Adding upstream version 4.22.0.upstream/4.22.0

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 592 insertions, 0 deletions

diff --git a/po/ru/man7/cgroup_namespaces.7.po b/po/ru/man7/cgroup_namespaces.7.po
new file mode 100644
index 00000000..098dd322
--- /dev/null
+++ b/po/ru/man7/cgroup_namespaces.7.po
@@ -0,0 +1,592 @@
+# Russian translation of manpages
+# This file is distributed under the same license as the manpages-l10n package.
+# Copyright © of this file:
+# Azamat Hackimov <azamat.hackimov@gmail.com>, 2014.
+# Dmitriy S. Seregin <dseregin@59.ru>, 2013.
+# Dmitry Bolkhovskikh <d20052005@yandex.ru>, 2017.
+# Katrin Kutepova <blackkatelv@gmail.com>, 2018.
+# Yuri Kozlov <yuray@komyakino.ru>, 2011-2019.
+# Иван Павлов <pavia00@gmail.com>, 2017.
+msgid ""
+msgstr ""
+"Project-Id-Version: manpages-l10n\n"
+"POT-Creation-Date: 2024-03-01 16:53+0100\n"
+"PO-Revision-Date: 2019-10-05 07:56+0300\n"
+"Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n"
+"Language-Team: Russian <man-pages-ru-talks@lists.sourceforge.net>\n"
+"Language: ru\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=4; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
+"n%10<=4 && (n%100<12 || n%100>14) ? 1 : n%10==0 || (n%10>=5 && n%10<=9) || "
+"(n%100>=11 && n%100<=14)? 2 : 3);\n"
+"X-Generator: Lokalize 2.0\n"
+
+#. type: TH
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, fuzzy, no-wrap
+#| msgid "Mount namespaces"
+msgid "cgroup_namespaces"
+msgstr "Пространства имён монтирования"
+
+#. type: TH
+#: archlinux fedora-40 fedora-rawhide mageia-cauldron
+#, no-wrap
+msgid "2023-10-31"
+msgstr "31 октября 2023 г."
+
+#. type: TH
+#: archlinux fedora-40 fedora-rawhide mageia-cauldron
+#, no-wrap
+msgid "Linux man-pages 6.06"
+msgstr "Linux man-pages 6.06"
+
+#. type: SH
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "NAME"
+msgstr "ИМЯ"
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "cgroup_namespaces - overview of Linux cgroup namespaces"
+msgstr "cgroup_namespaces - обзор пространств имён Linux cgroup"
+
+#. type: SH
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "DESCRIPTION"
+msgstr "ОПИСАНИЕ"
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "For an overview of namespaces, see B<namespaces>(7)."
+msgstr "Обзор пространств имён смотрите в B<namespaces>(7)."
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, fuzzy
+#| msgid ""
+#| "Cgroup namespaces virtualize the view of a process's cgroups (see "
+#| "B<cgroups>(7))  as seen via I</proc/[pid]/cgroup> and I</proc/[pid]/"
+#| "mountinfo>."
+msgid ""
+"Cgroup namespaces virtualize the view of a process's cgroups (see "
+"B<cgroups>(7))  as seen via I</proc/>pidI</cgroup> and I</proc/>pidI</"
+"mountinfo>."
+msgstr ""
+"Пространства имён cgroup_namespaces виртуализируют представление о cgroup "
+"процесса (смотрите B<cgroups>(7)) в виде I</proc/[pid]/cgroup> и I</proc/"
+"[pid]/mountinfo>."
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, fuzzy
+#| msgid ""
+#| "Each cgroup namespace has its own set of cgroup root directories.  These "
+#| "root directories are the base points for the relative locations displayed "
+#| "in the corresponding records in the I</proc/[pid]/cgroup> file.  When a "
+#| "process creates a new cgroup namespace using B<clone>(2)  or "
+#| "B<unshare>(2)  with the B<CLONE_NEWCGROUP> flag, its current cgroups "
+#| "directories become the cgroup root directories of the new namespace.  "
+#| "(This applies both for the cgroups version 1 hierarchies and the cgroups "
+#| "version 2 unified hierarchy.)"
