# German translation of manpages
# This file is distributed under the same license as the manpages-l10n package.
# Copyright © of this file:
# FIXME: Einheitliche Übersetzung von Transformation
# Dr. Tobias Quathamer <toddy@debian.org>, 2016.
# Helge Kreutzmann <debian@helgefjell.de>, 2012-2023.
msgid ""
msgstr ""
"Project-Id-Version: manpages-l10n 4.22.0\n"
"POT-Creation-Date: 2024-06-01 05:43+0200\n"
"PO-Revision-Date: 2024-03-29 18:21+0100\n"
"Last-Translator: Helge Kreutzmann <debian@helgefjell.de>\n"
"Language-Team: German <debian-l10n-german@lists.debian.org>\n"
"Language: de\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"

#. type: TH
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Capabilities"
msgstr "Capabilitys"

#. type: TH
#: archlinux debian-unstable opensuse-tumbleweed
#, no-wrap
msgid "2024-05-02"
msgstr "2. Mai 2024"

#. type: TH
#: archlinux debian-unstable
#, no-wrap
msgid "Linux man-pages 6.8"
msgstr "Linux man-pages 6.8"

#. type: SH
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "NAME"
msgstr "BEZEICHNUNG"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "capabilities - overview of Linux capabilities"
msgstr "capabilities - Überblick über Linux-Capabilitys"

#. type: SH
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "DESCRIPTION"
msgstr "BESCHREIBUNG"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"For the purpose of performing permission checks, traditional UNIX "
"implementations distinguish two categories of processes: I<privileged> "
"processes (whose effective user ID is 0, referred to as superuser or root), "
"and I<unprivileged> processes (whose effective UID is nonzero).  Privileged "
"processes bypass all kernel permission checks, while unprivileged processes "
"are subject to full permission checking based on the process's credentials "
"(usually: effective UID, effective GID, and supplementary group list)."
msgstr ""
"Für den Zweck der Durchführung von Rechteprüfungen unterscheiden "
"traditionelle UNIX-Implementierungen zwei Arten von Prozessen: "
"I<Privilegierte> Prozesse (deren effektive Benutzerkennung 0 ist, auch als "
"Superuser oder Root benannt) und I<unprivilegierte> Prozesse (deren "
"effektive UID von Null verschieden ist). Privilegierte Prozesse übergehen "
"alle Kernel-Rechteprüfungen, während unprivilegierte Prozesse der vollen "
"Rechteprüfung, basierend auf den Berechtigungsnachweisen des Prozesses "
"(normalerweise: effektive UID, effektive GID und ergänzende Gruppenliste), "
"unterliegen."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Starting with Linux 2.2, Linux divides the privileges traditionally "
"associated with superuser into distinct units, known as I<capabilities>, "
"which can be independently enabled and disabled.  Capabilities are a per-"
"thread attribute."
msgstr ""
"Beginnend mit Linux 2.2 unterteilt Linux die Privilegien, die traditionell "
"mit dem Superuser assoziiert sind, in getrennte Einheiten, die als "
"I<Capabilitys> bekannt sind. Diese können unabhängig voneinander aktiviert "
"oder deaktiviert werden. Capabilitys sind ein Attribut pro Thread."

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Capabilities list"
msgstr "Liste der Capabilitys"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The following list shows the capabilities implemented on Linux, and the "
"operations or behaviors that each capability permits:"
msgstr ""
"Die folgende Liste zeigt die in Linux implementierten Capabilitys und die "
"Aktionen oder Verhalten, die jede Capability erlaubt:"

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_AUDIT_CONTROL> (since Linux 2.6.11)"
msgstr "B<CAP_AUDIT_CONTROL> (seit Linux 2.6.11)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Enable and disable kernel auditing; change auditing filter rules; retrieve "
"auditing status and filtering rules."
msgstr ""
"Kernel-Auditierung aktivieren und deaktivieren; die Auditierung-Filterregel "
"ändern; den Auditstatus und Filterregel abfragen."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_AUDIT_READ> (since Linux 3.16)"
msgstr "B<CAP_AUDIT_READ> (seit Linux 3.16)"

#.  commit a29b694aa1739f9d76538e34ae25524f9c549d59
#.  commit 3a101b8de0d39403b2c7e5c23fd0b005668acf48
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Allow reading the audit log via a multicast netlink socket."
msgstr ""
"Erlaubt das Schreiben des Audit-Protokolls über einen Multicast-Netlink-"
"Socket."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_AUDIT_WRITE> (since Linux 2.6.11)"
msgstr "B<CAP_AUDIT_WRITE> (seit Linux 2.6.11)"

#.  FIXME Add FAN_ENABLE_AUDIT
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Write records to kernel auditing log."
msgstr "Datensätze in das Audit-Protokoll des Kernels schreiben."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_BLOCK_SUSPEND> (since Linux 3.5)"
msgstr "B<CAP_BLOCK_SUSPEND> (seit Linux 3.5)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Employ features that can block system suspend (B<epoll>(7)  B<EPOLLWAKEUP>, "
"I</proc/sys/wake_lock>)."
msgstr ""
"Funktionalitäten einsetzen, die die System-Supsendierung blockieren können "
"(B<epoll>(7) B<EPOLLWAKEUP>, I</proc/sys/wake_lock>)."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_BPF> (since Linux 5.8)"
msgstr "B<CAP_BPF> (seit Linux 5.8)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Employ privileged BPF operations; see B<bpf>(2)  and B<bpf-helpers>(7)."
msgstr ""
"privilegierte BPF-Aktionen einsetzen; siehe B<bpf>(2) und B<bpf-helpers>(7)."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"This capability was added in Linux 5.8 to separate out BPF functionality "
"from the overloaded B<CAP_SYS_ADMIN> capability."
msgstr ""
"Diese Capability wurde in Linux 5.8 hinzugefügt, um die BPF-Funktionalität "
"aus der überladenen Capability B<CAP_SYS_ADMIN> auszugliedern."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_CHECKPOINT_RESTORE> (since Linux 5.9)"
msgstr "B<CAP_CHECKPOINT_RESTORE> (seit Linux 5.9)"

#. type: IP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "\\[bu]"
msgstr "\\[bu]"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Update I</proc/sys/kernel/ns_last_pid> (see B<pid_namespaces>(7));"
msgstr ""
"Aktualisiert I</proc/sys/kernel/ns_last_pid> (siehe B<pid_namespaces>(7));"

#.  FIXME There is also some use case relating to
#.  prctl_set_mm_exe_file(); in the 5.9 sources, see
#.  prctl_set_mm_map().
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "employ the I<set_tid> feature of B<clone3>(2);"
msgstr "verwendet die Funktionalität I<set_tid> von B<clone3>(2);"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"read the contents of the symbolic links in I</proc/>pidI</map_files> for "
"other processes."
msgstr ""
"liest die Inhalte der symbolischen Links in I</proc/>PIDI</map_files> für "
"andere Prozesse."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"This capability was added in Linux 5.9 to separate out checkpoint/restore "
"functionality from the overloaded B<CAP_SYS_ADMIN> capability."
msgstr ""
"Diese Capability wurde in Linux 5.9 hinzugefügt, um die Prüfpunkt-/"
"Wiederherstellungs-Funktionalität aus der überladenen Capability "
"B<CAP_SYS_ADMIN> auszugliedern."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_CHOWN>"
msgstr "B<CAP_CHOWN>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Make arbitrary changes to file UIDs and GIDs (see B<chown>(2))."
msgstr ""
"beliebige Änderungen an Datei-UIDs und GIDs vornehmen (siehe B<chown>(2))."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_DAC_OVERRIDE>"
msgstr "B<CAP_DAC_OVERRIDE>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Bypass file read, write, and execute permission checks.  (DAC is an "
"abbreviation of \"discretionary access control\".)"
msgstr ""
"Lese-, Schreibe und Ausführrechteprüfungen umgehen. (DAC ist die Abkürzung "
"für »discretionary access control«, benutzerbestimmbare Zugriffssteuerung)"

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_DAC_READ_SEARCH>"
msgstr "B<CAP_DAC_READ_SEARCH>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Bypass file read permission checks and directory read and execute permission "
"checks;"
msgstr ""
"Dateileserechteprüfungen und Verzeichnislese- und -ausführrechteprüfungen "
"umgehen."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "invoke B<open_by_handle_at>(2);"
msgstr "B<open_by_handle_at>(2) aufrufen."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"use the B<linkat>(2)  B<AT_EMPTY_PATH> flag to create a link to a file "
"referred to by a file descriptor."
msgstr ""
"Verwenden Sie den Schalter B<AT_EMPTY_PATH> von B<linkat>(2), um einen Link "
"auf eine Datei, auf die sich ein Dateideskriptor bezieht, zu erstellen."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_FOWNER>"
msgstr "B<CAP_FOWNER>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Bypass permission checks on operations that normally require the filesystem "
"UID of the process to match the UID of the file (e.g., B<chmod>(2), "
"B<utime>(2)), excluding those operations covered by B<CAP_DAC_OVERRIDE> and "
"B<CAP_DAC_READ_SEARCH>;"
msgstr ""
"Rechteprüfungen umgehen, die normalerweise verlangen, dass die Dateisystem-"
"UID des Prozesses mit der UID der Datei übvereinstimmt (z.B. B<chmod>(2), "
"B<utime>(2)), hierbei sind Aktionen, die durch B<CAP_DAC_OVERRIDE> und "
"B<CAP_DAC_READ_SEARCH> abgedeckt sind, ausgeschlossen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "set inode flags (see B<ioctl_iflags>(2))  on arbitrary files;"
msgstr ""
"Inode-Schalter für beliebige Dateien setzen (siehe B<ioctl_iflags>(2));"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "set Access Control Lists (ACLs) on arbitrary files;"
msgstr ""
"Zugriffssteuerlisten (»Access Control Lists«, ACLs) auf beliebige Dateien "
"setzen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "ignore directory sticky bit on file deletion;"
msgstr "»sticky«-Bit von Verzeichnissen beim Dateilöschen ignorieren;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"modify I<user> extended attributes on sticky directory owned by any user;"
msgstr ""
"verändert I<Benutzer>-erweiterte Attribute bei »sticky«-Verzeichnissen, die "
"irgendeinem Benutzer gehören;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"specify B<O_NOATIME> for arbitrary files in B<open>(2)  and B<fcntl>(2)."
msgstr ""
"B<O_NOATIME> für beliebige Dateien in B<open>(2) und B<fcntl>(2) setzen."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_FSETID>"
msgstr "B<CAP_FSETID>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Don't clear set-user-ID and set-group-ID mode bits when a file is modified;"
msgstr ""
"Set-User-ID- und Set-Group-ID-Modus-Bits nicht zurücksetzen, wenn eine Datei "
"verändert wird;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"set the set-group-ID bit for a file whose GID does not match the filesystem "
"or any of the supplementary GIDs of the calling process."
msgstr ""
"das Set-Group-ID-Bit für eine Datei setzen, deren GID nicht auf das "
"Dateisystem- oder eine der ergänzenden GIDs des aufrufenden Prozesses passt."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_IPC_LOCK>"
msgstr "B<CAP_IPC_LOCK>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Lock memory (B<mlock>(2), B<mlockall>(2), B<mmap>(2), B<shmctl>(2));"
msgstr ""
"Speicher sperren (B<mlock>(2), B<mlockall>(2), B<mmap>(2), B<shmctl>(2)),"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Allocate memory using huge pages (B<memfd_create>(2), B<mmap>(2), "
"B<shmctl>(2))."
msgstr ""
"Speicher mittels großen Speicherseiten reservieren (B<memfd_create>(2), "
"B<mmap>(2), B<shmctl>(2))."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_IPC_OWNER>"
msgstr "B<CAP_IPC_OWNER>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Bypass permission checks for operations on System V IPC objects."
msgstr "Rechteprüfungen für Aktionen mit System-V-IPC-Objekten umgehen."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_KILL>"
msgstr "B<CAP_KILL>"

#.  FIXME . CAP_KILL also has an effect for threads + setting child
#.        termination signal to other than SIGCHLD: without this
#.        capability, the termination signal reverts to SIGCHLD
#.        if the child does an exec().  What is the rationale
#.        for this?
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Bypass permission checks for sending signals (see B<kill>(2)).  This "
"includes use of the B<ioctl>(2)  B<KDSIGACCEPT> operation."
msgstr ""
"Rechteprüfungen beim Senden von Signalen umgehen (siehe B<kill>(2)). Dies "
"schließt die B<ioctl>(2)-B<KDSIGACCEPT>-Aktion mit ein."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_LEASE> (since Linux 2.4)"
msgstr "B<CAP_LEASE> (seit Linux 2.4)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Establish leases on arbitrary files (see B<fcntl>(2))."
msgstr "Etabliert Ausleihen für beliebige Dateien (siehe B<fcntl>(2))."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_LINUX_IMMUTABLE>"
msgstr "B<CAP_LINUX_IMMUTABLE>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Set the B<FS_APPEND_FL> and B<FS_IMMUTABLE_FL> inode flags (see "
"B<ioctl_iflags>(2))."
msgstr ""
"Setzt die Inode-Schalter B<FS_APPEND_FL> und B<FS_IMMUTABLE_FL> (siehe "
"B<ioctl_iflags>(2))."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_MAC_ADMIN> (since Linux 2.6.25)"
msgstr "B<CAP_MAC_ADMIN> (seit Linux 2.6.25)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Allow MAC configuration or state changes.  Implemented for the Smack Linux "
"Security Module (LSM)."
msgstr ""
"MAC-Konfiguration oder Statusänderungen erlauben. Implementiert für das "
"Smack-Linux-Security-Modul (LSM)."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_MAC_OVERRIDE> (since Linux 2.6.25)"
msgstr "B<CAP_MAC_OVERRIDE> (seit Linux 2.6.25)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Override Mandatory Access Control (MAC).  Implemented for the Smack LSM."
msgstr ""
"Mandatory Access Control (MAC) außer Kraft setzen. Für das Smack-LSM "
"implementiert."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_MKNOD> (since Linux 2.4)"
msgstr "B<CAP_MKNOD> (seit Linux 2.4)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Create special files using B<mknod>(2)."
msgstr "Spezielle Dateien mittels B<mknod>(2) erstellen."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_NET_ADMIN>"
msgstr "B<CAP_NET_ADMIN>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Perform various network-related operations:"
msgstr "Verschiedene Netz-bezogene Aktionen durchführen:"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "interface configuration;"
msgstr "Schnittstellenkonfiguration;"

# FIXME: Review Translation
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "administration of IP firewall, masquerading, and accounting;"
msgstr "Administration von IP-Firewall, Masquerading und Abrechnung;"

# FIXME: Review Translation
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "modify routing tables;"
msgstr "Routing-Tabellen verändern;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "bind to any address for transparent proxying;"
msgstr "an beliebige Adresse für eine transparente Proxyfunktion binden;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "set type-of-service (TOS);"
msgstr "type-of-service (TOS) setzen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "clear driver statistics;"
msgstr "Treiberstatistiken bereinigen;"

# FIXME: Review Translation (including set)
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "set promiscuous mode;"
msgstr "den »promiscuous«-Modus einschalten;"

# FIXME: Review Translation
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "enabling multicasting;"
msgstr "Multicasting aktivieren;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"use B<setsockopt>(2)  to set the following socket options: B<SO_DEBUG>, "
"B<SO_MARK>, B<SO_PRIORITY> (for a priority outside the range 0 to 6), "
"B<SO_RCVBUFFORCE>, and B<SO_SNDBUFFORCE>."
msgstr ""
"B<setsockopt>(2) verwenden, um die folgenden Socket-Optionen zu setzen: "
"B<SO_DEBUG>, B<SO_MARK>, B<SO_PRIORITY> (für eine Priorität außerhalb des "
"Bereichs 0 bis 6), B<SO_RCVBUFFORCE> und B<SO_SNDBUFFORCE>."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_NET_BIND_SERVICE>"
msgstr "B<CAP_NET_BIND_SERVICE>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Bind a socket to Internet domain privileged ports (port numbers less than "
"1024)."
msgstr ""
"Einen Socket an einen privilegierten Internet-Domain-Port binden "
"(Portnummern kleiner als 1024)."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_NET_BROADCAST>"
msgstr "B<CAP_NET_BROADCAST>"

#.  FIXME Since Linux 4.2, there are use cases for netlink sockets
#.     commit 59324cf35aba5336b611074028777838a963d03b
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "(Unused)  Make socket broadcasts, and listen to multicasts."
msgstr "(Unbenutzt) Socket-Broadcasts durchführen und auf Multicasts warten."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_NET_RAW>"
msgstr "B<CAP_NET_RAW>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Use RAW and PACKET sockets;"
msgstr "RAW- und PACKET-Sockets verwenden;"

# FIXME: Review Translation
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "bind to any address for transparent proxying."
msgstr "an beliebige Adresse für eine transparente Proxyfunktion binden."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_PERFMON> (since Linux 5.8)"
msgstr "B<CAP_PERFMON> (seit Linux 5.8)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Employ various performance-monitoring mechanisms, including:"
msgstr ""
"verschiedene Leistungsüberwachungsmechanismen einzusetzen, einschließlich:"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "call B<perf_event_open>(2);"
msgstr "B<perf_event_open>(2) aufrufen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "employ various BPF operations that have performance implications."
msgstr ""
"verschiedene BPF-Aktionen einzusetzen, die Leistungsauswirkungen haben."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"This capability was added in Linux 5.8 to separate out performance "
"monitoring functionality from the overloaded B<CAP_SYS_ADMIN> capability.  "
"See also the kernel source file I<Documentation/admin-guide/perf-security."
"rst>."
msgstr ""
"Diese Capability wurde in Linux 5.8 hinzugefügt, um die "
"Überwachungsfunktionalität aus der überladenen Capability B<CAP_SYS_ADMIN> "
"auszugliedern. Siehe auch die Kernelquelldatei I<Documentation/admin-guide/"
"perf-security.rst>."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SETGID>"
msgstr "B<CAP_SETGID>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Make arbitrary manipulations of process GIDs and supplementary GID list;"
msgstr ""
"Beliebige Manipulationen an den GIDs und der Liste der ergänzenden GIDs des "
"Prozesses vornehmen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "forge GID when passing socket credentials via UNIX domain sockets;"
msgstr ""
"GID fälschen, wenn Socket-Berechtigungsnachweise via UNIX-Domain-Sockets "
"weitergebeben werden;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"write a group ID mapping in a user namespace (see B<user_namespaces>(7))."
msgstr ""
"eine Gruppenkennungs-Abbildung in einen Benutzernamensraum schreiben (siehe "
"B<user_namespaces>(7))."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SETFCAP> (since Linux 2.6.24)"
msgstr "B<CAP_SETFCAP> (seit Linux 2.6.24)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Set arbitrary capabilities on a file."
msgstr "Setzt beliebige Capabilitys auf einer Datei."

