgstr "" - -#. type: SS -#: build/C/man7/cpuset.7:464 -#, no-wrap -msgid "Notify on release" -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:476 -msgid "" -"If the I flag is enabled (1) in a cpuset, then whenever " -"the last process in the cpuset leaves (exits or attaches to some other " -"cpuset) and the last child cpuset of that cpuset is removed, the kernel " -"will run the command I, supplying the pathname " -"(relative to the mount point of the cpuset filesystem) of the abandoned " -"cpuset. This enables automatic removal of abandoned cpusets." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:484 -msgid "" -"The default value of I in the root cpuset at system boot " -"is disabled (0). The default value of other cpusets at creation is the " -"current value of their parent's I setting." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:492 -msgid "" -"The command I is invoked, with the name " -"(I relative path) of the to-be-released cpuset in I." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:496 -msgid "" -"The usual contents of the command I is simply " -"the shell script:" -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:501 -#, no-wrap -msgid "" -"#!/bin/sh\n" -"rmdir /dev/cpuset/$1\n" -msgstr "" - -#. ================== Memory Pressure ================== -#. type: Plain text -#: build/C/man7/cpuset.7:509 -msgid "" -"As with other flag values below, this flag can be changed by writing an " -"ASCII number 0 or 1 (with optional trailing newline) into the file, to " -"clear or set the flag, respectively." -msgstr "" - -#. type: SS -#: build/C/man7/cpuset.7:509 -#, no-wrap -msgid "Memory pressure" -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:515 -msgid "" -"The I of a cpuset provides a simple per-cpuset running " -"average of the rate that the processes in a cpuset are attempting to free up " -"in-use memory on the nodes of the cpuset to satisfy additional memory " -"requests." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:519 -msgid "" -"This enables batch managers that are monitoring jobs running in dedicated " -"cpusets to efficiently detect what level of memory pressure that job is " -"causing." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:526 -msgid "" -"This is useful both on tightly managed systems running a wide mix of " -"submitted jobs, which may choose to terminate or reprioritize jobs that are " -"trying to use more memory than allowed on the nodes assigned them, and with " -"tightly coupled, long-running, massively parallel scientific computing jobs " -"that will dramatically fail to meet required performance goals if they start " -"to use more memory than allowed to them." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:531 -msgid "" -"This mechanism provides a very economical way for the batch manager to " -"monitor a cpuset for signs of memory pressure. It's up to the batch manager " -"or other user code to decide what action to take if it detects signs of " -"memory pressure." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:538 -msgid "" -"Unless memory pressure calculation is enabled by setting the pseudo-file " -"I, it is not computed for any " -"cpuset, and reads from any I always return zero, as " -"represented by the ASCII string \"0\\en\". See the B section, " -"below." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:540 -msgid "A per-cpuset, running average is employed for the following reasons:" -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:545 -msgid "" -"Because this meter is per-cpuset rather than per-process or per virtual " -"memory region, the system load imposed by a batch scheduler monitoring this " -"metric is sharply reduced on large systems, because a scan of the tasklist " -"can be avoided on each set of queries." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:550 -msgid "" -"Because this meter is a running average rather than an accumulating counter, " -"a batch scheduler can detect memory pressure with a single read, instead of " -"having to read and accumulate results for a period of time." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:556 -msgid "" -"Because this meter is per-cpuset rather than per-process, the batch " -"scheduler can obtain the key information\\(emmemory pressure in a " -"cpuset\\(emwith a single read, rather than having to query and accumulate " -"results over all the (dynamically changing) set of processes in the cpuset." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:564 -msgid "" -"The I of a cpuset is calculated using a per-cpuset simple " -"digital filter that is kept within the kernel. For each cpuset, this filter " -"tracks the recent rate at which processes attached to that cpuset enter the " -"kernel direct reclaim code." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:573 -msgid "" -"The kernel direct reclaim code is entered whenever a process has to satisfy " -"a memory page request by first finding some other page to repurpose, due to " -"lack of any readily available already free pages. Dirty filesystem pages " -"are repurposed by first writing them to disk. Unmodified filesystem buffer " -"pages are repurposed by simply dropping them, though if that page is needed " -"again, it will have to be reread from disk." -msgstr "" - -#. ================== Memory Spread ================== -#. type: Plain text -#: build/C/man7/cpuset.7:581 -msgid "" -"The I file provides an integer number representing " -"the recent (half-life of 10 seconds) rate of entries to the direct reclaim " -"code caused by any process in the cpuset, in units of reclaims attempted per " -"second, times 1000." -msgstr "" - -#. type: SS -#: build/C/man7/cpuset.7:581 -#, no-wrap -msgid "Memory spread" -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:589 -msgid "" -"There are two Boolean flag files per cpuset that control where the kernel " -"allocates pages for the filesystem buffers and related in-kernel data " -"structures. They are called I and " -"I." