Branch 'f13' - zh-CN/Security.po
Transifex System User
transif at fedoraproject.org
Tue Apr 13 12:42:39 UTC 2010
zh-CN/Security.po | 257 ++++++++----------------------------------------------
1 file changed, 40 insertions(+), 217 deletions(-)
New commits:
commit 926cc1d5c4e372ad9f06b391b46ab3d3fb46ee67
Author: tiansworld <tiansworld at fedoraproject.org>
Date: Tue Apr 13 12:42:35 2010 +0000
l10n: Updates to Chinese (China) (zh_CN) translation
Transmitted-via: Transifex (translate.fedoraproject.org)
diff --git a/zh-CN/Security.po b/zh-CN/Security.po
index 365f2fe..96e43ee 100644
--- a/zh-CN/Security.po
+++ b/zh-CN/Security.po
@@ -5,7 +5,7 @@
# Leah Liu <lliu at redhat.com>, 2008, 2009.
# Tian Shixiong <tiansworld at gmail.com>, 2008, 2009.
# microcai <microcai at sina.com>, 2009
-#
+#
msgid ""
msgstr ""
"Project-Id-Version: docs-release-notes.f12-tx\n"
@@ -29,36 +29,9 @@ msgid "Dogtag Certificate System"
msgstr "Dogtag认è¯ç³»ç»"
#. Tag: para
-#, fuzzy, no-c-format
-msgid ""
-"<firstterm>Dogtag Certificate System</firstterm> (DGS) is an enterprise-"
-"class open-source <firstterm>Certificate Authority</firstterm> (CA) "
-"supporting all aspects of certificate lifecycle management including "
-"<firstterm>Certificate Authority</firstterm> (CA), <firstterm>Data Recovery "
-"Manager</firstterm> (DRM), <firstterm>Online Certificate Status Protocol</"
-"firstterm> (OCSP) Manager, <firstterm>Registration Authority</firstterm> "
-"(RA), <firstterm>Token Key Service</firstterm> (TKS), <firstterm>Token "
-"Processing System</firstterm> (TPS) and smartcard management, through "
-"<firstterm>Enterprise Security Client</firstterm> (ESC)."
-msgstr ""
-"<firstterm>Dogtag Certificate System</firstterm> (DGS)æ¯ä¸ä¸ªä¼ä¸çº§çå¼æº"
-"<firstterm>认è¯ææ</firstterm> (CA)ï¼å®éè¿<firstterm>ä¼ä¸å®å
¨å®¢æ·ç«¯</"
-"firstterm> (ESC)å¯æ¯æåç§è®¤è¯å¨æ管çï¼å
æ¬<firstterm>认è¯ææ</firstterm> "
-"(CA)ã<firstterm>æ°æ®æ¢å¤ç®¡çå¨</firstterm> (DRM)ã<firstterm>å¨çº¿è®¤è¯ç¶æå"
-"è®®</firstterm> (OCSP) 管çå¨ã<firstterm>注å认è¯</firstterm> (RA)ã"
-"<firstterm>令çå¯åæå¡</firstterm> (TKS)ã<firstterm>令çå¤çç³»ç»</"
-"firstterm> (TPS) 以åæºè½å¡ç®¡çã "
-
-#. Tag: para
#, no-c-format
-msgid ""
-"Refer to the <citetitle>Dogtag Certificate System</citetitle> page on the "
-"Fedora wiki for additional details â <ulink url=\"http://fedoraproject.org/w/"
-"index.php?title=Features/DogtagCertificateSystem\" />."
-msgstr ""
-"æ¥çFedora wikiç<citetitle>Dogtag Certificate System</citetitle>页é¢äºè§£è¯¦"
-"æ
â <ulink url=\"http://fedoraproject.org/w/index.php?title=Features/"
-"DogtagCertificateSystem\" />ã"
+msgid "Refer to the <citetitle>Dogtag Certificate System</citetitle> page on the Fedora wiki for additional details â <ulink url=\"http://fedoraproject.org/w/index.php?title=Features/DogtagCertificateSystem\" />."
+msgstr "æ¥çFedora wikiç<citetitle>Dogtag Certificate System</citetitle>页é¢äºè§£è¯¦æ
â <ulink url=\"http://fedoraproject.org/w/index.php?title=Features/DogtagCertificateSystem\" />ã"
#. Tag: title
#, no-c-format
@@ -67,66 +40,23 @@ msgstr "modprobeç½åå"
#. Tag: para
#, no-c-format
-msgid ""
-"<application>modprobe</application> Whitelist allows system administrators "
-"in high-security situations to limit the modules loaded by "
-"<application>modprobe</application> to a specific list of modules configured "
-"by the administrator. This limit makes it impossible for unprivileged users "
-"to exploit vulnerabilities in modules that are not ordinarily used, for "
-"example, by attaching hardware. The amount of potentially vulnerable code "
-"that can run in the kernel is therefore limited."
