diff options
Diffstat (limited to 'templates/man8/systemd-nsresourced.service.8.pot')
| -rw-r--r-- | templates/man8/systemd-nsresourced.service.8.pot | 189 |
1 files changed, 189 insertions, 0 deletions
diff --git a/templates/man8/systemd-nsresourced.service.8.pot b/templates/man8/systemd-nsresourced.service.8.pot new file mode 100644 index 00000000..98e4012a --- /dev/null +++ b/templates/man8/systemd-nsresourced.service.8.pot @@ -0,0 +1,189 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Free Software Foundation, Inc. +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2024-06-15 09:12+0200\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. type: TH +#: debian-unstable fedora-rawhide +#, no-wrap +msgid "SYSTEMD-NSRESOURCED\\&.SERVICE" +msgstr "" + +#. type: TH +#: debian-unstable fedora-rawhide +#, no-wrap +msgid "systemd 256~rc3" +msgstr "" + +#. type: TH +#: debian-unstable fedora-rawhide +#, no-wrap +msgid "systemd-nsresourced.service" +msgstr "" + +#. ----------------------------------------------------------------- +#. * MAIN CONTENT STARTS HERE * +#. ----------------------------------------------------------------- +#. type: SH +#: debian-unstable fedora-rawhide +#, no-wrap +msgid "NAME" +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "" +"systemd-nsresourced.service, systemd-nsresourced - User Namespace Resource " +"Delegation Service" +msgstr "" + +#. type: SH +#: debian-unstable fedora-rawhide +#, no-wrap +msgid "SYNOPSIS" +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "systemd-nsresourced\\&.service" +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "/usr/lib/systemd/systemd-nsresourced" +msgstr "" + +#. type: SH +#: debian-unstable fedora-rawhide +#, no-wrap +msgid "DESCRIPTION" +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "" +"B<systemd-nsresourced> is a system service that permits transient delegation " +"of a a UID/GID range to a user namespace (see B<user_namespaces>(7)) " +"allocated by a client, via a Varlink IPC API\\&." +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "" +"Unprivileged clients may allocate a user namespace, and then request a UID/" +"GID range to be assigned to it via this service\\&. The user namespace may " +"then be used to run containers and other sandboxes, and/or apply it to an id-" +"mapped mount\\&." +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "" +"Allocations of UIDs/GIDs this way are transient: when a user namespace goes " +"away, its UID/GID range is returned to the pool of available ranges\\&. In " +"order to ensure that clients cannot gain persistency in their transient UID/" +"GID range a BPF-LSM based policy is enforced that ensures that user " +"namespaces set up this way can only write to file systems they allocate " +"themselves or that are explicitly allowlisted via B<systemd-nsresourced>\\&." +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "" +"B<systemd-nsresourced> automatically ensures that any registered UID ranges " +"show up in the system\\*(Aqs NSS database via the \\m[blue]B<User/Group " +"Record Lookup API via Varlink>\\m[]\\&\\s-2\\u[1]\\d\\s+2\\&." +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "" +"Currently, only UID/GID ranges consisting of either exactly 1 or exactly " +"65536 UIDs/GIDs can be registered with this service\\&. Moreover, UIDs and " +"GIDs are always allocated together, and symmetrically\\&." +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "" +"The service provides API calls to allowlist mounts (referenced via their " +"mount file descriptors as per Linux B<fsmount()> API), to pass ownership of " +"a cgroup subtree to the user namespace and to delegate a virtual Ethernet " +"device pair to the user namespace\\&. When used in combination this is " +"sufficient to implement fully unprivileged container environments, as " +"implemented by B<systemd-nspawn>(1), fully unprivileged I<RootImage=> (see " +"B<systemd.exec>(5)) or fully unprivileged disk image tools such as B<systemd-" +"dissect>(1)\\&." +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "" +"This service provides one \\m[blue]B<Varlink>\\m[]\\&\\s-2\\u[2]\\d\\s+2 " +"service: B<io\\&.systemd\\&.NamespaceResource> allows registering user " +"namespaces, and assign mounts, cgroups and network interfaces to it\\&." +msgstr "" + +#. type: SH +#: debian-unstable fedora-rawhide +#, no-wrap +msgid "SEE ALSO" +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "" +"B<systemd>(1), B<systemd-mountfsd.service>(8), B<systemd-nspawn>(1), " +"B<systemd.exec>(5), B<systemd-dissect>(1), B<user_namespaces>(7)" +msgstr "" + +#. type: SH +#: debian-unstable fedora-rawhide +#, no-wrap +msgid "NOTES" +msgstr "" + +#. type: IP +#: debian-unstable fedora-rawhide +#, no-wrap +msgid " 1." +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "User/Group Record Lookup API via Varlink" +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "\\%https://systemd.io/USER_GROUP_API" +msgstr "" + +#. type: IP +#: debian-unstable fedora-rawhide +#, no-wrap +msgid " 2." +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "Varlink" +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "\\%https://varlink.org/" +msgstr "" |