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:596 -msgid "" -"If the per-cpuset Boolean flag file I is set, " -"then the kernel will spread the filesystem buffers (page cache) evenly over " -"all the nodes that the faulting process is allowed to use, instead of " -"preferring to put those pages on the node where the process is running." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:604 -msgid "" -"If the per-cpuset Boolean flag file I is set, " -"then the kernel will spread some filesystem-related slab caches, such as " -"those for inodes and directory entries, evenly over all the nodes that the " -"faulting process is allowed to use, instead of preferring to put those pages " -"on the node where the process is running." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:609 -msgid "" -"The setting of these flags does not affect the data segment (see B(2)) " -"or stack segment pages of a process." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:617 -msgid "" -"By default, both kinds of memory spreading are off and the kernel prefers to " -"allocate memory pages on the node local to where the requesting process is " -"running. If that node is not allowed by the process's NUMA memory policy or " -"cpuset configuration or if there are insufficient free memory pages on that " -"node, then the kernel looks for the nearest node that is allowed and has " -"sufficient free memory." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:620 -msgid "" -"When new cpusets are created, they inherit the memory spread settings of " -"their parent." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:635 -msgid "" -"Setting memory spreading causes allocations for the affected page or slab " -"caches to ignore the process's NUMA memory policy and be spread instead. " -"However, the effect of these changes in memory placement caused by " -"cpuset-specified memory spreading is hidden from the B(2) or " -"B(2) calls. These two NUMA memory policy calls always " -"appear to behave as if no cpuset-specified memory spreading is in effect, " -"even if it is. If cpuset memory spreading is subsequently turned off, the " -"NUMA memory policy most recently specified by these calls is automatically " -"reapplied." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:644 -msgid "" -"Both I and I are " -"Boolean flag files. By default they contain \"0\", meaning that the feature " -"is off for that cpuset. If a \"1\" is written to that file, that turns the " -"named feature on." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:647 -msgid "" -"Cpuset-specified memory spreading behaves similarly to what is known (in " -"other contexts) as round-robin or interleave memory placement." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:650 -msgid "" -"Cpuset-specified memory spreading can provide substantial performance " -"improvements for jobs that:" -msgstr "" - -#. type: IP -#: build/C/man7/cpuset.7:650 build/C/man7/user_namespaces.7:384 -#, no-wrap -msgid "a)" -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:654 -msgid "" -"need to place thread-local data on memory nodes close to the CPUs which are " -"running the threads that most frequently access that data; but also" -msgstr "" - -#. type: IP -#: build/C/man7/cpuset.7:654 build/C/man7/user_namespaces.7:389 -#, no-wrap -msgid "b)" -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:657 -msgid "" -"need to access large filesystem data sets that must to be spread across the " -"several nodes in the job's cpuset in order to fit." -msgstr "" - -#. ================== Memory Migration ================== -#. type: Plain text -#: build/C/man7/cpuset.7:664 -msgid "" -"Without this policy, the memory allocation across the nodes in the job's " -"cpuset can become very uneven, especially for jobs that might have just a " -"single thread initializing or reading in the data set." -msgstr "" - -#. type: SS -#: build/C/man7/cpuset.7:664 -#, no-wrap -msgid "Memory migration" -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:673 -msgid "" -"Normally, under the default setting (disabled) of I, " -"once a page is allocated (given a physical page of main memory), then that " -"page stays on whatever node it was allocated, so long as it remains " -"allocated, even if the cpuset's memory-placement policy I subsequently " -"changes." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:679 -msgid "" -"When memory migration is enabled in a cpuset, if the I setting of the " -"cpuset is changed, then any memory page in use by any process in the cpuset " -"that is on a memory node that is no longer allowed will be migrated to a " -"memory node that is allowed." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:685 -msgid "" -"Furthermore, if a process is moved into a cpuset with I " -"enabled, any memory pages it uses that were on memory nodes allowed in its " -"previous cpuset, but which are not allowed in its new cpuset, will be " -"migrated to a memory node allowed in the new cpuset." -msgstr "" - -#. ================== Scheduler Load Balancing ================== -#. type: Plain text -#: build/C/man7/cpuset.7:693 -msgid "" -"The relative placement of a migrated page within the cpuset is preserved " -"during these migration operations if possible. For example, if the page was " -"on the second valid node of the prior cpuset, then the page will be placed " -"on the second valid node of the new cpuset, if possible." -msgstr "" - -#. type: SS -#: build/C/man7/cpuset.7:693 -#, no-wrap -msgid "Scheduler load balancing" -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:700 -msgid "" -"The kernel scheduler automatically load balances processes. If one CPU is " -"underutilized, the kernel will look for processes on other more overloaded " -"CPUs and move those processes to the underutilized CPU, within the " -"constraints of such placement mechanisms as cpusets and " -"B(2)." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:713 -msgid "" -"The algorithmic cost of load balancing and its impact on key shared kernel " -"data structures such as the process list increases more than linearly with " -"the number of CPUs being balanced. For example, it costs more to load " -"balance across one large set of CPUs than it does to balance across two " -"smaller sets of CPUs, each of half the size of the larger set. (The precise " -"relationship between the number of CPUs being balanced and the cost of load " -"balancing depends on implementation details of the kernel process scheduler, " -"which is subject to change over time, as improved kernel scheduler " -"algorithms are implemented.)" -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:719 -msgid "" -"The per-cpuset flag I provides a mechanism to suppress " -"this automatic scheduler load balancing in cases where it is not needed and " -"suppressing it would have worthwhile performance benefits." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:723 -msgid "" -"By default, load balancing is done across all CPUs, except those marked " -"isolated using the kernel boot time \"isolcpus=\" argument. (See " -"B, below, to change this default.)" -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:726 -msgid "" -"This default load balancing across all CPUs is not well suited to the " -"following two situations:" -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:730 -msgid "" -"On large systems, load balancing across many CPUs is expensive. If the " -"system is managed using cpusets to place independent jobs on separate sets " -"of CPUs, full load balancing is unnecessary." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:734 -msgid "" -"Systems supporting real-time on some CPUs need to minimize system overhead " -"on those CPUs, including avoiding process load balancing if that is not " -"needed." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:744 -msgid "" -"When the per-cpuset flag I is enabled (the default " -"setting), it requests load balancing across all the CPUs in that cpuset's " -"allowed CPUs, ensuring that load balancing can move a process (not otherwise " -"pinned, as by B(2)) from any CPU in that cpuset to any " -"other." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:753 -msgid "" -"When the per-cpuset flag I is disabled, then the " -"scheduler will avoid load balancing across the CPUs in that cpuset, " -"I in so far as is necessary because some overlapping cpuset has " -"I enabled." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:761 -msgid "" -"So, for example, if the top cpuset has the flag I " -"enabled, then the scheduler will load balance across all CPUs, and the " -"setting of the I flag in other cpusets has no effect, as " -"we're already fully load balancing." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:766 -msgid "" -"Therefore in the above two situations, the flag I should " -"be disabled in the top cpuset, and only some of the smaller, child cpusets " -"would have this flag enabled." -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:774 -msgid "" -"When doing this, you don't usually want to leave any unpinned processes in " -"the top cpuset that might use nontrivial amounts of CPU, as such processes " -"may be artificially constrained to some subset of CPUs, depending on the " -"particulars of this flag setting in descendant cpusets. Even if such a " -"process could use spare CPU cycles in some other CPUs, the kernel scheduler " -"might not consider the possibility of load balancing that process to the " -"underused CPU." -msgstr "" - -#. ================== Scheduler Relax Domain Level ================== -#. type: Plain text -#: build/C/man7/cpuset.7:780 -msgid "" -"Of course, processes pinned to a particular CPU can be left in a cpuset that " -"disables I as those processes aren't going anywhere else " -"anyway." -msgstr "" - -#. type: SS -#: build/C/man7/cpuset.7:780 -#, no-wrap -msgid "Scheduler relax domain level" -msgstr "" - -#. type: Plain text -#: build/C/man7/cpuset.7:801 -msgid "" -"The kernel scheduler performs immediate load balancing whenever a CPU " -"becomes free or another task becomes runnable. This load balancing works to " -"ensure that as many CPUs as possible are usefully employed running tasks. " -"The kernel also performs periodic load balancing off the software clock " -"described in B