# Spanish translation of manpages
# This file is distributed under the same license as the manpages-l10n package.
# Copyright © of this file:
# Miguel Pérez Ibars <mpi79470@alu.um.es>, 2005.
msgid ""
msgstr ""
"Project-Id-Version: manpages-l10n\n"
"POT-Creation-Date: 2024-06-01 05:43+0200\n"
"PO-Revision-Date: 2005-03-20 19:53+0200\n"
"Last-Translator: Miguel Pérez Ibars <mpi79470@alu.um.es>\n"
"Language-Team: Spanish <debian-l10n-spanish@lists.debian.org>\n"
"Language: es\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
"X-Generator: Lokalize 20.04.1\n"

#. type: TH
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy, no-wrap
#| msgid "Capabilities list"
msgid "Capabilities"
msgstr "Lista de capacidades"

#. type: TH
#: archlinux debian-unstable opensuse-tumbleweed
#, no-wrap
msgid "2024-05-02"
msgstr "2 Mayo 2024"

#. type: TH
#: archlinux debian-unstable
#, no-wrap
msgid "Linux man-pages 6.8"
msgstr "Páginas de Manual de Linux 6.8"

#. type: SH
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "NAME"
msgstr "NOMBRE"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "capabilities - overview of Linux capabilities"
msgstr "capabilities - visión general del sistema de capacidades de Linux"

#. type: SH
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "DESCRIPTION"
msgstr "DESCRIPCIÓN"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"For the purpose of performing permission checks, traditional UNIX "
"implementations distinguish two categories of processes: I<privileged> "
"processes (whose effective user ID is 0, referred to as superuser or root), "
"and I<unprivileged> processes (whose effective UID is nonzero).  Privileged "
"processes bypass all kernel permission checks, while unprivileged processes "
"are subject to full permission checking based on the process's credentials "
"(usually: effective UID, effective GID, and supplementary group list)."
msgstr ""
"Con el propósito de realizar comprobaciones de permisos, las "
"implementaciones tradicionales de UNIX distinguen dos categorías de "
"procesos: procesos I<privilegiados> (cuyo identificador de usuario efectivo "
"es 0, refiriéndose al superusuario o root) y procesos I<no privilegiados> "
"(cuyo identificador de usuario efectivo es distinto de cero). Los procesos "
"privilegiados evitan todas las comprobaciones de permisos del núcleo, "
"mientras que los procesos no privilegiados se ven sujetos a severas "
"comprobaciones de permisos basadas en las credenciales del proceso "
"(normalmente: ID de usuario efectivo, ID de grupo efectivo y lista de grupos "
"adicionales)."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid ""
#| "Starting with kernel 2.2, Linux provides an (as yet incomplete) system of "
#| "I<capabilities>, which divide the privileges traditionally associated "
#| "with superuser into distinct units that can be independently enabled and "
#| "disabled."
msgid ""
"Starting with Linux 2.2, Linux divides the privileges traditionally "
"associated with superuser into distinct units, known as I<capabilities>, "
"which can be independently enabled and disabled.  Capabilities are a per-"
"thread attribute."
msgstr ""
"Desde la versión 2.2 del núcleo, Linux ofrece un (hasta ahora incompleto) "
"sistema de I<capacidades>, que divide los privilegios asociados "
"tradicionalmente al superusuario en unidades distintas que pueden ser "
"activadas y desactivadas independientemente."

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Capabilities list"
msgstr "Lista de capacidades"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The following list shows the capabilities implemented on Linux, and the "
"operations or behaviors that each capability permits:"
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_AUDIT_CONTROL> (since Linux 2.6.11)"
msgstr "B<CAP_AUDIT_CONTROL> (desde Linux 2.6.11)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Enable and disable kernel auditing; change auditing filter rules; retrieve "
"auditing status and filtering rules."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_AUDIT_READ> (since Linux 3.16)"
msgstr "B<CAP_AUDIT_READ> (desde Linux 3.16)"

#.  commit a29b694aa1739f9d76538e34ae25524f9c549d59
#.  commit 3a101b8de0d39403b2c7e5c23fd0b005668acf48
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Allow reading the audit log via a multicast netlink socket."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_AUDIT_WRITE> (since Linux 2.6.11)"
msgstr "B<CAP_AUDIT_WRITE> (desde Linux 2.6.11)"

#.  FIXME Add FAN_ENABLE_AUDIT
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Write records to kernel auditing log."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_BLOCK_SUSPEND> (since Linux 3.5)"
msgstr "B<CAP_BLOCK_SUSPEND> (desde Linux 3.5)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Employ features that can block system suspend (B<epoll>(7)  B<EPOLLWAKEUP>, "
"I</proc/sys/wake_lock>)."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy, no-wrap
#| msgid "B<CAP_LEASE> (since Linux 2.4)"
msgid "B<CAP_BPF> (since Linux 5.8)"
msgstr "B<CAP_LEASE> (desde Linux 2.4)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Employ privileged BPF operations; see B<bpf>(2)  and B<bpf-helpers>(7)."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"This capability was added in Linux 5.8 to separate out BPF functionality "
"from the overloaded B<CAP_SYS_ADMIN> capability."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy, no-wrap
#| msgid "B<CAP_MKNOD> (since Linux 2.4)"
msgid "B<CAP_CHECKPOINT_RESTORE> (since Linux 5.9)"
msgstr "B<CAP_MKNOD> (desde Linux 2.4)"

#. type: IP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "\\[bu]"
msgstr "\\[bu]"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Update I</proc/sys/kernel/ns_last_pid> (see B<pid_namespaces>(7));"
msgstr ""

#.  FIXME There is also some use case relating to
#.  prctl_set_mm_exe_file(); in the 5.9 sources, see
#.  prctl_set_mm_map().
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "employ the I<set_tid> feature of B<clone3>(2);"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"read the contents of the symbolic links in I</proc/>pidI</map_files> for "
"other processes."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"This capability was added in Linux 5.9 to separate out checkpoint/restore "
"functionality from the overloaded B<CAP_SYS_ADMIN> capability."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_CHOWN>"
msgstr "B<CAP_CHOWN>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid "Allow arbitrary changes to file UIDs and GIDs (see B<chown>(2))."
msgid "Make arbitrary changes to file UIDs and GIDs (see B<chown>(2))."
msgstr ""
"Permite cambios arbitrarios en los IDs de usuario y de grupo de los ficheros "
"(vea B<chown>(2))."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_DAC_OVERRIDE>"
msgstr "B<CAP_DAC_OVERRIDE>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid ""
#| "Bypass file read, write, and execute permission checks.  (DAC = "
#| "\"discretionary access control\".)"
msgid ""
"Bypass file read, write, and execute permission checks.  (DAC is an "
"abbreviation of \"discretionary access control\".)"
msgstr ""
"Evita las comprobaciones de permisos sobre operaciones de lectura, escritura "
"y ejecución. (DAC = \"control de acceso discrecional\".)"

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_DAC_READ_SEARCH>"
msgstr "B<CAP_DAC_READ_SEARCH>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Bypass file read permission checks and directory read and execute permission "
"checks;"
msgstr ""
"Evita comprobaciones de permisos sobre operaciones de lectura de ficheros y "
"lectura y ejecución de directorios;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "invoke B<open_by_handle_at>(2);"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"use the B<linkat>(2)  B<AT_EMPTY_PATH> flag to create a link to a file "
"referred to by a file descriptor."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_FOWNER>"
msgstr "B<CAP_FOWNER>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Bypass permission checks on operations that normally require the filesystem "
"UID of the process to match the UID of the file (e.g., B<chmod>(2), "
"B<utime>(2)), excluding those operations covered by B<CAP_DAC_OVERRIDE> and "
"B<CAP_DAC_READ_SEARCH>;"
msgstr ""
"Evita comprobaciones de permisos sobre operaciones que normalmente requieren "
"que el ID de usuario del sistema de ficheros del proceso coincida con el ID "
"de usuario del fichero (p.e., B<chmod>(2), B<utime>(2)), excluyendo aquellas "
"operaciones cubiertas por B<CAP_DAC_OVERRIDE> y B<CAP_DAC_READ_SEARCH>;"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "set inode flags (see B<ioctl_iflags>(2))  on arbitrary files;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "set Access Control Lists (ACLs) on arbitrary files;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "ignore directory sticky bit on file deletion;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"modify I<user> extended attributes on sticky directory owned by any user;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"specify B<O_NOATIME> for arbitrary files in B<open>(2)  and B<fcntl>(2)."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_FSETID>"
msgstr "B<CAP_FSETID>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Don't clear set-user-ID and set-group-ID mode bits when a file is modified;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid ""
#| "Don't clear set-user-ID and set-group-ID bits when a file is modified; "
#| "permit setting of the set-group-ID bit for a file whose GID does not "
#| "match the file system or any of the supplementary GIDs of the calling "
#| "process."
msgid ""
"set the set-group-ID bit for a file whose GID does not match the filesystem "
"or any of the supplementary GIDs of the calling process."
msgstr ""
"No borra los bits set-user-ID y set-group-ID cuando se modifica un fichero; "
"permite establecer el bit set-group-ID para un fichero cuyo ID de grupo no "
"coincide con el del sistema de ficheros o cualquier otro ID de grupo "
"adicional del proceso invocador."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_IPC_LOCK>"
msgstr "B<CAP_IPC_LOCK>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid "Permit memory locking (B<mlock>(2), B<mlockall>(2), B<shmctl>(2))."
msgid "Lock memory (B<mlock>(2), B<mlockall>(2), B<mmap>(2), B<shmctl>(2));"
msgstr ""
"Permite el bloqueo en memoria (B<mlock>(2), B<mlockall>(2), B<shmctl>(2))."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid "Permit memory locking (B<mlock>(2), B<mlockall>(2), B<shmctl>(2))."
msgid ""
"Allocate memory using huge pages (B<memfd_create>(2), B<mmap>(2), "
"B<shmctl>(2))."
msgstr ""
"Permite el bloqueo en memoria (B<mlock>(2), B<mlockall>(2), B<shmctl>(2))."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_IPC_OWNER>"
msgstr "B<CAP_IPC_OWNER>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Bypass permission checks for operations on System V IPC objects."
msgstr ""
"Evita comprobaciones de permisos para las operaciones sobre objetos System V "
"IPC."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_KILL>"
msgstr "B<CAP_KILL>"

