# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2008-11-16 01:20+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" #: ../src/allow_cvs_read_shadow.py:28 msgid "" "\n" " SELinux prevented the CVS application from reading the shadow password " "file.\n" " " msgstr "" #: ../src/allow_cvs_read_shadow.py:32 msgid "" "\n" " SELinux prevented the CVS application from reading the shadow password " "file.\n" " The CVS application requires this access when it is configured for " "direct\n" " connection (i.e., pserver) and to authenticate to the system password / " "shadow\n" " files without PAM. It is possible that this access request signals an " "intrusion\n" " attempt.\n" "\n" " It is recommended that CVS be configured to use PAM, authenticate to a " "separate\n" " user file, or use another protocol (e.g., ssh) instead of allowing this " "access.\n" " See the CVS manual for more details on why this access is potentially " "insecure\n" " (http://" "ximbiot.com/cvs/manual/cvs-1.11.22/cvs_2.html).\n" " " msgstr "" #: ../src/allow_cvs_read_shadow.py:45 #: ../src/allow_postfix_local_write_mail_spool.py:43 #: ../src/httpd_unified.py:50 ../src/read_default_t.py:43 #: ../src/use_nfs_home_dirs.py:46 ../src/use_samba_home_dirs.py:45 msgid "" "\n" " Changing the \"$BOOLEAN\" boolean to true will allow this access:\n" " \"setsebool -P $BOOLEAN=1\"\n" " " msgstr "" #: ../src/allow_cvs_read_shadow.py:60 msgid "CVS" msgstr "" #: ../src/allow_daemons_dump_core.py:28 msgid "" "\n" " SELinux prevented $SOURCE from writing $TARGET_PATH.\n" " " msgstr "" #: ../src/allow_daemons_dump_core.py:32 msgid "" "\n" " SELinux prevented $SOURCE from writing $TARGET_PATH. \n" " If $TARGET_PATH is a core file, you may want to allow this. If " "$TARGET_PATH is not a core file, this could signal a intrusion attempt.\n" " " msgstr "" #: ../src/allow_daemons_dump_core.py:37 ../src/allow_daemons_use_tty.py:43 #: ../src/allow_ftpd_use_cifs.py:45 ../src/allow_gssd_read_tmp.py:38 #: ../src/allow_java_execstack.py:42 ../src/allow_kerberos.py:39 #: ../src/allow_mount_anyfile.py:43 ../src/allow_mplayer_execstack.py:43 #: ../src/allow_ypbind.py:41 ../src/fcron_crond.py:39 #: ../src/ftpd_is_daemon.py:41 ../src/global_ssp.py:43 #: ../src/httpd_use_cifs.py:46 ../src/httpd_use_nfs.py:46 msgid "" "\n" " Changing the \"$BOOLEAN\" boolean to true will allow this access:\n" " \"setsebool -P $BOOLEAN=1.\"\n" " " msgstr "" #: ../src/allow_daemons_use_tty.py:29 msgid "" "\n" " SELinux prevented $SOURCE from using the terminal $TARGET_PATH.\n" " " msgstr "" #: ../src/allow_daemons_use_tty.py:33 msgid "" "\n" " SELinux prevented $SOURCE from using the terminal $TARGET_PATH.\n" " In most cases daemons do not need to interact with the terminal, " "usually\n" " these avc messages can be ignored. All of the confined daemons should\n" " have dontaudit rules around using the terminal. Please file a bug\n" " report against this selinux-policy. If you would like to allow all\n" " daemons to interact with the terminal, you can turn on the $BOOLEAN " "boolean.\n" " " msgstr "" #: ../src/allow_execheap.py:27 msgid "" "\n" " SELinux is preventing $SOURCE from changing the access\n" " protection of memory on the heap.\n" " " msgstr "" #: ../src/allow_execheap.py:32 msgid "" "\n" " The $SOURCE application attempted to change the access protection of " "memory on\n" " the heap (e.g., allocated using malloc). This is a potential security\n" " problem. Applications should not be doing this. Applications are\n" " sometimes coded incorrectly and request this permission. The\n" " SELinux " "Memory Protection Tests\n" " web page explains how to remove this requirement. If $SOURCE does not " "work and\n" " you need it to work, you can configure SELinux temporarily to allow\n" " this access until the application is fixed. Please file a bug\n" " report against this package.\n" " " msgstr "" #: ../src/allow_execheap.py:45 msgid "" "\n" " If you want $SOURCE to continue, you must turn on the\n" " $BOOLEAN boolean. Note: This boolean will affect all applications\n" " on the system.\n" " " msgstr "" #. MATCH #: ../src/allow_execheap.py:60 ../src/allow_execmem.py:59 #: ../src/allow_execmod.py:59 ../src/allow_execstack.py:68 msgid "Memory" msgstr "" #: ../src/allow_execmem.py:26 msgid "" "\n" " SELinux is preventing $SOURCE from changing a writable memory segment " "executable.\n" " " msgstr "" #: ../src/allow_execmem.py:30 msgid "" "\n" " The $SOURCE application attempted to change the access protection\n" " of memory (e.g., allocated using malloc). This is a potential\n" " security problem. Applications should not be doing this. Applications\n" " are sometimes coded incorrectly and request this permission. The\n" " SELinux " "Memory Protection Tests\n" " web page explains how to remove this requirement. If $SOURCE does not " "work and you\n" " need it to work, you can configure SELinux temporarily to allow this\n" " access until the application is fixed. Please file a bug\n" " report against this package.\n" " " msgstr "" #: ../src/allow_execmem.py:43 msgid "" "\n" " If you trust $SOURCE to run correctly, you can change the context\n" " of the executable to unconfined_execmem_exec_t.\n" " \"chcon -t unconfined_execmem_exec_t '$SOURCE_PATH'\".\n" " You must also change the default file context files on the system in " "order to preserve them even on a full relabel. \"semanage fcontext -a -t " "unconfined_execmem_exec_t '$SOURCE_PATH'\"\n" " " msgstr "" #: ../src/allow_execmod.py:26 msgid "" "\n" " SELinux is preventing $SOURCE from loading $TARGET_PATH which requires " "text relocation.\n" " " msgstr "" #: ../src/allow_execmod.py:30 msgid "" "\n" " The $SOURCE application attempted to load $TARGET_PATH which\n" " requires text relocation. This is a potential security problem.\n" " Most libraries do not need this permission. Libraries are\n" " sometimes coded incorrectly and request this permission. The\n" " SELinux " "Memory Protection Tests\n" " web page explains how to remove this requirement. You can configure\n" " SELinux temporarily to allow $TARGET_PATH to use relocation as a\n" " workaround, until the library is fixed. Please file a \n" " bug " "report\n" " against this package.\n" " " msgstr "" #: ../src/allow_execmod.py:43 msgid "" "\n" " If you trust $TARGET_PATH to run correctly, you can change the\n" " file context to textrel_shlib_t. \"chcon -t textrel_shlib_t\n" " '$TARGET_PATH'\"\n" " You must also change the default file context files on the system in " "order to preserve them even on a full relabel. \"semanage fcontext -a -t " "textrel_shlib_t '$TARGET_PATH'\"\n" " \n" " " msgstr "" #: ../src/allow_execstack.py:26 msgid "" "\n" " SELinux is preventing $SOURCE from making the program stack executable.\n" " " msgstr "" #: ../src/allow_execstack.py:30 msgid "" "\n" " The $SOURCE application attempted to make its stack\n" " executable. This is a potential security problem. This should\n" " never ever be necessary. Stack memory is not executable on most\n" " OSes these days and this will not change. Executable stack memory\n" " is one of the biggest security problems. An execstack error might\n" " in fact be most likely raised by malicious code. Applications are\n" " sometimes coded incorrectly and request this permission. The\n" " SELinux " "Memory Protection Tests\n" " web page explains how to remove this requirement. If $SOURCE does not\n" " work and you need it to work, you can configure SELinux\n" " temporarily to allow this access until the application is fixed. Please " "file a bug\n" " report against this package.