-msgstr ""
-"<application>modprobe</application>ç½ååå¯è®©ç®¡çåå¨é«å®å
¨ç¯å¢ä¸æ"
-"<application>modprobe</application>å è½½ç模åéå¶å¨ç®¡çåé
置好ç模åå表å
ã"
-"è¿ä¸éå¶ä½¿æªç»ææçç¨æ·æ æ³åå©ç¨ä¸å¸¸ç¨ç模å(å¦éå 硬件)ä¸çæ¼æ´ãå æ¤ä¹å°±"
-"éå¶äºå¯è¿è¡äºå
æ ¸ä¸çæ½å¨æ¼æ´ä»£ç çæ°éã"
+msgid "<application>modprobe</application> Whitelist allows system administrators in high-security situations to limit the modules loaded by <application>modprobe</application> to a specific list of modules configured by the administrator. This limit makes it impossible for unprivileged users to exploit vulnerabilities in modules that are not ordinarily used, for example, by attaching hardware. The amount of potentially vulnerable code that can run in the kernel is therefore limited."
+msgstr "<application>modprobe</application>ç½ååå¯è®©ç®¡çåå¨é«å®å
¨ç¯å¢ä¸æ<application>modprobe</application>å è½½ç模åéå¶å¨ç®¡çåé
置好ç模åå表å
ãè¿ä¸éå¶ä½¿æªç»ææçç¨æ·æ æ³åå©ç¨ä¸å¸¸ç¨ç模å(å¦éå 硬件)ä¸çæ¼æ´ãå æ¤ä¹å°±éå¶äºå¯è¿è¡äºå
æ ¸ä¸çæ½å¨æ¼æ´ä»£ç çæ°éã"
#. Tag: para
#, no-c-format
-msgid ""
-"<application>modprobe</application> can also run specified commands instead "
-"of loading a module (using the <command>install</command> configuration "
-"directive); this is restricted using the same whitelist as well. To help "
-"system administrators compile the whitelist, additional functionality is "
-"added to <application>modprobe</application>: it will be possible to log all "
-"information (similar to using <command>modprobe -v</command>) to a "
-"specified file, including <application>modprobe</application> actions run in "
-"the <application>dracut</application> <filename>initrd</filename>. A script "
-"will be provided that compiles a proposed whitelist from the logged data."
-msgstr ""
-"<application>modprobe</application>é¤å 载模åå¤ä¹å¯ä»¥è¿è¡ç¹å®çå½ä»¤(使ç¨"
-"<command>install</command>é
置管ç)ï¼è¿å¯ä»¥éè¿åä¸ä¸ªç½åååéå¶ã为äºè®©ç³»ç»"
-"管çåç¼è¯ç½ååï¼<application>modprobe</application>å å
¥äºé¢å¤çåè½ï¼å®å¯ä»¥"
-"æææä¿¡æ¯(类似äºç¨<command>modprobe -v</command>)è®°å½å°æå®æ件ï¼å
æ¬"
-"<application>dracut</application> <filename>initrd</filename>ä¸"
-"<application>modprobe</application>çå¨ä½ãæèæ¬å¯ç¨æ¥ä»æ¥å¿æ°æ®ä¸ç¼è¯ç½å"
-"åã"
+msgid "<application>modprobe</application> can also run specified commands instead of loading a module (using the <command>install</command> configuration directive); this is restricted using the same whitelist as well. To help system administrators compile the whitelist, additional functionality is added to <application>modprobe</application>: it will be possible to log all information (similar to using <command>modprobe -v</command>) to a specified file, including <application>modprobe</application> actions run in the <application>dracut</application> <filename>initrd</filename>. A script will be provided that compiles a proposed whitelist from the logged data."
+msgstr "<application>modprobe</application>é¤å 载模åå¤ä¹å¯ä»¥è¿è¡ç¹å®çå½ä»¤(使ç¨<command>install</command>é
置管ç)ï¼è¿å¯ä»¥éè¿åä¸ä¸ªç½åååéå¶ã为äºè®©ç³»ç»ç®¡çåç¼è¯ç½ååï¼<application>modprobe</application>å å
¥äºé¢å¤çåè½ï¼å®å¯ä»¥æææä¿¡æ¯(类似äºç¨<command>modprobe -v</command>)è®°å½å°æå®æ件ï¼å
æ¬<application>dracut</application> <filename>initrd</filename>ä¸<application>modprobe</application>çå¨ä½ãæèæ¬å¯ç¨æ¥ä»æ¥å¿æ°æ®ä¸ç¼è¯ç½ååã"
#. Tag: para
#, no-c-format
-msgid ""
-"Use this whitelist to reduce the kernel-space attack surface considerably "
-"and avoid risk of vulnerabilities in rarely-used kernel-mode code. A sample "
-"desktop Fedora system currently has 79 modules loaded, out of 1964 available "
-"modules (4%). When counting code size, and the main kernel file (<filename>/"
-"boot/vmlinuz*</filename>) is included, the sample desktop system runs 8.36 "
-"MB of kernel-space code, out of 34.66 MB available (24%)."