#.  commit db2e718a47984b9d71ed890eb2ea36ecf150de18
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Since Linux 5.12, this capability is also needed to map user ID 0 in a new "
"user namespace; see B<user_namespaces>(7)  for details."
msgstr ""
"Seit Linux 5.12 muss diese Capability auch auf eine Benutzerkennung 0 in "
"einem neuen Benutzernamensraum abgebildet sein; siehe B<user_namespaces>(7) "
"für Details."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SETPCAP>"
msgstr "B<CAP_SETPCAP>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If file capabilities are supported (i.e., since Linux 2.6.24): add any "
"capability from the calling thread's bounding set to its inheritable set; "
"drop capabilities from the bounding set (via B<prctl>(2)  "
"B<PR_CAPBSET_DROP>); make changes to the I<securebits> flags."
msgstr ""
"Falls Datei-Capabilitys unterstützt werden (d.h. seit Linux 2.6.24): Füge "
"alle Capabilitys aus der Begrenzungsmenge des Threads zu der vererbbaren "
"Menge hinzu; entferne Capabilitys aus der Begrenzungsmenge (via B<prctl>(2) "
"B<PR_CAPBSET_DROP>); nehme Änderungen an den I<securebits>-Schaltern vor."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If file capabilities are not supported (i.e., before Linux 2.6.24): grant or "
"remove any capability in the caller's permitted capability set to or from "
"any other process.  (This property of B<CAP_SETPCAP> is not available when "
"the kernel is configured to support file capabilities, since B<CAP_SETPCAP> "
"has entirely different semantics for such kernels.)"
msgstr ""
"Falls Datei-Capabilites nicht unterstützt werden (d.h. vor Linux 2.6.24): "
"eine Capability in der erlaubten Capability-Menge oder von anderen Prozessen "
"entfernen oder dafür bewilligen. (Diese Eigenschaft von B<CAP_SETPCAP> ist "
"nicht verfügbar, falls der Kernel für die Unterstützung von Datei-"
"Capabilitys konfiguriert ist, da B<CAP_SETPCAP> für diese Kernel eine "
"komplett andere Semantik aufweist.)"

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SETUID>"
msgstr "B<CAP_SETUID>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Make arbitrary manipulations of process UIDs (B<setuid>(2), B<setreuid>(2), "
"B<setresuid>(2), B<setfsuid>(2));"
msgstr ""
"beliebige Manipulationen der Prozess-UIDs vornehmen (B<setuid>(2), "
"B<setreuid>(2), B<setresuid>(2), B<setfsuid>(2));"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "forge UID when passing socket credentials via UNIX domain sockets;"
msgstr ""
"UID fälschen, wenn Socket-Berechtigungsnachweise via UNIX-Domain-Sockets "
"weitergebeben werden;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"write a user ID mapping in a user namespace (see B<user_namespaces>(7))."
msgstr ""
"eine Benutzerkennung-Abbildung in einen Benutzernamensraum schreiben (siehe "
"B<user_namespaces>(7))."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYS_ADMIN>"
msgstr "B<CAP_SYS_ADMIN>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"I<Note>: this capability is overloaded; see I<Notes to kernel developers> "
"below."
msgstr ""
"I<Hinweis:> Diese Capability ist überladen, siehe I<Hinweise für Kernel-"
"Entwickler> weiter unten."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Perform a range of system administration operations including: "
"B<quotactl>(2), B<mount>(2), B<umount>(2), B<pivot_root>(2), B<swapon>(2), "
"B<swapoff>(2), B<sethostname>(2), and B<setdomainname>(2);"
msgstr ""
"eine Reihe von Systemadministratoraktionen ausführen, darunter: "
"B<quotactl>(2), B<mount>(2), B<umount>(2), B<pivot_root>(2), B<swapon>(2), "
"B<swapoff>(2), B<sethostname>(2) und B<setdomainname>(2);"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"perform privileged B<syslog>(2)  operations (since Linux 2.6.37, "
"B<CAP_SYSLOG> should be used to permit such operations);"
msgstr ""
"privilegierte B<syslog>(2)-Aktion ausführen (seit Linux 2.6.37 sollte "
"B<CAP_SYSLOG> verwandt werden, um diese Aktion zu erlauben);"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "perform B<VM86_REQUEST_IRQ> B<vm86>(2)  command;"
msgstr "den B<VM86_REQUEST_IRQ>-Befehl B<vm86>(2) ausführen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"access the same checkpoint/restore functionality that is governed by "
"B<CAP_CHECKPOINT_RESTORE> (but the latter, weaker capability is preferred "
"for accessing that functionality)."
msgstr ""
"auf die gleiche Prüfpunkt-/Wiederherstellungsfunktionalität zugreifen, die "
"durch B<CAP_CHECKPOINT_RESTORE> gelenkt wird (die letztere, aber schwächere "
"Capability wird für den Zugriff auf dieses Funktionalität bevorzugt)."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"perform the same BPF operations as are governed by B<CAP_BPF> (but the "
"latter, weaker capability is preferred for accessing that functionality)."
msgstr ""
"die gleichen BPF-Aktionen durchführen, die durch B<CAP_BPF> gelenkt werden "
"(die letztere, aber schwächere Capability wird für den Zugriff auf dieses "
"Funktionalität bevorzugt)."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"employ the same performance monitoring mechanisms as are governed by "
"B<CAP_PERFMON> (but the latter, weaker capability is preferred for accessing "
"that functionality)."
msgstr ""
"die gleichen Leistungsüberwachungsmechanismen einsetzen, die durch "
"B<CAP_PERFMON> gelenkt werden (die letztere, aber schwächere Capability wird "
"für den Zugriff auf dieses Funktionalität bevorzugt)."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"perform B<IPC_SET> and B<IPC_RMID> operations on arbitrary System V IPC "
"objects;"
msgstr ""
"B<IPC_SET>- und B<IPC_RMID>-Aktion auf beliebigen System-V-IPC-Objekten "
"ausführen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "override B<RLIMIT_NPROC> resource limit;"
msgstr "B<RLIMIT_NPROC>-Ressourcenbegrenzung außer Kraft setzen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"perform operations on I<trusted> and I<security> extended attributes (see "
"B<xattr>(7));"
msgstr ""
"Aktionen an den erweiterten Attributen I<trusted> und I<security> "
"durchführen (siehe B<xattr>(7));"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "use B<lookup_dcookie>(2);"
msgstr "B<lookup_dcookie>(2) verwenden;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"use B<ioprio_set>(2)  to assign B<IOPRIO_CLASS_RT> and (before Linux "
"2.6.25)  B<IOPRIO_CLASS_IDLE> I/O scheduling classes;"
msgstr ""
"B<ioprio_set>(2) verwenden, um B<IOPRIO_CLASS_RT> und (vor Linux 2.6.25) "
"B<IOPRIO_CLASS_IDLE>-E/A-Scheduling-Klassen zuzuweisen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "forge PID when passing socket credentials via UNIX domain sockets;"
msgstr ""
"PID fälschen, wenn Socket-Berechtigungsnachweise via UNIX-Domain-Sockets "
"weitergebeben werden;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"exceed I</proc/sys/fs/file-max>, the system-wide limit on the number of open "
"files, in system calls that open files (e.g., B<accept>(2), B<execve>(2), "
"B<open>(2), B<pipe>(2));"
msgstr ""
"die systemweite Grenze der Anzahl der offenen Dateien (I</proc/sys/fs/file-"
"max>) in Systemaufrufen, die Dateien öffnen (z.B. B<accept>(2), "
"B<execve>(2), B<open>(2), B<pipe>(2)) überschreiben;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"employ B<CLONE_*> flags that create new namespaces with B<clone>(2)  and "
"B<unshare>(2)  (but, since Linux 3.8, creating user namespaces does not "
"require any capability);"
msgstr ""
"Schalter B<CLONE_*> einsetzen, der neue Namensräume mit B<clone>(2) und "
"B<unshare>(2) erstellt (seit Linux 3.8 benötigt die Erzeugung von "
"Benutzernamensräumen allerdings keine Capability mehr);"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "access privileged I<perf> event information;"
msgstr "auf privilegierte I<perf>-Ereignisinformationen zugreifen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"call B<setns>(2)  (requires B<CAP_SYS_ADMIN> in the I<target> namespace);"
msgstr ""
"B<setns>(2) aufrufen (benötigt B<CAP_SYS_ADMIN> im Namensraum I<target>);"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "call B<fanotify_init>(2);"
msgstr "B<fanotify_init>(2) aufrufen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"perform privileged B<KEYCTL_CHOWN> and B<KEYCTL_SETPERM> B<keyctl>(2)  "
"operations;"
msgstr ""
"privilegierte Aktionen B<KEYCTL_CHOWN> und B<KEYCTL_SETPERM> von "
"B<keyctl>(2) ausführen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "perform B<madvise>(2)  B<MADV_HWPOISON> operation;"
msgstr "B<madvise>(2)-B<MADV_HWPOISON>-Aktion ausführen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"employ the B<TIOCSTI> B<ioctl>(2)  to insert characters into the input queue "
"of a terminal other than the caller's controlling terminal;"
msgstr ""
"den B<TIOCSTI> B<ioctl>(2) verwenden, um Zeichen in die Eingabewarteschlange "
"eines Terminals, dass nicht das vom aufrufenden gesteuerte Terminal ist, "
"einzufügen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "employ the obsolete B<nfsservctl>(2)  system call;"
msgstr "veralteten Systemaufruf B<nfsservctl>(2) verwenden;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "employ the obsolete B<bdflush>(2)  system call;"
msgstr "veralteten Systemaufruf B<bdflush>(2) verwenden;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "perform various privileged block-device B<ioctl>(2)  operations;"
msgstr "verschiedene privilegierte Blockgeräte-B<ioctl>(2)-Aktion ausführen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "perform various privileged filesystem B<ioctl>(2)  operations;"
msgstr "verschiedene privilegierte Dateisystem-B<ioctl>(2)-Aktionen ausführen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"perform privileged B<ioctl>(2)  operations on the I</dev/random> device (see "
"B<random>(4));"
msgstr ""
"privilegierte B<ioctl>(2)-Aktionen am Gerät I</dev/random> durchführen "
"(siehe B<random>(4));"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"install a B<seccomp>(2)  filter without first having to set the "
"I<no_new_privs> thread attribute;"
msgstr ""
"einen B<seccomp>(2)-Filter installieren, ohne zuerst das I<no_new_privs> "
"Thread-Attribut setzen zu müssen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "modify allow/deny rules for device control groups;"
msgstr "Erlauben-/Verweigern-Regeln für Gerätesteuergruppen verändern;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"employ the B<ptrace>(2)  B<PTRACE_SECCOMP_GET_FILTER> operation to dump "
"tracee's seccomp filters;"
msgstr ""
"B<ptrace>(2) B<PTRACE_SECCOMP_GET_FILTER> Aktionen einsetzen, um die Seccomp-"
"Filter verfolgter Prozesse auszugeben;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"employ the B<ptrace>(2)  B<PTRACE_SETOPTIONS> operation to suspend the "
"tracee's seccomp protections (i.e., the B<PTRACE_O_SUSPEND_SECCOMP> flag);"
msgstr ""
"die Aktion B<PTRACE_SETOPTIONS> von B<ptrace>(2) einsetzen, um den Seccomp-"
"Schutz des verfolgten Prozesses vorübergehend außer Kraft zu setzen (d.h. "
"der Schalter B<PTRACE_O_SUSPEND_SECCOMP>);"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "perform administrative operations on many device drivers;"
msgstr "administrative Aktionen auf vielen Gerätetreibern ausführen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"modify autogroup nice values by writing to I</proc/>pidI</autogroup> (see "
"B<sched>(7))."
msgstr ""
"Autogroup-Nice-Werte durch Schreiben von I</proc/>PIDI</autogroup> (siehe "
"B<sched>(7)) verändern."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYS_BOOT>"
msgstr "B<CAP_SYS_BOOT>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Use B<reboot>(2)  and B<kexec_load>(2)."
msgstr "B<reboot>(2) und B<kexec_load>(2) verwenden."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYS_CHROOT>"
msgstr "B<CAP_SYS_CHROOT>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Use B<chroot>(2);"
msgstr "B<chroot>(2) verwenden;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "change mount namespaces using B<setns>(2)."
msgstr "Einhängenamensräume mittels B<setns>(2) ändern."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYS_MODULE>"
msgstr "B<CAP_SYS_MODULE>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Load and unload kernel modules (see B<init_module>(2)  and "
"B<delete_module>(2));"
msgstr ""
"Kernelmodule laden und entladen (siehe B<init_module>(2) und "
"B<delete_module>(2));"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"before Linux 2.6.25: drop capabilities from the system-wide capability "
"bounding set."
msgstr ""
"vor Linux 2.6.25: Capabilitys aus der systemweiten Capability-"
"Begrenzungsmenge entfernen."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYS_NICE>"
msgstr "B<CAP_SYS_NICE>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Lower the process nice value (B<nice>(2), B<setpriority>(2))  and change the "
"nice value for arbitrary processes;"
msgstr ""
"den Nice-Wert von Prozessen absenken (B<nice>(2), B<setpriority>(2)) und den "
"Nice-Wert von beliebigen Prozessen ändern;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"set real-time scheduling policies for calling process, and set scheduling "
"policies and priorities for arbitrary processes (B<sched_setscheduler>(2), "
"B<sched_setparam>(2), B<sched_setattr>(2));"
msgstr ""
"Echtzeit-Scheduling-Richtlinien zum Prozessaufruf und Scheduling-Richtlinien "
"und -Prioritäten für beliebige Prozesse setzen (B<sched_setscheduler>(2), "
"B<sched_setparam>(2), B<sched_setattr>(2));"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "set CPU affinity for arbitrary processes (B<sched_setaffinity>(2));"
msgstr "CPU-Affinität für beliebige Prozesse setzen (B<sched_setaffinity>(2));"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"set I/O scheduling class and priority for arbitrary processes "
"(B<ioprio_set>(2));"
msgstr ""
"E/A-Scheduling-Klassen und -Prioritäten für beliebige Prozesse setzen "
"(B<ioprio_set>(2));"

