Branch 'f13' - zh-CN/Security.po

Thu Apr 1 02:17:27 UTC 2010

zh-CN/Security.po |  231 +++++++++++-------------------------------------------
 1 file changed, 49 insertions(+), 182 deletions(-)

New commits:
commit 5895668849d6c1a211b2e124b8ada7d1c42e6f77
Author: tiansworld <tiansworld at fedoraproject.org>
Date:   Thu Apr 1 02:17:25 2010 +0000

    l10n: Updates to Chinese (China) (zh_CN) translation
    
    Transmitted-via: Transifex (translate.fedoraproject.org)

diff --git a/zh-CN/Security.po b/zh-CN/Security.po
index c1e0d6d..b3ac6b4 100644
--- a/zh-CN/Security.po
+++ b/zh-CN/Security.po
@@ -5,7 +5,7 @@
 # Leah Liu <lliu at redhat.com>, 2008, 2009.
 # Tian Shixiong <tiansworld at gmail.com>, 2008, 2009.
 # microcai <microcai at sina.com>, 2009
-#
+# 
 msgid ""
 msgstr ""
 "Project-Id-Version: docs-release-notes.f12-tx\n"
@@ -23,141 +23,78 @@ msgstr ""
 msgid "Security"
 msgstr "å®‰å…¨æ€§"
 
-#. Tag: title
-#, no-c-format
-msgid "Dogtag Certificate System"
-msgstr ""
-
 #. Tag: para
 #, no-c-format
-msgid ""
-"<firstterm>Dogtag Certificate System</firstterm> (DGS) is an enterprise-"
-"class open-source <firstterm>Certificate Authority</firstterm> (CA) "
-"supporting all aspects of certificate lifecycle management including "
-"<firstterm>Certificate Authority</firstterm> (CA), <firstterm>Data Recovery "
-"Manager</firstterm> (DRM), <firstterm>Online Certificate Status Protocol</"
-"firstterm> (OCSP) Manager, <firstterm>Registration Authorit</firstterm>y "
-"(RA), <firstterm>Token Key Service</firstterm> (TKS), <firstterm>Token "
-"Processing System</firstterm> (TPS) and smartcard management, through "
-"<firstterm>Enterprise Security Client</firstterm> (ESC)."
-msgstr ""
+msgid "<firstterm>Dogtag Certificate System</firstterm> (DGS) is an enterprise-class open-source <firstterm>Certificate Authority</firstterm> (CA) supporting all aspects of certificate lifecycle management including <firstterm>Certificate Authority</firstterm> (CA), <firstterm>Data Recovery Manager</firstterm> (DRM), <firstterm>Online Certificate Status Protocol</firstterm> (OCSP) Manager, <firstterm>Registration Authorit</firstterm>y (RA), <firstterm>Token Key Service</firstterm> (TKS), <firstterm>Token Processing System</firstterm> (TPS) and smartcard management, through <firstterm>Enterprise Security Client</firstterm> (ESC)."
+msgstr "<firstterm>Dogtag Certificate System</firstterm> (DGS)æ˜¯ä¸€ä¸ªä¼ä¸šçº§çš„å¼€æº<firstterm>è®¤è¯æŽˆæƒ</firstterm> (CA)ï¼Œå®ƒé€šè¿‡<firstterm>ä¼ä¸šå®‰å…¨å®¢æˆ·ç«¯</firstterm> (ESC)å¯æ”¯æŒå„ç§è®¤è¯å‘¨æœŸç®¡ç†ï¼ŒåŒ…æ‹¬<firstterm>è®¤è¯æŽˆæƒ</firstterm> (CA)ã€<firstterm>æ•°æ®æ¢å¤ç®¡ç†å™¨</firstterm> (DRM)ã€<firstterm>åœ¨çº¿è®¤è¯çŠ¶æ€åè®®</firstterm> (OCSP) ç®¡ç†å™¨ã€<firstterm>æ³¨å†Œè®¤è¯</firstterm> (RA)ã€<firstterm>ä»¤ç‰Œå¯†åŒ™æœåŠ¡</firstterm> (TKS)ã€<firstterm>ä»¤ç‰Œå¤„ç†ç³»ç»Ÿ</firstterm> (TPS) ä»¥åŠæ™ºèƒ½å¡ç®¡ç†ã€‚ "
 
-#. Tag: para
+#. Tag: title
 #, no-c-format
-msgid ""
-"Refer to the <citetitle>Dogtag Certificate System</citetitle> page on the "
-"Fedora wiki for additional details â€” <ulink url=\"http://fedoraproject.org/w/"
-"index.php?title=Features/DogtagCertificateSystem\" />."
-msgstr ""
+msgid "Dogtag Certificate System"
+msgstr "Dogtagè®¤è¯ç³»ç»Ÿ"
 
 #. Tag: title
 #, no-c-format
 msgid "modprobe Whitelist"
-msgstr ""
+msgstr "modprobeç™½åå•"
 
