ok

Mini Shell

Direktori : /usr/share/locale/zh_CN/LC_MESSAGES/
Upload File :
Current File : //usr/share/locale/zh_CN/LC_MESSAGES/policycoreutils.mo

����%G\Kxd,yd%�d�d�d�de'e@ePe?ge;�e&�e9
fDf9af,�f7�fgIgI_gI�g3�g'h+h 4h'Uh,}h�hE�h:i(?i.hi,�i�i�i&�i/j.@j&oj0�j/�jS�j8Kk�k�k�k�k�k7�kdl^�l��l)�m�n�n�noo
%o3o<oMMo�oM�opHpG]p�p�pG�pq3qMqgqxqQ�q�q�qJ�q
IrNTr�r�r�r4�r$s!As%csM�s�s�s)�s/tKtbtrt�t�t�t�t�t�t>�tIu7gu6�u$�u��u ~vC�v�v)w ,wGMwI�wD�w8$x7]xL�x-�xCy7Ty�yO�y �y-z5Hz&~z)�z)�z1�z7+{hc{p�{?=|=}|>�|F�|gA}�}U�}I~Eh~1�~6�~M<e:�:�2�1K�0}�K��-��H(�0q�:�� ݁��.�J�<f�&��&ʂ(�A�0\����7�8M�S��Jڄ%�A�&a�&����΅0�+�(C�1l�'��'Ɔ&�%�Q;�@��·�)�'6�$^� ����3��-�&�D�8a�#��#��)�-�=:�@x�$��0ފ&�$6�0[�7���ċ9M�'��)��ٌ=��+6�Fb�@��'�4�%G�#m���,��"ڎA��6?��v���2�"K�Tn�9Ð"��* ��K�%Α2�3'�,[�*��/��0�2�4G�I|�"Ɠ!�&�22�e��%��6”)��0#�+T�%��N�����!.�[P�1��IޖG(�p�I��?חV�Kn�G��M�7P�H��8љ6
�"A�:d���/�����ʛj��B�1V�*����3̝�`�$|�0��*ҞJ��]H�����Z�-*�X�fv�Eݡ#�&@�Kg�+��/ߢ2�!B�)d�$��$��)أ?�(B�<k�'��"Ф*�����Чܧ!�,�!B�,d�������(è)���.�2E�x����������k�t�1{���ƪ2ݪ#�14�f�2m��� ��"۫�������@��Ư��(��=��� �#�i+�P����!�<�Z�u�"��(��,ܲ(	�-2�%`�(��1��-�*�*:�2e�8��9Ѵ�%)�$O�1t��� ĵ �*�1�2N���"��$Ķ$�!�!0�R�%n���/�� � �"�(;�d�$�� ��Ƹ�%�+(�$T�$y�����!ڹ$��!�=�'X�������غ��/�L�a�y�1��Ȼ���"�6�T� i� ����ɼ� ���7�$S� x�����%ս+��'�?�W�#w�����ؾ*�� �>�*Z�5����ڿ!��(�!D�"f�!��)��&�&��#�$=�/b�/��7�4��4/�Bd�����?��4�)T�)~�1��.��.	�<8�)u�)��1��.��.*�<Y�)��)��1��.�.K�<z�$��!����)�D�
[�f�����
����3��	�����"�8�W�k���������-��*�.9�Vh�����@��� �������^��9P�p��7��63�?j�Y��>�4C�7x�6��6��R�Aq�@��@��(5�;^�5��U��&�R��4��..�Z]�`��:�yT�@��5�iE�5��6��4�6Q�U��0��V�;f�8��%��I�;K�E��p���>�K��J�9c�7��D��T�:o�@��;��-'�3U�.��.��9��9!�0[�/��8��6��9,�Cf�6��7��.�DH�5��7��4��60�5g�5��(��C��8@�7y�5��5���
%�3�R�[�Az�N��O�\[�;��H��A=�N�)�� ���+�2� ?�7`�*��*��W��F�	N�>X�6��^��E-�:s�g��d�g{�2��J�-a�;��(��0��+%�XQ�?��D��</�l�'}�(������ ���"8�#[��)������!� "� C�Fd�
������U��b-�\��i��W�l�
���� ���������"/�R�	e�o���
��	��	������%���	�	�� ��-�/�;>�"z�o��
�(�.E�
t�J��j��)8�b�h�4z�)��/��R	�\�c�g�|�?��'�����+0�
\�g�������&�����'�D�\�m�&��&��&�����O9���+�������4	�>�Z�i� ��6������3#�W�`�i�����	����X��
U�`�
w�
����<��#�
��	 �	*�4�F�	J�T�Y�
h�
v����� �� ��!�)�E�\��c�	���P�Pb���L��J0�{���U��
�"�%.�T�p���M�����3��7�DT`!{�
���Q�-:6S5�C�BGYnq���)��
	&05
<HG��
�$��*�B)S*}�	��8�'80ipy
����(��3�/Ge�&���"�-3:(Ilr���	��b�	,	C	\	r	�	�	�	�	�	�	2
:
Y
k

}
�
�
�
�
�
�
�

"3IZ:x7��
(0?NJUJ����
�
��
7Z,�F�
&m;U�:��:'*_RE�s�4l<�T�E3.y5�;�GTb	��(�$�!6BJWj(�0�+�56A
x	�X�h�_R��VQ�q�/5<
VEd��"�!	+KRp����=�
*A8Uz��|��&�%�,�*)'T.|��1�)�''@-hE���  � '� )� !"!,B!o!�!*�!r�!K"g"�"�"�"�"�"�"�")#+#&F#'m#�#]�#$	$0$rL$U�$%%	7%A%
_%m%y%.�%*�%�%L�%]E&�&�&�&0�&�'L(%l(�(;�("�(<
)EJ)�)0�)3�)E*R*Z*f*	j*_t*#�*;�*^4+�+�+�+�+,�+,4,#R,v,,	�,V�,'�,,-
=-H-(^-(�-�-"�-�-.!.;.R.n.�.�.�.�.7/8/W/4t/�/�/�/�/�/�/�/�/�/0!0+@0l0�0
�0"�0�0#�071K1O1<R17�17�13�1c32F�2�2�2�2$3=%3%c3<�37�3�3
4
 4.4D4Z4^4s4�4�4�4�4%�4$�4#�45�!5+�6$747K7\7"o7�7�7�7T�7@#8%d83�8�80�8 94/9d9@{9@�9@�9/>:n:r:%{:)�:'�:�:F;7N;(�;4�;)�;<"<#5<2Y<#�<(�<)�<)=F-=.t=�=�=�=�=�=2>Y3>R�>��>�?�@�@	�@�@�@
�@�@A<AVACpA�A<�A<BABTB:nB�B�B�B�BCN/C~C�CE�C�C<�C1DMDgD6zD�D�D(�DBE[EoE&|E8�E�E�EF	#F	-F7FGFWF	^FAhFB�F*�F/G"HG�kG�GFHRH*pH!�H<�H=�H98ICrI2�IP�I2:JEmJ2�J�JEK#LK$pK.�K-�K-�K# L'DL*lLX�Lq�L3bM<�M<�M\N_mN!�N>�N5.O6dO.�O3�O9�O28P-kP-�P-�P,�P-"Q?PQ0�Q:�Q,�Q6)R`R�R)�R�R2�R%S(;S#dS5�S*�S~�S7hT:�TN�T?*UjU#�U(�U(�U%�UV.7V$fV-�V4�V%�V%W$:W$_WJ�WD�WX4X)QX"{X�X�X�X/�X.#Y'RYzY2�Y"�Y#�Y'Z*7Z@bZ5�Z"�Z+�Z(([#Q[,u[9�[��[7c\$�\+�\�\3
]2>]Bq]<�] �]6^'I^'q^�^,�^ �^>_8B_y{_"�_=`%V`L|`5�`�`&aEa(�a2�a5!b%Wb$}b$�b$�b+�b0c@Ic!�c �c(�c+�c"d!<d%^d1�d*�d,�d,e*;e=fe�e!�e'�eTf"\fNfD�fgH1g6zgS�gCh>IhE�h0�h=�h4=i/ri"�i5�i�i0j�Jj�!kV�k4Rl&�l'�l�l2�l"m[;m �m+�m)�mCnPRn��n�To'p=paZpR�pq /qEPq)�q0�q1�q$#r3Hr$|r$�r$�r9�r+%s;Qs �s�s�s��tYvrvv�v!�v�v$�vw&wBw!Iw)kw	�w�w�w<�w
x#x3xCx�Vx	yy(y;yTy,dy�y-�y�y7�yz"6z#Yz�}z�){��|�9~�~$�~BZi	�U�V�<�[�"p�����ʀ�,�*-�)X�0��#��'ׁ:��,:�)g�$��4��8�9$�^�{�"��-���"�&�&C�j�/����Є"� �4�R�l�����,���	�(�=�\�"u�����φ�(�.�M�j�����!��؇��"�<�O�k�������؈��'�D�[�o�!������Љ��#�7�J�i�~�"����׊��('�P�g�|�"����ۋ��(�4�O�$i�6��Ō�"�&�"E�'h�"��*��ލ"��!�";�3^�3��8Ǝ5��35�Fi���Ϗ6�5 �.V�.��6��3�.�AN�.��.��6�3%�.Y�A��.ʒ.��6(�3_�.��A“�#!�E�%b���	����Ɣޔ��3��	-�7�M�i������͕ڕ���$#�$H�.m�E�����E��I�՗ܗ��W�>Z�b��3��20�;c�Q��7�9)�6c�5��-КX��DW�=��;ڛ*�;A�1}�X��y�E��7ȝ4�S5�V��;���<��4ޟU�2i�4��4Ѡ7�@>�C�Tá3�:L�$��K��<��>5�kt���Ak�@��8�8'�G`�X��;�:=�<x�)��4ߦ,�,A�7n�/��/֧1�08�5i�2��EҨ2�8K�1��A��6��4/�6d�9��7ժ6
�(D�Im�6��5�5$�7Z�������	¬̬?�Q+�7}�?��.��6$�4[�<��ͮ ���"�$/�6T�!��$��Rү	%�	/�<9�<v�W��0�/<�fl�Wӱf+�3��BƲ$	�0.�!_�5��/��H�*0�<[�B��۴��!�-�$G�l���&��ҵ+��;�U�u���4��	���C�KX�C��K�4�D�W�l�$s�����ø����
#�1�G�T�	a�k�x���$���ùZ�"b�*����Fº	�c)���'��'ǻ�D�eF���ȼϼ/ܼ�$*�TO�	������Ž?ؽ!�:�R�#h�	������˾���2�E�d����$��!ʿ!��*�9�EU���$������6�8�K�X�#t�J�������/"�	R�\�c�}�����������C��	0�:�M�	Z�d�Fs���	����
��
��
��
!�,�1�D�S�b�v�������!�����+�~2�	����<��C�R�<e���=�����N2�����!��������<�L�{`�!��+��*�87�p�}�����������^��0�7�K�X�$k�$��-��-���#�5�9�R�p���3��������	�����
�K�b�j�w�����%��C��%�&7�	^�h�u�0��)��7���	�	&�0�=�D�K�!e���3��������'5�]�l�"����������*��o	��y���)�dD�������������1�F�d�{�4����������#�9�H�\�n������������� ��6�BL�������������I��I;����+�>��K�%��$�60�	g�!q�T��H��91��k�'L�Tt�<��u�9|�*��B��6$�![�'}�+��3��H�N�[�p���������������-�99�'s�6��7��
��U�^s�K��~�3�������r�y���
��0������$�)�C�[�b�����������4��	3�;=�Fy���������!����$��3�-:�?h�����1��0��(�(B�3k�8������������"�����"�A�\�+y�R�����,�3�@�M�g�}�&��,����)�(5�^�Hk�����/��v��[u�������$���,�9�$@�&e���O��i��f�v��������E��(���9/�*i�0��@���#"�3F�Az���������\��!K�/m�I������	��0(�Y�4f�#��������<��"�$4�	Y�c�&�(���������9�O�f�����������1�>�[�.r������������!���+3�_�%u���,��� �(�=�A�*E�-p�'��*�H�6:�q�~��� ��1��*�:�7Q������������������%�$C�#h�	���A��X�����S���>(�7��l+�����F�����P���c
0��m�i?�A����S�JlOyZ}XN�iK����I�c������������?�wDR�"�h���v�X������y��{���xr�8{�en6b�;����\�r�G:�Z���yE���UV`��u
q��*1�I-�����}�
�	st@R��rE�C&�}�dU�b�������
����5���LXj�axC
�!�\�x]G y�~z���3(�/)NTP`�`������d>+&�'�n� ��3��J�ow
;^���!��NT���K�4h�{�l����|�k����.���<1\�	�$�@Dv�k�40N7"5]p�K5
~s��	���n�8��m@�i�d��(����'��4���{p
9����	�E�BD����Qc`��A}.>z+^��$}a��G��&�M�[dJ�?�F�,��^�Qj�Cf��K���U*=8���-�p��bE��29�\)���6�C��ISx���.���k_������m�������|�;@YM+�F.^c1Oq���HO-����Fr=`������o��f�RVY��,�R"��!8CW�����YE�S�v�6��-!< �>�s[�����*�d��t���B,���MO�=N��V�4$��5n�����|�L��"������^S�
�#<��D�'$_i�g�����������8:r%���LQ������w�#-��#g��x�����c��9aZO]q��4v��A|����e����Q���=�k?��z���R��6��q�H���#y6(�#�%��n&]��3�u)�U�z~�0m��T'���������I�	50�g����.GP[
���F���IH!h����HsJ�wgWAo�l���;v�������7�/�Y��j��>�s,����BTWuf��2�l��TJ�[~&��X[� U�*��_%%��3f���$�hY������(e��a�23~��P�:g��'����//o�{���D�)�9j_���)p��%Vb7?*b�<�����e�Zu+q�a7/k10�@Q:]�9��ze����Z�:���2o����f��wB��u��L\��P�� t�W��i��<�j�Vt|��2K�;M�����p��M��mtW��H����B,h�_G"��=1L
SELinux Distribution fcontext Equivalence 

SELinux Local fcontext Equivalence 
%s changed labels.