\n" " " msgstr "" #: ../src/allow_execstack.py:46 msgid "" "\n" " Sometimes a library is accidentally marked with the execstack flag,\n" " if you find a library with this flag you can clear it with the\n" " execstack -c LIBRARY_PATH. Then retry your application. If the\n" " app continues to not work, you can turn the flag back on with\n" " execstack -s LIBRARY_PATH. Otherwise, if you trust $SOURCE to\n" " run correctly, you can change the context of the executable to\n" " unconfined_execmem_exec_t. \"chcon -t unconfined_execmem_exec_t\n" " '$SOURCE_PATH'\"\n" " You must also change the default file context files on the system in " "order to preserve them even on a full relabel. \"semanage fcontext -a -t " "unconfined_execmem_exec_t '$SOURCE_PATH'\"\n" " \n" " " msgstr "" #: ../src/allow_ftpd_anon_write.py:26 msgid "" "\n" " SELinux policy is preventing the ftp daemon from writing to a public\n" " directory.\n" " " msgstr "" #: ../src/allow_ftpd_anon_write.py:31 msgid "" "\n" " SELinux policy is preventing the ftp daemon from writing to a public\n" " directory. If ftpd is not setup to allow anonymous writes, this\n" " could signal a intrusion attempt.\n" " " msgstr "" #: ../src/allow_ftpd_anon_write.py:37 msgid "" "\n" " If the ftp daemon should be allowed to write to this directory you need " "to turn\n" " on the $BOOLEAN boolean and change the file context of\n" " the public directory to public_content_rw_t. Read the ftpd_selinux\n" " man page for further information:\n" " \"setsebool -P $BOOLEAN=1; chcon -t public_content_rw_t \"\n" " " msgstr "" #: ../src/allow_ftpd_anon_write.py:56 ../src/allow_ftpd_full_access.py:55 #: ../src/allow_ftpd_use_cifs.py:76 ../src/allow_ftpd_use_cifs.py:83 #: ../src/allow_ftpd_use_nfs.py:76 ../src/allow_ftpd_use_nfs.py:83 #: ../src/ftpd_is_daemon.py:70 ../src/ftpd_is_daemon.py:82 #: ../src/ftp_home_dir.py:54 msgid "FTP" msgstr "" #: ../src/allow_ftpd_full_access.py:28 msgid "" "\n" " SELinux is preventing the ftp daemon from writing files outside the home " "directory ($TARGET_PATH).\n" " " msgstr "" #: ../src/allow_ftpd_full_access.py:32 msgid "" "\n" " SELinux has denied the ftp daemon write access to directories outside\n" " the home directory ($TARGET_PATH). Someone has logged in via\n" " your ftp daemon and is trying to create or write a file. If you only " "setup\n" " ftp to allow anonymous ftp, this could signal a intrusion attempt.\n" " " msgstr "" #: ../src/allow_ftpd_full_access.py:39 msgid "" "\n" " If you do not want SELinux preventing ftp from writing files anywhere " "on\n" " the system you need to turn on the $BOOLEAN boolean: \"setsebool -P\n" " $BOOLEAN=1\"\n" " " msgstr "" #: ../src/allow_ftpd_use_cifs.py:28 msgid "" "\n" " SELinux prevented the ftp daemon from $ACCESS files stored on a CIFS " "filesytem.\n" " " msgstr "" #: ../src/allow_ftpd_use_cifs.py:32 msgid "" "\n" " SELinux prevented the ftp daemon from $ACCESS files stored on a CIFS " "filesystem.\n" " CIFS (Comment Internet File System) is a network filesystem similar to\n" " SMB (http://www." "microsoft.com/mind/1196/cifs.asp)\n" " The ftp daemon attempted to read one or more files or directories from\n" " a mounted filesystem of this type. As CIFS filesystems do not support\n" " fine-grained SELinux labeling, all files and directories in the\n" " filesystem will have the same security context.\n" " \n" " If you have not configured the ftp daemon to read files from a CIFS " "filesystem\n" " this access attempt could signal an intrusion attempt.\n" " " msgstr "" #: ../src/allow_ftpd_use_cifs.py:52 msgid "" " Changing the \"$BOOLEAN\" and\n" " \"$WRITE_BOOLEAN\" booleans to true will allow this access:\n" " \"setsebool -P $BOOLEAN=1 $WRITE_BOOLEAN=1\".\n" " warning: setting the \"$WRITE_BOOLEAN\" boolean to true will\n" " allow the ftp daemon to write to all public content (files and\n" " directories with type public_content_t) in addition to writing to\n" " files and directories on CIFS filesystems. " msgstr "" #: ../src/allow_ftpd_use_nfs.py:28 msgid "" "\n" " SELinux prevented the ftp daemon from $ACCESS files stored on a NFS " "filesytem.\n" " " msgstr "" #: ../src/allow_ftpd_use_nfs.py:32 msgid "" "\n" " SELinux prevented the ftp daemon from $ACCESS files stored on a NFS " "filesystem.\n" " NFS (Network Filesystem) is a network filesystem commonly used on Unix / " "Linux\n" " systems.\n" " \n" " The ftp daemon attempted to read one or more files or directories from\n" " a mounted filesystem of this type. As NFS filesystems do not support\n" " fine-grained SELinux labeling, all files and directories in the\n" " filesystem will have the same security context.\n" " \n" " If you have not configured the ftp daemon to read files from a NFS " "filesystem\n" " this access attempt could signal an intrusion attempt.\n" " " msgstr "" #: ../src/allow_ftpd_use_nfs.py:46 msgid "" "\n" " Changing the \"allow_ftpd_use_nfs\" boolean to true will allow this " "access:\n" " \"setsebool -P allow_ftpd_use_nfs=1.\"\n" " " msgstr "" #: ../src/allow_ftpd_use_nfs.py:53 msgid "" " Changing the \"allow_ftpd_use_nfs\" and\n" " \"$WRITE_BOOLEAN\" booleans to true will allow this access:\n" " \"setsebool -P allow_ftpd_use_nfs=1 $WRITE_BOOLEAN=1\".\n" " warning: setting the \"$WRITE_BOOLEAN\" boolean to true will\n" " allow the ftp daemon to write to all public content (files and\n" " directories with type public_content_t) in addition to writing to\n" " files and directories on NFS filesystems. " msgstr "" #: ../src/allow_gssd_read_tmp.py:28 msgid "" "\n" " SELinux prevented the gss daemon from reading unprivileged user " "temporary files.\n" " " msgstr "" #: ../src/allow_gssd_read_tmp.py:32 msgid "" "SELinux prevented the gss daemon from\n" " reading unprivileged user temporary files (e.g., files in /tmp). " "Allowing this\n" " access is low risk, but if you have not configured the gss daemon to\n" " read these files this access request could signal an intrusion\n" " attempt." msgstr "" #: ../src/allow_gssd_read_tmp.py:55 ../src/allow_kerberos.py:53 #: ../src/allow_saslauthd_read_shadow.py:57 ../src/allow_ypbind.py:55 msgid "Authorization" msgstr "" #: ../src/allow_httpd_anon_write.py:26 msgid "" "\n" " SELinux policy is preventing the http daemon from writing to a public\n" " directory.\n" " " msgstr "" #: ../src/allow_httpd_anon_write.py:31 msgid "" "\n" " SELinux policy is preventing the http daemon from writing to a public\n" " directory. If httpd is not setup to write to public directories, this\n" " could signal a intrusion attempt.