selinux-faq/po pt.po,NONE,1.1
José Nuno Coelho Sanarra Pires (zepires)
fedora-docs-commits at redhat.com
Wed Apr 12 09:53:53 UTC 2006
Author: zepires
Update of /cvs/docs/selinux-faq/po
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv384
Added Files:
pt.po
Log Message:
Added temporarily the SELinux FAQ. It's not finished yet
--- NEW FILE pt.po ---
msgid ""
msgstr ""
"Project-Id-Version: selinux-faq\n"
"POT-Creation-Date: 2006-03-25 07:10-0500\n"
"PO-Revision-Date: 2006-04-12 10:52+0100\n"
"Last-Translator: José Nuno Coelho Pires <jncp at netcabo.pt>\n"
"Language-Team: pt <kde-i18n-pt at kde.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
#: en_US/selinux-faq.xml:16(fallback)
msgid "WHERE IS MY FDP-INFO, DUDE"
msgstr "ONDE ESTà A MINHA INFORMAÇÃO DO FDP, PÃ"
#: en_US/selinux-faq.xml:20(title)
msgid "&SEL; Notes and FAQ"
msgstr "Notas e FAQ do &SEL;"
#: en_US/selinux-faq.xml:21(para)
msgid "The information in this FAQ is valuable for those who are new to &SEL;. It is also valuable if you are new to the latest &SEL; implementation in &FC;, since some of the behavior may be different than you have experienced."
msgstr "A informação nesta FAQ é valiosa para aqueles que são novos no &SEL;. É também valiosa se for pouco experiente com a última implementação de &SEL; no &FC;, dado que algum do comportamento poderá ser diferente do que já experimentou."
#: en_US/selinux-faq.xml:28(title)
msgid "This FAQ is specific to &FC;&LOCALVER;"
msgstr "Esta FAQ é especÃfica para o &FC;&LOCALVER;"
#: en_US/selinux-faq.xml:29(para)
msgid "If you are looking for the FAQ for other versions of &FC;, refer to <ulink url=\"http://fedora.redhat.com/docs/selinux-faq/\"/>."
msgstr "Se estiver à procura da FAQ das outras versões do &FC;, veja em <ulink url=\"http://fedora.redhat.com/docs/selinux-faq/\"/>."
#: en_US/selinux-faq.xml:34(para)
msgid "For more information about how &SEL; works, how to use &SEL; for general and specific Linux distributions, and how to write policy, these resources are useful:"
msgstr "Para mais informações sobre o funcionamento do &SEL;, como usar o &SEL; nas distribuições gerais e especÃficas do Linux, assim como escrever polÃticas, estes recursos são úteis:"
#: en_US/selinux-faq.xml:40(title)
msgid "External Link List"
msgstr "Lista de Referências Externas"
#: en_US/selinux-faq.xml:42(para)
msgid "NSA &SEL; main website —<ulink url=\"http://www.nsa.gov/selinux/\"/>"
msgstr "Página Principal na NSA do &SEL; —<ulink url=\"http://www.nsa.gov/selinux/\"/>"
#: en_US/selinux-faq.xml:48(para)
msgid "NSA &SEL; FAQ —<ulink url=\"http://www.nsa.gov/selinux/info/faq.cfm\"/>"
msgstr "FAQ do &SEL; da NSA —<ulink url=\"http://www.nsa.gov/selinux/info/faq.cfm\"/>"
#: en_US/selinux-faq.xml:54(para)
msgid "&SEL; community page —<ulink url=\"http://selinux.sourceforge.net\"/>"
msgstr "Página da comunidade do &SEL; —<ulink url=\"http://selinux.sourceforge.net\"/>"
#: en_US/selinux-faq.xml:60(para)
msgid "UnOfficial FAQ —<ulink url=\"http://www.crypt.gen.nz/selinux/faq.html\"/>"
msgstr "FAQ não-Oficial —<ulink url=\"http://www.crypt.gen.nz/selinux/faq.html\"/>"
#: en_US/selinux-faq.xml:66(para)
msgid "Writing traditional SE Linux policy HOWTO —<ulink url=\"https://sourceforge.net/docman/display_doc.php?docid=21959&group_id=21266\"/>"
msgstr "HOWTO de criação de polÃticas do SE Linux tradicional —<ulink url=\"https://sourceforge.net/docman/display_doc.php?docid=21959&group_id=21266\"/>"
#: en_US/selinux-faq.xml:73(para)
msgid "Reference Policy (the new policy found in &FC; 5) —<ulink url=\"http://serefpolicy.sourceforge.net/\"/>"
msgstr "PolÃtica de Referência (a nova polÃtica encontrada no &FC; 5) —<ulink url=\"http://serefpolicy.sourceforge.net/\"/>"
#: en_US/selinux-faq.xml:80(para)
msgid "SELinux policy development training courses —<ulink url=\"http://tresys.com/services/training.shtml\"/> and <ulink url=\"https://www.redhat.com/training/security/courses/rhs429.html\"/>"
msgstr "Cursos de formação de desenvolvimento de polÃticas do SELinux —<ulink url=\"http://tresys.com/services/training.shtml\"/> e <ulink url=\"https://www.redhat.com/training/security/courses/rhs429.html\"/>"
#: en_US/selinux-faq.xml:89(para)
msgid "Getting Started with SE Linux HOWTO: the new SE Linux (Debian) —<ulink url=\"https://sourceforge.net/docman/display_doc.php?docid=20372&group_id=21266\"/>"
msgstr "HOWTO de Introdução ao SE Linux: o novo SE Linux (Debian) —<ulink url=\"https://sourceforge.net/docman/display_doc.php?docid=20372&group_id=21266\"/>"
#: en_US/selinux-faq.xml:96(para)
msgid "List of SELinux object classes and permissions —<ulink url=\"http://tresys.com/selinux/obj_perms_help.shtml\"/>"
msgstr "Lista das classes e permissões dos objectos do SELinux —<ulink url=\"http://tresys.com/selinux/obj_perms_help.shtml\"/>"
#: en_US/selinux-faq.xml:103(para)
msgid "On IRC — irc.freenode.net, #fedora-selinux"
msgstr "No IRC — irc.freenode.net, #fedora-selinux"
#: en_US/selinux-faq.xml:108(para)
msgid "&FED; mailing list —<ulink url=\"mailto:fedora-selinux-list at redhat.com\"/>; read the archives or subscribe at <ulink url=\"http://www.redhat.com/mailman/listinfo/fedora-selinux-list\"/>"
msgstr "A lista de correio do &FED; —<ulink url=\"mailto:fedora-selinux-list at redhat.com\"/>; leia os arquivos ou inscreva-se em <ulink url=\"http://www.redhat.com/mailman/listinfo/fedora-selinux-list\"/>"
#: en_US/selinux-faq.xml:117(title)
msgid "Making changes/additions to the &FED;&SEL; FAQ"
msgstr "Fazer alterações/adições à FAQ do &SEL; do &FED;"
#: en_US/selinux-faq.xml:118(para)
msgid "This FAQ is available at <ulink url=\"http://fedora.redhat.com/docs/selinux-faq-fc5/\">http://fedora.redhat.com/docs/selinux-faq-fc5/</ulink>."
msgstr "Esta FAQ está disponÃvel em <ulink url=\"http://fedora.redhat.com/docs/selinux-faq-fc5/\">http://fedora.redhat.com/docs/selinux-faq-fc5/</ulink>."
#: en_US/selinux-faq.xml:122(para)
msgid "For changes or additions to the &FED;&SEL; FAQ, use this <ulink url=\"&BUG-URL;\">bugzilla template</ulink>, which pre-fills most of the bug report. Patches should be a <command>diff -u</command> against the XML, which is available from CVS (refer to <ulink url=\"http://fedora.redhat.com/projects/docs/\"/> for details on obtaining the fedora-docs/selinux-faq module from anonymous CVS; you can get just the <filename>fedora-docs/selinux-faq</filename> module if you don't want the entire <filename>fedora-dcs</filename> tree.) Otherwise, plain text showing before and after is sufficient."
msgstr "Para mais adições ou modificações na FAQ de &SEL; do &FED;, use este <ulink url=\"&BUG-URL;\">modelo do Bugzilla</ulink>, que preenche previamente a maior parte do relatório de erros. As actualizações deverão ser um <command>diff -u</command> em relação ao XML, que está disponÃvel no CVS (veja em <ulink url=\"http://fedora.redhat.com/projects/docs/\"/> para mais detalhes de obtenção do módulo fedora-docs/selinux-faq do CVS anónimo; poderá obter apenas o módulo <filename>fedora-docs/selinux-faq</filename>, se não quiser a árvore completa do <filename>fedora-dcs</filename>.) Caso contrário, será suficiente apneas uma visualização do texto antes e depois."
#: en_US/selinux-faq.xml:133(para)
msgid "For a list of all bug reports filed against this FAQ, refer to <ulink url=\"https://bugzilla.redhat.com/bugzilla/showdependencytree.cgi?id=118757\">https://bugzilla.redhat.com/bugzilla/showdependencytree.cgi?id=118757</ulink>."
msgstr "Para uma lista com todos os relatórios de erros enviados para esta FAQ, veja em <ulink url=\"https://bugzilla.redhat.com/bugzilla/showdependencytree.cgi?id=118757\">https://bugzilla.redhat.com/bugzilla/showdependencytree.cgi?id=118757</ulink>."
#: en_US/selinux-faq.xml:142(title)
msgid "Understanding &SEL;"
msgstr "Compreender o &SEL;"
#: en_US/selinux-faq.xml:145(para)
msgid "What is &SEL;?"
msgstr "O que é o &SEL;?"
#: en_US/selinux-faq.xml:150(para)
msgid "&SEL; (<firstterm>Security-Enhanced Linux</firstterm>) in &FC; is an implementation of <firstterm>mandatory access control</firstterm> in the Linux kernel using the <firstterm>Linux Security Modules</firstterm> (<abbrev>LSM</abbrev>) framework. Standard Linux security is a <firstterm>discretionary access control</firstterm> model."
msgstr "O &SEL; (<firstterm>Security-Enhanced Linux</firstterm>) no &FC; é uma implementação do <firstterm>controlo de acesso obrigatório</firstterm> no 'kernel' do Linux, usando a plataforma <abbrev>LSM</abbrev> <firstterm>Linux Security Modules</firstterm> - Módulos de Segurança do Linux. A segurança normal do Linux é um modelo de <firstterm>controlo de acesso discreto</firstterm>."
#: en_US/selinux-faq.xml:160(term)
msgid "Discretionary access control (<abbrev>DAC</abbrev>)"
msgstr "Controlo de acesso discreto (<abbrev>DAC</abbrev>)"
#: en_US/selinux-faq.xml:162(para)
msgid "DAC is standard Linux security, and it provides no protection from broken software or malware running as a normal user or root. Users can grant risky levels of access to files they own."
msgstr "O DAC é a segurança normal no Linux, e não oferece qualquer protecção contra 'software' defeituoso ou programas maliciosos que corram como um utilizador normal ou como 'root'. Os utilizadores poderão ceder nÃveis arriscados de acesso aos ficheiros que possuem."
#: en_US/selinux-faq.xml:171(term)
msgid "Mandatory access control (<abbrev>MAC</abbrev>)"
msgstr "Controlo de acesso obrigatório (<abbrev>MAC</abbrev>)"
#: en_US/selinux-faq.xml:173(para)
msgid "MAC provides full control over all interactions of software. Administratively defined policy closely controls user and process interactions with the system, and can provide protection from broken software or malware running as any user."
msgstr "O MAC oferece um controlo completo sobre todas as interacções do 'software'. UmapolÃtica definida a nÃvel administrativo controla de forma retrita as interacções dos utilizadores e dos processos com o sistema, oferecendo uma protecção contra programas defeituosos ou maliciosos como um utilizador qualquer."
#: en_US/selinux-faq.xml:183(para)
msgid "In a DAC model, file and resource decisions are based solely on user identity and ownership of the objects. Each user and program run by that user has complete discretion over the user's objects. Malicious or flawed software can do anything with the files and resources it controls through the user that started the process. If the user is the super-user or the application is <command>setuid</command> or <command>setgid</command> to root, the process can have root level control over the entire file system."
msgstr ""
#: en_US/selinux-faq.xml:194(para)
msgid "A MAC system does not suffer from these problems. First, you can administratively define a security policy over all processes and objects. Second, you control all processes and objects, in the case of &SEL; through the kernel. Third, decisions are based on all the security relevant information available, and not just authenticated user identity."
msgstr "Um sistema MAC não sofre destes problemas. Em primeiro lugar, poderá definir de forma administrativa uma polÃtica de segurança sobre todos os processos e objectos. Em segundo lugar, você controla todos os processos e objetos, no caso do &SEL;, através do 'kernel'. Em terceiro lugar, as decisões baseiam-se em toda a informação relevante para a segurança, não apenas na identidade do utilizador autenticado."
#: en_US/selinux-faq.xml:202(para)
msgid "MAC under &SEL; allows you to provide granular permissions for all <firstterm>subjects</firstterm> (users, programs, processes) and <firstterm>objects</firstterm> (files, devices). In practice, think of subjects as processes, and objects as the target of a process operation. You can safely grant a process only the permissions it needs to perform its function, and no more."
msgstr ""
#: en_US/selinux-faq.xml:210(para)
msgid "The &SEL; implementation uses <firstterm>role-based access control</firstterm> (<abbrev>RBAC</abbrev>), which provides abstracted user-level control based on roles, and <firstterm><trademark class=\"registered\">Type Enforcement</trademark></firstterm> (<abbrev>TE</abbrev>). TE uses a table, or <firstterm>matrix</firstterm> to handle access controls, enforcing policy rules based on the types of processes and objects. Process types are called <firstterm>domains</firstterm>, and a cross-reference on the matrix of the process's domain and the object's type defines their interaction. This system provides extremely granular control for actors in a Linux system."
msgstr ""
#: en_US/selinux-faq.xml:228(para)
msgid "What is &SEL; policy?"
msgstr "O que é uma polÃtica do &SEL;?"
