diff options
Diffstat (limited to '')
| -rw-r--r-- | po/es/man7/capabilities.7.po | 3312 |
1 files changed, 3312 insertions, 0 deletions
diff --git a/po/es/man7/capabilities.7.po b/po/es/man7/capabilities.7.po new file mode 100644 index 00000000..3c5f9612 --- /dev/null +++ b/po/es/man7/capabilities.7.po @@ -0,0 +1,3312 @@ +# Spanish translation of manpages +# This file is distributed under the same license as the manpages-l10n package. +# Copyright © of this file: +# Miguel Pérez Ibars <mpi79470@alu.um.es>, 2005. +msgid "" +msgstr "" +"Project-Id-Version: manpages-l10n\n" +"POT-Creation-Date: 2024-03-01 16:53+0100\n" +"PO-Revision-Date: 2005-03-20 19:53+0200\n" +"Last-Translator: Miguel Pérez Ibars <mpi79470@alu.um.es>\n" +"Language-Team: Spanish <debian-l10n-spanish@lists.debian.org>\n" +"Language: es\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Lokalize 20.04.1\n" + +#. type: TH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy, no-wrap +#| msgid "Capabilities list" +msgid "Capabilities" +msgstr "Lista de capacidades" + +#. type: TH +#: archlinux fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "2023-10-31" +msgstr "31 Octubre 2023" + +#. type: TH +#: archlinux fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "Linux man-pages 6.06" +msgstr "Páginas de manual de Linux 6.06" + +#. type: SH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "NAME" +msgstr "NOMBRE" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "capabilities - overview of Linux capabilities" +msgstr "capabilities - visión general del sistema de capacidades de Linux" + +#. type: SH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "DESCRIPTION" +msgstr "DESCRIPCIÓN" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"For the purpose of performing permission checks, traditional UNIX " +"implementations distinguish two categories of processes: I<privileged> " +"processes (whose effective user ID is 0, referred to as superuser or root), " +"and I<unprivileged> processes (whose effective UID is nonzero). Privileged " +"processes bypass all kernel permission checks, while unprivileged processes " +"are subject to full permission checking based on the process's credentials " +"(usually: effective UID, effective GID, and supplementary group list)." +msgstr "" +"Con el propósito de realizar comprobaciones de permisos, las " +"implementaciones tradicionales de UNIX distinguen dos categorías de " +"procesos: procesos I<privilegiados> (cuyo identificador de usuario efectivo " +"es 0, refiriéndose al superusuario o root) y procesos I<no privilegiados> " +"(cuyo identificador de usuario efectivo es distinto de cero). Los procesos " +"privilegiados evitan todas las comprobaciones de permisos del núcleo, " +"mientras que los procesos no privilegiados se ven sujetos a severas " +"comprobaciones de permisos basadas en las credenciales del proceso " +"(normalmente: ID de usuario efectivo, ID de grupo efectivo y lista de grupos " +"adicionales)." + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "Starting with kernel 2.2, Linux provides an (as yet incomplete) system of " +#| "I<capabilities>, which divide the privileges traditionally associated " +#| "with superuser into distinct units that can be independently enabled and " +#| "disabled." +msgid "" +"Starting with Linux 2.2, Linux divides the privileges traditionally " +"associated with superuser into distinct units, known as I<capabilities>, " +"which can be independently enabled and disabled. Capabilities are a per-" +"thread attribute." +msgstr "" +"Desde la versión 2.2 del núcleo, Linux ofrece un (hasta ahora incompleto) " +"sistema de I<capacidades>, que divide los privilegios asociados " +"tradicionalmente al superusuario en unidades distintas que pueden ser " +"activadas y desactivadas independientemente." + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Capabilities list" +msgstr "Lista de capacidades" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The following list shows the capabilities implemented on Linux, and the " +"operations or behaviors that each capability permits:" +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_AUDIT_CONTROL> (since Linux 2.6.11)" +msgstr "B<CAP_AUDIT_CONTROL> (desde Linux 2.6.11)" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Enable and disable kernel auditing; change auditing filter rules; retrieve " +"auditing status and filtering rules." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_AUDIT_READ> (since Linux 3.16)" +msgstr "B<CAP_AUDIT_READ> (desde Linux 3.16)" + +#. commit a29b694aa1739f9d76538e34ae25524f9c549d59 +#. commit 3a101b8de0d39403b2c7e5c23fd0b005668acf48 +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Allow reading the audit log via a multicast netlink socket." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_AUDIT_WRITE> (since Linux 2.6.11)" +msgstr "B<CAP_AUDIT_WRITE> (desde Linux 2.6.11)" + +#. FIXME Add FAN_ENABLE_AUDIT +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Write records to kernel auditing log." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_BLOCK_SUSPEND> (since Linux 3.5)" +msgstr "B<CAP_BLOCK_SUSPEND> (desde Linux 3.5)" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Employ features that can block system suspend (B<epoll>(7) B<EPOLLWAKEUP>, " +"I</proc/sys/wake_lock>)." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy, no-wrap +#| msgid "B<CAP_LEASE> (since Linux 2.4)" +msgid "B<CAP_BPF> (since Linux 5.8)" +msgstr "B<CAP_LEASE> (desde Linux 2.4)" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Employ privileged BPF operations; see B<bpf>(2) and B<bpf-helpers>(7)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This capability was added in Linux 5.8 to separate out BPF functionality " +"from the overloaded B<CAP_SYS_ADMIN> capability." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy, no-wrap +#| msgid "B<CAP_MKNOD> (since Linux 2.4)" +msgid "B<CAP_CHECKPOINT_RESTORE> (since Linux 5.9)" +msgstr "B<CAP_MKNOD> (desde Linux 2.4)" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "\\[bu]" +msgstr "\\[bu]" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Update I</proc/sys/kernel/ns_last_pid> (see B<pid_namespaces>(7));" +msgstr "" + +#. FIXME There is also some use case relating to +#. prctl_set_mm_exe_file(); in the 5.9 sources, see +#. prctl_set_mm_map(). +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "employ the I<set_tid> feature of B<clone3>(2);" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"read the contents of the symbolic links in I</proc/>pidI</map_files> for " +"other processes." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This capability was added in Linux 5.9 to separate out checkpoint/restore " +"functionality from the overloaded B<CAP_SYS_ADMIN> capability." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_CHOWN>" +msgstr "B<CAP_CHOWN>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "Allow arbitrary changes to file UIDs and GIDs (see B<chown>(2))." +msgid "Make arbitrary changes to file UIDs and GIDs (see B<chown>(2))." +msgstr "" +"Permite cambios arbitrarios en los IDs de usuario y de grupo de los ficheros " +"(vea B<chown>(2))." + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_DAC_OVERRIDE>" +msgstr "B<CAP_DAC_OVERRIDE>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "Bypass file read, write, and execute permission checks. (DAC = " +#| "\"discretionary access control\".)" +msgid "" +"Bypass file read, write, and execute permission checks. (DAC is an " +"abbreviation of \"discretionary access control\".)" +msgstr "" +"Evita las comprobaciones de permisos sobre operaciones de lectura, escritura " +"y ejecución. (DAC = \"control de acceso discrecional\".)" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_DAC_READ_SEARCH>" +msgstr "B<CAP_DAC_READ_SEARCH>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Bypass file read permission checks and directory read and execute permission " +"checks;" +msgstr "" +"Evita comprobaciones de permisos sobre operaciones de lectura de ficheros y " +"lectura y ejecución de directorios;" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "invoke B<open_by_handle_at>(2);" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"use the B<linkat>(2) B<AT_EMPTY_PATH> flag to create a link to a file " +"referred to by a file descriptor." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_FOWNER>" +msgstr "B<CAP_FOWNER>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Bypass permission checks on operations that normally require the filesystem " +"UID of the process to match the UID of the file (e.g., B<chmod>(2), " +"B<utime>(2)), excluding those operations covered by B<CAP_DAC_OVERRIDE> and " +"B<CAP_DAC_READ_SEARCH>;" +msgstr "" +"Evita comprobaciones de permisos sobre operaciones que normalmente requieren " +"que el ID de usuario del sistema de ficheros del proceso coincida con el ID " +"de usuario del fichero (p.e., B<chmod>(2), B<utime>(2)), excluyendo aquellas " +"operaciones cubiertas por B<CAP_DAC_OVERRIDE> y B<CAP_DAC_READ_SEARCH>;" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "set inode flags (see B<ioctl_iflags>(2)) on arbitrary files;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "set Access Control Lists (ACLs) on arbitrary files;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "ignore directory sticky bit on file deletion;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"modify I<user> extended attributes on sticky directory owned by any user;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"specify B<O_NOATIME> for arbitrary files in B<open>(2) and B<fcntl>(2)." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_FSETID>" +msgstr "B<CAP_FSETID>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Don't clear set-user-ID and set-group-ID mode bits when a file is modified;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "Don't clear set-user-ID and set-group-ID bits when a file is modified; " +#| "permit setting of the set-group-ID bit for a file whose GID does not " +#| "match the file system or any of the supplementary GIDs of the calling " +#| "process." +msgid "" +"set the set-group-ID bit for a file whose GID does not match the filesystem " +"or any of the supplementary GIDs of the calling process." +msgstr "" +"No borra los bits set-user-ID y set-group-ID cuando se modifica un fichero; " +"permite establecer el bit set-group-ID para un fichero cuyo ID de grupo no " +"coincide con el del sistema de ficheros o cualquier otro ID de grupo " +"adicional del proceso invocador." + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_IPC_LOCK>" +msgstr "B<CAP_IPC_LOCK>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "Permit memory locking (B<mlock>(2), B<mlockall>(2), B<shmctl>(2))." +msgid "Lock memory (B<mlock>(2), B<mlockall>(2), B<mmap>(2), B<shmctl>(2));" +msgstr "" +"Permite el bloqueo en memoria (B<mlock>(2), B<mlockall>(2), B<shmctl>(2))." + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "Permit memory locking (B<mlock>(2), B<mlockall>(2), B<shmctl>(2))." +msgid "" +"Allocate memory using huge pages (B<memfd_create>(2), B<mmap>(2), " +"B<shmctl>(2))." +msgstr "" +"Permite el bloqueo en memoria (B<mlock>(2), B<mlockall>(2), B<shmctl>(2))." + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_IPC_OWNER>" +msgstr "B<CAP_IPC_OWNER>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Bypass permission checks for operations on System V IPC objects." +msgstr "" +"Evita comprobaciones de permisos para las operaciones sobre objetos System V " +"IPC." + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_KILL>" +msgstr "B<CAP_KILL>" + +#. FIXME . CAP_KILL also has an effect for threads + setting child +#. termination signal to other than SIGCHLD: without this +#. capability, the termination signal reverts to SIGCHLD +#. if the child does an exec(). What is the rationale +#. for this? +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "Bypass permission checks for sending signals (see B<kill>(2))." +msgid "" +"Bypass permission checks for sending signals (see B<kill>(2)). This " +"includes use of the B<ioctl>(2) B<KDSIGACCEPT> operation." +msgstr "Evita comprobaciones de permisos para enviar señales (vea B<kill>(2))." + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_LEASE> (since Linux 2.4)" +msgstr "B<CAP_LEASE> (desde Linux 2.4)" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "(Linux 2.4 onwards) Allow file leases to be established on arbitrary " +#| "files (see B<fcntl>(2))." +msgid "Establish leases on arbitrary files (see B<fcntl>(2))." +msgstr "" +"(Linux 2.4 en adelante) Permite que se establezcan arriendos sobre ficheros " +"arbitrarios (vea B<fcntl>(2))." + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_LINUX_IMMUTABLE>" +msgstr "B<CAP_LINUX_IMMUTABLE>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Set the B<FS_APPEND_FL> and B<FS_IMMUTABLE_FL> inode flags (see " +"B<ioctl_iflags>(2))." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_MAC_ADMIN> (since Linux 2.6.25)" +msgstr "B<CAP_MAC_ADMIN> (desde Linux 2.6.25)" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Allow MAC configuration or state changes. Implemented for the Smack Linux " +"Security Module (LSM)." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_MAC_OVERRIDE> (since Linux 2.6.25)" +msgstr "B<CAP_MAC_OVERRIDE> (desde Linux 2.6.25)" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Override Mandatory Access Control (MAC). Implemented for the Smack LSM." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_MKNOD> (since Linux 2.4)" +msgstr "B<CAP_MKNOD> (desde Linux 2.4)" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "(Linux 2.4 onwards) Allow creation of special files using B<mknod>(2)." +msgid "Create special files using B<mknod>(2)." +msgstr "" +"(Linux 2.4 en adelante) Permite la creación de ficheros especiales usando " +"B<mknod>(2)." + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_NET_ADMIN>" +msgstr "B<CAP_NET_ADMIN>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Perform various network-related operations:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "interface configuration;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "administration of IP firewall, masquerading, and accounting;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "modify routing tables;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "bind to any address for transparent proxying;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "set type-of-service (TOS);" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "clear driver statistics;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "set promiscuous mode;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "enabling multicasting;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"use B<setsockopt>(2) to set the following socket options: B<SO_DEBUG>, " +"B<SO_MARK>, B<SO_PRIORITY> (for a priority outside the range 0 to 6), " +"B<SO_RCVBUFFORCE>, and B<SO_SNDBUFFORCE>." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_NET_BIND_SERVICE>" +msgstr "B<CAP_NET_BIND_SERVICE>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "Allow binding to Internet domain reserved socket ports (port numbers less " +#| "than 1024)." +msgid "" +"Bind a socket to Internet domain privileged ports (port numbers less than " +"1024)." +msgstr "" +"Permite ligar conectores a puertos reservados del dominio de Internet " +"(números de puerto menores que 1024)." + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_NET_BROADCAST>" +msgstr "B<CAP_NET_BROADCAST>" + +#. FIXME Since Linux 4.2, there are use cases for netlink sockets +#. commit 59324cf35aba5336b611074028777838a963d03b +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "(Unused) Allow socket broadcasting, and listening multicasts." +msgid "(Unused) Make socket broadcasts, and listen to multicasts." +msgstr "" +"(No se usa) Permite la difusión universal (I<broadcasting>) de paquetes a " +"través de un conector y la escucha de paquetes multidestino." + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_NET_RAW>" +msgstr "B<CAP_NET_RAW>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "Permit use of RAW and PACKET sockets." +msgid "Use RAW and PACKET sockets;" +msgstr "Permite el uso de conectores de tipo RAW y PACKET." + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "bind to any address for transparent proxying." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy, no-wrap +#| msgid "B<CAP_MKNOD> (since Linux 2.4)" +msgid "B<CAP_PERFMON> (since Linux 5.8)" +msgstr "B<CAP_MKNOD> (desde Linux 2.4)" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Employ various performance-monitoring mechanisms, including:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "call B<perf_event_open>(2);" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "employ various BPF operations that have performance implications." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This capability was added in Linux 5.8 to separate out performance " +"monitoring functionality from the overloaded B<CAP_SYS_ADMIN> capability. " +"See also the kernel source file I<Documentation/admin-guide/perf-security." +"rst>." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_SETGID>" +msgstr "B<CAP_SETGID>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "Allow arbitrary manipulations of process GIDs and supplementary GID list; " +#| "allow forged GID when passing socket credentials via Unix domain sockets." +msgid "" +"Make arbitrary manipulations of process GIDs and supplementary GID list;" +msgstr "" +"Permite manipulaciones arbitrarias de los IDs de grupo y de la lista de IDs " +"de grupo adicionales de un proceso; permite el uso de IDs de grupo " +"falsificados cuando se pasan credenciales de conectores a través de " +"conectores de dominio Unix." + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "forge GID when passing socket credentials via UNIX domain sockets;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"write a group ID mapping in a user namespace (see B<user_namespaces>(7))." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_SETFCAP> (since Linux 2.6.24)" +msgstr "B<CAP_SETFCAP> (desde Linux 2.6.24)" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Set arbitrary capabilities on a file." +msgstr "" + +#. commit db2e718a47984b9d71ed890eb2ea36ecf150de18 +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Since Linux 5.12, this capability is also needed to map user ID 0 in a new " +"user namespace; see B<user_namespaces>(7) for details." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_SETPCAP>" +msgstr "B<CAP_SETPCAP>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If file capabilities are supported (i.e., since Linux 2.6.24): add any " +"capability from the calling thread's bounding set to its inheritable set; " +"drop capabilities from the bounding set (via B<prctl>(2) " +"B<PR_CAPBSET_DROP>); make changes to the I<securebits> flags." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If file capabilities are not supported (i.e., before Linux 2.6.24): grant or " +"remove any capability in the caller's permitted capability set to or from " +"any other process. (This property of B<CAP_SETPCAP> is not available when " +"the kernel is configured to support file capabilities, since B<CAP_SETPCAP> " +"has entirely different semantics for such kernels.)" +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_SETUID>" +msgstr "B<CAP_SETUID>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "Allow arbitrary manipulations of process UIDs (B<setuid>(2), etc.); allow " +#| "forged UID when passing socket credentials via Unix domain sockets." +msgid "" +"Make arbitrary manipulations of process UIDs (B<setuid>(2), B<setreuid>(2), " +"B<setresuid>(2), B<setfsuid>(2));" +msgstr "" +"Permite manipulaciones arbitrarias de los IDs de usuario de los procesos " +"(B<setuid>(2), etc.); permite el uso de IDs de usuario falsificados cuando " +"se pasan credenciales de conectores a través de conectores de dominio Unix." + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "forge UID when passing socket credentials via UNIX domain sockets;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"write a user ID mapping in a user namespace (see B<user_namespaces>(7))." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_SYS_ADMIN>" +msgstr "B<CAP_SYS_ADMIN>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"I<Note>: this capability is overloaded; see I<Notes to kernel developers> " +"below." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "Permit a range of system administration operations including: " +#| "B<quotactl>(2), B<mount>(2), B<swapon>(2)B<,> B<sethostname>(2), " +#| "B<setdomainname>(2), B<IPC_SET> and B<IPC_RMID> operations on arbitrary " +#| "System V IPC objects; allow forged UID when passing socket credentials." +msgid "" +"Perform a range of system administration operations including: " +"B<quotactl>(2), B<mount>(2), B<umount>(2), B<pivot_root>(2), B<swapon>(2), " +"B<swapoff>(2), B<sethostname>(2), and B<setdomainname>(2);" +msgstr "" +"Permite una variedad de operaciones de administración del sistema " +"incluyendo: B<quotactl>(2), B<mount>(2), B<swapon>(2)B<,> B<sethostname>(2), " +"B<setdomainname>(2), B<IPC_SET> y operaciones B<IPC_RMID> sobre objetos " +"arbitrarios IPC de System V; permite el uso de IDs de usuario falsificados " +"cuando se pasan credenciales de conectores." + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"perform privileged B<syslog>(2) operations (since Linux 2.6.37, " +"B<CAP_SYSLOG> should be used to permit such operations);" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "perform B<VM86_REQUEST_IRQ> B<vm86>(2) command;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"access the same checkpoint/restore functionality that is governed by " +"B<CAP_CHECKPOINT_RESTORE> (but the latter, weaker capability is preferred " +"for accessing that functionality)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"perform the same BPF operations as are governed by B<CAP_BPF> (but the " +"latter, weaker capability is preferred for accessing that functionality)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"employ the same performance monitoring mechanisms as are governed by " +"B<CAP_PERFMON> (but the latter, weaker capability is preferred for accessing " +"that functionality)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"perform