#.  FIXME CAP_SYS_NICE also has the following effect for
#.  migrate_pages(2):
#.      do_migrate_pages(mm, &old, &new,
#.          capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
#.  Document this.
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"apply B<migrate_pages>(2)  to arbitrary processes and allow processes to be "
"migrated to arbitrary nodes;"
msgstr ""
"B<migrate_pages>(2) auf beliebige Prozesse anwenden und Prozessen erlauben, "
"auf beliebige Knoten zu migrieren;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "apply B<move_pages>(2)  to arbitrary processes;"
msgstr "B<move_pages>(2) auf beliebige Prozesse anwenden;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"use the B<MPOL_MF_MOVE_ALL> flag with B<mbind>(2)  and B<move_pages>(2)."
msgstr ""
"den Schalter B<MPOL_MF_MOVE_ALL> mit B<mbind>(2) und B<move_pages>(2) "
"verwenden."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYS_PACCT>"
msgstr "B<CAP_SYS_PACCT>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Use B<acct>(2)."
msgstr "B<acct>(2) verwenden."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYS_PTRACE>"
msgstr "B<CAP_SYS_PTRACE>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Trace arbitrary processes using B<ptrace>(2);"
msgstr "Nachverfolgen beliebiger Prozesse mittels B<ptrace>(2);"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "apply B<get_robust_list>(2)  to arbitrary processes;"
msgstr "B<get_robust_list>(2) auf beliebige Prozesse anwenden;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"transfer data to or from the memory of arbitrary processes using "
"B<process_vm_readv>(2)  and B<process_vm_writev>(2);"
msgstr ""
"Daten vom oder zum Speicher beliebiger Prozesse mittels "
"B<process_vm_readv>(2) und B<process_vm_writev>(2) übertragen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "inspect processes using B<kcmp>(2)."
msgstr "Prozesse mittels B<kcmp>(2) inspizieren."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYS_RAWIO>"
msgstr "B<CAP_SYS_RAWIO>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Perform I/O port operations (B<iopl>(2)  and B<ioperm>(2));"
msgstr "E/A-Port-Aktionen ausführen (B<iopl>(2) und B<ioperm>(2));"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "access I</proc/kcore>;"
msgstr "auf I</proc/kcore> zugreifen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "employ the B<FIBMAP> B<ioctl>(2)  operation;"
msgstr "die B<FIBMAP>-Aktion B<ioctl>(2) einsetzen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"open devices for accessing x86 model-specific registers (MSRs, see "
"B<msr>(4));"
msgstr ""
"Geräte für den Zugriff auf x86-modellspezifische Register (MSRs, siehe "
"B<msr>(4)) öffnen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "update I</proc/sys/vm/mmap_min_addr>;"
msgstr "I</proc/sys/vm/mmap_min_addr> aktualisieren;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"create memory mappings at addresses below the value specified by I</proc/sys/"
"vm/mmap_min_addr>;"
msgstr ""
"Speichereinblendungen an Adressen unterhalb des durch I</proc/sys/vm/"
"mmap_min_addr> angegebenen Wertes erstellen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "map files in I</proc/bus/pci>;"
msgstr "Dateien in I</proc/bus/pci> einblenden;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "open I</dev/mem> and I</dev/kmem>;"
msgstr "I</dev/mem> und I</dev/kmem> öffnen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "perform various SCSI device commands;"
msgstr "verschiedene SCSI-Geräte-Befehle ausführen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "perform certain operations on B<hpsa>(4)  and B<cciss>(4)  devices;"
msgstr "bestimmte Aktionen auf B<hpsa>(4)- und B<cciss>(4)-Geräten ausführen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "perform a range of device-specific operations on other devices."
msgstr ""
"eine Reihe von Geräte-spezifischen Aktionen auf anderen Geräten ausführen."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYS_RESOURCE>"
msgstr "B<CAP_SYS_RESOURCE>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Use reserved space on ext2 filesystems;"
msgstr "reservierten Platz auf Ext2-Dateisystemen verwenden;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "make B<ioctl>(2)  calls controlling ext3 journaling;"
msgstr "B<ioctl>(2)-Aufrufe ausführen, die das Journaling von Ext3 steuern;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "override disk quota limits;"
msgstr "Platten-Kontingent-Begrenzungen außer Kraft setzen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "increase resource limits (see B<setrlimit>(2));"
msgstr "Ressourcenbegrenzungen erhöhen (siehe B<setrlimit>(2));"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "override maximum number of consoles on console allocation;"
msgstr ""
"maximale Anzahl von Konsolen bei der Konsolenzuteilung außer Kraft setzen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "override maximum number of keymaps;"
msgstr "maximale Anzahl an Tastaturdefinitionen außer Kraft setzen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "allow more than 64hz interrupts from the real-time clock;"
msgstr "mehr als 64 Hz-Unterbrechungen von der Echtzeituhr erlauben;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"raise I<msg_qbytes> limit for a System V message queue above the limit in I</"
"proc/sys/kernel/msgmnb> (see B<msgop>(2)  and B<msgctl>(2));"
msgstr ""
"die I<msg_qbytes>-Begrenzung für eine System-V-Nachrichtenwarteschlange über "
"die Grenze in I</proc/sys/kernel/msgmnb> anheben (siehe B<msgop>(2) und "
"B<msgctl>(2));"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"allow the B<RLIMIT_NOFILE> resource limit on the number of \"in-flight\" "
"file descriptors to be bypassed when passing file descriptors to another "
"process via a UNIX domain socket (see B<unix>(7));"
msgstr ""
"erlauben, die Ressourcenbegrenzung B<RLIMIT_NOFILE> bezüglich der Anzahl der "
"»laufenden« Dateideskriptoren zu umgehen, wenn Dateideskriptoren an andere "
"Prozesse mittels UNIX-Domain-Sockets übergeben werden (siehe B<unix>(7));"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"override the I</proc/sys/fs/pipe-size-max> limit when setting the capacity "
"of a pipe using the B<F_SETPIPE_SZ> B<fcntl>(2)  command;"
msgstr ""
"die I</proc/sys/fs/pipe-size-max>-Begrenzung beim Setzen der Kapazität einer "
"Pipe mittels des B<F_SETPIPE_SZ>-Befehls B<fcntl>(2) außer Kraft setzen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"use B<F_SETPIPE_SZ> to increase the capacity of a pipe above the limit "
"specified by I</proc/sys/fs/pipe-max-size>;"
msgstr ""
"B<F_SETPIPE_SZ> verwenden, um die Kapazität einer Pipe über die in I</proc/"
"sys/fs/pipe-max-size> angegebene Grenze erhöhen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"override I</proc/sys/fs/mqueue/queues_max>, I</proc/sys/fs/mqueue/msg_max>, "
"and I</proc/sys/fs/mqueue/msgsize_max> limits when creating POSIX message "
"queues (see B<mq_overview>(7));"
msgstr ""
"die I</proc/sys/fs/mqueue/queues_max>, I</proc/sys/fs/mqueue/msg_max>, und "
"I</proc/sys/fs/mqueue/msgsize_max>-Begrenzungen beim Erstellen von POSIX-"
"Nachrichtenwarteschlangen (siehe B<mq_overview>(7)) außer Kraft setzen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "employ the B<prctl>(2)  B<PR_SET_MM> operation;"
msgstr "die B<prctl>(2)-Aktion B<PR_SET_MM> einsetzen;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"set I</proc/>pidI</oom_score_adj> to a value lower than the value last set "
"by a process with B<CAP_SYS_RESOURCE>."
msgstr ""
"I</proc/>PIDI</oom_score_adj> auf einen Wert niedriger als den zuletzt durch "
"einen Prozess mit B<CAP_SYS_RESOURCE> gesetzten Wert setzen."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYS_TIME>"
msgstr "B<CAP_SYS_TIME>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Set system clock (B<settimeofday>(2), B<stime>(2), B<adjtimex>(2)); set real-"
"time (hardware) clock."
msgstr ""
"Systemuhr setzen (B<settimeofday>(2), B<stime>(2), B<adjtimex>(2)); "
"Echtzeit- (Hardware-)Uhr setzen."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYS_TTY_CONFIG>"
msgstr "B<CAP_SYS_TTY_CONFIG>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Use B<vhangup>(2); employ various privileged B<ioctl>(2)  operations on "
"virtual terminals."
msgstr ""
"B<vhangup>(2) einsetzen; verschiedene privilegierte B<ioctl>(2)-Aktionen auf "
"virtuelle Terminals einsetzen."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYSLOG> (since Linux 2.6.37)"
msgstr "B<CAP_SYSLOG> (seit Linux 2.6.37)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Perform privileged B<syslog>(2)  operations.  See B<syslog>(2)  for "
"information on which operations require privilege."
msgstr ""
"Privilegierte B<syslog>(2)-Aktionen ausführen. Siehe B<syslog>(2) für "
"Informationen, welche Aktionen Privilegien benötigen."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"View kernel addresses exposed via I</proc> and other interfaces when I</proc/"
"sys/kernel/kptr_restrict> has the value 1.  (See the discussion of the "
"I<kptr_restrict> in B<proc>(5).)"
msgstr ""
"Über I</proc> bereitgestellte Kernel-Adressen und andere Schnittstellen "
"anschauen, wenn I</proc/sys/kernel/kptr_restrict> den Wert 1 hat. (Lesen Sie "
"die Diskussion über I<kptr_restrict> in B<proc>(5).)"

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_WAKE_ALARM> (since Linux 3.0)"
msgstr "B<CAP_WAKE_ALARM> (seit Linux 3.0)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Trigger something that will wake up the system (set B<CLOCK_REALTIME_ALARM> "
"and B<CLOCK_BOOTTIME_ALARM> timers)."
msgstr ""
"Etwas auslösen, dass das System aufwecken wird (siehe die Timer "
"B<CLOCK_REALTIME_ALARM> und B<CLOCK_BOOTTIME_ALARM>)."

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Past and current implementation"
msgstr "Frühere und heutige Implementierungen"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "A full implementation of capabilities requires that:"
msgstr "Eine komplette Implementierung von Capabilitys verlangt folgendes:"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"For all privileged operations, the kernel must check whether the thread has "
"the required capability in its effective set."
msgstr ""
"Für alle privilegierten Aktionen muss der Kernel prüfen, ob der Thread die "
"benötigten Capabilitys in seiner effektiven Menge hat."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The kernel must provide system calls allowing a thread's capability sets to "
"be changed and retrieved."
msgstr ""
"Der Kernel muss Systemaufrufe bereitstellen, die es erlauben, dass die "
"Capability-Menge des Threads geändert und ermittelt wird."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The filesystem must support attaching capabilities to an executable file, so "
"that a process gains those capabilities when the file is executed."
msgstr ""
"Das Dateisystem muss das Anhängen von Capabilitys an ausführbare Dateien "
"erlauben, so dass ein Prozess solche Capabilitys erhält, wenn die Datei "
"ausgeführt wird."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Before Linux 2.6.24, only the first two of these requirements are met; since "
"Linux 2.6.24, all three requirements are met."
msgstr ""
"Vor Linux 2.6.24 waren nur die ersten zwei dieser Anforderungen erfüllt, "
"seit Linux 2.6.24 sind alle drei Anforderungen erfüllt."

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Notes to kernel developers"
msgstr "Hinweise für Kernel-Entwickler"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"When adding a new kernel feature that should be governed by a capability, "
"consider the following points."
msgstr ""
"Wenn Sie eine neue Kernel-Funktionalität hinzufügen, die über eine "
"Capability geregelt werden soll, beachten Sie die nachfolgenden Punkte."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The goal of capabilities is divide the power of superuser into pieces, such "
"that if a program that has one or more capabilities is compromised, its "
"power to do damage to the system would be less than the same program running "
"with root privilege."
msgstr ""
"Das Ziel von Capabilitys besteht darin, die Macht des Systembenutzers in "
"Teile zu zerlegen. Wird dann ein Programm, das eine oder mehrere Capabilitys "
"hat, kompromittiert, dann kann weniger Schaden angerichtet werden, als wenn "
"das Programm mit Root-Rechten liefe."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"You have the choice of either creating a new capability for your new "
"feature, or associating the feature with one of the existing capabilities.  "
"In order to keep the set of capabilities to a manageable size, the latter "
"option is preferable, unless there are compelling reasons to take the former "
"option.  (There is also a technical limit: the size of capability sets is "
"currently limited to 64 bits.)"
msgstr ""
"Sie haben die Wahl, entweder ein neues Capability für Ihre neue "
"Funktionalität hinzuzufügen, oder die Funktionalität einer bereits "
"bestehenden Capability zuzuordnen. Um die Menge der Capabilitys auf eine "
"verwaltbare Größe zu begrenzen, wird die zweite Variante bevorzugt, außer es "
"gibt überzeugende Gründe, die erste Variante zu wählen. (Es gibt auch eine "
"technische Grenze: Die Größe der Capability-Menge ist derzeit auf 64 bit "
"beschränkt.)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"To determine which existing capability might best be associated with your "
"new feature, review the list of capabilities above in order to find a "
"\"silo\" into which your new feature best fits.  One approach to take is to "
"determine if there are other features requiring capabilities that will "
"always be used along with the new feature.  If the new feature is useless "
"without these other features, you should use the same capability as the "
"other features."
msgstr ""
"Um zu bestimmen, zu welcher bestehenden Capability Ihre neue Funktionalität "
"am besten zugeordnet werden könnte, prüfen Sie die obige Liste der "
"Capabilitys, um ein »Silo« zu finden, in das Ihre neue Funktionalität am "
"besten passt. Ein Vorgehen besteht darin, zu bestimmen, ob es andere "
"Funktionalitäten gibt, die Capabilitys benötigen, die immer zusammen mit "
"Ihrer neuen Funktionalität benötigt werden. Falls Ihre neue Funktionalität "
"ohne diese andere Funktionalität nutzlos ist, dann sollten Sie die gleiche "
"Capability wie die andere Funktionalität verwenden."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"I<Don't> choose B<CAP_SYS_ADMIN> if you can possibly avoid it! A vast "
"proportion of existing capability checks are associated with this capability "
"(see the partial list above).  It can plausibly be called \"the new root\", "
"since on the one hand, it confers a wide range of powers, and on the other "
"hand, its broad scope means that this is the capability that is required by "
"many privileged programs.  Don't make the problem worse.  The only new "
"features that should be associated with B<CAP_SYS_ADMIN> are ones that "
"I<closely> match existing uses in that silo."
msgstr ""
"Verwenden Sie I<nicht> B<CAP_SYS_ADMIN>, falls Sie es irgendwie vermeiden "
"können. Ein riesiger Anteil an bestehenden Capability-Überprüfungen ist "
"dieser Capability zugeordnet (siehe die Teilliste weiter oben). Sie kann "
"glaubhaft als »der neue Root« bezeichnet werden, da sie eine große "
"Bandbreite an Rechten verleiht, und andererseits bedeutet ihr großer "
"Geltungsbereich, dass es eine Capability ist, die von vielen privilegierten "
"Programmen benötigt wird. Verschlimmern Sie das Problem nicht. Die einzigen "
"neuen Funktionalitäten, die B<CAP_SYS_ADMIN> zugeordnet werden sollten, sind "
"diejenigen, die I<eng> zu bestehenden Anwendungsfällen in diesem Silo passen."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If you have determined that it really is necessary to create a new "
"capability for your feature, don't make or name it as a \"single-use\" "
"capability.  Thus, for example, the addition of the highly specific "
"B<CAP_SYS_PACCT> was probably a mistake.  Instead, try to identify and name "
"your new capability as a broader silo into which other related future use "
"cases might fit."
msgstr ""
"Falls Sie ermittelt haben, dass Sie wirklich eine neue Capability für Ihre "
"Funktionalität benötigen, führen Sie sie nicht als »Einzelverwendung«-"
"Capability ein (oder benennen Sie es so). Daher war beispielsweise die "
"Ergänzung der hochspezifischen B<CAP_SYS_PACCT> wahrscheinlich ein Fehler. "
"Versuchen Sie stattdessen, Ihre neue Capability als ein breiteres Silo zu "
"identifizieren und zu benennen, in das andere, damit im Zusammenhang "
"stehende zukünftige Anwendungsfälle passen könnten."

