Adding upstream version 4.22.0.upstream/4.22.0

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 498 insertions, 0 deletions

diff --git a/templates/man1/setpriv.1.pot b/templates/man1/setpriv.1.pot
new file mode 100644
index 00000000..5721fb2b
--- /dev/null
+++ b/templates/man1/setpriv.1.pot
@@ -0,0 +1,498 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2023-08-27 17:21+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: TH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "SETPRIV"
+msgstr ""
+
+#. type: TH
+#: debian-bookworm
+#, no-wrap
+msgid "2022-05-11"
+msgstr ""
+
+#. type: TH
+#: debian-bookworm
+#, no-wrap
+msgid "util-linux 2.38.1"
+msgstr ""
+
+#. type: TH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "User Commands"
+msgstr ""
+
+#. type: SH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "NAME"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "setpriv - run a program with different Linux privilege settings"
+msgstr ""
+
+#. type: SH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "SYNOPSIS"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<setpriv> [options] I<program> [I<arguments>]"
+msgstr ""
+
+#. type: SH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "DESCRIPTION"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Sets or queries various Linux privilege settings that are inherited across "
+"B<execve>(2)."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"In comparison to B<su>(1) and B<runuser>(1), B<setpriv> neither uses PAM, "
+"nor does it prompt for a password. It is a simple, non-set-user-ID wrapper "
+"around B<execve>(2), and can be used to drop privileges in the same way as "
+"B<setuidgid>(8) from B<daemontools>, B<chpst>(8) from B<runit>, or similar "
+"tools shipped by other service managers."
+msgstr ""
+
+#. type: SH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "OPTIONS"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<--clear-groups>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "Clear supplementary groups."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<-d>, B<--dump>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Dump the current privilege state. This option can be specified more than "
+"once to show extra, mostly useless, information. Incompatible with all other "
+"options."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<--groups> I<group>..."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Set supplementary groups. The argument is a comma-separated list of GIDs or "
+"names."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"B<--inh-caps> (B<+>|B<->)I<cap>..., B<--ambient-caps> (B<+>|B<->)I<cap>..., "
+"B<--bounding-set> (B<+>|B<->)I<cap>..."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Set the inheritable capabilities, ambient capabilities or the capability "
+"bounding set. See B<capabilities>(7). The argument is a comma-separated list "
+"of B<+>I<cap> and B<->I<cap> entries, which add or remove an entry "
+"respectively. I<cap> can either be a human-readable name as seen in "
+"B<capabilities>(7) without the I<cap_> prefix or of the format B<cap_N>, "
+"where I<N> is the internal capability index used by Linux. B<+all> and B<-"
+"all> can be used to add or remove all caps."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"The set of capabilities starts out as the current inheritable set for B<--"
+"inh-caps>, the current ambient set for B<--ambient-caps> and the current "
+"bounding set for B<--bounding-set>."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Note the following restrictions (detailed in B<capabilities>(7)) regarding "
+"modifications to these capability sets:"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"A capability can be added to the inheritable set only if it is currently "
+"present in the bounding set."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"A capability can be added to the ambient set only if it is currently present "
+"in both the permitted and inheritable sets."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Notwithstanding the syntax offered by B<setpriv>, the kernel does not permit "
+"capabilities to be added to the bounding set."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"If you drop a capability from the bounding set without also dropping it from "
+"the inheritable set, you are likely to become confused. Do not do that."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<--keep-groups>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Preserve supplementary groups. Only useful in conjunction with B<--rgid>, "
+"B<--egid>, or B<--regid>."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<--init-groups>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Initialize supplementary groups using initgroups3. Only useful in "
+"conjunction with B<--ruid> or B<--reuid>."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<--list-caps>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "List all known capabilities. This option must be specified alone."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<--no-new-privs>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Set the I<no_new_privs> bit. With this bit set, B<execve>(2) will not grant "
+"new privileges. For example, the set-user-ID and set-group-ID bits as well "
+"as file capabilities will be disabled. (Executing binaries with these bits "
+"set will still work, but they will not gain privileges. Certain LSMs, "
+"especially AppArmor, may result in failures to execute certain programs.) "
+"This bit is inherited by child processes and cannot be unset. See "
+"B<prctl>(2) and I<Documentation/prctl/no_new_privs.txt> in the Linux kernel "
+"source."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "The I<no_new_privs> bit is supported since Linux 3.5."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<--rgid> I<gid>, B<--egid> I<gid>, B<--regid> I<gid>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Set the real, effective, or both GIDs. The I<gid> argument can be given as a "