%s is already in %s%s is not a domain type%s is not a valid context
%s is not a valid domain%s is not in %s%s must be a directory%s!  Could not get current context for %s, not relabeling tty.
%s!  Could not get new context for %s, not relabeling tty.
%s!  Could not set new context for %s
%s:  Can't load policy and enforcing mode requested:  %s
%s:  Can't load policy:  %s
%s:  Policy is already loaded and initial load requested
'%s' policy modules require existing domains******************** IMPORTANT ***********************
-- Allowed %s [ %s ]-a option can not be used with '%s' domains. Read usage for more details.-d option can not be used with '%s' domains. Read usage for more details.-t option can not be used with '%s' domains. Read usage for more details.-w option can not be used with the --newtype option...600-1024<b>...SELECT TO VIEW DATA...</b><b>Add booleans from the %s policy:</b><b>Add files/directories that %s manages</b><b>Applications</b><b>Deny all processes from ptracing or debugging other processes?</b><b>Disable ability to run unconfined system processes?</b><b>Disable all permissive processes?</b><b>Enter name of application or user role:</b><b>Enter network ports that %s binds on:</b><b>Login Users</b><b>Root Users</b><b>Select additional roles for %s:</b><b>Select common application traits for %s:</b><b>Select domains that %s will administer:</b><b>Select existing role to modify:</b><b>Select network ports that %s connects to:</b><b>Select roles that %s will transition to:</b><b>Select the policy type for the application or user role you want to confine:</b><b>Select the user_roles that will transition to %s:</b><b>Select:</b><b>System Configuration</b><b>System Mode</b><b>TCP Ports</b><b>UDP Ports</b><b>Which directory you will generate the %s policy?</b><operation> File Labeling for <selected domain>. File labels will be created when update is applied.<operation> Network Port for <selected domain>.  Ports will be created when update is applied.<small>
To change from Disabled to Enforcing mode
- Change the system mode from Disabled to Permissive
- Reboot, so that the system can relabel
- Once the system is working as planned
  * Change the system mode to Enforcing</small>
A permissive domain is a process label that allows the process to do what it wants, with SELinux only logging the denials, but not enforcing them.  Usually permissive domains indicate experimental policy, disabling the module could cause SELinux to deny access to a domain, that should be allowed.ActionAddAdd %sAdd BooleanAdd Booleans DialogAdd DirectoryAdd FileAdd File ContextAdd File Equivalency Mapping. Mapping will be created when update is applied.Add File Labeling for %sAdd File Labeling for %s. File labels will be created when update is applied.Add Login MappingAdd Login Mapping. Login Mapping will be created when update is applied.Add Login Mapping. User Mapping will be created when Update is applied.Add Network PortAdd Network Port for %sAdd Network Port for %s.  Ports will be created when update is applied.Add SELinux File EquivalencyAdd SELinux Login MappingAdd SELinux Network PortsAdd SELinux UserAdd SELinux User MappingAdd SELinux User Role. SELinux user roles will be created when update is applied.Add SELinux UsersAdd UserAdd User Roles. SELinux User Roles will be created when Update is applied.Add a fileAdd file Equivalence Mapping.  Mapping will be created when Update is applied.Add file equiv labeling.Add file labeling for %sAdd login mappingAdd new %(TYPE)s file path for '%(DOMAIN)s' domains.Add new File Equivalence definition.Add new Login Mapping definition.Add new SELinux User/Role definition.Add new port definition to which the '%(APP)s' domain is allowed to %(PERM)s.Add ports for %sAdd userAdd/Remove booleans used by the %s domainAddr %s is defined in policy, cannot be deletedAddr %s is not definedAdmin User RoleAdministrator Login User RoleAdvanced <<Advanced >>Advanced Search <<Advanced Search >>AllAll domainsAllow %s to call bindresvport with 0. Binding to port 600-1024Allow ABRT to modify public files used for public file transfer services.Allow Apache to communicate with avahi service via dbusAllow Apache to communicate with sssd service via dbusAllow Apache to execute tmp content.Allow Apache to modify public files used for public file transfer services. Directories/Files must be labeled public_content_rw_t.Allow Apache to query NS recordsAllow Apache to run in stickshift mode, not transition to passengerAllow Apache to run preupgradeAllow Apache to use mod_auth_ntlm_winbindAllow Apache to use mod_auth_pamAllow HTTPD scripts and modules to connect to cobbler over the network.Allow HTTPD scripts and modules to connect to databases over the network.Allow HTTPD scripts and modules to connect to the network using TCP.Allow HTTPD scripts and modules to server cobbler files.Allow HTTPD to connect to port 80 for graceful shutdownAllow HTTPD to run SSI executables in the same domain as system CGI scripts.Allow Puppet client to manage all file types.Allow Puppet master to use connect to MySQL and PostgreSQL databaseAllow Redis to run redis-sentinal notification scripts.Allow Zabbix to run su/sudo.Allow ZoneMinder to modify public files used for public file transfer services.Allow ZoneMinder to run su/sudo.Allow a user to login as an unconfined domainAllow all daemons the ability to read/write terminalsAllow all daemons to use tcp wrappers.Allow all daemons to write corefiles to /Allow all domains to execute in fips_modeAllow all domains to have the kernel load modulesAllow all domains to use other domains file descriptorsAllow all domains write to kmsg_device, while kernel is executed with systemd.log_target=kmsg parameter.Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_tAllow antivirus programs to read non security files on a systemAllow any files/directories to be exported read/only via NFS.Allow any files/directories to be exported read/write via NFS.Allow any process to mmap any file on system with attribute file_type.Allow apache scripts to write to public content, directories/files must be labeled public_rw_content_t.Allow auditadm to exec contentAllow cluster administrative cluster domains memcheck-amd64- to use executable memoryAllow cluster administrative domains to connect to the network using TCP.Allow cluster administrative domains to manage all files on a system.Allow confined applications to run with kerberos.Allow confined applications to use nscd shared memory.Allow confined users the ability to execute the ping and traceroute commands.Allow confined virtual guests to interact with rawip socketsAllow confined virtual guests to interact with the sanlockAllow confined virtual guests to interact with the xserverAllow confined virtual guests to manage cifs filesAllow confined virtual guests to manage nfs filesAllow confined virtual guests to read fuse filesAllow confined virtual guests to use executable memory and executable stackAllow confined virtual guests to use glusterdAllow confined virtual guests to use serial/parallel communication portsAllow confined virtual guests to use usb devicesAllow confined web browsers to read home directory contentAllow conman to manage nfs filesAllow cups execmem/execstackAllow database admins to execute DML statementAllow dbadm to exec contentAllow dhcpc client applications to execute iptables commandsAllow ftpd to use ntfs/fusefs volumes.Allow ganesha to read/write fuse filesAllow glance domain to manage fuse filesAllow glance domain to use executable memory and executable stackAllow glusterd_t domain to use executable memoryAllow glusterfsd to modify public files used for public file transfer services.  Files/Directories must be labeled public_content_rw_t.Allow glusterfsd to share any file/directory read only.Allow glusterfsd to share any file/directory read/write.Allow gpg web domain to modify public files used for public file transfer services.Allow gssd to list tmp directories and read the kerberos credential cache.Allow guest to exec contentAllow http daemon to check spamAllow http daemon to connect to mythtvAllow http daemon to connect to zabbixAllow http daemon to send mailAllow httpd cgi supportAllow httpd daemon to change its resource limitsAllow httpd processes to manage IPA contentAllow httpd processes to run IPA helper.Allow httpd scripts and modules execmem/execstackAllow httpd to access FUSE file systemsAllow httpd to access cifs file systemsAllow httpd to access nfs file systemsAllow httpd to access openstack portsAllow httpd to act as a FTP client connecting to the ftp port and ephemeral portsAllow httpd to act as a FTP server by listening on the ftp port.Allow httpd to act as a relayAllow httpd to connect to  saslAllow httpd to connect to memcache serverAllow httpd to connect to the ldap portAllow httpd to read home directoriesAllow httpd to read user contentAllow httpd to run gpgAllow httpd to use built in scripting (usually php)Allow ksmtuned to use cifs/Samba file systemsAllow ksmtuned to use nfs file systemsAllow logadm to exec contentAllow logging in and using the system from /dev/console.Allow logrotate to manage nfs filesAllow logrotate to read logs insideAllow mailman to access FUSE file systemsAllow mock to read files in home directories.Allow mozilla plugin domain to bind unreserved tcp/udp ports.Allow mozilla plugin domain to connect to the network using TCP.Allow mozilla plugin to support GPS.Allow mozilla plugin to support spice protocols.Allow mozilla plugin to use Bluejeans.Allow mysqld to connect to all portsAllow nagios run in conjunction with PNP4Nagios.Allow nagios/nrpe to call sudo from NRPE utils scripts.Allow nfs servers to modify public files used for public file transfer services.  Files/Directories must be labeled public_content_rw_t.Allow openshift to access nfs file systems without labelsAllow openvpn to run unconfined scriptsAllow pcp to bind to all unreserved_portsAllow pcp to read generic logsAllow piranha-lvs domain to connect to the network using TCP.Allow polipo to connect to all ports > 1023Allow postfix_local domain full write access to mail_spool directoriesAllow postgresql to use ssh and rsync for point-in-time recoveryAllow pppd to be run for a regular userAllow pppd to load kernel modules for certain modemsAllow qemu-ga to manage qemu-ga date.Allow qemu-ga to read qemu-ga date.Allow racoon to read shadowAllow regular users direct dri device accessAllow rpcd_t  to manage fuse filesAllow rsync server to manage all files/directories on the system.Allow rsync to export any files/directories read only.Allow rsync to modify public files used for public file transfer services.  Files/Directories must be labeled public_content_rw_t.Allow rsync to run as a clientAllow s-c-kdump to run bootloader in bootloader_t.Allow samba to act as a portmapperAllow samba to act as the domain controller, add users, groups and change passwords.Allow samba to create new home directories (e.g. via PAM)Allow samba to export NFS volumes.Allow samba to export ntfs/fusefs volumes.Allow samba to modify public files used for public file transfer services.  Files/Directories must be labeled public_content_rw_t.Allow samba to run unconfined scriptsAllow samba to share any file/directory read only.Allow samba to share any file/directory read/write.Allow samba to share users home directories.Allow sandbox containers manage fuse filesAllow sandbox containers to send audit messagesAllow sandbox containers to use all capabilitiesAllow sandbox containers to use mknod system callsAllow sandbox containers to use netlink system callsAllow sandbox containers to use sys_admin system calls, for example mountAllow sanlock to manage cifs filesAllow sanlock to manage nfs filesAllow sanlock to read/write fuse filesAllow sanlock to read/write user home directories.Allow sasl to read shadowAllow secadm to exec contentAllow sge to access nfs file systems.Allow sge to connect to the network using any TCP portAllow smbd to load libgfapi from gluster.Allow spamd to read/write user home directories.Allow spamd_update to connect to all ports.Allow ssh logins as sysadm_r:sysadm_tAllow ssh with chroot env to read and write files in the user home directoriesAllow staff to exec contentAllow sysadm to exec contentAllow syslogd daemon to send mailAllow syslogd the ability to call nagios plugins. It is turned on by omprog rsyslog plugin.Allow syslogd the ability to read/write terminalsAllow system cron jobs to relabel filesystem for restoring file contexts.Allow system cronjob to be executed on on NFS, CIFS or FUSE filesystem.Allow system to run with NISAllow tftp to modify public files used for public file transfer services.Allow tftp to read and write files in the user home directoriesAllow the Irssi IRC Client to connect to any port, and to bind to any unreserved port.Allow the Telepathy connection managers to connect to any generic TCP port.Allow the Telepathy connection managers to connect to any network port.Allow the graphical login program to create files in HOME dirs as xdm_home_t.Allow the graphical login program to execute bootloaderAllow the graphical login program to login directly as sysadm_r:sysadm_tAllow the mount commands to mount any directory or file.Allow tomcat to connect to databases over the network.Allow tomcat to read rpm database.Allow tomcat to use executable memory and executable stackAllow tor to act as a relayAllow transmit client label to foreign databaseAllow unconfined executables to make their heap memory executable.  Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzillaAllow unconfined executables to make their stack executable.  This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzillaAllow unconfined users to transition to the Mozilla plugin domain when running xulrunner plugin-container.Allow unprivileged user to create and transition to svirt domains.Allow unprivileged users to execute DDL statementAllow user  to use ssh chroot environment.Allow user music sharingAllow user spamassassin clients to use the network.Allow user to exec contentAllow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY)Allow users to connect to PostgreSQLAllow users to connect to the local mysql serverAllow users to login using a radius serverAllow users to login using a yubikey OTP server or challenge response modeAllow users to resolve user passwd entries directly from ldap rather then using a sssd serverAllow users to run TCP servers (bind to ports and accept connection from the same domain and outside users)  disabling this forces FTP passive mode and may change other protocols.Allow users to run UDP servers (bind to ports and accept connection from the same domain and outside users)  disabling this may break avahi discovering services on the network and other udp related services.Allow virtual processes to run as userdomainsAllow xen to manage nfs filesAllow xend to run blktapctrl/tapdisk. Not required if using dedicated logical volumes for disk images.Allow xend to run qemu-dm. Not required if using paravirt and no vfb.Allow xguest to exec contentAllow xguest to use blue tooth devicesAllow xguest users to configure Network Manager and connect to apache portsAllow xguest users to mount removable mediaAllow zarafa domains to setrlimit/sys_resource.Allow zebra daemon to write it configuration filesAllows %s to bind to any udp portAllows %s to bind to any udp ports > 1024Allows %s to connect to any tcp portAllows %s to connect to any udp portAllows XServer to execute writable memoryAllows clients to write to the X server shared memory segments.Allows xdm_t to bind on vnc_port_t(5910)Alternate SELinux policy, defaults to /sys/fs/selinux/policyAlternate root directory, defaults to /Alternative root needs to be setupAn permissive domain is a process label that allows the process to do what it wants, with SELinux only logging the denials, but not enforcing them.  Usually permissive domains indicate experimental policy, disabling the module could cause SELinux to deny access to a domain, that should be allowed.An unconfined domain is a process label that allows the process to do what it wants, without SELinux interfering.  Applications started at boot by the init system that SELinux do not have defined SELinux policy will run as unconfined if this module is enabled.  Disabling it means all daemons will now be confined.  To disable the unconfined_t user you must first remove unconfined_t from the users/login screens.Analyzing Policy...ApplicationApplication File TypesApplication Transitions From '%s'Application Transitions From 'select domain'Application Transitions Into '%s'Application Transitions Into 'select domain'ApplicationsApplications - Advanced SearchApplyAre you sure you want to delete %s '%s'?Bad format %(BOOLNAME)s: Record %(VALUE)sBooleanBoolean
EnabledBoolean %s Allow RulesBoolean %s is defined in policy, cannot be deletedBoolean %s is not definedBoolean NameBoolean nameBoolean section.Boolean to determine whether the system permits loading policy, setting enforcing mode, and changing boolean values.  Set this to true and you have to reboot to set it back.BooleansBrowseBrowse to select the file/directory for labeling.Builtin Permissive TypesCalling Process DomainCan not combine +/- with other types of categoriesCan not have multiple sensitivitiesCan not modify sensitivity levels using '+' on %sCancelCannot find your entry in the shadow passwd file.