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Thread capability sets"
msgstr "Capability-Mengen von Threads"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Each thread has the following capability sets containing zero or more of the "
"above capabilities:"
msgstr ""
"Jeder Thread hat die folgenden Capability-Mengen, die null oder mehr der "
"oben aufgeführten Capabilitys enthalten:"

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "I<Permitted>"
msgstr "I<Permitted> (erlaubt)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"This is a limiting superset for the effective capabilities that the thread "
"may assume.  It is also a limiting superset for the capabilities that may be "
"added to the inheritable set by a thread that does not have the "
"B<CAP_SETPCAP> capability in its effective set."
msgstr ""
"Dies ist die begrenzende Übermenge für die effektiven Capabilitys, die ein "
"Thread annehmen kann. Es ist auch die begrenzende Übermenge für die "
"Capabilites, die zu der vererbbaren Menge durch einen Thread hinzugefügt "
"werden dürfen, der nicht die Capability B<CAP_SETPCAP> in seiner effektiven "
"Menge hat."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If a thread drops a capability from its permitted set, it can never "
"reacquire that capability (unless it B<execve>(2)s either a set-user-ID-root "
"program, or a program whose associated file capabilities grant that "
"capability)."
msgstr ""
"Falls ein Thread eine Capability aus seiner erlaubten Menge entfernt, kann "
"es diese Capability niemals wiedererlangen (außer es führt ein Set-User-ID-"
"Root-Programm mit B<execve>(2) aus oder ein Programm, dessen zugeordnete "
"Datei-Capabilitys diese Capability wieder bewilligen)."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "I<Inheritable>"
msgstr "I<Inheritable> (vererbbar)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"This is a set of capabilities preserved across an B<execve>(2).  Inheritable "
"capabilities remain inheritable when executing any program, and inheritable "
"capabilities are added to the permitted set when executing a program that "
"has the corresponding bits set in the file inheritable set."
msgstr ""
"Dies ist eine Menge von Capabilitys, die über B<execve>(2) hinweg erhalten "
"bleiben. Vererbbare Capabilitys bleiben bei der Ausführung jedes Programms "
"vererbbar und vererbbare Capbabilities werden zu der erlaubten Menge bei der "
"Ausführung eines Programms, das die entsprechenden Bits in der Datei-"
"Vererbbaren-Menge gesetzt hat, hinzugefügt."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Because inheritable capabilities are not generally preserved across "
"B<execve>(2)  when running as a non-root user, applications that wish to run "
"helper programs with elevated capabilities should consider using ambient "
"capabilities, described below."
msgstr ""
"Da vererbbare Capabilitys im allgemeinen nicht über B<execve>(2)-Aufrufe "
"erhalten werden, wenn dies nicht als Benutzer root erfolgt, sollten "
"Anwendungen, die Hilfsprogramme mit erhöhten Capabilitys ausführen wollen, "
"die Verwendung der unten beschriebenen Umgebungs-Capabilitys in Betracht "
"ziehen."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "I<Effective>"
msgstr "I<Effective> (effektiv)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"This is the set of capabilities used by the kernel to perform permission "
"checks for the thread."
msgstr ""
"Dies ist die Menge an Capabilitys, der vom Kernel zur Durchführung von "
"Rechteprüfungen für den Thread verwandt wird."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "I<Bounding> (per-thread since Linux 2.6.25)"
msgstr "I<Bounding> (pro-Thread seit Linux 2.6.25)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The capability bounding set is a mechanism that can be used to limit the "
"capabilities that are gained during B<execve>(2)."
msgstr ""
"Die Capability-Begrenzungsmenge ist ein Mechanismus, der zur Begrenzung der "
"Capabilitys, die während eines B<execve>(2) erlangt werden, dienen kann."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Since Linux 2.6.25, this is a per-thread capability set.  In older kernels, "
"the capability bounding set was a system wide attribute shared by all "
"threads on the system."
msgstr ""
"Seit Linux 2.6.25 ist dies eine pro-Thread-Capability-Menge. In älteren "
"Kerneln war die Capability-Begrenzungsmenge ein systemweites Attribut, das "
"von allen Threads des Systems gemeinsam benutzt wurde."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "For more details, see I<Capability bounding set> below."
msgstr "Für weitere Details, siehe I<Capability-Begrenzungsmenge> unten."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "I<Ambient> (since Linux 4.3)"
msgstr "I<Ambient> (Umgebung) (seit Linux 4.3)"

#.  commit 58319057b7847667f0c9585b9de0e8932b0fdb08
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"This is a set of capabilities that are preserved across an B<execve>(2)  of "
"a program that is not privileged.  The ambient capability set obeys the "
"invariant that no capability can ever be ambient if it is not both permitted "
"and inheritable."
msgstr ""
"Dies ist eine Menge von Capabilitys, die über B<execve>(2) eines nicht "
"privilegierten Programms hinweg erhalten bleiben. Die Umgebungs-Capability-"
"Menge folgt der Invarianz, dass keine Capability jemals eine Umgebungs-"
"Capability sein kann, falls sie nicht sowohl erlaubt als auch vererbbar ist."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The ambient capability set can be directly modified using B<prctl>(2).  "
"Ambient capabilities are automatically lowered if either of the "
"corresponding permitted or inheritable capabilities is lowered."
msgstr ""
"Die Umgebungs-Capability-Menge kann direkt mit B<prctl>(2) verändert werden. "
"Umgebungs-Capabilitys werden automatisch abgesenkt, falls entweder die "
"entsprechende erlaubte oder vererbbare Capability abgesenkt wird."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Executing a program that changes UID or GID due to the set-user-ID or set-"
"group-ID bits or executing a program that has any file capabilities set will "
"clear the ambient set.  Ambient capabilities are added to the permitted set "
"and assigned to the effective set when B<execve>(2)  is called.  If ambient "
"capabilities cause a process's permitted and effective capabilities to "
"increase during an B<execve>(2), this does not trigger the secure-execution "
"mode described in B<ld.so>(8)."
msgstr ""
"Wird ein Programm ausgeführt, das die UID oder GID aufgrund von set-user-ID- "
"oder set-group-ID-Bits ändert oder das über eine Menge an Datei-Capabilitys "
"verfügt, dann wird die Umgebungsmenge geleert. Umgebungs-Capabilitys werden "
"zu der erlaubten Menge hinzugefügt und der effektiven Menge zugewiesen, wenn "
"B<execve>(2) aufgerufen wird. Falls Umgebungs-Capabilitys dazu führen, dass "
"die erlaubten und effektiven Capabilitys während eines B<execve>(2) "
"anwachsen, löst dies keinen sicheren Ausführmodus, wie in B<ld.so>(8) "
"beschrieben, aus."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"A child created via B<fork>(2)  inherits copies of its parent's capability "
"sets.  For details on how B<execve>(2)  affects capabilities, see "
"I<Transformation of capabilities during execve()> below."
msgstr ""
"Ein mittels B<fork>(2) erstelltes Kind erbt Kopien der Eltern-Capability-"
"Menge. Für Details, wie B<execve>(2) Capabilitys beeinflusst, siehe "
"nachfolgenden Abschnitt I<Umwandlungen von Capabilitys während execve()>."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Using B<capset>(2), a thread may manipulate its own capability sets; see "
"I<Programmatically adjusting capability sets> below."
msgstr ""
"Mittels B<capset>(2) kann ein Thread seine eigenen Capability-Mengen "
"bearbeiten; siehe nachfolgenden Abschnitt I<Programmatische Anpassung von "
"Capability-Mengen>."

#.  commit 73efc0394e148d0e15583e13712637831f926720
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Since Linux 3.2, the file I</proc/sys/kernel/cap_last_cap> exposes the "
"numerical value of the highest capability supported by the running kernel; "
"this can be used to determine the highest bit that may be set in a "
"capability set."
msgstr ""
"Seit Linux 3.2 legt die Datei I</proc/sys/kernel/cap_last_cap> den "
"numerischen Wert der höchsten vom laufenden Kernel unterstützten Capability "
"offen. Dies kann zur Bestimmung des höchsten Bits, das in einer Capability-"
"Gruppe gesetzt werden kann, genutzt werden."

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "File capabilities"
msgstr "Datei-Capabilitys"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Since Linux 2.6.24, the kernel supports associating capability sets with an "
"executable file using B<setcap>(8).  The file capability sets are stored in "
"an extended attribute (see B<setxattr>(2)  and B<xattr>(7))  named "
"I<security.capability>.  Writing to this extended attribute requires the "
"B<CAP_SETFCAP> capability.  The file capability sets, in conjunction with "
"the capability sets of the thread, determine the capabilities of a thread "
"after an B<execve>(2)."
msgstr ""
"Seit Linux 2.6.24 unterstützt der Kernel die Zuordnung von Capability-Mengen "
"zu einer ausführbaren Datei mittels B<setcap>(8). Die Datei-Capability-"
"Mengen werden in erweiterten Attributen namens I<security.capability> "
"gespeichert (siehe B<setxattr>(2) und B<xattr>(7)). Das Schreiben in diese "
"erweiterten Attribute benötigt die Capability B<CAP_SETFCAP>. Die Datei-"
"Capability-Mengen bestimmen zusammen mit den Capability-Mengen des Threads "
"die Capabilitys nach einem B<execve>(2)."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "The three file capability sets are:"
msgstr "Die drei Datei-Capability-Mengen sind:"

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "I<Permitted> (formerly known as I<forced>):"
msgstr "I<Permitted> (erlaubt, früher als I<forced> (erzwungen) bekannt):"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"These capabilities are automatically permitted to the thread, regardless of "
"the thread's inheritable capabilities."
msgstr ""
"Diese Capabilitys werden dem Thread automatisch erlaubt, unabhängig von den "
"geerbten Capabilitys des Threads."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "I<Inheritable> (formerly known as I<allowed>):"
msgstr "I<Inheritable> (vererbbar, früher als I<allowed> (erlaubt) bekannt):"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"This set is ANDed with the thread's inheritable set to determine which "
"inheritable capabilities are enabled in the permitted set of the thread "
"after the B<execve>(2)."
msgstr ""
"Diese Menge wird mittels AND mit der vererbbaren Menge des Threads "
"verknüpft, um zu bestimmen, welche vererbbaren Capabilitys in der erlaubten "
"Menge des Threads nach einem B<execve>(2) aktiviert werden."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "I<Effective>:"
msgstr "I<Effective> (effektiv):"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"This is not a set, but rather just a single bit.  If this bit is set, then "
"during an B<execve>(2)  all of the new permitted capabilities for the thread "
"are also raised in the effective set.  If this bit is not set, then after an "
"B<execve>(2), none of the new permitted capabilities is in the new effective "
"set."
msgstr ""
"Dies ist keine Menge, sondern eher ein einziges Bit. Falls dieses Bit "
"gesetzt ist, dann werden während eines B<execve>(2) die gesamten erlaubten "
"Capabilties für den Thread in die effektive Menge hochgezogen. Falls dieses "
"Bit nicht gesetzt ist, dann wird nach einem B<execve>(2) keine der erlaubten "
"Capabilitys in der neuen effektiven Menge sein."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Enabling the file effective capability bit implies that any file permitted "
"or inheritable capability that causes a thread to acquire the corresponding "
"permitted capability during an B<execve>(2)  (see I<Transformation of "
"capabilities during execve()> below) will also acquire that capability in "
"its effective set.  Therefore, when assigning capabilities to a file "
"(B<setcap>(8), B<cap_set_file>(3), B<cap_set_fd>(3)), if we specify the "
"effective flag as being enabled for any capability, then the effective flag "
"must also be specified as enabled for all other capabilities for which the "
"corresponding permitted or inheritable flag is enabled."
msgstr ""
"Aktivieren des effektiven Datei-Capability-Bits impliziert, dass jede "
"erlaubte oder vererbte Datei-Capability, die dazu führt, dass ein Thread die "
"entsprechende erlaubte Capability während eines B<execve>(2) erlangt (siehe "
"den nachfolgenden Abschnitt I<Umwandlungen von Capabilitys während "
"execve()>), auch dazu führt, dass er die Capability in seiner effektiven "
"Menge erlangt. Werden daher Capabilitys zu einer Datei zugeweisen "
"((B<setcap>(8), B<cap_set_file>(3), B<cap_set_fd>(3)), falls der effektive "
"Schalter für irgendeine Capability aktiviert ist, dann muss der effektive "
"Schalter auch als aktiviert für alle anderen Capabilitys, für die die "
"entsprechenden erlaubten oder vererbbaren Schalter aktiviert sind, "
"spezifiziert werden."

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "File capability extended attribute versioning"
msgstr "Erweiterte Attributversionierung von Datei-Capabilitys"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"To allow extensibility, the kernel supports a scheme to encode a version "
"number inside the I<security.capability> extended attribute that is used to "
"implement file capabilities.  These version numbers are internal to the "
"implementation, and not directly visible to user-space applications.  To "
"date, the following versions are supported:"
msgstr ""
"Um Erweiterbarkeit zu erlauben, unterstützt der Kernel ein Schema, um eine "
"Versionsnummer innerhalb des erweiterten Attributs I<security.capability> zu "
"kodieren, die zur Implementierung von Datei-Capabilitys verwandt wird. Diese "
"Versionsnummern sind implementierungsintern und für Benutzerraum-Anwendungen "
"nicht direkt sichtbar. Derzeit werden die folgenden Versionen unterstützt:"

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<VFS_CAP_REVISION_1>"
msgstr "B<VFS_CAP_REVISION_1>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"This was the original file capability implementation, which supported 32-bit "
"masks for file capabilities."
msgstr ""
"Dies war die ursprüngliche Datei-Capability-Implementierung, die 32-Bit-"
"Masken für Datei-Capabilitys unterstützte."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<VFS_CAP_REVISION_2> (since Linux 2.6.25)"
msgstr "B<VFS_CAP_REVISION_2> (seit Linux 2.6.25)"

#.  commit e338d263a76af78fe8f38a72131188b58fceb591
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"This version allows for file capability masks that are 64 bits in size, and "
"was necessary as the number of supported capabilities grew beyond 32.  The "
"kernel transparently continues to support the execution of files that have "
"32-bit version 1 capability masks, but when adding capabilities to files "
"that did not previously have capabilities, or modifying the capabilities of "
"existing files, it automatically uses the version 2 scheme (or possibly the "
"version 3 scheme, as described below)."
msgstr ""
"Diese Version erlaubt Datei-Capability-Masken in der Größe von 64 Bit und "
"wurde notwendig, da die Anzahl an unterstützen Capabilitys 32 überstieg. Der "
"Kernel unterstützt weiterhin transparent die Ausführung von Dateien mit 32-"
"Bit-Version-1-Capability-Masken, aber wenn Capabilitys zu Dateien "
"hinzugefügt werden, die bisher keine Capabilitys hatten, oder Capabilitys "
"von bestehenden Dateien geändert werden, wird automatisch das Version-2-"
"Schema (oder möglicherweise das unten beschriebene Version-3-Schema) "
"verwandt."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<VFS_CAP_REVISION_3> (since Linux 4.14)"
msgstr "B<VFS_CAP_REVISION_3> (seit Linux 4.14)"

