# French translation of manpages # This file is distributed under the same license as the manpages-l10n package. # Copyright © of this file: # Christophe Blaess , 1996-2003. # Stéphan Rafin , 2002. # Thierry Vignaud , 1999, 2002. # François Micaux, 2002. # Alain Portal , 2003-2008. # Jean-Philippe Guérard , 2005-2006. # Jean-Luc Coulon (f5ibh) , 2006-2007. # Julien Cristau , 2006-2007. # Thomas Huriaux , 2006-2008. # Nicolas François , 2006-2008. # Florentin Duneau , 2006-2010. # Simon Paillard , 2006, 2013-2014. # Denis Barbier , 2006, 2010. # David Prévot , 2010-2014. # Jean-Philippe MENGUAL , 2021-2023. # Jean-Pierre Giraud , 2023-2024. msgid "" msgstr "" "Project-Id-Version: manpages-l10n 4.22.0\n" "POT-Creation-Date: 2024-06-01 06:20+0200\n" "PO-Revision-Date: 2024-06-02 11:09+0200\n" "Last-Translator: Jean-Pierre Giraud \n" "Language-Team: French \n" "Language: fr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n > 1;\n" "X-Generator: Lokalize 22.12.3\n" #. type: TH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "seccomp" msgstr "seccomp" #. type: TH #: archlinux debian-unstable opensuse-tumbleweed #, no-wrap msgid "2024-05-02" msgstr "2 mai 2024" #. type: TH #: archlinux debian-unstable #, no-wrap msgid "Linux man-pages 6.8" msgstr "Pages du manuel de Linux 6.8" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "NAME" msgstr "NOM" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "seccomp - operate on Secure Computing state of the process" msgstr "" "seccomp - Agir sur l'état de calcul sécurisé (Secure Computing State) du " "processus" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "LIBRARY" msgstr "BIBLIOTHÈQUE" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Standard C library (I, I<-lc>)" msgstr "Bibliothèque C standard (I, I<-lc>)" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "SYNOPSIS" msgstr "SYNOPSIS" #. Kees Cook noted: Anything that uses SECCOMP_RET_TRACE returns will #. need #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "B<#include Elinux/seccomp.hE> /* Definition of B constants */\n" "B<#include Elinux/filter.hE> /* Definition of B */\n" "B<#include Elinux/audit.hE> /* Definition of B constants */\n" "B<#include Elinux/signal.hE> /* Definition of B constants */\n" "B<#include Esys/ptrace.hE> /* Definition of B constants */\n" "B<#include Esys/syscall.hE> /* Definition of B constants */\n" "B<#include Eunistd.hE>\n" msgstr "" "B<#include Elinux/seccomp.hE> /* Définition des constantes B */\n" "B<#include Elinux/filter.hE> /* Définition de B */\n" "B<#include Elinux/audit.hE> /* Définition des constantes B */\n" "B<#include Elinux/signal.hE> /* Définition des constantes B */\n" "B<#include Esys/ptrace.hE> /* Définition des constantes B */\n" "B<#include Esys/syscall.hE> /* Définition des constantes B */\n" "B<#include Eunistd.hE>\n" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "BIB<, unsigned int >IB<,>\n" "B< void *>IB<);>\n" msgstr "" "BIB<, unsigned int >IB<,>\n" "B< void *>IB<);>\n" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I: glibc provides no wrapper for B(), necessitating the use " "of B(2)." msgstr "" "I : la glibc ne fournit pas d'enveloppe pour B(), " "imposant l'utilisation de B(2)." #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "DESCRIPTION" msgstr "DESCRIPTION" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The B() system call operates on the Secure Computing (seccomp) " "state of the calling process." msgstr "" "L'appel système B() agit sur l'état de calcul sécurisé (seccomp) du " "processus appelant." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Currently, Linux supports the following I values:" msgstr "Actuellement, Linux gère les valeurs d'I suivantes :" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "B" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The only system calls that the calling thread is permitted to make are " "B(2), B(2), B<_exit>(2) (but not B(2)), and " "B(2). Other system calls result in the termination of the " "calling thread, or termination of the entire process with the B " "signal when there is only one thread. Strict secure computing mode is " "useful for number-crunching applications that may need to execute untrusted " "byte code, perhaps obtained by reading from a pipe or socket." msgstr "" "Les seuls appels système que le thread appelant est autorisé à faire sont " "B(2), B(2), B<_exit>(2) (mais pas B(2)) et " "B(2). Les autres appels système aboutissent à la fin du thread " "appelant ou à la fin du processus complet avec le signal B quand il " "n'y a qu'un seul thread. Le mode de calcul sécurisé strict est utile pour " "les applications de traitement de nombres qui peuvent avoir besoin " "d'exécuter un code à octets non fiable, obtenu peut-être en lisant un tube " "ou un socket." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that although the calling thread can no longer call B(2), " "it can use B(2) to block all signals apart from B and " "B. This means that B(2) (for example) is not sufficient " "for restricting the process's execution time. Instead, to reliably " "terminate the process, B must be used. This can be done by using " "B(2) with B and I set to " "B, or by using B(2) to set the hard limit for " "B." msgstr "" "Remarquez que si le thread appelant ne peut plus appeler B(2), " "il peut utiliser B(2) pour bloquer tous les signaux, sauf ceux " "provenant de B et de B. Cela veut dire que B(2) " "(par exemple) n'est pas suffisant pour restreindre la durée d'exécution d'un " "processus. Pour terminer de manière fiable un processus, B doit " "être utilisé. On peut le faire en utilisant B(2) avec " "B et I positionné à B ou en utilisant " "B(2) pour positionner la limite ferme de B." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This operation is available only if the kernel is configured with " "B enabled." msgstr "" "Cette fonctionnalité n'est disponible que si le noyau a été construit avec " "l'option B activée." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The value of I must be 0, and I must be NULL." msgstr "La valeur de I doit être de B<0> et I doit être NULL." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "This operation is functionally identical to the call:" msgstr "Cette opération est fonctionnellement identique à l'appel :" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT);\n" msgstr "prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT);\n" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "B" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The system calls allowed are defined by a pointer to a Berkeley Packet " "Filter (BPF) passed via I. This argument is a pointer to a I; it can be designed to filter arbitrary system calls and system " "call arguments. If the filter is invalid, B() fails, returning " "B in I." msgstr "" "Les appels système autorisés sont définis par un pointeur vers un filtre " "Berkeley Packet (BPF) fourni à l'aide de I. Ce paramètre est un " "pointeur vers une I ; il peut être conçu pour filtrer " "des appels système de votre choix ainsi que des paramètres d'appel système. " "Si le filtre n'est pas valable, B() échoue en renvoyant B " "dans I." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If B(2) or B(2) is allowed by the filter, any child processes " "will be constrained to the same system call filters as the parent. If " "B(2) is allowed, the existing filters will be preserved across a " "call to B(2)." msgstr "" "Si B(2) ou B(2) est autorisé par le filtre, les processus " "enfant seront contraints par les mêmes filtres d'appel système que leur " "parent. Si B(2) est autorisé, les filtres existants seront préservés " "lors d'un appel à B(2)." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "In order to use the B operation, either the calling " "thread must have the B capability in its user namespace, or " "the thread must already have the I bit set. If that bit was " "not already set by an ancestor of this thread, the thread must make the " "following call:" msgstr "" "Pour utiliser l'opération B, soit le thread " "appelant doit avoir la capacité B dans son espace de noms " "utilisateur, soit il doit avoir déjà le bit I défini. Si ce " "bit n'a pas déjà été positionné par un ascendant du thread, le thread doit " "effectuer l'appel suivant :" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "prctl(PR_SET_NO_NEW_PRIVS, 1);\n" msgstr "prctl(PR_SET_NO_NEW_PRIVS, 1);\n" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Otherwise, the B operation fails and returns " "B in I. This requirement ensures that an unprivileged " "process cannot apply a malicious filter and then invoke a set-user-ID or " "other privileged program using B(2), thus potentially compromising " "that program. (Such a malicious filter might, for example, cause an attempt " "to use B(2) to set the caller's user IDs to nonzero values to " "instead return 0 without actually making the system call. Thus, the program " "might be tricked into retaining superuser privileges in circumstances where " "it is possible to influence it to do dangerous things because it did not " "actually drop privileges.)" msgstr "" "Sinon, l'opération B échoue et renvoie B " "dans I. Cette exigence garantit qu'un processus non privilégié ne " "peut pas appliquer un filtre malveillant et appeler un programme set-user-ID " "ou avec d'autres privilèges en utilisant B(2), compromettant ainsi " "le programme (un tel filtre malveillant pourrait, par exemple, conduire " "B(2) à essayer de définir les identifiants utilisateur de l'appelant " "à des valeurs non nulles pour renvoyer plutôt B<0> sans faire d'appel " "système. Ainsi, le programme pourrait être bidouillé pour garder les " "privilèges du super-utilisateur à des moments où il est possible de " "l'influencer pour faire des choses dangereuses vu qu'il n'a pas abandonné " "ses privilèges)." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If B(2) or B() is allowed by the attached filter, further " "filters may be added. This will increase evaluation time, but allows for " "further reduction of the attack surface during execution of a thread." msgstr "" "Si B(2) ou B() est autorisé par le filtre rattaché, d'autres " "filtres peuvent être ajoutés. Cela augmentera le temps d'évaluation mais " "permet d'autres réductions de la surface d'attaque lors de l'exécution d'un " "thread." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The B operation is available only if the kernel is " "configured with B enabled." msgstr "" "L'opération B n'est disponible que si le noyau a " "été configuré avec B." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When I is 0, this operation is functionally identical to the call:" msgstr "" "Quand I vaut B<0>, cette opération est fonctionnellement identique à " "l'appel :" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, args);\n" msgstr "prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, args);\n" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The recognized I are:" msgstr "Les paramètres reconnus de I sont :" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 4.14)" msgstr "B (depuis Linux 4.14)" #. commit e66a39977985b1e69e17c4042cb290768eca9b02 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "All filter return actions except B should be logged. An " "administrator may override this filter flag by preventing specific actions " "from being logged via the I file." msgstr "" "Toutes les actions de renvoi des filtres, sauf B, doivent " "être journalisées. Un administrateur peut outrepasser cet attribut de filtre " "en empêchant des actions spécifiques d'être journalisées à l'aide du fichier " "I." #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 5.0)" msgstr "B (depuis Linux 5.0)" #. commit 6a21cc50f0c7f87dae5259f6cfefe024412313f6 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "After successfully installing the filter program, return a new user-space " "notification file descriptor. (The close-on-exec flag is set for the file " "descriptor.) When the filter returns B a " "notification will be sent to this file descriptor." msgstr "" "Après une installation réussie du programme de filtrage, renvoyer un nouveau " "descripteur de fichier de notification pour l'espace utilisateur. " "(L'attribut close-on-exec est défini pour le descripteur de fichier.) Quand " "le filtre renvoie B, une notification sera envoyée à " "ce descripteur de fichier." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "At most one seccomp filter using the B " "flag can be installed for a thread." msgstr "" "Pour un thread, au maximum un seul filtre de seccomp utilisant l'attribut " "B peut être installé." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "See B(2) for further details." msgstr "Consultez B(2) pour plus de détails." #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 4.17)" msgstr "B (depuis Linux 4.17)" #. commit 00a02d0c502a06d15e07b857f8ff921e3e402675 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Disable Speculative Store Bypass mitigation." msgstr "Désactiver la mitigation Speculative Store Bypass." #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "B" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When adding a new filter, synchronize all other threads of the calling " "process to the same seccomp filter tree. A \"filter tree\" is the ordered " "list of filters attached to a thread. (Attaching identical filters in " "separate B() calls results in different filters from this " "perspective.)" msgstr "" "Lors de l'ajout d'un filtre, synchroniser tous les autres threads du " "processus appelant avec la même arborescence de filtres seccomp. Une " "« arborescence de filtres » est une liste ordonnée de filtres rattachée à un " "thread (le rattachement de filtres identiques dans des appels B() " "distincts génère différents filtres depuis cette perspective)." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If any thread cannot synchronize to the same filter tree, the call will not " "attach the new seccomp filter, and will fail, returning the first thread ID " "found that cannot synchronize. Synchronization will fail if another thread " "in the same process is in B or if it has attached new " "seccomp filters to itself, diverging from the calling thread's filter tree." msgstr "" "Si aucun thread ne peut pas se synchroniser avec l'arborescence de filtres, " "l'appel ne rattachera pas le nouveau filtre seccomp et échouera en renvoyant " "le premier identifiant de thread qui n'a pas pu se synchroniser. La " "synchronisation échouera si un autre thread du même processus est en " "B ou si des nouveaux filtres seccomp lui sont rattachés " "en propre, en décalage par rapport à l'arborescence de filtres du thread " "appelant." #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 4.14)" msgstr "B (depuis Linux 4.14)" #. commit d612b1fd8010d0d67b5287fe146b8b55bcbb8655 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Test to see if an action is supported by the kernel. This operation is " "helpful to confirm that the kernel knows of a more recently added filter " "return action since the kernel treats all unknown actions as " "B." msgstr "" "Tester pour savoir si une action est prise en charge par le noyau. Cette " "opération peut aider à confirmer que le noyau connaît l'action de renvoi " "d'un filtre récemment ajouté puisque le noyau traite toutes les actions " "inconnues comme des B." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The value of I must be 0, and I must be a pointer to an " "unsigned 32-bit filter return action." msgstr "" "La valeur de I doit être de B<0> et I doit être un pointeur " "vers une action de renvoi de filtre 32 bits non signé." #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 5.0)" msgstr "B (depuis Linux 5.O)" #. commit 6a21cc50f0c7f87dae5259f6cfefe024412313f6 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Get the sizes of the seccomp user-space notification structures. Since " "these structures may evolve and grow over time, this command can be used to " "determine how much memory to allocate for sending and receiving " "notifications." msgstr "" "Obtenir la taille des structures de notification de l'espace utilisateur de " "seccomp. Comme ces structures peuvent évoluer et croître avec le temps, " "cette commande peut être utilisée pour déterminer quelle quantité de mémoire " "allouer pour envoyer et recevoir des notifications." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The value of I must be 0, and I must be a pointer to a I, which has the following form:" msgstr "" "La valeur de I doit être de B<0> et I doit être un pointeur " "vers un I de la forme suivante :" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "struct seccomp_notif_sizes\n" " __u16 seccomp_notif; /* Size of notification structure */\n" " __u16 seccomp_notif_resp; /* Size of response structure */\n" " __u16 seccomp_data; /* Size of \\[aq]struct seccomp_data\\[aq] */\n" "};\n" msgstr "" "struct seccomp_notif_sizes\n" " __u16 seccomp_notif; /* Taille de la structure de notification */\n" " __u16 seccomp_notif_resp; /* Taille de la structure de réponse */\n" " __u16 seccomp_data; /* Taille de \\[aq]struct seccomp_data\\[aq] */\n" "};\n" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Filters" msgstr "Filtres" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When adding filters via B, I points to a " "filter program:" msgstr "" "Lors de l'ajout d'un filtre à l'aide de B, I " "pointe vers un programme de filtrage :" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "struct sock_fprog {\n" " unsigned short len; /* Number of BPF instructions */\n" " struct sock_filter *filter; /* Pointer to array of\n" " BPF instructions */\n" "};\n" msgstr "" "struct sock_fprog {\n" " unsigned short len; /* Nombre d'instructions BPF */\n" " struct sock_filter *filter; /* Pointeur vers le tableau\n" " d'instructions BPF */\n" "};\n" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Each program must contain one or more BPF instructions:" msgstr "Chaque programme doit contenir une ou plusieurs instructions BPF :" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "struct sock_filter { /* Filter block */\n" " __u16 code; /* Actual filter code */\n" " __u8 jt; /* Jump true */\n" " __u8 jf; /* Jump false */\n" " __u32 k; /* Generic multiuse field */\n" "};\n" msgstr "" "struct sock_filter { /* Filter block */\n" " __u16 code; /* Code du filtre réel */\n" " __u8 jt; /* Jump true (sauter le vrai) */\n" " __u8 jf; /* Jump false (sauter le faux) */\n" " __u32 k; /* Champ générique multiusages */\n" "};\n" #. Quoting Kees Cook: #. If BPF even allows changing the data, it's not copied back to #. the syscall when it runs. Anything wanting to do things like #. that would need to use ptrace to catch the call and directly #. modify the registers before continuing with the call. #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When executing the instructions, the BPF program operates on the system call " "information made available (i.e., use the B addressing mode) as a " "(read-only) buffer of the following form:" msgstr "" "Lors de l'exécution des instructions, le programme BPF agit sur les " "informations de l'appel système qui sont rendues disponibles (c'est-à-dire " "qu'il utilise le mode d'adressage B) en tant que tampon (en lecture " "seule) ayant la forme suivante :" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "" "struct seccomp_data {\n" " int nr; /* System call number */\n" " __u32 arch; /* AUDIT_ARCH_* value\n" " (see Elinux/audit.hE) */\n" " __u64 instruction_pointer; /* CPU instruction pointer */\n" " __u64 args[6]; /* Up to 6 system call arguments */\n" "};\n" msgstr "" "struct seccomp_data {\n" " int nr; /* Numéro de l'appel système */\n" " __u32 arch; /* Valeur AUDIT_ARCH_*\n" " (voir Elinux/audit.hE) */\n" " __u64 instruction_pointer; /* pointeur vers l'instruction du processeur */\n" " __u64 args[6]; /* Jusqu'à 6 paramètres de l'appel système */\n" "};\n" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Because numbering of system calls varies between architectures and some " "architectures (e.g., x86-64) allow user-space code to use the calling " "conventions of multiple architectures (and the convention being used may " "vary over the life of a process that uses B(2) to execute binaries " "that employ the different conventions), it is usually necessary to verify " "the value of the I field." msgstr "" "Comme la numérotation des appels système varie entre les architectures et " "comme certaines (comme x86-64) autorisent du code de l'espace utilisateur à " "utiliser les conventions de l'appelant d'autres architectures (et comme " "cette convention peut varier pendant la vie d'un processus qui utilise " "B(2) pour exécuter des binaires qui utilisent différentes " "conventions), il est généralement nécessaire de vérifier la valeur du champ " "I." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "It is strongly recommended to use an allow-list approach whenever possible " "because such an approach is more robust and simple. A deny-list will have " "to be updated whenever a potentially dangerous system call is added (or a " "dangerous flag or option if those are deny-listed), and it is often possible " "to alter the representation of a value without altering its meaning, leading " "to a deny-list bypass. See also I below." msgstr "" "Il est fortement recommandé d'utiliser une approche par liste " "d'autorisations autant que possible, parce qu'une telle approche est plus " "robuste et plus simple. Une liste d'interdictions devra être mise à jour à " "chaque fois qu'un appel système dangereux sera ajouté (ou un attribut ou une " "option si elles font partie de la liste des interdictions) et il est souvent " "possible de modifier la représentation d'une valeur sans changer sa " "signification, conduisant à contourner la liste d'interdictions. Voir aussi " "I ci-dessous." # #. As noted by Dave Drysdale in a note at the end of #. https://lwn.net/Articles/604515/ #. One additional detail to point out for the x32 ABI case: #. the syscall number gets a high bit set (__X32_SYSCALL_BIT), #. to mark it as an x32 call. #. If x32 support is included in the kernel, then __SYSCALL_MASK #. will have a value that is not all-ones, and this will trigger #. an extra instruction in system_call to mask off the extra bit, #. so that the syscall table indexing still works. #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The I field is not unique for all calling conventions. The x86-64 ABI " "and the x32 ABI both use B as I, and they run on " "the same processors. Instead, the mask B<__X32_SYSCALL_BIT> is used on the " "system call number to tell the two ABIs apart." msgstr "" "Le champ I n'est pas unique pour toutes les conventions d'appelant. " "Les ABI x86-64 et x32 utilisent B en tant que I et " "elles fonctionnent sur les mêmes processeurs. Au contraire, le masque " "B<__X32_SYSCALL_BIT> est utilisé sur le numéro d'appel système pour parler " "indépendamment aux deux ABI." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This means that a policy must either deny all syscalls with " "B<__X32_SYSCALL_BIT> or it must recognize syscalls with and without " "B<__X32_SYSCALL_BIT> set. A list of system calls to be denied based on " "I that does not also contain I values with B<__X32_SYSCALL_BIT> set " "can be bypassed by a malicious program that sets B<__X32_SYSCALL_BIT>." msgstr "" "Cela veut dire qu'une politique peut soit interdire tous les appels système " "avec B<__X32_SYSCALL_BIT>, soit elle doit les reconnaître avec le " "positionnement ou pas de B<__X32_SYSCALL_BIT>. Une liste des appels système " "à interdire qui s'appuie sur I et qui ne contient pas de valeurs I " "où B<__X32_SYSCALL_BIT> est positionné peut être contournée par un programme " "malveillant qui positionne B<__X32_SYSCALL_BIT>." #. commit 6365b842aae4490ebfafadfc6bb27a6d3cc54757 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Additionally, kernels prior to Linux 5.4 incorrectly permitted I in the " "ranges 512-547 as well as the corresponding non-x32 syscalls ORed with " "B<__X32_SYSCALL_BIT>. For example, I == 521 and I == (101 | " "B<__X32_SYSCALL_BIT>) would result in invocations of B(2) with " "potentially confused x32-vs-x86_64 semantics in the kernel. Policies " "intended to work on kernels before Linux 5.4 must ensure that they deny or " "otherwise correctly handle these system calls. On Linux 5.4 and newer, such " "system calls will fail with the error B, without doing anything." msgstr "" "En outre, les noyaux précédant Linux 5.4 autorisaient à tort I dans les " "intervalles 512–547 ainsi que les appels système non x32 correspondants " "reliés (opération OU) avec B<__X32_SYSCALL_BIT>. Par exemple, I == 521 " "et I == (101 | B<__X32_SYSCALL_BIT>) créeraient des appels B(2) " "avec une sémantique potentiellement confondue entre x32 et x86_64 dans le " "noyau. Les politiques prévues pour fonctionner sur des noyaux antérieurs à " "Linux 5.4 doivent garantir qu'elles interdisent ou qu'elles gèrent " "correctement ces appels système. Sur Linux 5.4 et plus récents, de tels " "appels système échoueront avec une erreur B sans rien faire." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The I field provides the address of the machine-" "language instruction that performed the system call. This might be useful " "in conjunction with the use of IpidI to perform checks based " "on which region (mapping) of the program made the system call. (Probably, " "it is wise to lock down the B(2) and B(2) system calls to " "prevent the program from subverting such checks.)" msgstr "" "Le champ I fournit l'adresse de l'instruction en " "langage machine qui a effectué l'appel système. Cela pourrait être utile " "avec IpidI pour effectuer des vérifications à partir de la " "région (projection) du programme qui a fait l'appel système (il est " "probablement raisonnable de verrouiller les appels système B(2) et " "B(2) pour empêcher le programme de contourner de telles " "vérifications)." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When checking values from I, keep in mind that arguments are often " "silently truncated before being processed, but after the seccomp check. For " "example, this happens if the i386 ABI is used on an x86-64 kernel: although " "the kernel will normally not look beyond the 32 lowest bits of the " "arguments, the values of the full 64-bit registers will be present in the " "seccomp data. A less surprising example is that if the x86-64 ABI is used " "to perform a system call that takes an argument of type I, the more-" "significant half of the argument register is ignored by the system call, but " "visible in the seccomp data." msgstr "" "Lors de la vérification des valeurs de I, gardez en tête que les " "paramètres sont souvent tronqués silencieusement avant d'être traités mais " "après la vérification seccomp. Cela arrive par exemple si l'ABI i386 est " "utilisée sur un noyau x86-64 : bien que le noyau n'ira normalement pas " "regarder au-delà des 32 bits les plus faibles des paramètres, les valeurs " "des registres 64 bits complets seront présentes dans les données de seccomp. " "Un exemple moins surprenant est que si l'ABI x86-64 est utilisée pour " "effectuer un appel système prenant un paramètre de type I, la moitié du " "registre du paramètre la plus significative est ignorée par l'appel système " "mais visible dans les données de seccomp." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A seccomp filter returns a 32-bit value consisting of two parts: the most " "significant 16 bits (corresponding to the mask defined by the constant " "B) contain one of the \"action\" values listed " "below; the least significant 16-bits (defined by the constant " "B) are \"data\" to be associated with this return value." msgstr "" "Un filtre seccomp renvoie une valeur 32 bits en deux parties : la plus " "significative, de 16 bits (correspondant au masque défini par la constante " "B), contient une des valeurs « action » listée ci-" "dessous ; la moins significative, de 16 bits (définie par la constante " "B), contient des « data » à associer à ce code de retour." # #. From an Aug 2015 conversation with Kees Cook where I asked why *all* #. filters are applied even if one of the early filters returns #. SECCOMP_RET_KILL: #. It's just because it would be an optimization that would only speed up #. the RET_KILL case, but it's the uncommon one and the one that doesn't #. benefit meaningfully from such a change (you need to kill the process #. really quickly?). We would speed up killing a program at the (albeit #. tiny) expense to all other filtered programs. Best to keep the filter #. execution logic clear, simple, and as fast as possible for all #. filters. #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If multiple filters exist, they are I executed, in reverse order of " "their addition to the filter tree\\[em]that is, the most recently installed " "filter is executed first. (Note that all filters will be called even if one " "of the earlier filters returns B. This is done to " "simplify the kernel code and to provide a tiny speed-up in the execution of " "sets of filters by avoiding a check for this uncommon case.) The return " "value for the evaluation of a given system call is the first-seen action " "value of highest precedence (along with its accompanying data) returned by " "execution of all of the filters." msgstr "" "Si plusieurs filtres existent, ils sont I exécutés dans l'ordre " "inverse de leur apparition dans l'arbre des filtres – si bien que le filtre " "le plus récemment installé est exécuté en premier) (remarquez que tous les " "filtres seront appelés même si l'un des premiers appelés renvoie " "B, cela pour simplifier le code du noyau et pour fournir " "une petite accélération d’exécution d’ensembles de filtres en évitant la " "vérification de ce cas rare). La valeur renvoyée de l'évaluation d'un appel " "système donné est la première valeur vue de l'action de plus haute priorité " "(ainsi que ses données associées) renvoyée par l'exécution de tous les " "filtres." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "In decreasing order of precedence, the action values that may be returned by " "a seccomp filter are:" msgstr "" "Dans l'ordre décroissant de priorité, les valeurs d'action qui peuvent être " "renvoyées par un filtre seccomp sont :" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 4.14)" msgstr "B (depuis Linux 4.14)" #. commit 4d3b0b05aae9ee9ce0970dc4cc0fb3fad5e85945 #. commit 0466bdb99e8744bc9befa8d62a317f0fd7fd7421 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This value results in immediate termination of the process, with a core " "dump. The system call is not executed. By contrast with " "B below, all threads in the thread group are " "terminated. (For a discussion of thread groups, see the description of the " "B flag in B(2).)" msgstr "" "Cette valeur aboutit à la fin immédiate du processus, avec un vidage " "mémoire. L'appel système n'est pas exécuté. Contrairement à " "B ci-dessous, tous les threads du groupe de threads " "sont terminés (pour un point sur les groupes de thread, voir la description " "de l'attribut B de B(2))." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The process terminates I killed by a B signal. Even if a " "signal handler has been registered for B, the handler will be " "ignored in this case and the process always terminates. To a parent process " "that is waiting on this process (using B(2) or similar), the " "returned I will indicate that its child was terminated as though by " "a B signal." msgstr "" "Le processus se termine I il a été tué par un signal B. " "Même si un gestionnaire de signal a été enregistré pour B, le " "gestionnaire sera ignoré dans ce cas et le processus se termine toujours. Le " "processus parent qui attend ce processus (en utilisant B(2) ou " "équivalent) reçoit I qui indique que son enfant s'est terminé suite " "à un signal B." #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (or B)" msgstr "B (ou B)" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This value results in immediate termination of the thread that made the " "system call. The system call is not executed. Other threads in the same " "thread group will continue to execute." msgstr "" "Cette valeur provoque la fin immédiate du thread qui a effectué l'appel " "système. L'appel système n'est pas exécuté. Les autres threads du même " "groupe de threads continueront à s'exécuter." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The thread terminates I killed by a B signal. See " "B above." msgstr "" "Le thread s'est terminé I tué par un signal B. Voir " "B ci-dessus." #. See these commits: #. seccomp: dump core when using SECCOMP_RET_KILL #. (b25e67161c295c98acda92123b2dd1e7d8642901) #. seccomp: Only dump core when single-threaded #. (d7276e321ff8a53106a59c85ca46d03e34288893) #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Before Linux 4.11, any process terminated in this way would not trigger a " "coredump (even though B is documented in B(7) as having a " "default action of termination with a core dump). Since Linux 4.11, a single-" "threaded process will dump core if terminated in this way." msgstr "" "Avant Linux 4.11, tout processus qui se terminait de cette manière ne " "générait pas de vidage mémoire (bien que B soit documenté dans " "B(7) pour avoir comme action par défaut celle de terminer avec un " "vidage mémoire). Depuis Linux 4.11, un processus d'un seul thread créera un " "vidage mémoire s'il se termine dans ce cadre." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "With the addition of B in Linux 4.14, " "B was added as a synonym for B, " "in order to more clearly distinguish the two actions." msgstr "" "Avec l'apparition de B dans Linux 4.14, " "B a été ajouté comme synonyme de " "B, afin de distinguer plus clairement les deux actions." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B: the use of B to kill a single thread in a " "multithreaded process is likely to leave the process in a permanently " "inconsistent and possibly corrupt state." msgstr "" "B l'utilisation de B pour tuer un " "thread unique d'un processus de plusieurs threads va probablement mettre le " "processus dans un état incohérent et corrompre pour toujours son état." #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "B" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This value results in the kernel sending a thread-directed B signal " "to the triggering thread. (The system call is not executed.) Various " "fields will be set in the I structure (see B(2)) " "associated with signal:" msgstr "" "Cette valeur fait envoyer par le noyau un signal B adressé au thread " "déclencheur (l'appel système n'est pas exécuté). Divers champs seront " "positionnés dans la structure I (voir B(2)) associée " "au signal :" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "\\[bu]" msgstr "-" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "I will contain B." msgstr "I contiendra B." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "I will show the address of the system call instruction." msgstr "" "I affichera l'adresse de l'instruction de l'appel système." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I and I will indicate which system call was attempted." msgstr "" "I et I indiqueront l'appel système qui a été tenté." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "I will contain B." msgstr "I contiendra B." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I will contain the B portion of the filter " "return value." msgstr "" "I contiendra la partie B du code de retour du " "filtre." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The program counter will be as though the system call happened (i.e., the " "program counter will not point to the system call instruction). The return " "value register will contain an architecture-dependent value; if resuming " "execution, set it to something appropriate for the system call. (The " "architecture dependency is because replacing it with B could " "overwrite some useful information.)" msgstr "" "Le compteur du programme sera arrêté comme si l'appel système a été fait " "(c'est-à-dire que le compteur du programme ne pointera pas vers " "l'instruction de l'appel système). Le registre du code de retour contiendra " "une valeur dépendante de l'architecture ; en cas de relance de l'exécution, " "positionnez-la sur quelque chose adapté à l'appel système (la dépendance de " "l'architecture provient du fait que son remplacement par B " "écraserait des informations utiles)." #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "B" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This value results in the B portion of the filter's return " "value being passed to user space as the I value without executing the " "system call." msgstr "" "Cette valeur fait passer la partie B du code de retour du " "filtre à l'espace utilisateur en tant que valeur I sans exécuter " "l'appel système." #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 5.0)" msgstr "B (depuis Linux 5.0)" #. commit 6a21cc50f0c7f87dae5259f6cfefe024412313f6 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Forward the system call to an attached user-space supervisor process to " "allow that process to decide what to do with the system call. If there is " "no attached supervisor (either because the filter was not installed with the " "B flag or because the file descriptor was " "closed), the filter returns B (similar to what happens when a filter " "returns B and there is no tracer). See " "B(2) for further details." msgstr "" "Faire suivre l'appel système à un processus de superviseur attaché de " "l'espace utilisateur attaché pour permettre à ce processus de décider quoi " "faire de l'appel système. Si il n'y a pas de superviseur attaché (soit parce " "que le filtre n'a pas été installé avec l'attribut " "B ou parce que le descripteur de fichier " "était fermé), le filtre renvoie B (c'est similaire à ce qui se " "produit quand un filtre renvoie B et qu'il n'y a pas " "d'observateur). Consultez B(2) pour plus de détails." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that the supervisor process will not be notified if another filter " "returns an action value with a precedence greater than " "B." msgstr "" "Remarquez que le processus de superviseur ne sera pas notifié si un autre " "filtre renvoie une valeur d'action ayant une priorité supérieure à " "B." #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "B" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When returned, this value will cause the kernel to attempt to notify a " "B(2)-based tracer prior to executing the system call. If there is " "no tracer present, the system call is not executed and returns a failure " "status with I set to B." msgstr "" "Quand cette valeur est renvoyée, le noyau essaiera de notifier à un " "observateur basé sur B(2) avant d'exécuter l'appel système. Si aucun " "observateur n'est présent, l'appel système n'est pas exécuté et renvoie un " "échec en positionnant I sur B." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A tracer will be notified if it requests B using " "I. The tracer will be notified of a " "B and the B portion of the filter's " "return value will be available to the tracer via B." msgstr "" "Un observateur sera notifié s'il demande B en " "utilisant I. Il sera notifié d'un " "B et la partie B du code de retour " "du filtre sera mise à la disposition de l'observateur à l'aide de " "B." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The tracer can skip the system call by changing the system call number to " "-1. Alternatively, the tracer can change the system call requested by " "changing the system call to a valid system call number. If the tracer asks " "to skip the system call, then the system call will appear to return the " "value that the tracer puts in the return value register." msgstr "" "L'observateur peut ignorer l'appel système en modifiant le numéro de l'appel " "système à B<-1>. Autrement, l'observateur peut modifier l'appel système " "demandé en le passant à un numéro d'appel système valable. Si l'observateur " "demande à ignorer l'appel système, ce dernier renverra la valeur que " "l'observateur place dans le registre du code de retour." #. This was changed in ce6526e8afa4. #. A related hole, using PTRACE_SYSCALL instead of SECCOMP_RET_TRACE, was #. changed in arch-specific commits, e.g. 93e35efb8de4 for X86 and #. 0f3912fd934c for ARM. #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Before Linux 4.8, the seccomp check will not be run again after the tracer " "is notified. (This means that, on older kernels, seccomp-based sandboxes " "B allow use of B(2)\\[em]even of other sandboxed " "processes\\[em]without extreme care; ptracers can use this mechanism to " "escape from the seccomp sandbox.)" msgstr "" "Avant Linux 4.8, la vérification seccomp ne sera pas refaite après que " "l'observateur ait reçu une notification (cela signifie que sur les anciens " "noyaux, les conteneurs basés sur seccomp B autoriser " "l'utilisation de B(2) – même sur d'autres processus encapsulés – " "sans une prudence extrême ; les ptracers peuvent utiliser ce mécanisme pour " "sortir d'un conteneur seccomp)." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Note that a tracer process will not be notified if another filter returns an " "action value with a precedence greater than B." msgstr "" "Remarquez que le processus d'un observateur ne sera pas notifié si un autre " "filtre renvoie une valeur d'action ayant une priorité supérieure à " "B." #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 4.14)" msgstr "B (depuis Linux 4.14)" #. commit 59f5cf44a38284eb9e76270c786fb6cc62ef8ac4 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This value results in the system call being executed after the filter return " "action is logged. An administrator may override the logging of this action " "via the I file." msgstr "" "Cette valeur fait exécuter l'appel système après l'enregistrement de " "l'action de retour du filtre. Un administrateur peut supplanter la " "journalisation de cette action à l'aide du fichier I." #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "B" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "This value results in the system call being executed." msgstr "Cette valeur provoque l'exécution de l'appel système." #. commit 4d3b0b05aae9ee9ce0970dc4cc0fb3fad5e85945 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If an action value other than one of the above is specified, then the filter " "action is treated as either