Cannot read policy store.Change process mode to enforcingChange process mode to permissive.Changing the policy type will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system.  Do you wish to continue?Changing to SELinux disabled requires a reboot.  It is not recommended.  If you later decide to turn SELinux back on, the system will be required to relabel.  If you just want to see if SELinux is causing a problem on your system, you can go to permissive mode which will only log errors and not enforce SELinux policy.  Permissive mode does not require a reboot    Do you wish to continue?Changing to SELinux disabled requires a reboot.  It is not recommended.  If you later decide to turn SELinux back on, the system will be required to relabel.  If you just want to see if SELinux is causing a problem on your system, you can go to permissive mode which will only log errors and not enforce SELinux policy.  Permissive mode does not require a reboot.  Do you wish to continue?Changing to SELinux enabled will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system.  Do you wish to continue?ClassCommand required for this type of policyCommit all changes in your current transaction to the server.Configue SELinuxConfined Root Administrator RoleContextControl the ability to mmap a low area of the address space, as configured by /proc/sys/vm/mmap_min_addr.Copyright (c)2006 Red Hat, Inc.
Copyright (c) 2006 Dan Walsh <dwalsh@redhat.com>Could not add SELinux user %sCould not add addr %sCould not add file context for %sCould not add ibendport %s/%sCould not add ibpkey %s/%sCould not add interface %sCould not add login mapping for %sCould not add port %(PROTOCOL)s/%(PORT)sCould not add prefix %(PREFIX)s for %(ROLE)sCould not add role %(ROLE)s for %(NAME)sCould not check if SELinux user %s is definedCould not check if addr %s is definedCould not check if boolean %s is definedCould not check if file context for %s is definedCould not check if ibendport %s/%s is definedCould not check if ibpkey %s/%s is definedCould not check if interface %s is definedCould not check if login mapping for %s is definedCould not check if port %(PROTOCOL)s/%(PORT)s is definedCould not check if port @%(PROTOCOL)s/%(PORT)s is definedCould not close descriptors.
Could not commit semanage transactionCould not create SELinux user for %sCould not create a key for %(PROTOTYPE)s/%(PORT)sCould not create a key for %sCould not create a key for %s/%dCould not create a key for %s/%sCould not create a key for ibendport %s/%sCould not create addr for %sCould not create context for %(PROTOCOL)s/%(PORT)sCould not create context for %sCould not create context for %s/%sCould not create file context for %sCould not create ibendport for %s/%sCould not create ibpkey for %s/%sCould not create interface for %sCould not create key for %sCould not create login mapping for %sCould not create module keyCould not create port for %(PROTOCOL)s/%(PORT)sCould not create semanage handleCould not delete SELinux user %sCould not delete addr %sCould not delete all interface  mappingsCould not delete boolean %sCould not delete file context for %sCould not delete ibendport %s/%sCould not delete ibpkey %s/%sCould not delete interface %sCould not delete login mapping for %sCould not delete port %(PROTOCOL)s/%(PORT)sCould not delete the file context %sCould not delete the ibendport %s/%dCould not delete the ibpkey %sCould not delete the port %sCould not deleteall node mappingsCould not determine enforcing mode.
Could not disable module %sCould not enable module %sCould not establish semanage connectionCould not extract key for %sCould not get module enabledCould not get module lang_extCould not get module nameCould not get module priorityCould not list SELinux modulesCould not list SELinux usersCould not list addrsCould not list booleansCould not list file contextsCould not list file contexts for home directoriesCould not list ibendportsCould not list ibpkeysCould not list interfacesCould not list local file contextsCould not list login mappingsCould not list portsCould not list roles for user %sCould not list the file contextsCould not list the ibendportsCould not list the ibpkeysCould not list the portsCould not modify SELinux user %sCould not modify addr %sCould not modify boolean %sCould not modify file context for %sCould not modify ibendport %s/%sCould not modify ibpkey %s/%sCould not modify interface %sCould not modify login mapping for %sCould not modify port %(PROTOCOL)s/%(PORT)sCould not open file %s
Could not query addr %sCould not query file context %sCould not query file context for %sCould not query ibendport %s/%sCould not query ibpkey %s/%sCould not query interface %sCould not query port %(PROTOCOL)s/%(PORT)sCould not query seuser for %sCould not query user for %sCould not remove module %s (remove failed)Could not remove permissive domain %s (remove failed)Could not set MLS level for %sCould not set MLS range for %sCould not set SELinux user for %sCould not set active value of boolean %sCould not set addr context for %sCould not set exec context to %s.
Could not set file context for %sCould not set ibendport context for %s/%sCould not set ibpkey context for %s/%sCould not set interface context for %sCould not set mask for %sCould not set message context for %sCould not set mls fields in addr context for %sCould not set mls fields in file context for %sCould not set mls fields in ibendport context for %s/%sCould not set mls fields in ibpkey context for %s/%sCould not set mls fields in interface context for %sCould not set mls fields in port context for %(PROTOCOL)s/%(PORT)sCould not set module key nameCould not set name for %sCould not set permissive domain %s (module installation failed)Could not set port context for %(PROTOCOL)s/%(PORT)sCould not set role in addr context for %sCould not set role in file context for %sCould not set role in ibendport context for %s/%sCould not set role in ibpkey context for %s/%sCould not set role in interface context for %sCould not set role in port context for %(PROTOCOL)s/%(PORT)sCould not set type in addr context for %sCould not set type in file context for %sCould not set type in ibendport context for %s/%sCould not set type in ibpkey context for %s/%sCould not set type in interface context for %sCould not set type in port context for %(PROTOCOL)s/%(PORT)sCould not set user in addr context for %sCould not set user in file context for %sCould not set user in ibendport context for %s/%sCould not set user in ibpkey context for %s/%sCould not set user in interface context for %sCould not set user in port context for %(PROTOCOL)s/%(PORT)sCould not start semanage transactionCould not test MLS enabled statusCouldn't get default type.
Create/Manipulate temporary files in /tmpCurrent Enforcing ModeCustomizedCustomized Permissive TypesDBUS System DaemonDefaultDefault LevelDeleteDelete %(TYPE)s file paths for '%(DOMAIN)s' domain.Delete %sDelete File ContextDelete Modified File LabelingDelete Modified PortsDelete Modified Users Mapping.Delete Network PortDelete SELinux User MappingDelete UserDelete file equiv labeling.Delete file labeling for %sDelete login mappingDelete modified File Equivalence definitions.Delete modified Login Mapping definitions.Delete modified SELinux User/Role definitions.Delete modified port definitions to which the '%(APP)s' domain is allowed to %(PERM)s.Delete ports for %sDelete userDeny any process from ptracing or debugging any other processes.Deny user domains applications to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzillaDescriptionDesktop Login User RoleDestination ClassDetermine whether ABRT can run in the abrt_handle_event_t domain to handle ABRT event scripts.Determine whether Bind can bind tcp socket to http ports.Determine whether Bind can write to master zone files. Generally this is used for dynamic DNS or zone transfers.Determine whether Cobbler can access cifs file systems.Determine whether Cobbler can access nfs file systems.Determine whether Cobbler can connect to the network using TCP.Determine whether Cobbler can modify public files used for public file transfer services.Determine whether Condor can connect to the network using TCP.Determine whether DHCP daemon can use LDAP backends.Determine whether Git CGI can access cifs file systems.Determine whether Git CGI can access nfs file systems.Determine whether Git CGI can search home directories.Determine whether Git session daemon can bind TCP sockets to all unreserved ports.Determine whether Git system daemon can access cifs file systems.Determine whether Git system daemon can access nfs file systems.Determine whether Git system daemon can search home directories.Determine whether Gitosis can send mail.Determine whether Nagios, NRPE can access nfs file systems.Determine whether Polipo can access nfs file systems.Determine whether Polipo session daemon can bind tcp sockets to all unreserved ports.Determine whether abrt-handle-upload can modify public files used for public file transfer services in /var/spool/abrt-upload/.Determine whether attempts by wine to mmap low regions should be silently blocked.Determine whether awstats can purge httpd log files.Determine whether boinc can execmem/execstack.Determine whether calling user domains can execute Git daemon in the git_session_t domain.Determine whether calling user domains can execute Polipo daemon in the polipo_session_t domain.Determine whether can antivirus programs use JIT compiler.Determine whether cdrecord can read various content. nfs, samba, removable devices, user temp and untrusted content filesDetermine whether collectd can connect to the network using TCP.Determine whether conman can connect to all TCP portsDetermine whether crond can execute jobs in the user domain as opposed to the the generic cronjob domain.Determine whether cvs can read shadow password files.Determine whether dbadm can manage generic user files.Determine whether dbadm can read generic user files.Determine whether docker can connect to all TCP ports.Determine whether entropyd can use audio devices as the source for the entropy feeds.Determine whether exim can connect to databases.Determine whether exim can create, read, write, and delete generic user content files.Determine whether exim can read generic user content files.Determine whether fenced can connect to the TCP network.Determine whether fenced can use ssh.Determine whether ftpd can bind to all unreserved ports for passive mode.Determine whether ftpd can connect to all unreserved ports.Determine whether ftpd can connect to databases over the TCP network.Determine whether ftpd can login to local users and can read and write all files on the system, governed by DAC.Determine whether ftpd can modify public files used for public file transfer services. Directories/Files must be labeled public_content_rw_t.Determine whether ftpd can use CIFS used for public file transfer services.Determine whether ftpd can use NFS used for public file transfer services.Determine whether glance-api can connect to all TCP portsDetermine whether haproxy can connect to all TCP ports.Determine whether icecast can listen on and connect to any TCP port.Determine whether irc clients can listen on and connect to any unreserved TCP ports.Determine whether keepalived can connect to all TCP ports.Determine whether logwatch can connect to mail over the network.Determine whether lsmd_plugin can connect to all TCP ports.Determine whether mcelog can execute scripts.Determine whether mcelog can use all the user ttys.Determine whether mcelog supports client mode.Determine whether mcelog supports server mode.Determine whether minidlna can read generic user content.Determine whether mpd can traverse user home directories.Determine whether mpd can use cifs file systems.Determine whether mpd can use nfs file systems.Determine whether mplayer can make its stack executable.Determine whether neutron can connect to all TCP portsDetermine whether openvpn can connect to the TCP network.Determine whether openvpn can read generic user home content files.Determine whether polipo can access cifs file systems.Determine whether privoxy can connect to all tcp ports.Determine whether radius can use JIT compiler.Determine whether smartmon can support devices on 3ware controllers.Determine whether squid can connect to all TCP ports.Determine whether squid can run as a transparent proxy.Determine whether swift can connect to all TCP portsDetermine whether tmpreaper can use cifs file systems.Determine whether tmpreaper can use nfs file systems.Determine whether tmpreaper can use samba_share filesDetermine whether to support lpd server.Determine whether tor can bind tcp sockets to all unreserved ports.Determine whether varnishd can use the full TCP network.Determine whether webadm can manage generic user files.Determine whether webadm can read generic user files.Determine whether zabbix can connect to all TCP portsDisableDisable AuditDisable kernel module loading.DisabledDisabled
Permissive
Enforcing
Display applications that can transition into or out of the '%s'.Display applications that can transition into or out of the 'selected domain'.Display boolean information that can be used to modify the policy for the '%s'.Display boolean information that can be used to modify the policy for the 'selected domain'.Display file type information that can be used by the '%s'.Display file type information that can be used by the 'selected domain'.Display network ports to which the '%s' can connect or listen to.Display network ports to which the 'selected domain' can connect or listen to.Domain name(s) of man pages to be createdDontaudit Apache to search dirs.Edit Network PortEnableEnable AuditEnable cluster mode for daemons.Enable extra rules in the cron domain to support fcron.Enable polyinstantiated directory support.Enable reading of urandom for all domains.Enable/Disable additional audit rules, that are normally not reported in the log files.EnabledEnforcingEnter Default Level for SELinux User to login with. Default s0Enter MLS/MCS Range for this SELinux User.
s0-s0:c1023Enter MLS/MCS Range for this login User.  Defaults to the range for the Selected SELinux User.Enter SELinux role(s) to which the administror domain will transitionEnter SELinux user(s) which will transition to this domainEnter a comma separated list of tcp ports or ranges of ports that %s connects to. Example: 612, 650-660Enter a comma separated list of udp ports or ranges of ports that %s binds to. Example: 612, 650-660Enter a comma separated list of udp ports or ranges of ports that %s connects to. Example: 612, 650-660Enter complete path for executable to be confined.Enter complete path to init script used to start the confined application.Enter domain type which you will be extendingEnter domain(s) which this confined admin will administrateEnter interface names, you wish to queryEnter the MLS Label to assign to this file path.Enter the MLS Label to assign to this port.Enter the login user name of the user to which you wish to add SELinux User confinement.Enter the path to which you want to setup an equivalence label.Enter the port number or range to which you want to add a port type.Enter unique name for the confined application or user role.Equivalence PathEquivalence class for %s already existsEquivalence class for %s does not existsEquivalence: %sError allocating memory.