#.  commit 8db6c34f1dbc8e06aa016a9b829b06902c3e1340
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Version 3 file capabilities are provided to support namespaced file "
"capabilities (described below)."
msgstr ""
"Version-3-Datei-Capabilitys werden zur Unterstützung von (nachfolgend "
"beschriebenen) namensraumbezogenen Datei-Capabilitys bereitgestellt."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"As with version 2 file capabilities, version 3 capability masks are 64 bits "
"in size.  But in addition, the root user ID of namespace is encoded in the "
"I<security.capability> extended attribute.  (A namespace's root user ID is "
"the value that user ID 0 inside that namespace maps to in the initial user "
"namespace.)"
msgstr ""
"Wie bei Version-2-Datei-Capabilitys sind die Version-3-Capability Masken 64 "
"Bit groß. Aber zusätzlich wird die Wurzelbenutzerkennung des Namensraums in "
"dem erweiterten Attribut I<security.capability> kodiert. (Eine Namensraum-"
"Wurzelbenutzerkennung ist der Wert, auf den die Benutzerkennung 0 innerhalb "
"dieses Namensraums in dem ursprünglichen Namensraum abgebildet wird.)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Version 3 file capabilities are designed to coexist with version 2 "
"capabilities; that is, on a modern Linux system, there may be some files "
"with version 2 capabilities while others have version 3 capabilities."
msgstr ""
"Version-3-Datei-Capabilitys sind so entwickelt worden, dass sie mit "
"Version-2-Capabilitys koexistieren können, d.h. auf einem modernen Linux-"
"System können einige Dateien Version-2-Capabilitys tragen, während andere "
"Version-3-Capabilitys haben."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Before Linux 4.14, the only kind of file capability extended attribute that "
"could be attached to a file was a B<VFS_CAP_REVISION_2> attribute.  Since "
"Linux 4.14, the version of the I<security.capability> extended attribute "
"that is attached to a file depends on the circumstances in which the "
"attribute was created."
msgstr ""
"Vor Linux 4.14 war die einzige Art des erweiterten Attributs für Datei-"
"Capabilitys, die an eine Datei angehängt werden konnten, ein "
"B<VFS_CAP_REVISION_2>-Attribut. Seit Linux 4.14 hängt die Version des "
"erweiterten Attributs I<security.capability>, die an eine Datei angehängt "
"werden kann, von den Umständen ab, unter denen das Attribut erstellt wurde."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Starting with Linux 4.14, a I<security.capability> extended attribute is "
"automatically created as (or converted to)  a version 3 "
"(B<VFS_CAP_REVISION_3>)  attribute if both of the following are true:"
msgstr ""
"Seit Linux 4.14 wird ein erweitertes Attribut I<security.capability> "
"automatisch als ein Version-3-(B<VFS_CAP_REVISION_3>)-Attribut erstellt "
"(oder in ein solches umgewandelt), falls beide folgenden Punkte zutreffen:"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The thread writing the attribute resides in a noninitial user namespace.  "
"(More precisely: the thread resides in a user namespace other than the one "
"from which the underlying filesystem was mounted.)"
msgstr ""
"Der Thread, der das Attribut schreibt, befindet sich in einem nichtinitialen "
"Benutzernamensraum. (Genauer: Der Thread befindet sich in einem "
"Benutzernamensraum, der sich von dem unterscheidet, unter dem das "
"darunterliegende Dateisystem eingehängt wurde.)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The thread has the B<CAP_SETFCAP> capability over the file inode, meaning "
"that (a) the thread has the B<CAP_SETFCAP> capability in its own user "
"namespace; and (b) the UID and GID of the file inode have mappings in the "
"writer's user namespace."
msgstr ""
"Der Thread hat die Capability B<CAP_SETFCAP> über der Datei-Inode, was "
"bedeutet, dass (a) der Thread die Capability B<CAP_SETFCAP> in seinem "
"eigenen Benutzernamensraum hat und (b) die UID und GID der Datei-Inode "
"Abbildungen in den Namensraum des schreibenden Benutzers haben."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"When a B<VFS_CAP_REVISION_3> I<security.capability> extended attribute is "
"created, the root user ID of the creating thread's user namespace is saved "
"in the extended attribute."
msgstr ""
"Wenn ein erweitertes Attribut B<VFS_CAP_REVISION_3> I<security.capability> "
"erstellt wird, wird die Wurzelbenutzerkennung des erstellenden Namensraums "
"des Benutzers in dem erweiterten Attribut gespeichert."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"By contrast, creating or modifying a I<security.capability> extended "
"attribute from a privileged (B<CAP_SETFCAP>)  thread that resides in the "
"namespace where the underlying filesystem was mounted (this normally means "
"the initial user namespace)  automatically results in the creation of a "
"version 2 (B<VFS_CAP_REVISION_2>)  attribute."
msgstr ""
"Im Gegensatz dazu wird beim Erstellen oder Verändern eines erweiterten "
"Attributs I<security.capability> aus einem privilegierten (B<CAP_SETFCAP>) "
"Thread, der sich in dem Namensraum befindet, unter dem das darunterliegende "
"Dateisystem eingehängt wurde (dies bedeutet normalerweise den anfänglichen "
"Benutzernamensraum), automatisch zu der Erstellung eines Version-2-"
"(B<VFS_CAP_REVISION_2>)-Attributs führen."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Note that the creation of a version 3 I<security.capability> extended "
"attribute is automatic.  That is to say, when a user-space application "
"writes (B<setxattr>(2))  a I<security.capability> attribute in the version 2 "
"format, the kernel will automatically create a version 3 attribute if the "
"attribute is created in the circumstances described above.  Correspondingly, "
"when a version 3 I<security.capability> attribute is retrieved "
"(B<getxattr>(2))  by a process that resides inside a user namespace that was "
"created by the root user ID (or a descendant of that user namespace), the "
"returned attribute is (automatically)  simplified to appear as a version 2 "
"attribute (i.e., the returned value is the size of a version 2 attribute and "
"does not include the root user ID).  These automatic translations mean that "
"no changes are required to user-space tools (e.g., B<setcap>(1)  and "
"B<getcap>(1))  in order for those tools to be used to create and retrieve "
"version 3 I<security.capability> attributes."
msgstr ""
"Beachten Sie, dass die Erstellung von erweiterten Version 3-I<security."
"capability>-Attributen automatisch erfolgt. Mit anderen Worten: Der Kernel "
"wird automatisch ein Version-3-Attribut erstellen, falls das Attribut unter "
"den oben beschriebenen Umständen erstellt wird, wenn eine Anwendung im "
"Benutzerraum ein I<security.capability>-Attribut im Version-2-Format "
"schreibt (B<setxattr>(2)). Entsprechend wird das zurückgelieferte Attribut "
"(automatisch) vereinfacht, um als Version-2-Attribut zu erscheinen (d.h. der "
"Rückgabewert ist die Größe eines Version-2-Attrbutes und enthält nicht die "
"Root-Benutzerkennung), wenn ein Version-3-I<security.capability>-Attribut "
"durch einen Prozess, der sich innerhalb eines Benutzernamensraums befindet, "
"der durch die Root-Benutzerkennung (oder einem Abkömling dieses Namensraums) "
"erstellt wurde, abgefragt wird. Diese automatische Übersetzung bedeutet, "
"dass an den Werkzeugen im Benutzerraum (z.B. B<setcap>(1) und B<getcap>(1)) "
"keine Änderung vorgenommen werden muss, damit diese Werkzeuge zum Erstellen "
"und Abfragen von Version-3-I<security.capability>-Attributen verwandt werden "
"können."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Note that a file can have either a version 2 or a version 3 I<security."
"capability> extended attribute associated with it, but not both: creation or "
"modification of the I<security.capability> extended attribute will "
"automatically modify the version according to the circumstances in which the "
"extended attribute is created or modified."
msgstr ""
"Beachten Sie, dass der Datei entweder ein erweitertes Attribut I<security."
"capability> der Version 2 oder 3 zugeordnet werden kann, aber nicht beide: "
"Erstellung oder Änderung des erweiterten Attributs I<security.capability> "
"wird automatisch die Version abhängig von den Umständen, in denen das "
"erweiterte Attribut erstellt oder verändert wird, anpassen."

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Transformation of capabilities during execve()"
msgstr "Umwandlungen von Capabilitys während execve()"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"During an B<execve>(2), the kernel calculates the new capabilities of the "
"process using the following algorithm:"
msgstr ""
"Während eines B<execve>(2) berechnet der Kernel die neuen Capabilitys eines "
"Prozesses mit dem folgenden Algorithmus:"

#. type: Plain text
#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
#: opensuse-tumbleweed
#, no-wrap
msgid ""
"P'(ambient)     = (file is privileged) ? 0 : P(ambient)\n"
"\\&\n"
"P'(permitted)   = (P(inheritable) & F(inheritable)) |\n"
"                  (F(permitted) & P(bounding)) | P'(ambient)\n"
"\\&\n"
"P'(effective)   = F(effective) ? P'(permitted) : P'(ambient)\n"
"\\&\n"
"P'(inheritable) = P(inheritable)    [i.e., unchanged]\n"
"\\&\n"
"P'(bounding)    = P(bounding)       [i.e., unchanged]\n"
msgstr ""
"P'(ambient)     = (Datei ist privilegiert) ? 0 : P(ambient)\n"
"\\&\n"
"P'(permitted)   = (P(inheritable) & F(inheritable)) |\n"
"                  (F(permitted) & P(bounding)) | P'(ambient)\n"
"\\&\n"
"P'(effective)   = F(effective) ? P'(permitted) : P'(ambient)\n"
"\\&\n"
"P'(inheritable) = P(inheritable)    [d.h. unverändert]\n"
"\\&\n"
"P'(bounding)    = P(bounding)       [d.h. unverändert]\n"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "where:"
msgstr "wobei:"

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "P()"
msgstr "P()"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "denotes the value of a thread capability set before the B<execve>(2)"
msgstr ""
"bezeichnet den Wert einer Capability-Menge des Threads vor dem B<execve>(2)"

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "P'()"
msgstr "P'()"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "denotes the value of a thread capability set after the B<execve>(2)"
msgstr ""
"bezeichnet den Wert einer Capability-Menge des Threads nach dem B<execve>(2)"

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "F()"
msgstr "F()"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "denotes a file capability set"
msgstr "bezeichnet eine Datei-Capability-Menge"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Note the following details relating to the above capability transformation "
"rules:"
msgstr ""
"Beachten Sie die nachfolgenden Details in Hinblick auf die obigen Capability-"
"Umwandlungsregeln:"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The ambient capability set is present only since Linux 4.3.  When "
"determining the transformation of the ambient set during B<execve>(2), a "
"privileged file is one that has capabilities or has the set-user-ID or set-"
"group-ID bit set."
msgstr ""
"Die Umgebungs-Capability-Menge ist erst seit Linux 4.3 vorhanden. Bei der "
"Bestimmung der Übergänge der Umgebungsmenge während eines B<execve>(2) "
"bezeichnet eine privilegierte Datei eine, die über Capabilitys verfügt oder "
"das Bit »set-user-ID« oder »set-group-ID« gesetzt hat."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Prior to Linux 2.6.25, the bounding set was a system-wide attribute shared "
"by all threads.  That system-wide value was employed to calculate the new "
"permitted set during B<execve>(2)  in the same manner as shown above for "
"I<P(bounding)>."
msgstr ""
"Vor Linux 2.6.25 war die Begrenzungsmenge ein systemweites Attribut, das von "
"allen Threads gemeinsam benutzt wurde. Dieser systemweite Wert wurde "
"eingesetzt, um die neue erlaubte Menge während eines B<execve>(2) zu "
"berechnen, auf die gleiche Art wie oben für I<P(bounding)> gezeigt."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"I<Note>: during the capability transitions described above, file "
"capabilities may be ignored (treated as empty) for the same reasons that the "
"set-user-ID and set-group-ID bits are ignored; see B<execve>(2).  File "
"capabilities are similarly ignored if the kernel was booted with the "
"I<no_file_caps> option."
msgstr ""
"I<Hinweis:> Während der oben beschriebenen Capability-Übergänge könnten aus "
"den gleichen Gründen, aus denen auch die Bits set-user-ID and set-group-ID "
"ignoriert werden, Datei-Capabilitys ignoriert (als leer betrachtet) werden; "
"siehe B<execve>(2). Ähnlich werden Datei-Capabilitys ignoriert, falls der "
"Kernel mit der Option I<no_file_caps> gestartet wurde."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"I<Note>: according to the rules above, if a process with nonzero user IDs "
"performs an B<execve>(2)  then any capabilities that are present in its "
"permitted and effective sets will be cleared.  For the treatment of "
"capabilities when a process with a user ID of zero performs an B<execve>(2), "
"see I<Capabilities and execution of programs by root> below."
msgstr ""
"I<Hinweis:> Entsprechend den obigen Regeln werden alle Capabilitys, die in "
"der erlaubten und effektiven Menge vorhanden sind, zurückgesetzt, falls ein "
"Prozess mit von Null verschiedenen Benutzerkennungen ein B<execve>(2) "
"durchführt. Für die Behandlung der Capabilitys, wenn ein Prozess mit der "
"Benutzerkennung Null ein B<execve>(2) durchführt, siehe unten I<Capabilitys "
"und Ausführung von Programmen durch root>."

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Safety checking for capability-dumb binaries"
msgstr "Sicherheitsprüfungen für Capability-unfähige Programme"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"A capability-dumb binary is an application that has been marked to have file "
"capabilities, but has not been converted to use the B<libcap>(3)  API to "
"manipulate its capabilities.  (In other words, this is a traditional set-"
"user-ID-root program that has been switched to use file capabilities, but "
"whose code has not been modified to understand capabilities.)  For such "
"applications, the effective capability bit is set on the file, so that the "
"file permitted capabilities are automatically enabled in the process "
"effective set when executing the file.  The kernel recognizes a file which "
"has the effective capability bit set as capability-dumb for the purpose of "
"the check described here."
msgstr ""
"Ein Capability-unfähiges Programm ist eine Anwendung, die für Datei-"
"Capabilitys markiert ist, aber noch nicht für die Verwendung des "
"B<libcap>(3)-APIs zur Bearbeitung seiner Capabilitys konvertiert wurde. (Mit "
"anderen Worten, dies ist ein traditionelles »set-user-ID-root«-Programm, das "
"auf Datei-Capabilitys umgestellt wurde, aber dessen Code nicht angepasst "
"wurde, um mit Capabilitys umzugehen.) Für solche Anwendungen wird das "
"effektive Capability-Bit auf die Datei gesetzt, so dass die erlaubten "
"Capabilitys automatisch beim Ausführen der Datei in der effektiven Menge "
"aktiviert werden. Der Kernel erkennt für den hier beschriebenen Zweck eine "
"Datei, die das effektive Capability-Bit gesetzt hat, als Capability-unfähig."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"When executing a capability-dumb binary, the kernel checks if the process "
"obtained all permitted capabilities that were specified in the file "
"permitted set, after the capability transformations described above have "
"been performed.  (The typical reason why this might I<not> occur is that the "
"capability bounding set masked out some of the capabilities in the file "
"permitted set.)  If the process did not obtain the full set of file "
"permitted capabilities, then B<execve>(2)  fails with the error B<EPERM>.  "
"This prevents possible security risks that could arise when a capability-"
"dumb application is executed with less privilege than it needs.  Note that, "
"by definition, the application could not itself recognize this problem, "
"since it does not employ the B<libcap>(3)  API."
msgstr ""
"Beim Ausführen eines Capability-unfähigen Programms prüft der Kernel nach "
"den oben beschriebenen Umwandlungen, ob der Prozess alle erlaubten "
"Capabilitys, die in der Datei-erlaubten Menge angegeben wurden, erlangt hat. "
"(Ein typischer Grund, warum dies I<nicht> passieren könnte, liegt darin, "
"dass die Capability-Begrenzungsmenge einige der Capabilitys in der Datei-"
"erlaubten Menge ausblenden könnte.) Falls der Prozess nicht die komplette "
"Menge der Datei-erlaubten Capabilitys erlangte, schlägt B<execve>(2) mit dem "
"Fehler B<EPERM> fehl. Dies verhindert mögliche Sicherheitsrisiken, die "
"daraus resultieren, dass ein Capability-unfähiges Programm mit weniger als "
"den benötigten Privilegien ausgeführt wird. Beachten Sie, dass "
"definitionsgemäß die Anwendung das Problem nicht selbst erkennen könnte, da "
"sie nicht das B<libcap>(3)-API einsetzt."

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Capabilities and execution of programs by root"
msgstr "Capabilitys und Ausführung von Programmen durch root"

#.  See cap_bprm_set_creds(), bprm_caps_from_vfs_cap() and
#.  handle_privileged_root() in security/commoncap.c (Linux 5.0 source)
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"In order to mirror traditional UNIX semantics, the kernel performs special "
"treatment of file capabilities when a process with UID 0 (root) executes a "
"program and when a set-user-ID-root program is executed."
msgstr ""
"Um die traditionellen UNIX-Semantiken abzubilden, führt der Kernel eine "
"besondere Behandlung der Datei-Capabilitys durch, wenn ein Prozess mit UID 0 "
"(root) ein Programm ausführt und wenn ein set-user-ID-root-Programm "
"ausgeführt wird."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"After having performed any changes to the process effective ID that were "
"triggered by the set-user-ID mode bit of the binary\\[em]e.g., switching the "
"effective user ID to 0 (root) because a set-user-ID-root program was "
"executed\\[em]the kernel calculates the file capability sets as follows:"
msgstr ""
"Nachdem alle Änderungen an der effektiven Kennung des Prozesses vorgenommen "
"wurden, die durch das Modus-Bit set-user-ID des Programmes ausgelöst wurden, "
"z.B. Umschalten der effektiven Benutzerkennung auf 0 (root), da ein set-user-"
"ID-root-Programm ausgeführt wurde, berechnet der Kernel die Datei-Capability-"
"Menge wie folgt:"

#. type: IP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "(1)"
msgstr "(1)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If the real or effective user ID of the process is 0 (root), then the file "
"inheritable and permitted sets are ignored; instead they are notionally "
"considered to be all ones (i.e., all capabilities enabled).  (There is one "
"exception to this behavior, described in I<Set-user-ID-root programs that "
"have file capabilities> below.)"
msgstr ""
"Falls die reale oder effektive Benutzerkennung des Prozesses 0 (root) ist, "
"dann werden die vererbbaren und erlaubten Mengen ignoriert; stattdessen "
"werden sie fiktiv als komplett Eins (d.h. alle Capabilitys aktiviert) "
"betrachtet. (Es gibt für dieses Verhalten eine Ausnahme, die unten in I<Set-"
"user-ID-root-Programme, die Datei-Capabilitys haben> beschrieben ist.)"