#: en_US/selinux-faq.xml:233(para)
msgid "The &SEL; policy describes the access permissions for all subjects and objects, that is, the entire system of users, programs, and processes and the files and devices they act upon. &FC; policy is delivered in a package, with an associated source package. Current shipping policy packages are:"
msgstr "A polÃtica do &SEL; descreve as permissões de acesso a todos os sujeitos e objectos, isto é, o sistema inteiro de utilizadores, programas e processos, assim como os processo, os ficheiros e os dispositivos sobre os quais actuam. A polÃtica do &FC; é distribuÃda num pacote, com um pacote de código-fonte associado. Os pacote de polÃticas fornecidos actualmente são:"
#: en_US/selinux-faq.xml:242(replaceable) en_US/selinux-faq.xml:260(replaceable) en_US/selinux-faq.xml:261(replaceable) en_US/selinux-faq.xml:262(replaceable)
msgid "<version>"
msgstr "<versão>"
#: en_US/selinux-faq.xml:242(filename)
msgid "selinux-policy-<placeholder-1/>.noarch.rpm"
msgstr "selinux-policy-<placeholder-1/>.noarch.rpm"
#: en_US/selinux-faq.xml:244(para)
msgid "This package is common to all types of policy and contains config files/man pages. This includes the interface files for the development environment. This replaces the -sources package from the past. This package contains the interface files used in Reference Policy along with a Makefile and a small tool called <command>policygentool</command> used to generate a policy template file. The interface files reside in <filename>/usr/share/selinux/devel/headers</filename> directory. If you want to see all of the policy files used to build the Reference Policy you need to install the src.rpm."
msgstr "Este pacote é comum a todos os tipos de polÃticas e contém os ficheiros de configuração/páginas do manual. Isto inclui os ficheiros de interface do ambiente de desenvolvimento. Este pacote substitui o pacote '-sources' do passado. Este pacote contém os ficheiros de interface usados na PolÃtica de Referência, em conjunto com um aMakefile e uma ferramenta pequena chamada <command>policygentool</command>, que é usada para gerar um ficheiro de modelo de polÃticas. Os ficheiros da interface residem na pasta <filename>/usr/share/selinux/devel/headers</filename>. Se quiser ver todos os ficheiros da polÃtica que são usados para criar a PolÃtica de Referência, terá de instalar então o src.rpm."
#: en_US/selinux-faq.xml:260(filename)
msgid "selinux-policy-strict-<placeholder-1/>.noarch.rpm"
msgstr "selinux-policy-strict-<placeholder-1/>.noarch.rpm"
#: en_US/selinux-faq.xml:261(filename)
msgid "selinux-policy-targeted-<placeholder-1/>.noarch.rpm"
msgstr "selinux-policy-targeted-<placeholder-1/>.noarch.rpm"
#: en_US/selinux-faq.xml:262(filename)
msgid "selinux-policy-mls-<placeholder-1/>.noarch.rpm"
msgstr "selinux-policy-mls-<placeholder-1/>.noarch.rpm"
#: en_US/selinux-faq.xml:264(para)
msgid "Binary policy files are in <filename>/etc/selinux/<replaceable>policyname</replaceable>/</filename>. The policy for the types and domains is configured separately from security context for the subjects and objects."
msgstr "Os ficheiros binários das polÃticas estão em <filename>/etc/selinux/<replaceable>nome-polÃtica</replaceable>/</filename>. A polÃtica dos tipos e dos domÃnios é configurada em separado do contexto de segurança dos sujeitos e objectos."
#: en_US/selinux-faq.xml:274(para) en_US/selinux-faq.xml:329(para) en_US/selinux-faq.xml:476(para) en_US/selinux-faq.xml:499(para)
msgid "More information on the different policies available in SELinux can be found at <ulink url=\"http://fedoraproject.org/wiki/SELinux/Policies\"/>."
msgstr "Poderá encontrar mais informações sobre as diferentes polÃticas disponÃveis no SELinux em <ulink url=\"http://fedoraproject.org/wiki/SELinux/Policies\"/>."
#: en_US/selinux-faq.xml:286(para)
msgid "What is the &SEL; targeted policy?"
msgstr "O que é uma polÃtica-alvo do &SEL;?"
#: en_US/selinux-faq.xml:291(para)
msgid "When &SEL; was initially introduced in &FC;, it enforced the NSA strict policy. For testing purposes, this effectively exposed hundreds of problems in the strict policy. In addition, it demonstrated that applying a single strict policy to the many environments of &FED; users was not feasible. To manage a single strict policy for anything other than default installation would require local expertise."
msgstr "Quando o &SEL; foi introduzido inicialmente no &FC;, obrigava a usar a polÃtica restrita da NSA. Para fins de teste, isto expunha efectivamente centenas de problemas na polÃtica restrita. Para além disso, demonstrava que a aplicação de uma polÃtica restrita aos vários ambientes dos utilizadores do &FED; não era exequÃvel. Para gerir uma única polÃtica restrita para tudo o que não fosse a instalação predefinida, teria de haver alguma experiência aplicada a nÃvel local."
#: en_US/selinux-faq.xml:300(para)
msgid "At this point, the &SEL; developers reviewed their choices, and decided to try a different strategy. They decided to create a <firstterm>targeted</firstterm> policy that locks down specific daemons, especially those vulnerable to attack or which could devastate a system if broken or compromised. The rest of the system runs exactly as it would under standard Linux DAC security."
msgstr "Nest altura, os programadores do &SEL; reveram as suas escolhas e optaram por tentar uma estratégia diferente. Decidiram criar uma polÃtica-<firstterm>alvo</firstterm> que bloqueia os servidores especÃficos, especialmente aqueles que são vulneráveis a ataques ou que poderiam devastar um sistema, se tivessem problemas ou fossem atacados. O resto do sistema funciona exactamente como aconteceria numa polÃtica normal de DAC do Linux."
#: en_US/selinux-faq.xml:308(para)
msgid "Under the targeted policy, most processes run in the <computeroutput>unconfined_t</computeroutput> domain. As the name implies, these processes are mostly unconfined by the &SEL; policy. They are still governed by standard Linux DAC security, however."
msgstr "Na polÃtica-alvo, a maioria dos processos corre no domÃnio <computeroutput>unconfined_t</computeroutput>. Como o nome indica em inglês, estes processos não estão confinados na polÃtica do &SEL;. São à mesma cobertos pela polÃtica de segurança DAC normal do Linux, todavia."
#: en_US/selinux-faq.xml:315(para)
msgid "Those network daemons which are addressed in the targeted policy make a transition to the targeted policy when the application starts. For example, at system boot, <command>init</command> runs under the <computeroutput>unconfined_t</computeroutput> policy. When <command>named</command> starts, it makes a transition to the <computeroutput>named_t</computeroutput> domain and is locked down by the appropriate policy."
msgstr "Estes servidores de rede, os quais são tratados pela polÃtica-alvo, fazem uma transição para a polÃtica-alvo quando a aplicação arranca. Por exemplo, no arranqie do sistema, o <command>init</command> executa-se sob a polÃtica <computeroutput>unconfined_t</computeroutput>. Quando o <command>named</command> se inicia, faz uma transição para o domÃnio <computeroutput>named_t</computeroutput> e é bloqueado pela polÃtica apropriada."
#: en_US/selinux-faq.xml:324(para)
msgid "For more information on enabling or disabling targeted policy on each of the specific daemons, refer to <xref linkend=\"qa-using-s-c-securitylevel\"/>."
msgstr "Para mais informações sobre a activação e desactivação da polÃtica-alvo para cada um dos servidores especÃficos, veja em <xref linkend=\"qa-using-s-c-securitylevel\"/>."
#: en_US/selinux-faq.xml:338(para)
msgid "What programs are protected by the targeted policy?"
msgstr "Quais os programas que são protegidos pela polÃtica-alvo?"
#: en_US/selinux-faq.xml:343(para)
msgid "Currently, the list of programs is approximately:"
msgstr "De momento, a lista de programas é, aproximadamente:"
#: en_US/selinux-faq.xml:346(para)
msgid "<filename>accton</filename>, <filename>amanda</filename>, <filename>httpd</filename> (apache), <filename>arpwatch</filename>, <filename>pam</filename>, <filename>automount</filename>, <filename>avahi</filename>, <filename>named</filename>, <filename>bluez</filename>, <filename>lilo</filename>, <filename>grub</filename>, <filename>canna</filename>, <filename>comsat</filename>, <filename>cpucontrol</filename>, <filename>cpuspeed</filename>, <filename>cups</filename>, <filename>cvs</filename>, <filename>cyrus</filename>, <filename>dbskkd</filename>, <filename>dbus</filename>, <filename>dhcpd</filename>, <filename>dictd</filename>, <filename>dmidecode</filename>, <filename>dovecot</filename>, <filename>fetchmail</filename>, <filename>fingerd</filename>, <filename>ftpd</filename> (vsftpd, proftpd, and muddleftpd), <filename>gpm</filename>, <filename>hald</filename>, <filename>hotplug</filename>, <filename>howl</filename>, <filename>innd</filename>, <filename>kerberos</file!
name>, <filename>ktalkd</filename>, <filename>openldap</filename>, <filename>auditd</filename>, <filename>syslog</filename>, <filename>logwatch</filename>, <filename>lpd</filename>, <filename>lvm</filename>, <filename>mailman</filename>, <filename>module-init-tools</filename>, <filename>mount</filename>, <filename>mysql</filename>, <filename>NetworkManager</filename>, <filename>NIS</filename>, <filename>nscd</filename>, <filename>ntp</filename>, <filename>pegasus</filename>, <filename>portmap</filename>, <filename>postfix</filename>, <filename>postgresql</filename>, <filename>pppd</filename>, <filename>pptp</filename>, <filename>privoxy</filename>, <filename>procmail</filename>, <filename>radiusd</filename>, <filename>radvd</filename>, <filename>rlogin</filename>, <filename>nfs</filename>, <filename>rsync</filename>, <filename>samba</filename>, <filename>saslauthd</filename>, <filename>snmpd</filename>, <filename>spamd</filename>, <filename>squid</filename>, <filename>stunn!
el</filename>, <filename>dhcpc</filename>, <filename>ifconfig<!
/filen
>, <filename>sysstat</filename>, <filename>tcp wrappers</filename>, <filename>telnetd</filename>, <filename>tftpd</filename>, <filename>updfstab</filename>, <filename>user management</filename> (passwd, useradd, etc.), <filename>crack</filename>, <filename>uucpd</filename>, <filename>vpnc</filename>, <filename>webalizer</filename>, <filename>xend</filename>, <filename>xfs</filename>, <filename>zebra</filename>"
msgstr "<filename>accton</filename>, <filename>amanda</filename>, <filename>httpd</filename> (apache), <filename>arpwatch</filename>, <filename>pam</filename>, <filename>automount</filename>, <filename>avahi</filename>, <filename>named</filename>, <filename>bluez</filename>, <filename>lilo</filename>, <filename>grub</filename>, <filename>canna</filename>, <filename>comsat</filename>, <filename>cpucontrol</filename>, <filename>cpuspeed</filename>, <filename>cups</filename>, <filename>cvs</filename>, <filename>cyrus</filename>, <filename>dbskkd</filename>, <filename>dbus</filename>, <filename>dhcpd</filename>, <filename>dictd</filename>, <filename>dmidecode</filename>, <filename>dovecot</filename>, <filename>fetchmail</filename>, <filename>fingerd</filename>, <filename>ftpd</filename> (vsftpd, proftpd, and muddleftpd), <filename>gpm</filename>, <filename>hald</filename>, <filename>hotplug</filename>, <filename>howl</filename>, <filename>innd</filename>, <filename>kerberos</fil!
ename>, <filename>ktalkd</filename>, <filename>openldap</filename>, <filename>auditd</filename>, <filename>syslog</filename>, <filename>logwatch</filename>, <filename>lpd</filename>, <filename>lvm</filename>, <filename>mailman</filename>, <filename>module-init-tools</filename>, <filename>mount</filename>, <filename>mysql</filename>, <filename>NetworkManager</filename>, <filename>NIS</filename>, <filename>nscd</filename>, <filename>ntp</filename>, <filename>pegasus</filename>, <filename>portmap</filename>, <filename>postfix</filename>, <filename>postgresql</filename>, <filename>pppd</filename>, <filename>pptp</filename>, <filename>privoxy</filename>, <filename>procmail</filename>, <filename>radiusd</filename>, <filename>radvd</filename>, <filename>rlogin</filename>, <filename>nfs</filename>, <filename>rsync</filename>, <filename>samba</filename>, <filename>saslauthd</filename>, <filename>snmpd</filename>, <filename>spamd</filename>, <filename>squid</filename>, <filename>stun!
nel</filename>, <filename>dhcpc</filename>, <filename>ifconfig!