Error allocating shell's argv0.
Error changing uid, aborting.
Error connecting to audit system.
Error resetting KEEPCAPS, aborting
Error sending audit message.
Error!  Could not clear O_NONBLOCK on %s
Error!  Could not open %s.
Error!  Shell is not valid.
Error: multiple levels specified
Error: multiple roles specified
Error: multiple types specified
Error: you are not allowed to change levels on a non secure terminal 
ExecutableExecutable FileExecutable FilesExecutables which will transition to a different domain, when the '%s' executes them.Executables which will transition to a different domain, when the 'selected domain' executes them.Executables which will transition to the '%s', when executing a selected domains entrypoint.Executables which will transition to the 'selected domain', when executing a selected domains entrypoint.Existing Domain TypeExisting User RolesExisting_UserExportExport system settings to a fileFailed to close tty properly
Failed to drop capabilities %m
Failed to read %s policy fileFailed to send audit messageFailed to transition to namespace
File
SpecificationFile
TypeFile Contexts fileFile EquivalenceFile LabelingFile NameFile PathFile SpecificationFile Transitions From '%s'File Transitions From 'select domain'File Transitions define what happens when the current domain creates the content of a particular class in a directory of the destination type. Optionally a file name could be specified for the transition.File TypeFile Types defined for the '%s'.File Types defined for the 'selected domain'.File class: %sFile context for %s is defined in policy, cannot be deletedFile context for %s is not definedFile equivalence cause the system to label content under the new path as if it were under the equivalence path.File path : %sFile path used to enter the '%s' domain.File path used to enter the 'selected domain'.File path: %sFile spec %(TARGET)s conflicts with equivalency rule '%(SOURCE)s %(DEST)s'File spec %(TARGET)s conflicts with equivalency rule '%(SOURCE)s %(DEST)s'; Try adding '%(DEST1)s' insteadFile specification can not include spacesFilesFiles EquivalenceFiles by '%s' will transitions to a different label.Files to which the '%s' domain can write.Files to which the 'selected domain' can write.Files/Directories which the %s "manages". Pid Files, Log Files, /var/lib Files ...FilterGPLGenerate '%s' policyGenerate '%s' policy Generate HTML man pages structure for selected SELinux man pageGenerate SELinux Policy module templateGenerate SELinux man pagesGenerate new policy moduleGraphical User Interface for SELinux PolicyGroup ViewHelp: Application Types PageHelp: Booleans PageHelp: Executable Files PageHelp: File Equivalence PageHelp: Inbound Network Connections PageHelp: Lockdown PageHelp: Login PageHelp: Outbound Network Connections PageHelp: SELinux User PageHelp: Start PageHelp: Systems PageHelp: Transition application file PageHelp: Transition from application PageHelp: Transition into application PageHelp: Writable Files PageIB Device NameIB device name is requiredIf-Then-Else rules written in policy that can
allow alternative access control.ImportImport system settings from another machineInboundInit scriptInteracts with the terminalInterface %s does not exist.Interface %s is defined in policy, cannot be deletedInterface %s is not definedInterface fileInternet Services DaemonInternet Services Daemon (inetd)Internet Services Daemon are daemons started by xinetdInvalid PkeyInvalid PortInvalid Port NumberInvalid file specificationInvalid priority %d (needs to be between 1 and 999)LabelingLanguageLinux Group %s does not existLinux User %s does not existList SELinux Policy interfacesList ViewLoad Policy ModuleLoad policy moduleLockdownLockdown the SELinux System.
This screen can be used to turn up the SELinux Protections.Login
NameLogin '%s' is requiredLogin MappingLogin NameLogin Name : %sLogin mapping for %s is defined in policy, cannot be deletedLogin mapping for %s is not definedLogin nameLoss of data DialogMCS LevelMCS RangeMISSING FILE PATHMLSMLS RangeMLS/MLS/
MCS RangeMLS/MCS
LevelMLS/MCS RangeMLS/MCS Range: %sMake Path RecursiveManage the SELinux configurationMinimal Terminal Login User RoleMinimal Terminal User RoleMinimal X Windows Login User RoleMinimal X Windows User RoleMislabeled files existModifyModify %(TYPE)s file path for '%(DOMAIN)s' domain. Only bolded items in the list can be selected, this indicates they were modified previously.Modify %sModify File ContextModify File Equivalency Mapping. Mapping will be created when update is applied.Modify File Labeling for %s. File labels will be created when update is applied.Modify Login MappingModify Login Mapping. Login Mapping will be modified when Update is applied.Modify Network Port for %sModify Network Port for %s.  Ports will be created when update is applied.Modify SELinux File EquivalencyModify SELinux User MappingModify SELinux User Role. SELinux user roles will be modified when update is applied.Modify SELinux UsersModify UserModify an existing login user record.Modify file equiv labeling.Modify file labeling for %sModify login mappingModify port definitions to which the '%(APP)s' domain is allowed to %(PERM)s.Modify ports for %sModify selected modified File Equivalence definitions. Only bolded items in the list can be selected, this indicates they were modified previously.Modify selected modified Login Mapping definitions.Modify selected modified SELinux User/Role definitions.Modify userModule %s already loaded in current policy.
Do you want to continue?Module NameModule does not exists %s Module information for a new typeMore DetailsMore TypesMore...NameName must be alpha numberic with no spaces. Consider using option "-n MODULENAME"NetworkNetwork
Bind tabNetwork PortNetwork Port DefinitionsNetwork Ports to which the '%s' is allowed to connect.Network Ports to which the '%s' is allowed to listen.Network Ports to which the 'selected domain' is allowed to connect.Network Ports to which the 'selected domain' is allowed to listen.Network ports: %sNetwork protocol: %sNoNo SELinux Policy installedNo context in file %s
Node Address is requiredNot yet implementedOnly Daemon apps can use an init script..Options Error %s Out of memory!
OutboundPassword:PathPath  PermissivePermit to prosody to bind apache port. Need to be activated to use BOSH.Pkey NumberPolicy DirectoryPolicy ModulePolicy types which require a commandPortPort %(PROTOCOL)s/%(PORT)s already definedPort %(PROTOCOL)s/%(PORT)s is defined in policy, cannot be deletedPort %(PROTOCOL)s/%(PORT)s is not definedPort @%(PROTOCOL)s/%(PORT)s is not definedPort NumberPort TypePort is requiredPort number "%s" is not valid.  0 < PORT_NUMBER < 65536 Port number must be between 1 and 65536Ports must be numbers or ranges of numbers from 1 to %d PrefixPriorityProcess DomainProcess TypesProtoProtocolProtocol udp or tcp is requiredQuery SELinux policy network informationRed Hat 2007Relabel all files back to system defaults on rebootRelabel on next reboot.Remove loadable policy moduleRequires at least one categoryRequires prefix or rolesRequires prefix, roles, level or rangeRequires setypeRequires setype or serangeRequires setype, serange or seuserRequires seuser or serangeRetryRevertRevert ChangesRevert boolean setting to system defaultRevert button will launch a dialog window which allows you to revert changes within the current transaction.Review the updates you have made before committing them to the system.  To reset an item, uncheck the checkbox.  All items checked will be updated in the system when you select update.RoleRoles: %sRoot Admin User RoleRun restorecon on %(PATH)s to change its type from %(CUR_CONTEXT)s to the default %(DEF_CONTEXT)s?SELinux
UserSELinux AdministrationSELinux Application TypeSELinux ConfigurationSELinux Destination TypeSELinux Directory TypeSELinux File LabelSELinux File TypeSELinux IB End Port TypeSELinux IB Pkey TypeSELinux InterfaceSELinux MLS Label you wish to assign to this path.SELinux Policy Generation ToolSELinux Port
TypeSELinux Port TypeSELinux RolesSELinux TypeSELinux Type is requiredSELinux UserSELinux User : %sSELinux User NameSELinux User: %sSELinux UsernameSELinux UsersSELinux booleanSELinux fcontextSELinux file type: %sSELinux name: %sSELinux node type is requiredSELinux policy is not managed or store cannot be accessed.SELinux user %s is defined in policy, cannot be deletedSELinux user %s is not definedSELinux user '%s' is requiredSandboxSave to UpdateSave to updateSelectSelect <b>tcp</b> if the port type should be assigned to tcp port numbers.Select <b>udp</b> if the port type should be assigned to udp port numbers.Select Make Path Recursive if you want to apply this label to all children of the specified directory path. objects under the directory to have this label.Select Management ObjectSelect PortsSelect Root Administrator User Role, if this user will be used to administer the machine while running as root.  This user will not be able to login to the system directly.Select applications domains that %s will transition to.Select directory to generate policy files inSelect directory(s) that the confined application owns and writes intoSelect domainSelect executable file to be confined.Select file equivalence labeling to delete. File equivalence labeling will be deleted when update is applied.Select file labeling to delete. File labeling will be deleted when update is applied.Select file(s) that confined application creates or writesSelect if you wish to relabel then entire file system on next reboot.  Relabeling can take a very long time, depending on the size of the system.  If you are changing policy types or going from disabled to enforcing, a relabel is required.Select init script file to be confined.Select login user mapping to delete. Login user mapping will be deleted when update is applied.Select ports to delete. Ports will be deleted when update is applied.Select the SELinux User to assign to this login user.  Login users by default get assigned by the __default__ user.Select the SELinux file type to assign to this path.Select the domains that you would like this user administer.Select the file class to which this label will be applied.  Defaults to all classes.Select the port type you want to assign to the specified port number.Select the system mode for the current sessionSelect the system mode when the system first boots upSelect the user roles that will transiton to the %s domain.Select the user roles that will transiton to this applications domains.Select users mapping to delete.Users mapping will be deleted when update is applied.Select...Selinux
File TypeSemanage transaction already in progressSemanage transaction not in progressSends audit messagesSends emailServiceSetup ScriptShow Modified OnlyShow mislabeled files onlyShow ports defined for this SELinux typeSorry, -l may be used with SELinux MLS support.
Sorry, newrole failed to drop capabilities
Sorry, newrole may be used only on a SELinux kernel.
Sorry, run_init may be used only on a SELinux kernel.
Source DomainSpec fileSpecify a new SELinux user name.  By convention SELinux User names usually end in an _u.Specify the MLS Range for this user to login in with.  Defaults to the selected SELinux Users MLS Range.Specify the default level that you would like this SELinux user to login with.  Defaults to s0.Specify the mapping between the new path and the equivalence path.  Everything under this new path will be labeled as if they were under the equivalence path.Specify the path using regular expressions that you would like to modify the labeling.Standard Init DaemonStandard Init Daemon are daemons started on boot via init scripts.  Usually requires a script in /etc/rc.d/init.dStateStatusSubnet Prefix is requiredSubnet_PrefixSubstitute %s is not valid. Substitute is not allowed to end with '/'Support NFS home directoriesSupport SAMBA home directoriesSupport X userspace object managerSupport ecryptfs home directoriesSupport fusefs home directoriesSystemSystem Default Enforcing ModeSystem Default Policy Type: System Policy Type:System Status: DisabledSystem Status: EnforcingSystem Status: PermissiveTarget %s is not valid. Target is not allowed to end with '/'Target DomainThe entry '%s' is not a valid path.  Paths must begin with a '/'.The entry that was entered is incorrect.  Please try again in the ex:/.../... format.The sepolgen python module is required to setup permissive domains.
In some distributions it is included in the policycoreutils-devel patckage.
# yum install policycoreutils-devel
Or similar for your distro.This user can login to a machine via X or terminal.  By default this user will have no setuid, no networking, no sudo, no suThis user will login to a machine only via a terminal or remote login.  By default this user will have  no setuid, no networking, no su, no sudo.To disable this transition, go to the To enable this transition, go to the To make this policy package active, execute:Toggle between Customized and All BooleansToggle between Customized and All PortsToggle between all and customized file contextTransitionsTypeType %s is invalid, must be a file or device typeType %s is invalid, must be a ibpkey typeType %s is invalid, must be a node typeType %s is invalid, must be a port typeType %s is invalid, must be an ibendport typeType %s_t already defined in current policy.
Do you want to continue?Type Enforcement fileType field requiredType is requiredTypesUSAGE: run_init <script> <args ...>
  where: <script> is the name of the init script to run,
         <args ...> are the arguments to that script.USER Types automatically get a tmp typeUnable to allocate memory for new_contextUnable to clear environment
Unable to obtain empty signal set
Unable to restore the environment, aborting
Unable to restore tty label...