#. type: IP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "(2)"
msgstr "(2)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If the effective user ID of the process is 0 (root) or the file effective "
"bit is in fact enabled, then the file effective bit is notionally defined to "
"be one (enabled)."
msgstr ""
"Falls die effektive Benutzerkennung des Prozesses 0 (root) ist oder das "
"effektive Bit der Datei tatsächlich aktiviert ist, dann wird das effektive "
"Datei-Bit fiktiv als Eins (aktiviert) definiert."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"These notional values for the file's capability sets are then used as "
"described above to calculate the transformation of the process's "
"capabilities during B<execve>(2)."
msgstr ""
"Diese fiktiven Werte für die Capability-Menge der Datei werden dann "
"verwandt, um wie oben beschrieben den Übergang der Capabilitys des Prozesses "
"während eines B<execve>(2) zu berechnen."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Thus, when a process with nonzero UIDs B<execve>(2)s a set-user-ID-root "
"program that does not have capabilities attached, or when a process whose "
"real and effective UIDs are zero B<execve>(2)s a program, the calculation of "
"the process's new permitted capabilities simplifies to:"
msgstr ""
"Daher vereinfacht sich die Berechnung der neuen erlaubten Capabilitys eines "
"Prozesses wie folgt, wenn ein Prozess mit einer von 0 verschiedenen UID ein "
"set-user-ID-root-Programm, das über keine Capabilitys verfügt, mit "
"B<execve>(2) ausführt, oder wenn ein Prozess, dessen reale und effektive "
"UIDs Null sind, ein Programm mit B<execve>(2) ausführt:"

#. type: Plain text
#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
#: opensuse-tumbleweed
#, no-wrap
msgid ""
"P'(permitted)   = P(inheritable) | P(bounding)\n"
"\\&\n"
"P'(effective)   = P'(permitted)\n"
msgstr ""
"P'(permitted)   = P(inheritable) | P(bounding)\n"
"\\&\n"
"P'(effective)   = P'(permitted)\n"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Consequently, the process gains all capabilities in its permitted and "
"effective capability sets, except those masked out by the capability "
"bounding set.  (In the calculation of P'(permitted), the P'(ambient) term "
"can be simplified away because it is by definition a proper subset of "
"P(inheritable).)"
msgstr ""
"Konsequenterweise erlangt der Prozess alle Capabilitys in seiner erlaubten "
"und effektiven Capability-Menge, außer denen, die in seiner Capability-"
"Begrenzungsmenge ausmaskiert sind. (In der Berechnung von P'(permitted) kann "
"der Ausdruck für P'(ambient) wegvereinfacht werden, da er per Definition "
"eine gültige Untermenge von P(inheritable) ist.)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The special treatments of user ID 0 (root) described in this subsection can "
"be disabled using the securebits mechanism described below."
msgstr ""
"Die in diesem Unterabschnitt beschriebene besondere Behandlung des Benutzers "
"0 (root) kann mittels des nachfolgend beschriebenen Securebits-Mechanismus "
"deaktiviert werden."

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Set-user-ID-root programs that have file capabilities"
msgstr "Set-user-ID-root-Programme, die Datei-Capabilitys haben"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"There is one exception to the behavior described in I<Capabilities and "
"execution of programs by root> above.  If (a) the binary that is being "
"executed has capabilities attached and (b) the real user ID of the process "
"is I<not> 0 (root) and (c) the effective user ID of the process I<is> 0 "
"(root), then the file capability bits are honored (i.e., they are not "
"notionally considered to be all ones).  The usual way in which this "
"situation can arise is when executing a set-UID-root program that also has "
"file capabilities.  When such a program is executed, the process gains just "
"the capabilities granted by the program (i.e., not all capabilities, as "
"would occur when executing a set-user-ID-root program that does not have any "
"associated file capabilities)."
msgstr ""
"Es gibt zu dem oben in I<Capabilitys und Ausführung von Programmen durch "
"root> beschriebenen Verhalten eine Ausnahme. Falls (a) das ausgeführte "
"Programm über Capabilitys verfügt und (b) die reale Benutzerkennung des "
"Prozesses I<nicht> 0 (root) ist und (c) die effektive Benutzerkennung des "
"Prozesses 0 (root) I<ist>, dann werden die Datei-Capabilitys berücksichtigt "
"(d.h. sie werden nicht fiktiv als komplett Einsen angenommen). Der normale "
"Weg, bei dem diese Situation auftreten kann, ist die Ausführung eines set-"
"UID-root-Programms, das auch über Datei-Capabilitys verfügt. Wenn ein "
"solches Programm ausgeführt wird, erlangt der Prozess nur die durch das "
"Programm eingeräumten Capabilitys (d.h. nicht alle Capabilitys, was "
"passierte, wenn ein set-user-ID-Root-Programm ausgeführt würde, das keine "
"zugeordneten Datei-Capabilitys hat)."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Note that one can assign empty capability sets to a program file, and thus "
"it is possible to create a set-user-ID-root program that changes the "
"effective and saved set-user-ID of the process that executes the program to "
"0, but confers no capabilities to that process."
msgstr ""
"Beachten Sie, dass einem Programm eine leere Capability-Menge zugeordnet "
"werden kann und es daher möglich ist, ein set-user-ID-root-Programm zu "
"erstellen, das die effektive und die gespeicherte set-user-ID des Prozesses, "
"der das Programm ausführt, auf 0 setzt, aber dem Prozess keine Capabilitys "
"gewährt."

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Capability bounding set"
msgstr "Capability-Begrenzungsmenge"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The capability bounding set is a security mechanism that can be used to "
"limit the capabilities that can be gained during an B<execve>(2).  The "
"bounding set is used in the following ways:"
msgstr ""
"Die Capability-Begrenzungsmenge ist ein Sicherheitsmechanismus, der zur "
"Begrenzung der Capabilitys, die während eines B<execve>(2) erlangt werden "
"können, dienen kann. Die Begrenzungsmenge wird auf die folgende Art und "
"Weise benutzt:"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"During an B<execve>(2), the capability bounding set is ANDed with the file "
"permitted capability set, and the result of this operation is assigned to "
"the thread's permitted capability set.  The capability bounding set thus "
"places a limit on the permitted capabilities that may be granted by an "
"executable file."
msgstr ""
"Während eines B<execve>(2) wird die Capability-Begrenzungsmenge mittels AND "
"mit der erlaubten Datei-Capability-Menge verknüpft und das Ergebnis dieser "
"Aktion wird der erlaubten Capability-Menge des Threads zugewiesen. Die "
"Capability-Begrenzungsmenge stellt daher eine Grenze für die erlaubten "
"Capabilitys dar, die einer ausführbaren Datei erlaubt werden dürfen."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"(Since Linux 2.6.25)  The capability bounding set acts as a limiting "
"superset for the capabilities that a thread can add to its inheritable set "
"using B<capset>(2).  This means that if a capability is not in the bounding "
"set, then a thread can't add this capability to its inheritable set, even if "
"it was in its permitted capabilities, and thereby cannot have this "
"capability preserved in its permitted set when it B<execve>(2)s a file that "
"has the capability in its inheritable set."
msgstr ""
"(Seit Linux 2.6.25) Die Capability-Begrenzungsmenge agiert als begrenzende "
"Übermenge für die Capabilitys, die ein Thread zu seiner vererbbaren Menge "
"mittels B<capset>(2) hinzufügen kann. Das bedeutet, dass ein Thread eine "
"Capability nicht zu seiner vererbbaren Menge hinzufügen kann, falls es nicht "
"in der Begrenzungsmenge enthalten ist, selbst falls es in seinen erlaubten "
"Capabilitys vorhanden ist, wenn er eine Datei mit B<execve>(2) ausführt, die "
"diese Capability in seiner vererbbaren Menge hat."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Note that the bounding set masks the file permitted capabilities, but not "
"the inheritable capabilities.  If a thread maintains a capability in its "
"inheritable set that is not in its bounding set, then it can still gain that "
"capability in its permitted set by executing a file that has the capability "
"in its inheritable set."
msgstr ""
"Beachten Sie, dass die Begrenzungsmenge die erlaubten Datei-Capabilitys "
"maskiert, aber nicht die vererbbaren Capabilitys. Falls ein Thread eine "
"Capability in seiner vererbbaren Menge betreut, die nicht in seiner "
"Begrenzungsmenge ist, dann kann er weiterhin die Capability in seiner "
"erlaubten Menge erlangen, indem er eine Datei ausführt, die diese Capability "
"in seiner vererbbaren Menge enthält."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Depending on the kernel version, the capability bounding set is either a "
"system-wide attribute, or a per-process attribute."
msgstr ""
"Abhängig von der Kernelversion ist die Capability-Begrenzungsmenge entweder "
"ein systemweites Attribut oder ein prozessweises Attribut."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "B<Capability bounding set from Linux 2.6.25 onward>"
msgstr "B<Capability-Begrenzungsmenge seit Linux 2.6.25>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"From Linux 2.6.25, the I<capability bounding set> is a per-thread "
"attribute.  (The system-wide capability bounding set described below no "
"longer exists.)"
msgstr ""
"Seit Linux 2.6.25 ist die I<Capability-Begrenzungsmenge> ein pro-Thread-"
"Attribut. (Die nachfolgend beschriebene systemweite Capability-"
"Begrenzungsmenge existiert nicht mehr.)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The bounding set is inherited at B<fork>(2)  from the thread's parent, and "
"is preserved across an B<execve>(2)."
msgstr ""
"Die Begrenzungsmenge wird bei B<fork>(2) von dem Elternprozess des Threads "
"vererbt und bleibt über ein B<execve>(2) erhalten."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"A thread may remove capabilities from its capability bounding set using the "
"B<prctl>(2)  B<PR_CAPBSET_DROP> operation, provided it has the "
"B<CAP_SETPCAP> capability.  Once a capability has been dropped from the "
"bounding set, it cannot be restored to that set.  A thread can determine if "
"a capability is in its bounding set using the B<prctl>(2)  "
"B<PR_CAPBSET_READ> operation."
msgstr ""
"Ein Thread kann mittels der Aktion B<prctl>(2) B<PR_CAPBSET_DROP> "
"Capabilitys aus seiner Begrenzungsmenge entfernen, vorausgesetzt, er verfügt "
"über die Capability B<CAP_SETPCAP>. Sobald eine Capability aus der "
"Begrenzungsmenge entfernt wurde, kann sie nicht mehr zu der Menge wieder "
"hinzugefügt werden. Ein Thread kann mittels der Aktion B<prctl>(2) "
"B<PR_CAPBSET_READ> herausfinden, ob eine Capability in seiner "
"Begrenzungsmenge liegt."

#.  commit b3a222e52e4d4be77cc4520a57af1a4a0d8222d1
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Removing capabilities from the bounding set is supported only if file "
"capabilities are compiled into the kernel.  Before Linux 2.6.33, file "
"capabilities were an optional feature configurable via the "
"B<CONFIG_SECURITY_FILE_CAPABILITIES> option.  Since Linux 2.6.33, the "
"configuration option has been removed and file capabilities are always part "
"of the kernel.  When file capabilities are compiled into the kernel, the "
"B<init> process (the ancestor of all processes) begins with a full bounding "
"set.  If file capabilities are not compiled into the kernel, then B<init> "
"begins with a full bounding set minus B<CAP_SETPCAP>, because this "
"capability has a different meaning when there are no file capabilities."
msgstr ""
"Entfernen von Capabilitys aus der Begrenzungsmenge ist nur möglich, falls "
"Datei-Capabilitys in den Kernel kompiliert wurden. Vor Linux 2.6.33 waren "
"Datei-Capabilitys eine optionale Funktionalität, die mittels der Option "
"B<CONFIG_SECURITY_FILE_CAPABILITIES> konfigurierbar war. Seit Linux 2.6.33 "
"ist die Konfigurationsoption entfernt und Datei-Capabilitys sind immer Teil "
"des Kernels. Wenn Datei-Capabilitys in den Kernel kompiliert sind, beginnt "
"der B<init>-Prozess (der Urahn aller Prozesse) mit einer kompletten "
"Begrenzungsmenge. Falls Datei-Capabilitys nicht in den Kernel kompiliert "
"sind, dann beginnt B<init> mit einer vollständigen Begrenzungsmenge ohne "
"B<CAP_SETPCAP>, da diese Capability eine andere Bedeutung hat, wenn es keine "
"Datei-Capabilitys gibt."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Removing a capability from the bounding set does not remove it from the "
"thread's inheritable set.  However it does prevent the capability from being "
"added back into the thread's inheritable set in the future."
msgstr ""
"Die Entfernung einer Capability aus der Begrenzungsmenge entfernt sie nicht "
"aus der vererbbaren Menge des Threads. Allerdings verhindert es das "
"Zurückfügen in die vererbbare Menge des Threads in der Zukunft."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "B<Capability bounding set prior to Linux 2.6.25>"
msgstr "B<Capability-Begrenzungsmenge vor Linux 2.6.25>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Before Linux 2.6.25, the capability bounding set is a system-wide attribute "
"that affects all threads on the system.  The bounding set is accessible via "
"the file I</proc/sys/kernel/cap-bound>.  (Confusingly, this bit mask "
"parameter is expressed as a signed decimal number in I</proc/sys/kernel/cap-"
"bound>.)"
msgstr ""
"Vor Linux 2.6.25 ist die Capability-Begrenzungsmenge ein systemweites "
"Attribut, das alle Threads auf dem System betrifft. Auf die Begrenzungsmenge "
"kann über die Datei I</proc/sys/kernel/cap-bound> zugegriffen werden. (Zur "
"Erhöhung der Konfusion wird dieser Bitmaskenparameter als "
"vorzeichenbehaftete Dezimalzahl in I</proc/sys/kernel/cap-bound> "
"ausgedrückt.)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Only the B<init> process may set capabilities in the capability bounding "
"set; other than that, the superuser (more precisely: a process with the "
"B<CAP_SYS_MODULE> capability) may only clear capabilities from this set."
msgstr ""
"Nur der B<init>-Prozess darf Capabilitys in der Capability-Begrenzungsmenge "
"setzen; abgesehen davon kann der Superuser (oder genauer: ein Prozess mit "
"der Capability B<CAP_SYS_MODULE>) nur Capabilitys aus dieser Menge entfernen."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"On a standard system the capability bounding set always masks out the "
"B<CAP_SETPCAP> capability.  To remove this restriction (dangerous!), modify "
"the definition of B<CAP_INIT_EFF_SET> in I<include/linux/capability.h> and "
"rebuild the kernel."
msgstr ""
"Auf einem Standardsystem maskiert die Capability-Begrenzungsmenge immer die "
"Capability B<CAP_SETPCAP>. Um diese Einschränkung zu entfernen "
"(gefährlich!), verändern Sie die Definition von B<CAP_INIT_EFF_SET> in "
"I<include/linux/capability.h> und bauen Ihren Kernel neu."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The system-wide capability bounding set feature was added to Linux 2.2.11."
msgstr ""
"Die systemweite Capability-Begrenzungsmengenfunktion wurde zu Linux 2.2.11 "
"hinzugefügt."