\n" " " msgstr "" #: ../src/allow_httpd_anon_write.py:37 msgid "" "\n" " If httpd should be allowed to write to this directory you need to turn\n" " on the $BOOLEAN boolean and change the file context of\n" " the public directory to public_content_rw_t. Read the httpd_selinux\n" " man page for further information:\n" " \"setsebool -P $BOOLEAN=1; chcon -t public_content_rw_t \"\n" " " msgstr "" #: ../src/allow_httpd_anon_write.py:56 #: ../src/allow_httpd_sys_script_anon_write.py:54 #: ../src/httpd_builtin_scripting.py:52 #: ../src/httpd_can_network_connect_db.py:54 #: ../src/httpd_can_network_connect.py:60 ../src/httpd_can_network_relay.py:56 #: ../src/httpd_enable_cgi.py:55 ../src/httpd_enable_ftp_server.py:53 #: ../src/httpd_enable_homedirs.py:51 ../src/httpd_ssi_exec.py:53 #: ../src/httpd_tty_comm.py:55 ../src/httpd_unified.py:69 #: ../src/httpd_unified.py:76 ../src/httpd_unified.py:83 #: ../src/httpd_use_cifs.py:63 ../src/httpd_use_nfs.py:63 msgid "Web Server" msgstr "" #: ../src/allow_httpd_sys_script_anon_write.py:26 msgid "" "\n" " SELinux policy is preventing an httpd script from writing to a public\n" " directory.\n" " " msgstr "" #: ../src/allow_httpd_sys_script_anon_write.py:31 msgid "" "\n" " SELinux policy is preventing an httpd script from writing to a public\n" " directory. If httpd is not setup to write to public directories, this\n" " could signal a intrusion attempt.\n" " " msgstr "" #: ../src/allow_httpd_sys_script_anon_write.py:37 msgid "" "\n" " If httpd scripts should be allowed to write to public directories you " "need to turn on the $BOOLEAN boolean and change the file context of the " "public directory to public_content_rw_t. Read the httpd_selinux\n" " man page for further information:\n" " \"setsebool -P $BOOLEAN=1; chcon -t public_content_rw_t \"\n" " " msgstr "" #: ../src/allow_java_execstack.py:29 msgid "" "\n" " SELinux prevented a java plugin ($SOURCE_TYPE) from making the stack " "executable.\n" " " msgstr "" #: ../src/allow_java_execstack.py:33 msgid "" "\n" " SELinux prevented the java plugin ($SOURCE_TYPE) from making the stack\n" " executable. An executable stack should not be required by any\n" " software (see SELinux Memory Protection Tests\n" " for more information). However, some versions of the Java plugin are " "known\n" " to require this access to work properly. You should check for updates\n" " to the software before allowing this access.\n" " " msgstr "" #: ../src/allow_java_execstack.py:57 msgid "Java" msgstr "" #: ../src/allow_kerberos.py:28 msgid "" "\n" " SELinux prevented $SOURCE from using kerberos.\n" " " msgstr "" #: ../src/allow_kerberos.py:32 msgid "" "\n" " SELinux prevented $SOURCE from using kerberos for\n" " authentication. If you have configured the system to use kerberos\n" " this access is expected but is not currently allowed by\n" " SELinux. Otherwise this access may signal an intrusion.\n" " " msgstr "" #: ../src/allow_mount_anyfile.py:28 ../src/mounton.py:28 msgid "" "\n" " SELinux prevented $SOURCE from mounting on the file or directory\n" " \"$TARGET_PATH\" (type \"$TARGET_TYPE\").\n" " " msgstr "" #: ../src/allow_mount_anyfile.py:33 msgid "" "\n" " SELinux prevented $SOURCE from mounting a filesystem on the file\n" " or directory \"$TARGET_PATH\" of type \"$TARGET_TYPE\". By default\n" " SELinux limits the mounting of filesystems to only some files or\n" " directories (those with types that have the mountpoint attribute). The\n" " type \"$TARGET_TYPE\" does not have this attribute. You can either\n" " relabel the file or directory or set the boolean \"$BOOLEAN\" to true " "to\n" " allow mounting on any file or directory.\n" " " msgstr "" #: ../src/allow_mount_anyfile.py:59 ../src/allow_nfsd_anon_write.py:55 #: ../src/nfs_export_all_ro.py:52 ../src/nfs_export_all_rw.py:49 #: ../src/samba_export_all_ro.py:53 ../src/samba_export_all_rw.py:50 #: ../src/use_nfs_home_dirs.py:63 ../src/use_nfs_home_dirs.py:69 msgid "File System" msgstr "" #: ../src/allow_mplayer_execstack.py:30 msgid "" "\n" " SELinux prevented a mplayer plugin ($SOURCE_TYPE) from making the stack " "executable.\n" " " msgstr "" #: ../src/allow_mplayer_execstack.py:34 msgid "" "\n" " SELinux prevented the mplayer plugin ($SOURCE_TYPE) from making the " "stack\n" " executable. An executable stack should not be required by any\n" " software (see SELinux Memory Protection Tests\n" " for more information). However, some versions of the mplayer plugin are " "known\n" " to require this access to work properly. You should check for updates\n" " to the software before allowing this access.\n" " " msgstr "" #: ../src/allow_mplayer_execstack.py:58 msgid "Media" msgstr "" #: ../src/allow_nfsd_anon_write.py:26 msgid "" "\n" " SELinux is preventing the nfs daemon from allowing clients to write to " "public directories.\n" " " msgstr "" #: ../src/allow_nfsd_anon_write.py:30 msgid "" "\n" " SELinux has preventing the nfs daemon (nfsd) from writing to\n" " directories marked as public. Usually these directories are\n" " shared between multiple network daemons, like nfs, apache, ftp\n" " etc. If you have not exported any public file systems for\n" " writing, this could signal an intrusion.\n" " " msgstr "" #: ../src/allow_nfsd_anon_write.py:38 msgid "" "\n" " If you want to export a public file systems using nfs you need to\n" " turn on the $BOOLEAN boolean: \"setsebool -P\n" " $BOOLEAN=1\".\n" " " msgstr "" #: ../src/allow_postfix_local_write_mail_spool.py:28 msgid "" "\n" " SELinux prevented $SOURCE from $ACCESS files stored mail spool " "directory.\n" " " msgstr "" #: ../src/allow_postfix_local_write_mail_spool.py:32 msgid "" "\n" " SELinux prevented $SOURCE from $ACCESS files stored in the mail spool " "directory.\n" " \n" " $SOURCE attempted to write one or more files or directories, postfix\n" " ordinarily does not need this access. However it can be setup to " "allow \n" " this. \n" "\n" " If you have not configured $SOURCE to write to the mail spool\n" " this access attempt could signal an intrusion attempt.\n" " " msgstr "" #: ../src/allow_postfix_local_write_mail_spool.py:62 msgid "Mail" msgstr "" #: ../src/allow_rsync_anon_write.py:26 msgid "" "\n" " SELinux policy is preventing the rsync daemon from writing to a public\n" " directory.\n" " " msgstr "" #: ../src/allow_rsync_anon_write.py:31 msgid "" "\n" " SELinux policy is preventing the rsync daemon from writing to a public\n" " directory. If rsync is not setup to allow anonymous writes, this\n" " could signal a intrusion attempt.\n" " " msgstr "" #: ../src/allow_rsync_anon_write.py:37 msgid "" "\n" " If ftp should be allowed to write to this directory you need to turn\n" " on the $BOOLEAN boolean and change the file context of\n" " the public directory to public_content_rw_t. Read the rsync_selinux\n" " man page for further information:\n" " \"setsebool -P $BOOLEAN=1; chcon -t public_content_rw_t \"\n" " " msgstr "" #: ../src/allow_rsync_anon_write.py:56 msgid "RSYNC" msgstr "" #: ../src/allow_saslauthd_read_shadow.py:29 msgid "" "\n" " SELinux is preventing the sasl authentication server from reading the /" "etc/shadow file.\n" " " msgstr "" #: ../src/allow_saslauthd_read_shadow.py:33 msgid "" "\n" " SELinux has denied the sasl authentication daemon from reading the\n" " /etc/shadow file. If the sasl authentication daemon (saslauthd) is\n" " not setup to read the /etc/shadow, this could signals an\n" " intrusion.