Unable to set SIGHUP handler
Unify HTTPD handling of all content files.Unify HTTPD to communicate with the terminal. Needed for entering the passphrase for certificates at the terminal.Unknown or missing protocolUnreserved Ports (>1024)UpdateUpdate ChangesUsage %s -LUsage %s -L -l userUsage %s -d File ...Usage %s -l -d user ...Usage %s -l CATEGORY user ...Usage %s -l [[+|-]CATEGORY],...] user ...Usage %s CATEGORY File ...Usage %s [[+|-]CATEGORY],...] File ...Use -- to end option list.  For exampleUser ApplicationUser Application are any application that you would like to confine that is started by a userUser MappingUser RoleUser Role types can not be assigned executables.User with full networking, no setuid applications without transition, no su, can sudo to Root Administration RolesUser with full networking, no setuid applications without transition, no sudo, no su.UsersUses Pam for authenticationUses dbusUses nsswitch or getpw* callsValid Types:
Verify NameVersionWarning!  Could not retrieve tty information.
Warning! Could not restore context for %s
Web Application/Script (CGI)Web Applications/Script (CGI) CGI scripts started by the web server (apache)With this flag, alternative root path needs to include file context files and policy.xml fileWritable filesWrites syslog messages	YesYou are attempting to close the application without applying your changes.
    *    To apply changes you have made during this session, click No and click Update.
    *    To leave the application without applying your changes, click Yes.  All changes that you have made during this session will be lost.You did not define module name.You must add a name made up of letters and numbers and containing no spaces.You must add at least one role for %sYou must enter a executableYou must enter a name for your policy module for your '%s'.You must enter a valid policy typeYou must enter the executable path for your confined processYou must regenerate interface info by running /usr/bin/sepolgen-ifgenYou must select a userYou must specify one of the following values: %sYou need to define a new type which ends with: 
 %sYou need to install policycoreutils-gui package to use the gui option_Delete_Propertiesallall filesall files
regular file
directory
character device
block device
socket
symbolic link
named pipe
allow host key based authenticationallow staff user to create and transition to svirt domains.allow unconfined users to transition to the chrome sandbox domains when running chrome-sandboxapplicationauthentication failed.
block deviceboolean to get descriptioncannot find valid entry in the passwd file.
character devicechcat -- -CompanyConfidential /docs/businessplan.odtchcat -l +CompanyConfidential jusercommandsconnectdirectorydisallow programs, such as newrole, from transitioning to administrative user domains.dontaudit requires either 'on' or 'off'error on reading PAM service configuration.
executableexecutable to confinefailed to build new range with level %s
failed to convert new context to string
failed to exec shell
failed to get account information
failed to get new context.
failed to get old_context.
failed to initialize PAM
failed to set PAM_TTY
failed to set new range %s
failed to set new role %s
failed to set new type %s
get all booleans descriptionsgetpass cannot open /dev/tty
ibendport %s/%s already definedibendport %s/%s is defined in policy, cannot be deletedibendport %s/%s is not definedibpkey %s/%s already definedibpkey %s/%s is defined in policy, cannot be deletedibpkey %s/%s is not definedlabel37label38label39label41label42label44label50label59list all SELinux port typeslisten for inbound connectionsmanage_krb5_rcache must be a boolean value name of policy to generatename of the OS for man pagesnamed pipenewrole:  %s:  error on line %lu.
newrole: failure forking: %snewrole: incorrect password for %s
newrole: service name configuration hashtable overflow
offonpath in which the generated SELinux man pages will be storedpath in which the generated policy files will be storedpath to which the confined processes will need to writequery SELinux Policy to see description of booleansquery SELinux Policy to see how a source process domain can transition to the target process domainquery SELinux policy to see if domains can communicate with each otherradiobuttonregular filerole tabrun_init: incorrect password for %s
sepolicy generate: error: one of the arguments %s is requiredshow SELinux type related to the portshow ports to which this application can bind and/or connectshow ports to which this domain can bind and/or connectsocket filesource process domainsymbolic linksystem-config-selinuxtarget process domaintcptransition 
role tabtranslator-creditstypeudpunknownusage:  %s [-qi]
use_kerberos must be a boolean value use_resolve must be a boolean value use_syslog must be a boolean value writableProject-Id-Version: PACKAGE VERSION
Report-Msgid-Bugs-To: 
POT-Creation-Date: 2019-09-09 17:13+0200
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
PO-Revision-Date: 2019-09-10 07:28+0000
Last-Translator: Vit Mojzis <vmojzis@redhat.com>
Language-Team: Chinese (China) (http://www.transifex.com/projects/p/fedora/language/zh_CN/)
Language: zh_CN
Plural-Forms: nplurals=1; plural=0;
X-Generator: Zanata 4.6.2

SELinux Distribution fcontext Equivalence

SELinux Local fcontext Equivalence
%s 更改的标签。
%s 已在 %s 中%s 不是域类型%s 不是一个有效的上下文
%s 不是有效域%s 不在 %s中%s 必须是一个目录%s!  无法为 %s 获得当前的 上下文,没有重新标记(relabel)tty。
%s! 无法为 %s 获得新上下文,不能重新标记 tty。
%s!  无法为 %s 设置新上下文
%s:无法加载策略并需要强制模式: %s
%s:  无法加载策略: %s
%s:已经载入并启动载入请求的策略
'%s' 策略模块需要已有域******************** 重要 ***********************
-- 允许的 %s [ %s ]在 '%s' 域中不能使用 -a 选项。详情请阅读用法。在 '%s' 域中不能使用 -d 选项。详情请阅读用法。在 '%s' 域中不能使用 -t 选项。详情请阅读用法。-w 选项不能与 --newtype 选项一同使用...600-1024<b>...选择要查看的数据...</b><b>添加 %s 策略中的布尔值:</b><b>添加 %s 管理的文件/目录</b><b>应用程序</b><b>禁用所有 ptracing 或者 debugging 其他进程的进程?</b><b>禁用可运行未限制系统进程的功能?</b><b>禁用所有 permissive 进程?</b><b>输入应用程序或者用户角色名称:</b><b>输入 %s 捆绑的网络接口:</b><b>登录用户</b><b>Root 用户</b><b>为 %s 选择附加角色:</b><b>为 %s 选择在通用应用程序特征:</b><b>选择 %s 要管理的域:</b><b>选择现有角色进行修改:</b><b>选择 %s 连接的网络端口:</b><b>选择 %s 要转换成的角色:</b><b>为您要限制的程序或者用户角色选择策略类型:</b><b>选择要转换成 %s 的 user_roles:</b><b>选择:</b><b>系统配置</b><b>系统模式</b><b>TCP 端口</b><b>UDP 端口</b><b>您要在哪个目录中创建 %s 策略?</b><operation> File Labeling for <selected domain>。应用此更新时生成文件标签。<operation> Network Port for <selected domain>。应用此更新是生成端口。<small>
从 Disabled 改为 Enforcing 模式
- 将系统模式从 Disabled 改为 Permissive
- 重启以便重新标记系统
- 系统如预期工作后
  * 将系统模式改为 Enforcing</small>