-msgstr ""
-"使ç¨ç½ååå¯å¤§å¤§åå°å
æ ¸ç©ºé´çæ»å»å¹¶å¯é¿å
å¾å°ä½¿ç¨çå
æ ¸æ¨¡å¼ä»£ç æ¼æ´å¸¦æ¥çé£"
-"é©ãä»ä¸ä¸ªæ ·æ¬Fedoraæ¡é¢ç³»ç»æ¥çï¼å
±å è½½1964个å¯ç¨æ¨¡åä¸ç79个(4%)ãæ代ç é"
-"计ç®ï¼å
æ¬ä¸»å
æ ¸æ件(<filename>/boot/vmlinuz*</filename>)å¨å
ï¼æ ·æ¬æ¡é¢ç³»ç»è¿"
-"è¡8.36MBçå
æ ¸ç©ºé´ä»£ç ï¼å 34.66MBæ»éç24%ã"
+msgid "Use this whitelist to reduce the kernel-space attack surface considerably and avoid risk of vulnerabilities in rarely-used kernel-mode code. A sample desktop Fedora system currently has 79 modules loaded, out of 1964 available modules (4%). When counting code size, and the main kernel file (<filename>/boot/vmlinuz*</filename>) is included, the sample desktop system runs 8.36 MB of kernel-space code, out of 34.66 MB available (24%)."
+msgstr "使ç¨ç½ååå¯å¤§å¤§åå°å
æ ¸ç©ºé´çæ»å»å¹¶å¯é¿å
å¾å°ä½¿ç¨çå
æ ¸æ¨¡å¼ä»£ç æ¼æ´å¸¦æ¥çé£é©ãä»ä¸ä¸ªæ ·æ¬Fedoraæ¡é¢ç³»ç»æ¥çï¼å
±å è½½1964个å¯ç¨æ¨¡åä¸ç79个(4%)ãæ代ç é计ç®ï¼å
æ¬ä¸»å
æ ¸æ件(<filename>/boot/vmlinuz*</filename>)å¨å
ï¼æ ·æ¬æ¡é¢ç³»ç»è¿è¡8.36MBçå
æ ¸ç©ºé´ä»£ç ï¼å 34.66MBæ»éç24%ã"
#. Tag: para
#, no-c-format
-msgid ""
-"Refer to the <citetitle>Modprobe Whitelist </citetitle> feature page on the "
-"Fedora wiki for a more complete description of this feature: <ulink url="
-"\"http://fedoraproject.org/w/index.php?title=Features/ModprobeWhitelist\" />"
-msgstr ""
-"æ´å®æ´çä»ç»è¯·åèFedora wikiä¸ç<citetitle>Modprobe Whitelist </citetitle>ç¹"
-"æ§é¡µé¢ï¼<ulink url=\"http://fedoraproject.org/w/index.php?title=Features/"
-"ModprobeWhitelist\" />"
+msgid "Refer to the <citetitle>Modprobe Whitelist </citetitle> feature page on the Fedora wiki for a more complete description of this feature: <ulink url=\"http://fedoraproject.org/w/index.php?title=Features/ModprobeWhitelist\" />"
+msgstr "æ´å®æ´çä»ç»è¯·åèFedora wikiä¸ç<citetitle>Modprobe Whitelist </citetitle>ç¹æ§é¡µé¢ï¼<ulink url=\"http://fedoraproject.org/w/index.php?title=Features/ModprobeWhitelist\" />"
#. Tag: title
#, no-c-format
@@ -135,31 +65,13 @@ msgstr "ç¨æ·å¸æ·ä¼è¯"
#. Tag: para
#, no-c-format
-msgid ""
-"A new User Account Dialog is redesigned and implemented to create new users "
-"and edit user-related information in single-user systems or small "
-"deployments. This new dialog supersedes functionality that was previously "
-"available in a variety of tools, such as <application>system-config-user</"
-"application>, <application>gnome-about-me</application>, "
-"<application>gdmsetup</application> and <application>polkit-gnome-"
-"authorization</application>, and makes it available in one place."