 #. Tag: para
 #, no-c-format
-msgid ""
-"<application>modprobe</application> Whitelist allows system administrators "
-"in high-security situations to limit the modules loaded by "
-"<application>modprobe</application> to a specific list of modules configured "
-"by the administrator. This limit makes it impossible for unprivileged users "
-"to exploit vulnerabilities in modules that are not ordinarily used, for "
-"example, by attaching hardware. The amount of potentially vulnerable code "
-"that can run in the kernel is therefore limited."
-msgstr ""
+msgid "Refer to the <citetitle>Dogtag Certificate System</citetitle> page on the Fedora wiki for additional details â€” <ulink url=\"http://fedoraproject.org/w/index.php?title=Features/DogtagCertificateSystem\" />."
+msgstr "æŸ¥çœ‹Fedora wikiçš„<citetitle>Dogtag Certificate System</citetitle>é¡µé¢äº†è§£è¯¦æƒ… â€” <ulink url=\"http://fedoraproject.org/w/index.php?title=Features/DogtagCertificateSystem\" />ã€‚"
 
 #. Tag: para
 #, no-c-format
-msgid ""
-"<application>modprobe</application> can also run specified commands instead "
-"of loading a module (using the <command>install</command> configuration "
-"directive); this is restricted using the same whitelist as well. To help "
-"system administrators compile the whitelist, additional functionality is "
-"added to <application>modprobe</application>: it will be possible to log all "
-"information (similar to using <command>modprobe&nbsp;-v</command>) to a "
-"specified file, including <application>modprobe</application> actions run in "
-"the <application>dracut</application> <filename>initrd</filename>. A script "
-"will be provided that compiles a proposed whitelist from the logged data."
-msgstr ""
+msgid "<application>modprobe</application> can also run specified commands instead of loading a module (using the <command>install</command> configuration directive); this is restricted using the same whitelist as well. To help system administrators compile the whitelist, additional functionality is added to <application>modprobe</application>: it will be possible to log all information (similar to using <command>modprobe&nbsp;-v</command>) to a specified file, including <application>modprobe</application> actions run in the <application>dracut</application> <filename>initrd</filename>. A script will be provided that compiles a proposed whitelist from the logged data."
+msgstr "<application>modprobe</application>é™¤åŠ è½½æ¨¡å—å¤–ä¹Ÿå¯ä»¥è¿è¡Œç‰¹å®šçš„å‘½ä»¤(ä½¿ç”¨<command>install</command>é…ç½®ç®¡ç†)ï¼›è¿™å¯ä»¥é€šè¿‡åŒä¸€ä¸ªç™½åå•åšé™åˆ¶ã€‚ä¸ºäº†è®©ç³»ç»Ÿç®¡ç†å‘˜ç¼–è¯‘ç™½åå•ï¼Œ<application>modprobe</application>åŠ å…¥äº†é¢å¤–çš„åŠŸèƒ½ï¼šå®ƒå¯ä»¥æŠŠæ‰€æœ‰ä¿¡æ¯(ç±»ä¼¼äºŽç”¨<command>modprobe&nbsp;-v</command>)è®°å½•åˆ°æŒ‡å®šæ–‡ä»¶ï¼ŒåŒ…æ‹¬<application>dracut</application> <filename>initrd</filename>ä¸<application>modprobe</application>çš„åŠ¨ä½œã€‚æœ‰è„šæœ¬å¯ç”¨æ¥ä»Žæ—¥å¿—æ•°æ®ä¸ç¼–è¯‘ç™½åå•ã€‚"
 
 #. Tag: para
 #, no-c-format
-msgid ""
-"Use this whitelist to reduce the kernel-space attack surface considerably "
-"and avoid risk of vulnerabilities in rarely-used kernel-mode code. A sample "
-"desktop Fedora system currently has 79 modules loaded, out of 1964 available "
-"modules (4%). When counting code size, and the main kernel file (<filename>/"
-"boot/vmlinuz*</filename>) is included, the sample desktop system runs 8.36 "
-"MB of kernel-space code, out of 34.66 MB available (24%)."
-msgstr ""
+msgid "<application>modprobe</application> Whitelist allows system administrators in high-security situations to limit the modules loaded by <application>modprobe</application> to a specific list of modules configured by the administrator. This limit makes it impossible for unprivileged users to exploit vulnerabilities in modules that are not ordinarily used, for example, by attaching hardware. The amount of potentially vulnerable code that can run in the kernel is therefore limited."
+msgstr "<application>modprobe</application>ç™½åå•å¯è®©ç®¡ç†å‘˜åœ¨é«˜å®‰å…¨çŽ¯å¢ƒä¸‹æŠŠ<application>modprobe</application>åŠ è½½çš„æ¨¡å—é™åˆ¶åœ¨ç®¡ç†å‘˜é…ç½®å¥½çš„æ¨¡å—åˆ—è¡¨å†…ã€‚è¿™ä¸€é™åˆ¶ä½¿æœªç»æŽˆæƒçš„ç”¨æˆ·æ— æ³•å†åˆ©ç”¨ä¸å¸¸ç”¨çš„æ¨¡å—(å¦‚é™„åŠ ç¡¬ä»¶)ä¸çš„æ¼æ´žã€‚å› æ¤ä¹Ÿå°±é™åˆ¶äº†å¯è¿è¡ŒäºŽå†…æ ¸ä¸çš„æ½œåœ¨æ¼æ´žä»£ç çš„æ•°é‡ã€‚"
 