Permissive 域是一个进程标签,可允许进程执行其想要的操作,SELinux 只记录拒绝的操作但不会强制其执行。通常 permissive 域代表实验性策略,禁用该模块将导致 SELinux 拒绝对某个本应允许域的访问。动作添加添加 %s添加布尔值添加布尔值对话添加目录 添加文件添加文件上下文添加文件等价映射。应用更新时将生成映射。为 %s 添加文件标签为 %s 添加文件标签。应用更新时将生成文件标签。添加登录映射添加登录映射。应用更新时会生成登录映射。添加登录映射。应用更新时将生成用户映射。添加网络接口为 %s 添加网络端口为 %s 添加网络端口。应用更新时生成端口。添加 SELinux 文件等价添加 SELinux 登录映射添加 SELinux 网络端口添加 SELinux 用户添加 SELinux 用户映射添加 SELinux 用户角色。应用更新时将生成 SELinux 用户角色。添加 SELinux 用户添加用户提交用户角色。应用更新时将生成 SELinux 用户角色。添加文件添加文件等价映射。应用更新时将生成映射。添加文件等价标签。为 %s 添加文件标签添加登录映射为 '%(DOMAIN)s' 域添加新 %(TYPE)s 文件路径。添加新文件等价定义。添加新登录映射定义。添加新 SELinux 用户/角色定义。添加新的端口定义以便 %(PERM)s 可允许 '%(APP)s' 域。为 %s 添加端口添加用户添加/删除 %s 域使用的布尔值已在策略中定义了 addr %s,无法将其删除。没有定义 addr %s管理员用户角色管理员登录用户角色高级 <<高级 >>高级搜索 <<高级搜索 >>全部所有域允许 %s 使用 0 调用 bindresvport。捆绑到端口 600-1024允许 ABRT 修改用于共用文件传输服务的共用文件。允许 Apache 通过 dbus 与 avahi 沟通允许 Apache 通过 dbus 与 sssd 服务沟通允许 Apache 执行 tmp 内容。允许 Apache 修改在公共文件传输服务中使用的公共文件。必须将目录/文件标记为 public_content_rw_t。允许 Apache 查询 NS 记录允许 Apache 使用 stickshift 模式而不转换为 passenger 运行允许 Apache 运行预升级允许 Apache 使用 mod_auth_ntlm_winbind允许 Apache 使用 mod_auth_pam允许 HTTPD 脚本和模块通过网络连接到 cobbler。允许 HTTPD 脚本和模块通过网络连接到数据库。允许 HTTPD 脚本和模块使用 TCP 连接到网络。允许在服务器 cobbler 文件中使用 HTTPD 脚本和模块。允许 HTTPD 连接到端口 80 以便正常关闭允许 HTTPD 在与系统 CGI 脚本相同的域中运行 SSI 可执行进程。允许 Puppet 客户端管理所有文件类型。允许 Puppet 主机使用到 MySQL 和 PostgreSQL 数据库的连接允许 Redis 运行 redis-sentinal 通知脚本。允许 Zabbix 运行 su/sudo。允许 ZoneMinder 修改公共文件传输服务使用的公共文件允许 ZoneMinder 运行 su/sudo。允许用户作为未限定域登录允许所有守护进程可读取/写入终端允许所有守护进程使用 tcp wrapper。允许所有守护进程将 corefile 写入 /允许所有域以 fips_mode 执行允许所有域都有内核载入模块允许所有域使用其他文件描述符当内核带有 systemd.log_target=kmsg 参数运行时允许所有域写 kmsg_device。允许不受限制的可执行文件使用需要重新定位文本,且没有标记为 textrel_shlib_t 的库。允许杀毒软件读取系统中的非机要文件允许所有文件/目录通过 NFS 以只读方式导出。允许所有文件/目录通过 NFS 以读写方式导出。允许任何进程对带有属性 file_type 的系统上的任何文件进行 mmap 操作。允许 apache 脚本写入公共内容,必须将目录/内容标记为 public_rw_content_t。允许审核管理员执行内容允许集群管理域 memcheck-amd64- 使用可执行内存。允许集群管理域使用 TCP 连接到该网络。允许集群管理域管理系统中的所有文件。允许受限制程序声音 kerberos 运行。允许受限制的程序使用 nscd 共享内存。允许受限制用户执行 ping 和 traceroute 命令。允许受限制的虚拟机与 rawip Socket 互动允许受限制的虚拟机与 sanlock 互动允许受限制的虚拟机与 xserver 互动允许受限制的虚拟机管理 cifs 文件允许受限制的虚拟机管理 nfs 文件允许受限制的虚拟机读取 fuse 文件允许受限制的虚拟机使用可执行内存和可执行栈允许受限制的虚拟客户机使用 glusterd允许受限制的虚拟机使用串口/并口沟通端口允许受限制的虚拟机使用 usb 设备允许受限制的网页浏览器读取主目录内容允许 conman 管理 nfs 文件允许 cups execmem/execstack允许数据库管理员执行 DML 语句允许 dbadm 执行内容允许 dhcpc 客户端程序执行 iptables 命令允许 ftpd 使用 ntfs/fusefs 卷。允许 ganesha 读取/写入 fuse 文件允许 glance 域管理 fuse 文件允许 glance 域使用可执行内存和可执行栈允许 glusterd_t 域使用可执行内存允许 glusterfsd 修改公共文件传输服务使用的公共文件。必须将文件/目录标记为 public_content_rw_t。允许 glusterfsd 共享所有只读的文件/目录。允许 glusterfsd 共享所有可读写的文件/目录。允许 gpg web 域修改在公共文件传输服务中使用的公共文件。允许 gssd 列出 tmp 目录并读取 kerberos 认证缓存。允许访客执行内容允许 http 守护进程检查 spam允许 http 守护进程连接到 mythtv允许 http 守护进程连接到 zabbix允许 httpd 守护进程发送邮件允许 httpd cgi 支持允许 httpd 守护进程更改其资源限制允许 httpd 进程管理 IPA 内容允许 httpd 进程运行 IPA 帮助程序。允许 httpd 脚本和模块执行 execmem/execstack允许 httpd 访问 FUSE 文件系统允许 httpd 访问 cifs 文件系统允许 httpd 访问 nfs 文件系统允许 httpd 访问 openstack 端口允许 httpd 作为连接到 ftp 端口和一次性端口的 FTP 客户端允许 httpd 在 ftp 端口侦听从而作为 FTP 服务器使用。允许 httpd 作为中继使用允许 httpd 连接到  sasl允许 httpd 连接到 memcache 服务器允许 httpd 连接到 ldap 端口允许 httpd 读取主目录允许 httpd 读取用户内容允许 httpd 运行 gpg允许 httpd 使用内嵌脚本 (通常为 php)允许 ksmtuned 使用 cifs/Samba 文件系统允许 ksmtuned 使用 nfs 文件系统允许 logadm 执行内容允许从 /dev/console 登录并使用该系统。允许 logrotate 管理 nfs 文件允许 logrotate 读取内部日志允许 mailman 访问 FUSE 文件系统允许 mock 读取主目录中的文件。允许 mozilla 插件域绑定未保留的 lsmd_plugin 端口。允许 mozilla 插件域使用 TCP 连接到网络。允许 mozilla 插件支持 GPS。允许 mozilla 插件支持 spice 协议。允许 mozilla 插件使用 Bluejeans。允许 mysqld 连接到所有端口允许 nagios 与 PNP4Nagios 一同运行。允许 nagios/nrpe 从 NRPE utils 脚本中调用 sudo。允许 nfs 服务器修改在公共文件传输服务中使用的公共恩及。必须将文件/目录标记为 public_content_rw_t。允许 openshift 访问没有标签的 nfs 文件系统允许 openvpn 运行未定义脚本允许 pcp 捆绑到所有 unreserved_ports允许 pcp 读取一般日志允许 piranha-lvs 域使用 TCP 连接到网络。允许 polipo 连接到所有大于 1023 的端口允许 postfix_local 域对 mail_spool 目录有完全写入访问允许 postgresql 使用 ssh 和 rsync 执行时间点恢复允许为一般用户运行 pppd允许 pppd 为某些调制解调器载入内核模块允许 qemu-ga 管理 qemu-ga 日期。允许 qemu-ga 读取 qemu-ga 日期。允许 racoon 读取 shadow允许常规用户的直接 dri 设备访问允许 rpcd_t 管理 fuse 文件允许 rsync 服务器管理系统中的所有文件/目录。允许 rsync 以只读方式导出任意文件/目录。允许 rsync 修改公共文件传输服务使用的公共文件。必须将文件/目录标记为 public_content_rw_t。允许 rsync 作为客户端运行允许 s-c-kdump 在 bootloader_t 运行引导装载程序。允许 samba 作为 protmapper 使用允许 samba 作为域控制器使用添加用户、组以及更改密码。允许 samba 创建新主目录 (例如:使用 PAM)允许 samba 导出 NFS 卷。允许 samba 导出 ntfs/fusefs 卷。允许 samba 修改在公共文件传输服务中使用的公共文件。必须将文件/目录标记为 public_content_rw_t。允许 samba 运行不受限制的脚本允许 samba 共享所有只读的文件/目录。允许 samba 共享所有可读写的文件/目录。允许 samba 共享用户主目录。允许沙箱容器管理 fuse 文件允许沙箱容器发送审核信息允许沙箱容器使用所有功能允许沙箱容器使用 mknod 系统调用允许沙箱容器使用网络链接系统调用允许沙箱容器使用 sys_admin 系统调用,例如:mount允许 sanlock 管理 cifs 文件允许 sanlock 管理 nfs 文件允许 sanlock 读取/写入 fuse 文件允许 sanlock 读/写用户的家目录。允许 sasl 读取 shadow允许安全管理员执行内容允许 sge 访问 nfs 文件系统。允许 sge 使用任意 TCP 端口连接到网络允许 smbd 从 gluster 中载入 libgfapi允许 spamd 读取/写入用户主目录。允许 spamd_update 连接到所有端口。允许 ssh 作为 sysadm_r:sysadm_t 登录允许 ssh 使用 chrrot 环境读取和写入用户主目录允许成员执行内容允许系统管理员执行内容允许 syslogd 守护进程发送邮件允许 syslogd 功能调用 nagios 插件。它是由 omprog rsyslog 插件打开。允许 syslogd 读取/写入终端允许系统 cron 任务重新标记文件系统以便恢复文件上下文。允许值 NFS、CIFS 或 FUSE 文件系统中执行系统 cronjob。允许系统使用 NIS 运行允许 tftp 修改在公共文件传输服务中使用的公共文件。允许 tftp 在用户主目录中读取和写入文件允许 Irssi IRC 客户端连接到任意端口,捆绑到任意未保留端口。允许 Telepathy 连接管理器连接到任意原始 TCP 端口。允许 Telepathy 连接管理器连接到任意网络端口。允许图形登录程序在 HOME 目录中创建 xdm_home_t 文件。允许图形登录程序执行引导装载程序允许图形登录程序直接作为 sysadm_r:sysadm_t 登录允许 mount 命令挂载任意目录或者文件。允许 tomcat 通过网络连接到数据库。允许 tomcat 读 rpm 数据库。允许 tomcat 使用可执行内存和可执行堆栈允许 tor 作为中继使用允许将可获得标签传送到外部数据库允许不受限制的可执行文件使其堆内存可执行。这样做很不好。可能会表示有坏的代码可执行文件,但也可以代表受到攻击。应在 bugzilla 中报告这个可执行文件。允许不受限制的可执行文件使其栈成为可执行。这永远都不需要。可能会表示有坏的代码可执行文件,但也可以代表受到攻击。应在 bugzilla 中报告这个可执行文件。允许未限定用户在运行 xulrunner 插件容器时转换为 Mozilla 插件域。允许非特权用户创建并转换到 svirt 域。允许非特权用户执行 DDL 语句允许用户使用 ssh chroot 环境。允许用户共享音乐允许用户 spamassassin 客户端使用该网络允许用户执行内容允许用户在没有扩展属性的文件系统 (FAT、CDROM、FLOPPY) 读取/写入文件允许用户连接到 PostgreSQL允许用户连接到本地 mysql 服务器允许用户使用 radius 服务器登录允许用户使用 yubikey OTP 服务器登录或更改响应模式允许用户直接从 ldap 解析用户 passwd 条目而不是使用 sssd 服务允许用户运行 TCP 服务器 (捆绑到端口并接受来自同一域或者外部用户的连接) ,禁用此功能可强制 FTP 被动模式,并可更改其他协议。允许用户运行 UDP 服务器 (捆绑到端口并接受来自同一域或者外部用户的连接) ,禁用此功能可妨碍 avahi 在该网络或其他 udp 相关服务中找到服务。允许虚拟进程作为用户域运行允许 xen 管理 nfs 文件允许 xend 运行 blktapctrl/tapdisk。如果磁盘映像使用非专用逻辑卷则不需要。允许 xend 运行 qemu-dm。如果使用半虚拟或者没有 vfb 则不需要。允许X窗口访客执行内容允许 xguest 使用蓝牙设备允许 xguest 用户配置 Network Manager 并连接到 apache 端口允许 xguest 用户挂载可移动介质允许 zarafa 域执行 setrlimit/sys_resoure。允许 zebra 守护进程将其写入配置文件允许 %s 捆绑到任意 udp 端口允许 %s 捆绑到任意大于 1024 的 udp 端口允许 %s 连接到任意 tcp 端口允许 %s 连接到任意 udp 端口允许 XServer 执行可写入内存允许客户端写入 X 服务器共享的内存片段。允许 xdm_t 捆绑到 vnc_port_t(5910)备选的 SELinux 策略,默认至 /sys/fs/selinux/policy备选 root 目录,默认为 /需要设置可替换 rootPermissive 域是一个进程标签,可允许进程执行其想要的操作,SELinux 只记录拒绝的操作但不会强制其执行。通常 permissive 域代表实验性策略,禁用该模块将导致 SELinux 拒绝对某个本应允许域的访问。未限制的域是一个进程标签,可允许进程执行其想要的操作而没有任何 SELinux 干预。引导时由 init system 启动且没有 SELinux 策略定义的程序,如果已启用该模块,则将作为未限制程序运行。禁用它意味着限制将限制所有守护进程。要禁用 unconfined_t 用户,您必须首先在用户/登录页面中移除 unconfined_t。正在分析策略......应用程序应用程序文件类型由 '%s' 转换为应用程序由‘选择域’转换的程序应用程序转换为 '%s'应用程序转换为‘所选域’应用程序应用程序 - 高级搜索应用您确定要删除 %s '%s' 吗?坏格式 %(BOOLNAME)s:记录 %(VALUE)s布尔值布尔值
已启用布尔值 %s 允许规则已在策略中定义了布尔值 %s,无法将其删除。尚未定义布尔值 %s布尔值名称布尔值名称布尔值部分。确定系统是否允许载入策略的布尔值,设定 enforcing 模式,并更改布尔值。将其设定为 true 后必须重启方可将其设定会原来的值。布尔值浏览浏览选择要标记的文件/目录。内嵌 Permissive 类型调用进程域无法把 +/- 和其它类型的类别相连不能有多个 sensitivity无法使用 '+' 在 %s 上修改敏感级别取消无法在 shadow passwd 文件中找到您的条目。
无法读取策略存储。将进程模式改为 enforcing。将进程模式改为 permissive。更改策略类型将导致在下一次引导时重新标记整个文件系统。重新标记需要一定的时间,具体要看文件系统的大小。您要继续吗?将 SELinux 改为禁用的状态要求重启方可生效。不推荐使用此选项。如果您以后决定重新启用 SELinux,则需要重新标记该系统。如果您要看是否因为 SELinux 造成您系统中的错误,您可以选择 permissive 模式,这个模式只记录出错信息,且不强制执行 SELinux 策略。Permissive 策略不要求重启。您要继续吗?将 SELinux 改为禁用的状态需要重启方可生效。不推荐使用此选项。如果您以后决定重新启用 SELinux,则需要重新标记该系统。如果您要看是否因为 SELinux 造成您系统中的错误,您可以选择 permissive 模式,这个模式只记录出错信息,且不强制执行 SELinux 策略。Permissive 策略不要求重启。您要继续吗?更改为启用 SELinux 将导致在下一次引导时重新标记整个文件系统。重新标记需要一定的时间,具体要看文件系统的大小。您要继续吗?等级对于此类型策略所需的命令将您在当前转换过程中的所有更改提交到服务器。配置 SELinux受限 Root 管理员角色上下文控制 mmap 在地址空间低端的功能,由 /proc/sys/vm/mmap_min_addr 配置。版权所有 (c)2006 Red Hat, Inc.