-msgstr ""
-"ç¨æ·å¸æ·ä¼è¯ç»è¿éæ°è®¾è®¡è½å¤å¨åä¸ç¨æ·ç³»ç»æå°é¨ç½²ç³»ç»ä¸å建æ°ç¨æ·ä»¥åä¿®æ¹ç¨"
-"æ·ç¸å
³ä¿¡æ¯ãæ°ä¼è¯å¨åè½ä¸ä»£æ¿äºä¹åçå 个工å
·ï¼å¦<application>system-config-"
-"user</application>ã <application>gnome-about-me</application>ã "
-"<application>gdmsetup</application>å<application>polkit-gnome-"
-"authorization</application>ï¼ä½¿å¾è¿äºåè½å¯ä»¥å¨åä¸ä½ç½®è®¾ç½®ã"
+msgid "A new User Account Dialog is redesigned and implemented to create new users and edit user-related information in single-user systems or small deployments. This new dialog supersedes functionality that was previously available in a variety of tools, such as <application>system-config-user</application>, <application>gnome-about-me</application>, <application>gdmsetup</application> and <application>polkit-gnome-authorization</application>, and makes it available in one place."
+msgstr "ç¨æ·å¸æ·ä¼è¯ç»è¿éæ°è®¾è®¡è½å¤å¨åä¸ç¨æ·ç³»ç»æå°é¨ç½²ç³»ç»ä¸å建æ°ç¨æ·ä»¥åä¿®æ¹ç¨æ·ç¸å
³ä¿¡æ¯ãæ°ä¼è¯å¨åè½ä¸ä»£æ¿äºä¹åçå 个工å
·ï¼å¦<application>system-config-user</application>ã <application>gnome-about-me</application>ã <application>gdmsetup</application>å<application>polkit-gnome-authorization</application>ï¼ä½¿å¾è¿äºåè½å¯ä»¥å¨åä¸ä½ç½®è®¾ç½®ã"
#. Tag: para
#, no-c-format
-msgid ""
-"The <citetitle>User Account Dialog</citetitle> page on the Fedora wiki "
-"includes more details: <ulink url=\"http://fedoraproject.org/w/index.php?"
-"title=Features/UserAccountDialog\" />"
-msgstr ""
-"Fedora wiki页é¢<citetitle>User Account Dialog</citetitle>ä»ç»äºæ´å¤ä¿¡æ¯ï¼"
-"<ulink url=\"http://fedoraproject.org/w/index.php?title=Features/"
-"UserAccountDialog\" />"
+msgid "The <citetitle>User Account Dialog</citetitle> page on the Fedora wiki includes more details: <ulink url=\"http://fedoraproject.org/w/index.php?title=Features/UserAccountDialog\" />"
+msgstr "Fedora wiki页é¢<citetitle>User Account Dialog</citetitle>ä»ç»äºæ´å¤ä¿¡æ¯ï¼<ulink url=\"http://fedoraproject.org/w/index.php?title=Features/UserAccountDialog\" />"
#. Tag: title
#, no-c-format
@@ -168,40 +80,21 @@ msgstr "Policy Kit One"
#. Tag: para
#, no-c-format
-msgid ""
-"<application>PolicyKitOne</application> replaces the old deprecated "
-"<application>PolicyKit </application> and gives KDE users a better "
-"experience of their applications and desktop in general. The Fedora 12 "
-"KDE Desktop Edition used <application>Gnome Authentication Agent </"
-"application>. <application>PolicyKitOne</application> makes it possible to "
-"utilize the native KDE authentication agent, <application>KAuth</"
-"application> in Fedora 13."
-msgstr ""
-"<application>PolicyKitOne</application>代æ¿äº<application>PolicyKit </"
-"application>ï¼ç»KDEç¨æ·å¸¦æ¥æ´å¥½å°åºç¨ç¨åºåæ¡é¢ä½éªãFedora 12 KDEæ¡é¢ç"
-"使ç¨<application>Gnome Authentication Agent </application>ã"
-"<application>PolicyKitOne</application>让Fedora 13ä¸ç"
-"<application>KAuth</application>å©ç¨æ¬å°KDEéªè¯ä»£çå为å¯è½ã"
+msgid "<application>PolicyKitOne</application> replaces the old deprecated <application>PolicyKit </application> and gives KDE users a better experience of their applications and desktop in general. The Fedora 12 KDE Desktop Edition used <application>Gnome Authentication Agent </application>. <application>PolicyKitOne</application> makes it possible to utilize the native KDE authentication agent, <application>KAuth</application> in Fedora 13."