</file
e>, <filename>sysstat</filename>, <filename>tcp wrappers</filename>, <filename>telnetd</filename>, <filename>tftpd</filename>, <filename>updfstab</filename>, <filename>user management</filename> (passwd, useradd, etc.), <filename>crack</filename>, <filename>uucpd</filename>, <filename>vpnc</filename>, <filename>webalizer</filename>, <filename>xend</filename>, <filename>xfs</filename>, <filename>zebra</filename>"
#: en_US/selinux-faq.xml:459(para)
msgid "What about the strict policy? Does it even work?"
msgstr "Então e a polÃtica restrita? Ainda funciona sequer?"
#: en_US/selinux-faq.xml:464(para)
msgid "The strict policy <emphasis>does</emphasis> work on &FC;. It is challenged by the unique environments of different users. To use the strict policy in your environment, you may need to fine-tune both the policy and your systems."
msgstr "A polÃtica restrita <emphasis>funciona de facto</emphasis> no &FC;. O desafio são os ambientes únicos dos diferentes utilizadores. Para utilizar a polÃtica restrita no seu ambiente, poderá ter de afinar tanto a sua polÃtica como os seus sistemas."
#: en_US/selinux-faq.xml:470(para)
msgid "To make the strict policy easier to use, &SEL; developers have tried to make the change from one policy to the other easier. For example, <command>system-config-securitylevel</command> builds a relabel into the startup scripts."
msgstr "Para tornar a polÃtica restrita mais simples de usar, os programadores do &SEL; tentaram fazer a alteração de uma polÃtica para a outra mais simples. Por exemplo, o <command>system-config-securitylevel</command> cria um 'relabel' (mudança de nome) nos programas de arranque."
#: en_US/selinux-faq.xml:485(para)
msgid "What is the mls policy? Who is it for?"
msgstr "O que é a polÃtica 'mls'? Para quem é que serve?"
#: en_US/selinux-faq.xml:490(para)
msgid "The mls policy is similar to the strict policy, but adds an additional field to security contexts for separating levels. &SEL; can use these levels to separate data in an environment that calls for strict hierarchical separation. A typical example is a military setting, where data is classified at a certain level. This policy is geared toward this sort of environment, and is probably not useful to you unless you fall into this category."
msgstr "A polÃtica 'mls' é semelhante à polÃtica restrita, só que acrescenta um campo adicional aos contextos de segurança, para separar os nÃveis. O &SEL; poderá usar estes nÃveis para separar os dados num ambiente que obriga a uma separação hierárquica restrita. Um exemplo tÃpico é uma configuração militar, onde os dados são secretos a um dado nÃvel. Esta polÃtica está destinada a este tipo de ambientes, e poderá não ser útil para si, a menos que caia nesta categoria."
#: en_US/selinux-faq.xml:508(para)
msgid "What is the Reference Policy?"
msgstr "O que é a PolÃtica de Referência?"
#: en_US/selinux-faq.xml:513(para)
msgid "The <firstterm>Reference Policy</firstterm> is a new project maintained by Tresys Technology (<ulink url=\"http://www.tresys.com/\"/>) designed to rewrite the entire SELinux policy in a way that is easier to use and understand. To do this, it uses the concepts of modularity, abstraction, and well-defined interfaces. Refer to <ulink url=\"http://serefpolicy.sourceforge.net/\"/> for more information on the Reference Policy."
msgstr "A <firstterm>PolÃtica de Referência</firstterm> é um novo projecto mantido pela Tresys Technology (<ulink url=\"http://www.tresys.com/\"/>), que é desenhado para escrever do zero a polÃtica inteira do SELinux, de forma a ser mais simples de usar e compreender. Para o fazer, usa os conceitos de modularidade, abstracção e interfaces bem-definidas. Veja em <ulink url=\"http://serefpolicy.sourceforge.net/\"/> mais informações sobre a PolÃtica de Referência."
#: en_US/selinux-faq.xml:524(para)
msgid "Note that Reference Policy is not a new type of policy, like targeted or strict. Rather, it is a new base that policies can be built from. Targeted, strict, and mls policies can all be built from Reference Policy. In fact, one of the design goals of Reference Policy is to have a single unified source tree for the different policy variants."
msgstr "Lembre-se que a PolÃtica de Referência não é um novo tipo de polÃtica, como a polÃtica-alvo ou a restrita. Em vez dissom é uma base nova, a partir da qual poderão ser criadas as polÃticas. As polÃticas-alvo, restritas e 'mls' opderão ser todas criadas a partir da PolÃtica de Referência. De facto, um dos objectivos de desenho da PolÃtica de Referência é ter uma árvore de código unificada para as diferentes variantes de polÃticas."
#: en_US/selinux-faq.xml:532(para)
msgid "Fedora policies at version 1.x are based on the traditional example policy. Version 2.x policies (as used in &FC;&LOCALVER;) are based on the Reference Policy."
msgstr "As polÃticas do Fedora na versão 1.x são baseadas na polÃtica de exemplo tradicional. As polÃticas da versão 2.x (as usadas no &FC;&LOCALVER;) são baseadas na PolÃtica de Referência."
#: en_US/selinux-faq.xml:541(para)
msgid "What are file contexts?"
msgstr "O que são os contextos de ficheiros?"
#: en_US/selinux-faq.xml:546(para)
msgid "<firstterm>File contexts</firstterm> are used by the <command>setfiles</command> command to generate persistent labels which describe the security context for a file or directory."
msgstr "Os <firstterm>contextos de ficheiros</firstterm> são usados pelo comando <command>setfiles</command> para gerar os nomes ou legendas persistentes, que descrevem o contexto de segurança de um ficheiro ou pasta."
#: en_US/selinux-faq.xml:551(para)
msgid "&FC; ships with the <command>fixfiles</command> script, which supports three options: <option>check</option>, <option>restore</option>, and <option>relabel</option>. This script allows users to relabel the file system without having the <filename>selinux-policy-targeted-sources</filename> package installed. The command line usage is more friendly than the standard <command>setfiles</command> command."
msgstr "O &FC; vem com o programa <command>fixfiles</command>, que suporta três opções: a <option>check</option>, a <option>restore</option> e a <option>relabel</option>. Este programa permite aos utilizadores mudarem o nome do sistema de ficheiros sem ter o pacote <filename>selinux-policy-targeted-sources</filename> instalado. A utilização da linha de comandos é mais amigável que o comando <command>setfiles</command> normal."
#: en_US/selinux-faq.xml:564(para)
msgid "How do I view the security context of a file, user, or process?"
msgstr "Como é que vejo o contexto de segurança de um ficheiro, utilizador ou processo?"
#: en_US/selinux-faq.xml:569(para)
msgid "The new option <option>-Z</option> is the short method for displaying the context of a subject or object:"
msgstr "A nova opção <option>-Z</option> é o método resumido para mostrar o contexto de um sujeito ou objecto:"
#: en_US/selinux-faq.xml:574(replaceable)
msgid "file.foo"
msgstr "ficheiro.xpto"
#: en_US/selinux-faq.xml:574(command)
msgid "ls -alZ <placeholder-1/> id -Z ps -eZ"
msgstr "ls -alZ <placeholder-1/> id -Z ps -eZ"
#: en_US/selinux-faq.xml:582(para)
msgid "What is the difference between a <firstterm>domain</firstterm> and a <firstterm>type</firstterm>?"
msgstr "Qual é a diferença entre um <firstterm>domÃnio</firstterm> e um <firstterm>tipo</firstterm>?"
#: en_US/selinux-faq.xml:588(para)
msgid "There is no difference between a domain and a type, although domain is sometimes used to refer to the type of a process. The use of domain in this way stems from Domain and Type Enforcement (DTE) models, where domains and types are separate."
msgstr "Não existem diferenças entre um domÃnio e um tipo, ainda que o domÃnio seja usado normalmente usado para se referir ao tipo de um processo. O uso de um domÃnio, desta forma, deriva dos modelos de Obrigação de DomÃnio e Tipo (DTE), onde os domÃnios e os tipos são separados."
#: en_US/selinux-faq.xml:598(para)
msgid "What are policy modules?"
msgstr "O que são os módulos de polÃticas?"
#: en_US/selinux-faq.xml:603(para)
msgid "Prior to &FC; 5, SELinux policies were monolithic, meaning that they were compiled into a single policy binary. To make changes or additions to that policy, an administrator had to change out the entire policy. With &FC; 5, the policy is now modular. This means that third party developers can ship policy modules with their applications, and then they can be added to the policy without having to switch out the entire policy in much the same way that kernel modules can add funcationality to the kernel without having to reboot the entire system."
msgstr "Antes do &FC; 5, as polÃticas do SELinux eram monolÃticas, o que significava que elas eram compiladas num único binário de polÃtica. Para fazer alterações ou adições a essa polÃtica, um administrador tinha de mudar a polÃtica inteira. Com o &FC; 5, a polÃtica agora é modular. Isto significa que os programadores legados poderão oferecer módulos de polÃticas com as suas aplicações, podendo estas ser adicionadas à polÃtica, sem ter de mudar toda a polÃtica, da mesma forma que os módulos do 'kernel' conseguem adicionar funcionalidades ao 'kernel', sem ter de reiniciar o sistema inteiro."
#: en_US/selinux-faq.xml:614(para)
msgid "This actually works by separating out compile and link steps in the policy build procedure. Policy modules are compiled from source, and linked when installed into the module store (see <xref linkend=\"faq-entry-whatis-managed-policy\"/>). This linked policy is then loaded into the kernel for enforcement."
msgstr "Isto funciona de facto ao separar as fase de compilação e edição de ligações, no procedimento de compilação da polÃtica. Os módulos da polÃtica são compilados a partir do código e são gerados os binários, quando forem instalados, no armazém de módulos (veja em <xref linkend=\"faq-entry-whatis-managed-policy\"/>). Esta polÃtica ligada é então carregada no 'kernel' para ser aplicada."
#: en_US/selinux-faq.xml:621(para)
msgid "The primary command for dealing with modules is <command>semodule</command>, which will let you perform basic functions such as installing, upgrading, or removing modules. Modules are usually stored as policy package file (.pp extension) in <filename>/usr/share/selinux/<replaceable>policyname</replaceable>/</filename>. There you should at least find the base.pp, which is the base module."
msgstr "O comando primário para lidar com os módulos é o <command>semodule</command>, que lhe permitirá efectuar funções básicas como a instalação, actualização ou remoção de módulos. Os ódulos são normalmente guardados num ficheiro de pacote de polÃticas (com a extensão '.pp') em <filename>/usr/share/selinux/<replaceable>nome-polÃtica</replaceable>/</filename>. AÃ, deverá encontrar, pelo menos, o ficheiro 'base.pp', que é o módulo de base."
#: en_US/selinux-faq.xml:635(para)
msgid "What is managed policy?"
msgstr "O que é uma polÃtica gerida?"
#: en_US/selinux-faq.xml:640(para)
msgid "Prior to &FC; 5, SELinux policies were handled as user-editable config files in etc. Unfortunately, this made it difficult to address many of the usability issues arising with SELinux. So, a new libraray, <filename>libsemanage</filename>, was added to provide userspace tools an interface to making policy management easier. All policy management should use this library to access the policy store. The policy store holds all the policy information, and is found at <filename>/etc/selinux/<replaceable>policyname</replaceable>/</filename>."
msgstr ""
#: en_US/selinux-faq.xml:651(para)
msgid "You should never have to edit the store directly. Instead, you should use tools that link against libsemanage. One example tool is <command>semanage</command>, which is a command line tool for managing much of the policy such as SELinux user mappings, SELinux port mappings, and file contexts entries. Other graphical tools are currently being developed as well."
msgstr "Nunca deverá ter de editar o armazém directamente. Em vez disso, deverá usar ferramentas que se associem à 'libsemanage'. Uma ferramenta de exemplo é a <command>semanage</command>, que é uma ferramenta da linha de comandos para gerir boa parte da polÃtica, como o mapeamento de utilizadores do SELinux, o mapeamento de portos do SELinux e os itens dos contextos dos ficheiros. Estão também a ser desenvolvidas outras ferramentas gráficas."
#: en_US/selinux-faq.xml:663(title)
msgid "Controlling &SEL;"
msgstr "Controlar o &SEL;"
#: en_US/selinux-faq.xml:666(para)
msgid "How do I install/not install &SEL;?"
msgstr "Como é que instalo/não instalo o &SEL;?"
#: en_US/selinux-faq.xml:671(para)
msgid "The installer follows the choice you make in the <guilabel>Firewall Configuration</guilabel> screen. The default running policy is the targeted policy, and it is on by default."
msgstr "O instalador segue a opção que fizer no ecrã de <guilabel>Configuração da 'Firewall'</guilabel>. A polÃtica predefinida em execução é a polÃtica-alvo, e está activa por omissão."
#: en_US/selinux-faq.xml:680(para)
msgid "How do I switch the policy I am currently using?"
msgstr "Como é que mudo a polÃtica que estou a usar de momento?"
#: en_US/selinux-faq.xml:686(title)
msgid "Use caution when switching policy"
msgstr "Tenha cuidado ao mudar de polÃtica"
#: en_US/selinux-faq.xml:687(para)
msgid "Other than trying out a new policy on a test machine for research purposes, you should seriously consider your situation before switching to a different policy on a production system. The act of switching is straightforward. This method is fairly safe, but you should try it first on a test system."
msgstr "Para além de tentar uma polÃtica nova para fins de investigação, numa máquina de testes, deverá considerar seriamente a sua situação antes de mudar para uma polÃtica diferente num sistema de produção. O acto de mudar é relativamente simples. Este método é razoavelmente seguro, mas devê-lo-á testar primeiro num sistema de testes."