版权所有 (c) 2006 Dan Walsh <dwalsh@redhat.com>无法添加 SELinux 用户 %s无法添加 addr %s无法为 %s 添加文件上下文无法添加 ibendport %s/%s无法添加 ibpkey %s/%s无法添加接口 %s无法为 %s 添加登录映射无法为 %(PROTOCOL)s/%(PORT)s 添加端口无法为 %(ROLE)s 添加前缀 %(PREFIX)s无法为 %(NAME)s 添加角色  %(ROLE)s无法检查是否已定义了 SELinux 用户 %s无法检查是否定义了 addr %s无法检查是否已定义布尔值 %s如果已定义 %s 的文件上下文,则无法检查。无法检查 ibendport %s/%s 是否已定义无法检查 ibpkey %s/%s 是否已定义无法检查是否已定义接口 %s无法检查是否已经为 %s 规定了登录映射如果定义端口 %(PROTOCOL)s/%(PORT)s 则无法检查如果定义端口 @%(PROTOCOL)s/%(PORT)s 则无法检查无法关闭 descriptors。
无法提交 semanage 事务无法为 %s 创建 SELinux 用户无法为 %(PROTOTYPE)s/%(PORT)s 创建密钥无法为 %s 创建密钥无法为 %s/%d 创建一个密钥无法为 %s/%s 创建密钥无法为 ibendport %s/%s 创建密钥无法为 %s 创建 addr无法为 %(PROTOCOL)s/%(PORT)s 创建上下文无法为 %s 创建上下文无法为 %s/%s 创建上下文无法为 %s 创建文件上下文无法为 %s/%s 创建 ibendport无法为 %s/%s 创建 ibpkey无法为 %s 创建接口无法为 %s 创建密钥无法为 %s 创建登录映射无法创建模块密钥无法为 %(PROTOCOL)s/%(PORT)s 创建端口无法创建 semanage 句柄无法删除 SELinux 用户 %s无法删除 addr %s无法删除所有接口映射无法删除布尔值 %s无法为 %s 删除文件上下文无法删除 ibendport %s/%s无法删除 ibpkey %s/%s无法删除接口 %s无法删除 %s 的登录映射无法删除端口 %(PROTOCOL)s/%(PORT)s无法删除文件上下文 %s无法删除 ibendport %s/%d无法删除 ibpkey %s无法删除端口 %s无法删除所有节点映射不能决定 enforcing 模式。
无法禁用模块 %s无法启用模块 %s 无法建立 semanage 连接无法为 %s 提取密钥无法启用模块无法获取模块 lang_ext无法获取模块名称无法获取模块优先级无法列出 SELinux 模块无法列出 SELinux 用户无法列出 addr无法列出布尔值无法列出文件上下文无法为主目录列出文件上下文无法列出 ibendport无法列出 ibpkey无法列出接口无法列出本地文件上下文无法列出登录映射无法列出端口无法为用户 %s 列出角色无法列出文件上下文无法列出 ibendport无法列出 ibpkey无法列出端口无法修改 SELinux 用户 %s无法修改 addr %s无法修改布尔值 %s无法为 %s 修改文件上下文无法修改 ibendport %s/%s无法修改 ibpkey %s/%s无法修改接口 %s无法为 %s 修改登录映射无法修改端口 %(PROTOCOL)s/%(PORT)s无法打开文件 %s
无法查询 addr %s无法查询文件上下文 %s无法为 %s 查询文件上下文无法查询 ibendport %s/%s无法查询 ibpkey %s/%s无法查询接口 %s无法查询端口 %(PROTOCOL)s/%(PORT)s无法为 %s 查询 seuser无法为 %s 查询用户无法删除模块 %s (删除失败)无法删除 permissive 域 %s(删除操作失败)无法为 %s 设置 MLS 级别无法为 %s 设置 MLS 范围无法为 %s 设置 SELinux 用户无法设定活跃布尔值 %s无法为 %s 设置 addr 上下文无法将 exec context 设定为 %s。
无法为 %s 设置文件上下文无法为 %s/%s 设置 ibendport 上下文无法为 %s/%s 设置上下文无法为 %s 设置接口上下文无法为 %s 设置掩码无法为 %s 设置信息上下文无法在 addr 上下文中为 %s 设置 mls 字段无法在文件 context 中为 %s 设置 mls 字段无法为 %s/%s 在 ibendport 上下文中设置 mls 项无法为 %s/%s 在 ibpkey 上下文中设置 mls 项无法在接口上下文中为 %s 设置 mls 字段无法为 %(PROTOCOL)s/%(PORT)s 在端口上下文中设定 mls 字段无法设置模块密钥名称无法为 %s 设置名称无法设定 permissive 域 %s(模块安装失败)无法为 %(PROTOCOL)s/%(PORT)s 设定端口上下文无法在 addr 上下文中为 %s 设置角色无法在文件 context 中为 %s 设置角色无法为 %s/%s 在 ibendport 上下文中设置角色无法为 %s/%s 在 ibpkey 上下文中设置角色无法在接口 context 中为 %s 设置角色无法为 %(PROTOCOL)s/%(PORT)s 在端口上下文中设定角色无法在 addr 上下文中为 %s 设置类型无法在文件 context 中为 %s 设置类型无法为 %s/%s 在 ibendport 上下文中设置类型无法为 %s/%s 在 ibpkey 上下文中设置类型无法在接口 context 中为 %s 设置类型无法为 %(PROTOCOL)s/%(PORT)s 在端口上下文中设定类型无法在 addr 上下文中为 %s 设置用户无法在文件 context 中为 %s 设置用户无法为 %s/%s 在 ibendport 上下文中设置用户无法为 %s/%s 在 ibpkey 上下文中设置用户无法在接口 context 中为 %s 设置用户无法为 %(PROTOCOL)s/%(PORT)s 在端口上下文中设定用户无法启动 semanage 事务无法测试启用了 MLS 的状态无法获得默认类型。
创建/操作 /tmp 中的临时文件当前 Enforcing 模式自定义自定义 Permissive 类型DBUS 系统守护进程默认默认等级删除为 '%(DOMAIN)s' 域删除 %(TYPE)s 文件路径。删除 %s删除文件上下文删除修改的文件标签删除修改的端口删除修改的用户映射。删除网络接口删除 SELinux 用户映射删除用户删除文件等价标签。为 %s 删除文件标签删除登录映射删除修改的文件等价定义。删除修改的登录映射定义。删除修改的 SELinux 用户/角色定义。删除修改的端口定义以便 %(PERM)s 可允许 '%(APP)s' 域。为 %s 删除端口删除用户拒绝所有 ptracing 或者 debugging 任何其他进程的进程。拒绝用户域程序与内存区映射为可执行和可写入,这样做很危险,同时应在 bugzilla 中报告该可执行文件。描述桌面登录用户角色目标类型决定 ABRT 是否可以在 abrt_handle_event_t 域中运行处理 ABRT 事件脚本。决定 Bind 是否可以将 tcp 插槽捆绑到 http 端口。决定 Bind 是否可以写入主区文件。通常是在动态 DNS 或者区域转换中使用。决定 Cobbler 是否可访问 cifs 文件系统。决定 Cobbler 是否可访问 nfs 文件系统。决定 Cobbler 是否可以使用 TCP 连接到该网络。决定 Cobbler 是否可以修改用于公共文件传输服务的公共文件。决定 Condor 是否可以使用 TCP 连接到网络。决定 DHCP 守护进程是否可以使用 LDAP 后端。确定 Git CGI 是否可以访问 cifs 文件系统。确定 Git CGI 是否可以访问 nfs 文件系统。确定 Git CGI 是否可以搜索主目录。确定 Git 会话守护进程是否可以将 TCP 插槽捆绑到所有未保留端口。确定 Git 系统守护进程是否可以访问 cifs 文件系统。确定 Git 守护进程是否可以访问 nfs 文件系统。确定 Git 系统守护进程是否可以搜索主目录。决定 Gitosis 是否可以发送邮件。决定 Nagios、NRPE 是否可以访问 nfs 文件系统。确定 polipo 是否可访问 nfs 文件系统。确定 Polipo 会话守护进程是否可将 tcp 插槽捆绑到所有未保留端口。决定 abrt-handle-upload 是否可以修改  /var/spool/abrt-upload/ 公共文件传输服务中使用的公共文件。决定是否应该静谧地阻断 wine 在 mmap 低频段的尝试。决定 aswtats 是否可以清除 httpd 日志文件。决定 bionc 是否可以执行 execmem/execstack。确定调用用户域是否可以在 git_session_t 域中执行 Git 守护进程。确定调用用户域是否可在 polipo_session_t 域中执行 Polipo 守护进程。决定防病毒程序是否可以使用 JIT 编译程序。决定 cdredord 是否可以读取各种内容。nfs、samba、可移动设备、用户临时文件以及不可信的内容文件。决定 collectd 是否可以使用 TCP 连接到该网络。决定 conman 是否可以连接到所有 TCP 端口决定 crond 是否可以执行用户域中与原始 cronjob 与中相悖的任务。决定 cvs 是否可以读取影子密码文件。决定 dbadm 是否可以管理通用用户文件。决定 dbadm 是否可以读取通用用户文件。决定 docker 是否可以连接到所有 TCP 端口。决定 entropyd 是否可以使用音频设备作为熵值源。决定 entropyd 是否可以使用音频设备作为熵值的源。决定手否允许 exim 创建、读取、写入和删除通用用户内容文件。决定 exim 是否可以读取通用用户文件。决定 fenced 是否可以使用 TCP 连接到该网络。决定 fenced 受可以使用 ssh。决定 ftpd 是否可以为被动模式绑定到所有未保留的端口。决定 ftpd 是否可以连接到所有未保留的端口。决定 ftpd 是否可以使用 TCP 网络连接到数据库。决定 ftpd 是否可以登录到本地用户并读取和写入由 DAC 管理的系统中的所有文件。决定 ftpd 是否可以修改在公共文件传输服务中使用的公共文件。必须将目录/文件标记为 public_content_rw_t。决定 ftpd 是否可以为公共文件传输服务使用 CIFS。决定 ftpd 是否可以为公共文件传输服务使用 NFS。决定 glance-api 是否可以连接到所有 TCP 端口决定 haproxy 是否可以连接到所有 TCP 端口。决定 icecast 是否可以连接到任意 TCP 端口并进行侦听。决定 irc 客户端是否可以连接到任意未保留的 TCP 端口并进行侦听。决定 keepalived 是否可以连接到所有 TCP 端口。决定 logwatch 是否可以通过网络连接到邮件。决定 lsmd_plugin 是否可以连接到所有 TCP 端口。决定 mcelog 是否可以执行脚本。决定 mcelog 是否可以使用所有用户 ttys。决定 mcelog 是否支持客户端模式。决定 mcelog 是否支持服务器模式。决定 minidlna 是否可以读取常规用户内容。决定 mpd 是否可以进入用户主目录。决定 mpd 是否可使用 cifs 文件系统。决定 mpd 是否可以使用 nfs 文件系统。决定 mplayer 是否可以使其栈可执行。决定 neutron 是否可以连接到所有 TCP 端口决定 openvpn 是否可以连接到 TCP 网络。决定 openvpn 是否可以读取通用用户主目录内容文件。确定 polipo 是否可访问 cifs 文件系统。决定 privoxy 是否可以连接到所有 tcp 端口。决定 radius 是否可以使用 JIT 编译器。决定 smartmon 是否可以支持 3ware 控制器中的设备。决定 squid 是否可以连接到所有 TCP 端口。决定 squid 是否可以作为透明代理运行。决定 swift 是否可以连接到所有 TCP 端口。决定 tmpreaper 是否可以使用 cinfs 文件系统。决定 tmpreaper 是否可以使用 nfs 文件系统。决定 tmpreaper 是否可以使用 samba_share 文件决定 tor 是否支持 lpd 服务器。决定 tor 是否可以将 tcp 插槽捆绑到所有未保留的端口。决定 varnishd 是否可以使用全部 TCP 网络。决定 webadm 是否可以管理通用用户文件。决定 webadm 是否可以读取通用用户文件。决定 zabbox 是否可以连接到所有 TCP 端口。禁用禁用审核禁用内核模块载入。已禁用Disabled
Permissive
Enforcing
显示可转换为 '%s' 或者从 '%s' 转换的应用程序。显示可转换为‘所选域’或者从‘所选域’转换的应用程序。显示可用来修改  '%s' 策略的布尔值信息。显示可用来修改‘所选域’策略的布尔值信息。显示  '%s' 可使用的文件类型信息。显示‘所选域’可使用的文件类型信息。显示  '%s' 可连接或者侦听的网络端口。显示‘所选域’可连接或者侦听的网络端口。生成 man page 的域名不审核 Apache 搜索目录。编辑网络接口启用启用审核为守护进程启用集群模式。在 cron 域中启用附加规则以便支持 fcron。启用多实例化目录支持。为所有域启用非随机读取。启用/禁用额外审计规则,一般不再日志文件中报告这些规则。已启用Enforcing输入 SELinux 用户登录的默认级别。默认为 s0。输入这个 SELinux 用户的 MLS/MCS 范围。
s0-s0:c1023为这个登录用户输入 MSL/MCS 范围。默认为所选 SELinux 用户的范围。输入管理员域将要转换的 SELinux 角色输入将转移至此域的 SELinux 用户(们)输入使用逗号分开的 %s 要连接的 tcp 端口或者端口范围列表,例如:612, 650-660输入以逗号分开的 %s 可捆绑的 udp 端口或者端口范围列表。例如:输入使用逗号分开的 %s 要连接的 udp 端口或者端口范围列表,例如:612, 650-660输入要限制的可执行文件的完整路径。输入用来启动受限制程序的 init 脚本的完整路径。输入您将要延伸至的域类型输入这个受限制管理员将要管理的域输入您要查询的接口名称输入要为这个文件路径分配的 MLS 标签。输入要为这个端口分配的 MLS 标签。输入您要添加到 SELinux 用户限制的用户的登录用户名。输入您要设置对等标签的路径。输入您要添加到端口类型的端口号或者范围。输入要限制的应用程序或者用户角色的唯一名称。对等路径已存在 %s 的等效类型%s 的等效类型不存在等价:%s分配内存时出错。
分配 shell 的 argv0 时出错。
更改 uid 出错,中止。
连接到审计系统出错。
重新设置 KEEPCAPS 出错,中止
发送审计信息时出错。
错误!无法清除 %s 中的 O_NONBLOCK
错误!无法打开 %s。
错误!Shell 无效。
错误:指定了多个级别
错误:指定了多个角色
错误:指定了多个类型
错误:不允许在不安全的终端更改级别
可执行可执行文件可执行文件当  '%s' 执行它们时可转换为不同域的可执行文件。当‘所选域’执行它们时可转换为不同域的可执行文件。执行所选域切入点时可转换为  '%s' 的可执行文件。执行所选域切入点时可转换为‘所选域’的可执行文件。已有域类型现有用户角色现有用户(_U)导出将系统设置导出为一个文件关闭 tty 失败
减少容量 %m 失败
读取 %s 策略文件失败发送审核信息失败向名称空间传送失败
文件说明 文件类型文件上下文文件文件等价文件标签文件名文件路径文件说明由 '%s' 转换的文件来自‘选择域’的文件转换文件转换规定当目前域在目标类型的目录中生成特定类型内容时会出现什么情况。或者可为该转换指定文件名称。 类型为  '%s' 定义的文件类型。为‘所选域’定义的文件类型。文件类型:%s已在策略中定义了 %s 的文件上下文,无法将其删除。未定义 %s 的文件上下文文件等价造让该系统将那个新路径中的内容如等价路径中的内容一般标记。文件路径:%s用来进入 '%s' 域的文件路径。进入‘所选域’的文件路径。文件路径:%s文件说明 %(TARGET)s 与等式规则 '%(SOURCE)s %(DEST)s' 冲突文件说明 %(TARGET)s 与等式规则 '%(SOURCE)s %(DEST)s' 冲突;请尝试添加 '%(DEST1)s'。文件说明不能有空格文件文件等价'%s' 中的文件将转换为不同的标签。'%s' 域可写入的文件。‘所选域’可写入的文件。%s “管理” 的文件/目录。Pid 文件,日志文件,/var/lib 文件......过滤器GPL生成 '%s' 策略生成 '%s' 策略为选中的 SELinux 手册页面生成 HTML 手册页面结构生成 SELinux 策略模块模板生成 SELinux man page生成新策略模块SELinux 策略的图形用户界面组查看帮助:应用程序类型页帮助:布尔值页帮助:可执行文件页帮助:文件等价页帮助:进入网络连接页帮助:锁定页帮助:登录页帮助:外出网络连接页帮助:SELinux 用户页帮助:起始页帮助:系统页帮助:转换应用程序文件页帮助:从应用程序转换页帮助:转换为应用程序页帮助:可写入文件页IB设备名称IB 设备名称是必需的策略中写入的 If-Then-Else 规则
可允许备选访问控制。导入从另一台机器导入系统设置流入Init 脚本与终端互动接口 %s 不存在。已在策略中定义了接口 %s,无法将其删除未定义接口 %s接口文件互联网服务守护进程互联网服务守护进程 (inetd)互联网服务守护进程是那些使用 xinetd 启动的守护进程。无效的 Pkey无效端口端口号无效无效文件说明无效优先级 %d(应在 1 到 999 之间)标记中语言Linux 组群 %s 不存在Linux用户 %s 不存在列出 SELinux 策略接口列表查看载入策略模块载入策略模块锁定锁定 SELinux 系统。
本页面可用来打开 SELinux 保护。登录名需要登录 '%s' 登录映射登录名登录名:%s已经在策略中规定了 %s 的登录映射,无法将其删除。未定义 %s 的登录映射登录名丢失数据对话MCS 级别MCS 范围缺少文件路径MLSMLS 范围MLS/MLS/⏎ MCS 范围MLS/MCS
等级MLS/MCS 范围MLS/MCS 范围:%s使路径递归管理 SELinux 配置最小终端登录用户角色最低终端用户角色最小 X 窗口登录用户角色最低 X 视窗用户角色有错误标记的文件修改为 '%(DOMAIN)s' 域修改 %(TYPE)s 文件路径。只选择列表中黑体字部分,黑体字代表之前修改过他们。修改 %s修改文件上下文修改文件等价映射。应用更新时将生成映射。为 %s 修改文件标签。应用更新时将生成文件标签。修改登录映射修改登录映射。应用更新时将修改登录映射。为 %s 修改网络端口为 %s 修改网络端口。应用更新时将生成端口。修改 SELinux 文件等价修改 SELinux 用户映射修改 SELinux 用户角色。应用更新时将修改 SELinux 用户角色。修改 SELinux 用户修改用户修改现有登录用户记录。修改文件等价标签。为 %s 修改文件标签修改登录映射修改端口定义以便 %(PERM)s 可允许 '%(APP)s' 域。为 %s 修改端口修改所选修改的文件等价定义。值选择列表中黑体字的项目,黑体字代表它们之前被修改过。修改所选登录映射定义。修改所选 SELinux 用户/角色定义。修改用户在当前策略中已载入 %s 模块。
要继续吗?模块名称模块不存在 %s新类型的模块信息详情更多类型更多......名称名称必须是数字字母组合,且没有空格。请考虑使用选项 "-n MODULENAME"。网络网络
捆绑标签网络端口网络端口定义允许 '%s' 连接的网络端口。允许 '%s' 侦听的网络端口。允许‘所选域’连接的网络端口。允许‘所选域’侦听的网络端口。网络端口:%s网络协议:%s否未安装 SELinux 策略在文件 %s 中无上下文
需要节点地址尚未实施只有守护进程程序可以使用 init 脚本。选项错误 %s 无可用的内存!