+msgstr "<application>PolicyKitOne</application>代æ¿äº<application>PolicyKit </application>ï¼ç»KDEç¨æ·å¸¦æ¥æ´å¥½å°åºç¨ç¨åºåæ¡é¢ä½éªãFedora 12 KDEæ¡é¢ç使ç¨<application>Gnome Authentication Agent </application>ã<application>PolicyKitOne</application>让Fedora 13ä¸ç<application>KAuth</application>å©ç¨æ¬å°KDEéªè¯ä»£çå为å¯è½ã"
#. Tag: para
#, no-c-format
-msgid ""
-"For a complete description of this feature, refer to the <citetitle>KDE "
-"PolicyKit One Qt</citetitle> page on the Fedora wiki: <ulink url=\"http://"
-"fedoraproject.org/w/index.php?title=Features/KDE_PolicyKitOneQt\" />"
-msgstr ""
-"æå
³æ¬ç¹æ§çå®æ´ä»ç»è¯·æ¥çFedora wiki页é¢<citetitle>KDE PolicyKit One Qt</"
-"citetitle>ï¼<ulink url=\"http://fedoraproject.org/w/index.php?title=Features/"
-"KDE_PolicyKitOneQt\" />"
+msgid "For a complete description of this feature, refer to the <citetitle>KDE PolicyKit One Qt</citetitle> page on the Fedora wiki: <ulink url=\"http://fedoraproject.org/w/index.php?title=Features/KDE_PolicyKitOneQt\" />"
+msgstr "æå
³æ¬ç¹æ§çå®æ´ä»ç»è¯·æ¥çFedora wiki页é¢<citetitle>KDE PolicyKit One Qt</citetitle>ï¼<ulink url=\"http://fedoraproject.org/w/index.php?title=Features/KDE_PolicyKitOneQt\" />"
+
+#. Tag: para
+#, no-c-format
+msgid "<firstterm>Dogtag Certificate System</firstterm> (DGS) is an enterprise-class open-source <firstterm>Certificate Authority</firstterm> (CA) supporting all aspects of certificate lifecycle management including <firstterm>Certificate Authority</firstterm> (CA), <firstterm>Data Recovery Manager</firstterm> (DRM), <firstterm>Online Certificate Status Protocol</firstterm> (OCSP) Manager, <firstterm>Registration Authority</firstterm> (RA), <firstterm>Token Key Service</firstterm> (TKS), <firstterm>Token Processing System</firstterm> (TPS) and smartcard management, through <firstterm>Enterprise Security Client</firstterm> (ESC)."
+msgstr "<firstterm>Dogtag Certificate System</firstterm> (DGS)æ¯ä¸ä¸ªä¼ä¸çº§çå¼æº<firstterm>认è¯ææ</firstterm> (CA)ï¼å®éè¿<firstterm>ä¼ä¸å®å
¨å®¢æ·ç«¯</firstterm> (ESC)å¯æ¯æåç§è®¤è¯å¨æ管çï¼å
æ¬<firstterm>认è¯ææ</firstterm> (CA)ã<firstterm>æ°æ®æ¢å¤ç®¡çå¨</firstterm> (DRM)ã<firstterm>å¨çº¿è®¤è¯ç¶æåè®®</firstterm> (OCSP) 管çå¨ã<firstterm>注å认è¯</firstterm> (RA)ã<firstterm>令çå¯åæå¡</firstterm> (TKS)ã<firstterm>令çå¤çç³»ç»</firstterm> (TPS) 以åæºè½å¡ç®¡çã "
-#~ msgid ""
-#~ "This beat is located here: <ulink type=\"http\" url=\"https://"
-#~ "fedoraproject.org/wiki/Docs/Beats/Security\">https://fedoraproject.org/"
-#~ "wiki/Docs/Beats/Security</ulink>"
-#~ msgstr ""
-#~ "è¿ä¸ª beatä½äºï¼<ulink type=\"http\" url=\"https://fedoraproject.org/wiki/"
-#~ "Docs/Beats/Security\">https://fedoraproject.org/wiki/Docs/Beats/Security</"
-#~ "ulink>"
+#~ msgid "This beat is located here: <ulink type=\"http\" url=\"https://fedoraproject.org/wiki/Docs/Beats/Security\">https://fedoraproject.org/wiki/Docs/Beats/Security</ulink>"
+#~ msgstr "è¿ä¸ª beatä½äºï¼<ulink type=\"http\" url=\"https://fedoraproject.org/wiki/Docs/Beats/Security\">https://fedoraproject.org/wiki/Docs/Beats/Security</ulink>"
#~ msgid "This section highlights various security items from Fedora."
#~ msgstr "è¿ä¸ç« è®°è¿° Fedora çåç§å®å
¨æ§é¡¹ç®ã"
@@ -209,96 +102,26 @@ msgstr ""
#~ msgid "Lower process capabilities"
#~ msgstr "ä½å¤çè½å"
-#~ msgid ""
-#~ "Daemons running as root have been reviewed and patched to run with lower "
-#~ "process capabilities. This reduces the desirability of using these "
-#~ "daemons for privilege escalation. Additionally, the shadow file "
-#~ "permissions have been changed to <literal>000</literal> and several "
-#~ "directories in <filename>$PATH</filename> have been set to <literal>555</"
-#~ "literal> in order to prevent daemons without <literal>DAC_OVERRIDE</"
-#~ "literal> from being able to access the shadow file or write to the "
-#~ "<filename>$PATH</filename> directories."