#.  FIXME . CAP_KILL also has an effect for threads + setting child
#.        termination signal to other than SIGCHLD: without this
#.        capability, the termination signal reverts to SIGCHLD
#.        if the child does an exec().  What is the rationale
#.        for this?
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid "Bypass permission checks for sending signals (see B<kill>(2))."
msgid ""
"Bypass permission checks for sending signals (see B<kill>(2)).  This "
"includes use of the B<ioctl>(2)  B<KDSIGACCEPT> operation."
msgstr "Evita comprobaciones de permisos para enviar señales (vea B<kill>(2))."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_LEASE> (since Linux 2.4)"
msgstr "B<CAP_LEASE> (desde Linux 2.4)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid ""
#| "(Linux 2.4 onwards)  Allow file leases to be established on arbitrary "
#| "files (see B<fcntl>(2))."
msgid "Establish leases on arbitrary files (see B<fcntl>(2))."
msgstr ""
"(Linux 2.4 en adelante)  Permite que se establezcan arriendos sobre ficheros "
"arbitrarios (vea B<fcntl>(2))."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_LINUX_IMMUTABLE>"
msgstr "B<CAP_LINUX_IMMUTABLE>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Set the B<FS_APPEND_FL> and B<FS_IMMUTABLE_FL> inode flags (see "
"B<ioctl_iflags>(2))."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_MAC_ADMIN> (since Linux 2.6.25)"
msgstr "B<CAP_MAC_ADMIN> (desde Linux 2.6.25)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Allow MAC configuration or state changes.  Implemented for the Smack Linux "
"Security Module (LSM)."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_MAC_OVERRIDE> (since Linux 2.6.25)"
msgstr "B<CAP_MAC_OVERRIDE> (desde Linux 2.6.25)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Override Mandatory Access Control (MAC).  Implemented for the Smack LSM."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_MKNOD> (since Linux 2.4)"
msgstr "B<CAP_MKNOD> (desde Linux 2.4)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid ""
#| "(Linux 2.4 onwards)  Allow creation of special files using B<mknod>(2)."
msgid "Create special files using B<mknod>(2)."
msgstr ""
"(Linux 2.4 en adelante) Permite la creación de ficheros especiales usando "
"B<mknod>(2)."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_NET_ADMIN>"
msgstr "B<CAP_NET_ADMIN>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Perform various network-related operations:"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "interface configuration;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "administration of IP firewall, masquerading, and accounting;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "modify routing tables;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "bind to any address for transparent proxying;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "set type-of-service (TOS);"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "clear driver statistics;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "set promiscuous mode;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "enabling multicasting;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"use B<setsockopt>(2)  to set the following socket options: B<SO_DEBUG>, "
"B<SO_MARK>, B<SO_PRIORITY> (for a priority outside the range 0 to 6), "
"B<SO_RCVBUFFORCE>, and B<SO_SNDBUFFORCE>."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_NET_BIND_SERVICE>"
msgstr "B<CAP_NET_BIND_SERVICE>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid ""
#| "Allow binding to Internet domain reserved socket ports (port numbers less "
#| "than 1024)."
msgid ""
"Bind a socket to Internet domain privileged ports (port numbers less than "
"1024)."
msgstr ""
"Permite ligar conectores a puertos reservados del dominio de Internet "
"(números de puerto menores que 1024)."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_NET_BROADCAST>"
msgstr "B<CAP_NET_BROADCAST>"

#.  FIXME Since Linux 4.2, there are use cases for netlink sockets
#.     commit 59324cf35aba5336b611074028777838a963d03b
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid "(Unused)  Allow socket broadcasting, and listening multicasts."
msgid "(Unused)  Make socket broadcasts, and listen to multicasts."
msgstr ""
"(No se usa) Permite la difusión universal (I<broadcasting>) de paquetes a "
"través de un conector y la escucha de paquetes multidestino."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_NET_RAW>"
msgstr "B<CAP_NET_RAW>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid "Permit use of RAW and PACKET sockets."
msgid "Use RAW and PACKET sockets;"
msgstr "Permite el uso de conectores de tipo RAW y PACKET."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "bind to any address for transparent proxying."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy, no-wrap
#| msgid "B<CAP_MKNOD> (since Linux 2.4)"
msgid "B<CAP_PERFMON> (since Linux 5.8)"
msgstr "B<CAP_MKNOD> (desde Linux 2.4)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Employ various performance-monitoring mechanisms, including:"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "call B<perf_event_open>(2);"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "employ various BPF operations that have performance implications."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"This capability was added in Linux 5.8 to separate out performance "
"monitoring functionality from the overloaded B<CAP_SYS_ADMIN> capability.  "
"See also the kernel source file I<Documentation/admin-guide/perf-security."
"rst>."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SETGID>"
msgstr "B<CAP_SETGID>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid ""
#| "Allow arbitrary manipulations of process GIDs and supplementary GID list; "
#| "allow forged GID when passing socket credentials via Unix domain sockets."
msgid ""
"Make arbitrary manipulations of process GIDs and supplementary GID list;"
msgstr ""
"Permite manipulaciones arbitrarias de los IDs de grupo y de la lista de IDs "
"de grupo adicionales de un proceso; permite el uso de IDs de grupo "
"falsificados cuando se pasan credenciales de conectores a través de "
"conectores de dominio Unix."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "forge GID when passing socket credentials via UNIX domain sockets;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"write a group ID mapping in a user namespace (see B<user_namespaces>(7))."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SETFCAP> (since Linux 2.6.24)"
msgstr "B<CAP_SETFCAP> (desde Linux 2.6.24)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Set arbitrary capabilities on a file."
msgstr ""