外出密码:路径路径Permissive允许 prosody 绑定 bind apache 端口。要激活它方可使用 BOSH。PKEY号策略目录策略模块需要命令的策略类型端口已定义端口 %(PROTOCOL)s/%(PORT)s在策略中定义了端口 %(PROTOCOL)s/%(PORT)s,无法删除。未定义端口 %(PROTOCOL)s/%(PORT)s未定义端口 @%(PROTOCOL)s/%(PORT)s端口号端口类型需要端口端口号 "%s" 无效。0 < PORT_NUMBER < 65536 端口号必须在  1 到 65536 之间。端口必须是从 1 到 %d 的数字或者一组数字前缀优先级进程域进程类型协议协议需要 udp 或 tcp 协议查询 SELinux 策略网络信息Red Hat 2007重启后将所有文件重新标记为系统默认下次重启时重新标记。删除可载入的策略模块需要至少一个分类需要前缀或角色需要前缀、角色、级别或范围需要 settype需要 setype 或 serange需要 setype、serange 或 seuser需要 seuser 或 serange重试恢复恢复更改将布尔值设置改为系统默认设置恢复按钮将打开一个对话窗口,您可以在该窗口中恢复当前转换过程中进行的修改。在向提供提交更新前要进行检查。要重新设置某个项目,只要取消其选择即可。您选择更新后将更新所有选择的项目。角色角色:%sRoot 管理员用户角色在 %(PATH)s 中运行 restorecon 将其类型从 %(CUR_CONTEXT)s 改为默认的 %(DEF_CONTEXT)s》SELinux 用户添加管理员SELinux 应用程序类型SELinux 配置SELinux 目标类型SELinux 目录类型SELinux 文件标签SELinux 文件类型SELinux IB 结束端口类型SELinux IB Pkey 类型SELinux 接口您要为这个路径分配的 SELinux MLS 标签。SELinux 策略生成工具SELinux 端口
类型SELinux 端口类型SELinux 角色SELinux 类型需要 SELinux 类型SELinux 用户SELinux 用户:%sSELinux 用户名SELinux 用户:%sSELinux 用户名SELinux 用户SELinux 布尔值SELinux fcontextSELinux 文件类型:%sSELinux 名称:%sSELinux 节点类型是必选的没有管理 SELinux 策略或者无法访问存储。已在策略中定义了 SELinux 用户 %s,无法将其删除。未定义 SELinux 用户 %s需要 SELinux 用户 '%s'沙箱保存到更新保存更新选择如果应将端口类型分配为 tcp 端口号则请选择 <b>tcp</b>。如果应将端口类型分配为 tcp 端口号则请选择 <b>udp</b>。如果您要将这个标签应用到指定目录路径中的所有子文件中,请选择生成路径递,以便该目录中的所有项目都使用这个标签。选择管理对象选择端口如果要使用这个用户管理作为 root 运行的机器,则请选择 Root 管理员用户角色。这个用户将无法直接登录到该系统。选择 %s 要转换成的程序域。选择要生成策略文件的目录选择受限制的应用程序拥有和写入的目录选择域选择要限制的可执行文件选择要删除的文件等价标签。应用更新时将删除文件等价标签。选择要删除的文件标签。应用更新时将删除文件标签。选择受限制的应用程序生成或者写入的文件如果您要在下次重启时重新标记整个系统则请选择此选项。重新标记需要一些时间,具体要看系统的大小。如果您要将策略类型从 disabled 改为 enforcing,就需要重新标记。选择要限制的 init 脚本文件。选择要删除的登录用户映射。应用更新时将删除登录用户映射。选择要删除的端口。应用更新时将删除端口。选择要为其分配这个登录用户的 SELinux 用户。默认情况下登录用户由 __default__ user 分配。选择要为这个路径分配的 SELinux 文件类型。选择您希望这个用户管理的域。选择要应用此标签的文件类型。默认为所有等级。选择您要为指定端口号分配的端口类型。为当前会话选择系统模式系统首次引导时选择文件模式选择要转换到 %s 域的用户角色。选择要转换成这个程序域的用户角色。选择要删除的用户映射。应用更新时将删除用户映射。选择......Selinux 文件类型Semanage 事务进行中Semanage 事务未进行发送审核信息送电子邮件服务设置脚本只显示修改的只显示错误标记的文件显示为这个 SELinux 类型定义的端口抱歉,可能会在 SELinux  MLS 支持中使用 -l。
对不起,newrole 无法取消功能
newrole 只可以在一个 SELinux 内核中使用。
抱歉,run_init 可能只能用于 SELinux 内核。
源域Spec 文件这次那个新的 SELinux 用户名称。通常 SELinux 用户名称以 _u 结尾。为这个用户指定用来登录的 MLS 范围。默认为所选 SELinux 用户 MLS 范围。指定您希望这个 SELinux 用户登录的默认级别。默认为 s0。指定新路径与对等路径之间的映射。新路径中的所有内容如果也在对等路径中,则都将被标记。指定您要修改标签的正则表达式路径。标准初始化守护进程标准初始化守护进程是那些通过 init 脚步启动的守护进程。通常需要在 /etc/rc.d/init.d 中有一个脚本。状态状态子网前缀是必需的Subnet_Prefix替换 %s 无效。替换不能以 '/' 结尾。支持 NFS 主目录支持 SAMBA 主目录支持 X 用户控件对象管理器支持 ecryptfs 主目录支持 fusefs 主目录系统系统默认 Enforcing 模式系统默认策略类型:文件策略类型:系统状态:已禁用系统状态:Enforcing系统状态:Permissive目标 %s 无效。目标不能以 ‘/’ 结尾。目标域条目 '%s' 是无效路径。路径必须以 '/' 开始。该条目未正确输入。请使用 ex:/.../... 格式再试一次。sepolgen python 模块需要设置允许的域。
在有些发行本中是包含的 policycoreutils-devel 软件包中。
# yum install policycoreutils-devel
或者您使用的发行本中的类似命令。这个用户通过 X 或者终端登录到某台机器。默认情况下这个用户将没有 setuid、联网、su、sudo 权限。这个用户将使用终端或者远程登录登录某台机器。默认情况下这个用户将没有 setuid、联网、su、sudo 权限。要禁用这个转换,请进入要启用这个转换请进入要激活这个策略包,执行:在自定义布尔值和全部布尔值之间切换在自定义接口和所有接口之间切换在自定义文件上下文和全部文件上下文之间切换转换类型类型 %s 无效,必须是文件或设备类型类型 %s 无效,必须是一个 ibpkey 类型类型 %s 无效,必须是节点类型类型 %s 无效,必须是端口类型类型 %s 无效,需要是一个 ibendport 类型当前策略中已经定义类型 %s_t。要继续吗?输入强制文件需要填写类型字段需要类型类型使用方法:run_init <script> <args ...>
  其中:<script> 是要运行的初始脚本名,
         <args ...> 是这个脚本的参数。USER 类型自动为 tmp 类型无法为 new_context 分配内存无法清除系统环境
无法获得空信号
无法恢复系统环境,中止
无法恢复 tty label...
无法设置 SIGHUP handler
统一让 HTTPD 处理所有内容文件。统一让 HTTPD 与终端沟通。在终端为证书输入密码短语时需要。未知或者缺少协议未保留的端口 (>1024)更新更新更改使用 %s -L用法 %s -L -l 用户...用法 %s -d File ...用法 %s -l -d 用户...使用方法 %s -l CATEGORY 用户 ...用法 %s -l [[+|-]CATEGORY],...] 用户 ...用法 %s CATEGORY 文件……用法 %s [[+|-]CATEGORY],...] 文件 ...使用 -- 来结束选项列表。例如用户程序用户程序是您要控制的由某个用户启动的任意应用程序用户映射用户角色不能讲用户角色类型设定为 executable用户可完全联网,没有不转换的 setuid 应用程序,没有 sudo,可以 sudo 为 Root 管理员角色。用户可完全联网,没有不转换的 setuid 应用程序,没有 sudo,没有 su。用户使用 Pam 验证使用 dbus使用 nsswitch 或者 getpw* 调用有效类型:
验证名称版本错误!不能检索 tty 信息。
警告!无法为 %s 恢复上下文
网页应用程序/脚本 (CGI)网页应用程序/脚本 (CGI) CGI 脚本由网页服务器 (apache) 启动。使用这个标签,需要在文件上下文文件以及 policy.xml 文件中包含可替换 root 路径可写入文件写入 syslog 信息是您要关闭该程序而不进行任何更改。
* 要应用您在此会话中进行的更改,请点击否,并点击更新。
* 要让程序不采用您所做的更改,请点击是。这样您将丢失所有您在此会话中进行的更改。无法定义模块名称。添加的名称必须以字母和数字组成,且不能有空格。您必须至少为 %s 添加一个角色您必须输入 executable您必须在您 '%s' 的策略模块输入一个名称。您必须输入一个有效的策略类型您必须输入要限制进程的可执行路径您必须运行 /usr/bin/sepolgen-ifgen 创新生成接口信息您必须选择一个用户您必需指定以下值之一:%s您需要定义一个新类型,其结尾为:
%s您需要安装 policycoreutils-gui 软件包使用该 gui 选项删除(_D)属性(_P)全部所有文件所有文件
常规文件
目录
字符设备
块设备
插槽
符号链接
命名的管道
允许基于验证的主机密钥允许 staff 用户创建和转换 svirt 域。允许未限定用户在运行 chrome 沙箱时转换到 chrome 沙箱域应用程序验证失败。
块设备获取描述的布尔值无法在 passwd 文件中找到有效条目。
字符设备chcat -- -CompanyConfidential /docs/businessplan.odtchcat -l +CompanyConfidential juser命令连接目录不允许类似 newrole 的程序转换到管理用户域。dontaudit 需为 'on' 或者 'off'读取 PAM 服务配置时出错。
可执行要限制的可执行文件使用级别 %s 构建新范围失败
将新上下文转换为字符串失败
执行 shell 失败
获取帐户信息失败
获得新上下文失败。
获得 old_context 失败。
初始化 PAM 失败
设置 PAM_TTY 失败
设定新范围 %s 失败
设置新角色 %s 失败
设置新类型 %s 失败
获取所有布尔值描述getpass 不能打开 /dev/tty
ibendport %s/%s 已定义ibendport %s/%s 在策略中定义,不能删除ibendport %s/%s 没有定义ibpkey %s/%s 已定义ibpkey %s/%s 在策略中定义,不能删除ibpkey %s/%s 没有定义label37label38label39label41label42label44label50label59列出所有 SELinux 端口类型侦听进入的连接manage_krb5_rcache 必须是一个布尔值生成策略的名称man 手册对应的操作系统名称命名的管道newrole:  %s: 错误发生在第 %lu 行。
newrole:fork 失败:%snewrole:%s 的密码不正确
newrole: 服务名配置散列表溢出
关开保存生成的 SELinux man page 的路径保存生成的 SELinux 策略文件的路径需要写入到受限制进程的路径查询 SELinux 策略查看布尔值描述查询 SELinux 策略看看如何将源进程域转换为目标进程域查询 SELinux 策略看看域之间是否互相联络单选按钮常规文件角色标签run_init: %s 的密码不正确
生成 sepolicy:错误:需要参数 %s 之一显示与该端口关联的 SELinux 类型显示这个程序可绑定和(/或者)连接的端口显示这个域可捆绑和(/或者)连接的端口套接字文件源进程域符号链接system-config-selinux目标进程域tcp转换 
角色标签译者类型udp未知usage:  %s [-qi]
use_kerberos 必须是一个布尔值use_resolve 必须是一个布尔值use_syslog 必须是一个布尔值可写入

Zerion Mini Shell 1.0