\n" " " msgstr "" #: ../src/allow_saslauthd_read_shadow.py:40 msgid "" "\n" " If you want the sasl authentication daemon to be able to read\n" " the /etc/shadow file change the $BOOLEAN boolean: \"setsebool -P\n" " $BOOLEAN=1\".\n" " " msgstr "" #: ../src/allow_smbd_anon_write.py:26 msgid "" "\n" " SELinux policy is preventing the samba daemon from writing to a public\n" " directory.\n" " " msgstr "" #: ../src/allow_smbd_anon_write.py:31 msgid "" "\n" " SELinux policy is preventing the samba daemon from writing to a public\n" " directory. If samba is not setup to allow anonymous writes, this\n" " could signal a intrusion attempt.\n" " " msgstr "" #: ../src/allow_smbd_anon_write.py:37 msgid "" "\n" " If ftp should be allowed to write to this directory you need to turn\n" " on the $BOOLEAN boolean and change the file context of\n" " the public directory to public_content_rw_t. Read the samba_selinux\n" " man page for further information:\n" " \"setsebool -P $BOOLEAN=1; chcon -t public_content_rw_t \"\n" " " msgstr "" #: ../src/allow_smbd_anon_write.py:56 ../src/samba_enable_home_dirs.py:54 #: ../src/samba_share_nfs.py:52 ../src/spamd_enable_home_dirs.py:53 #: ../src/use_samba_home_dirs.py:62 ../src/use_samba_home_dirs.py:68 #: ../src/use_samba_home_dirs.py:74 msgid "SAMBA" msgstr "" #: ../src/allow_ypbind.py:30 msgid "" "\n" " SELinux prevented $SOURCE from using NIS (yp).\n" " " msgstr "" #: ../src/allow_ypbind.py:34 msgid "" "\n" " SELinux prevented $SOURCE from using NIS (yp) for\n" " authentication. If you have configured the system to use NIS\n" " this access is expected but is not currently allowed by\n" " SELinux. Otherwise this access may signal an intrusion.\n" " " msgstr "" #: ../src/allow_zebra_write_config.py:26 msgid "" "\n" " SELinux is preventing the zebra daemon from writing its configurations " "files\n" " " msgstr "" #: ../src/allow_zebra_write_config.py:30 msgid "" "\n" " SELinux has denied the zebra daemon from writing out its\n" " configuration files. Ordinarily, zebra is not required to write\n" " its configuration files. If zebra was not setup to write the\n" " config files, this could signal a intrusion attempt.\n" " " msgstr "" #: ../src/allow_zebra_write_config.py:37 msgid "" "\n" " If you want to allow zebra to overwrite its configuration you must\n" " turn on the $BOOLEAN boolean: \"setsebool -P\n" " $BOOLEAN=1\"\n" " " msgstr "" #: ../src/allow_zebra_write_config.py:53 msgid "Zebra" msgstr "" #: ../src/automount_exec_config.py:28 msgid "" "\n" " SELinux is preventing the $SOURCE_PATH from executing potentially " "mislabeled files $TARGET_PATH ($TARGET_TYPE).\n" " " msgstr "" #: ../src/automount_exec_config.py:32 msgid "" "\n" " SELinux has denied the $SOURCE_PATH from executing potentially\n" " mislabeled files $TARGET_PATH. Automounter can be setup to execute\n" " configuration files, if $TARGET_PATH is an automount executable\n" " configuration file it needs to have a file label of bin_t.\n" " If automounter is trying to execute something that it is not supposed " "to, this could indicate an intrusion attack.\n" " " msgstr "" #: ../src/automount_exec_config.py:40 msgid "" "\n" " If you want to change the file context of $TARGET_PATH so that the " "automounter can execute it you can execute \"chcon -t bin_t $TARGET_PATH\". " "If you want this to survive a relabel, you need to permanently change the " "file context: execute \"semanage fcontext -a -t bin_t $TARGET_PATH\".\n" " " msgstr "" #. MATCH #: ../src/automount_exec_config.py:54 ../src/cvs_data.py:54 #: ../src/default.py:55 ../src/execute.py:57 ../src/file.py:51 #: ../src/filesystem_associate.py:52 ../src/httpd_bad_labels.py:56 #: ../src/home_tmp_bad_labels.py:54 ../src/mislabeled_file.py:55 #: ../src/prelink_mislabled.py:59 ../src/public_content.py:52 #: ../src/qemu_blk_image.py:52 ../src/qemu_file_image.py:56 #: ../src/restorecon.py:90 ../src/rsync_data.py:54 ../src/samba_share.py:55 #: ../src/swapfile.py:53 ../src/xen_image.py:56 msgid "File Label" msgstr "" #: ../src/bind_ports.py:26 ../src/inetd_bind_ports.py:26 msgid "" "\n" " SELinux is preventing the $SOURCE ($SOURCE_TYPE) from binding to port " "$PORT_NUMBER.\n" " " msgstr "" #: ../src/bind_ports.py:30 msgid "" "\n" " SELinux has denied the $SOURCE from binding to a network port " "$PORT_NUMBER which does not have an SELinux type associated with it.\n" " If $SOURCE is supposed to be allowed to listen on this port, you can use " "the semanage command to add this port to a port type that $SOURCE_TYPE can " "bind to. semanage port -l will list all port types. Please file a " "bug report " "against the selinux-policy package.\n" "If $SOURCE is not supposed\n" " to bind to this port, this could signal a intrusion attempt.\n" " If this system is running as an NIS Client, turning on the allow_ypbind " "boolean, may fix the problem. setsebool -P allow_ypbind=1.\n" " " msgstr "" #: ../src/bind_ports.py:38 msgid "" "\n" " If you want to allow $SOURCE to bind to this port\n" " semanage port -a -t PORT_TYPE -p PROTOCOL $PORT_NUMBER\n" " Where PORT_TYPE is a type that $SOURCE_TYPE can bind and PROTOCOL is udp " "or tcp.\n" " " msgstr "" #. MATCH #: ../src/bind_ports.py:55 ../src/connect_ports.py:53 #: ../src/inetd_bind_ports.py:54 ../src/user_tcp_server.py:54 msgid "Network Ports" msgstr "" #: ../src/catchall.py:29 msgid "" "\n" " SELinux is preventing $SOURCE ($SOURCE_TYPE) \"$ACCESS\" $TARGET_TYPE.\n" " " msgstr "" #: ../src/catchall.py:33 ../src/catchall_file.py:33 msgid "" "\n" "\n" " SELinux denied access requested by $SOURCE. It is not\n" " expected that this access is required by $SOURCE and this access\n" " may signal an intrusion attempt. It is also possible that the specific\n" " version or configuration of the application is causing it to require\n" " additional access.\n" "\n" " " msgstr "" #: ../src/catchall.py:43 msgid "" "\n" " You can generate a local policy module to allow this\n" " access - see FAQ\n" " Or you can disable SELinux protection altogether. Disabling\n" " SELinux protection is not recommended.\n" " Please file a bug report\n" " against this package.\n" " " msgstr "" #: ../src/catchall_boolean.py:31 ../src/catchall_file.py:29 #: ../src/mislabeled_file.py:26 ../src/public_content.py:26 #: ../src/restorecon.py:31 ../src/swapfile.py:26 msgid "" "\n" " SELinux is preventing $SOURCE ($SOURCE_TYPE) \"$ACCESS\" to $TARGET_PATH " "($TARGET_TYPE).\n" " " msgstr "" #: ../src/catchall_boolean.py:35 msgid "" "\n" "\n" " SELinux denied access requested by $SOURCE. The current boolean \n" " settings do not allow this access. If you have not setup $SOURCE to\n" " require this access this may signal an intrusion attempt. If you do " "intend \n" " this access you need to change the booleans on this system to allow \n" " the access.\n" " " msgstr "" #: ../src/catchall_boolean.py:44 msgid "" "\n" " Confined processes can be configured to to run requiring different " "access, SELinux provides booleans to allow you to turn on/off \n" " access as needed.\n" "\n" " " msgstr "" #: ../src/catchall_boolean.py:68 #, python-format msgid "One of the following booleans is set incorrectly: %s" msgstr "" #: ../src/catchall_boolean.py:70 msgid "Choose one of the following to allow access:
" msgstr "" #: ../src/catchall_boolean.py:76 #, python-format msgid "The boolean %s is set incorrectly. " msgstr "" #: ../src/catchall_boolean.py:77 #, python-format msgid "

Boolean Description:
%s

" msgstr "" #: ../src/catchall_file.py:43 msgid "" "\n" " Sometimes labeling problems can cause SELinux denials. You could try " "to\n" " restore the default system file context for $TARGET_PATH,\n" "

\n" " restorecon -v '$TARGET_PATH'\n" "

\n" " If this does not work, there is currently no automatic way to allow " "this\n" " access. Instead, you can generate a local policy module to allow this\n" " access - see FAQ\n" " Or you can disable SELinux protection altogether. Disabling\n" " SELinux protection is not recommended.\n" " Please file a bug report\n" " against this package.\n" " " msgstr "" #: ../src/connect_ports.py:26 msgid "" "\n" " SELinux is preventing the $SOURCE ($SOURCE_TYPE) from connecting to port " "$PORT_NUMBER.\n" " " msgstr "" #: ../src/connect_ports.py:30 msgid "" "\n" " SELinux has denied the $SOURCE from connecting to a network port " "$PORT_NUMBER which does not have an SELinux type associated with it.\n" " If $SOURCE is supposed to be allowed to connect on this port, you can " "use the semanage command to add this port to a port type that $SOURCE_TYPE " "can connect to. semanage port -L will list all port types. Please " "file a bug " "report against the selinux-policy package.\n" "If $SOURCE is not supposed\n" " to bind to this port, this could signal a intrusion attempt. \n" " " msgstr "" #: ../src/connect_ports.py:37 msgid "" "\n" " If you want to allow $SOURCE to connect to this port\n" " semanage port -a -t PORT_TYPE -p PROTOCOL $PORT_NUMBER\n" " Where PORT_TYPE is a type that $SOURCE_TYPE can connect.\n" " " msgstr "" #: ../src/cvs_data.py:26 msgid "" "\n" " SELinux is preventing cvs ($SOURCE) \"$ACCESS\" to $TARGET_PATH " "($TARGET_TYPE).\n" " " msgstr "" #: ../src/cvs_data.py:30 msgid "" "\n" " SELinux denied cvs access to $TARGET_PATH.\n" " If this is a CVS repository it has to have a file context label of\n" " cvs_data_t. If you did not intend to use $TARGET_PATH as a cvs " "repository\n" " it could indicate either a bug or it could signal a intrusion attempt.\n" " " msgstr "" #: ../src/cvs_data.py:37 msgid "" "\n" " You can alter the file context by executing chcon -R -t cvs_data_t " "'$TARGET_PATH'\n" " You must also change the default file context files on the system in " "order to preserve them even on a full relabel. \"semanage fcontext -a -t " "vcs_data_t '$TARGET_PATH'\"\n" " \n" " " msgstr "" #: ../src/default.py:26 msgid "" "\n" " SELinux is preventing access to files with the default label, " "default_t.\n" " " msgstr "" #: ../src/default.py:30 msgid "" "\n" " SELinux permission checks on files labeled default_t are being\n" " denied. These files/directories have the default label on them. This " "can\n" " indicate a labeling problem, especially if the files being referred\n" " to are not top level directories. Any files/directories under standard " "system directories, /usr,\n" " /var. /dev, /tmp, ..., should not be labeled with the default\n" " label. The default label is for files/directories which do not have a " "label on a\n" " parent directory. So if you create a new directory in / you might\n" " legitimately get this label.\n" " " msgstr "" #: ../src/default.py:41 msgid "" "\n" " If you want a confined domain to use these files you will probably\n" " need to relabel the file/directory with chcon. In some cases it is just\n" " easier to relabel the system, to relabel execute: \"touch\n" " /.autorelabel; reboot\"\n" " " msgstr "" #: ../src/device.py:28 ../src/stunnel_is_daemon.py:26 msgid "" "\n" " SELinux is preventing $SOURCE ($SOURCE_TYPE) \"$ACCESS\" access to " "device $TARGET_PATH. \n" " " msgstr "" #: ../src/device.py:32 msgid "" "\n" "\n" " SELinux has denied the $SOURCE ($SOURCE_TYPE) \"$ACCESS\" access to " "device $TARGET_PATH.\n" " $TARGET_PATH is mislabeled, this device has the default label of the /" "dev directory, which should not\n" " happen. All Character and/or Block Devices should have a label.\n" "\n" " You can attempt to change the label of the file using\n" "\n" " restorecon -v '$TARGET_PATH'.\n" "\n" " If this device remains labeled device_t, then this is a bug in SELinux " "policy.\n" "\n" " Please file a bug report\n" " against the selinux-policy package.\n" "\n" " If you look at the other similar devices labels, ls -lZ /dev/SIMILAR, " "and find a type that would work for $TARGET_PATH,\n" " you can use chcon -t SIMILAR_TYPE '$TARGET_PATH', If this fixes the " "problem, you can make this permanent by executing\n" " semanage fcontext -a -t SIMILAR_TYPE '$TARGET_PATH'\n" "\n" " If the restorecon changes the context, this indicates that the " "application that created the device, created it without\n" " using SELinux APIs. If you can figure out which application created the " "device, please file a bug report\n" " against this application.\n" " \n" " " msgstr "" #: ../src/device.py:57 msgid "" "\n" " Attempt restorecon -v '$TARGET_PATH' or chcon -t SIMILAR_TYPE " "'$TARGET_PATH'\n" " " msgstr "" #: ../src/execute.py:24 msgid "" "\n" " SELinux is preventing the $SOURCE ($SOURCE_TYPE) from executing " "$TARGET_PATH.\n" " " msgstr "" #: ../src/execute.py:28 msgid "" "\n" " SELinux has denied the $SOURCE from executing $TARGET_PATH.\n" " If $SOURCE is supposed to be able to execute $TARGET_PATH, this could be " "a labeling problem. Most confined domains are allowed to execute files " "labeled bin_t. So you could change the labeling on this file to bin_t and " "retry the application. If this $SOURCE is not supposed to execute " "$TARGET_PATH, this could signal a intrusion attempt. \n" " " msgstr "" #: ../src/execute.py:33 msgid "" "\n" " If you want to allow $SOURCE to execute $TARGET_PATH:\n" " \n" " chcon -t bin_t '$TARGET_PATH'\n" "\n" " If this fix works, please update the file context on disk, with the " "following command:\n" "\n" " semanage fcontext -a -t bin_t '$TARGET_PATH'\n" "\n" " Please specify the full path to the executable, Please file a bug\n" " report against this selinux-policy to make sure this becomes the " "default labeling. \n" " " msgstr "" #: ../src/fcron_crond.py:28 msgid "" "\n" " SELinux prevented $SOURCE from accessing the cron spool file.\n" " " msgstr "" #: ../src/fcron_crond.py:32 msgid "" "\n" " SELinux prevented $SOURCE from accessing the cron spool file.\n" " This is access is normally needed when using fcron as a cron daemon\n" " (http://fcron.free.fr). If you are " "using fcron you should allow this\n" " access. Otherwise this access attempt may signal an intrusion attempt.\n" " " msgstr "" #: ../src/fcron_crond.py:56 msgid "CRON" msgstr "" #: ../src/file.py:26 msgid "" "\n" " SELinux is preventing access to files with the label, file_t.\n" " " msgstr "" #: ../src/file.py:30 msgid "" "\n" " SELinux permission checks on files labeled file_t are being\n" " denied. file_t is the context the SELinux kernel gives to files\n" " that do not have a label. This indicates a serious labeling\n" " problem. No files on an SELinux box should ever be labeled file_t.