#.  commit db2e718a47984b9d71ed890eb2ea36ecf150de18
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Since Linux 5.12, this capability is also needed to map user ID 0 in a new "
"user namespace; see B<user_namespaces>(7)  for details."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SETPCAP>"
msgstr "B<CAP_SETPCAP>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If file capabilities are supported (i.e., since Linux 2.6.24): add any "
"capability from the calling thread's bounding set to its inheritable set; "
"drop capabilities from the bounding set (via B<prctl>(2)  "
"B<PR_CAPBSET_DROP>); make changes to the I<securebits> flags."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If file capabilities are not supported (i.e., before Linux 2.6.24): grant or "
"remove any capability in the caller's permitted capability set to or from "
"any other process.  (This property of B<CAP_SETPCAP> is not available when "
"the kernel is configured to support file capabilities, since B<CAP_SETPCAP> "
"has entirely different semantics for such kernels.)"
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SETUID>"
msgstr "B<CAP_SETUID>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid ""
#| "Allow arbitrary manipulations of process UIDs (B<setuid>(2), etc.); allow "
#| "forged UID when passing socket credentials via Unix domain sockets."
msgid ""
"Make arbitrary manipulations of process UIDs (B<setuid>(2), B<setreuid>(2), "
"B<setresuid>(2), B<setfsuid>(2));"
msgstr ""
"Permite manipulaciones arbitrarias de los IDs de usuario de los procesos "
"(B<setuid>(2), etc.); permite el uso de IDs de usuario falsificados cuando "
"se pasan credenciales de conectores a través de conectores de dominio Unix."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "forge UID when passing socket credentials via UNIX domain sockets;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"write a user ID mapping in a user namespace (see B<user_namespaces>(7))."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYS_ADMIN>"
msgstr "B<CAP_SYS_ADMIN>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"I<Note>: this capability is overloaded; see I<Notes to kernel developers> "
"below."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid ""
#| "Permit a range of system administration operations including: "
#| "B<quotactl>(2), B<mount>(2), B<swapon>(2)B<,> B<sethostname>(2), "
#| "B<setdomainname>(2), B<IPC_SET> and B<IPC_RMID> operations on arbitrary "
#| "System V IPC objects; allow forged UID when passing socket credentials."
msgid ""
"Perform a range of system administration operations including: "
"B<quotactl>(2), B<mount>(2), B<umount>(2), B<pivot_root>(2), B<swapon>(2), "
"B<swapoff>(2), B<sethostname>(2), and B<setdomainname>(2);"
msgstr ""
"Permite una variedad de operaciones de administración del sistema "
"incluyendo: B<quotactl>(2), B<mount>(2), B<swapon>(2)B<,> B<sethostname>(2), "
"B<setdomainname>(2), B<IPC_SET> y operaciones B<IPC_RMID> sobre objetos "
"arbitrarios IPC de System V; permite el uso de IDs de usuario falsificados "
"cuando se pasan credenciales de conectores."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"perform privileged B<syslog>(2)  operations (since Linux 2.6.37, "
"B<CAP_SYSLOG> should be used to permit such operations);"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "perform B<VM86_REQUEST_IRQ> B<vm86>(2)  command;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"access the same checkpoint/restore functionality that is governed by "
"B<CAP_CHECKPOINT_RESTORE> (but the latter, weaker capability is preferred "
"for accessing that functionality)."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"perform the same BPF operations as are governed by B<CAP_BPF> (but the "
"latter, weaker capability is preferred for accessing that functionality)."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"employ the same performance monitoring mechanisms as are governed by "
"B<CAP_PERFMON> (but the latter, weaker capability is preferred for accessing "
"that functionality)."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"perform B<IPC_SET> and B<IPC_RMID> operations on arbitrary System V IPC "
"objects;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "override B<RLIMIT_NPROC> resource limit;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"perform operations on I<trusted> and I<security> extended attributes (see "
"B<xattr>(7));"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "use B<lookup_dcookie>(2);"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"use B<ioprio_set>(2)  to assign B<IOPRIO_CLASS_RT> and (before Linux "
"2.6.25)  B<IOPRIO_CLASS_IDLE> I/O scheduling classes;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "forge PID when passing socket credentials via UNIX domain sockets;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"exceed I</proc/sys/fs/file-max>, the system-wide limit on the number of open "
"files, in system calls that open files (e.g., B<accept>(2), B<execve>(2), "
"B<open>(2), B<pipe>(2));"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"employ B<CLONE_*> flags that create new namespaces with B<clone>(2)  and "
"B<unshare>(2)  (but, since Linux 3.8, creating user namespaces does not "
"require any capability);"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "access privileged I<perf> event information;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"call B<setns>(2)  (requires B<CAP_SYS_ADMIN> in the I<target> namespace);"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "call B<fanotify_init>(2);"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"perform privileged B<KEYCTL_CHOWN> and B<KEYCTL_SETPERM> B<keyctl>(2)  "
"operations;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "perform B<madvise>(2)  B<MADV_HWPOISON> operation;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"employ the B<TIOCSTI> B<ioctl>(2)  to insert characters into the input queue "
"of a terminal other than the caller's controlling terminal;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "employ the obsolete B<nfsservctl>(2)  system call;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "employ the obsolete B<bdflush>(2)  system call;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "perform various privileged block-device B<ioctl>(2)  operations;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "perform various privileged filesystem B<ioctl>(2)  operations;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"perform privileged B<ioctl>(2)  operations on the I</dev/random> device (see "
"B<random>(4));"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"install a B<seccomp>(2)  filter without first having to set the "
"I<no_new_privs> thread attribute;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "modify allow/deny rules for device control groups;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"employ the B<ptrace>(2)  B<PTRACE_SECCOMP_GET_FILTER> operation to dump "
"tracee's seccomp filters;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"employ the B<ptrace>(2)  B<PTRACE_SETOPTIONS> operation to suspend the "
"tracee's seccomp protections (i.e., the B<PTRACE_O_SUSPEND_SECCOMP> flag);"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "perform administrative operations on many device drivers;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"modify autogroup nice values by writing to I</proc/>pidI</autogroup> (see "
"B<sched>(7))."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYS_BOOT>"
msgstr "B<CAP_SYS_BOOT>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Use B<reboot>(2)  and B<kexec_load>(2)."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYS_CHROOT>"
msgstr "B<CAP_SYS_CHROOT>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid "Permit calls to B<chroot>(2)."
msgid "Use B<chroot>(2);"
msgstr "Permite llamadas a B<chroot>(2)."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "change mount namespaces using B<setns>(2)."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYS_MODULE>"
msgstr "B<CAP_SYS_MODULE>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Load and unload kernel modules (see B<init_module>(2)  and "
"B<delete_module>(2));"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"before Linux 2.6.25: drop capabilities from the system-wide capability "
"bounding set."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYS_NICE>"
msgstr "B<CAP_SYS_NICE>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Lower the process nice value (B<nice>(2), B<setpriority>(2))  and change the "
"nice value for arbitrary processes;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid ""
#| "Allow raising process nice value (B<nice>(2), B<setpriority>(2))  and "
#| "changing of the nice value for arbitrary processes; allow setting of real-"
#| "time scheduling policies for calling process, and setting scheduling "
#| "policies and priorities for arbitrary processes "
#| "(B<sched_setscheduler>(2), B<sched_setparam>(2))."
msgid ""
"set real-time scheduling policies for calling process, and set scheduling "
"policies and priorities for arbitrary processes (B<sched_setscheduler>(2), "
"B<sched_setparam>(2), B<sched_setattr>(2));"
msgstr ""
"Permite aumentar el valor nice del proceso invocador (B<nice>(2), "
"B<setpriority>(2)) y cambiar el valor nice de procesos arbitrarios; permite "
"establecer políticas de planificación de tiempo real para el proceso "
"invocador y establecer políticas de planificación y prioridades para "
"procesos arbitrarios (B<sched_setscheduler>(2), B<sched_setparam>(2))."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "set CPU affinity for arbitrary processes (B<sched_setaffinity>(2));"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"set I/O scheduling class and priority for arbitrary processes "
"(B<ioprio_set>(2));"
msgstr ""

#
#.  FIXME CAP_SYS_NICE also has the following effect for
#.  migrate_pages(2):
#.      do_migrate_pages(mm, &old, &new,
#.          capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
#.  Document this.
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"apply B<migrate_pages>(2)  to arbitrary processes and allow processes to be "
"migrated to arbitrary nodes;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "apply B<move_pages>(2)  to arbitrary processes;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"use the B<MPOL_MF_MOVE_ALL> flag with B<mbind>(2)  and B<move_pages>(2)."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYS_PACCT>"
msgstr "B<CAP_SYS_PACCT>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid "Permit calls to B<acct>(2)."
msgid "Use B<acct>(2)."
msgstr "Permite llamadas a B<acct>(2)."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYS_PTRACE>"
msgstr "B<CAP_SYS_PTRACE>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid "Allow arbitrary processes to be traced using B<ptrace>(2)"
msgid "Trace arbitrary processes using B<ptrace>(2);"
msgstr ""
"Permite el seguimiento detallado de procesos arbitrarios usando B<ptrace>(2)."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "apply B<get_robust_list>(2)  to arbitrary processes;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"transfer data to or from the memory of arbitrary processes using "
"B<process_vm_readv>(2)  and B<process_vm_writev>(2);"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "inspect processes using B<kcmp>(2)."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYS_RAWIO>"
msgstr "B<CAP_SYS_RAWIO>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid "Permit I/O port operations (B<iopl>(2)  and B<ioperm>(2))."
msgid "Perform I/O port operations (B<iopl>(2)  and B<ioperm>(2));"
msgstr "Permite operaciones sobre puertos de E/S (B<iopl>(2) y B<ioperm>(2))."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "access I</proc/kcore>;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "employ the B<FIBMAP> B<ioctl>(2)  operation;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"open devices for accessing x86 model-specific registers (MSRs, see "
"B<msr>(4));"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "update I</proc/sys/vm/mmap_min_addr>;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"create memory mappings at addresses below the value specified by I</proc/sys/"
"vm/mmap_min_addr>;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "map files in I</proc/bus/pci>;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "open I</dev/mem> and I</dev/kmem>;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "perform various SCSI device commands;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "perform certain operations on B<hpsa>(4)  and B<cciss>(4)  devices;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "perform a range of device-specific operations on other devices."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYS_RESOURCE>"
msgstr "B<CAP_SYS_RESOURCE>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "Use reserved space on ext2 filesystems;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "make B<ioctl>(2)  calls controlling ext3 journaling;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "override disk quota limits;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "increase resource limits (see B<setrlimit>(2));"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "override maximum number of consoles on console allocation;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "override maximum number of keymaps;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "allow more than 64hz interrupts from the real-time clock;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"raise I<msg_qbytes> limit for a System V message queue above the limit in I</"
"proc/sys/kernel/msgmnb> (see B<msgop>(2)  and B<msgctl>(2));"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"allow the B<RLIMIT_NOFILE> resource limit on the number of \"in-flight\" "
"file descriptors to be bypassed when passing file descriptors to another "
"process via a UNIX domain socket (see B<unix>(7));"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"override the I</proc/sys/fs/pipe-size-max> limit when setting the capacity "
"of a pipe using the B<F_SETPIPE_SZ> B<fcntl>(2)  command;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"use B<F_SETPIPE_SZ> to increase the capacity of a pipe above the limit "
"specified by I</proc/sys/fs/pipe-max-size>;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"override I</proc/sys/fs/mqueue/queues_max>, I</proc/sys/fs/mqueue/msg_max>, "
"and I</proc/sys/fs/mqueue/msgsize_max> limits when creating POSIX message "
"queues (see B<mq_overview>(7));"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "employ the B<prctl>(2)  B<PR_SET_MM> operation;"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"set I</proc/>pidI</oom_score_adj> to a value lower than the value last set "
"by a process with B<CAP_SYS_RESOURCE>."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYS_TIME>"
msgstr "B<CAP_SYS_TIME>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid ""
#| "Allow modification of system clock (B<settimeofday>(2), B<adjtimex>(2)); "
#| "allow modification of real-time (hardware) clock"
msgid ""
"Set system clock (B<settimeofday>(2), B<stime>(2), B<adjtimex>(2)); set real-"
"time (hardware) clock."
msgstr ""
"Permite la modificación del reloj del sistema (B<settimeofday>(2), "
"B<adjtimex>(2)); permite la modificación del reloj de tiempo real (hardware)."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYS_TTY_CONFIG>"
msgstr "B<CAP_SYS_TTY_CONFIG>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Use B<vhangup>(2); employ various privileged B<ioctl>(2)  operations on "
"virtual terminals."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_SYSLOG> (since Linux 2.6.37)"
msgstr "B<CAP_SYSLOG> (desde Linux 2.6.37)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Perform privileged B<syslog>(2)  operations.  See B<syslog>(2)  for "
"information on which operations require privilege."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"View kernel addresses exposed via I</proc> and other interfaces when I</proc/"
"sys/kernel/kptr_restrict> has the value 1.  (See the discussion of the "
"I<kptr_restrict> in B<proc>(5).)"
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<CAP_WAKE_ALARM> (since Linux 3.0)"
msgstr "B<CAP_WAKE_ALARM> (desde Linux 3.0)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Trigger something that will wake up the system (set B<CLOCK_REALTIME_ALARM> "
"and B<CLOCK_BOOTTIME_ALARM> timers)."
msgstr ""