#: en_US/selinux-faq.xml:695(para)
msgid "To use the automated method, run the <application>Security Level Configuration</application> tool. From the GUI Main Menu, select <menuchoice><guimenu>Desktop</guimenu><guisubmenu>System Settings</guisubmenu><guimenuitem>Security level</guimenuitem></menuchoice>, or from a terminal, run <command>system-config-securitylevel</command>. Change the policy as desired and ensure that the <guilabel>Relabel on next reboot</guilabel> option is enaled."
msgstr "Para usar o método automatizado, execute a ferramenta de <application>Configuração do NÃvel de Segurança</application>. No menu principal do ambiente de trabalho, seleccione <menuchoice><guimenu>Ambiente de Trabalho</guimenu><guisubmenu>Configuração do Sistema</guisubmenu><guimenuitem>NÃvel de Segurança</guimenuitem></menuchoice> ou, num terminal, execute o <command>system-config-securitylevel</command>. Mude a polÃtica como desejar e garanta que a opção <guilabel>Mudar de nome ao reiniciar de novo</guilabel> está activa."
#: en_US/selinux-faq.xml:707(para)
msgid "You can also perform these steps manually with the following procedure:"
msgstr "Poderá também efectuar estes passos manualmente com o seguinte procedimento:"
#: en_US/selinux-faq.xml:713(para)
msgid "Edit <filename>/etc/selinux/config</filename> and change the type and the mode of policy:"
msgstr "Edite o <filename>/etc/selinux/config</filename> e mude o tipo e o modo da polÃtica:"
#: en_US/selinux-faq.xml:718(replaceable)
msgid "policyname"
msgstr "nome-polÃtica"
#: en_US/selinux-faq.xml:718(userinput)
#, no-wrap
msgid "SELINUXTYPE=<placeholder-1/>\nSELINUX=permissive"
msgstr ""
"SELINUXTYPE=<placeholder-1/>\n"
"SELINUX=permissive"
#: en_US/selinux-faq.xml:721(para)
msgid "This step ensures you will not be locked out after rebooting. &SEL; will run under the correct policy, but will allow you to login if there is a problem such as incorrect file context labeling."
msgstr "Este tipo garante que você não ficará bloqueado depois de reiniciar o sistema. O &SEL; irá correr com a polÃtica correcta, mas permitir-lhe-á autenticar-se se ocorrer um problema, como a mudança de nome de um contexto de ficheiros incorrcto."
#: en_US/selinux-faq.xml:729(para)
msgid "Set the system to relabel the file system on reboot:"
msgstr "Configure o sistema para mudar o nome no sistema de ficheiros ao reiniciar:"
#: en_US/selinux-faq.xml:733(command)
msgid "touch /.autorelabel"
msgstr "touch /.autorelabel"
#: en_US/selinux-faq.xml:737(para)
msgid "Reboot the system. A clean restart under the new policy allows all system processes to be started in the proper context, and reveals any problems in the policy change."
msgstr "Reinicie o sistema. Um arranque limpo, com a polÃtica nova, permite iniciar todos os processos do sistema no contexto correcto, revelando todos os problemas que existem pela mudança de polÃtica."
#: en_US/selinux-faq.xml:744(para)
msgid "Confirm your changes took effect with the following command:"
msgstr "Confirme se as suas alterações fizeram efeito com o seguinte comando:"
#: en_US/selinux-faq.xml:748(command)
msgid "sestatus -v"
msgstr "sestatus -v"
#: en_US/selinux-faq.xml:750(para)
msgid "With the new system running in <computeroutput>permissive</computeroutput> mode, check <filename>/var/log/messages</filename> for <computeroutput>avc: denied</computeroutput> messages. These may indicate a problem that needs to be solved for the system to run without trouble under the new policy."
msgstr "Com o novo sistema a correr no modo <computeroutput>permissive</computeroutput> (permissivo), verifique o <filename>/var/log/messages</filename> à procura de mensagens <computeroutput>avc: denied</computeroutput>. Estas poderão indicar um problema que necessita de ser corrigido para o sistema se executar sem problemas na nova polÃtica."
#: en_US/selinux-faq.xml:760(para)
msgid "When you are satisfied that the system runs stable under the new policy, enable enforcing by changing <computeroutput>SELINUX=enforcing</computeroutput>. You can either reboot or run <command>setenforce 1</command> to turn enforcing on in real time."
msgstr "Quando estiver satifeito com a estabilidade com o sistema corre com a nova polÃtica, active o modo real ou obrigatório, mudando para <computeroutput>SELINUX=enforcing</computeroutput>. Poderá tanto reiniciar o sistema como executar o comando <command>setenforce 1</command> para activar a efectividade do sistema em tempo-real."
#: en_US/selinux-faq.xml:773(para)
msgid "How can I back up files from an &SEL; file system?"
msgstr "Como é que posso salvaguardar os ficheiros de um sistema de ficheiros do &SEL;?"
#: en_US/selinux-faq.xml:778(para)
msgid "Use the <command>star</command> utility, which supports the extended attributes that store the security context labels. Specify the <option>-xattr</option> and <option>-H=exustar</option> options when creating archives."
msgstr "Use o utilitário <command>star</command>, que suporta os atributos extendidos que guardam os nomes dos contextos de segurança. Indique a opção <option>-xattr</option> e <option>-H=exustar</option> ao criar os pacotes."
#: en_US/selinux-faq.xml:785(command)
msgid "ls -Z /var/log/maillog"
msgstr "ls -Z /var/log/maillog"
#: en_US/selinux-faq.xml:787(command)
msgid "cd /var/log star -xattr -H=exustar -c -f maillog.star ./maillog*"
msgstr "cd /var/log star -xattr -H=exustar -c -f maillog.star ./maillog*"
#: en_US/selinux-faq.xml:784(screen)
#, no-wrap
msgid "\n<placeholder-1/>\n-rw------- root root system_u:object_r:var_log_t /var/log/maillog\n<placeholder-2/>\n"
msgstr ""
"\n"
"<placeholder-1/>\n"
"-rw------- root root system_u:object_r:var_log_t /var/log/maillog\n"
"<placeholder-2/>\n"
#: en_US/selinux-faq.xml:791(title)
msgid "Absolute paths can overwrite existing data"
msgstr "Os locais absolutos poderão substituir os dados existentes"
#: en_US/selinux-faq.xml:792(para)
msgid "If you use an absolute path, such as <filename>/var/log/maillog</filename>, when you unpack the archive with <command>star -c -f</command>, the files will be restored on the same path they were archived with. The <filename>maillog</filename> file will attempt to write to <filename>/var/log/maillog</filename>. You should received a warning from <command>star</command> if the files about to be overwritten have a later date, but you cannot rely on this behavior."
msgstr "Se usar um local absoluto, como o <filename>/var/log/maillog</filename>, ao descomprimir o pacote com o <command>star -c -f</command>, os ficheiros serão repostos no mesmo local com que foram arquivados. O ficheiro <filename>maillog</filename> irá tentar gravar no <filename>/var/log/maillog</filename>. Deverá receber um aviso do <command>star</command> se os ficheiros prestes a serem sobrepostos tiverem uma data posterior, mas não poderá confiar neste comportamento."
#: en_US/selinux-faq.xml:803(para)
msgid "Consider carefully how you construct your archiving argument."
msgstr "Pense com cuidado na forma como constrói o seu argumento de arquivo."
#: en_US/selinux-faq.xml:811(para)
msgid "How can I install the strict policy by default with kickstart?"
msgstr "Como é posso instalar a polÃtica restrita por omissão com o 'kickstart'?"
#: en_US/selinux-faq.xml:818(para)
msgid "Under the <computeroutput>%packages</computeroutput> section, add <filename>selinux-policy-strict</filename>."
msgstr "Na secção <computeroutput>%packages</computeroutput>, adicione a <filename>selinux-policy-strict</filename>."
#: en_US/selinux-faq.xml:824(para)
msgid "Under the <computeroutput>%post</computeroutput> section, add the following:"
msgstr "Na secção <computeroutput>%post</computeroutput>, adicione o seguinte:"
#: en_US/selinux-faq.xml:829(computeroutput)
#, no-wrap
msgid "lokkit -q --selinuxtype=strict\ntouch /.autorelabel"
msgstr ""
"lokkit -q --selinuxtype=strict\n"
"touch /.autorelabel"
#: en_US/selinux-faq.xml:838(para)
msgid "How do I enable/disable &SEL; protection on specific daemons under the targeted policy?"
msgstr "Como é que activo/desactivo a protecção do &SEL; em domÃnios especÃficos, sob a polÃtica-alvo?"
#: en_US/selinux-faq.xml:844(para)
msgid "Use <command>system-config-securitylevel</command>, also known as the <application>Security Level Configuration</application> graphical tool, to control the Boolean values of specific daemons. For example, if you need to disable &SEL; for Apache to run correctly in your environment, you can disable the value in <command>system-config-securitylevel</command>. This change disables the transition to the policy defined in <filename>apache.te</filename>, allowing <command>httpd</command> to remain under regular Linux DAC security."
msgstr ""
#: en_US/selinux-faq.xml:860(para)
msgid "How do I make a user <filename>public_html</filename> directory work under &SEL;?"
msgstr "Como é que ponho a pasta <filename>public_html</filename> de um utilizador a funcionar no &SEL;?"
#: en_US/selinux-faq.xml:866(para)
msgid "This process presumes that you have enabled user public HTML directories in your Apache configuration file, <filename>/etc/httpd/conf/httpd.conf</filename>. This process only covers serving static Web content. For more information about &APACHE; and &SEL;, refer to <ulink url=\"http://fedora.redhat.com/docs/selinux-apache-fc3/\"/>."
msgstr "Este processo presume que activou as pastas de HTML públicas dos utilizadores no seu ficheiro de configuração do Apache, o <filename>/etc/httpd/conf/httpd.conf</filename>. Este processo só cobre o serviço de conteúdos Web estáticos. Para mais informações sobre o &APACHE; e o &SEL;, veja em <ulink url=\"http://fedora.redhat.com/docs/selinux-apache-fc3/\"/>."
#: en_US/selinux-faq.xml:876(para)
msgid "If you do not already have a <filename>~/public_html</filename> directory, create it and populate it with the files and folders to be served."
msgstr "Se não tiver já uma pasta <filename>~/public_html</filename>, crie uma e preencha-a com os ficheiros e pastas a serem servidos."
#: en_US/selinux-faq.xml:882(userinput)
#, no-wrap
msgid "cd ~\nmkdir public_html\ncp /path/to/content ~/public_html"
msgstr ""
"cd ~\n"
"mkdir public_html\n"
"cp /local/do/conteudo ~/public_html"
#: en_US/selinux-faq.xml:888(para)
msgid "At this point, <command>httpd</command> is configured to serve the contents, but you will still receive a <computeroutput>403\n\t\t forbidden</computeroutput> error. This is because <command>httpd</command> is not allowed to read the security type for the directory and files as they are created in the user's home directory. Change the security context of the folder and its contents recursively using the <option>-R</option> option:"
msgstr ""
"Nesta altura, o <command>httpd</command> está configurado para servir o conteúdo, mas irá receber à mesma um erro <computeroutput>403\n"
"\t\t forbidden</computeroutput> (proibido). Isto tem a ver com o facto de o <command>httpd</command> não ter permissões para ler o tipo de segurança da pasta e dos ficheiros, à medida que são criados na pasta pessoal do utilizador. Mude o contexto de segurança da pasta e do seu conteúdo, de forma recursiva, com a opção <option>-R</option>:"
#: en_US/selinux-faq.xml:899(userinput)
#, no-wrap
msgid "ls -Z -d public_html/"
msgstr "ls -Z -d public_html/"
#: en_US/selinux-faq.xml:900(computeroutput)
#, no-wrap
msgid "drwxrwxr-x auser auser user_u:object_r:user_home_t public_html"
msgstr "drwxrwxr-x umutilizador umutilizador user_u:object_r:user_home_t public_html"
#: en_US/selinux-faq.xml:901(userinput)
#, no-wrap
msgid "chcon -R -t httpd_user_content_t public_html/\nls -Z -d public_html/"
msgstr ""
"chcon -R -t httpd_user_content_t public_html/\n"
"ls -Z -d public_html/"
#: en_US/selinux-faq.xml:903(computeroutput)
#, no-wrap
msgid "drwxrwxr-x auser auser user_u:object_r:httpd_user_content_t public_html/"
msgstr "drwxrwxr-x umutilizador umutilizador user_u:object_r:httpd_user_content_t public_html/"
#: en_US/selinux-faq.xml:904(userinput)
#, no-wrap
msgid "ls -Z public_html/"
msgstr "ls -Z public_html/"
#: en_US/selinux-faq.xml:905(computeroutput)
#, no-wrap
msgid "-rw-rw-r-- auser auser user_u:object_r:httpd_user_content_t bar.html\n-rw-rw-r-- auser auser user_u:object_r:httpd_user_content_t baz.html\n-rw-rw-r-- auser auser user_u:object_r:httpd_user_content_t foo.html"
msgstr ""
"-rw-rw-r-- umutilizador umutilizador user_u:object_r:httpd_user_content_t xpto3.html\n"
"-rw-rw-r-- umutilizador umutilizador user_u:object_r:httpd_user_content_t xpto2.html\n"
"-rw-rw-r-- umutilizador umutilizador user_u:object_r:httpd_user_content_t xpto.html"
#: en_US/selinux-faq.xml:909(para)
msgid "You may notice at a later date that the user field, set here to <computeroutput>user_u</computeroutput>, is changed to <computeroutput>system_u</computeroutput>. This does not affect how the targeted policy works. The field that matters is the type field."
msgstr "Poderá reparar mais tarde que o campo do utilizador, definido aqui como <computeroutput>user_u</computeroutput>, é mudado para <computeroutput>system_u</computeroutput>. Isto não afecta a forma como a polÃtica-alvo funciona. O campo que interessa é o campo do tipo."