B<IPC_SET> and B<IPC_RMID> operations on arbitrary System V IPC " +"objects;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "override B<RLIMIT_NPROC> resource limit;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"perform operations on I<trusted> and I<security> extended attributes (see " +"B<xattr>(7));" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "use B<lookup_dcookie>(2);" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"use B<ioprio_set>(2) to assign B<IOPRIO_CLASS_RT> and (before Linux " +"2.6.25) B<IOPRIO_CLASS_IDLE> I/O scheduling classes;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "forge PID when passing socket credentials via UNIX domain sockets;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"exceed I</proc/sys/fs/file-max>, the system-wide limit on the number of open " +"files, in system calls that open files (e.g., B<accept>(2), B<execve>(2), " +"B<open>(2), B<pipe>(2));" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"employ B<CLONE_*> flags that create new namespaces with B<clone>(2) and " +"B<unshare>(2) (but, since Linux 3.8, creating user namespaces does not " +"require any capability);" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "access privileged I<perf> event information;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"call B<setns>(2) (requires B<CAP_SYS_ADMIN> in the I<target> namespace);" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "call B<fanotify_init>(2);" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"perform privileged B<KEYCTL_CHOWN> and B<KEYCTL_SETPERM> B<keyctl>(2) " +"operations;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "perform B<madvise>(2) B<MADV_HWPOISON> operation;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"employ the B<TIOCSTI> B<ioctl>(2) to insert characters into the input queue " +"of a terminal other than the caller's controlling terminal;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "employ the obsolete B<nfsservctl>(2) system call;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "employ the obsolete B<bdflush>(2) system call;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "perform various privileged block-device B<ioctl>(2) operations;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "perform various privileged filesystem B<ioctl>(2) operations;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"perform privileged B<ioctl>(2) operations on the I</dev/random> device (see " +"B<random>(4));" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"install a B<seccomp>(2) filter without first having to set the " +"I<no_new_privs> thread attribute;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "modify allow/deny rules for device control groups;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"employ the B<ptrace>(2) B<PTRACE_SECCOMP_GET_FILTER> operation to dump " +"tracee's seccomp filters;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"employ the B<ptrace>(2) B<PTRACE_SETOPTIONS> operation to suspend the " +"tracee's seccomp protections (i.e., the B<PTRACE_O_SUSPEND_SECCOMP> flag);" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "perform administrative operations on many device drivers;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"modify autogroup nice values by writing to I</proc/>pidI</autogroup> (see " +"B<sched>(7))." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_SYS_BOOT>" +msgstr "B<CAP_SYS_BOOT>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Use B<reboot>(2) and B<kexec_load>(2)." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_SYS_CHROOT>" +msgstr "B<CAP_SYS_CHROOT>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "Permit calls to B<chroot>(2)." +msgid "Use B<chroot>(2);" +msgstr "Permite llamadas a B<chroot>(2)." + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "change mount namespaces using B<setns>(2)." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_SYS_MODULE>" +msgstr "B<CAP_SYS_MODULE>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Load and unload kernel modules (see B<init_module>(2) and " +"B<delete_module>(2));" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"before Linux 2.6.25: drop capabilities from the system-wide capability " +"bounding set." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_SYS_NICE>" +msgstr "B<CAP_SYS_NICE>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Lower the process nice value (B<nice>(2), B<setpriority>(2)) and change the " +"nice value for arbitrary processes;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "Allow raising process nice value (B<nice>(2), B<setpriority>(2)) and " +#| "changing of the nice value for arbitrary processes; allow setting of real-" +#| "time scheduling policies for calling process, and setting scheduling " +#| "policies and priorities for arbitrary processes " +#| "(B<sched_setscheduler>(2), B<sched_setparam>(2))." +msgid "" +"set real-time scheduling policies for calling process, and set scheduling " +"policies and priorities for arbitrary processes (B<sched_setscheduler>(2), " +"B<sched_setparam>(2), B<sched_setattr>(2));" +msgstr "" +"Permite aumentar el valor nice del proceso invocador (B<nice>(2), " +"B<setpriority>(2)) y cambiar el valor nice de procesos arbitrarios; permite " +"establecer políticas de planificación de tiempo real para el proceso " +"invocador y establecer políticas de planificación y prioridades para " +"procesos arbitrarios (B<sched_setscheduler>(2), B<sched_setparam>(2))." + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "set CPU affinity for arbitrary processes (B<sched_setaffinity>(2));" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"set I/O scheduling class and priority for arbitrary processes " +"(B<ioprio_set>(2));" +msgstr "" + +# +#. FIXME CAP_SYS_NICE also has the following effect for +#. migrate_pages(2): +#. do_migrate_pages(mm, &old, &new, +#. capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); +#. Document this. +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"apply B<migrate_pages>(2) to arbitrary processes and allow processes to be " +"migrated to arbitrary nodes;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "apply B<move_pages>(2) to arbitrary processes;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"use the B<MPOL_MF_MOVE_ALL> flag with B<mbind>(2) and B<move_pages>(2)." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_SYS_PACCT>" +msgstr "B<CAP_SYS_PACCT>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "Permit calls to B<acct>(2)." +msgid "Use B<acct>(2)." +msgstr "Permite llamadas a B<acct>(2)." + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_SYS_PTRACE>" +msgstr "B<CAP_SYS_PTRACE>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "Allow arbitrary processes to be traced using B<ptrace>(2)" +msgid "Trace arbitrary processes using B<ptrace>(2);" +msgstr "" +"Permite el seguimiento detallado de procesos arbitrarios usando B<ptrace>(2)." + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "apply B<get_robust_list>(2) to arbitrary processes;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"transfer data to or from the memory of arbitrary processes using " +"B<process_vm_readv>(2) and B<process_vm_writev>(2);" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "inspect processes using B<kcmp>(2)." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_SYS_RAWIO>" +msgstr "B<CAP_SYS_RAWIO>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "Permit I/O port operations (B<iopl>(2) and B<ioperm>(2))." +msgid "Perform I/O port operations (B<iopl>(2) and B<ioperm>(2));" +msgstr "Permite operaciones sobre puertos de E/S (B<iopl>(2) y B<ioperm>(2))." + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "access I</proc/kcore>;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "employ the B<FIBMAP> B<ioctl>(2) operation;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"open devices for accessing x86 model-specific registers (MSRs, see " +"B<msr>(4));" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "update I</proc/sys/vm/mmap_min_addr>;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"create memory mappings at addresses below the value specified by I</proc/sys/" +"vm/mmap_min_addr>;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "map files in I</proc/bus/pci>;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "open I</dev/mem> and I</dev/kmem>;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "perform various SCSI device commands;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "perform certain operations on B<hpsa>(4) and B<cciss>(4) devices;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "perform a range of device-specific operations on other devices." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_SYS_RESOURCE>" +msgstr "B<CAP_SYS_RESOURCE>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Use reserved space on ext2 filesystems;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "make B<ioctl>(2) calls controlling ext3 journaling;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "override disk quota limits;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "increase resource limits (see B<setrlimit>(2));" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "override maximum number of consoles on console allocation;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "override maximum number of keymaps;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "allow more than 64hz interrupts from the real-time clock;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"raise I<msg_qbytes> limit for a System V message queue above the limit in I</" +"proc/sys/kernel/msgmnb> (see B<msgop>(2) and B<msgctl>(2));" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"allow the B<RLIMIT_NOFILE> resource limit on the number of \"in-flight\" " +"file descriptors to be bypassed when passing file descriptors to another " +"process via a UNIX domain socket (see B<unix>(7));" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"override the I</proc/sys/fs/pipe-size-max> limit when setting the capacity " +"of a pipe using the B<F_SETPIPE_SZ> B<fcntl>(2) command;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"use B<F_SETPIPE_SZ> to increase the capacity of a pipe above the limit " +"specified by I</proc/sys/fs/pipe-max-size>;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"override I</proc/sys/fs/mqueue/queues_max>, I</proc/sys/fs/mqueue/msg_max>, " +"and I</proc/sys/fs/mqueue/msgsize_max> limits when creating POSIX message " +"queues (see B<mq_overview>(7));" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "employ the B<prctl>(2) B<PR_SET_MM> operation;" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"set I</proc/>pidI</oom_score_adj> to a value lower than the value last set " +"by a process with B<CAP_SYS_RESOURCE>." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_SYS_TIME>" +msgstr "B<CAP_SYS_TIME>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "Allow modification of system clock (B<settimeofday>(2), B<adjtimex>(2)); " +#| "allow modification of real-time (hardware) clock" +msgid "" +"Set system clock (B<settimeofday>(2), B<stime>(2), B<adjtimex>(2)); set real-" +"time (hardware) clock." +msgstr "" +"Permite la modificación del reloj del sistema (B<settimeofday>(2), " +"B<adjtimex>(2)); permite la modificación del reloj de tiempo real (hardware)." + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_SYS_TTY_CONFIG>" +msgstr "B<CAP_SYS_TTY_CONFIG>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Use B<vhangup>(2); employ various privileged B<ioctl>(2) operations on " +"virtual terminals." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_SYSLOG> (since Linux 2.6.37)" +msgstr "B<CAP_SYSLOG> (desde Linux 2.6.37)" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Perform privileged B<syslog>(2) operations. See B<syslog>(2) for " +"information on which operations require privilege." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"View kernel addresses exposed via I</proc> and other interfaces when I</proc/" +"sys/kernel/kptr_restrict> has the value 1. (See the discussion of the " +"I<kptr_restrict> in B<proc>(5).)" +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<CAP_WAKE_ALARM> (since Linux 3.0)" +msgstr "B<CAP_WAKE_ALARM> (desde Linux 3.0)" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Trigger something that will wake up the system (set B<CLOCK_REALTIME_ALARM> " +"and B<CLOCK_BOOTTIME_ALARM> timers)." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Past and current implementation" +msgstr "Implementación actual y futura" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "A full implementation of capabilities requires:" +msgid "A full implementation of capabilities requires that:" +msgstr "Una implementación completa de capacidades requiere:" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "that for all privileged operations, the kernel check whether the process " +#| "has the required capability in its effective set." +msgid "" +"For all privileged operations, the kernel must check whether the thread has " +"the required capability in its effective set." +msgstr "" +"que para todas las operaciones privilegiadas, el núcleo compruebe si el " +"proceso tiene la capacidad requerida en su conjunto efectivo." + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "that the kernel provide system calls allowing a process's capability sets " +#| "to be changed and retrieved." +msgid "" +"The kernel must provide system calls allowing a thread's capability sets to " +"be changed and retrieved." +msgstr "" +"que el núcleo proporcione llamadas al sistema permitiendo modificar y " +"recuperar los conjuntos de capacidades de un proceso." + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "file system support for attaching capabilities to an executable file, so " +#| "that a process gains those capabilities when the file is execed." +msgid "" +"The filesystem must support attaching capabilities to an executable file, so " +"that a process gains those capabilities when the file is executed." +msgstr "" +"el soporte del sistema de ficheros para asociar capacidades a un fichero " +"ejecutable, para que un proceso obtenga esas capacidades cuando el fichero " +"sea ejecutado mediante I<exec>." + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Before Linux 2.6.24, only the first two of these requirements are met; since " +"Linux 2.6.24, all three requirements are met." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Notes to kernel developers" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"When adding a new kernel feature that should be governed by a capability, " +"consider the following points." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The goal of capabilities is divide the power of superuser into pieces, such " +"that if a program that has one or more capabilities is compromised, its " +"power to do damage to the system would be less than the same program running " +"with root privilege." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"You have the choice of either creating a new capability for your new " +"feature, or associating the feature with one of the existing capabilities. " +"In order to keep the set of capabilities to a manageable size, the latter " +"option is preferable, unless there are compelling reasons to take the former " +"option. (There is also a technical limit: the size of capability sets is " +"currently limited to 64 bits.)" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"To determine which existing capability might best be associated with your " +"new feature, review the list of capabilities above in order to find a " +"\"silo\" into which your new feature best fits. One approach to take is to " +"determine if there are other features requiring capabilities that will " +"always be used along with the new feature. If the new feature is useless " +"without these other features, you should use the same capability as the " +"other features." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"I<Don't> choose B<CAP_SYS_ADMIN> if you can possibly avoid it! A vast " +"proportion of existing capability checks are associated with this capability " +"(see the partial list above). It can plausibly be called \"the new root\", " +"since on the one hand, it confers a wide range of powers, and on the other " +"hand, its broad scope means that this is the capability that is required by " +"many privileged programs. Don't make the problem worse. The only new " +"features that should be associated with B<CAP_SYS_ADMIN> are ones that " +"I<closely> match existing uses in that silo." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If you have determined that it really is necessary to create a new " +"capability for your feature, don't make or name it as a \"single-use\" " +"capability. Thus, for example, the addition of the highly specific " +"B<CAP_SYS_PACCT> was probably a mistake. Instead, try to identify and name " +"your new capability as a broader silo into which other related future use " +"cases might fit." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy, no-wrap +#| msgid "denotes a file capability set" +msgid "Thread capability sets" +msgstr "denota un conjunto de capacidades de fichero" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "Each process has three capability sets containing zero or more of the " +#| "above capabilities:" +msgid "" +"Each thread has the following capability sets containing zero or more of the " +"above capabilities:" +msgstr "" +"Cada proceso tiene tres conjuntos de capacidades conteniendo cero o más de " +"las capacidades citadas arriba:" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "I<Permitted>" +msgstr "I<Permitidas>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This is a limiting superset for the effective capabilities that the thread " +"may assume. It is also a limiting superset for the capabilities that may be " +"added to the inheritable set by a thread that does not have the " +"B<CAP_SETPCAP> capability in its effective set." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If a thread drops a capability from its permitted set, it can never " +"reacquire that capability (unless it B<execve>(2)s either a set-user-ID-root " +"program, or a program whose associated file capabilities grant that " +"capability)." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy, no-wrap +#| msgid "I<Inherited>:" +msgid "I<Inheritable>" +msgstr "I<Heredadas>:" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This is a set of capabilities preserved across an B<execve>(2). Inheritable " +"capabilities remain inheritable when executing any program, and inheritable " +"capabilities are added to the permitted set when executing a program that " +"has the corresponding bits set in the file inheritable set." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Because inheritable capabilities are not generally preserved across " +"B<execve>(2) when running as a non-root user, applications that wish to run " +"helper programs with elevated capabilities should consider using ambient " +"capabilities, described below." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "I<Effective>" +msgstr "I<Efectivas>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "the capabilities used by the kernel to perform permission checks for the " +#| "process." +msgid "" +"This is the set of capabilities used by the kernel to perform permission " +"checks for the thread." +msgstr "" +"las capacidades usadas por el núcleo para llevar a cabo comprobaciones de " +"permisos para el proceso." + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "I<Bounding> (per-thread since Linux 2.6.25)" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The capability bounding set is a mechanism that can be used to limit the " +"capabilities that are gained during B<execve>(2)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Since Linux 2.6.25, this is a per-thread capability set. In older kernels, " +"the capability bounding set was a system wide attribute shared by all " +"threads on the system." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "is the value of the capability bounding set." +msgid "For more details, see I<Capability bounding set> below." +msgstr "es el valor del conjunto limitador de capacidades." + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "I<Ambient> (since Linux 4.3)" +msgstr "I<Ambient> (desde Linux 4.3)" + +#. commit 58319057b7847667f0c9585b9de0e8932b0fdb08 +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This is a set of capabilities that are preserved across an B<execve>(2) of " +"a program that is not privileged. The ambient capability set obeys the " +"invariant that no capability can ever be ambient if it is not both permitted " +"and inheritable." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The ambient capability set can be directly modified using B<prctl>(2). " +"Ambient capabilities are automatically lowered if either of the " +"corresponding permitted or inheritable capabilities is lowered." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Executing a program that changes UID or GID due to the set-user-ID or set-" +"group-ID bits or executing a program that has any file capabilities set will " +"clear the ambient set. Ambient capabilities are added to the permitted set " +"and assigned to the effective set when B<execve>(2) is called. If ambient " +"capabilities cause a process's permitted and effective capabilities to " +"increase during an B<execve>(2), this does not trigger the secure-execution " +"mode described in B<ld.so>(8)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "A child created via B<fork>(2) inherits copies of its parent's " +#| "capability sets." +msgid "" +"A child created via B<fork>(2) inherits copies of its parent's capability " +"sets. For details on how B<execve>(2) affects capabilities, see " +"I<Transformation of capabilities during execve()> below." +msgstr "" +"Un hijo creado con B<fork>(2) hereda copias de los conjuntos de capacidades " +"del padre." + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "Using B<capset>(2), a process may manipulate its own capability sets, or, " +#| "if it has the B<CAP_SETPCAP> capability, those of another process." +msgid "" +"Using B<capset>(2), a thread may manipulate its own capability sets; see " +"I<Programmatically adjusting capability sets> below." +msgstr "" +"Usando B<capset>(2), un proceso puede manipular su propio conjunto de " +"capacidades o, si tiene la capacidad B<CAP_SETPCAP>, los de otros procesos." + +#. commit 73efc0394e148d0e15583e13712637831f926720 +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Since Linux 3.2, the file I</proc/sys/kernel/cap_last_cap> exposes the " +"numerical value of the highest capability supported by the running kernel; " +"this can be used to determine the highest bit that may be set in a " +"capability set." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "File capabilities" +msgstr "Capacidades de ficheros" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Since Linux 2.6.24, the kernel supports associating capability sets with an " +"executable file using B<setcap>(8). The file capability sets are stored in " +"an extended attribute (see B<setxattr>(2) and B<xattr>(7)) named " +"I<security.capability>. Writing to this extended attribute requires the " +"B<CAP_SETFCAP> capability. The file capability sets, in conjunction with " +"the capability sets of the thread, determine the capabilities of a thread " +"after an B<execve>(2)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "denotes a file capability set" +msgid "The three file capability sets are:" +msgstr "denota un conjunto de capacidades de fichero" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "I<Permitted> (formerly known as I<forced>):" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "the capabilities automatically permitted to the process, regardless of " +#| "the process's inherited capabilities." +msgid "" +"These capabilities are automatically permitted to the thread, regardless of " +"the thread's inheritable capabilities." +msgstr "" +"las capacidades permitidas automáticamente al proceso, sin importar las " +"capacidades heredadas del proceso." + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "I<Inheritable> (formerly known as I<allowed>):" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "this set is ANDed with the process's inherited set to determine which " +#| "inherited capabilities are permitted to the process after the exec." +msgid "" +"This set is ANDed with the thread's inheritable set to determine which " +"inheritable capabilities are enabled in the permitted set of the thread " +"after the B<execve>(2)." +msgstr "" +"a este conjunto se le aplica la operación AND con el conjunto heredado del " +"proceso para determinar qué capacidades heredadas le son permitidas al " +"proceso después del exec." + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "I<Effective>:" +msgstr "I<Efectivas>:" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This is not a set, but rather just a single bit. If this bit is set, then " +"during an B<execve>(2) all of the new permitted capabilities for the thread " +"are also raised in the effective set. If this bit is not set, then after an " +"B<execve>(2), none of the new permitted capabilities is in the new effective " +"set." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Enabling the file effective capability bit implies that any file permitted " +"or inheritable capability that causes a thread to acquire the corresponding " +"permitted capability during an B<execve>(2) (see I<Transformation of " +"capabilities during execve()> below) will also acquire that capability in " +"its effective set. Therefore, when assigning capabilities to a file " +"(B<setcap>(8), B<cap_set_file>(3), B<cap_set_fd>(3)), if we specify the " +"effective flag as being enabled for any capability, then the effective flag " +"must also be specified as enabled for all other capabilities for which the " +"corresponding permitted or inheritable flag is enabled." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "File capability extended attribute versioning" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"To allow extensibility, the kernel supports a scheme to encode a version " +"number inside the I<security.capability> extended attribute that is used to " +"implement file capabilities. These version numbers are internal to the " +"implementation, and not directly visible to user-space applications. To " +"date, the following versions are supported:" +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<VFS_CAP_REVISION_1>" +msgstr "B<VFS_CAP_REVISION_1>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This was the original file capability implementation, which supported 32-bit " +"masks for file capabilities." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<VFS_CAP_REVISION_2> (since Linux 2.6.25)" +msgstr "B<VFS_CAP_REVISION_2> (desde Linux 2.6.25)" + +#. commit e338d263a76af78fe8f38a72131188b58fceb591 +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This version allows for file capability masks that are 64 bits in size, and " +"was necessary as the number of supported capabilities grew beyond 32. The " +"kernel transparently continues to support the execution of files that have " +"32-bit version 1 capability masks, but when adding capabilities to files " +"that did not previously have capabilities, or modifying the capabilities of " +"existing files, it automatically uses the version 2 scheme (or possibly the " +"version 3 scheme, as described below)." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<VFS_CAP_REVISION_3> (since Linux 4.14)" +msgstr "B<VFS_CAP_REVISION_3> (desde Linux 4.14)" + +#. commit 8db6c34f1dbc8e06aa016a9b829b06902c3e1340 +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Version 3 file capabilities are provided to support namespaced file " +"capabilities (described below)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"As with version 2 file capabilities, version 3 capability masks are 64 bits " +"in size. But in addition, the root user ID of namespace is encoded in the " +"I<security.capability> extended attribute. (A namespace's root user ID is " +"the value that user ID 0 inside that namespace maps to in the initial user " +"namespace.)" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Version 3 file capabilities are designed to coexist with version 2 " +"capabilities; that is, on a modern Linux system, there may be some files " +"with version 2 capabilities while others have version 3 capabilities." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Before Linux 4.14, the only kind of file capability extended attribute that " +"could be attached to a file was a B<VFS_CAP_REVISION_2> attribute. Since " +"Linux 4.14, the version of the I<security.capability> extended attribute " +"that is attached to a file depends on the circumstances in which the " +"attribute was created." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Starting with Linux 4.14, a I<security.capability> extended attribute is " +"automatically created as (or converted to) a version 3 " +"(B<VFS_CAP_REVISION_3>) attribute if both of the following are true:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The thread writing the attribute resides in a noninitial user namespace. " +"(More precisely: the thread resides in a user namespace other than the one " +"from which the underlying filesystem was mounted.)" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The thread has the B<CAP_SETFCAP> capability over the file inode, meaning " +"that (a) the thread has the B<CAP_SETFCAP> capability in its own user " +"namespace; and (b) the UID and GID of the file inode have mappings in the " +"writer's user namespace." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"When a B<VFS_CAP_REVISION_3> I<security.capability> extended attribute is " +"created, the root user ID of the creating thread's user namespace is saved " +"in the extended attribute." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"By contrast, creating or modifying a I<security.capability> extended " +"attribute from a privileged (B<CAP_SETFCAP>) thread that resides in the " +"namespace where the underlying filesystem was mounted (this normally means " +"the initial user namespace) automatically results in the creation of a " +"version 2 (B<VFS_CAP_REVISION_2>) attribute." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Note that the creation of a version 3 I<security.capability> extended " +"attribute is automatic. That is to say, when a user-space application " +"writes (B<setxattr>(2)) a I<security.capability> attribute in the version 2 " +"format, the kernel will automatically create a version 3 attribute if the " +"attribute is created in the circumstances described above. Correspondingly, " +"when a version 3 I<security.capability> attribute is retrieved " +"(B<getxattr>(2)) by a process that resides inside a user namespace that was " +"created by the root user ID (or a descendant of that user namespace), the " +"returned attribute is (automatically) simplified to appear as a version 2 " +"attribute (i.e., the returned value is the size of a version 2 attribute and " +"does not include the root user ID). These automatic translations mean that " +"no changes are required to user-space tools (e.g., B<setcap>(1) and " +"B<getcap>(1)) in order for those tools to be used to create and retrieve " +"version 3 I<security.capability> attributes." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Note that a file can have either a version 2 or a version 3 I<security." +"capability> extended attribute associated with it, but not both: creation or " +"modification of the I<security.capability> extended attribute will " +"automatically modify the version according to the circumstances in which the " +"extended attribute is created or modified." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Transformation of capabilities during execve()" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"During an B<execve>(2), the kernel calculates the new capabilities of the " +"process using the following algorithm:" +msgstr "" +"Durante un B<execve>(2), el núcleo calcula las nuevas capacidades del " +"proceso usando el siguiente algoritmo:" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#: opensuse-tumbleweed +#, no-wrap +msgid "" +"P'(ambient) = (file is privileged) ? 0 : P(ambient)\n" +"\\&\n" +"P'(permitted) = (P(inheritable) & F(inheritable)) |\n" +" (F(permitted) & P(bounding)) | P'(ambient)\n" +"\\&\n" +"P'(effective) = F(effective) ? P'(permitted) : P'(ambient)\n" +"\\&\n" +"P'(inheritable) = P(inheritable) [i.e., unchanged]\n" +"\\&\n" +"P'(bounding) = P(bounding) [i.e., unchanged]\n" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "where:" +msgstr "donde:" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "P()" +msgstr "P()" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "denotes the value of a process capability set before the exec" +msgid "denotes the value of a thread capability set before the B<execve>(2)" +msgstr "" +"denota el valor del conjunto de capacidades de un proceso antes del exec" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "P'()" +msgstr "P'()" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "denotes the value of a capability set after the exec" +msgid "denotes the value of a thread capability set after the B<execve>(2)" +msgstr "" +"denota el valor del conjunto de capacidades de un proceso después del exec" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "F()" +msgstr "F()" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "denotes a file capability set" +msgstr "denota un conjunto de capacidades de fichero" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Note the following details relating to the above capability transformation " +"rules:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The ambient capability set is present only since Linux 4.3. When " +"determining the transformation of the ambient set during B<execve>(2), a " +"privileged file is one that has capabilities or has the set-user-ID or set-" +"group-ID bit set." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Prior to Linux 2.6.25, the bounding set was a system-wide attribute shared " +"by all threads. That system-wide value was employed to calculate the new " +"permitted set during B<execve>(2) in the same manner as shown above for " +"I<P(bounding)>." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"I<Note>: during the capability transitions described above, file " +"capabilities may be ignored (treated as empty) for the same reasons that the " +"set-user-ID and set-group-ID bits are ignored; see B<execve>(2). File " +"capabilities are similarly ignored if the kernel was booted with the " +"I<no_file_caps> option." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"I<Note>: according to the rules above, if a process with nonzero user IDs " +"performs an B<execve>(2) then any capabilities that are present in its " +"permitted and effective sets will be cleared. For the treatment of " +"capabilities when a process with a user ID of zero performs an B<execve>(2), " +"see I<Capabilities and execution of programs by root> below." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Safety checking for capability-dumb binaries" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"A capability-dumb binary is an application that has been marked to have file " +"capabilities, but has not been converted to use the B<libcap>(3) API to " +"manipulate its capabilities. (In other words, this is a traditional set-" +"user-ID-root program that has been switched to use file capabilities, but " +"whose code has not been modified to understand capabilities.) For such " +"applications, the effective capability bit is set on the file, so that the " +"file permitted capabilities are automatically enabled in the process " +"effective set when executing the file. The kernel recognizes a file which " +"has the effective capability bit set as capability-dumb for the purpose of " +"the check described here." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"When executing a capability-dumb binary, the kernel checks if the process " +"obtained all permitted capabilities that were specified in the file " +"permitted set, after the capability transformations described above have " +"been performed. (The typical reason why this might I<not> occur is that the " +"capability bounding set masked out some of the capabilities in the file " +"permitted set.) If the process did not obtain the full set of file " +"permitted capabilities, then B<execve>(2) fails with the error B<EPERM>. " +"This prevents possible security risks that could arise when a capability-" +"dumb application is executed with less privilege than it needs. Note that, " +"by definition, the application could not itself recognize this problem, " +"since it does not employ the B<libcap>(3) API." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Capabilities and execution of programs by root" +msgstr "" + +#. See cap_bprm_set_creds(), bprm_caps_from_vfs_cap() and +#. handle_privileged_root() in security/commoncap.c (Linux 5.0 source) +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"In order to mirror traditional UNIX semantics, the kernel performs special " +"treatment of file capabilities when a process with UID 0 (root) executes a " +"program and when a set-user-ID-root program is executed." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"After having performed any changes to the process effective ID that were " +"triggered by the set-user-ID mode bit of the binary\\[em]e.g., switching the " +"effective user ID to 0 (root) because a set-user-ID-root program was " +"executed\\[em]the kernel calculates the file capability sets as follows:" +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "(1)" +msgstr "(1)" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If the real or effective user ID of the process is 0 (root), then the file " +"inheritable and permitted sets are ignored; instead they are notionally " +"considered to be all ones (i.e., all capabilities enabled). (There is one " +"exception to this behavior, described in I<Set-user-ID-root programs that " +"have file capabilities> below.)" +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "(2)" +msgstr "(2)" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If the effective user ID of the process is 0 (root) or the file effective " +"bit is in fact enabled, then the file effective bit is notionally defined to " +"be one (enabled)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"These notional values for the file's capability sets are then used as " +"described above to calculate the transformation of the process's " +"capabilities during B<execve>(2)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Thus, when a process with nonzero UIDs B<execve>(2)s a set-user-ID-root " +"program that does not have capabilities attached, or when a process whose " +"real and effective UIDs are zero B<execve>(2)s a program, the calculation of " +"the process's new permitted capabilities simplifies to:" +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#: opensuse-tumbleweed +#, fuzzy, no-wrap +#| msgid "P'(inherited) = P(inherited) [i.e., unchanged]\n" +msgid "" +"P'(permitted) = P(inheritable) | P(bounding)\n" +"\\&\n" +"P'(effective) = P'(permitted)\n" +msgstr "P'(heredadas) = P(heredadas) [i.e., no se modifica]\n" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Consequently, the process gains all capabilities in its permitted and " +"effective capability sets, except those masked out by the capability " +"bounding set. (In the calculation of P'(permitted), the P'(ambient) term " +"can be simplified away because it is by definition a proper subset of " +"P(inheritable).)" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The special treatments of user ID 0 (root) described in this subsection can " +"be disabled using the securebits mechanism described below." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Set-user-ID-root programs that have file capabilities" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"There is one exception to the behavior described in I<Capabilities and " +"execution of programs by root> above. If (a) the binary that is being " +"executed has capabilities attached and (b) the real user ID of the process " +"is I<not> 0 (root) and (c) the effective user ID of the process I<is> 0 " +"(root), then the file capability bits are honored (i.e., they are not " +"notionally considered to be all ones). The usual way in which this " +"situation can arise is when executing a set-UID-root program that also has " +"file capabilities. When such a program is executed, the process gains just " +"the capabilities granted by the program (i.e., not all capabilities, as " +"would occur when executing a set-user-ID-root program that does not have any " +"associated file capabilities)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Note that one can assign empty capability sets to a program file, and thus " +"it is possible to create a set-user-ID-root program that changes the " +"effective and saved set-user-ID of the process that executes the program to " +"0, but confers no capabilities to that process." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Capability bounding set" +msgstr "Conjunto limitador de capacidades" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The capability bounding set is a security mechanism that can be used to " +"limit the capabilities that can be gained during an B<execve>(2). The " +"bounding set is used in the following ways:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"During an B<execve>(2), the capability bounding set is ANDed with the file " +"permitted capability set, and the result of this operation is assigned to " +"the thread's permitted capability set. The capability bounding set thus " +"places a limit on the permitted capabilities that may be granted by an " +"executable file." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"(Since Linux 2.6.25) The capability bounding set acts as a limiting " +"superset for the capabilities that a thread can add to its inheritable set " +"using B<capset>(2). This means that if a capability is not in the bounding " +"set, then a thread can't add this capability to its inheritable set, even if " +"it was in its permitted capabilities, and thereby cannot have this " +"capability preserved in its permitted set when it B<execve>(2)s a file that " +"has the capability in its inheritable set." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Note that the bounding set masks the file permitted capabilities, but not " +"the inheritable capabilities. If a thread maintains a capability in its " +"inheritable set that is not in its bounding set, then it can still gain that " +"capability in its permitted set by executing a file that has the capability " +"in its inheritable set." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Depending on the kernel version, the capability bounding set is either a " +"system-wide attribute, or a per-process attribute." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "Capability bounding set" +msgid "B<Capability bounding set from Linux 2.6.25 onward>" +msgstr "Conjunto limitador de capacidades" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"From Linux 2.6.25, the I<capability bounding set> is a per-thread " +"attribute. (The system-wide capability bounding set described below no " +"longer exists.)" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The bounding set is inherited at B<fork>(2) from the thread's parent, and " +"is preserved across an B<execve>(2)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"A thread may remove capabilities from its capability bounding set using the " +"B<prctl>(2) B<PR_CAPBSET_DROP> operation, provided it has the " +"B<CAP_SETPCAP> capability. Once a capability has been dropped from the " +"bounding set, it cannot be restored to that set. A thread can determine if " +"a capability is in its bounding set using the B<prctl>(2) " +"B<PR_CAPBSET_READ> operation." +msgstr "" + +#. commit b3a222e52e4d4be77cc4520a57af1a4a0d8222d1 +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Removing capabilities from the bounding set is supported only if file " +"capabilities are compiled into the kernel. Before Linux 2.6.33, file " +"capabilities were an optional feature configurable via the " +"B<CONFIG_SECURITY_FILE_CAPABILITIES> option. Since Linux 2.6.33, the " +"configuration option has been removed and file capabilities are always part " +"of the kernel. When file capabilities are compiled into the kernel, the " +"B<init> process (the ancestor of all processes) begins with a full bounding " +"set. If file capabilities are not compiled into the kernel, then B<init> " +"begins with a full bounding set minus B<CAP_SETPCAP>, because this " +"capability has a different meaning when there are no file capabilities." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Removing a capability from the bounding set does not remove it from the " +"thread's inheritable set. However it does prevent the capability from being " +"added back into the thread's inheritable set in the future." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "Capability bounding set" +msgid "B<Capability bounding set prior to Linux 2.6.25>" +msgstr "Conjunto limitador de capacidades" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Before Linux 2.6.25, the capability bounding set is a system-wide attribute " +"that affects all threads on the system. The bounding set is accessible via " +"the file I</proc/sys/kernel/cap-bound>. (Confusingly, this bit mask " +"parameter is expressed as a signed decimal number in I</proc/sys/kernel/cap-" +"bound>.)" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Only the B<init> process may set capabilities in the capability bounding " +"set; other than that, the superuser (more precisely: a process with the " +"B<CAP_SYS_MODULE> capability) may only clear capabilities from this set." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"On a standard system the capability bounding set always masks out the " +"B<CAP_SETPCAP> capability. To remove this restriction (dangerous!), modify " +"the definition of B<CAP_INIT_EFF_SET> in I<include/linux/capability.h> and " +"rebuild the kernel." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "Capability bounding set" +msgid "" +"The system-wide capability bounding set feature was added to Linux 2.2.11." +msgstr "Conjunto limitador de capacidades" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Effect of user ID changes on capabilities" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"To preserve the traditional semantics for transitions between 0 and nonzero " +"user IDs, the kernel makes the following changes to a thread's capability " +"sets on changes to the thread's real, effective, saved set, and filesystem " +"user IDs (using B<setuid>(2), B<setresuid>(2), or similar):" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If one or more of the real, effective, or saved set user IDs was previously " +"0, and as a result of the UID changes all of these IDs have a nonzero value, " +"then all capabilities are cleared from the permitted, effective, and ambient " +"capability sets." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If the effective user ID is changed from 0 to nonzero, then all capabilities " +"are cleared from the effective set." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If the effective user ID is changed from nonzero to 0, then the permitted " +"set is copied to the effective set." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If the filesystem user ID is changed from 0 to nonzero (see B<setfsuid>(2)), " +"then the following capabilities are cleared from the effective set: " +"B<CAP_CHOWN>, B<CAP_DAC_OVERRIDE>, B<CAP_DAC_READ_SEARCH>, B<CAP_FOWNER>, " +"B<CAP_FSETID>, B<CAP_LINUX_IMMUTABLE> (since Linux 2.6.30), " +"B<CAP_MAC_OVERRIDE>, and B<CAP_MKNOD> (since Linux 2.6.30). If the " +"filesystem UID is changed from nonzero to 0, then any of these capabilities " +"that are enabled in the permitted set are enabled in the effective set." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If a thread that has a 0 value for one or more of its user IDs wants to " +"prevent its permitted capability set being cleared when it resets all of its " +"user IDs to nonzero values, it can do so using the B<SECBIT_KEEP_CAPS> " +"securebits flag described below." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Programmatically adjusting capability sets" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"A thread can retrieve and change its permitted, effective, and inheritable " +"capability sets using the B<capget>(2) and B<capset>(2) system calls. " +"However, the use of B<cap_get_proc>(3) and B<cap_set_proc>(3), both " +"provided in the I<libcap> package, is preferred for this purpose. The " +"following rules govern changes to the thread capability sets:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If the caller does not have the B<CAP_SETPCAP> capability, the new " +"inheritable set must be a subset of the combination of the existing " +"inheritable and permitted sets." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"(Since Linux 2.6.25) The new inheritable set must be a subset of the " +"combination of the existing inheritable set and the capability bounding set." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The new permitted set must be a subset of the existing permitted set (i.e., " +"it is not possible to acquire permitted capabilities that the thread does " +"not currently have)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "The new effective set must be a subset of the new permitted set." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "The securebits flags: establishing a capabilities-only environment" +msgstr "" + +#. For some background: +#. see http://lwn.net/Articles/280279/ and +#. http://article.gmane.org/gmane.linux.kernel.lsm/5476/ +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Starting with Linux 2.6.26, and with a kernel in which file capabilities are " +"enabled, Linux implements a set of per-thread I<securebits> flags that can " +"be used to disable special handling of capabilities for UID 0 (I<root>). " +"These flags are as follows:" +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<SECBIT_KEEP_CAPS>" +msgstr "B<SECBIT_KEEP_CAPS>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Setting this flag allows a thread that has one or more 0 UIDs to retain " +"capabilities in its permitted set when it switches all of its UIDs to " +"nonzero values. If this flag is not set, then such a UID switch causes the " +"thread to lose all permitted capabilities. This flag is always cleared on " +"an B<execve>(2)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Note that even with the B<SECBIT_KEEP_CAPS> flag set, the effective " +"capabilities of a thread are cleared when it switches its effective UID to a " +"nonzero value. However, if the thread has set this flag and its effective " +"UID is already nonzero, and the thread subsequently switches all other UIDs " +"to nonzero values, then the effective capabilities will not be cleared." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The setting of the B<SECBIT_KEEP_CAPS> flag is ignored if the " +"B<SECBIT_NO_SETUID_FIXUP> flag is set. (The latter flag provides a superset " +"of the effect of the former flag.)" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This flag provides the same functionality as the older B<prctl>(2) " +"B<PR_SET_KEEPCAPS> operation." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<SECBIT_NO_SETUID_FIXUP>" +msgstr "B<SECBIT_NO_SETUID_FIXUP>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Setting this flag stops the kernel from adjusting the process's permitted, " +"effective, and ambient capability sets when the thread's effective and " +"filesystem UIDs are switched between zero and nonzero values. See I<Effect " +"of user ID changes on capabilities> above." +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<SECBIT_NOROOT>" +msgstr "B<SECBIT_NOROOT>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If this bit is set, then the kernel does not grant capabilities when a set-" +"user-ID-root program is executed, or when a process with an effective or " +"real UID of 0 calls B<execve>(2). (See I<Capabilities and execution of " +"programs by root> above.)" +msgstr "" + +#. type: TP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<SECBIT_NO_CAP_AMBIENT_RAISE>" +msgstr "B<SECBIT_NO_CAP_AMBIENT_RAISE>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Setting this flag disallows raising ambient capabilities via the " +"B<prctl>(2) B<PR_CAP_AMBIENT_RAISE> operation." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Each of the above \"base\" flags has a companion \"locked\" flag. Setting " +"any of the \"locked\" flags is irreversible, and has the effect of " +"preventing further changes to the corresponding \"base\" flag. The locked " +"flags are: B<SECBIT_KEEP_CAPS_LOCKED>, B<SECBIT_NO_SETUID_FIXUP_LOCKED>, " +"B<SECBIT_NOROOT_LOCKED>, and B<SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED>." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The I<securebits> flags can be modified and retrieved using the B<prctl>(2) " +"B<PR_SET_SECUREBITS> and B<PR_GET_SECUREBITS> operations. The " +"B<CAP_SETPCAP> capability is required to modify the flags. Note that the " +"B<SECBIT_*> constants are available only after including the I<E<lt>linux/" +"securebits.hE<gt>> header file." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The I<securebits> flags are inherited by child processes. During an " +"B<execve>(2), all of the flags are preserved, except B<SECBIT_KEEP_CAPS> " +"which is always cleared." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"An application can use the following call to lock itself, and all of its " +"descendants, into an environment where the only way of gaining capabilities " +"is by executing a program with associated file capabilities:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "" +"prctl(PR_SET_SECUREBITS,\n" +" /* SECBIT_KEEP_CAPS off */\n" +" SECBIT_KEEP_CAPS_LOCKED |\n" +" SECBIT_NO_SETUID_FIXUP |\n" +" SECBIT_NO_SETUID_FIXUP_LOCKED |\n" +" SECBIT_NOROOT |\n" +" SECBIT_NOROOT_LOCKED);\n" +" /* Setting/locking SECBIT_NO_CAP_AMBIENT_RAISE\n" +" is not required */\n" +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Per-user-namespace \"set-user-ID-root\" programs" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"A set-user-ID program whose UID matches the UID that created a user " +"namespace will confer capabilities in the process's permitted and effective " +"sets when executed by any process inside that namespace or any descendant " +"user namespace." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The rules about the transformation of the process's capabilities during the " +"B<execve>(2) are exactly as described in I<Transformation of capabilities " +"during execve()> and I<Capabilities and execution of programs by root> " +"above, with the difference that, in the latter subsection, \"root\" is the " +"UID of the creator of the user namespace." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy, no-wrap +#| msgid "denotes a file capability set" +msgid "Namespaced file capabilities" +msgstr "denota un conjunto de capacidades de fichero" + +#. commit 8db6c34f1dbc8e06aa016a9b829b06902c3e1340 +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Traditional (i.e., version 2) file capabilities associate only a set of " +"capability masks with a binary executable file. When a process executes a " +"binary with such capabilities, it gains the associated capabilities (within " +"its user namespace) as per the rules described in I<Transformation of " +"capabilities during execve()> above." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Because version 2 file capabilities confer capabilities to the executing " +"process regardless of which user namespace it resides in, only privileged " +"processes are permitted to associate capabilities with a file. Here, " +"\"privileged\" means a process that has the B<CAP_SETFCAP> capability in the " +"user namespace where the filesystem was mounted (normally the initial user " +"namespace). This limitation renders file capabilities useless for certain " +"use cases. For example, in user-namespaced containers, it can be desirable " +"to be able to create a binary that confers capabilities only to processes " +"executed inside that container, but not to processes that are executed " +"outside the container." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Linux 4.14 added so-called namespaced file capabilities to support such use " +"cases. Namespaced file capabilities are recorded as version 3 (i.e., " +"B<VFS_CAP_REVISION_3>) I<security.capability> extended attributes. Such an " +"attribute is automatically created in the circumstances described in I<File " +"capability extended attribute versioning> above. When a version 3 " +"I<security.capability> extended attribute is created, the kernel records not " +"just the capability masks in the extended attribute, but also the namespace " +"root user ID." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"As with a binary that has B<VFS_CAP_REVISION_2> file capabilities, a binary " +"with B<VFS_CAP_REVISION_3> file capabilities confers capabilities to a " +"process during B<execve>(). However, capabilities are conferred only if the " +"binary is executed by a process that resides in a user namespace whose UID 0 " +"maps to the root user ID that is saved in the extended attribute, or when " +"executed by a process that resides in a descendant of such a namespace." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Interaction with user namespaces" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"For further information on the interaction of capabilities and user " +"namespaces, see B<user_namespaces>(7)." +msgstr "" + +#. type: SH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "STANDARDS" +msgstr "ESTÁNDARES" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#: opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "No standards govern capabilities, but the Linux capability implementation " +#| "is based on the withdrawn POSIX.1e draft standard; see E<.UR https://" +#| "archive.org\\:/details\\:/posix_1003.1e-990310> E<.UE .>" +msgid "" +"No standards govern capabilities, but the Linux capability implementation is " +"based on the withdrawn E<.UR https://archive.org\\:/details\\:/" +"posix_1003.1e-990310> POSIX.1e draft standard E<.UE .>" +msgstr "" +"Ningún estándar determina las capacidades, aunque la implementación de " +"capacidades de Linux se basa en el retraído borrador del estándar POSIX.1e; " +"vea E<.UR https://archive.org\\:/details\\:/posix_1003.1e-990310> E<.UE .>" + +#. type: SH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "NOTES" +msgstr "NOTAS" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"When attempting to B<strace>(1) binaries that have capabilities (or set-" +"user-ID-root binaries), you may find the I<-u E<lt>usernameE<gt>> option " +"useful. Something like:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "$ B<sudo strace -o trace.log -u ceci ./myprivprog>\n" +msgstr "$ B<sudo strace -o trace.log -u ceci ./myprivprog>\n" + +#. commit 5915eb53861c5776cfec33ca4fcc1fd20d66dd27 removed +#. CONFIG_SECURITY_CAPABILITIES +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"From Linux 2.5.27 to Linux 2.6.26, capabilities were an optional kernel " +"component, and could be enabled/disabled via the " +"B<CONFIG_SECURITY_CAPABILITIES> kernel configuration option." +msgstr "" + +#. 7b9a7ec565505699f503b4fcf61500dceb36e744 +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The I</proc/>pidI</task/TID/status> file can be used to view the capability " +"sets of a thread. The I</proc/>pidI</status> file shows the capability sets " +"of a process's main thread. Before Linux 3.8, nonexistent capabilities were " +"shown as being enabled (1) in these sets. Since Linux 3.8, all nonexistent " +"capabilities (above B<CAP_LAST_CAP>) are shown as disabled (0)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "The I<libcap> package provides a suite of routines for setting and " +#| "getting process capabilities that is more comfortable and less likely to " +#| "change than the interface provided by B<capset>(2) and B<capget>(2)." +msgid "" +"The I<libcap> package provides a suite of routines for setting and getting " +"capabilities that is more comfortable and less likely to change than the " +"interface provided by B<capset>(2) and B<capget>(2). This package also " +"provides the B<setcap>(8) and B<getcap>(8) programs. It can be found at" +msgstr "" +"El paquete I<libcap> ofrece un conjunto de rutinas para establecer y obtener " +"las capacidades de un proceso que resultan más cómodas y con menos " +"probabilidad de cambiar que la interfaz provista por B<capset>(2) y " +"B<capget>(2)." + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"E<.UR https://git.kernel.org\\:/pub\\:/scm\\:/libs\\:/libcap\\:/libcap." +"git\\:/refs/> E<.UE .>" +msgstr "" +"E<.UR https://git.kernel.org\\:/pub\\:/scm\\:/libs\\:/libcap\\:/libcap." +"git\\:/refs/> E<.UE .>" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Before Linux 2.6.24, and from Linux 2.6.24 to Linux 2.6.32 if file " +"capabilities are not enabled, a thread with the B<CAP_SETPCAP> capability " +"can manipulate the capabilities of threads other than itself. However, this " +"is only theoretically possible, since no thread ever has B<CAP_SETPCAP> in " +"either of these cases:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"In the pre-2.6.25 implementation the system-wide capability bounding set, I</" +"proc/sys/kernel/cap-bound>, always masks out the B<CAP_SETPCAP> capability, " +"and this can not be changed without modifying the kernel source and " +"rebuilding the kernel." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If file capabilities are disabled (i.e., the kernel " +"B<CONFIG_SECURITY_FILE_CAPABILITIES> option is disabled), then B<init> " +"starts out with the B<CAP_SETPCAP> capability removed from its per-process " +"bounding set, and that bounding set is inherited by all other processes " +"created on the system." +msgstr "" + +#. type: SH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "SEE ALSO" +msgstr "VÉASE TAMBIÉN" + +#. from libcap-ng +#. from libcap-ng +#. from libcap-ng +#. from libcap-ng +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, fuzzy +#| msgid "" +#| "B<capsh>(1), B<setpriv>(1), B<prctl>(2), B<setfsuid>(2), B<cap_clear>(3), " +#| "B<cap_copy_ext>(3), B<cap_from_text>(3), B<cap_get_file>(3), " +#| "B<cap_get_proc>(3), B<cap_init>(3), B<capgetp>(3), B<capsetp>(3), " +#| "B<libcap>(3), B<proc>(5), B<credentials>(7), B<pthreads>(7), " +#| "B<user_namespaces>(7), B<captest>(8), B<filecap>(8), B<getcap>(8), " +#| "B<netcap>(8), B<pscap>(8), B<setcap>(8)" +msgid "" +"B<capsh>(1), B<setpriv>(1), B<prctl>(2), B<setfsuid>(2), B<cap_clear>(3), " +"B<cap_copy_ext>(3), B<cap_from_text>(3), B<cap_get_file>(3), " +"B<cap_get_proc>(3), B<cap_init>(3), B<capgetp>(3), B<capsetp>(3), " +"B<libcap>(3), B<proc>(5), B<credentials>(7), B<pthreads>(7), " +"B<user_namespaces>(7), B<captest>(8), B<filecap>(8), B<getcap>(8), " +"B<getpcaps>(8), B<netcap>(8), B<pscap>(8), B<setcap>(8)" +msgstr "" +"B<capsh>(1), B<setpriv>(1), B<prctl>(2), B<setfsuid>(2), B<cap_clear>(3), " +"B<cap_copy_ext>(3), B<cap_from_text>(3), B<cap_get_file>(3), " +"B<cap_get_proc>(3), B<cap_init>(3), B<capgetp>(3), B<capsetp>(3), " +"B<libcap>(3), B<proc>(5), B<credentials>(7), B<pthreads>(7), " +"B<user_namespaces>(7), B<captest>(8), B<filecap>(8), B<getcap>(8), " +"B<netcap>(8), B<pscap>(8), B<setcap>(8)" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<include/linux/capability.h> in the Linux kernel source tree" +msgstr "" + +#. type: TH +#: debian-bookworm +#, no-wrap +msgid "2023-02-05" +msgstr "5 Febrero 2023" + +#. type: TH +#: debian-bookworm +#, no-wrap +msgid "Linux man-pages 6.03" +msgstr "Páginas de manual de Linux 6.03" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "P'(ambient) = (file is privileged) ? 0 : P(ambient)\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, fuzzy, no-wrap +#| msgid "P'(permitted) = (P(inherited) & F(allowed)) | (F(forced) & cap_bset)\n" +msgid "" +"P'(permitted) = (P(inheritable) & F(inheritable)) |\n" +" (F(permitted) & P(bounding)) | P'(ambient)\n" +msgstr "P'(permitidas) = (P(heredadas) & F(permitidas)) | (F(forzadas) & cap_bset)\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, fuzzy, no-wrap +#| msgid "P'(effective) = P'(permitted) & F(effective)\n" +msgid "P'(effective) = F(effective) ? P'(permitted) : P'(ambient)\n" +msgstr "P'(efectivas) = P'(permitidas) & F(efectivas)\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, fuzzy, no-wrap +#| msgid "P'(inherited) = P(inherited) [i.e., unchanged]\n" +msgid "P'(inheritable) = P(inheritable) [i.e., unchanged]\n" +msgstr "P'(heredadas) = P(heredadas) [i.e., no se modifica]\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, fuzzy, no-wrap +#| msgid "P'(inherited) = P(inherited) [i.e., unchanged]\n" +msgid "P'(bounding) = P(bounding) [i.e., unchanged]\n" +msgstr "P'(heredadas) = P(heredadas) [i.e., no se modifica]\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, fuzzy, no-wrap +#| msgid "P'(inherited) = P(inherited) [i.e., unchanged]\n" +msgid "P'(permitted) = P(inheritable) | P(bounding)\n" +msgstr "P'(heredadas) = P(heredadas) [i.e., no se modifica]\n" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "P'(effective) = P'(permitted)\n" +msgstr "P'(efectivas) = P'(permitidas)\n" + +#. type: Plain text +#: debian-bookworm +msgid "" +"No standards govern capabilities, but the Linux capability implementation is " +"based on the withdrawn POSIX.1e draft standard; see E<.UR https://archive." +"org\\:/details\\:/posix_1003.1e-990310> E<.UE .>" +msgstr "" +"Ningún estándar determina las capacidades, aunque la implementación de " +"capacidades de Linux se basa en el retraído borrador del estándar POSIX.1e; " +"vea E<.UR https://archive.org\\:/details\\:/posix_1003.1e-990310> E<.UE .>" + +#. type: TH +#: debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "2023-05-03" +msgstr "3 Mayo 2023" + +#. type: TH +#: debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "Linux man-pages 6.05.01" +msgstr "Páginas de manual de Linux 6.05.01" + +#. type: TH +#: opensuse-leap-15-6 +#, no-wrap +msgid "2023-03-17" +msgstr "17 Marzo 2023" + +#. type: TH +#: opensuse-leap-15-6 +#, no-wrap +msgid "Linux man-pages 6.04" +msgstr "Linux man-pages 6.04" |