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Past and current implementation"
msgstr "Implementación actual y futura"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid "A full implementation of capabilities requires:"
msgid "A full implementation of capabilities requires that:"
msgstr "Una implementación completa de capacidades requiere:"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid ""
#| "that for all privileged operations, the kernel check whether the process "
#| "has the required capability in its effective set."
msgid ""
"For all privileged operations, the kernel must check whether the thread has "
"the required capability in its effective set."
msgstr ""
"que para todas las operaciones privilegiadas, el núcleo compruebe si el "
"proceso tiene la capacidad requerida en su conjunto efectivo."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid ""
#| "that the kernel provide system calls allowing a process's capability sets "
#| "to be changed and retrieved."
msgid ""
"The kernel must provide system calls allowing a thread's capability sets to "
"be changed and retrieved."
msgstr ""
"que el núcleo proporcione llamadas al sistema permitiendo modificar y "
"recuperar los conjuntos de capacidades de un proceso."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid ""
#| "file system support for attaching capabilities to an executable file, so "
#| "that a process gains those capabilities when the file is execed."
msgid ""
"The filesystem must support attaching capabilities to an executable file, so "
"that a process gains those capabilities when the file is executed."
msgstr ""
"el soporte del sistema de ficheros para asociar capacidades a un fichero "
"ejecutable, para que un proceso obtenga esas capacidades cuando el fichero "
"sea ejecutado mediante I<exec>."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Before Linux 2.6.24, only the first two of these requirements are met; since "
"Linux 2.6.24, all three requirements are met."
msgstr ""

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Notes to kernel developers"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"When adding a new kernel feature that should be governed by a capability, "
"consider the following points."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The goal of capabilities is divide the power of superuser into pieces, such "
"that if a program that has one or more capabilities is compromised, its "
"power to do damage to the system would be less than the same program running "
"with root privilege."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"You have the choice of either creating a new capability for your new "
"feature, or associating the feature with one of the existing capabilities.  "
"In order to keep the set of capabilities to a manageable size, the latter "
"option is preferable, unless there are compelling reasons to take the former "
"option.  (There is also a technical limit: the size of capability sets is "
"currently limited to 64 bits.)"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"To determine which existing capability might best be associated with your "
"new feature, review the list of capabilities above in order to find a "
"\"silo\" into which your new feature best fits.  One approach to take is to "
"determine if there are other features requiring capabilities that will "
"always be used along with the new feature.  If the new feature is useless "
"without these other features, you should use the same capability as the "
"other features."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"I<Don't> choose B<CAP_SYS_ADMIN> if you can possibly avoid it! A vast "
"proportion of existing capability checks are associated with this capability "
"(see the partial list above).  It can plausibly be called \"the new root\", "
"since on the one hand, it confers a wide range of powers, and on the other "
"hand, its broad scope means that this is the capability that is required by "
"many privileged programs.  Don't make the problem worse.  The only new "
"features that should be associated with B<CAP_SYS_ADMIN> are ones that "
"I<closely> match existing uses in that silo."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If you have determined that it really is necessary to create a new "
"capability for your feature, don't make or name it as a \"single-use\" "
"capability.  Thus, for example, the addition of the highly specific "
"B<CAP_SYS_PACCT> was probably a mistake.  Instead, try to identify and name "
"your new capability as a broader silo into which other related future use "
"cases might fit."
msgstr ""

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy, no-wrap
#| msgid "denotes a file capability set"
msgid "Thread capability sets"
msgstr "denota un conjunto de capacidades de fichero"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid ""
#| "Each process has three capability sets containing zero or more of the "
#| "above capabilities:"
msgid ""
"Each thread has the following capability sets containing zero or more of the "
"above capabilities:"
msgstr ""
"Cada proceso tiene tres conjuntos de capacidades conteniendo cero o más de "
"las capacidades citadas arriba:"

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "I<Permitted>"
msgstr "I<Permitidas>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"This is a limiting superset for the effective capabilities that the thread "
"may assume.  It is also a limiting superset for the capabilities that may be "
"added to the inheritable set by a thread that does not have the "
"B<CAP_SETPCAP> capability in its effective set."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If a thread drops a capability from its permitted set, it can never "
"reacquire that capability (unless it B<execve>(2)s either a set-user-ID-root "
"program, or a program whose associated file capabilities grant that "
"capability)."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy, no-wrap
#| msgid "I<Inherited>:"
msgid "I<Inheritable>"
msgstr "I<Heredadas>:"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"This is a set of capabilities preserved across an B<execve>(2).  Inheritable "
"capabilities remain inheritable when executing any program, and inheritable "
"capabilities are added to the permitted set when executing a program that "
"has the corresponding bits set in the file inheritable set."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Because inheritable capabilities are not generally preserved across "
"B<execve>(2)  when running as a non-root user, applications that wish to run "
"helper programs with elevated capabilities should consider using ambient "
"capabilities, described below."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "I<Effective>"
msgstr "I<Efectivas>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid ""
#| "the capabilities used by the kernel to perform permission checks for the "
#| "process."
msgid ""
"This is the set of capabilities used by the kernel to perform permission "
"checks for the thread."
msgstr ""
"las capacidades usadas por el núcleo para llevar a cabo comprobaciones de "
"permisos para el proceso."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "I<Bounding> (per-thread since Linux 2.6.25)"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The capability bounding set is a mechanism that can be used to limit the "
"capabilities that are gained during B<execve>(2)."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Since Linux 2.6.25, this is a per-thread capability set.  In older kernels, "
"the capability bounding set was a system wide attribute shared by all "
"threads on the system."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid "is the value of the capability bounding set."
msgid "For more details, see I<Capability bounding set> below."
msgstr "es el valor del conjunto limitador de capacidades."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "I<Ambient> (since Linux 4.3)"
msgstr "I<Ambient> (desde Linux 4.3)"

#.  commit 58319057b7847667f0c9585b9de0e8932b0fdb08
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"This is a set of capabilities that are preserved across an B<execve>(2)  of "
"a program that is not privileged.  The ambient capability set obeys the "
"invariant that no capability can ever be ambient if it is not both permitted "
"and inheritable."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The ambient capability set can be directly modified using B<prctl>(2).  "
"Ambient capabilities are automatically lowered if either of the "
"corresponding permitted or inheritable capabilities is lowered."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Executing a program that changes UID or GID due to the set-user-ID or set-"
"group-ID bits or executing a program that has any file capabilities set will "
"clear the ambient set.  Ambient capabilities are added to the permitted set "
"and assigned to the effective set when B<execve>(2)  is called.  If ambient "
"capabilities cause a process's permitted and effective capabilities to "
"increase during an B<execve>(2), this does not trigger the secure-execution "
"mode described in B<ld.so>(8)."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid ""
#| "A child created via B<fork>(2)  inherits copies of its parent's "
#| "capability sets."
msgid ""
"A child created via B<fork>(2)  inherits copies of its parent's capability "
"sets.  For details on how B<execve>(2)  affects capabilities, see "
"I<Transformation of capabilities during execve()> below."
msgstr ""
"Un hijo creado con B<fork>(2) hereda copias de los conjuntos de capacidades "
"del padre."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid ""
#| "Using B<capset>(2), a process may manipulate its own capability sets, or, "
#| "if it has the B<CAP_SETPCAP> capability, those of another process."
msgid ""
"Using B<capset>(2), a thread may manipulate its own capability sets; see "
"I<Programmatically adjusting capability sets> below."
msgstr ""
"Usando B<capset>(2), un proceso puede manipular su propio conjunto de "
"capacidades o, si tiene la capacidad B<CAP_SETPCAP>, los de otros procesos."

#.  commit 73efc0394e148d0e15583e13712637831f926720
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Since Linux 3.2, the file I</proc/sys/kernel/cap_last_cap> exposes the "
"numerical value of the highest capability supported by the running kernel; "
"this can be used to determine the highest bit that may be set in a "
"capability set."
msgstr ""

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "File capabilities"
msgstr "Capacidades de ficheros"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Since Linux 2.6.24, the kernel supports associating capability sets with an "
"executable file using B<setcap>(8).  The file capability sets are stored in "
"an extended attribute (see B<setxattr>(2)  and B<xattr>(7))  named "
"I<security.capability>.  Writing to this extended attribute requires the "
"B<CAP_SETFCAP> capability.  The file capability sets, in conjunction with "
"the capability sets of the thread, determine the capabilities of a thread "
"after an B<execve>(2)."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid "denotes a file capability set"
msgid "The three file capability sets are:"
msgstr "denota un conjunto de capacidades de fichero"

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "I<Permitted> (formerly known as I<forced>):"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid ""
#| "the capabilities automatically permitted to the process, regardless of "
#| "the process's inherited capabilities."
msgid ""
"These capabilities are automatically permitted to the thread, regardless of "
"the thread's inheritable capabilities."
msgstr ""
"las capacidades permitidas automáticamente al proceso, sin importar las "
"capacidades heredadas del proceso."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "I<Inheritable> (formerly known as I<allowed>):"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid ""
#| "this set is ANDed with the process's inherited set to determine which "
#| "inherited capabilities are permitted to the process after the exec."
msgid ""
"This set is ANDed with the thread's inheritable set to determine which "
"inheritable capabilities are enabled in the permitted set of the thread "
"after the B<execve>(2)."
msgstr ""
"a este conjunto se le aplica la operación AND con el conjunto heredado del "
"proceso para determinar qué capacidades heredadas le son permitidas al "
"proceso después del exec."