B (since Linux 4.14) " "or B (in Linux 4.13 and earlier)." msgstr "" "Si on indique un code d'action différent de ceux ci-dessus, l'action de " "filtre est traitée soit comme un B (depuis " "Linux 4.14), soit comme un B (dans Linux 4.13 et " "antérieurs)." #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "/proc interfaces" msgstr "/proc interfaces" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The files in the directory I provide additional " "seccomp information and configuration:" msgstr "" "Les fichiers du répertoire I offrent des " "informations et des configurations seccomp supplémentaires :" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "I (since Linux 4.14)" msgstr "I (depuis Linux 4.14)" #. commit 8e5f1ad116df6b0de65eac458d5e7c318d1c05af #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A read-only ordered list of seccomp filter return actions in string form. " "The ordering, from left-to-right, is in decreasing order of precedence. The " "list represents the set of seccomp filter return actions supported by the " "kernel." msgstr "" "Une liste ordonnée en lecture seule d'actions de renvoi de filtre seccomp " "sous la forme d'une chaîne. L'ordre, de gauche à droite, est décroissant " "pour la priorité. La liste représente l'ensemble des actions de renvoi de " "filtre seccomp gérées par le noyau." #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "I (since Linux 4.14)" msgstr "I (depuis Linux 4.14)" #. commit 0ddec0fc8900201c0897b87b762b7c420436662f #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A read-write ordered list of seccomp filter return actions that are allowed " "to be logged. Writes to the file do not need to be in ordered form but " "reads from the file will be ordered in the same way as the I " "file." msgstr "" "Une liste ordonnée en lecture-écriture d'actions de renvoi de filtre seccomp " "autorisées pour la journalisation. Les écritures dans le fichier n'ont pas " "besoin d'être ordonnées, mais les lectures se feront dans le même ordre que " "pour I." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "It is important to note that the value of I does not prevent " "certain filter return actions from being logged when the audit subsystem is " "configured to audit a task. If the action is not found in the " "I file, the final decision on whether to audit the action " "for that task is ultimately left up to the audit subsystem to decide for all " "filter return actions other than B." msgstr "" "Il est important de remarquer que la valeur de I n'empêche " "pas certaines actions de renvoi de filtre d'être enregistrées quand le sous-" "système d'audit est configuré pour auditer une tâche. Si l'action n'est pas " "retrouvée dans le fichier I, la décision finale d'auditer " "l'action de cette tâche revient au sous-système d'audit pour toutes les " "actions de renvoi de filtre autres que B." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The \"allow\" string is not accepted in the I file as it is " "not possible to log B actions. Attempting to write " "\"allow\" to the file will fail with the error B." msgstr "" "La chaîne « allow » n'est pas acceptée dans le fichier I car " "il n'est pas possible d'enregistrer les actions B. " "Essayer d'écrire « allow » dans le fichier échouera avec l'erreur B." #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Audit logging of seccomp actions" msgstr "Enregistrement d'audit des actions seccomp" #. commit 59f5cf44a38284eb9e76270c786fb6cc62ef8ac4 #. or auditing could be enabled via the netlink API (AUDIT_SET) #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Since Linux 4.14, the kernel provides the facility to log the actions " "returned by seccomp filters in the audit log. The kernel makes the decision " "to log an action based on the action type, whether or not the action is " "present in the I file, and whether kernel auditing is " "enabled (e.g., via the kernel boot option I). The rules are as " "follows:" msgstr "" "Depuis Linux 4.14, le noyau offre la possibilité d'enregistrer les actions " "renvoyées par des filtres seccomp dans le compte-rendu d'audit. Le noyau " "prend la décision d'enregistrer une action à partir du type d'action, de sa " "présence dans le fichier I et de l'activation de l'audit du " "noyau (par exemple avec l'option d'amorçage du noyau I). Les règles " "sont les suivantes :" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "If the action is B, the action is not logged." msgstr "Si l'action est B, l'action n'est pas enregistrée." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Otherwise, if the action is either B or " "B, and that action appears in the I " "file, the action is logged." msgstr "" "Sinon, si l'action est B ou " "B et si elle apparaît dans le fichier " "I, l'action est enregistrée." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Otherwise, if the filter has requested logging (the " "B flag) and the action appears in the " "I file, the action is logged." msgstr "" "Sinon, si le filtre a demandé l'enregistrement (l'attribut " "B) et si elle apparaît dans le fichier " "I, l'action est enregistrée." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Otherwise, if kernel auditing is enabled and the process is being audited " "(B(8)), the action is logged." msgstr "" "Sinon, si l'audit du noyau est activé et si le processus doit être audité " "(B(8)), l'action est enregistrée." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Otherwise, the action is not logged." msgstr "Sinon, l'action n'est pas enregistrée." #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "RETURN VALUE" msgstr "VALEUR RENVOYÉE" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "On success, B() returns 0. On error, if " "B was used, the return value is the ID of the " "thread that caused the synchronization failure. (This ID is a kernel thread " "ID of the type returned by B(2) and B(2).) On other errors, " "-1 is returned, and I is set to indicate the error." msgstr "" "En cas de succès, B() renvoie B<0>. En cas d'erreur, si " "B a été utilisé, le code de retour est " "l'identifiant du thread à l'origine de l'échec de la synchronisation (cet " "identifiant est un identifiant de thread du noyau du type renvoyé par " "B(2) et B(2)). Si une autre erreur arrive, B<-1> est renvoyé " "et I est positionné pour indiquer l'erreur." #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "ERRORS" msgstr "ERREURS" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "B() can fail for the following reasons:" msgstr "B() peut échouer pour les raisons suivantes :" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "B" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The caller did not have the B capability in its user " "namespace, or had not set I before using " "B." msgstr "" "L'appelant n'avait pas la capacité B dans son espace de noms " "utilisateur ou n'avait pas positionné I avant d'utiliser " "B." #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "B" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "While installing a new filter, the B flag " "was specified, but a previous filter had already been installed with that " "flag." msgstr "" "Pendant l'installation d'un nouveau filtre, l'attribut " "B a été indiqué, mais un filtre précédent " "a déjà été installé avec cet attribut." #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "B" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "I was not a valid address." msgstr "I n'était pas une adresse valable." #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "B" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I is unknown or is not supported by this kernel version or " "configuration." msgstr "" "L'I est inconnue ou n'est pas prise en charge par cette version " "ou cette configuration du noyau." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "The specified I are invalid for the given I." msgstr "" "Les I spécifiés ne sont pas valables pour l'I donnée." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I included B, but the specified offset was not aligned " "to a 32-bit boundary or exceeded I." msgstr "" "L'I comprenait B, mais la position indiquée n'était pas " "alignée sur une limite 32 bits ou elle dépassait I." #. See kernel/seccomp.c::seccomp_may_assign_mode() in Linux 3.18 sources #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A secure computing mode has already been set, and I differs from " "the existing setting." msgstr "" "Un mode de calcul sécurisé a déjà été défini et l'I diffère du " "paramétrage existant." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I specified B, but the filter program " "pointed to by I was not valid or the length of the filter program was " "zero or exceeded B (4096) instructions." msgstr "" "I indiquait B mais le programme de " "filtre vers lequel pointait I n'était pas valable ou sa longueur était " "de zéro ou dépassait B instructions (4096)." #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "B" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Out of memory." msgstr "Plus assez de mémoire." #. ENOMEM in kernel/seccomp.c::seccomp_attach_filter() in Linux 3.18 sources #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The total length of all filter programs attached to the calling thread would " "exceed B (32768) instructions. Note that for the " "purposes of calculating this limit, each already existing filter program " "incurs an overhead penalty of 4 instructions." msgstr "" "La taille totale de tous les programmes de filtre rattachés au thread " "appelant dépasserait B instructions (32768). Remarquez " "qu'afin de calculer cette limite, chaque programme de filtre déjà existant " "intègre une pénalité de dépassement de B<4> instructions." #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "B" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "I specified B, but the kernel does not " "support the filter return action specified by I." msgstr "" "I indiquait B mais le noyau ne gère pas " "l'action de renvoi de filtre indiquée par I." #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B" msgstr "B" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Another thread caused a failure during thread sync, but its ID could not be " "determined." msgstr "" "Un autre thread a provoqué un échec pendant la synchronisation, mais son " "identifiant n'a pas pu être déterminé." #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "STANDARDS" msgstr "STANDARDS" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-leap-15-6 opensuse-tumbleweed msgid "Linux." msgstr "Linux." #. type: SH #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "HISTORY" msgstr "HISTORIQUE" #. FIXME . Add glibc version #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-leap-15-6 opensuse-tumbleweed msgid "Linux 3.17." msgstr "Linux 3.17." #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "NOTES" msgstr "NOTES" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Rather than hand-coding seccomp filters as shown in the example below, you " "may prefer to employ the I library, which provides a front-end " "for generating seccomp filters." msgstr "" "Au lieu de coder à la main des filtres seccomp comme démontré dans l'exemple " "ci-dessous, vous pourriez préférer utiliser la bibliothèque I " "qui fournit une interface de génération de filtres seccomp." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The I field of the IpidI file provides a method of " "viewing the seccomp mode of a process; see B(5)." msgstr "" "Le champ I du fichier IpidI offre une méthode de " "visualisation du mode seccomp du processus ; voir B(5)." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B() provides a superset of the functionality provided by the " "B(2) B operation (which does not support I)." msgstr "" "B() fournit un sur-ensemble de fonctionnalités de l'opération " "B de B(2) (qui ne prend pas en charge les I)." #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Since Linux 4.4, the B(2) B operation " "can be used to dump a process's seccomp filters." msgstr "" "Depuis Linux 4.4, l'opération B de B(2) " "peut être utilisée pour obtenir les filtres seccomp d'un processus." #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Architecture support for seccomp BPF" msgstr "Gestion d'architecture pour le BPF seccomp" #. Check by grepping for HAVE_ARCH_SECCOMP_FILTER in Kconfig files in #. kernel source. Last checked in Linux 4.16-rc source. #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Architecture support for seccomp BPF filtering is available on the following " "architectures:" msgstr "" "La gestion d'architecture pour le filtrage de BPF seccomp est disponible sur " "les architectures suivantes :" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "x86-64, i386, x32 (since Linux 3.5)" msgstr "x86-64, i386, x32 (depuis Linux 3.5)" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "ARM (since Linux 3.8)" msgstr "ARM (depuis Linux 3.8)" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "s390 (since Linux 3.8)" msgstr "s390 (depuis Linux 3.8)" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "MIPS (since Linux 3.16)" msgstr "MIPS (depuis Linux 3.16)" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "ARM-64 (since Linux 3.19)" msgstr "ARM-64 (depuis Linux 3.19)" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "PowerPC (since Linux 4.3)" msgstr "PowerPC (depuis Linux 4.3)" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "Tile (since Linux 4.3)" msgstr "Tile (depuis Linux 4.3)" #. User mode Linux since Linux 4.6 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "PA-RISC (since Linux 4.6)" msgstr "PA-RISC (depuis Linux 4.6)" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Caveats" msgstr "Mises en garde" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "There are various subtleties to consider when applying seccomp filters to a " "program, including the following:" msgstr "" "Il y a beaucoup de subtilités à prendre en compte lorsqu'on applique des " "filtres seccomp à un programme, notamment :" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Some traditional system calls have user-space implementations in the " "B(7) on many architectures. Notable examples include " "B(2), B(2), and B