 #. Tag: para
 #, no-c-format
-msgid ""
-"Refer to the <citetitle>Modprobe Whitelist </citetitle> feature page on the "
-"Fedora wiki for a more complete description of this feature: <ulink url="
-"\"http://fedoraproject.org/w/index.php?title=Features/ModprobeWhitelist\" />"
-msgstr ""
+msgid "Refer to the <citetitle>Modprobe Whitelist </citetitle> feature page on the Fedora wiki for a more complete description of this feature: <ulink url=\"http://fedoraproject.org/w/index.php?title=Features/ModprobeWhitelist\" />"
+msgstr "æ›´å®Œæ•´çš„ä»‹ç»è¯·å‚è€ƒFedora wikiä¸çš„<citetitle>Modprobe Whitelist </citetitle>ç‰¹æ€§é¡µé¢ï¼š<ulink url=\"http://fedoraproject.org/w/index.php?title=Features/ModprobeWhitelist\" />"
 
-#. Tag: title
+#. Tag: para
 #, no-c-format
-msgid "User Account Dialog"
-msgstr ""
+msgid "Use this whitelist to reduce the kernel-space attack surface considerably and avoid risk of vulnerabilities in rarely-used kernel-mode code. A sample desktop Fedora system currently has 79 modules loaded, out of 1964 available modules (4%). When counting code size, and the main kernel file (<filename>/boot/vmlinuz*</filename>) is included, the sample desktop system runs 8.36 MB of kernel-space code, out of 34.66 MB available (24%)."
+msgstr "ä½¿ç”¨ç™½åå•å¯å¤§å¤§å‡å°‘å†…æ ¸ç©ºé—´çš„æ”»å‡»å¹¶å¯é¿å…å¾ˆå°‘ä½¿ç”¨çš„å†…æ ¸æ¨¡å¼ä»£ç æ¼æ´žå¸¦æ¥çš„é£Žé™©ã€‚ä»Žä¸€ä¸ªæ ·æœ¬Fedoraæ¡Œé¢ç³»ç»Ÿæ¥çœ‹ï¼Œå…±åŠ è½½1964ä¸ªå¯ç”¨æ¨¡å—ä¸çš„79ä¸ª(4%)ã€‚æŒ‰ä»£ç é‡è®¡ç®—ï¼ŒåŒ…æ‹¬ä¸»å†…æ ¸æ–‡ä»¶(<filename>/boot/vmlinuz*</filename>)åœ¨å†…ï¼Œæ ·æœ¬æ¡Œé¢ç³»ç»Ÿè¿è¡Œ8.36MBçš„å†…æ ¸ç©ºé—´ä»£ç ï¼Œå 34.66MBæ€»é‡çš„24%ã€‚"
 
 #. Tag: para
 #, no-c-format
-msgid ""
-"A new User Account Dialog is redesigned and implemented to create new users "
-"and edit user-related information in single-user systems or small "
-"deployments. This new dialog supersedes functionality that was previously "
-"available in a variety of tools, such as <application>system-config-user</"
-"application>, <application>gnome-about-me</application>, "
-"<application>gdmsetup</application> and <application>polkit-gnome-"
-"authorization</application>, and makes it available in one place."
-msgstr ""
+msgid "A new User Account Dialog is redesigned and implemented to create new users and edit user-related information in single-user systems or small deployments. This new dialog supersedes functionality that was previously available in a variety of tools, such as <application>system-config-user</application>, <application>gnome-about-me</application>, <application>gdmsetup</application> and <application>polkit-gnome-authorization</application>, and makes it available in one place."
+msgstr "ç”¨æˆ·å¸æˆ·ä¼šè¯ç»è¿‡é‡æ–°è®¾è®¡èƒ½å¤Ÿåœ¨å•ä¸€ç”¨æˆ·ç³»ç»Ÿæˆ–å°éƒ¨ç½²ç³»ç»Ÿä¸Šåˆ›å»ºæ–°ç”¨æˆ·ä»¥åŠä¿®æ”¹ç”¨æˆ·ç›¸å…³ä¿¡æ¯ã€‚æ–°ä¼šè¯åœ¨åŠŸèƒ½ä¸Šä»£æ›¿äº†ä¹‹å‰çš„å‡ ä¸ªå·¥å…·ï¼Œå¦‚<application>system-config-user</application>ã€ <application>gnome-about-me</application>ã€ <application>gdmsetup</application>å’Œ<application>polkit-gnome-authorization</application>ï¼Œä½¿å¾—è¿™äº›åŠŸèƒ½å¯ä»¥åœ¨åŒä¸€ä½ç½®è®¾ç½®ã€‚"
 