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "I<Effective>:"
msgstr "I<Efectivas>:"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"This is not a set, but rather just a single bit.  If this bit is set, then "
"during an B<execve>(2)  all of the new permitted capabilities for the thread "
"are also raised in the effective set.  If this bit is not set, then after an "
"B<execve>(2), none of the new permitted capabilities is in the new effective "
"set."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Enabling the file effective capability bit implies that any file permitted "
"or inheritable capability that causes a thread to acquire the corresponding "
"permitted capability during an B<execve>(2)  (see I<Transformation of "
"capabilities during execve()> below) will also acquire that capability in "
"its effective set.  Therefore, when assigning capabilities to a file "
"(B<setcap>(8), B<cap_set_file>(3), B<cap_set_fd>(3)), if we specify the "
"effective flag as being enabled for any capability, then the effective flag "
"must also be specified as enabled for all other capabilities for which the "
"corresponding permitted or inheritable flag is enabled."
msgstr ""

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "File capability extended attribute versioning"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"To allow extensibility, the kernel supports a scheme to encode a version "
"number inside the I<security.capability> extended attribute that is used to "
"implement file capabilities.  These version numbers are internal to the "
"implementation, and not directly visible to user-space applications.  To "
"date, the following versions are supported:"
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<VFS_CAP_REVISION_1>"
msgstr "B<VFS_CAP_REVISION_1>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"This was the original file capability implementation, which supported 32-bit "
"masks for file capabilities."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<VFS_CAP_REVISION_2> (since Linux 2.6.25)"
msgstr "B<VFS_CAP_REVISION_2> (desde Linux 2.6.25)"

#.  commit e338d263a76af78fe8f38a72131188b58fceb591
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"This version allows for file capability masks that are 64 bits in size, and "
"was necessary as the number of supported capabilities grew beyond 32.  The "
"kernel transparently continues to support the execution of files that have "
"32-bit version 1 capability masks, but when adding capabilities to files "
"that did not previously have capabilities, or modifying the capabilities of "
"existing files, it automatically uses the version 2 scheme (or possibly the "
"version 3 scheme, as described below)."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<VFS_CAP_REVISION_3> (since Linux 4.14)"
msgstr "B<VFS_CAP_REVISION_3> (desde Linux 4.14)"

#.  commit 8db6c34f1dbc8e06aa016a9b829b06902c3e1340
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Version 3 file capabilities are provided to support namespaced file "
"capabilities (described below)."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"As with version 2 file capabilities, version 3 capability masks are 64 bits "
"in size.  But in addition, the root user ID of namespace is encoded in the "
"I<security.capability> extended attribute.  (A namespace's root user ID is "
"the value that user ID 0 inside that namespace maps to in the initial user "
"namespace.)"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Version 3 file capabilities are designed to coexist with version 2 "
"capabilities; that is, on a modern Linux system, there may be some files "
"with version 2 capabilities while others have version 3 capabilities."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Before Linux 4.14, the only kind of file capability extended attribute that "
"could be attached to a file was a B<VFS_CAP_REVISION_2> attribute.  Since "
"Linux 4.14, the version of the I<security.capability> extended attribute "
"that is attached to a file depends on the circumstances in which the "
"attribute was created."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Starting with Linux 4.14, a I<security.capability> extended attribute is "
"automatically created as (or converted to)  a version 3 "
"(B<VFS_CAP_REVISION_3>)  attribute if both of the following are true:"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The thread writing the attribute resides in a noninitial user namespace.  "
"(More precisely: the thread resides in a user namespace other than the one "
"from which the underlying filesystem was mounted.)"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The thread has the B<CAP_SETFCAP> capability over the file inode, meaning "
"that (a) the thread has the B<CAP_SETFCAP> capability in its own user "
"namespace; and (b) the UID and GID of the file inode have mappings in the "
"writer's user namespace."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"When a B<VFS_CAP_REVISION_3> I<security.capability> extended attribute is "
"created, the root user ID of the creating thread's user namespace is saved "
"in the extended attribute."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"By contrast, creating or modifying a I<security.capability> extended "
"attribute from a privileged (B<CAP_SETFCAP>)  thread that resides in the "
"namespace where the underlying filesystem was mounted (this normally means "
"the initial user namespace)  automatically results in the creation of a "
"version 2 (B<VFS_CAP_REVISION_2>)  attribute."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Note that the creation of a version 3 I<security.capability> extended "
"attribute is automatic.  That is to say, when a user-space application "
"writes (B<setxattr>(2))  a I<security.capability> attribute in the version 2 "
"format, the kernel will automatically create a version 3 attribute if the "
"attribute is created in the circumstances described above.  Correspondingly, "
"when a version 3 I<security.capability> attribute is retrieved "
"(B<getxattr>(2))  by a process that resides inside a user namespace that was "
"created by the root user ID (or a descendant of that user namespace), the "
"returned attribute is (automatically)  simplified to appear as a version 2 "
"attribute (i.e., the returned value is the size of a version 2 attribute and "
"does not include the root user ID).  These automatic translations mean that "
"no changes are required to user-space tools (e.g., B<setcap>(1)  and "
"B<getcap>(1))  in order for those tools to be used to create and retrieve "
"version 3 I<security.capability> attributes."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Note that a file can have either a version 2 or a version 3 I<security."
"capability> extended attribute associated with it, but not both: creation or "
"modification of the I<security.capability> extended attribute will "
"automatically modify the version according to the circumstances in which the "
"extended attribute is created or modified."
msgstr ""

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Transformation of capabilities during execve()"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"During an B<execve>(2), the kernel calculates the new capabilities of the "
"process using the following algorithm:"
msgstr ""
"Durante un B<execve>(2), el núcleo calcula las nuevas capacidades del "
"proceso usando el siguiente algoritmo:"

#. type: Plain text
#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
#: opensuse-tumbleweed
#, no-wrap
msgid ""
"P'(ambient)     = (file is privileged) ? 0 : P(ambient)\n"
"\\&\n"
"P'(permitted)   = (P(inheritable) & F(inheritable)) |\n"
"                  (F(permitted) & P(bounding)) | P'(ambient)\n"
"\\&\n"
"P'(effective)   = F(effective) ? P'(permitted) : P'(ambient)\n"
"\\&\n"
"P'(inheritable) = P(inheritable)    [i.e., unchanged]\n"
"\\&\n"
"P'(bounding)    = P(bounding)       [i.e., unchanged]\n"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "where:"
msgstr "donde:"

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "P()"
msgstr "P()"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid "denotes the value of a process capability set before the exec"
msgid "denotes the value of a thread capability set before the B<execve>(2)"
msgstr ""
"denota el valor del conjunto de capacidades de un proceso antes del exec"

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "P'()"
msgstr "P'()"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid "denotes the value of a capability set after the exec"
msgid "denotes the value of a thread capability set after the B<execve>(2)"
msgstr ""
"denota el valor del conjunto de capacidades de un proceso después del exec"

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "F()"
msgstr "F()"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "denotes a file capability set"
msgstr "denota un conjunto de capacidades de fichero"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Note the following details relating to the above capability transformation "
"rules:"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The ambient capability set is present only since Linux 4.3.  When "
"determining the transformation of the ambient set during B<execve>(2), a "
"privileged file is one that has capabilities or has the set-user-ID or set-"
"group-ID bit set."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Prior to Linux 2.6.25, the bounding set was a system-wide attribute shared "
"by all threads.  That system-wide value was employed to calculate the new "
"permitted set during B<execve>(2)  in the same manner as shown above for "
"I<P(bounding)>."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"I<Note>: during the capability transitions described above, file "
"capabilities may be ignored (treated as empty) for the same reasons that the "
"set-user-ID and set-group-ID bits are ignored; see B<execve>(2).  File "
"capabilities are similarly ignored if the kernel was booted with the "
"I<no_file_caps> option."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"I<Note>: according to the rules above, if a process with nonzero user IDs "
"performs an B<execve>(2)  then any capabilities that are present in its "
"permitted and effective sets will be cleared.  For the treatment of "
"capabilities when a process with a user ID of zero performs an B<execve>(2), "
"see I<Capabilities and execution of programs by root> below."
msgstr ""

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Safety checking for capability-dumb binaries"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"A capability-dumb binary is an application that has been marked to have file "
"capabilities, but has not been converted to use the B<libcap>(3)  API to "
"manipulate its capabilities.  (In other words, this is a traditional set-"
"user-ID-root program that has been switched to use file capabilities, but "
"whose code has not been modified to understand capabilities.)  For such "
"applications, the effective capability bit is set on the file, so that the "
"file permitted capabilities are automatically enabled in the process "
"effective set when executing the file.  The kernel recognizes a file which "
"has the effective capability bit set as capability-dumb for the purpose of "
"the check described here."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"When executing a capability-dumb binary, the kernel checks if the process "
"obtained all permitted capabilities that were specified in the file "
"permitted set, after the capability transformations described above have "
"been performed.  (The typical reason why this might I<not> occur is that the "
"capability bounding set masked out some of the capabilities in the file "
"permitted set.)  If the process did not obtain the full set of file "
"permitted capabilities, then B<execve>(2)  fails with the error B<EPERM>.  "
"This prevents possible security risks that could arise when a capability-"
"dumb application is executed with less privilege than it needs.  Note that, "
"by definition, the application could not itself recognize this problem, "
"since it does not employ the B<libcap>(3)  API."
msgstr ""