\n" " If you have just added a new disk drive to the system you can\n" " relabel it using the restorecon command. Otherwise you should\n" " relabel the entire files system.\n" " " msgstr "" #: ../src/file.py:40 msgid "" "\n" " You can execute the following command as root to relabel your\n" " computer system: \"touch /.autorelabel; reboot\"\n" " " msgstr "" #: ../src/filesystem_associate.py:27 msgid "" "\n" " SELinux is preventing $SOURCE from creating a file with a context of " "$SOURCE_TYPE on a filesystem.\n" " " msgstr "" #: ../src/filesystem_associate.py:31 msgid "" "\n" " SELinux is preventing $SOURCE from creating a file with a context of " "$SOURCE_TYPE on a filesystem.\n" " Usually this happens when you ask the cp command to maintain the context " "of a file when\n" " copying between file systems, \"cp -a\" for example. Not all file " "contexts should be maintained\n" " between the file systems. For example, a read-only file type like " "iso9660_t should not be placed\n" " on a r/w system. \"cp -P\" might be a better solution, as this will " "adopt the default file context\n" " for the destination. \n" " " msgstr "" #: ../src/filesystem_associate.py:40 msgid "" "\n" " Use a command like \"cp -P\" to preserve all permissions except SELinux " "context.\n" " " msgstr "" #: ../src/ftpd_is_daemon.py:28 msgid "" "\n" " SELinux prevented $SOURCE from correctly running as a daemon.\n" " " msgstr "" #: ../src/ftpd_is_daemon.py:32 msgid "" "\n" " SELinux prevented $SOURCE from correctly running as a daemon.\n" " Ftp servers can be configured to either run through xinetd or as a\n" " stand-alone daemon. Each configuration requires slightly different\n" " access. If you have configured your ftp server to run as a daemon\n" " you should allow this access. Otherwise this may signal an intrusion\n" " attempt.\n" " " msgstr "" #: ../src/ftp_home_dir.py:27 msgid "" "\n" " SELinux is preventing the ftp daemon from reading users home directories " "($TARGET_PATH).\n" " " msgstr "" #: ../src/ftp_home_dir.py:31 msgid "" "\n" " SELinux has denied the ftp daemon access to users home directories\n" " ($TARGET_PATH). Someone is attempting to login via your ftp daemon\n" " to a user account. If you only setup ftp to allow anonymous ftp,\n" " this could signal a intrusion attempt.\n" " " msgstr "" #: ../src/ftp_home_dir.py:38 msgid "" "\n" " If you want ftp to allow users access to their home directories\n" " you need to turn on the $BOOLEAN boolean: \"setsebool -P\n" " $BOOLEAN=1\"\n" " " msgstr "" #: ../src/global_ssp.py:28 msgid "" "\n" " SELinux prevented $SOURCE from reading from the urandom device.\n" " " msgstr "" #: ../src/global_ssp.py:32 msgid "" "\n" " SELinux prevented $SOURCE from reading from the urandom device.\n" " This access should be allowed for individual applications, but there\n" " are situations where all applications require the access (for example,\n" " when ProPolice/SSP stack smashing protection is used). Allowing this\n" " access may allow malicious applications to drain the kernel entropy\n" " pool. This can compromising the ability of some software that is\n" " dependent on high quality random number (e.g., ssh-keygen) to operate\n" " effectively. The risk of this type of attack is relatively low.\n" " " msgstr "" #: ../src/httpd_bad_labels.py:28 msgid "" "\n" " SELinux is preventing the $SOURCE from using potentially mislabeled " "files $TARGET_PATH ($TARGET_TYPE).\n" " " msgstr "" #: ../src/httpd_bad_labels.py:32 msgid "" "\n" " SELinux has denied the $SOURCE access to potentially\n" " mislabeled files $TARGET_PATH. This means that SELinux will not\n" " allow httpd to use these files. Many third party apps install html " "files\n" " in directories that SELinux policy cannot predict. These directories\n" " have to be labeled with a file context which httpd can access.\n" " " msgstr "" #: ../src/httpd_bad_labels.py:40 msgid "" "\n" " If you want to change the file context of $TARGET_PATH so that the " "httpd\n" " daemon can access it, you need to execute it using\n" " chcon -t httpd_sys_content_t '$TARGET_PATH'. You can\n" " look at the httpd_selinux man page for additional information.\n" " " msgstr "" #: ../src/httpd_builtin_scripting.py:26 msgid "" "\n" " SELinux is preventing the http daemon from using built-in scripting.\n" " " msgstr "" #: ../src/httpd_builtin_scripting.py:30 msgid "" "\n" " SELinux has denied the http daemon from using built-in scripting.\n" " This means that SELinux will not allow httpd to use loadable\n" " modules to run scripts internally. If you did not setup httpd to\n" " use built-in scripting, this may signal a intrusion attempt.\n" " " msgstr "" #: ../src/httpd_builtin_scripting.py:37 msgid "" "\n" " If you want the http daemon to use built in scripting you need to\n" " enable the $BOOLEAN boolean: \"setsebool -P\n" " $BOOLEAN=1\"\n" " " msgstr "" #: ../src/httpd_can_network_connect_db.py:26 msgid "" "\n" " SELinux is preventing the http daemon from connecting to a database.\n" " " msgstr "" #: ../src/httpd_can_network_connect_db.py:30 msgid "" "\n" " SELinux has denied the http daemon from connecting to a database. An\n" " httpd script is trying to connect to a database port. If you did not\n" " setup httpd to allow database connections, this could signal a\n" " intrusion attempt.\n" " " msgstr "" #: ../src/httpd_can_network_connect_db.py:37 msgid "" "\n" " If you want httpd to allow database connections you need to turn on the\n" " $BOOLEAN boolean: \"setsebool -P\n" " $BOOLEAN=1\"\n" " " msgstr "" #: ../src/httpd_can_network_connect.py:29 msgid "" "\n" " SELinux is preventing the http daemon from connecting to network port " "$PORT_NUMBER" msgstr "" #: ../src/httpd_can_network_connect.py:32 msgid "" "\n" " SELinux has denied the http daemon from connecting to $PORT_NUMBER. An\n" " httpd script is trying to do a network connect to a remote port. If you\n" " did not setup httpd to network connections, this could signal a\n" " intrusion attempt.\n" " " msgstr "" #: ../src/httpd_can_network_connect.py:39 msgid "" "\n" " If you want httpd to connect to network ports you need to turn on the\n" " httpd_can_network_network_connect boolean: \"setsebool -P\n" " $BOOLEAN=1\"\n" " " msgstr "" #: ../src/httpd_can_network_relay.py:28 msgid "" "\n" " SELinux is preventing the http daemon from connecting to the itself or " "the relay ports\n" " " msgstr "" #: ../src/httpd_can_network_relay.py:32 msgid "" "\n" " SELinux has denied the http daemon from connecting to itself or\n" " the relay ports. An httpd script is trying to do a network connect\n" " to an http/ftp port. If you did not setup httpd to network\n" " connections, this could signal a intrusion attempt.\n" " " msgstr "" #: ../src/httpd_can_network_relay.py:39 msgid "" "\n" " If you want httpd to connect to httpd/ftp ports you need to turn\n" " on the $BOOLEAN boolean: \"setsebool -P\n" " $BOOLEAN=1\"\n" " " msgstr "" #: ../src/httpd_enable_cgi.py:27 msgid "" "\n" " SELinux is preventing the http daemon from executing cgi scripts.