#: en_US/selinux-faq.xml:918(para)
msgid "Your static webpages should now be served correctly. If you continue to have errors, ensure that the Boolean which enables user home directories is enabled. You can set it using <command>system-config-securitylevel</command>. Select the <guilabel>&SEL;</guilabel> tab, and then select the <guilabel>Modify &SEL; Policy</guilabel> area. Select <computeroutput>Allow HTTPD to read home\n\t\t directories</computeroutput>. The changes take effect immediately."
msgstr "As suas páginas Web estáticas deverão agora ser servidas correctamente. Se continuar a ter erros, garanta que o valor booleano que activa as pastas dos utilizadores está activo. Podê-lo-á definir com o comando <command>system-config-securitylevel</command>. Seleccione a página do <guilabel>&SEL;</guilabel> e depois seleccione a área <guilabel>Modificar a PolÃtica do &SEL;</guilabel>. Seleccione a opção <computeroutput>Permitir ao HTTPD ler as pastas pessoais</computeroutput>. As mudanças farão efeito imediatamente."
#: en_US/selinux-faq.xml:935(para)
msgid "How do I turn &SEL; off at boot?"
msgstr "Como é que desactivo o &SEL; no arranque?"
#: en_US/selinux-faq.xml:940(para)
msgid "Set <computeroutput>SELINUX=disabled</computeroutput> in <filename>/etc/selinux/config</filename>."
msgstr "Configure o <computeroutput>SELINUX=disabled</computeroutput> no <filename>/etc/selinux/config</filename>."
#: en_US/selinux-faq.xml:944(para)
msgid "Alternatively, you can add <option>selinux=0</option> to your kernel boot parameters. However, this option is not recommended."
msgstr "Em alternativa, poderá adicionar <option>selinux=0</option> aos seus parâmetros de arranque do 'kernel'. Contudo, esta opção não é recomendada."
#: en_US/selinux-faq.xml:949(title)
msgid "Be careful when disabling &SEL;"
msgstr "Tenha cuidado ao desactivar o &SEL;"
#: en_US/selinux-faq.xml:950(para)
msgid "If you boot with <option>selinux=0</option>, any files you create while &SEL; is disabled will not have &SEL; context information. The file system will be marked for relabeling at the next boot. If an unforeseen problem prevents you from rebooting normally, you may need to boot in single-user mode for recovery. Add the option <option>emergency</option> to your kernel boot parameters."
msgstr "Se arrancar com o <option>selinux=0</option>, todos os ficheiros que criar enquanto o &SEL; estiver desactivado, não terão informações de contexto do &SEL;. O sistema de ficheiros será marcado para mudança de nome no próximo arranque. Se um problema imprevisÃvel evitar que você reinicie normalmente, poderá ter de reiniciar no modo mono-utilizador para recuperar. Adicione a opção <option>emergency</option> aos seus parâmetros de arranque do 'kernel'."
#: en_US/selinux-faq.xml:964(para)
msgid "How do I turn enforcing on/off at boot?"
msgstr "Como é que activo/desactivo o modo obrigatório no arranque?"
#: en_US/selinux-faq.xml:969(para)
msgid "You can specify the &SEL; mode using the configuration file <filename>/etc/sysconfig/selinux</filename>."
msgstr "Poderá indicar o modo do &SEL; com o ficheiro de configuração <filename>/etc/sysconfig/selinux</filename>."
#: en_US/selinux-faq.xml:974(computeroutput)
#, no-wrap
msgid "# This file controls the state of SELinux on the system.\n# SELINUX= can take one of these three values:\n# enforcing - SELinux security policy is enforced.\n# permissive - SELinux prints warnings instead of enforcing.\n# disabled - No SELinux policy is loaded."
msgstr ""
"# Este ficheiro controla o estado do SELinux no sistema.\n"
"# O SELINUX= poderá usar um destes três valores:\n"
"# enforcing - a polÃtica de segurança do SELinux é obrigatória.\n"
"# permissive - a polÃtiac do SELinux mostra mensagens em vez de ser aplicada.\n"
"# disabled - Não é carregada qualquer polÃtica do SELinux."
#: en_US/selinux-faq.xml:979(replaceable)
msgid "enforcing"
msgstr "enforcing"
#: en_US/selinux-faq.xml:980(computeroutput)
#, no-wrap
msgid "# SELINUXTYPE= type of policy in use. Possible values are:\n# targeted - Only targeted network daemons are protected.\n# strict - Full SELinux protection."
msgstr ""
"# SELINUXTYPE= tipo de polÃtica e uso. Os valores possÃveis são:\n"
"# targeted - Só os servidores de rede-alvo serão protegidos.\n"
"# strict - Protecção completa do SELinux."
#: en_US/selinux-faq.xml:983(replaceable)
msgid "targeted"
msgstr "targeted"
#: en_US/selinux-faq.xml:973(screen)
#, no-wrap
msgid "\n<placeholder-1/>\nSELINUX=<userinput><placeholder-2/></userinput>\n<placeholder-3/>\nSELINUXTYPE=<userinput><placeholder-4/></userinput>\n"
msgstr ""
"\n"
"<placeholder-1/>\n"
"SELINUX=<userinput><placeholder-2/></userinput>\n"
"<placeholder-3/>\n"
"SELINUXTYPE=<userinput><placeholder-4/></userinput>\n"
#: en_US/selinux-faq.xml:985(para)
msgid "Setting the value to <computeroutput>enforcing</computeroutput> is the same as adding <option>enforcing=1</option> to the kernel boot parameters. Setting the value to <computeroutput>permissive</computeroutput> is the same as adding <option>enforcing=0</option> to the kernel boot parameters."
msgstr "A configuração do valor <computeroutput>enforcing</computeroutput> é a mesma que adicionar <option>enforcing=1</option> aos parâmetros de arranque do 'kernel'. A configuração deste valor como <computeroutput>permissive</computeroutput> é a mesma que adicionar <option>enforcing=0</option> aos mesmos parâmetros de arranque."
#: en_US/selinux-faq.xml:992(para)
msgid "However, setting the value to <computeroutput>disabled</computeroutput> is not the same as the <option>selinux=0</option> kernel boot parameter. Rather than fully disabling &SEL; in the kernel, the <computeroutput>disabled</computeroutput> setting instead turns enforcing off and skips loading a policy."
msgstr "Contudo, configurar o valor como <computeroutput>disabled</computeroutput> não é o mesmo que o parâmetro de arranque <option>selinux=0</option>. Em vez de desactivar por completo o &SEL; no 'kernel', a opção <computeroutput>disabled</computeroutput> simplesmente desactiva a aplicação e o carregamento de uma polÃtica."
#: en_US/selinux-faq.xml:1001(title)
msgid "&SEL; Configuration Precedence"
msgstr "Precedência da Configuração do &SEL;"
#: en_US/selinux-faq.xml:1002(para)
msgid "The command line kernel parameter overrides the configuration file."
msgstr "O parâmetro da linha de comandos do 'kernel' tem precedência sobre o ficheiro de configuração."
#: en_US/selinux-faq.xml:1011(para)
msgid "How do I temporarily turn off enforcing mode without having to reboot?"
msgstr "Como é que desactivo temporariamente o modo 'enforcing' sem ter de reiniciar o sistema?"
#: en_US/selinux-faq.xml:1017(para)
msgid "Occasionally you may need to perform an action that is normally prevented by policy. Run the command <command>setenforce 0</command> to turn off enforcing mode in real time. When you are finished, run <command>setenforce 1</command> to turn enforcing back on."
msgstr "Em algumas ocasiões, poderá ter de efectuar uma acção que é impedida normalmente pela polÃtica. Execute o comando <command>setenforce 0</command> para desactivar o modo de aplicação da polÃtica em tempo-real. Quando terminar, execute <command>setenforce 1</command> para voltar a aplicar o SELinux de novo."
#: en_US/selinux-faq.xml:1025(title)
msgid "<computeroutput>sysadm_r</computeroutput> Role Required for strict policy"
msgstr "<computeroutput>sysadm_r</computeroutput> Papel obrigatório para a polÃtica restrita"
#: en_US/selinux-faq.xml:1027(para)
msgid "You must issue the <command>setenforce</command> command with the <computeroutput>sysadm_r</computeroutput> role if you are using strict policy. If you are using the standard targeted policy, then this is not necessary. Use the <command>newrole</command> command to assume this role."
msgstr "Deverá executar o comando <command>setenforce</command> com o papel de <computeroutput>sysadm_r</computeroutput>, se estiver a usar a polÃtica restrita. Se estiver a usar a polÃtica-alvo normal, então não é necessário. Use o comando <command>newrole</command> para assumir este papel."
#: en_US/selinux-faq.xml:1039(para)
msgid "How do I turn system call auditing on/off at boot?"
msgstr "Como é que desactivo a auditoria de chamadas de sistema no arranque?"
#: en_US/selinux-faq.xml:1044(para)
msgid "Add <option>audit=1</option> to your kernel command line to turn system call auditing on. Add <option>audit=0</option> to your kernel command line to turn system call auditing off."
msgstr "Adicione <option>audit=1</option> Ã sua linha de comandos do 'kernel', para activar a auditoria de chamadas do sistema. Adicione <option>audit=0</option> na mesma linha de comandos para desactivar essa auditoria."
#: en_US/selinux-faq.xml:1049(para)
msgid "System-call auditing is <emphasis>on</emphasis> by default. When on, it provides information about the system call that was executing when SELinux generated a <computeroutput>denied</computeroutput> message. The error message is helpful when debugging policy."
msgstr "A auditoria às chamadas do sistema está <emphasis>activada</emphasis> por omissão. Quando assim estiver, ela produz informações acercada da chamada de sistema que estava a ser executada, quando o SELinux gerou uma mensagem <computeroutput>denied</computeroutput> (negado). A mensagem de erro é útil para fins de depuração."
#: en_US/selinux-faq.xml:1060(para)
msgid "How do I temporarily turn off system-call auditing without having to reboot?"
msgstr "Como é que desactivo temporariamente a auditoria às chamadas de sistema sem ter de reiniciar o mesmo?"
#: en_US/selinux-faq.xml:1066(para)
msgid "Run <command>auditctl -e 0</command>. Note that this command will not affect auditing of SELinux AVC denials."
msgstr "Execute <command>auditctl -e 0</command>. Lembre-se que este comando não irá afectar a auditoria das proibições de AVC do SELinux."
#: en_US/selinux-faq.xml:1074(para)
msgid "How do I get status info about my &SEL; installation?"
msgstr "Como é que obtenho a informação do estado da minha instalação do &SEL;?"
#: en_US/selinux-faq.xml:1079(para)
msgid "As root, execute the command <command>/usr/sbin/sestatus -v</command>. For more information, refer to the <filename>sestatus(8)</filename> manual page."
msgstr "Como 'root', execute o comando <command>/usr/sbin/sestatus -v</command>. Para mais informações, veja a página de manual do <filename>sestatus(8)</filename>."
#: en_US/selinux-faq.xml:1088(para)
msgid "How do I write policy to allow a domain to use pam_unix.so?"
msgstr "Como é que escrevo uma polÃtica para permitir a um domÃnio usar o pam_unix.so?"
#: en_US/selinux-faq.xml:1093(para)
msgid "Very few domains in the SELinux world are allowed to read the <filename>/etc/shadow</filename> file. There are constraint rules that prevent policy writers from writing code like"
msgstr "Muito poucos domÃnios no mundo do SELInux têm permissão para ler o ficheiro <filename>/etc/shadow</filename>. Existem regras restritas que impedem os criadores de polÃticas de escrever código do género"
#: en_US/selinux-faq.xml:1099(command)
msgid "allow mydomain_t shadow_t:file read;"
msgstr "allow meu_dominio_t shadow_t:file read;"
#: en_US/selinux-faq.xml:1101(para)
msgid "In RHEL4 you can setup your domain to use the <command>unix_chkpwd</command> command. The easiest way is to use the <command>unix_chkpwd</command> attribute. So if you were writing policy for an ftpd daemon you would write something like"
msgstr "No RHEL4, poderá configurar o seu domÃnio para usar o comando <command>unix_chkpwd</command>. A forma mais simples é usar o atributo <command>unix_chkpwd</command>. Por isso, se estiver a criar a polÃtica para um servidor 'ftpd', iria escrever algo do tipo"
#: en_US/selinux-faq.xml:1108(command)
msgid "daemon_domain(vsftpd, `auth_chkpwd')"
msgstr "daemon_domain(vsftpd, `auth_chkpwd')"
#: en_US/selinux-faq.xml:1110(para)
msgid "This would create a context where vsftpd_t -> chkpwd_exec_t -> system_chkpwd_t which can read <filename>/etc/shadow</filename>, while vsftpd_t is not able to read it."
msgstr "Isto iria criar um contexto onde o vsftpd_t -> chkpwd_exec_t -> system_chkpwd_t, o qual pode ler o <filename>/etc/shadow</filename>, enquanto o vsftpd_t is não tem permissões para o ler."