-#. Tag: para
+#. Tag: title
 #, no-c-format
-msgid ""
-"The <citetitle>User Account Dialog</citetitle> page on the Fedora wiki "
-"includes more details: <ulink url=\"http://fedoraproject.org/w/index.php?"
-"title=Features/UserAccountDialog\" />"
-msgstr ""
+msgid "User Account Dialog"
+msgstr "ç”¨æˆ·å¸æˆ·ä¼šè¯"
 
 #. Tag: title
 #, no-c-format
 msgid "Policy Kit One"
-msgstr ""
+msgstr "Policy Kit One"
 
 #. Tag: para
 #, no-c-format
-msgid ""
-"<application>PolicyKitOne</application> replaces the old deprecated "
-"<application>PolicyKit </application> and gives KDE users a better "
-"experience of their applications and desktop in general. The Fedora&nbsp;12 "
-"KDE Desktop Edition used <application>Gnome Authentication Agent </"
-"application>. <application>PolicyKitOne</application> makes it possible to "
-"utilize the native KDE authentication agent, <application>KAuth</"
-"application> in Fedora&nbsp;13."
-msgstr ""
+msgid "The <citetitle>User Account Dialog</citetitle> page on the Fedora wiki includes more details: <ulink url=\"http://fedoraproject.org/w/index.php?title=Features/UserAccountDialog\" />"
+msgstr "Fedora wikié¡µé¢<citetitle>User Account Dialog</citetitle>ä»‹ç»äº†æ›´å¤šä¿¡æ¯ï¼š<ulink url=\"http://fedoraproject.org/w/index.php?title=Features/UserAccountDialog\" />"
 
 #. Tag: para
 #, no-c-format
-msgid ""
-"For a complete description of this feature, refer to the <citetitle>KDE "
-"PolicyKit One Qt</citetitle> page on the Fedora wiki: <ulink url=\"http://"
-"fedoraproject.org/w/index.php?title=Features/KDE_PolicyKitOneQt\" />"
-msgstr ""
+msgid "For a complete description of this feature, refer to the <citetitle>KDE PolicyKit One Qt</citetitle> page on the Fedora wiki: <ulink url=\"http://fedoraproject.org/w/index.php?title=Features/KDE_PolicyKitOneQt\" />"
+msgstr "æœ‰å…³æœ¬ç‰¹æ€§çš„å®Œæ•´ä»‹ç»è¯·æŸ¥çœ‹Fedora wikié¡µé¢<citetitle>KDE PolicyKit One Qt</citetitle>ï¼š<ulink url=\"http://fedoraproject.org/w/index.php?title=Features/KDE_PolicyKitOneQt\" />"
+
+#. Tag: para
+#, no-c-format
+msgid "<application>PolicyKitOne</application> replaces the old deprecated <application>PolicyKit </application> and gives KDE users a better experience of their applications and desktop in general. The Fedora&nbsp;12 KDE Desktop Edition used <application>Gnome Authentication Agent </application>. <application>PolicyKitOne</application> makes it possible to utilize the native KDE authentication agent, <application>KAuth</application> in Fedora&nbsp;13."
+msgstr "<application>PolicyKitOne</application>ä»£æ›¿äº†<application>PolicyKit </application>ï¼Œç»™KDEç”¨æˆ·å¸¦æ¥æ›´å¥½åœ°åº”ç”¨ç¨‹åºåŠæ¡Œé¢ä½“éªŒã€‚Fedora&nbsp;12 KDEæ¡Œé¢ç‰ˆä½¿ç”¨<application>Gnome Authentication Agent </application>ã€‚<application>PolicyKitOne</application>è®©Fedora&nbsp;13ä¸çš„<application>KAuth</application>åˆ©ç”¨æœ¬åœ°KDEéªŒè¯ä»£ç†å˜ä¸ºå¯èƒ½ã€‚"
 
-#~ msgid ""
-#~ "This beat is located here: <ulink type=\"http\" url=\"https://"
-#~ "fedoraproject.org/wiki/Docs/Beats/Security\">https://fedoraproject.org/"
-#~ "wiki/Docs/Beats/Security</ulink>"
-#~ msgstr ""
-#~ "è¿™ä¸ª beatä½äºŽï¼š<ulink type=\"http\" url=\"https://fedoraproject.org/wiki/"
-#~ "Docs/Beats/Security\">https://fedoraproject.org/wiki/Docs/Beats/Security</"
-#~ "ulink>"
+#~ msgid "This beat is located here: <ulink type=\"http\" url=\"https://fedoraproject.org/wiki/Docs/Beats/Security\">https://fedoraproject.org/wiki/Docs/Beats/Security</ulink>"
+#~ msgstr "è¿™ä¸ª beatä½äºŽï¼š<ulink type=\"http\" url=\"https://fedoraproject.org/wiki/Docs/Beats/Security\">https://fedoraproject.org/wiki/Docs/Beats/Security</ulink>"
 