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Effect of user ID changes on capabilities"
msgstr "Effekt von Benutzerkennungsänderungen auf Capabilitys"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"To preserve the traditional semantics for transitions between 0 and nonzero "
"user IDs, the kernel makes the following changes to a thread's capability "
"sets on changes to the thread's real, effective, saved set, and filesystem "
"user IDs (using B<setuid>(2), B<setresuid>(2), or similar):"
msgstr ""
"Um die traditionellen Semantiken für Übergänge zwischen 0 und von 0 "
"verschiedenen Kennungen zu erhalten, führt der Kernel folgende Änderungen an "
"den Capability-Mengen eines Threads bei Änderung der realen, effektiven, "
"gespeicherten und Dateisystem-Benutzerkennung (unter Verwendung von "
"B<setuid>(2), B<setresuid>(2) oder ähnlich) durch:"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If one or more of the real, effective, or saved set user IDs was previously "
"0, and as a result of the UID changes all of these IDs have a nonzero value, "
"then all capabilities are cleared from the permitted, effective, and ambient "
"capability sets."
msgstr ""
"Falls einer der realen, effektiven oder gespeicherten Set-User-IDs vorher 0 "
"war und als Ergebnis der UID-Änderung alle dieser Kennungen eine von 0 "
"verschiedenen Wert haben, dann werden alle Capabilitys aus den erlaubten, "
"effektiven und Umgebungs-Capability-Mengen gelöscht."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If the effective user ID is changed from 0 to nonzero, then all capabilities "
"are cleared from the effective set."
msgstr ""
"Falls die effektive Benutzerkennung von 0 auf einen von 0 verschiedenen Wert "
"geändert wird, werden alle Capabilitys aus der effektiven Menge gelöscht."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If the effective user ID is changed from nonzero to 0, then the permitted "
"set is copied to the effective set."
msgstr ""
"Falls die effektive Benutzerkennung von einem von 0 verschiedenen Wert auf 0 "
"geändert wird, dann wird die erlaubte Menge in die effektive Menge kopiert."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If the filesystem user ID is changed from 0 to nonzero (see B<setfsuid>(2)), "
"then the following capabilities are cleared from the effective set: "
"B<CAP_CHOWN>, B<CAP_DAC_OVERRIDE>, B<CAP_DAC_READ_SEARCH>, B<CAP_FOWNER>, "
"B<CAP_FSETID>, B<CAP_LINUX_IMMUTABLE> (since Linux 2.6.30), "
"B<CAP_MAC_OVERRIDE>, and B<CAP_MKNOD> (since Linux 2.6.30).  If the "
"filesystem UID is changed from nonzero to 0, then any of these capabilities "
"that are enabled in the permitted set are enabled in the effective set."
msgstr ""
"Falls die Dateisystem-Benutzerkennung von 0 auf einen anderen Wert geändert "
"wird (siehe B<setfsuid>(2)), dann werden die folgenden Capabilitys aus der "
"effektiven Menge entfernt: B<CAP_CHOWN>, B<CAP_DAC_OVERRIDE>, "
"B<CAP_DAC_READ_SEARCH>, B<CAP_FOWNER>, B<CAP_FSETID>, B<CAP_LINUX_IMMUTABLE> "
"(seit Linux 2.6.30), B<CAP_MAC_OVERRIDE> und B<CAP_MKNOD> (seit Linux "
"2.6.30). Falls die Dateisystem-UID von einem von 0 verschiedenen Wert auf 0 "
"geändert wird, dann werden alle dieser Capabilitys, die in der erlaubten "
"Menge aktiviert waren, in der effektiven Menge aktiviert."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If a thread that has a 0 value for one or more of its user IDs wants to "
"prevent its permitted capability set being cleared when it resets all of its "
"user IDs to nonzero values, it can do so using the B<SECBIT_KEEP_CAPS> "
"securebits flag described below."
msgstr ""
"Falls ein Thread, der einen Wert 0 für mindestens eine seiner "
"Benutzerkennungen hat, verhindern möchte, dass seine erlaubte Capability-"
"Menge bereinigt wird, wenn er alle seine Benutzerkennungen auf einen von 0 "
"verschiedenen Wert setzt, kann er dies mittels der unten beschriebenen "
"B<SECBIT_KEEP_CAPS>-Securebits-Schaltern erreichen."

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Programmatically adjusting capability sets"
msgstr "Programmatische Anpassung von Capability-Mengen"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"A thread can retrieve and change its permitted, effective, and inheritable "
"capability sets using the B<capget>(2)  and B<capset>(2)  system calls.  "
"However, the use of B<cap_get_proc>(3)  and B<cap_set_proc>(3), both "
"provided in the I<libcap> package, is preferred for this purpose.  The "
"following rules govern changes to the thread capability sets:"
msgstr ""
"Ein Thread kann seine erlaubten, effektiven und vererbbaren Capability-"
"Mengen mittels der Systemaufrufe B<capget>(2) und B<capset>(2) ermitteln und "
"ändern. Allerdings werden für diesen Zweck die Verwendung von "
"B<cap_get_proc>(3) und B<cap_set_proc>(3), beide im Paket I<libcap> "
"bereitgestellt, empfohlen. Die folgenden Regeln bestimmen die Änderungen an "
"den Capability-Mengen des Threads:"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If the caller does not have the B<CAP_SETPCAP> capability, the new "
"inheritable set must be a subset of the combination of the existing "
"inheritable and permitted sets."
msgstr ""
"Falls der Aufrufende nicht über die Capability B<CAP_SETPCAP> verfügt, dann "
"muss die neue vererbbare Menge eine Teilmenge der Kombination der "
"bestehenden vererbbaren und erlaubten Menge sein."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"(Since Linux 2.6.25)  The new inheritable set must be a subset of the "
"combination of the existing inheritable set and the capability bounding set."
msgstr ""
"(Seit Linux 2.6.25) Die neue vererbbare Menge muss eine Teilmenge der "
"Kombination der bestehenden vererbbaren Menge und der Capability-"
"Begrenzungsmenge sein."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The new permitted set must be a subset of the existing permitted set (i.e., "
"it is not possible to acquire permitted capabilities that the thread does "
"not currently have)."
msgstr ""
"Die neue erlaubte Menge muss eine Teilmenge der bestehenden erlaubten Menge "
"sein (d.h. es ist nicht möglich, erlaubte Capabilitys zu erlangen, die der "
"Thread derzeit nicht hat)."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "The new effective set must be a subset of the new permitted set."
msgstr ""
"Die neue effektive Menge muss eine Teilmenge der neuen erlaubten Menge sein."

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "The securebits flags: establishing a capabilities-only environment"
msgstr "Der Schalter securebits: eine reine Capability-Umgebung einrichten"

#.  For some background:
#.        see http://lwn.net/Articles/280279/ and
#.        http://article.gmane.org/gmane.linux.kernel.lsm/5476/
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Starting with Linux 2.6.26, and with a kernel in which file capabilities are "
"enabled, Linux implements a set of per-thread I<securebits> flags that can "
"be used to disable special handling of capabilities for UID 0 (I<root>).  "
"These flags are as follows:"
msgstr ""
"Beginnend mit Linux 2.6.26 und mit einem Kernel, in dem Datei-Capabilitys "
"aktiviert sind, implementiert Linux eine Menge von pro-Thread-I<securebits>-"
"Schaltern, die zur Deaktivierung von spezieller Handhabung von Capabilitys "
"für UID 0 (I<root>) verwandt werden können. Dies sind die folgenden Schalter:"

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<SECBIT_KEEP_CAPS>"
msgstr "B<SECBIT_KEEP_CAPS>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Setting this flag allows a thread that has one or more 0 UIDs to retain "
"capabilities in its permitted set when it switches all of its UIDs to "
"nonzero values.  If this flag is not set, then such a UID switch causes the "
"thread to lose all permitted capabilities.  This flag is always cleared on "
"an B<execve>(2)."
msgstr ""
"Durch Setzen dieses Schalters darf ein Thread, der mindestens eine 0 UID "
"hat, Capabilitys in seiner erlaubten Menge behalten, wenn er alle UIDs auf "
"von 0 verschiedene Werte umschaltet. Falls dieser Schalter nicht gesetzt "
"ist, dann führt das Umschalten der UIDs dazu, dass er alle erlaubten "
"Capabilitys verliert. Dieser Schalter wird bei B<execve>(2) immer bereinigt."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Note that even with the B<SECBIT_KEEP_CAPS> flag set, the effective "
"capabilities of a thread are cleared when it switches its effective UID to a "
"nonzero value.  However, if the thread has set this flag and its effective "
"UID is already nonzero, and the thread subsequently switches all other UIDs "
"to nonzero values, then the effective capabilities will not be cleared."
msgstr ""
"Bachten Sie, dass selbst mit gesetztem Schalter B<SECBIT_KEEP_CAPS> die "
"effektiven Capabilitys eines Threads bereinigt werden, wenn er seine "
"effektive UID auf einen von Null verschiedenen Wert umschaltet. Falls der "
"Thread allerdings über diesen Schalter verfügt und seine effektive UID "
"bereits von Null verschieden ist und der Thread anschließend alle anderen "
"UIDs auf einen von Null verschiedenen Wert umschaltet, dann werden die "
"effektiven Capabilitys nicht bereinigt."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The setting of the B<SECBIT_KEEP_CAPS> flag is ignored if the "
"B<SECBIT_NO_SETUID_FIXUP> flag is set.  (The latter flag provides a superset "
"of the effect of the former flag.)"
msgstr ""
"Die Einstellung des Schalters B<SECBIT_KEEP_CAPS> wird ignoriert, falls der "
"Schalter B<SECBIT_NO_SETUID_FIXUP> gesetzt ist. (Letzterer Schalter stellt "
"eine Übermenge des Effekts des ersteren Schalters bereit.)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"This flag provides the same functionality as the older B<prctl>(2)  "
"B<PR_SET_KEEPCAPS> operation."
msgstr ""
"Dieser Schalter stellt die gleiche Funktionalität wie die ältere Aktion "
"B<prctl>(2) B<PR_SET_KEEPCAPS> bereit."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<SECBIT_NO_SETUID_FIXUP>"
msgstr "B<SECBIT_NO_SETUID_FIXUP>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Setting this flag stops the kernel from adjusting the process's permitted, "
"effective, and ambient capability sets when the thread's effective and "
"filesystem UIDs are switched between zero and nonzero values.  See I<Effect "
"of user ID changes on capabilities> above."
msgstr ""
"Setzen dieses Schalters hindert den Kernel daran, die erlaubten, effektiven "
"und Umgebungs-Capability-Mengen des Prozesses anzupassen, wenn die effektive "
"und die Dateisystem-UID eines Threads zwischen null und von null "
"verschiedenen Werten umgeschaltet werden. Siehe oben I<Effekt von "
"Benutzerkennungsänderungen auf Capabilitys>."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<SECBIT_NOROOT>"
msgstr "B<SECBIT_NOROOT>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If this bit is set, then the kernel does not grant capabilities when a set-"
"user-ID-root program is executed, or when a process with an effective or "
"real UID of 0 calls B<execve>(2).  (See I<Capabilities and execution of "
"programs by root> above.)"
msgstr ""
"Falls dieses Bit gesetzt ist, dann verleiht der Kernel keine Capabilitys, "
"wenn ein Set-User-ID-Root-Programm ausgeführt wird oder wenn ein Prozess mit "
"einer effektiven oder realen UID von 0 B<execve>(2) aufruft. (Siehe oben "
"I<Capabilitys und Ausführung von Programmen durch root>.)"

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<SECBIT_NO_CAP_AMBIENT_RAISE>"
msgstr "B<SECBIT_NO_CAP_AMBIENT_RAISE>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Setting this flag disallows raising ambient capabilities via the "
"B<prctl>(2)  B<PR_CAP_AMBIENT_RAISE> operation."
msgstr ""
"Durch Setzen dieses Schalters dürfen keine Umgebungs-Capabilitys mit der "
"B<prctl>(2)-Aktion B<PR_CAP_AMBIENT_RAISE> gehoben werden."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Each of the above \"base\" flags has a companion \"locked\" flag.  Setting "
"any of the \"locked\" flags is irreversible, and has the effect of "
"preventing further changes to the corresponding \"base\" flag.  The locked "
"flags are: B<SECBIT_KEEP_CAPS_LOCKED>, B<SECBIT_NO_SETUID_FIXUP_LOCKED>, "
"B<SECBIT_NOROOT_LOCKED>, and B<SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED>."
msgstr ""
"Jeder der obigen »basis«-Schalter hat einen begleitenden »gesperrten« "
"Schalter. Das Setzen eines »gesperrten« Schalters ist unumkehrbar und hat "
"den Effekt, dass weitere Änderungen an dem entsprechenden Basisschalter "
"nicht mehr möglich sind. Die gesperrten Schalter sind: "
"B<SECBIT_KEEP_CAPS_LOCKED>, B<SECBIT_NO_SETUID_FIXUP_LOCKED>, "
"B<SECBIT_NOROOT_LOCKED> und B<SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED>."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The I<securebits> flags can be modified and retrieved using the B<prctl>(2)  "
"B<PR_SET_SECUREBITS> and B<PR_GET_SECUREBITS> operations.  The "
"B<CAP_SETPCAP> capability is required to modify the flags.  Note that the "
"B<SECBIT_*> constants are available only after including the I<E<lt>linux/"
"securebits.hE<gt>> header file."
msgstr ""
"Die Schalter I<securebits> können mit den Aktionen B<prctl>(2) "
"B<PR_SET_SECUREBITS> und B<PR_GET_SECUREBITS> geändert und abgefragt werden. "
"Die Capability B<CAP_SETPCAP> wird für die Veränderung der Schalter "
"benötigt. Beachten Sie, dass die Konstanten B<SECBIT_*> nur nachdem Sie die "
"Header-Datei I<E<lt>linux/securebits.hE<gt>> eingebunden haben verfügbar "
"sind."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The I<securebits> flags are inherited by child processes.  During an "
"B<execve>(2), all of the flags are preserved, except B<SECBIT_KEEP_CAPS> "
"which is always cleared."
msgstr ""
"Die Schalter I<securebits> werden von Kindprozessen vererbt. Während eines "
"B<execve>(2) werden alle Schalter beibehalten, außer B<SECBIT_KEEP_CAPS>, "
"das immer bereinigt wird."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"An application can use the following call to lock itself, and all of its "
"descendants, into an environment where the only way of gaining capabilities "
"is by executing a program with associated file capabilities:"
msgstr ""
"Eine Anwendung kann den folgenden Aufruf verwenden, um sich selbst und alle "
"seine Abkömmlinge in eine Umgebung zu sperren, in der die einzige "
"Möglichkeit, Capabilitys zu erlangen, darin besteht, ein Programm "
"auzuführen, das über die zugeordneten Datei-Capabilitys verfügt:"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid ""
"prctl(PR_SET_SECUREBITS,\n"
"        /* SECBIT_KEEP_CAPS off */\n"
"        SECBIT_KEEP_CAPS_LOCKED |\n"
"        SECBIT_NO_SETUID_FIXUP |\n"
"        SECBIT_NO_SETUID_FIXUP_LOCKED |\n"
"        SECBIT_NOROOT |\n"
"        SECBIT_NOROOT_LOCKED);\n"
"        /* Setting/locking SECBIT_NO_CAP_AMBIENT_RAISE\n"
"           is not required */\n"
msgstr ""
"prctl(PR_SET_SECUREBITS,\n"
"        /* SECBIT_KEEP_CAPS off */\n"
"        SECBIT_KEEP_CAPS_LOCKED |\n"
"        SECBIT_NO_SETUID_FIXUP |\n"
"        SECBIT_NO_SETUID_FIXUP_LOCKED |\n"
"        SECBIT_NOROOT |\n"
"        SECBIT_NOROOT_LOCKED);\n"
"        /* Setzen/Sperren von SECBIT_NO_CAP_AMBIENT_RAISE\n"
"           ist nicht erforderlich */\n"

#. type: SS
#: archlinux debian-unstable fedora-rawhide opensuse-tumbleweed
#, no-wrap
msgid "Per-user-namespace \\[dq]set-user-ID-root\\[dq] programs"
msgstr "Namensraumbezogene »set-user-ID-root«-Programme"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"A set-user-ID program whose UID matches the UID that created a user "
"namespace will confer capabilities in the process's permitted and effective "
"sets when executed by any process inside that namespace or any descendant "
"user namespace."
msgstr ""
"Ein set-user-ID-Programm, dessen UID auf die UID passt, die einen "
"Benutzernamensraum erstellte, wird die Capabilitys in den erlaubten und "
"effektiven Mengen übertragen, wenn es durch irgendeinen Prozess innerhalb "
"dieses Namensraums (oder einen Benutzernamensraum, der davon abstammt) "
"ausgeführt wird."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The rules about the transformation of the process's capabilities during the "
"B<execve>(2)  are exactly as described in I<Transformation of capabilities "
"during execve()> and I<Capabilities and execution of programs by root> "
"above, with the difference that, in the latter subsection, \"root\" is the "
"UID of the creator of the user namespace."
msgstr ""
"Die obigen Regeln über die Umwandlung der Capabilitys des Prozesses während "
"eines B<execve>(2) sind genau wie oben in I<Umwandlungen von Capabilitys "
"während execve()> und I<Capabilitys und Ausführung von Programmen durch "
"root> beschrieben, wobei im letzeren Unterabschnitt als Unterschied »root« "
"die UID des Erstellers des Benutzernamensraums ist."