#: en_US/selinux-faq.xml:1116(para)
msgid "In &FC;&LOCALVER;/RHEL5, add the rule"
msgstr "No &FC;&LOCALVER;/RHEL5, adiicione a regra"
#: en_US/selinux-faq.xml:1120(command)
msgid "auth_domtrans_chk_passwd(vsftpd_t)"
msgstr "auth_domtrans_chk_passwd(vsftpd_t)"
#: en_US/selinux-faq.xml:1126(para)
msgid "In the past I have written local.te file in policy sources for my own local customization to policy, how do I do this with Reference Policy?"
msgstr "No passado, criei o ficheiro local.te no código da polÃtica para a minha personalização local da polÃtica; como é que faço isto com a PolÃtica de Referência?"
#: en_US/selinux-faq.xml:1133(para)
msgid "If you have specific AVC messages you can use <command>audit2allow</command> to generate a Type Enforcement file that is ready to load as a policy module."
msgstr "Se tiver mensagens de AVC especÃficas, poderá usar o <command>audit2allow</command> para gerar um ficheiro de Type Enforcement que está pronto a ser carregado como um módulo de polÃticas."
#: en_US/selinux-faq.xml:1140(command)
msgid "audit2allow -M local < /tmp/avcs"
msgstr "audit2allow -M local < /tmp/avcs"
#: en_US/selinux-faq.xml:1142(para)
msgid "This will create a <filename>local.pp</filename> which you can then load into the kernel using <command>semodule -i local.pp</command>. You can also edit the <filename>local.te</filename> to make additional customizations."
msgstr ""
#: en_US/selinux-faq.xml:1150(computeroutput)
#, no-wrap
msgid "audit2allow -M local -l -i /var/log/messages\nGenerating type enforcment file: local.te\nCompiling policy\ncheckmodule -M -m -o local.mod local.te\nsemodule_package -o local.pp -m local.mod\n\n******************** IMPORTANT ***********************\n\nIn order to load this newly created policy package into the kernel,\nyou are required to execute\n\nsemodule -i local.pp"
msgstr ""
#: en_US/selinux-faq.xml:1163(para)
msgid "Note that the above assumes you are not using the audit daemon. If you were using the audit daemon, then you should use <filename>/var/log/audit/audit.log</filename> instead of <filename>/var/log/messages</filename> as your log file. This will generate a <filename>local.te</filename> file, that looks something like the following:"
msgstr ""
#: en_US/selinux-faq.xml:1172(computeroutput)
#, no-wrap
msgid "module local 1.0;\n\nrequire {\n class file { append execute execute_no_trans getattr ioctl read write };\n type httpd_t;\n type httpd_w3c_script_exec_t;\n };\n\n\nallow httpd_t httpd_w3c_script_exec_t:file { execute execute_no_trans getattr ioctl read };"
msgstr ""
#: en_US/selinux-faq.xml:1183(para)
msgid "You can hand edit this file and then recompile and reload it using"
msgstr ""
#: en_US/selinux-faq.xml:1189(para)
msgid "<command>checkmodule</command> to compile the te file"
msgstr ""
#: en_US/selinux-faq.xml:1194(para)
msgid "<command>semodule_package</command> to create a policy package"
msgstr ""
#: en_US/selinux-faq.xml:1199(para)
msgid "<command>semodule</command> to add it to the current machines running policy"
msgstr ""
#: en_US/selinux-faq.xml:1205(title)
msgid "Important"
msgstr ""
#: en_US/selinux-faq.xml:1206(para)
msgid "In order to load this newly created policy package into the kernel, you are required to execute <command>semodule -i local.pp</command>"
msgstr ""
#: en_US/selinux-faq.xml:1216(para)
msgid "I created a new Policy Package where do I put it to make sure that it gets loaded into the kernel?"
msgstr ""
#: en_US/selinux-faq.xml:1222(para)
msgid "All you need to do execute the <command>semodule -i myapp.pp</command> command. This modifies the policy that is stored on the machine. Everytime for now on your policy module will get loaded with the rest of the policy. You can even remove the pp file from the system."
msgstr ""
#: en_US/selinux-faq.xml:1230(para)
msgid "<command>semodule -l</command> will list the currently loaded modules."
msgstr ""
#: en_US/selinux-faq.xml:1235(computeroutput)
#, no-wrap
msgid "#semodule -i \nmyapp 1.2.1"
msgstr ""
#: en_US/selinux-faq.xml:1238(para)
msgid "If you later would like to remove the policy package, you can execute <command>semodule -r myapp</command>."
msgstr ""
#: en_US/selinux-faq.xml:1246(title)
msgid "Resolving Problems"
msgstr ""
#: en_US/selinux-faq.xml:1249(para)
msgid "My application isn't working as expected and I am seeing <computeroutput>avc: denied</computeroutput> messages. How do I fix this?"
msgstr ""
#: en_US/selinux-faq.xml:1256(para)
msgid "This message means that the current SELinux policy is not allowing the application to do something. There are a number of reasons this could happen."
msgstr ""
#: en_US/selinux-faq.xml:1261(para)
msgid "First, one of the files the application is trying to access could be mislabeled. If the AVC message refers to a specific file, inspect its current label with <command>ls -alZ <replaceable>/path/to/file</replaceable></command>. If it seems wrong, use the command <command>restorecon -v <replaceable>/path/to/file</replaceable></command> to restore the file's default context. If you have a large number of denials related to files, you may want to use <command>fixfiles relabel</command>, or run <command>restorecon -R <replaceable>/path</replaceable></command> to recursively relabel a directory path."
msgstr ""
#: en_US/selinux-faq.xml:1274(para)
msgid "Denials are sometimes due to a configuration change in the program that triggered the denial message. For example, if you change Apache to also listen on port 8800, you must also change the security policy, <filename>apache.te</filename>. Refer to <xref linkend=\"external-link-list\"/> for more information about writing policy."
msgstr ""
#: en_US/selinux-faq.xml:1282(para)
msgid "If you are having trouble getting a specific application like Apache to work, refer to <xref linkend=\"qa-using-s-c-securitylevel\"/> for information on disabling enforcement just for that application."
msgstr ""
#: en_US/selinux-faq.xml:1314(para)
msgid "I installed &FC; on a system with an existing <filename>/home</filename> partition, and now I can't log in."
msgstr ""
#: en_US/selinux-faq.xml:1320(para)
msgid "Your <filename>/home</filename> partition is not labeled correctly. You can easily fix this two different ways."
msgstr ""
#: en_US/selinux-faq.xml:1324(para)
msgid "If you just want to relabel <filename>/home</filename> recursively:"
msgstr ""
#: en_US/selinux-faq.xml:1329(command)
msgid "/sbin/restorecon -v -R /home"
msgstr ""
#: en_US/selinux-faq.xml:1331(para)
msgid "If you want to be sure there are no other files incorrectly labeled, you can relabel the entire file system:"
msgstr ""
#: en_US/selinux-faq.xml:1336(command)
msgid "/sbin/fixfiles relabel"
msgstr ""
#: en_US/selinux-faq.xml:1338(para)
msgid "You must have the <filename>policycoreutils</filename> package installed to use <command>fixfiles</command>."
msgstr ""
#: en_US/selinux-faq.xml:1346(para)
msgid "After relabeling my <filename>/home</filename> using <command>setfiles</command> or <command>fixfiles</command>, will I still be able to read <filename>/home</filename> with a non-&SEL;-enabled system?"
msgstr ""
#: en_US/selinux-faq.xml:1354(para)
msgid "You can read the files from a non-&SEL; distribution, or one with &SEL; disabled. However, files created by a system not using &SEL; systems will not have a security context, nor will any files you remove and recreate. This could be a challenge with files such as <filename>~/.bashrc</filename>. You may have to relabel <filename>/home</filename> when you reboot the &SEL; enabled &FC; system."
msgstr ""
#: en_US/selinux-faq.xml:1367(para)
msgid "How do I share directories using NFS between &FC; and non-&SEL; systems?"
msgstr ""
#: en_US/selinux-faq.xml:1373(para)
msgid "Just as NFS transparently supports many file system types, it can be used to share directories between &SEL; and non-&SEL; systems."
msgstr ""
#: en_US/selinux-faq.xml:1377(para)
msgid "When you mount a non-&SEL; file system via NFS, by default &SEL; will treat all the files in the share as having a context of <computeroutput>nfs_t</computeroutput>. You can override the default context by setting it manually, using the <option>context=</option> option. The following command makes the files in the NFS mounted directory appear to have a context of <computeroutput>system_u:object_r:tmp_t</computeroutput> to &SEL;:"
msgstr ""
#: en_US/selinux-faq.xml:1387(command)
msgid "mount -t nfs -o context=system_u:object_r:tmp_t server:/shared/foo /mnt/foo"
msgstr ""
#: en_US/selinux-faq.xml:1390(para)
msgid "When &SEL; exports a file system via NFS, newly created files have the context of the directory they were created in. In other words, the presence of &SEL; on the remote mounting system has no effect on the local security contexts."
msgstr ""
#: en_US/selinux-faq.xml:1400(para)
msgid "How can I create a new Linux user account with the user's home directory having the proper context?"
msgstr ""
#. wtf was I trying to say here?
#. <para>
#. This depends on the policy you are running. A very restrictive
#. policy requires you to change
#. </para>
#: en_US/selinux-faq.xml:1412(para)
msgid "You can create your new user with the standard <command>useradd</command> command. First you must become <systemitem class=\"username\">root</systemitem>. Under the strict policy you will need to change role to <computeroutput>sysadm_r</computeroutput> with the following command:"
msgstr ""
#: en_US/selinux-faq.xml:1421(userinput)
#, no-wrap
msgid "newrole -r sysadm_r"
msgstr ""
#: en_US/selinux-faq.xml:1423(para)
msgid "For the targeted policy you will not need to switch roles, staying in <computeroutput>unconfined_t</computeroutput>:"
msgstr ""
#: en_US/selinux-faq.xml:1429(userinput)
#, no-wrap
msgid "su - root\nid -Z"
msgstr ""
#: en_US/selinux-faq.xml:1431(computeroutput)
#, no-wrap
msgid "root:system_r:unconfined_t"
msgstr ""
#: en_US/selinux-faq.xml:1432(userinput)
#, no-wrap
msgid "useradd auser\nls -Z /home"
msgstr ""
#: en_US/selinux-faq.xml:1434(computeroutput)
#, no-wrap
msgid "drwx------ auser auser root:object_r:user_home_dir_t /home/auser"
msgstr ""
#: en_US/selinux-faq.xml:1436(para)
msgid "The initial context for a new user directory has an identity of <computeroutput>root</computeroutput>. Subsequent relabeling of the file system will change the identity to <computeroutput>system_u</computeroutput>. These are functionally the same since the role and type are identical (<computeroutput>object_r:user_home_dir_t</computeroutput>.)"
msgstr ""
#: en_US/selinux-faq.xml:1477(para)
msgid "I'm having troubles with <command>avc</command> errors filling my logs for a particular program. How do I choose not to audit the access for it?"
msgstr ""
#: en_US/selinux-faq.xml:1484(para)
msgid "If you wanted to not audit <command>dmesg</command>, for example, you would put this in your <filename>dmesg.te</filename> file:"
msgstr ""
#: en_US/selinux-faq.xml:1491(userinput)
#, no-wrap
msgid "dontaudit dmesg_t userdomain:fd { use };"
msgstr ""
#: en_US/selinux-faq.xml:1493(para)
msgid "This eliminates the error output to the terminal for all user domains, including <varname>user</varname>, <varname>staff</varname> and <varname>sysadm</varname>."
msgstr ""
#: en_US/selinux-faq.xml:1502(para)
msgid "Even running in permissive mode, I'm getting a large number of <computeroutput>avc denied</computeroutput> messages."
msgstr ""
#: en_US/selinux-faq.xml:1508(para)
msgid "In a non-enforcing mode, you should actually receive <emphasis>more</emphasis> messages than in enforcing mode. The kernel logs each access denial as if you were in an enforcing mode. Since you are not restricted by policy enforcement, you can perform more actions, which results in more denials being logged."
msgstr ""
#: en_US/selinux-faq.xml:1515(para)
msgid "If an application running under an enforcing mode is denied access to read a number of files in a directory, it is stopped once at the beginning of the action. In a non-enforcing mode, the application is not stopped from traversing the directory tree, and generates a denial message for each file read in the directory."
msgstr ""
#: en_US/selinux-faq.xml:1527(para)
msgid "I get a specific permission denial only when &SEL; is in enforcing mode, but I don't see any audit messages in <filename>/var/log/messages</filename> (or <filename>/var/log/audit/audit.log</filename> if using the audit daemon). How can I identify the cause of these silent denials?"
msgstr ""
#: en_US/selinux-faq.xml:1537(para)
msgid "The most common reason for a silent denial is when the policy contains an explicit <computeroutput>dontaudit</computeroutput> rule to suppress audit messages. The <computeroutput>dontaudit</computeroutput> rule is often used this way when a benign denial is filling the audit logs."
msgstr ""
#: en_US/selinux-faq.xml:1544(para)
msgid "To look for your particular denial, you will need to enable auditing of all <computeroutput>dontaudit</computeroutput> rules:"
msgstr ""
#: en_US/selinux-faq.xml:1549(command)
msgid "semodule -b /usr/share/selinux/targeted/enableaudit.pp"
msgstr ""
#: en_US/selinux-faq.xml:1552(title)
msgid "Enabled <computeroutput>dontaudit</computeroutput> output is verbose"
msgstr ""
#: en_US/selinux-faq.xml:1554(para)
msgid "Enabling auditing of all <computeroutput>dontaudit</computeroutput> rules will likely produce a large amount of audit information, most of which is irrelevant to your denial."