 #~ msgid "This section highlights various security items from Fedora."
 #~ msgstr "è¿™ä¸€ç« è®°è¿° Fedora çš„å„ç§å®‰å…¨æ€§é¡¹ç›®ã€‚"
@@ -165,96 +102,26 @@ msgstr ""
 #~ msgid "Lower process capabilities"
 #~ msgstr "ä½Žå¤„ç†èƒ½åŠ›"
 
-#~ msgid ""
-#~ "Daemons running as root have been reviewed and patched to run with lower "
-#~ "process capabilities. This reduces the desirability of using these "
-#~ "daemons for privilege escalation. Additionally, the shadow file "
-#~ "permissions have been changed to <literal>000</literal> and several "
-#~ "directories in <filename>$PATH</filename> have been set to <literal>555</"
-#~ "literal> in order to prevent daemons without <literal>DAC_OVERRIDE</"
-#~ "literal> from being able to access the shadow file or write to the "
-#~ "<filename>$PATH</filename> directories."
-#~ msgstr ""
-#~ "ä»¥rootç”¨æˆ·è¿è¡Œçš„å®ˆæŠ¤è¿›ç¨‹ç»è¿‡å®¡æ ¸å’Œè¡¥ä¸ï¼Œå¼€å§‹ä»¥ä½Žå¤„ç†èƒ½åŠ›è¿è¡Œã€‚è¿™é™ä½Žäº†ä½¿ç”¨"
-#~ "è¿™äº›å®ˆæŠ¤è¿›ç¨‹æå‡æƒé™çš„é£Žé™©ã€‚æ¤å¤–ï¼Œå·å½±æ–‡ä»¶æƒé™æ›´æ”¹ä¸º<literal>000</"
-#~ "literal>ï¼Œ<filename>$PATH</filename>ä¸‹çš„ä¸€äº›ç›®å½•æƒé™è®¾ç½®ä¸º<literal>555</"
-#~ "literal>ï¼Œä»¥é˜²æ¢å®ˆæŠ¤è¿›ç¨‹åœ¨æ²¡æœ‰<literal>DAC_OVERRIDE</literal>æ—¶è®¿é—®å·å½±æ–‡"
-#~ "ä»¶æˆ–å‘<filename>$PATH</filename>ç›®å½•å†™å…¥å†…å®¹ã€‚"
+#~ msgid "Daemons running as root have been reviewed and patched to run with lower process capabilities. This reduces the desirability of using these daemons for privilege escalation. Additionally, the shadow file permissions have been changed to <literal>000</literal> and several directories in <filename>$PATH</filename> have been set to <literal>555</literal> in order to prevent daemons without <literal>DAC_OVERRIDE</literal> from being able to access the shadow file or write to the <filename>$PATH</filename> directories."
+#~ msgstr "ä»¥rootç”¨æˆ·è¿è¡Œçš„å®ˆæŠ¤è¿›ç¨‹ç»è¿‡å®¡æ ¸å’Œè¡¥ä¸ï¼Œå¼€å§‹ä»¥ä½Žå¤„ç†èƒ½åŠ›è¿è¡Œã€‚è¿™é™ä½Žäº†ä½¿ç”¨è¿™äº›å®ˆæŠ¤è¿›ç¨‹æå‡æƒé™çš„é£Žé™©ã€‚æ¤å¤–ï¼Œå·å½±æ–‡ä»¶æƒé™æ›´æ”¹ä¸º<literal>000</literal>ï¼Œ<filename>$PATH</filename>ä¸‹çš„ä¸€äº›ç›®å½•æƒé™è®¾ç½®ä¸º<literal>555</literal>ï¼Œä»¥é˜²æ¢å®ˆæŠ¤è¿›ç¨‹åœ¨æ²¡æœ‰<literal>DAC_OVERRIDE</literal>æ—¶è®¿é—®å·å½±æ–‡ä»¶æˆ–å‘<filename>$PATH</filename>ç›®å½•å†™å…¥å†…å®¹ã€‚"
 