\n" " " msgstr "" #: ../src/httpd_enable_cgi.py:31 msgid "" "\n" " SELinux has denied the http daemon from executing a cgi\n" " script. httpd can be setup in a locked down mode where cgi scripts\n" " are not allowed to be executed. If the httpd server has been setup\n" " to not execute cgi scripts, this could signal a intrusion attempt.\n" " " msgstr "" #: ../src/httpd_enable_cgi.py:38 msgid "" "\n" " If you want httpd to be able to run cgi scripts, you need to\n" " turn on the $BOOLEAN boolean: \"setsebool -P\n" " $BOOLEAN=1\"\n" " " msgstr "" #: ../src/httpd_enable_ftp_server.py:26 msgid "" "\n" " SELinux is preventing the http daemon from acting as a ftp server.\n" " " msgstr "" #: ../src/httpd_enable_ftp_server.py:30 msgid "" "\n" " SELinux has denied the http daemon from listening for incoming\n" " connections on the ftp port. This means that SELinux will not\n" " allow httpd to run as a ftp server. If you did not setup httpd to\n" " run as a ftp server, this may signal a intrusion attempt.\n" " " msgstr "" #: ../src/httpd_enable_ftp_server.py:37 msgid "" " If you want the http daemon to listen on the ftp port, you need to\n" " enable the $BOOLEAN boolean: \"setsebool -P $BOOLEAN=1\"\n" " " msgstr "" #: ../src/httpd_enable_homedirs.py:26 msgid "" "\n" " SELinux is preventing the http daemon from reading users' home " "directories.\n" " " msgstr "" #: ../src/httpd_enable_homedirs.py:30 msgid "" "\n" " SELinux has denied the http daemon access to users' home\n" " directories. Someone is attempting to access your home directories\n" " via your http daemon. If you have not setup httpd to share home\n" " directories, this probably signals a intrusion attempt.\n" " " msgstr "" #: ../src/httpd_enable_homedirs.py:37 msgid "" "\n" " If you want the http daemon to share home directories you need to\n" " turn on the $BOOLEAN boolean: \"setsebool -P $BOOLEAN=1\"\n" " " msgstr "" #: ../src/httpd_ssi_exec.py:26 msgid "" "\n" " SELinux is preventing the http daemon from executing a shell script" msgstr "" #: ../src/httpd_ssi_exec.py:29 msgid "" "\n" " SELinux has denied the http daemon from executing a shell\n" " script. Ordinarily, httpd requires that all scripts (CGIs) be\n" " labeled httpd_sys_script_exec_t. If httpd should not be running\n" " this shell script, this could signal a intrusion attempt.\n" " " msgstr "" #: ../src/httpd_ssi_exec.py:36 msgid "" "\n" " If you want httpd to be able to run a particular shell script,\n" " you can label it with chcon -t httpd_sys_script_exec_t SCRIPTFILE. If " "you\n" " want httpd to be able execute any shell script you need to turn on\n" " the $BOOLEAN boolean: \"setsebool -P $BOOLEAN=1\"\n" " " msgstr "" #: ../src/httpd_tty_comm.py:26 msgid "" "\n" " SELinux is preventing the http daemon from communicating with the " "terminal.\n" " " msgstr "" #: ../src/httpd_tty_comm.py:30 msgid "" "\n" " SELinux is not allowing the http daemon to communicate with the\n" " terminal. Most daemons do not need to communicate\n" " with the terminal. httpd can be setup to require information\n" " during the boot process which would require this access. If you\n" " did not setup httpd to requires access to the terminal, this may\n" " signal a intrusion attempt.\n" " " msgstr "" #: ../src/httpd_tty_comm.py:39 msgid "" "\n" " If you want the http daemon to be able to access the terminal, you\n" " must set the $BOOLEAN boolean: \"setsebool -P\n" " $BOOLEAN=1\"\n" " " msgstr "" #: ../src/httpd_unified.py:29 msgid "" "\n" " SELinux prevented httpd $ACCESS access to http files.\n" " " msgstr "" #: ../src/httpd_unified.py:33 msgid "" "\n" " SELinux prevented httpd $ACCESS access to http files.\n" "\n" " Ordinarily httpd is allowed full access to all files labeled with http " "file\n" " context. This machine has a tightened security policy with the " "$BOOLEAN\n" " turned off, this requires explicit labeling of all files. If a file is\n" " a cgi script it needs to be labeled with httpd_TYPE_script_exec_t in " "order\n" " to be executed. If it is read-only content, it needs to be labeled\n" " httpd_TYPE_content_t, it is writable content. it needs to be labeled\n" " httpd_TYPE_script_rw_t or httpd_TYPE_script_ra_t. You can use the\n" " chcon command to change these contexts. Please refer to the man page\n" " \"man httpd_selinux\" or \n" " FAQ\n" " \"TYPE\" refers to one of \"sys\", \"user\" or \"staff\" or potentially " "other\n" " script types.\n" " " msgstr "" #: ../src/httpd_use_cifs.py:28 msgid "" "\n" " SELinux prevented the http daemon from $ACCESS files stored on a CIFS " "filesytem.\n" " " msgstr "" #: ../src/httpd_use_cifs.py:32 msgid "" "\n" " SELinux prevented the http daemon from $ACCESS files stored on a CIFS " "filesystem.\n" " CIFS (Windows Network Filesystem) is a network filesystem commonly used " "on Windows / Linux\n" " systems.\n" " \n" " The http daemon attempted to read one or more files or directories from\n" " a mounted filesystem of this type. As CIFS filesystems do not support\n" " fine-grained SELinux labeling, all files and directories in the\n" " filesystem will have the same security context.\n" " \n" " If you have not configured the http daemon to read files from a CIFS " "filesystem\n" " this access attempt could signal an intrusion attempt.\n" " " msgstr "" #: ../src/httpd_use_nfs.py:28 msgid "" "\n" " SELinux prevented the http daemon from $ACCESS files stored on a NFS " "filesytem.\n" " " msgstr "" #: ../src/httpd_use_nfs.py:32 msgid "" "\n" " SELinux prevented the http daemon from $ACCESS files stored on a NFS " "filesystem.\n" " NFS (Network Filesystem) is a network filesystem commonly used on Unix / " "Linux\n" " systems.\n" " \n" " The http daemon attempted to read one or more files or directories from\n" " a mounted filesystem of this type. As NFS filesystems do not support\n" " fine-grained SELinux labeling, all files and directories in the\n" " filesystem will have the same security context.\n" " \n" " If you have not configured the http daemon to read files from a NFS " "filesystem\n" " this access attempt could signal an intrusion attempt.\n" " " msgstr "" #: ../src/home_tmp_bad_labels.py:28 msgid "" "\n" " SELinux is preventing the $SOURCE from using potentially mislabeled " "files ($TARGET_PATH).\n" " " msgstr "" #: ../src/home_tmp_bad_labels.py:32 msgid "" "\n" " SELinux has denied $SOURCE access to potentially\n" " mislabeled file(s) ($TARGET_PATH). This means that SELinux will not\n" " allow $SOURCE to use these files. It is common for users to edit\n" " files in their home directory or tmp directories and then move\n" " (mv) them to system directories. The problem is that the files \n" " end up with the wrong file context which confined applications are not " "allowed to access.\n" " " msgstr "" #: ../src/home_tmp_bad_labels.py:41 msgid "" "\n" " If you want $SOURCE to access this files, you need to\n" " relabel them using restorecon -v '$TARGET_PATH'. You might want to\n" " relabel the entire directory using restorecon -R -v '$TARGET_DIR'.\n" " " msgstr "" #: ../src/inetd_bind_ports.py:30 msgid "" "\n" " SELinux has denied the $SOURCE from binding to a network port " "$PORT_NUMBER which does not have an SELinux type associated with it.