msgstr ""
#: en_US/selinux-faq.xml:1560(para)
msgid "Use this technique only if you are specifically looking for an audit message for a denial that seems to occur silently. You will likely want to re-enable <computeroutput>dontaudit</computeroutput> rules as soon as possible."
msgstr ""
#: en_US/selinux-faq.xml:1568(para)
msgid "Once you have found your problem you can reset to the default mode by executin"
msgstr ""
#: en_US/selinux-faq.xml:1573(command)
msgid "semodule -b /usr/share/selinux/targeted/base.pp"
msgstr ""
#: en_US/selinux-faq.xml:1603(para)
msgid "Why do I not see the output when I run certain daemons in debug or interactive mode?"
msgstr ""
#: en_US/selinux-faq.xml:1609(para)
msgid "&SEL; intentionally disables access to the tty devices to stop daemons from communicating back with the controlling terminal. This communication is a potential security hole because such daemons could insert commands into the controlling terminal. A broken or compromised program could use this hole to cause serious problems."
msgstr ""
#: en_US/selinux-faq.xml:1617(para)
msgid "There are a few ways you can capture standard output from daemons. One method is to pipe the output to the cat command."
msgstr ""
#: en_US/selinux-faq.xml:1622(command)
msgid "snmpd -v | cat"
msgstr ""
#: en_US/selinux-faq.xml:1624(para)
msgid "When debugging a daemon, you may want to turn off the transition of the daemon to its specific domain. You can do this using <command>system-config-securitylevel</command> or <command>setsebool</command> on the command line."
msgstr ""
#: en_US/selinux-faq.xml:1630(para)
msgid "A final option is to turn off enforcing mode while debugging. Issue the command <command>setenforce 0</command> to turn off enforcing mode, and use the command <command>setenforce 1</command> to re-enable &SEL; when you are finished debugging."
msgstr ""
#: en_US/selinux-faq.xml:1640(para)
msgid "When I do an upgrade of the policy package (for example, using <command>yum</command>), what happens with the policy? Is it updated automatically?"
msgstr ""
#: en_US/selinux-faq.xml:1647(para)
msgid "Policy reloads itself when the package is updated. This behavior replaces the manual <command>make load</command>."
msgstr ""
#: en_US/selinux-faq.xml:1651(para)
msgid "In certain situations, you may need to relabel the file system. This might occur as part of an &SEL; bug fix where file contexts become invalid, or when the policy update makes changes to the file <filename>/etc/selinux/targeted/contexts/files/file_contexts</filename>."
msgstr ""
#: en_US/selinux-faq.xml:1658(para)
msgid "After the file system is relabeled, a <command>reboot</command> is not required, but is useful in ensuring every process and program is running in the proper domain. This is highly dependent on the changes in the updated policy."
msgstr ""
#: en_US/selinux-faq.xml:1664(para)
msgid "To relabel, you have several options. You may use the <command>fixfiles</command> command:"
msgstr ""
#: en_US/selinux-faq.xml:1669(command)
msgid "fixfiles relabel reboot"
msgstr ""
#: en_US/selinux-faq.xml:1672(para)
msgid "Alternately, use the <filename>/.autorelabel</filename> mechanism:"
msgstr ""
#: en_US/selinux-faq.xml:1676(command)
msgid "touch /.autorelabel reboot"
msgstr ""
#: en_US/selinux-faq.xml:1683(para)
msgid "If the policy shipping with an application package changes in a way that requires relabeling, will RPM handle relabeling the files owned by the package?"
msgstr ""
#: en_US/selinux-faq.xml:1690(para)
msgid "Yes. The security contexts for the files owned by the package are stored in the header data for the package. The file contexts are set directly after the <command>cpio</command> copy, as the package files are being put on the disk."
msgstr ""
#: en_US/selinux-faq.xml:1775(para)
msgid "Why do binary policies distributed with Fedora, such as <filename>/etc/selinux/<replaceable><policyname></replaceable>/policy/policy.<replaceable><version></replaceable></filename>, and those I compile myself have different sizes and MD5 checksums?"
msgstr ""
#: en_US/selinux-faq.xml:1782(para)
msgid "When you install a policy package, pre-compiled binary policy files are put directly into <filename>/etc/selinux</filename>. The different build environments will make target files that have different sizes and MD5 checksums."
msgstr ""
#: en_US/selinux-faq.xml:1792(para)
msgid "Will new policy packages disable my system?"
msgstr ""
#: en_US/selinux-faq.xml:1797(para)
msgid "There is a possibility that changes in the policy package or in the policy shipping with an application package can cause errors, more denials, or other unknown behaviors. You can discover which package caused the breakage by reverting policy and application packages one at a time. If you don't want to return to the previous package, the older version of the configuration files will be saved with the extension <filename class=\"extension\">.rpmsave</filename>. Use the mailing lists, bugzilla, and IRC to help you work through your problem. If you are able, write or fix policy to resolve your problem."
msgstr ""
#: en_US/selinux-faq.xml:1814(para)
msgid "How can I help write policy?"
msgstr ""
#: en_US/selinux-faq.xml:1819(para)
msgid "Your help is definitely appreciated."
msgstr ""
#: en_US/selinux-faq.xml:1824(para)
msgid "You can start by joining the &FED;&SEL; mailing list. You can subscribe and read the archives at <ulink url=\"http://www.redhat.com/mailman/listinfo/fedora-selinux-list\"/>."
msgstr ""
#: en_US/selinux-faq.xml:1831(para)
msgid "The Unofficial FAQ has some generic policy writing HOWTO information. Refer to <ulink url=\"http://sourceforge.net/docman/display_doc.php?docid=14882&group_id=21266#BSP.1\"/> for more information."
msgstr ""
#: en_US/selinux-faq.xml:1839(para)
msgid "Another new resource is the Writing SE Linux policy HOWTO, located online at <ulink url=\"https://sourceforge.net/docman/display_doc.php?docid=21959&group_id=21266\"/>."
msgstr ""
#: en_US/selinux-faq.xml:1846(para)
msgid "Also, since the &FC;&LOCALVER; policy is based on the <xref linkend=\"faq-entry-whatis-refpolicy\"/>, you should look at the documentation on its project page. Another excellent source of information is the policy files in <filename>/usr/share/doc/selinux-policy-<replaceable>>version<</replaceable></filename> which shows examples of policy."
msgstr ""
#: en_US/selinux-faq.xml:1854(para)
msgid "If you want to create a new policy domain, you can look at the interface files in the <filename>/usr/share/selinux/devel</filename> sub-directories. There is also a tool there to help you get started. The following procedure is an example:"
msgstr ""
#: en_US/selinux-faq.xml:1863(para)
msgid "Use the <command>policygentool</command> command to generate your own <filename>te</filename>, <filename>fc</filename> and <filename>if</filename> files. The <command>policygentool</command> command takes two parameters: the name of the policy module and the full path to the executable. The following command gives a usage example:"
msgstr ""
#: en_US/selinux-faq.xml:1872(replaceable)
msgid "mydaemon /usr/sbin/mydaemon"
msgstr ""
#: en_US/selinux-faq.xml:1872(command)
msgid "policygentool <placeholder-1/>"
msgstr ""
#: en_US/selinux-faq.xml:1874(para)
msgid "It will prompt you for a few common domain characteristics, and will create three files: <filename>mydaemon.te</filename>, <filename>mydaemon.fc</filename> and <filename>mydaemon.if</filename>."
msgstr ""
#: en_US/selinux-faq.xml:1883(para)
msgid "After you generate the policy files, use the supplied Makefile, <filename>/usr/share/selinux/devel/Makefile</filename>, to build a policy package (<filename>mydaemon.pp</filename>):"
msgstr ""
#: en_US/selinux-faq.xml:1891(command)
msgid "make -f /usr/share/selinux/refpolicy/Makefile"
msgstr ""
#: en_US/selinux-faq.xml:1895(para)
msgid "Now you can load the policy module, using <command>semodule</command>, and relabel the executable using <command>restorecon</command>:"
msgstr ""
#: en_US/selinux-faq.xml:1901(replaceable)
msgid "mydaemon.pp"
msgstr ""
#: en_US/selinux-faq.xml:1901(command)
msgid "semodule -i <placeholder-1/>"
msgstr ""
#: en_US/selinux-faq.xml:1902(replaceable)
msgid "/usr/sbin/mydaemon"
msgstr ""
#: en_US/selinux-faq.xml:1902(command)
msgid "restorecon -v <placeholder-1/>"
msgstr ""
#: en_US/selinux-faq.xml:1906(para)
msgid "Since you have very limited policy for your executeable, SELinux will prevent it from doing much. Turn on permissive mode and then use the init script to start your daemon:"
msgstr ""
#: en_US/selinux-faq.xml:1912(command)
msgid "setenforce 0"
msgstr ""
#: en_US/selinux-faq.xml:1913(replaceable)
msgid "mydaemon"
msgstr ""
#: en_US/selinux-faq.xml:1913(command)
msgid "service <placeholder-1/> restart"
msgstr ""
#: en_US/selinux-faq.xml:1917(para)
msgid "Now you can collect avc messages. You can use <command>audit2allow</command> to translate the avc messages to allow rules and begin updating your <filename>mydaemon.te</filename> file. You should search for interface macros in the <filename>/usr/share/selinux/devel/include</filename> directory and use these instead of using the allow rules directly, whenever possible. <command>audit2allow -R</command> will attempt to find interfaces that match the allow rule. If you want more examples of polcy, you could always install the selinux-policy src rpm, which contains all of the policy te files for the reference policy."
msgstr ""
#: en_US/selinux-faq.xml:1935(para)
msgid "My console is being flooded with messages. How do I turn them off?"
msgstr ""
#: en_US/selinux-faq.xml:1941(para)
msgid "To regain useful control, turn off kernel messages to the console with this command:"
msgstr ""
#: en_US/selinux-faq.xml:1946(command)
msgid "dmesg -n 1"
msgstr ""
#: en_US/selinux-faq.xml:1952(para)
msgid "Can I test the default policy without installing the policy source?"
msgstr ""
#: en_US/selinux-faq.xml:1958(para)
msgid "You can test &SEL; default policy by installing just the <filename>selinux-policy-<replaceable>policyname</replaceable></filename> and <filename>policycoreutils</filename> packages. Without the policy source installed, the <command>fixfiles</command> command automates the file system relabeling."
msgstr ""
#: en_US/selinux-faq.xml:1965(para)
msgid "The command <command>fixfiles relabel</command> is the equivalent of <command>make relabel</command>. During the relabeling, it will delete all of the files in <filename>/tmp</filename>, cleaning up files which may have old file context labels."
msgstr ""
#: en_US/selinux-faq.xml:1971(para)
msgid "Other commands are <command>fixfiles check</command>, which checks for mislabeled files, and <command>fixfiles restore</command>, which fixes the mislabeled files but does not delete the files in <filename>/tmp</filename>. The <command>fixfiles</command> command does not take a list of directories as an argument, because it relabels the entire file system. If you need to relabel a specific directory path, use <command>restorecon</command>."
msgstr ""
#: en_US/selinux-faq.xml:1985(para)
msgid "Why are some of my KDE applications having trouble under &SEL;?"
msgstr ""
#: en_US/selinux-faq.xml:1990(para)
msgid "KDE executables always appear as <command>kdeinit</command>, which limits what can be done with &SEL; policy. This is because every KDE application runs in the domain for <command>kdeinit</command>."
msgstr ""
#: en_US/selinux-faq.xml:1995(para)
msgid "Problems often arise when installing &SEL; because it is not possible to relabel <filename>/tmp</filename> and <filename>/var/tmp</filename>. There is no good method of determining which file should have which context."
msgstr ""
#: en_US/selinux-faq.xml:2001(para)
msgid "The solution is to fully log out of KDE and remove all KDE temporary files:"
msgstr ""
#: en_US/selinux-faq.xml:2006(replaceable)
msgid "<username>"
msgstr ""
#: en_US/selinux-faq.xml:2007(replaceable)
msgid "<other_kde_files>"
msgstr ""
#: en_US/selinux-faq.xml:2006(command)
msgid "rm -rf /var/tmp/kdecache-<placeholder-1/> rm -rf /var/tmp/<placeholder-2/>"
msgstr ""
#: en_US/selinux-faq.xml:2009(para)
msgid "At your next login, your problem should be fixed."
msgstr ""
#: en_US/selinux-faq.xml:2016(para)
msgid "Why does <option>SELINUX=disabled</option> not work for me?"
msgstr ""
#: en_US/selinux-faq.xml:2021(para)
msgid "Be careful of white space in the file <filename>/etc/sysconfig/selinux</filename>. The code is very sensitive to white space, even trailing space."
msgstr ""
#: en_US/selinux-faq.xml:2030(para)
msgid "I have a process running as <computeroutput>unconfined_t</computeroutput>, and &SEL; is still preventing my application from running."
msgstr ""
#: en_US/selinux-faq.xml:2037(para)
msgid "We have begun to confine the <computeroutput>unconfined_t</computeroutput> domain somewhat. SELinux restricts certain memory protection operation. Following is a list of those denials, as well as possible reasons and solutions for those denials. For more information on these restrictions, see <ulink url=\"http://people.redhat.com/drepper/selinux-mem.html\"/>."