+msgid ""
+"Each cgroup namespace has its own set of cgroup root directories.  These "
+"root directories are the base points for the relative locations displayed in "
+"the corresponding records in the I</proc/>pidI</cgroup> file.  When a "
+"process creates a new cgroup namespace using B<clone>(2)  or B<unshare>(2)  "
+"with the B<CLONE_NEWCGROUP> flag, its current cgroups directories become the "
+"cgroup root directories of the new namespace.  (This applies both for the "
+"cgroups version 1 hierarchies and the cgroups version 2 unified hierarchy.)"
+msgstr ""
+"Каждое пространство имён cgroup имеет свой набор корневых каталогов cgroup. "
+"Данные корневые каталоги являются базовыми точками относительных "
+"расположений, показываемых в соответствующих записях файла I</proc/[pid]/"
+"cgroup>. Когда процесс создаёт новое пространство имён cgroup с помощью "
+"B<clone>(2) или B<unshare>(2) с флагом B<CLONE_NEWCGROUP>, то его текущие "
+"каталоги cgroups становятся корневыми каталогами cgroup нового пространства "
+"имён (это применимо как для иерархии cgroups версии 1, так и  для "
+"унифицированной иерархии cgroups версии 2)."
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, fuzzy
+#| msgid ""
+#| "When reading the cgroup memberships of a \"target\" process from I</proc/"
+#| "[pid]/cgroup>, the pathname shown in the third field of each record will "
+#| "be relative to the reading process's root directory for the corresponding "
+#| "cgroup hierarchy.  If the cgroup directory of the target process lies "
+#| "outside the root directory of the reading process's cgroup namespace, "
+#| "then the pathname will show I<../> entries for each ancestor level in the "
+#| "cgroup hierarchy."
+msgid ""
+"When reading the cgroup memberships of a \"target\" process from I</proc/"
+">pidI</cgroup>, the pathname shown in the third field of each record will be "
+"relative to the reading process's root directory for the corresponding "
+"cgroup hierarchy.  If the cgroup directory of the target process lies "
+"outside the root directory of the reading process's cgroup namespace, then "
+"the pathname will show I<../> entries for each ancestor level in the cgroup "
+"hierarchy."
+msgstr ""
+"При чтении членов cgroup «целевого» процесса из I</proc/[pid]/cgroup> путь в "
+"третьем поле каждой записи будет относительным по отношению к корневому "
+"каталогу cgroup читающего процесса для соответствующей иерархии cgroup. Если "
+"каталог cgroup процесса назначения лежит вне корневого каталоге пространства "
+"имён cgroup читающего процесса, то путь будет показан как I<../> для каждого "
+"уровня предка в иерархии cgroup."
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The following shell session demonstrates the effect of creating a new cgroup "
+"namespace."
+msgstr ""
+"Следующий пример сеанса демонстрирует создание нового пространства имён "
+"cgroup."
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"First, (as superuser) in a shell in the initial cgroup namespace, we create "
+"a child cgroup in the I<freezer> hierarchy, and place a process in that "
+"cgroup that we will use as part of the demonstration below:"
+msgstr ""
+"Сначала (от суперпользователя) в оболочке начального пространства имён "
+"cgroup создадим дочернюю cgroup в иерархии I<freezer> и поместим в эту "
+"cgroup процесс, который будет использоваться как часть демонстрации далее:"
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid ""
+"# B<mkdir -p /sys/fs/cgroup/freezer/sub2>\n"
+"# B<sleep 10000 &>     # Create a process that lives for a while\n"
+"[1] 20124\n"
+"# B<echo 20124 E<gt> /sys/fs/cgroup/freezer/sub2/cgroup.procs>\n"
+msgstr ""
+"# B<mkdir -p /sys/fs/cgroup/freezer/sub2>\n"
+"# B<sleep 10000 &>     # создать процесс, который живёт какое-то время\n"
+"[1] 20124\n"
+"# B<echo 20124 E<gt> /sys/fs/cgroup/freezer/sub2/cgroup.procs>\n"
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"We then create another child cgroup in the I<freezer> hierarchy and put the "
+"shell into that cgroup:"
+msgstr ""
+"Затем создадим другую дочернюю cgroup в иерархии I<freezer> и поместим "
+"оболочку в эту cgroup:"