-#~ msgid ""
-#~ "When someone attacks a system, they normally can not do much unless they "
-#~ "can escalate privileges. This feature reduces the number of attack "
-#~ "targets that can be used to escalate privileges. If root processes do not "
-#~ "have all capabilities, they will be harder to use to subvert the system."
-#~ msgstr ""
-#~ "å½“æœ‰äººå…¥ä¾µç³»ç»Ÿæ—¶ï¼Œé™¤éžä»–ä»¬æé«˜äº†è‡ªå·±çš„æƒé™ï¼Œå¦åˆ™ä¸€èˆ¬åšä¸äº†å¤ªå¤šäº‹æƒ…ã€‚æ¤ç‰¹æ€§"
-#~ "é™ä½Žäº†å¯ç”¨æ¥æå‡æƒé™çš„æ”»å‡»ç›®æ ‡æ•°é‡ã€‚å¦‚æžœrootè¿›ç¨‹ä¸åŒ…æ‹¬æ‰€æœ‰èƒ½åŠ›ï¼Œé‚£ä¹ˆä»–ä»¬ä¹Ÿ"
-#~ "å¾ˆéš¾ç ´åç³»ç»Ÿã€‚"
+#~ msgid "When someone attacks a system, they normally can not do much unless they can escalate privileges. This feature reduces the number of attack targets that can be used to escalate privileges. If root processes do not have all capabilities, they will be harder to use to subvert the system."
+#~ msgstr "å½“æœ‰äººå…¥ä¾µç³»ç»Ÿæ—¶ï¼Œé™¤éžä»–ä»¬æé«˜äº†è‡ªå·±çš„æƒé™ï¼Œå¦åˆ™ä¸€èˆ¬åšä¸äº†å¤ªå¤šäº‹æƒ…ã€‚æ¤ç‰¹æ€§é™ä½Žäº†å¯ç”¨æ¥æå‡æƒé™çš„æ”»å‡»ç›®æ ‡æ•°é‡ã€‚å¦‚æžœrootè¿›ç¨‹ä¸åŒ…æ‹¬æ‰€æœ‰èƒ½åŠ›ï¼Œé‚£ä¹ˆä»–ä»¬ä¹Ÿå¾ˆéš¾ç ´åç³»ç»Ÿã€‚"
 
-#~ msgid ""
-#~ "Processes with the root uid can still damage a system, because they can "
-#~ "write to nearly any file and of course read the <filename>/etc/shadow "
-#~ "file</filename>. However, if the system is hardened so that root requires "
-#~ "the <literal>DAC_OVERRIDE</literal> capability, then only a limited "
-#~ "number of processes can damage the system. This will not affect any admin "
-#~ "abilities because they always get full privileges which includes "
-#~ "<literal>DAC_OVERRIDE</literal>. Therefore, even if someone does "
-#~ "successfully attack a root process, it is now harder for them to take "
-#~ "advantage of this attack."
-#~ msgstr ""
-#~ "ç”±äºŽæ‹¥æœ‰root uidçš„è¿›ç¨‹å¯å‘å‡ ä¹Žæ‰€æœ‰çš„æ–‡ä»¶å†™å…¥å¹¶ä¸”å¯ä»¥è¯»å–<filename>/etc/"
-#~ "shadow file</filename>ï¼Œå› æ¤è¿™äº›è¿›ç¨‹ä»å¯èƒ½ä¼šç ´åç³»ç»Ÿã€‚ç„¶è€Œå¦‚æžœå°†ç³»ç»Ÿå¼ºåŒ–ä½¿"
-#~ "å¾—rootéœ€è¦<literal>DAC_OVERRIDE</literal>èƒ½åŠ›ï¼Œé‚£ä¹ˆèƒ½å¤Ÿç ´åç³»ç»Ÿçš„è¿›ç¨‹åªå‰©"
-#~ "å°‘æ•°ã€‚è¿™ä¸ä¼šå¯¹ç®¡ç†èƒ½åŠ›é€ æˆå½±å“ï¼Œå› ä¸ºå®ƒä»¬éƒ½æ‹¥æœ‰åŒ…æ‹¬<literal>DAC_OVERRIDE</"
-#~ "literal>åœ¨å†…çš„å®Œæ•´æƒé™ã€‚å› æ¤å³ä½¿æœ‰äººæˆåŠŸå…¥ä¾µäº†ä¸€ä¸ªrootè¿›ç¨‹ï¼Œä¹Ÿå¾ˆéš¾åˆ©ç”¨æ¤è¿›"
-#~ "ç¨‹åšå‡ºæ›´å¤šç ´åã€‚"
+#~ msgid "Processes with the root uid can still damage a system, because they can write to nearly any file and of course read the <filename>/etc/shadow file</filename>. However, if the system is hardened so that root requires the <literal>DAC_OVERRIDE</literal> capability, then only a limited number of processes can damage the system. This will not affect any admin abilities because they always get full privileges which includes <literal>DAC_OVERRIDE</literal>. Therefore, even if someone does successfully attack a root process, it is now harder for them to take advantage of this attack."
+#~ msgstr "ç”±äºŽæ‹¥æœ‰root uidçš„è¿›ç¨‹å¯å‘å‡ ä¹Žæ‰€æœ‰çš„æ–‡ä»¶å†™å…¥å¹¶ä¸”å¯ä»¥è¯»å–<filename>/etc/shadow file</filename>ï¼Œå› æ¤è¿™äº›è¿›ç¨‹ä»å¯èƒ½ä¼šç ´åç³»ç»Ÿã€‚ç„¶è€Œå¦‚æžœå°†ç³»ç»Ÿå¼ºåŒ–ä½¿å¾—rootéœ€è¦<literal>DAC_OVERRIDE</literal>èƒ½åŠ›ï¼Œé‚£ä¹ˆèƒ½å¤Ÿç ´åç³»ç»Ÿçš„è¿›ç¨‹åªå‰©å°‘æ•°ã€‚è¿™ä¸ä¼šå¯¹ç®¡ç†èƒ½åŠ›é€ æˆå½±å“ï¼Œå› ä¸ºå®ƒä»¬éƒ½æ‹¥æœ‰åŒ…æ‹¬<literal>DAC_OVERRIDE</literal>åœ¨å†…çš„å®Œæ•´æƒé™ã€‚å› æ¤å³ä½¿æœ‰äººæˆåŠŸå…¥ä¾µäº†ä¸€ä¸ªrootè¿›ç¨‹ï¼Œä¹Ÿå¾ˆéš¾åˆ©ç”¨æ¤è¿›ç¨‹åšå‡ºæ›´å¤šç ´åã€‚"
 