msgstr ""
#: en_US/selinux-faq.xml:2048(computeroutput)
#, no-wrap
msgid "execmod"
msgstr ""
#: en_US/selinux-faq.xml:2050(para)
msgid "This is usually based on a library label. You can change the context on the library with the <command>chcon -t testrel_shlib_t <replaceable>LIBRARY</replaceable></command>. Now your application can run. Please report this as a bugzilla."
msgstr ""
#: en_US/selinux-faq.xml:2060(computeroutput)
#, no-wrap
msgid "execstack"
msgstr ""
#: en_US/selinux-faq.xml:2062(para)
msgid "Attempt to <command>execstack -c <replaceable>LIBRARY</replaceable></command>. Now try your application again. If the application now works, the library was mistakenly marked as requiring <computeroutput>execstack</computeroutput>. Please report this as a bugzilla."
msgstr ""
#: en_US/selinux-faq.xml:2073(computeroutput)
#, no-wrap
msgid "execmem, execheap"
msgstr ""
#: en_US/selinux-faq.xml:2075(para)
msgid "A boolean for each one of these memory check errors have been provided. So if you need to run an application requiring either of these permissions, you can set the boolean allow_exec* to fix the problem. For instance if you try to run an application and you get an AVC message containing an <computeroutput>execstack</computeroutput> failure. You can set the boolean with"
msgstr ""
#: en_US/selinux-faq.xml:2085(command)
msgid "setsebool -P allow_execstack=1"
msgstr ""
#: en_US/selinux-faq.xml:2094(para)
msgid "What do these rpm errors mean?"
msgstr ""
#: en_US/selinux-faq.xml:2100(computeroutput)
#, no-wrap
msgid "genhomedircon: Warning! No support yet for expanding ROLE macros in the /etc/selinux/mls/contexts/files/homedir_template file when using libsemanage. \ngenhomedircon: You must manually update file_contexts.homedirs for any non-user_r users (including root)."
msgstr ""
#: en_US/selinux-faq.xml:2103(para)
msgid "Some of the interfaces are not complete yet for selinux. Most users should not care about this warning. It will only affect you if you are running the policy package that is reporting the problem and have non standard SELinux role/user combinations. IE You are using some custom policy."
msgstr ""
#: en_US/selinux-faq.xml:2111(computeroutput)
#, no-wrap
msgid "restorecon reset /etc/modprobe.conf context system_u:object_r:etc_runtime_t->system_u:object_r:modules_conf_t\nrestorecon reset /etc/cups/ppd/homehp.ppd context user_u:object_r:cupsd_etc_t->system_u:object_r:cupsd_rw_etc_t"
msgstr ""
#: en_US/selinux-faq.xml:2114(para)
msgid "During the update process, the selinux package runs restorecon on the difference between the previously install policy file_context and the newly install policy context. This maintains the correct file context on disk."
msgstr ""
#: en_US/selinux-faq.xml:2121(computeroutput)
#, no-wrap
msgid "libsepol.sepol_genbools_array: boolean hidd_disable_trans no longer in policy"
msgstr ""
#: en_US/selinux-faq.xml:2123(para)
msgid "This indicates that the updated policy has removed the boolean from policy."
msgstr ""
#: en_US/selinux-faq.xml:2131(para)
msgid "I want to run a daemon on a non standard port but &SEL; will not allow me. How do get this to work?"
msgstr ""
#: en_US/selinux-faq.xml:2137(para)
msgid "You can use the <command>semanage</command> command to define additional ports. So say you want httpd to be able to listen on port 8082. You could enter the command."
msgstr ""
#: en_US/selinux-faq.xml:2143(command)
msgid "semanage port -a -p tcp -t http_port_t 8082"
msgstr ""
#: en_US/selinux-faq.xml:2149(para)
msgid "How do I add additional translations to my MCS/MLS system?"
msgstr ""
#: en_US/selinux-faq.xml:2154(para)
msgid "Translations are handled through libsemanage. Use <command>semanage translation -l</command> to list all current translations."
msgstr ""
#: en_US/selinux-faq.xml:2160(computeroutput)
#, no-wrap
msgid "# semanage translation -l\nLevel Translation\n\ns0\ns0-s0:c0.c255 SystemLow-SystemHigh\ns0:c0.c255 SystemHigh"
msgstr ""
#: en_US/selinux-faq.xml:2167(para)
msgid "Now pick an unused category. Say you wanted to add Payroll as a translation, and s0:c6 is unused."
msgstr ""
#: en_US/selinux-faq.xml:2172(computeroutput)
#, no-wrap
msgid "# semanage translation -a -T Payroll s0:c6\n# semanage translation -l\nLevel Translation\n\ns0\ns0-s0:c0.c255 SystemLow-SystemHigh\ns0:c0.c255 SystemHigh\ns0:c6 Payroll"
msgstr ""
#: en_US/selinux-faq.xml:2185(para)
msgid "I have setup my MCS/MLS translations, now I want to designate which users can read a given category?"
msgstr ""
#: en_US/selinux-faq.xml:2191(para)
msgid "You can modify the range of categories a user can login with by using <command>semanage</command>, as seen in this example."
msgstr ""
#: en_US/selinux-faq.xml:2196(computeroutput)
#, no-wrap
msgid "# semanage login -a -r s0-Payroll csellers\n# semanage login -l\n\nLogin Name SELinux User MLS/MCS Range \n\n__default__ user_u s0 \ncsellers user_u s0-Payroll \nroot root SystemLow-SystemHigh"
msgstr ""
#: en_US/selinux-faq.xml:2205(para)
msgid "In the above example, the user csellers was given access to the <computeroutput>Payroll</computeroutput> category with the first command, as indicated in the listing output from the second command."
msgstr ""
#: en_US/selinux-faq.xml:2215(para)
msgid "I am writing an php script that needs to create temporary files in <filename>/tmp</filename> and then execute them, SELinux policy is preventing this. What should I do?"
msgstr ""
#: en_US/selinux-faq.xml:2222(para)
msgid "You should avoid having system applications writing to the <filename>/tmp</filename> directory, since users tend to use the <filename>/tmp</filename> directory also. It would be better to create a directory elsewhere which could be owned by the apache process and allow your script to write to it. You should label the directory <computeroutput>httpd_sys_script_rw_t</computeroutput>."
msgstr ""
#: en_US/selinux-faq.xml:2234(para)
msgid "I am setting up swapping to a file, but I am seeing AVC messages in my log files?"
msgstr ""
#: en_US/selinux-faq.xml:2240(para)
msgid "You need to identify the swapfile to SELinux by setting its file context to <computeroutput>swapfile_t</computeroutput>."
msgstr ""
#: en_US/selinux-faq.xml:2245(replaceable)
msgid "SWAPFILE"
msgstr ""
#: en_US/selinux-faq.xml:2245(command)
msgid "chcon -t swapfile_t <placeholder-1/>"
msgstr ""
#: en_US/selinux-faq.xml:2251(para)
msgid "Please explain the <computeroutput>relabelto</computeroutput>/<computeroutput>relabelfrom</computeroutput> permissions?"
msgstr ""
#: en_US/selinux-faq.xml:2258(para)
msgid "For files, <computeroutput>relabelfrom</computeroutput> means \"Can domain D relabel a file from (i.e. currently in) type T1?\" and <computeroutput>relabelto</computeroutput> means \"Can domain D relabel a file to type T2?\", so both checks are applied upon a file relabeling, where T1 is the original type of the type and T2 is the new type specified by the program."
msgstr ""
#: en_US/selinux-faq.xml:2266(para)
msgid "Useful documents to look at:"
msgstr ""
#: en_US/selinux-faq.xml:2271(para)
msgid "Object class and permission summary by Tresys <ulink url=\"http://tresys.com/selinux/obj_perms_help.shtml\"/>"
msgstr ""
#: en_US/selinux-faq.xml:2277(para)
msgid "Implementing SELinux as an LSM technical report (describes permission checks on a per-hook basis) <ulink url=\"http://www.nsa.gov/selinux/papers/module-abs.cfm\"/>. This is also available in the selinux-doc package (and more up-to-date there)."
msgstr ""
#: en_US/selinux-faq.xml:2286(para)
msgid "Integrating Flexible Support for Security Policies into the Linux Operating System - technical report (describes original design and implementation, including summary tables of classes, permissions, and what permission checks are applied to what system calls. It is not entirely up-to-date with current implementation, but a good resource nonetheless). <ulink url=\"http://www.nsa.gov/selinux/papers/slinux-abs.cfm\"/>"
msgstr ""
#: en_US/selinux-faq.xml:2302(para)
msgid "Where are &SEL; AVC messages (denial logs, etc.) stored?"
msgstr ""
#: en_US/selinux-faq.xml:2307(para)
msgid "In &FC; 2 and 3, SELinux AVC messages could be found in <filename>/var/log/messages</filename>. In &FC; 4, the audit daemon was added, and these messages moved to <filename>/var/log/audit/audit.log</filename>. In &FC; 5, the audit daemon is not installed by default, and consequently these messages can be found in <filename>/var/log/messages</filename> unless you choose to install the audit daemon, in which case AVC messages will be in <filename>/var/log/audit/audit.log</filename>."
msgstr ""
#: en_US/selinux-faq.xml:2323(title)
msgid "Deploying &SEL;"
msgstr ""
#: en_US/selinux-faq.xml:2326(para)
msgid "What file systems can I use for &SEL;?"
msgstr ""
#: en_US/selinux-faq.xml:2331(para)
msgid "The file system must support <computeroutput>xattr</computeroutput> labels in the right <parameter>security.*</parameter> namespace. In addition to ext2/ext3, XFS has recently added support for the necessary labels."
msgstr ""
#: en_US/selinux-faq.xml:2338(para)
msgid "Note that XFS SELinux support is broken in upstream kernel 2.6.14 and 2.6.15, but fixed (worked around) in 2.6.16. Your kernel must include this fix if you choose to use XFS with &SEL;."
msgstr ""
#: en_US/selinux-faq.xml:2348(para)
msgid "How does &SEL; impact system performance?"
msgstr ""
#: en_US/selinux-faq.xml:2353(para)
msgid "This is a variable that is hard to measure, and is heavily dependent on the tuning and usage of the system running &SEL;. When performance was last measured, the impact was around 7% for completely untuned code. Subsequent changes in system components such as networking are likely to have made that worse in some cases. &SEL; performance tuning continues to be a priority of the development team."
msgstr ""
#: en_US/selinux-faq.xml:2366(para)
msgid "What types of deployments, applications, and systems should I leverage &SEL; in?"
msgstr ""
#: en_US/selinux-faq.xml:2372(para)
msgid "Initially, &SEL; has been used on Internet facing servers that are performing a few specialized functions, where it is critical to keep extremely tight security. Administrators typically strip such a box of all extra software and services, and run a very small, focused set of services. A Web server or mail server is a good example."
msgstr ""
#: en_US/selinux-faq.xml:2380(para)
msgid "In these edge servers, you can lock down the policy very tightly. The smaller number of interactions with other components makes such a lockdown easier. A dedicated system running a specialized third-party application would also be a good candidate."
msgstr ""
#: en_US/selinux-faq.xml:2386(para)
msgid "In the future, &SEL; will be targeted at all environments. In order to achieve this goal, the community and <firstterm>independent software vendors</firstterm> (<abbrev>ISV</abbrev>s) must work with the &SEL; developers to produce the necessary policy. So far, a very restrictive <firstterm>strict policy</firstterm> has been written, as well as a <firstterm>targeted policy</firstterm> that focuses on specific, vulnerable daemons."
msgstr ""
#: en_US/selinux-faq.xml:2396(para)
msgid "For more information about these policies, refer to <xref linkend=\"qa-whatis-policy\"/> and <xref linkend=\"qa-whatis-targeted-policy\"/>."
msgstr ""
#: en_US/selinux-faq.xml:2404(para)
msgid "How does &SEL; affect third-party applications?"
msgstr ""
#: en_US/selinux-faq.xml:2409(para)
msgid "One goal of implementing a targeted &SEL; policy in &FC; is to allow third-party applications to work without modification. The targeted policy is transparent to those unaddressed applications, and it falls back on standard Linux DAC security. These applications, however, will not be running in an extra-secure manner. You or another provider must write policy to protect these applications with MAC security."
msgstr ""
#: en_US/selinux-faq.xml:2418(para)
msgid "It is impossible to predict how every third-party application might behave with &SEL;, even running the targeted policy. You may be able to fix issues that arise by changing the policy. You may find that &SEL; exposes previously unknown security issues with your application. You may have to modify the application to work under &SEL;."
msgstr ""
#: en_US/selinux-faq.xml:2426(para)
msgid "Note that with the addition of <xref linkend=\"faq-entry-whatare-policy-modules\"/>, it is now possible for third-party developers to include policy modules with their application. If you are a third-party developer or a package-maintainer, please consider including a policy module in your package. This will allow you to secure the behavior of your application with the power of &SEL; for any user insalling your package."
msgstr ""
#: en_US/selinux-faq.xml:2436(para)
msgid "One important value that &FC; testers and users bring to the community is extensive testing of third-party applications. With that in mind, please bring your experiences to the appropriate mailing list, such as the fedora-selinux list, for discussion. For more information about that list, refer to <ulink url=\"http://www.redhat.com/mailman/listinfo/fedora-selinux-list/\"/>."
msgstr ""
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2.
#: en_US/selinux-faq.xml:0(None)
msgid "translator-credits"
msgstr "José Nuno Pires <jncp at netcabo.pt>, 2006"
More information about the docs-commits
mailing list