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid ""
+"# B<mkdir -p /sys/fs/cgroup/freezer/sub>\n"
+"# B<echo $$>                      # Show PID of this shell\n"
+"30655\n"
+"# B<echo 30655 E<gt> /sys/fs/cgroup/freezer/sub/cgroup.procs>\n"
+"# B<cat /proc/self/cgroup | grep freezer>\n"
+"7:freezer:/sub\n"
+msgstr ""
+"# B<mkdir -p /sys/fs/cgroup/freezer/sub>\n"
+"# B<echo $$>                      # выводим PID этой оболочки\n"
+"30655\n"
+"# B<echo 30655 E<gt> /sys/fs/cgroup/freezer/sub/cgroup.procs>\n"
+"# B<cat /proc/self/cgroup | grep freezer>\n"
+"7:freezer:/sub\n"
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Next, we use B<unshare>(1)  to create a process running a new shell in new "
+"cgroup and mount namespaces:"
+msgstr ""
+"Затем с помощью B<unshare>(1) создаётся процесс, выполняющий новую оболочку "
+"в новой cgroup и монтируется пространство имён:"
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "# B<PS1=\"sh2# \" unshare -Cm bash>\n"
+msgstr "# B<PS1=\"sh2# \" unshare -Cm bash>\n"
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, fuzzy
+#| msgid ""
+#| "From the new shell started by B<unshare>(1), we then inspect the I</proc/"
+#| "[pid]/cgroup> files of, respectively, the new shell, a process that is in "
+#| "the initial cgroup namespace (I<init>, with PID 1), and the process in "
+#| "the sibling cgroup (I<sub2>):"
+msgid ""
+"From the new shell started by B<unshare>(1), we then inspect the I</proc/"
+">pidI</cgroup> files of, respectively, the new shell, a process that is in "
+"the initial cgroup namespace (I<init>, with PID 1), and the process in the "
+"sibling cgroup (I<sub2>):"
+msgstr ""
+"Из новой оболочки, запущенной B<unshare>(1), теперь файлы I</proc/[pid]/"
+"cgroup> содержат, соответственно, новый процесс-оболочку, процесс, "
+"находящийся в первоначальном пространстве имён cgroup (I<init> с PID 1) и "
+"процесс в родственной cgroup (I<sub2>):"
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid ""
+"sh2# B<cat /proc/self/cgroup | grep freezer>\n"
+"7:freezer:/\n"
+"sh2# B<cat /proc/1/cgroup | grep freezer>\n"
+"7:freezer:/..\n"
+"sh2# B<cat /proc/20124/cgroup | grep freezer>\n"
+"7:freezer:/../sub2\n"
+msgstr ""
+"sh2# B<cat /proc/self/cgroup | grep freezer>\n"
+"7:freezer:/\n"
+"sh2# B<cat /proc/1/cgroup | grep freezer>\n"
+"7:freezer:/..\n"
+"sh2# B<cat /proc/20124/cgroup | grep freezer>\n"
+"7:freezer:/../sub2\n"
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, fuzzy
+#| msgid ""
+#| "From the output of the first command, we see that the freezer cgroup "
+#| "membership of the new shell (which is in the same cgroup as the initial "
+#| "shell)  is shown defined relative to the freezer cgroup root directory "
+#| "that was established when the new cgroup namespace was created.  (In "
+#| "absolute terms, the new shell is in the I</sub> freezer cgroup, and the "
+#| "root directory of the freezer cgroup hierarchy in the new cgroup "
+#| "namespace is also I</sub>.  Thus, the new shell's cgroup membership is "
+#| "displayed as \\(aq/\\(aq.)"
+msgid ""
+"From the output of the first command, we see that the freezer cgroup "
+"membership of the new shell (which is in the same cgroup as the initial "
+"shell)  is shown defined relative to the freezer cgroup root directory that "
+"was established when the new cgroup namespace was created.  (In absolute "
+"terms, the new shell is in the I</sub> freezer cgroup, and the root "
+"directory of the freezer cgroup hierarchy in the new cgroup namespace is "
+"also I</sub>.  Thus, the new shell's cgroup membership is displayed as "
+"\\[aq]/\\[aq].)"
+msgstr ""
+"В выводе первой команды мы видим, что в cgroup freezer членство новой "
+"оболочки (находящейся в той же cgroup, что и начальная оболочка) определено "
+"относительно корневого каталога cgroup freezer, который был назначен при "
+"создании нового пространства имён cgroup (в абсолютном выражении, новая "
+"оболочка находится в I</sub> freezer cgroup и корневой каталог иерархии "
+"freezer cgroup в новом пространстве имён cgroup также находится в I</sub>. "
+"То есть, членство cgroup новой оболочки показывается как \\(aq/\\(aq)."