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Capabilities and execution of programs by root"
msgstr ""

#.  See cap_bprm_set_creds(), bprm_caps_from_vfs_cap() and
#.  handle_privileged_root() in security/commoncap.c (Linux 5.0 source)
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"In order to mirror traditional UNIX semantics, the kernel performs special "
"treatment of file capabilities when a process with UID 0 (root) executes a "
"program and when a set-user-ID-root program is executed."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"After having performed any changes to the process effective ID that were "
"triggered by the set-user-ID mode bit of the binary\\[em]e.g., switching the "
"effective user ID to 0 (root) because a set-user-ID-root program was "
"executed\\[em]the kernel calculates the file capability sets as follows:"
msgstr ""

#. type: IP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "(1)"
msgstr "(1)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If the real or effective user ID of the process is 0 (root), then the file "
"inheritable and permitted sets are ignored; instead they are notionally "
"considered to be all ones (i.e., all capabilities enabled).  (There is one "
"exception to this behavior, described in I<Set-user-ID-root programs that "
"have file capabilities> below.)"
msgstr ""

#. type: IP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "(2)"
msgstr "(2)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If the effective user ID of the process is 0 (root) or the file effective "
"bit is in fact enabled, then the file effective bit is notionally defined to "
"be one (enabled)."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"These notional values for the file's capability sets are then used as "
"described above to calculate the transformation of the process's "
"capabilities during B<execve>(2)."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Thus, when a process with nonzero UIDs B<execve>(2)s a set-user-ID-root "
"program that does not have capabilities attached, or when a process whose "
"real and effective UIDs are zero B<execve>(2)s a program, the calculation of "
"the process's new permitted capabilities simplifies to:"
msgstr ""

#. type: Plain text
#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
#: opensuse-tumbleweed
#, fuzzy, no-wrap
#| msgid "P'(inherited) = P(inherited)    [i.e., unchanged]\n"
msgid ""
"P'(permitted)   = P(inheritable) | P(bounding)\n"
"\\&\n"
"P'(effective)   = P'(permitted)\n"
msgstr "P'(heredadas) = P(heredadas)    [i.e., no se modifica]\n"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Consequently, the process gains all capabilities in its permitted and "
"effective capability sets, except those masked out by the capability "
"bounding set.  (In the calculation of P'(permitted), the P'(ambient) term "
"can be simplified away because it is by definition a proper subset of "
"P(inheritable).)"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The special treatments of user ID 0 (root) described in this subsection can "
"be disabled using the securebits mechanism described below."
msgstr ""

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Set-user-ID-root programs that have file capabilities"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"There is one exception to the behavior described in I<Capabilities and "
"execution of programs by root> above.  If (a) the binary that is being "
"executed has capabilities attached and (b) the real user ID of the process "
"is I<not> 0 (root) and (c) the effective user ID of the process I<is> 0 "
"(root), then the file capability bits are honored (i.e., they are not "
"notionally considered to be all ones).  The usual way in which this "
"situation can arise is when executing a set-UID-root program that also has "
"file capabilities.  When such a program is executed, the process gains just "
"the capabilities granted by the program (i.e., not all capabilities, as "
"would occur when executing a set-user-ID-root program that does not have any "
"associated file capabilities)."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Note that one can assign empty capability sets to a program file, and thus "
"it is possible to create a set-user-ID-root program that changes the "
"effective and saved set-user-ID of the process that executes the program to "
"0, but confers no capabilities to that process."
msgstr ""

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Capability bounding set"
msgstr "Conjunto limitador de capacidades"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The capability bounding set is a security mechanism that can be used to "
"limit the capabilities that can be gained during an B<execve>(2).  The "
"bounding set is used in the following ways:"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"During an B<execve>(2), the capability bounding set is ANDed with the file "
"permitted capability set, and the result of this operation is assigned to "
"the thread's permitted capability set.  The capability bounding set thus "
"places a limit on the permitted capabilities that may be granted by an "
"executable file."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"(Since Linux 2.6.25)  The capability bounding set acts as a limiting "
"superset for the capabilities that a thread can add to its inheritable set "
"using B<capset>(2).  This means that if a capability is not in the bounding "
"set, then a thread can't add this capability to its inheritable set, even if "
"it was in its permitted capabilities, and thereby cannot have this "
"capability preserved in its permitted set when it B<execve>(2)s a file that "
"has the capability in its inheritable set."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Note that the bounding set masks the file permitted capabilities, but not "
"the inheritable capabilities.  If a thread maintains a capability in its "
"inheritable set that is not in its bounding set, then it can still gain that "
"capability in its permitted set by executing a file that has the capability "
"in its inheritable set."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Depending on the kernel version, the capability bounding set is either a "
"system-wide attribute, or a per-process attribute."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid "Capability bounding set"
msgid "B<Capability bounding set from Linux 2.6.25 onward>"
msgstr "Conjunto limitador de capacidades"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"From Linux 2.6.25, the I<capability bounding set> is a per-thread "
"attribute.  (The system-wide capability bounding set described below no "
"longer exists.)"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The bounding set is inherited at B<fork>(2)  from the thread's parent, and "
"is preserved across an B<execve>(2)."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"A thread may remove capabilities from its capability bounding set using the "
"B<prctl>(2)  B<PR_CAPBSET_DROP> operation, provided it has the "
"B<CAP_SETPCAP> capability.  Once a capability has been dropped from the "
"bounding set, it cannot be restored to that set.  A thread can determine if "
"a capability is in its bounding set using the B<prctl>(2)  "
"B<PR_CAPBSET_READ> operation."
msgstr ""

#.  commit b3a222e52e4d4be77cc4520a57af1a4a0d8222d1
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Removing capabilities from the bounding set is supported only if file "
"capabilities are compiled into the kernel.  Before Linux 2.6.33, file "
"capabilities were an optional feature configurable via the "
"B<CONFIG_SECURITY_FILE_CAPABILITIES> option.  Since Linux 2.6.33, the "
"configuration option has been removed and file capabilities are always part "
"of the kernel.  When file capabilities are compiled into the kernel, the "
"B<init> process (the ancestor of all processes) begins with a full bounding "
"set.  If file capabilities are not compiled into the kernel, then B<init> "
"begins with a full bounding set minus B<CAP_SETPCAP>, because this "
"capability has a different meaning when there are no file capabilities."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Removing a capability from the bounding set does not remove it from the "
"thread's inheritable set.  However it does prevent the capability from being "
"added back into the thread's inheritable set in the future."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid "Capability bounding set"
msgid "B<Capability bounding set prior to Linux 2.6.25>"
msgstr "Conjunto limitador de capacidades"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Before Linux 2.6.25, the capability bounding set is a system-wide attribute "
"that affects all threads on the system.  The bounding set is accessible via "
"the file I</proc/sys/kernel/cap-bound>.  (Confusingly, this bit mask "
"parameter is expressed as a signed decimal number in I</proc/sys/kernel/cap-"
"bound>.)"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Only the B<init> process may set capabilities in the capability bounding "
"set; other than that, the superuser (more precisely: a process with the "
"B<CAP_SYS_MODULE> capability) may only clear capabilities from this set."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"On a standard system the capability bounding set always masks out the "
"B<CAP_SETPCAP> capability.  To remove this restriction (dangerous!), modify "
"the definition of B<CAP_INIT_EFF_SET> in I<include/linux/capability.h> and "
"rebuild the kernel."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid "Capability bounding set"
msgid ""
"The system-wide capability bounding set feature was added to Linux 2.2.11."
msgstr "Conjunto limitador de capacidades"

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Effect of user ID changes on capabilities"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"To preserve the traditional semantics for transitions between 0 and nonzero "
"user IDs, the kernel makes the following changes to a thread's capability "
"sets on changes to the thread's real, effective, saved set, and filesystem "
"user IDs (using B<setuid>(2), B<setresuid>(2), or similar):"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If one or more of the real, effective, or saved set user IDs was previously "
"0, and as a result of the UID changes all of these IDs have a nonzero value, "
"then all capabilities are cleared from the permitted, effective, and ambient "
"capability sets."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If the effective user ID is changed from 0 to nonzero, then all capabilities "
"are cleared from the effective set."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If the effective user ID is changed from nonzero to 0, then the permitted "
"set is copied to the effective set."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If the filesystem user ID is changed from 0 to nonzero (see B<setfsuid>(2)), "
"then the following capabilities are cleared from the effective set: "
"B<CAP_CHOWN>, B<CAP_DAC_OVERRIDE>, B<CAP_DAC_READ_SEARCH>, B<CAP_FOWNER>, "
"B<CAP_FSETID>, B<CAP_LINUX_IMMUTABLE> (since Linux 2.6.30), "
"B<CAP_MAC_OVERRIDE>, and B<CAP_MKNOD> (since Linux 2.6.30).  If the "
"filesystem UID is changed from nonzero to 0, then any of these capabilities "
"that are enabled in the permitted set are enabled in the effective set."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If a thread that has a 0 value for one or more of its user IDs wants to "
"prevent its permitted capability set being cleared when it resets all of its "
"user IDs to nonzero values, it can do so using the B<SECBIT_KEEP_CAPS> "
"securebits flag described below."
msgstr ""