+"textual group name."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"For safety, you must specify one of B<--clear-groups>, B<--groups>, B<--keep-"
+"groups>, or B<--init-groups> if you set any primary I<gid>."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<--ruid> I<uid>, B<--euid> I<uid>, B<--reuid> I<uid>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Set the real, effective, or both UIDs. The I<uid> argument can be given as a "
+"textual login name."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Setting a I<uid> or I<gid> does not change capabilities, although the exec "
+"call at the end might change capabilities. This means that, if you are root, "
+"you probably want to do something like:"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<setpriv --reuid=1000 --regid=1000 --inh-caps=-all>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<--securebits> (B<+>|B<->)I<securebit>..."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Set or clear securebits. The argument is a comma-separated list. The valid "
+"securebits are I<noroot>, I<noroot_locked>, I<no_setuid_fixup>, "
+"I<no_setuid_fixup_locked>, and I<keep_caps_locked>. I<keep_caps> is cleared "
+"by B<execve>(2) and is therefore not allowed."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<--pdeathsig keep>|B<clear>|B<E<lt>signalE<gt>>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Keep, clear or set the parent death signal. Some LSMs, most notably SELinux "
+"and AppArmor, clear the signal when the process\\(aq credentials change. "
+"Using B<--pdeathsig keep> will restore the parent death signal after "
+"changing credentials to remedy that situation."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<--selinux-label> I<label>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Request a particular SELinux transition (using a transition on exec, not "
+"dyntrans). This will fail and cause B<setpriv> to abort if SELinux is not in "
+"use, and the transition may be ignored or cause B<execve>(2) to fail at "
+"SELinux\\(cqs whim. (In particular, this is unlikely to work in conjunction "
+"with I<no_new_privs>.) This is similar to B<runcon>(1)."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<--apparmor-profile> I<profile>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Request a particular AppArmor profile (using a transition on exec). This "
+"will fail and cause B<setpriv> to abort if AppArmor is not in use, and the "
+"transition may be ignored or cause B<execve>(2) to fail at AppArmor\\(cqs "
+"whim."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<--reset-env>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Clears all the environment variables except B<TERM>; initializes the "
+"environment variables B<HOME>, B<SHELL>, B<USER>, B<LOGNAME> according to "
+"the user\\(cqs passwd entry; sets B<PATH> to I</usr/local/bin:/bin:/usr/bin> "
+"for a regular user and to I</usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/"
+"sbin:/usr/bin> for root."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"The environment variable B<PATH> may be different on systems where I</bin> "
+"and I</sbin> are merged into I</usr>. The environment variable B<SHELL> "
+"defaults to B</bin/sh> if none is given in the user\\(cqs passwd entry."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<-h>, B<--help>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "Display help text and exit."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<-V>, B<--version>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid "Print version and exit."
+msgstr ""
+
+#. type: SH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "NOTES"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"If applying any specified option fails, I<program> will not be run and "
+"B<setpriv> will return with exit status 127."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Be careful with this tool \\(em it may have unexpected security "
+"consequences. For example, setting I<no_new_privs> and then execing a "
+"program that is SELinux-confined (as this tool would do) may prevent the "
+"SELinux restrictions from taking effect."
+msgstr ""
+
+#. type: SH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "EXAMPLES"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"If you\\(cqre looking for behavior similar to B<su>(1)/B<runuser>(1), or "
+"B<sudo>(8) (without the B<-g> option), try something like:"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<setpriv --reuid=1000 --regid=1000 --init-groups>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "If you want to mimic daemontools\\(aq B<setuid>(8), try:"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<setpriv --reuid=1000 --regid=1000 --clear-groups>"
+msgstr ""
+
+#. type: SH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "AUTHORS"
+msgstr ""
+
+#. type: SH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "SEE ALSO"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<runuser>(1), B<su>(1), B<prctl>(2), B<capabilities>(7)"
+msgstr ""
+
+#. type: SH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "REPORTING BUGS"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "For bug reports, use the issue tracker at"
+msgstr ""
+
+#. type: SH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "AVAILABILITY"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"The B<setpriv> command is part of the util-linux package which can be "
+"downloaded from"
+msgstr ""
+
+#. type: TH
+#: opensuse-leap-15-6
+#, no-wrap
+msgid "2022-02-14"
+msgstr ""
+
+#. type: TH
+#: opensuse-leap-15-6
+#, no-wrap
+msgid "util-linux 2.37.4"
+msgstr ""
+
+#. type: Plain text
+#: opensuse-leap-15-6
+msgid "Display version information and exit."
+msgstr ""