-#~ msgid ""
-#~ "A hardened system would have permissions like: <literal>555</literal> "
-#~ "<filename>/bin</filename>, <literal>555</literal> <filename>/lib</"
-#~ "filename>, <literal>000</literal> <filename>/etc/shadow</filename> and so "
-#~ "on. The current scope is to cover the directories in <filename>$PATH</"
-#~ "filename> variable, library dirs, <filename>/boot</filename>, and "
-#~ "<filename>/root</filename>. This scheme does not affect SELinux in any "
-#~ "way and complements it since capabilities are DAC controls and they have "
-#~ "first vote on allowing an access."
-#~ msgstr ""
-#~ "å¼ºåŒ–çš„ç³»ç»Ÿåº”è¯¥æœ‰ç±»ä¼¼çš„æƒé™ï¼š<literal>555</literal> <filename>/bin</"
-#~ "filename>, <literal>555</literal> <filename>/lib</filename>, "
-#~ "<literal>000</literal> <filename>/etc/shadow</filename>ç‰ã€‚å½“å‰èŒƒå›´æ˜¯è¦†ç›–"
-#~ "<filename>$PATH</filename>å˜é‡ä¸‹çš„ç›®å½•ã€åº“ç›®å½•ã€<filename>/boot</filename>"
-#~ "åŠ<filename>/root</filename>ã€‚æ¤æ–¹æ¡ˆä¸ä½†ä¸ä¼šå½±å“SELinuxï¼Œè€Œä¸”ä¼šå¯¹å…¶è¿›è¡Œè¡¥"
-#~ "å……ã€‚å› ä¸ºè¿™äº›èƒ½åŠ›å±žäºŽDAC controlsï¼Œè€Œå®ƒä»¬é¦–å…ˆå†³å®šæ˜¯å¦å…è®¸è®¿é—®ã€‚"
+#~ msgid "A hardened system would have permissions like: <literal>555</literal> <filename>/bin</filename>, <literal>555</literal> <filename>/lib</filename>, <literal>000</literal> <filename>/etc/shadow</filename> and so on. The current scope is to cover the directories in <filename>$PATH</filename> variable, library dirs, <filename>/boot</filename>, and <filename>/root</filename>. This scheme does not affect SELinux in any way and complements it since capabilities are DAC controls and they have first vote on allowing an access."
+#~ msgstr "å¼ºåŒ–çš„ç³»ç»Ÿåº”è¯¥æœ‰ç±»ä¼¼çš„æƒé™ï¼š<literal>555</literal> <filename>/bin</filename>, <literal>555</literal> <filename>/lib</filename>, <literal>000</literal> <filename>/etc/shadow</filename>ç‰ã€‚å½“å‰èŒƒå›´æ˜¯è¦†ç›–<filename>$PATH</filename>å˜é‡ä¸‹çš„ç›®å½•ã€åº“ç›®å½•ã€<filename>/boot</filename>åŠ<filename>/root</filename>ã€‚æ¤æ–¹æ¡ˆä¸ä½†ä¸ä¼šå½±å“SELinuxï¼Œè€Œä¸”ä¼šå¯¹å…¶è¿›è¡Œè¡¥å……ã€‚å› ä¸ºè¿™äº›èƒ½åŠ›å±žäºŽDAC controlsï¼Œè€Œå®ƒä»¬é¦–å…ˆå†³å®šæ˜¯å¦å…è®¸è®¿é—®ã€‚"
 
 #~ msgid "SELinux Sandbox"
 #~ msgstr "SELinux Sandbox"
 