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"However, when we look in I</proc/self/mountinfo> we see the following "
+"anomaly:"
+msgstr ""
+"Однако, если посмотреть I</proc/self/mountinfo>, то можно увидеть следующую "
+"аномалию:"
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid ""
+"sh2# B<cat /proc/self/mountinfo | grep freezer>\n"
+"155 145 0:32 /.. /sys/fs/cgroup/freezer ...\n"
+msgstr ""
+"sh2# B<cat /proc/self/mountinfo | grep freezer>\n"
+"155 145 0:32 /.. /sys/fs/cgroup/freezer ...\n"
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, fuzzy
+#| msgid ""
+#| "The fourth field of this line (I</..>)  should show the directory in the "
+#| "cgroup filesystem which forms the root of this mount.  Since by the "
+#| "definition of cgroup namespaces, the process's current freezer cgroup "
+#| "directory became its root freezer cgroup directory, we should see \\(aq/"
+#| "\\(aq in this field.  The problem here is that we are seeing a mount "
+#| "entry for the cgroup filesystem corresponding to the initial cgroup "
+#| "namespace (whose cgroup filesystem is indeed rooted at the parent "
+#| "directory of I<sub>).  To fix this problem, we must remount the freezer "
+#| "cgroup filesystem from the new shell (i.e., perform the mount from a "
+#| "process that is in the new cgroup namespace), after which we see the "
+#| "expected results:"
+msgid ""
+"The fourth field of this line (I</..>)  should show the directory in the "
+"cgroup filesystem which forms the root of this mount.  Since by the "
+"definition of cgroup namespaces, the process's current freezer cgroup "
+"directory became its root freezer cgroup directory, we should see \\[aq]/"
+"\\[aq] in this field.  The problem here is that we are seeing a mount entry "
+"for the cgroup filesystem corresponding to the initial cgroup namespace "
+"(whose cgroup filesystem is indeed rooted at the parent directory of "
+"I<sub>).  To fix this problem, we must remount the freezer cgroup filesystem "
+"from the new shell (i.e., perform the mount from a process that is in the "
+"new cgroup namespace), after which we see the expected results:"
+msgstr ""
+"Четвёртое поле в этой строке (I</..>) должен содержать каталог в файловой "
+"системе cgroup, который является корнем этого монтирования. Так как по "
+"определению пространств имён cgroup текущий каталог freezer cgroup процесса "
+"становится его корневым каталогом freezer cgroup, в этом поле мы должны "
+"увидеть \\(aq/\\(aq. Проблема здесь в том, что мы видим запись о "
+"монтировании для файловой системы cgroup, которая соответствует начальному "
+"пространству имён cgroup (чья файловая система cgroup действительно имеет "
+"корень в родительском каталоге I<sub>). Чтобы это исправить нам нужно "
+"перемонтировать файловую систему freezer cgroup из новой оболочки (т. е. "
+"выполнить монтирование из процесса, который находится в новом пространстве "
+"имён cgroup), после чего мы увидим ожидаемый результат:"
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, fuzzy, no-wrap
+#| msgid ""
+#| "sh2# B<mount --make-rslave />     # Don't propagate mount events\n"
+#| "                               # to other namespaces\n"
+#| "sh2# B<umount /sys/fs/cgroup/freezer>\n"
+#| "sh2# B<mount -t cgroup -o freezer freezer /sys/fs/cgroup/freezer>\n"
+#| "sh2# B<cat /proc/self/mountinfo | grep freezer>\n"
+#| "155 145 0:32 / /sys/fs/cgroup/freezer rw,relatime ...\n"
+msgid ""
+"sh2# B<mount --make-rslave />     # Don\\[aq]t propagate mount events\n"
+"                               # to other namespaces\n"
+"sh2# B<umount /sys/fs/cgroup/freezer>\n"
+"sh2# B<mount -t cgroup -o freezer freezer /sys/fs/cgroup/freezer>\n"
+"sh2# B<cat /proc/self/mountinfo | grep freezer>\n"
+"155 145 0:32 / /sys/fs/cgroup/freezer rw,relatime ...\n"
+msgstr ""
+"sh2# B<mount --make-rslave />     # не распространять события монтирования\n"
+"                               # в другие пространства имён\n"
+"sh2# B<umount /sys/fs/cgroup/freezer>\n"
+"sh2# B<mount -t cgroup -o freezer freezer /sys/fs/cgroup/freezer>\n"
+"sh2# B<cat /proc/self/mountinfo | grep freezer>\n"
+"155 145 0:32 / /sys/fs/cgroup/freezer rw,relatime ...\n"
+
+#. type: SH
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "STANDARDS"
+msgstr "СТАНДАРТЫ"
+
+#. type: Plain text
+#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-leap-15-6 opensuse-tumbleweed
+msgid "Linux."