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Programmatically adjusting capability sets"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"A thread can retrieve and change its permitted, effective, and inheritable "
"capability sets using the B<capget>(2)  and B<capset>(2)  system calls.  "
"However, the use of B<cap_get_proc>(3)  and B<cap_set_proc>(3), both "
"provided in the I<libcap> package, is preferred for this purpose.  The "
"following rules govern changes to the thread capability sets:"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If the caller does not have the B<CAP_SETPCAP> capability, the new "
"inheritable set must be a subset of the combination of the existing "
"inheritable and permitted sets."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"(Since Linux 2.6.25)  The new inheritable set must be a subset of the "
"combination of the existing inheritable set and the capability bounding set."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The new permitted set must be a subset of the existing permitted set (i.e., "
"it is not possible to acquire permitted capabilities that the thread does "
"not currently have)."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "The new effective set must be a subset of the new permitted set."
msgstr ""

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "The securebits flags: establishing a capabilities-only environment"
msgstr ""

#.  For some background:
#.        see http://lwn.net/Articles/280279/ and
#.        http://article.gmane.org/gmane.linux.kernel.lsm/5476/
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Starting with Linux 2.6.26, and with a kernel in which file capabilities are "
"enabled, Linux implements a set of per-thread I<securebits> flags that can "
"be used to disable special handling of capabilities for UID 0 (I<root>).  "
"These flags are as follows:"
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<SECBIT_KEEP_CAPS>"
msgstr "B<SECBIT_KEEP_CAPS>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Setting this flag allows a thread that has one or more 0 UIDs to retain "
"capabilities in its permitted set when it switches all of its UIDs to "
"nonzero values.  If this flag is not set, then such a UID switch causes the "
"thread to lose all permitted capabilities.  This flag is always cleared on "
"an B<execve>(2)."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Note that even with the B<SECBIT_KEEP_CAPS> flag set, the effective "
"capabilities of a thread are cleared when it switches its effective UID to a "
"nonzero value.  However, if the thread has set this flag and its effective "
"UID is already nonzero, and the thread subsequently switches all other UIDs "
"to nonzero values, then the effective capabilities will not be cleared."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The setting of the B<SECBIT_KEEP_CAPS> flag is ignored if the "
"B<SECBIT_NO_SETUID_FIXUP> flag is set.  (The latter flag provides a superset "
"of the effect of the former flag.)"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"This flag provides the same functionality as the older B<prctl>(2)  "
"B<PR_SET_KEEPCAPS> operation."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<SECBIT_NO_SETUID_FIXUP>"
msgstr "B<SECBIT_NO_SETUID_FIXUP>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Setting this flag stops the kernel from adjusting the process's permitted, "
"effective, and ambient capability sets when the thread's effective and "
"filesystem UIDs are switched between zero and nonzero values.  See I<Effect "
"of user ID changes on capabilities> above."
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<SECBIT_NOROOT>"
msgstr "B<SECBIT_NOROOT>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If this bit is set, then the kernel does not grant capabilities when a set-"
"user-ID-root program is executed, or when a process with an effective or "
"real UID of 0 calls B<execve>(2).  (See I<Capabilities and execution of "
"programs by root> above.)"
msgstr ""

#. type: TP
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "B<SECBIT_NO_CAP_AMBIENT_RAISE>"
msgstr "B<SECBIT_NO_CAP_AMBIENT_RAISE>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Setting this flag disallows raising ambient capabilities via the "
"B<prctl>(2)  B<PR_CAP_AMBIENT_RAISE> operation."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Each of the above \"base\" flags has a companion \"locked\" flag.  Setting "
"any of the \"locked\" flags is irreversible, and has the effect of "
"preventing further changes to the corresponding \"base\" flag.  The locked "
"flags are: B<SECBIT_KEEP_CAPS_LOCKED>, B<SECBIT_NO_SETUID_FIXUP_LOCKED>, "
"B<SECBIT_NOROOT_LOCKED>, and B<SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED>."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The I<securebits> flags can be modified and retrieved using the B<prctl>(2)  "
"B<PR_SET_SECUREBITS> and B<PR_GET_SECUREBITS> operations.  The "
"B<CAP_SETPCAP> capability is required to modify the flags.  Note that the "
"B<SECBIT_*> constants are available only after including the I<E<lt>linux/"
"securebits.hE<gt>> header file."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The I<securebits> flags are inherited by child processes.  During an "
"B<execve>(2), all of the flags are preserved, except B<SECBIT_KEEP_CAPS> "
"which is always cleared."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"An application can use the following call to lock itself, and all of its "
"descendants, into an environment where the only way of gaining capabilities "
"is by executing a program with associated file capabilities:"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid ""
"prctl(PR_SET_SECUREBITS,\n"
"        /* SECBIT_KEEP_CAPS off */\n"
"        SECBIT_KEEP_CAPS_LOCKED |\n"
"        SECBIT_NO_SETUID_FIXUP |\n"
"        SECBIT_NO_SETUID_FIXUP_LOCKED |\n"
"        SECBIT_NOROOT |\n"
"        SECBIT_NOROOT_LOCKED);\n"
"        /* Setting/locking SECBIT_NO_CAP_AMBIENT_RAISE\n"
"           is not required */\n"
msgstr ""

#. type: SS
#: archlinux debian-unstable fedora-rawhide opensuse-tumbleweed
#, no-wrap
msgid "Per-user-namespace \\[dq]set-user-ID-root\\[dq] programs"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"A set-user-ID program whose UID matches the UID that created a user "
"namespace will confer capabilities in the process's permitted and effective "
"sets when executed by any process inside that namespace or any descendant "
"user namespace."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The rules about the transformation of the process's capabilities during the "
"B<execve>(2)  are exactly as described in I<Transformation of capabilities "
"during execve()> and I<Capabilities and execution of programs by root> "
"above, with the difference that, in the latter subsection, \"root\" is the "
"UID of the creator of the user namespace."
msgstr ""

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy, no-wrap
#| msgid "denotes a file capability set"
msgid "Namespaced file capabilities"
msgstr "denota un conjunto de capacidades de fichero"

#.  commit 8db6c34f1dbc8e06aa016a9b829b06902c3e1340
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Traditional (i.e., version 2) file capabilities associate only a set of "
"capability masks with a binary executable file.  When a process executes a "
"binary with such capabilities, it gains the associated capabilities (within "
"its user namespace)  as per the rules described in I<Transformation of "
"capabilities during execve()> above."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Because version 2 file capabilities confer capabilities to the executing "
"process regardless of which user namespace it resides in, only privileged "
"processes are permitted to associate capabilities with a file.  Here, "
"\"privileged\" means a process that has the B<CAP_SETFCAP> capability in the "
"user namespace where the filesystem was mounted (normally the initial user "
"namespace).  This limitation renders file capabilities useless for certain "
"use cases.  For example, in user-namespaced containers, it can be desirable "
"to be able to create a binary that confers capabilities only to processes "
"executed inside that container, but not to processes that are executed "
"outside the container."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Linux 4.14 added so-called namespaced file capabilities to support such use "
"cases.  Namespaced file capabilities are recorded as version 3 (i.e., "
"B<VFS_CAP_REVISION_3>)  I<security.capability> extended attributes.  Such an "
"attribute is automatically created in the circumstances described in I<File "
"capability extended attribute versioning> above.  When a version 3 "
"I<security.capability> extended attribute is created, the kernel records not "
"just the capability masks in the extended attribute, but also the namespace "
"root user ID."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"As with a binary that has B<VFS_CAP_REVISION_2> file capabilities, a binary "
"with B<VFS_CAP_REVISION_3> file capabilities confers capabilities to a "
"process during B<execve>().  However, capabilities are conferred only if the "
"binary is executed by a process that resides in a user namespace whose UID 0 "
"maps to the root user ID that is saved in the extended attribute, or when "
"executed by a process that resides in a descendant of such a namespace."
msgstr ""

#. type: SS
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "Interaction with user namespaces"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"For further information on the interaction of capabilities and user "
"namespaces, see B<user_namespaces>(7)."
msgstr ""

#. type: SH
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "STANDARDS"
msgstr "ESTÁNDARES"

#. type: Plain text
#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
#: opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid ""
#| "No standards govern capabilities, but the Linux capability implementation "
#| "is based on the withdrawn POSIX.1e draft standard; see E<.UR https://"
#| "archive.org\\:/details\\:/posix_1003.1e-990310> E<.UE .>"
msgid ""
"No standards govern capabilities, but the Linux capability implementation is "
"based on the withdrawn E<.UR https://archive.org\\:/details\\:/"
"posix_1003.1e-990310> POSIX.1e draft standard E<.UE .>"
msgstr ""
"Ningún estándar determina las capacidades, aunque la implementación de "
"capacidades de Linux se basa en el retraído borrador del estándar POSIX.1e; "
"vea E<.UR https://archive.org\\:/details\\:/posix_1003.1e-990310> E<.UE .>"

#. type: SH
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "NOTES"
msgstr "NOTAS"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"When attempting to B<strace>(1)  binaries that have capabilities (or set-"
"user-ID-root binaries), you may find the I<-u E<lt>usernameE<gt>> option "
"useful.  Something like:"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "$ B<sudo strace -o trace.log -u ceci ./myprivprog>\n"
msgstr "$ B<sudo strace -o trace.log -u ceci ./myprivprog>\n"

#.  commit 5915eb53861c5776cfec33ca4fcc1fd20d66dd27 removed
#.  CONFIG_SECURITY_CAPABILITIES
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"From Linux 2.5.27 to Linux 2.6.26, capabilities were an optional kernel "
"component, and could be enabled/disabled via the "
"B<CONFIG_SECURITY_CAPABILITIES> kernel configuration option."
msgstr ""

#.  7b9a7ec565505699f503b4fcf61500dceb36e744
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"The I</proc/>pidI</task/TID/status> file can be used to view the capability "
"sets of a thread.  The I</proc/>pidI</status> file shows the capability sets "
"of a process's main thread.  Before Linux 3.8, nonexistent capabilities were "
"shown as being enabled (1) in these sets.  Since Linux 3.8, all nonexistent "
"capabilities (above B<CAP_LAST_CAP>)  are shown as disabled (0)."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid ""
#| "The I<libcap> package provides a suite of routines for setting and "
#| "getting process capabilities that is more comfortable and less likely to "
#| "change than the interface provided by B<capset>(2)  and B<capget>(2)."
msgid ""
"The I<libcap> package provides a suite of routines for setting and getting "
"capabilities that is more comfortable and less likely to change than the "
"interface provided by B<capset>(2)  and B<capget>(2).  This package also "
"provides the B<setcap>(8)  and B<getcap>(8)  programs.  It can be found at"
msgstr ""
"El paquete I<libcap> ofrece un conjunto de rutinas para establecer y obtener "
"las capacidades de un proceso que resultan más cómodas y con menos "
"probabilidad de cambiar que la interfaz provista por B<capset>(2) y "
"B<capget>(2)."