-#~ msgstr ""
-#~ "以rootç¨æ·è¿è¡çå®æ¤è¿ç¨ç»è¿å®¡æ ¸åè¡¥ä¸ï¼å¼å§ä»¥ä½å¤çè½åè¿è¡ãè¿éä½äºä½¿ç¨"
-#~ "è¿äºå®æ¤è¿ç¨æåæéçé£é©ãæ¤å¤ï¼å·å½±æ件æéæ´æ¹ä¸º<literal>000</"
-#~ "literal>ï¼<filename>$PATH</filename>ä¸çä¸äºç®å½æé设置为<literal>555</"
-#~ "literal>ï¼ä»¥é²æ¢å®æ¤è¿ç¨å¨æ²¡æ<literal>DAC_OVERRIDE</literal>æ¶è®¿é®å·å½±æ"
-#~ "件æå<filename>$PATH</filename>ç®å½åå
¥å
容ã"
+#~ msgid "Daemons running as root have been reviewed and patched to run with lower process capabilities. This reduces the desirability of using these daemons for privilege escalation. Additionally, the shadow file permissions have been changed to <literal>000</literal> and several directories in <filename>$PATH</filename> have been set to <literal>555</literal> in order to prevent daemons without <literal>DAC_OVERRIDE</literal> from being able to access the shadow file or write to the <filename>$PATH</filename> directories."
+#~ msgstr "以rootç¨æ·è¿è¡çå®æ¤è¿ç¨ç»è¿å®¡æ ¸åè¡¥ä¸ï¼å¼å§ä»¥ä½å¤çè½åè¿è¡ãè¿éä½äºä½¿ç¨è¿äºå®æ¤è¿ç¨æåæéçé£é©ãæ¤å¤ï¼å·å½±æ件æéæ´æ¹ä¸º<literal>000</literal>ï¼<filename>$PATH</filename>ä¸çä¸äºç®å½æé设置为<literal>555</literal>ï¼ä»¥é²æ¢å®æ¤è¿ç¨å¨æ²¡æ<literal>DAC_OVERRIDE</literal>æ¶è®¿é®å·å½±æ件æå<filename>$PATH</filename>ç®å½åå
¥å
容ã"
-#~ msgid ""
-#~ "When someone attacks a system, they normally can not do much unless they "
-#~ "can escalate privileges. This feature reduces the number of attack "
-#~ "targets that can be used to escalate privileges. If root processes do not "
-#~ "have all capabilities, they will be harder to use to subvert the system."
-#~ msgstr ""
-#~ "å½æ人å
¥ä¾µç³»ç»æ¶ï¼é¤éä»ä»¬æé«äºèªå·±çæéï¼å¦åä¸è¬åä¸äºå¤ªå¤äºæ
ãæ¤ç¹æ§"
-#~ "éä½äºå¯ç¨æ¥æåæéçæ»å»ç®æ æ°éãå¦ærootè¿ç¨ä¸å
æ¬ææè½åï¼é£ä¹ä»ä»¬ä¹"
-#~ "å¾é¾ç ´åç³»ç»ã"
+#~ msgid "When someone attacks a system, they normally can not do much unless they can escalate privileges. This feature reduces the number of attack targets that can be used to escalate privileges. If root processes do not have all capabilities, they will be harder to use to subvert the system."
+#~ msgstr "å½æ人å
¥ä¾µç³»ç»æ¶ï¼é¤éä»ä»¬æé«äºèªå·±çæéï¼å¦åä¸è¬åä¸äºå¤ªå¤äºæ
ãæ¤ç¹æ§éä½äºå¯ç¨æ¥æåæéçæ»å»ç®æ æ°éãå¦ærootè¿ç¨ä¸å
æ¬ææè½åï¼é£ä¹ä»ä»¬ä¹å¾é¾ç ´åç³»ç»ã"
-#~ msgid ""
-#~ "Processes with the root uid can still damage a system, because they can "
-#~ "write to nearly any file and of course read the <filename>/etc/shadow "
-#~ "file</filename>. However, if the system is hardened so that root requires "
-#~ "the <literal>DAC_OVERRIDE</literal> capability, then only a limited "
-#~ "number of processes can damage the system. This will not affect any admin "
-#~ "abilities because they always get full privileges which includes "
-#~ "<literal>DAC_OVERRIDE</literal>. Therefore, even if someone does "
-#~ "successfully attack a root process, it is now harder for them to take "
-#~ "advantage of this attack."