+msgstr "Linux."
+
+#. type: SH
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "NOTES"
+msgstr "ЗАМЕЧАНИЯ"
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"Use of cgroup namespaces requires a kernel that is configured with the "
+"B<CONFIG_CGROUPS> option."
+msgstr ""
+"Для использования пространств имён cgroup требуется, чтобы ядро было собрано "
+"с параметром B<CONFIG_CGROUPS>."
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"The virtualization provided by cgroup namespaces serves a number of purposes:"
+msgstr ""
+"Виртуализация, предоставляемая пространствами имён cgroup, подходит для "
+"решения нескольких задач:"
+
+#. type: IP
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "\\[bu]"
+msgstr "\\[bu]"
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"It prevents information leaks whereby cgroup directory paths outside of a "
+"container would otherwise be visible to processes in the container.  Such "
+"leakages could, for example, reveal information about the container "
+"framework to containerized applications."
+msgstr ""
+"Предотвращение утечек информации о путях каталогов cgroup за пределами "
+"контейнера, иначе они были бы видимы процессам в контейнере. Такие утечки "
+"могли, например, выдать информацию о платформе контейнера приложениям в "
+"контейнере."
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"It eases tasks such as container migration.  The virtualization provided by "
+"cgroup namespaces allows containers to be isolated from knowledge of the "
+"pathnames of ancestor cgroups.  Without such isolation, the full cgroup "
+"pathnames (displayed in I</proc/self/cgroups>)  would need to be replicated "
+"on the target system when migrating a container; those pathnames would also "
+"need to be unique, so that they don't conflict with other pathnames on the "
+"target system."
+msgstr ""
+"Облегчение задач по переносу контейнера. Виртуализация, предоставляемая "
+"пространствами имён cgroup, позволяет контейнерам не знать информацию о "
+"путях родительских cgroup. Без такой изоляции потребовалось бы воссоздавать "
+"полные пути cgroup (показываемые в I</proc/self/cgroups>) в целевой системе "
+"при переносе контейнера; также эти пути должны были быть уникальными, чтобы "
+"они не пересекались с другими путями в целевой системе."
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"It allows better confinement of containerized processes, because it is "
+"possible to mount the container's cgroup filesystems such that the container "
+"processes can't gain access to ancestor cgroup directories.  Consider, for "
+"example, the following scenario:"
+msgstr ""
+"Обеспечивает лучшее разграничение контейнеризированных процессов, так как "
+"возможно смонтировать файловые системы cgroup контейнера таким образом, что "
+"процессы контейнера не смогут получить доступ к каталогам предка cgroup. "
+"Рассмотрим, например, следующий сценарий:"
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid "We have a cgroup directory, I</cg/1>, that is owned by user ID 9000."
+msgstr ""
+"Есть каталог cgroup I</cg/1>, который принадлежит пользователю с ID 9000."
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"We have a process, I<X>, also owned by user ID 9000, that is namespaced "
+"under the cgroup I</cg/1/2> (i.e., I<X> was placed in a new cgroup namespace "
+"via B<clone>(2)  or B<unshare>(2)  with the B<CLONE_NEWCGROUP> flag)."
+msgstr ""
+"Есть процесс I<X>, который также принадлежит пользователю с ID 9000, он "
+"находится в пространстве имён под I</cg/1/2> (т. е., I<X> помещён в новое "
+"пространство имён cgroup посредством B<clone>(2) или B<unshare>(2) с флагом "
+"B<CLONE_NEWCGROUP>)."