-#~ msgid ""
-#~ "The SELinux sandbox allows a command to be run in a highly constrained "
-#~ "fashion. Unfortunately, the nature of GUI applications is such that it is "
-#~ "very difficult to use this capability on those applications that need it "
-#~ "most."
-#~ msgstr ""
-#~ "SeLinux sandboxå…è®¸å‘½ä»¤ä»¥é«˜é™åˆ¶çš„æ–¹å¼è¿è¡Œã€‚ä¸å¹¸çš„æ˜¯ï¼Œç”±äºŽGUIç¨‹åºçš„ç‰¹æ€§ï¼Œåœ¨"
-#~ "æœ€é‚£äº›éœ€è¦çš„GUIç¨‹åºä¸Šä½¿ç”¨è¿™ä¸ªåŠŸèƒ½æ˜¯éžå¸¸å›°éš¾çš„ã€‚"
+#~ msgid "The SELinux sandbox allows a command to be run in a highly constrained fashion. Unfortunately, the nature of GUI applications is such that it is very difficult to use this capability on those applications that need it most."
+#~ msgstr "SeLinux sandboxå…è®¸å‘½ä»¤ä»¥é«˜é™åˆ¶çš„æ–¹å¼è¿è¡Œã€‚ä¸å¹¸çš„æ˜¯ï¼Œç”±äºŽGUIç¨‹åºçš„ç‰¹æ€§ï¼Œåœ¨æœ€é‚£äº›éœ€è¦çš„GUIç¨‹åºä¸Šä½¿ç”¨è¿™ä¸ªåŠŸèƒ½æ˜¯éžå¸¸å›°éš¾çš„ã€‚"
 
-#~ msgid ""
-#~ "A new <command>sandbox -X</command> command allows many GUI applications "
-#~ "to be tightly constrained. By applying this within some web applications, "
-#~ "a user may specify, for example, that Open Office should run normally "
-#~ "when invoked by the user, but should be constrained when invoked from the "
-#~ "web."
-#~ msgstr ""
-#~ "æ–°å‘½ä»¤<command>sandbox -X</command>å¯ç”¨æ¥é™åˆ¶å¤šä¸ªGUIç¨‹åºã€‚ç”¨æˆ·å¯ä»¥åœ¨æŸäº›ç½‘"
-#~ "ç»œç¨‹åºä¸è¿è¡Œæ¤å‘½ä»¤ï¼Œæ¯”å¦‚Open Officeåœ¨ç”¨æˆ·è°ƒç”¨åŽå¯ä»¥æ£å¸¸è¿è¡Œï¼Œä½†å¦‚æžœç”±ç½‘ç»œ"
-#~ "è°ƒç”¨æ—¶ï¼Œå®ƒä¼šå—åˆ°é™åˆ¶ã€‚"
+#~ msgid "A new <command>sandbox -X</command> command allows many GUI applications to be tightly constrained. By applying this within some web applications, a user may specify, for example, that Open Office should run normally when invoked by the user, but should be constrained when invoked from the web."
+#~ msgstr "æ–°å‘½ä»¤<command>sandbox -X</command>å¯ç”¨æ¥é™åˆ¶å¤šä¸ªGUIç¨‹åºã€‚ç”¨æˆ·å¯ä»¥åœ¨æŸäº›ç½‘ç»œç¨‹åºä¸è¿è¡Œæ¤å‘½ä»¤ï¼Œæ¯”å¦‚Open Officeåœ¨ç”¨æˆ·è°ƒç”¨åŽå¯ä»¥æ£å¸¸è¿è¡Œï¼Œä½†å¦‚æžœç”±ç½‘ç»œè°ƒç”¨æ—¶ï¼Œå®ƒä¼šå—åˆ°é™åˆ¶ã€‚"
 
-#~ msgid ""
-#~ "When run from the SELinux sandbox, a GUI application may only access a "
-#~ "limited directory structure which is destroyed on exit, is denied access "
-#~ "to the network, and runs in an isolated X-server, which prevents it from "
-#~ "accessing other X applications."
-#~ msgstr ""
-#~ "å½“GUIç¨‹åºé€šè¿‡SELinux sandboxè¿è¡ŒåŽï¼Œå®ƒåªèƒ½è¯»å–æœ‰é™çš„ç›®å½•ï¼Œè¿™äº›ç›®å½•åœ¨å…¶é€€å‡º"
-#~ "åŽå°±ä¼šè¢«åˆ é™¤ï¼Œå®ƒä¹Ÿæ— æ³•è®¿é—®ç½‘ç»œï¼Œå¹¶è¿è¡Œåœ¨ä¸€ä¸ªå¤ç«‹çš„X-serverä¸ï¼Œè¿™æ ·å°±é˜»æ¢äº†"
-#~ "å®ƒè¯»å–å…¶å®ƒXç¨‹åºã€‚"
+#~ msgid "When run from the SELinux sandbox, a GUI application may only access a limited directory structure which is destroyed on exit, is denied access to the network, and runs in an isolated X-server, which prevents it from accessing other X applications."
+#~ msgstr "å½“GUIç¨‹åºé€šè¿‡SELinux sandboxè¿è¡ŒåŽï¼Œå®ƒåªèƒ½è¯»å–æœ‰é™çš„ç›®å½•ï¼Œè¿™äº›ç›®å½•åœ¨å…¶é€€å‡ºåŽå°±ä¼šè¢«åˆ é™¤ï¼Œå®ƒä¹Ÿæ— æ³•è®¿é—®ç½‘ç»œï¼Œå¹¶è¿è¡Œåœ¨ä¸€ä¸ªå¤ç«‹çš„X-serverä¸ï¼Œè¿™æ ·å°±é˜»æ¢äº†å®ƒè¯»å–å…¶å®ƒXç¨‹åºã€‚"