-#~ msgstr ""
-#~ "ç±äºæ¥æroot uidçè¿ç¨å¯åå ä¹ææçæ件åå
¥å¹¶ä¸å¯ä»¥è¯»å<filename>/etc/"
-#~ "shadow file</filename>ï¼å æ¤è¿äºè¿ç¨ä»å¯è½ä¼ç ´åç³»ç»ãç¶èå¦æå°ç³»ç»å¼ºå使"
-#~ "å¾rootéè¦<literal>DAC_OVERRIDE</literal>è½åï¼é£ä¹è½å¤ç ´åç³»ç»çè¿ç¨åªå©"
-#~ "å°æ°ãè¿ä¸ä¼å¯¹ç®¡çè½åé æå½±åï¼å 为å®ä»¬é½æ¥æå
æ¬<literal>DAC_OVERRIDE</"
-#~ "literal>å¨å
çå®æ´æéãå æ¤å³ä½¿æ人æåå
¥ä¾µäºä¸ä¸ªrootè¿ç¨ï¼ä¹å¾é¾å©ç¨æ¤è¿"
-#~ "ç¨ååºæ´å¤ç ´åã"
+#~ msgid "Processes with the root uid can still damage a system, because they can write to nearly any file and of course read the <filename>/etc/shadow file</filename>. However, if the system is hardened so that root requires the <literal>DAC_OVERRIDE</literal> capability, then only a limited number of processes can damage the system. This will not affect any admin abilities because they always get full privileges which includes <literal>DAC_OVERRIDE</literal>. Therefore, even if someone does successfully attack a root process, it is now harder for them to take advantage of this attack."
+#~ msgstr "ç±äºæ¥æroot uidçè¿ç¨å¯åå ä¹ææçæ件åå
¥å¹¶ä¸å¯ä»¥è¯»å<filename>/etc/shadow file</filename>ï¼å æ¤è¿äºè¿ç¨ä»å¯è½ä¼ç ´åç³»ç»ãç¶èå¦æå°ç³»ç»å¼ºå使å¾rootéè¦<literal>DAC_OVERRIDE</literal>è½åï¼é£ä¹è½å¤ç ´åç³»ç»çè¿ç¨åªå©å°æ°ãè¿ä¸ä¼å¯¹ç®¡çè½åé æå½±åï¼å 为å®ä»¬é½æ¥æå
æ¬<literal>DAC_OVERRIDE</literal>å¨å
çå®æ´æéãå æ¤å³ä½¿æ人æåå
¥ä¾µäºä¸ä¸ªrootè¿ç¨ï¼ä¹å¾é¾å©ç¨æ¤è¿ç¨ååºæ´å¤ç ´åã"
-#~ msgid ""
-#~ "A hardened system would have permissions like: <literal>555</literal> "
-#~ "<filename>/bin</filename>, <literal>555</literal> <filename>/lib</"
-#~ "filename>, <literal>000</literal> <filename>/etc/shadow</filename> and so "
-#~ "on. The current scope is to cover the directories in <filename>$PATH</"
-#~ "filename> variable, library dirs, <filename>/boot</filename>, and "
-#~ "<filename>/root</filename>. This scheme does not affect SELinux in any "
-#~ "way and complements it since capabilities are DAC controls and they have "
-#~ "first vote on allowing an access."
-#~ msgstr ""
-#~ "强åçç³»ç»åºè¯¥æ类似çæéï¼<literal>555</literal> <filename>/bin</"
-#~ "filename>, <literal>555</literal> <filename>/lib</filename>, "
-#~ "<literal>000</literal> <filename>/etc/shadow</filename>çãå½åèå´æ¯è¦ç"
-#~ "<filename>$PATH</filename>åéä¸çç®å½ãåºç®å½ã<filename>/boot</filename>"
-#~ "å<filename>/root</filename>ãæ¤æ¹æ¡ä¸ä½ä¸ä¼å½±åSELinuxï¼èä¸ä¼å¯¹å
¶è¿è¡è¡¥"
-#~ "å
ãå 为è¿äºè½åå±äºDAC controlsï¼èå®ä»¬é¦å
å³å®æ¯å¦å
许访é®ã"
+#~ msgid "A hardened system would have permissions like: <literal>555</literal> <filename>/bin</filename>, <literal>555</literal> <filename>/lib</filename>, <literal>000</literal> <filename>/etc/shadow</filename> and so on. The current scope is to cover the directories in <filename>$PATH</filename> variable, library dirs, <filename>/boot</filename>, and <filename>/root</filename>. This scheme does not affect SELinux in any way and complements it since capabilities are DAC controls and they have first vote on allowing an access."
+#~ msgstr "强åçç³»ç»åºè¯¥æ类似çæéï¼<literal>555</literal> <filename>/bin</filename>, <literal>555</literal> <filename>/lib</filename>, <literal>000</literal> <filename>/etc/shadow</filename>çãå½åèå´æ¯è¦ç<filename>$PATH</filename>åéä¸çç®å½ãåºç®å½ã<filename>/boot</filename>å<filename>/root</filename>ãæ¤æ¹æ¡ä¸ä½ä¸ä¼å½±åSELinuxï¼èä¸ä¼å¯¹å
¶è¿è¡è¡¥å
ãå 为è¿äºè½åå±äºDAC controlsï¼èå®ä»¬é¦å
å³å®æ¯å¦å
许访é®ã"
#~ msgid "SELinux Sandbox"
#~ msgstr "SELinux Sandbox"
-#~ msgid ""
-#~ "The SELinux sandbox allows a command to be run in a highly constrained "
-#~ "fashion. Unfortunately, the nature of GUI applications is such that it is "
-#~ "very difficult to use this capability on those applications that need it "
-#~ "most."