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, fuzzy
+#| msgid ""
+#| "In the absence of cgroup namespacing, because the cgroup directory I</"
+#| "cg/1> is owned (and writable) by UID 9000 and process I<X> is also owned "
+#| "by user ID 9000, then process I<X> would be able to modify the contents "
+#| "of cgroups files (i.e., change cgroup settings) not only in I</cg/1/2> "
+#| "but also in the ancestor cgroup directory I</cg/1>.  Namespacing process "
+#| "I<X> under the cgroup directory I</cg/1/2>, in combination with suitable "
+#| "mount operations for the cgroup filesystem (as shown above), prevents it "
+#| "modifying files in I</cg/1>, since it cannot even see the contents of "
+#| "that directory (or of further removed cgroup ancestor directories).  "
+#| "Combined with correct enforcement of hierarchical limits, this prevents "
+#| "process I<X> from escaping the limits imposed by ancestor cgroups."
+msgid ""
+"In the absence of cgroup namespacing, because the cgroup directory I</cg/1> "
+"is owned (and writable) by UID 9000 and process I<X> is also owned by user "
+"ID 9000, process I<X> would be able to modify the contents of cgroups files "
+"(i.e., change cgroup settings) not only in I</cg/1/2> but also in the "
+"ancestor cgroup directory I</cg/1>.  Namespacing process I<X> under the "
+"cgroup directory I</cg/1/2>, in combination with suitable mount operations "
+"for the cgroup filesystem (as shown above), prevents it modifying files in "
+"I</cg/1>, since it cannot even see the contents of that directory (or of "
+"further removed cgroup ancestor directories).  Combined with correct "
+"enforcement of hierarchical limits, this prevents process I<X> from escaping "
+"the limits imposed by ancestor cgroups."
+msgstr ""
+"Если нет пространств имён cgroup, а каталог cgroup I</cg/1> принадлежит (и "
+"доступен на запись) UID 9000 и процесс I<X> также принадлежит пользователю с "
+"ID 9000, процесс I<X> может изменять содержимое файлов cgroups (т. е., "
+"изменять настройки cgroup) не только в I</cg/1/2>, но и в родительском "
+"каталоге cgroup I</cg/1>. Выделение для процесса I<X> пространства имён в "
+"каталоге cgroup I</cg/1/2>, в комбинации с нужными операциями монтирования "
+"файловой системы cgroup (как показано выше) не даёт изменять файлы в I</"
+"cg/1>, так как невозможно увидеть содержимое этого каталога (или, в "
+"дальнейшем, удалить каталоге родительского cgroup). В сочетании с правильным "
+"обеспечением иерархических ограничений это не позволяет процессу I<X> обойти "
+"ограничения, накладываемые родительскими cgroups."
+
+#. type: SH
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "SEE ALSO"
+msgstr "СМ. ТАКЖЕ"
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
+#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
+msgid ""
+"B<unshare>(1), B<clone>(2), B<setns>(2), B<unshare>(2), B<proc>(5), "
+"B<cgroups>(7), B<credentials>(7), B<namespaces>(7), B<user_namespaces>(7)"
+msgstr ""
+"B<unshare>(1), B<clone>(2), B<setns>(2), B<unshare>(2), B<proc>(5), "
+"B<cgroups>(7), B<credentials>(7), B<namespaces>(7), B<user_namespaces>(7)"
+
+#. type: TH
+#: debian-bookworm
+#, no-wrap
+msgid "2023-02-05"
+msgstr "5 февраля 2023 г."
+
+#. type: TH
+#: debian-bookworm
+#, no-wrap
+msgid "Linux man-pages 6.03"
+msgstr "Linux man-pages 6.03"
+
+#. type: Plain text
+#: debian-bookworm
+msgid "Namespaces are a Linux-specific feature."
+msgstr "Пространства имён есть только в Linux."
+
+#. type: TH
+#: debian-unstable opensuse-leap-15-6 opensuse-tumbleweed
+#, no-wrap
+msgid "2023-03-30"
+msgstr "30 марта 2023 г."
+
+#. type: TH
+#: debian-unstable opensuse-tumbleweed
+#, no-wrap
+msgid "Linux man-pages 6.05.01"
+msgstr "Linux man-pages 6.05.01"
+
+#. type: TH
+#: opensuse-leap-15-6
+#, no-wrap
+msgid "Linux man-pages 6.04"
+msgstr "Linux man-pages 6.04"