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"E<.UR https://git.kernel.org\\:/pub\\:/scm\\:/libs\\:/libcap\\:/libcap."
"git\\:/refs/> E<.UE .>"
msgstr ""
"E<.UR https://git.kernel.org\\:/pub\\:/scm\\:/libs\\:/libcap\\:/libcap."
"git\\:/refs/> E<.UE .>"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"Before Linux 2.6.24, and from Linux 2.6.24 to Linux 2.6.32 if file "
"capabilities are not enabled, a thread with the B<CAP_SETPCAP> capability "
"can manipulate the capabilities of threads other than itself.  However, this "
"is only theoretically possible, since no thread ever has B<CAP_SETPCAP> in "
"either of these cases:"
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"In the pre-2.6.25 implementation the system-wide capability bounding set, I</"
"proc/sys/kernel/cap-bound>, always masks out the B<CAP_SETPCAP> capability, "
"and this can not be changed without modifying the kernel source and "
"rebuilding the kernel."
msgstr ""

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid ""
"If file capabilities are disabled (i.e., the kernel "
"B<CONFIG_SECURITY_FILE_CAPABILITIES> option is disabled), then B<init> "
"starts out with the B<CAP_SETPCAP> capability removed from its per-process "
"bounding set, and that bounding set is inherited by all other processes "
"created on the system."
msgstr ""

#. type: SH
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, no-wrap
msgid "SEE ALSO"
msgstr "VÉASE TAMBIÉN"

#.  from libcap-ng
#.  from libcap-ng
#.  from libcap-ng
#.  from libcap-ng
#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
#, fuzzy
#| msgid ""
#| "B<capsh>(1), B<setpriv>(1), B<prctl>(2), B<setfsuid>(2), B<cap_clear>(3), "
#| "B<cap_copy_ext>(3), B<cap_from_text>(3), B<cap_get_file>(3), "
#| "B<cap_get_proc>(3), B<cap_init>(3), B<capgetp>(3), B<capsetp>(3), "
#| "B<libcap>(3), B<proc>(5), B<credentials>(7), B<pthreads>(7), "
#| "B<user_namespaces>(7), B<captest>(8), B<filecap>(8), B<getcap>(8), "
#| "B<netcap>(8), B<pscap>(8), B<setcap>(8)"
msgid ""
"B<capsh>(1), B<setpriv>(1), B<prctl>(2), B<setfsuid>(2), B<cap_clear>(3), "
"B<cap_copy_ext>(3), B<cap_from_text>(3), B<cap_get_file>(3), "
"B<cap_get_proc>(3), B<cap_init>(3), B<capgetp>(3), B<capsetp>(3), "
"B<libcap>(3), B<proc>(5), B<credentials>(7), B<pthreads>(7), "
"B<user_namespaces>(7), B<captest>(8), B<filecap>(8), B<getcap>(8), "
"B<getpcaps>(8), B<netcap>(8), B<pscap>(8), B<setcap>(8)"
msgstr ""
"B<capsh>(1), B<setpriv>(1), B<prctl>(2), B<setfsuid>(2), B<cap_clear>(3), "
"B<cap_copy_ext>(3), B<cap_from_text>(3), B<cap_get_file>(3), "
"B<cap_get_proc>(3), B<cap_init>(3), B<capgetp>(3), B<capsetp>(3), "
"B<libcap>(3), B<proc>(5), B<credentials>(7), B<pthreads>(7), "
"B<user_namespaces>(7), B<captest>(8), B<filecap>(8), B<getcap>(8), "
"B<netcap>(8), B<pscap>(8), B<setcap>(8)"

#. type: Plain text
#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide
#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed
msgid "I<include/linux/capability.h> in the Linux kernel source tree"
msgstr ""

#. type: TH
#: debian-bookworm
#, no-wrap
msgid "2023-02-05"
msgstr "5 Febrero 2023"

#. type: TH
#: debian-bookworm
#, no-wrap
msgid "Linux man-pages 6.03"
msgstr "Páginas de Manual de Linux 6.03"

#. type: Plain text
#: debian-bookworm opensuse-leap-15-6
#, no-wrap
msgid "P'(ambient)     = (file is privileged) ? 0 : P(ambient)\n"
msgstr ""

#. type: Plain text
#: debian-bookworm opensuse-leap-15-6
#, fuzzy, no-wrap
#| msgid "P'(permitted) = (P(inherited) & F(allowed)) | (F(forced) & cap_bset)\n"
msgid ""
"P'(permitted)   = (P(inheritable) & F(inheritable)) |\n"
"                  (F(permitted) & P(bounding)) | P'(ambient)\n"
msgstr "P'(permitidas) = (P(heredadas) & F(permitidas)) | (F(forzadas) & cap_bset)\n"

#. type: Plain text
#: debian-bookworm opensuse-leap-15-6
#, fuzzy, no-wrap
#| msgid "P'(effective) = P'(permitted) & F(effective)\n"
msgid "P'(effective)   = F(effective) ? P'(permitted) : P'(ambient)\n"
msgstr "P'(efectivas) = P'(permitidas) & F(efectivas)\n"

#. type: Plain text
#: debian-bookworm opensuse-leap-15-6
#, fuzzy, no-wrap
#| msgid "P'(inherited) = P(inherited)    [i.e., unchanged]\n"
msgid "P'(inheritable) = P(inheritable)    [i.e., unchanged]\n"
msgstr "P'(heredadas) = P(heredadas)    [i.e., no se modifica]\n"

#. type: Plain text
#: debian-bookworm opensuse-leap-15-6
#, fuzzy, no-wrap
#| msgid "P'(inherited) = P(inherited)    [i.e., unchanged]\n"
msgid "P'(bounding)    = P(bounding)       [i.e., unchanged]\n"
msgstr "P'(heredadas) = P(heredadas)    [i.e., no se modifica]\n"

#. type: Plain text
#: debian-bookworm opensuse-leap-15-6
#, fuzzy, no-wrap
#| msgid "P'(inherited) = P(inherited)    [i.e., unchanged]\n"
msgid "P'(permitted)   = P(inheritable) | P(bounding)\n"
msgstr "P'(heredadas) = P(heredadas)    [i.e., no se modifica]\n"

#. type: Plain text
#: debian-bookworm opensuse-leap-15-6
#, no-wrap
msgid "P'(effective)   = P'(permitted)\n"
msgstr "P'(efectivas) = P'(permitidas)\n"

#. type: SS
#: debian-bookworm fedora-40 mageia-cauldron opensuse-leap-15-6
#, no-wrap
msgid "Per-user-namespace \"set-user-ID-root\" programs"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"No standards govern capabilities, but the Linux capability implementation is "
"based on the withdrawn POSIX.1e draft standard; see E<.UR https://archive."
"org\\:/details\\:/posix_1003.1e-990310> E<.UE .>"
msgstr ""
"Ningún estándar determina las capacidades, aunque la implementación de "
"capacidades de Linux se basa en el retraído borrador del estándar POSIX.1e; "
"vea E<.UR https://archive.org\\:/details\\:/posix_1003.1e-990310> E<.UE .>"

#. type: TH
#: fedora-40 mageia-cauldron
#, no-wrap
msgid "2023-10-31"
msgstr "31 Octubre 2023"

#. type: TH
#: fedora-40 mageia-cauldron
#, no-wrap
msgid "Linux man-pages 6.06"
msgstr "Páginas de Manual de Linux 6.06"

#. type: TH
#: fedora-rawhide
#, no-wrap
msgid "2024-02-25"
msgstr "25 Febrero 2024"

#. type: TH
#: fedora-rawhide
#, no-wrap
msgid "Linux man-pages 6.7"
msgstr "Páginas de Manual de Linux 6.7"

#. type: TH
#: opensuse-leap-15-6
#, no-wrap
msgid "2023-03-17"
msgstr "17 Marzo 2023"

#. type: TH
#: opensuse-leap-15-6
#, no-wrap
msgid "Linux man-pages 6.04"
msgstr "Páginas de Manual de Linux 6.04"

#. type: TH
#: opensuse-tumbleweed
#, no-wrap
msgid "Linux man-pages (unreleased)"
msgstr "Páginas de Manual de Linux (no publicadas)"