-#~ msgstr ""
-#~ "SeLinux sandboxå
许å½ä»¤ä»¥é«éå¶çæ¹å¼è¿è¡ãä¸å¹¸çæ¯ï¼ç±äºGUIç¨åºçç¹æ§ï¼å¨"
-#~ "æé£äºéè¦çGUIç¨åºä¸ä½¿ç¨è¿ä¸ªåè½æ¯é常å°é¾çã"
+#~ msgid "The SELinux sandbox allows a command to be run in a highly constrained fashion. Unfortunately, the nature of GUI applications is such that it is very difficult to use this capability on those applications that need it most."
+#~ msgstr "SeLinux sandboxå
许å½ä»¤ä»¥é«éå¶çæ¹å¼è¿è¡ãä¸å¹¸çæ¯ï¼ç±äºGUIç¨åºçç¹æ§ï¼å¨æé£äºéè¦çGUIç¨åºä¸ä½¿ç¨è¿ä¸ªåè½æ¯é常å°é¾çã"
-#~ msgid ""
-#~ "A new <command>sandbox -X</command> command allows many GUI applications "
-#~ "to be tightly constrained. By applying this within some web applications, "
-#~ "a user may specify, for example, that Open Office should run normally "
-#~ "when invoked by the user, but should be constrained when invoked from the "
-#~ "web."
-#~ msgstr ""
-#~ "æ°å½ä»¤<command>sandbox -X</command>å¯ç¨æ¥éå¶å¤ä¸ªGUIç¨åºãç¨æ·å¯ä»¥å¨æäºç½"
-#~ "ç»ç¨åºä¸è¿è¡æ¤å½ä»¤ï¼æ¯å¦Open Officeå¨ç¨æ·è°ç¨åå¯ä»¥æ£å¸¸è¿è¡ï¼ä½å¦æç±ç½ç»"
-#~ "è°ç¨æ¶ï¼å®ä¼åå°éå¶ã"
+#~ msgid "A new <command>sandbox -X</command> command allows many GUI applications to be tightly constrained. By applying this within some web applications, a user may specify, for example, that Open Office should run normally when invoked by the user, but should be constrained when invoked from the web."
+#~ msgstr "æ°å½ä»¤<command>sandbox -X</command>å¯ç¨æ¥éå¶å¤ä¸ªGUIç¨åºãç¨æ·å¯ä»¥å¨æäºç½ç»ç¨åºä¸è¿è¡æ¤å½ä»¤ï¼æ¯å¦Open Officeå¨ç¨æ·è°ç¨åå¯ä»¥æ£å¸¸è¿è¡ï¼ä½å¦æç±ç½ç»è°ç¨æ¶ï¼å®ä¼åå°éå¶ã"
-#~ msgid ""
-#~ "When run from the SELinux sandbox, a GUI application may only access a "
-#~ "limited directory structure which is destroyed on exit, is denied access "
-#~ "to the network, and runs in an isolated X-server, which prevents it from "
-#~ "accessing other X applications."
-#~ msgstr ""
-#~ "å½GUIç¨åºéè¿SELinux sandboxè¿è¡åï¼å®åªè½è¯»åæéçç®å½ï¼è¿äºç®å½å¨å
¶éåº"
-#~ "åå°±ä¼è¢«å é¤ï¼å®ä¹æ æ³è®¿é®ç½ç»ï¼å¹¶è¿è¡å¨ä¸ä¸ªå¤ç«çX-serverä¸ï¼è¿æ ·å°±é»æ¢äº"
-#~ "å®è¯»åå
¶å®Xç¨åºã"
+#~ msgid "When run from the SELinux sandbox, a GUI application may only access a limited directory structure which is destroyed on exit, is denied access to the network, and runs in an isolated X-server, which prevents it from accessing other X applications."
+#~ msgstr "å½GUIç¨åºéè¿SELinux sandboxè¿è¡åï¼å®åªè½è¯»åæéçç®å½ï¼è¿äºç®å½å¨å
¶éåºåå°±ä¼è¢«å é¤ï¼å®ä¹æ æ³è®¿é®ç½ç»ï¼å¹¶è¿è¡å¨ä¸ä¸ªå¤ç«çX-serverä¸ï¼è¿æ ·å°±é»æ¢äºå®è¯»åå
¶å®Xç¨åºã"
More information about the docs-commits
mailing list