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Namespaced file capabilities"
msgstr "Namensraumbezogene Datei-Capabilitys"

#.  commit 8db6c34f1dbc8e06aa016a9b829b06902c3e1340
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Traditional (i.e., version 2) file capabilities associate only a set of "
"capability masks with a binary executable file.  When a process executes a "
"binary with such capabilities, it gains the associated capabilities (within "
"its user namespace)  as per the rules described in I<Transformation of "
"capabilities during execve()> above."
msgstr ""
"Traditionelle (d.h. Version 2-)Datei-Capabilitys ordnen nur eine Menge von "
"Capability-Masken einem binären Programm zu. Wenn ein Prozess ein Programm "
"mit solchen Capabilitys ausführt, erlangt es die zugeordneten Capabilitys "
"(innerhalb seines Benutzernamensraums) wie in den oben beschriebenen Regeln "
"I<Umwandlungen von Capabilitys während execve()> beschrieben."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Because version 2 file capabilities confer capabilities to the executing "
"process regardless of which user namespace it resides in, only privileged "
"processes are permitted to associate capabilities with a file.  Here, "
"\"privileged\" means a process that has the B<CAP_SETFCAP> capability in the "
"user namespace where the filesystem was mounted (normally the initial user "
"namespace).  This limitation renders file capabilities useless for certain "
"use cases.  For example, in user-namespaced containers, it can be desirable "
"to be able to create a binary that confers capabilities only to processes "
"executed inside that container, but not to processes that are executed "
"outside the container."
msgstr ""
"Da Version-2-Datei-Capabilitys dem ausführenden Prozess unabhängig davon, in "
"welchem Namensraum er sich befindet, Capabilitys verleiht, dürfen nur "
"privilegierte Prozesse Capabilitys einer Datei zuordnen. Hier bedeutet "
"»privilegiert«, dass ein Prozess über die Capability B<CAP_SETFCAP> in dem "
"Benutzernamensraum, in dem das Dateisystem eingehängt wurde (normalerweise "
"dem initialen Namensraum), verfügt. Diese Einschränkung führt dazu, dass in "
"bestimmten Einsatzfällen Datei-Capabilitys nutzlos sind. Es kann zum "
"Beispiel in namensraumbezogenen Containern wünschenswert sein, in der Lage "
"zu sein, ein Programm zu erstellen, das Capabilitys nur an Prozesse, die "
"innerhalb dieses Containers ausgeführt werden, zu verleihen, aber nicht an "
"Prozesse, die außerhalb des Containers ausgeführt werden."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Linux 4.14 added so-called namespaced file capabilities to support such use "
"cases.  Namespaced file capabilities are recorded as version 3 (i.e., "
"B<VFS_CAP_REVISION_3>)  I<security.capability> extended attributes.  Such an "
"attribute is automatically created in the circumstances described in I<File "
"capability extended attribute versioning> above.  When a version 3 "
"I<security.capability> extended attribute is created, the kernel records not "
"just the capability masks in the extended attribute, but also the namespace "
"root user ID."
msgstr ""
"Linux 4.14 fügte sogenannte namensraumbezogene Datei-Capabilitys hinzu, um "
"solche Fälle zu unterstützen. Namensraumbezogene Datei-Capabilitys werden "
"als Version 3 (d.h. B<VFS_CAP_REVISION_3>) erweiterte Attribute I<security."
"capability> aufgezeichnet. Solch ein Attribut wird automatisch unter den "
"oben in I<Erweiterte Attributversionierung von Datei-Capabilitys> "
"beschriebenen Umständen erstellt. Wenn ein erweitertes Version-3-Attribut "
"I<security.capability> erstellt wird, zeichnet der Kernel nicht nur die "
"Capability-Maske in dem erweiterten Attribut auf, sondern auch die "
"Benutzerkennung von root in dem Namensraum."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"As with a binary that has B<VFS_CAP_REVISION_2> file capabilities, a binary "
"with B<VFS_CAP_REVISION_3> file capabilities confers capabilities to a "
"process during B<execve>().  However, capabilities are conferred only if the "
"binary is executed by a process that resides in a user namespace whose UID 0 "
"maps to the root user ID that is saved in the extended attribute, or when "
"executed by a process that resides in a descendant of such a namespace."
msgstr ""
"Wie mit Programmen, die eine Datei-Capability B<VFS_CAP_REVISION_2> haben, "
"verleiht ein Programm mit Datei-Capability B<VFS_CAP_REVISION_3> während "
"eines B<execve>() Capabilitys an einen Prozess. Allerdings werden "
"Capabilitys nur verliehen, falls das Programm von einem Prozess ausgeführt "
"wird, der in einem Benutzernamensraum, dessen UID 0 auf die "
"Wurzelbenutzerkennung, die in dem erweiterten Attribut gespeichert ist, "
"abgebildet ist oder wenn er von einem Prozess ausgeführt wird, der in einem "
"Nachkommen solch eines Namensraums liegt."

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Interaction with user namespaces"
msgstr "Interaktion mit Benutzernamensräumen"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"For further information on the interaction of capabilities and user "
"namespaces, see B<user_namespaces>(7)."
msgstr ""
"Für weitere Informationen über die Interaktion von Capabilitys und Benutzer-"
"Namensräumen lesen Sie B<user_namespaces>(7)."

#. type: SH
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "STANDARDS"
msgstr "STANDARDS"

#. type: Plain text
#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
#: opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"No standards govern capabilities, but the Linux capability implementation is "
"based on the withdrawn E<.UR https://archive.org\\:/details\\:/"
"posix_1003.1e-990310> POSIX.1e draft standard E<.UE .>"
msgstr ""
"Keine Standards regeln Capabilitys; die Linux-Capability-Implementierung "
"basiert aber auf dem zurückgezogenen E<.UR https://archive.org\\:/details\\:/"
"posix_1003.1e-990310> POSIX.1e-Entwurfsstandard E<.UE .>"

#. type: SH
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "NOTES"
msgstr "ANMERKUNGEN"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"When attempting to B<strace>(1)  binaries that have capabilities (or set-"
"user-ID-root binaries), you may find the I<-u E<lt>usernameE<gt>> option "
"useful.  Something like:"
msgstr ""
"Beim Versuch, B<strace>(1) auf Programme anzuwenden, die über Capabilitys "
"verfügen (oder set-user-ID-root-Programme), könnten Sie die Option I<-u "
"E<lt>BenutzernameE<gt>> nützlich finden. Etwas von der Art:"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "$ B<sudo strace -o trace.log -u ceci ./myprivprog>\n"
msgstr "$ B<sudo strace -o trace.log -u ceci ./meinprivprog>\n"

#.  commit 5915eb53861c5776cfec33ca4fcc1fd20d66dd27 removed
#.  CONFIG_SECURITY_CAPABILITIES
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"From Linux 2.5.27 to Linux 2.6.26, capabilities were an optional kernel "
"component, and could be enabled/disabled via the "
"B<CONFIG_SECURITY_CAPABILITIES> kernel configuration option."
msgstr ""
"Von Linux 2.5.27 bis 2.6.26 waren Capabilitys eine optionale "
"Kernelkomponente, die über die Kernelkonfigurationsoption "
"B<CONFIG_SECURITY_CAPABILITIES> aktiviert/deaktiviert werden konnte."

#.  7b9a7ec565505699f503b4fcf61500dceb36e744
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The I</proc/>pidI</task/TID/status> file can be used to view the capability "
"sets of a thread.  The I</proc/>pidI</status> file shows the capability sets "
"of a process's main thread.  Before Linux 3.8, nonexistent capabilities were "
"shown as being enabled (1) in these sets.  Since Linux 3.8, all nonexistent "
"capabilities (above B<CAP_LAST_CAP>)  are shown as disabled (0)."
msgstr ""
"Die Datei I</proc/>PIDI</task/TID/status> kann zum Betrachten der Capability-"
"Mengen eines Threads verwandt werden. Die Datei I</proc/>PIDI</status> zeigt "
"die Capability-Mengen des Haupt-Threads eines Prozesses. Vor Linux 3.8 "
"wurden nicht existierende Capabilitys in diesen Mengen als aktiviert (1) "
"angezeigt. Seit Linux 3.8 werden alle nicht existierenden Capabilitys (über "
"B<CAP_LAST_CAP>) als deaktiviert (0) angezeigt."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The I<libcap> package provides a suite of routines for setting and getting "
"capabilities that is more comfortable and less likely to change than the "
"interface provided by B<capset>(2)  and B<capget>(2).  This package also "
"provides the B<setcap>(8)  and B<getcap>(8)  programs.  It can be found at"
msgstr ""
"Das Paket I<libcap> stellt eine Suite von Routinen zum Setzen und Abfragen "
"von Capabilitys bereit, die komfortablere und änderungsstabilere "
"Schnittstellen als die von B<capset>(2) und B<capget>(2) bereitstellen. "
"Dieses Paket stellt auch die Programme B<setcap>(8) und B<getcap>(8) zur "
"Verfügung. Es kann unter folgender Adresse gefunden werden:"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"E<.UR https://git.kernel.org\\:/pub\\:/scm\\:/libs\\:/libcap\\:/libcap."
"git\\:/refs/> E<.UE .>"
msgstr ""
"E<.UR https://git.kernel.org\\:/pub\\:/scm\\:/libs\\:/libcap\\:/libcap."
"git\\:/refs/> E<.UE .>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Before Linux 2.6.24, and from Linux 2.6.24 to Linux 2.6.32 if file "
"capabilities are not enabled, a thread with the B<CAP_SETPCAP> capability "
"can manipulate the capabilities of threads other than itself.  However, this "
"is only theoretically possible, since no thread ever has B<CAP_SETPCAP> in "
"either of these cases:"
msgstr ""
"Vor Linux 2.6.24 und von Linux 2.6.24 bis 2.6.32, falls Datei-Capabilitys "
"nicht aktiviert sind, kann ein Thread mit der Capability B<CAP_SETPCAP> die "
"Capabilitys von anderen Threads manipulieren. Allerdings ist dies nur "
"theoretisch möglich, da kein Thread jemals über B<CAP_SETPCAP> in einem der "
"folgenden Fälle verfügt:"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"In the pre-2.6.25 implementation the system-wide capability bounding set, I</"
"proc/sys/kernel/cap-bound>, always masks out the B<CAP_SETPCAP> capability, "
"and this can not be changed without modifying the kernel source and "
"rebuilding the kernel."
msgstr ""
"In der pre-2.6.25-Implementierung maskiert die systemweite Capability-"
"Begrenzungsmenge I</proc/sys/kernel/cap-bound> die Capability B<CAP_SETPCAP> "
"immer und dies kann ohne Veränderung der Kernelquellen und dem Neubau des "
"Kernels nicht geändert werden."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If file capabilities are disabled (i.e., the kernel "
"B<CONFIG_SECURITY_FILE_CAPABILITIES> option is disabled), then B<init> "
"starts out with the B<CAP_SETPCAP> capability removed from its per-process "
"bounding set, and that bounding set is inherited by all other processes "
"created on the system."
msgstr ""
"Falls Datei-Capabilitys deaktiviert sind (d.h. die Kerneloption "
"B<CONFIG_SECURITY_FILE_CAPABILITIES> deaktiviert ist), dann startet B<init> "
"derart, dass die Capability B<CAP_SETPCAP> aus seiner prozessweisen "
"Begrenzungsmenge entfernt ist und dass die Begrenzungsmenge von allen "
"anderen im System erstellten Prozessen vererbt wird."

#. type: SH
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "SEE ALSO"
msgstr "SIEHE AUCH"

#.  from libcap-ng
#.  from libcap-ng
#.  from libcap-ng
#.  from libcap-ng
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"B<capsh>(1), B<setpriv>(1), B<prctl>(2), B<setfsuid>(2), B<cap_clear>(3), "
"B<cap_copy_ext>(3), B<cap_from_text>(3), B<cap_get_file>(3), "
"B<cap_get_proc>(3), B<cap_init>(3), B<capgetp>(3), B<capsetp>(3), "
"B<libcap>(3), B<proc>(5), B<credentials>(7), B<pthreads>(7), "
"B<user_namespaces>(7), B<captest>(8), B<filecap>(8), B<getcap>(8), "
"B<getpcaps>(8), B<netcap>(8), B<pscap>(8), B<setcap>(8)"
msgstr ""
"B<capsh>(1), B<setpriv>(1), B<prctl>(2), B<setfsuid>(2), B<cap_clear>(3), "
"B<cap_copy_ext>(3), B<cap_from_text>(3), B<cap_get_file>(3), "
"B<cap_get_proc>(3), B<cap_init>(3), B<capgetp>(3), B<capsetp>(3), "
"B<libcap>(3), B<proc>(5), B<credentials>(7), B<pthreads>(7), "
"B<user_namespaces>(7), B<captest>(8), B<filecap>(8), B<getcap>(8), "
"B<getpcaps>(8), B<netcap>(8), B<pscap>(8), B<setcap>(8)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "I<include/linux/capability.h> in the Linux kernel source tree"
msgstr "I<include/linux/capability.h> in dem Linux-Kernelquellbaum"

#. type: TH
#: debian-bookworm
#, no-wrap
msgid "2023-02-05"
msgstr "5. Februar 2023"

#. type: TH
#: debian-bookworm
#, no-wrap
msgid "Linux man-pages 6.03"
msgstr "Linux man-pages 6.03"

#. type: Plain text
#: debian-bookworm opensuse-leap-15-6
#, no-wrap
msgid "P'(ambient)     = (file is privileged) ? 0 : P(ambient)\n"
msgstr "P'(ambient)     = (Datei ist privilegiert) ? 0 : P(ambient)\n"

#. type: Plain text
#: debian-bookworm opensuse-leap-15-6
#, no-wrap
msgid ""
"P'(permitted)   = (P(inheritable) & F(inheritable)) |\n"
"                  (F(permitted) & P(bounding)) | P'(ambient)\n"
msgstr ""
"P'(permitted)   = (P(inheritable) & F(inheritable)) |\n"
"                  (F(permitted) & P(bounding)) | P'(ambient)\n"

#. type: Plain text
#: debian-bookworm opensuse-leap-15-6
#, no-wrap
msgid "P'(effective)   = F(effective) ? P'(permitted) : P'(ambient)\n"
msgstr "P'(effective)   = F(effective) ? P'(permitted) : P'(ambient)\n"

#. type: Plain text
#: debian-bookworm opensuse-leap-15-6
#, no-wrap
msgid "P'(inheritable) = P(inheritable)    [i.e., unchanged]\n"
msgstr "P'(inheritable) = P(inheritable)    [d.h. unverändert]\n"

#. type: Plain text
#: debian-bookworm opensuse-leap-15-6
#, no-wrap
msgid "P'(bounding)    = P(bounding)       [i.e., unchanged]\n"
msgstr "P'(bounding)    = P(bounding)       [d.h. unverändert]\n"

#. type: Plain text
#: debian-bookworm opensuse-leap-15-6
#, no-wrap
msgid "P'(permitted)   = P(inheritable) | P(bounding)\n"
msgstr "P'(permitted)   = P(inheritable) | P(bounding)\n"

#. type: Plain text
#: debian-bookworm opensuse-leap-15-6
#, no-wrap
msgid "P'(effective)   = P'(permitted)\n"
msgstr "P'(effective)   = P'(permitted)\n"

#. type: SS
#: debian-bookworm fedora-40 mageia-cauldron opensuse-leap-15-6
#, no-wrap
msgid "Per-user-namespace \"set-user-ID-root\" programs"
msgstr "Namensraumbezogene »set-user-ID-root«-Programme"

#. type: Plain text
#: debian-bookworm
msgid ""
"No standards govern capabilities, but the Linux capability implementation is "
"based on the withdrawn POSIX.1e draft standard; see E<.UR https://archive."
"org\\:/details\\:/posix_1003.1e-990310> E<.UE .>"
msgstr ""
"Keine Standards regeln Capabilitys; die Linux-Capability-Implementierung "
"basiert aber auf dem zurückgezogenen POSIX.1e-Entwurfsstandard; siehe E<.UR "
"https://archive.org\\:/details\\:/posix_1003.1e-990310> E<.UE .>"

#. type: TH
#: fedora-40 mageia-cauldron
#, no-wrap
msgid "2023-10-31"
msgstr "31. Oktober 2023"

#. type: TH
#: fedora-40 mageia-cauldron
#, no-wrap
msgid "Linux man-pages 6.06"
msgstr "Linux man-pages 6.06"

#. type: TH
#: fedora-rawhide
#, no-wrap
msgid "2024-02-25"
msgstr "25. Februar 2024"

#. type: TH
#: fedora-rawhide
#, no-wrap
msgid "Linux man-pages 6.7"
msgstr "Linux man-pages 6.7"

#. type: TH
#: opensuse-leap-15-6
#, no-wrap
msgid "2023-03-17"
msgstr "17. März 2023"

#. type: TH
#: opensuse-leap-15-6
#, no-wrap
msgid "Linux man-pages 6.04"
msgstr "Linux-Handbuchseiten 6.04"

#. type: TH
#: opensuse-tumbleweed
#, no-wrap
msgid "Linux man-pages (unreleased)"
msgstr "Linux man-pages (unveröffentlicht)"