\n" " If $SOURCE is supposed to be allowed to listen on this port, you can use " "the semanage command to add this port to a inetd_child_port_t type. If you " "think this is the default please file a bug report against the selinux-policy package.\n" "If $SOURCE is not supposed\n" " to bind to this port, this could signal a intrusion attempt.\n" " " msgstr "" #: ../src/inetd_bind_ports.py:37 msgid "" "\n" " If you want to allow $SOURCE to bind to this port\n" " semanage port -a -t inetd_child_port_t -p PROTOCOL $PORT_NUMBER\n" " Where PROTOCOL is tcp or udp.\n" " " msgstr "" #: ../src/mislabeled_file.py:30 msgid "" "\n" " SELinux is preventing $SOURCE ($SOURCE_TYPE) \"$ACCESS\" to $TARGET_PATH " "($TARGET_TYPE).\n" " The SELinux type $TARGET_TYPE, is a generic type for all files in the " "directory and very few processes (SELinux Domains) are allowed to write to " "this SELinux type. This type of denial usual indicates a mislabeled file. " "By default a file created in a directory has the gets the context of the " "parent directory, but SELinux policy has rules about the creation of " "directories, that say if a process running in one SELinux Domain (D1) " "creates a file in a directory with a particular SELinux File Context (F1) " "the file gets a different File Context (F2). The policy usually allows the " "SELinux Domain (D1) the ability to write, unlink, and append on (F2). But " "if for some reason a file ($TARGET_PATH) was created with the wrong context, " "this domain will be denied. The usual solution to this problem is to reset " "the file context on the target file, restorecon -v '$TARGET_PATH'. If the " "file context does not change from $TARGET_TYPE, then this is probably a bug " "in policy. Please file a bug report against the selinux-policy package.\n" "If it does change, you can try your application again to see if it works. " "The file context could have been mislabeled by editing the file or moving " "the file from a different directory, if the file keeps getting mislabeled, " "check the init scripts to see if they are doing something to mislabel the " "file. \n" " \n" " " msgstr "" #: ../src/mislabeled_file.py:37 msgid "" "\n" " You can attempt to fix file context by executing restorecon -v " "'$TARGET_PATH'\n" " " msgstr "" #: ../src/mounton.py:33 msgid "" "\n" " SELinux prevented $SOURCE from mounting a filesystem on the file\n" " or directory \"$TARGET_PATH\" of type \"$TARGET_TYPE\". By default\n" " SELinux limits the mounting of filesystems to only some files or\n" " directories (those with types that have the mountpoint attribute). The\n" " type \"$TARGET_TYPE\" does not have this attribute. You can change the \n" " label of the file or directory.\n" " " msgstr "" #: ../src/mounton.py:42 msgid "" "\n" " Changing the file_context to mnt_t will allow mount to mount the file " "system:\n" " \"chcon -t mnt_t '$TARGET_PATH'.\"\n" " You must also change the default file context files on the system in " "order to preserve them even on a full relabel. \"semanage fcontext -a -t " "mnt_t '$TARGET_PATH'\"\n" " " msgstr "" #: ../src/named_write_master_zones.py:27 msgid "" "\n" " SELinux is preventing the named daemon from writing to the zone directory" msgstr "" #: ../src/named_write_master_zones.py:30 msgid "" "\n" " SELinux has denied the named daemon from writing zone\n" " files. Ordinarily, named is not required to write to these files.\n" " Only secondary servers should be required to write to these\n" " directories. If this machine is not a secondary server, this\n" " could signal a intrusion attempt.\n" " " msgstr "" #: ../src/named_write_master_zones.py:38 msgid "" "\n" " If you want named to run as a secondary server and accept zone\n" " transfers you need to turn on the $BOOLEAN boolean: \"setsebool -P\n" " $BOOLEAN=1\"\n" " " msgstr "" #: ../src/named_write_master_zones.py:55 msgid "Domain Name Service" msgstr "" #: ../src/nfs_export_all_ro.py:26 msgid "" "\n" " SELinux is preventing the nfs daemon from serving r/o local files to " "remote clients.\n" " " msgstr "" #: ../src/nfs_export_all_ro.py:30 msgid "" "\n" " SELinux has preventing the nfs daemon (nfsd) from read files on\n" " the local system. If you have not exported these file systems, this\n" " could signals an intrusion.\n" " " msgstr "" #: ../src/nfs_export_all_ro.py:36 msgid "" "\n" " If you want to export file systems using nfs you need to turn on\n" " the $BOOLEAN boolean: \"setsebool -P $BOOLEAN=1\".\n" " " msgstr "" #: ../src/nfs_export_all_rw.py:26 msgid "" "\n" " SELinux is preventing the nfs daemon from allowing remote clients to " "write local files.\n" " " msgstr "" #: ../src/nfs_export_all_rw.py:30 msgid "" "\n" " SELinux has preventing the nfs daemon (nfsd) from writing files on the " "local system. If you have not exported any file systems (rw), this could " "signals an intrusion. \n" " " msgstr "" #: ../src/nfs_export_all_rw.py:34 msgid "" "\n" " If you want to export writable file systems using nfs you need to turn " "on the $BOOLEAN boolean: \"setsebool -P $BOOLEAN=1\".\n" " " msgstr "" #: ../src/pppd_can_insmod.py:26 msgid "" "\n" " SELinux is preventing the ppp daemon from inserting kernel modules.\n" " " msgstr "" #: ../src/pppd_can_insmod.py:30 msgid "" "\n" " SELinux has denied the Point-to-Point Protocol daemon from\n" " inserting a kernel module. If pppd is not setup to insert kernel\n" " modules, this probably signals a intrusion attempt.\n" " " msgstr "" #: ../src/pppd_can_insmod.py:36 msgid "" "\n" " If you want ppp to be able to insert kernel modules you need to\n" " turn on the $BOOLEAN boolean: \"setsebool -P $BOOLEAN=1\"\n" " " msgstr "" #: ../src/pppd_can_insmod.py:51 ../src/squid_connect_any.py:51 #: ../src/stunnel_is_daemon.py:56 msgid "Networking" msgstr "" #: ../src/prelink_mislabled.py:26 msgid "" "\n" " SELinux is preventing $SOURCE ($SOURCE_TYPE) \"$ACCESS\" on $TARGET_PATH " "($TARGET_TYPE).\n" " " msgstr "" #: ../src/prelink_mislabled.py:30 msgid "" "\n" " SELinux denied prelink $ACCESS on $TARGET_PATH.\n" " The prelink program is only allowed to manipulate files that are " "identified as\n" " executables or shared libraries by SELinux. Libraries that get placed " "in\n" " lib directories get labeled by default as a shared library. Similarly,\n" " executables that get placed in a bin or sbin directory get labeled as " "executables by SELinux. However, if these files get installed in other " "directories\n" " they might not get the correct label. If prelink is trying\n" " to manipulate a file that is not a binary or share library this may " "indicate an\n" " intrusion attack. \n" "\n" " " msgstr "" #: ../src/prelink_mislabled.py:42 msgid "" "\n" " You can alter the file context by executing \"chcon -t bin_t " "'$TARGET_PATH'\" or\n" " \"chcon -t lib_t '$TARGET_PATH'\" if it is a shared library. If you " "want to make these changes permanent you must execute the semanage command.\n" " \"semanage fcontext -a -t bin_t '$TARGET_PATH'\" or\n" " \"semanage fcontext -a -t shlib_t '$TARGET_PATH'\".\n" " If you feel this executable/shared library is in the wrong location " "please file a bug against the package that includes the file. If you feel " "that SELinux should know about this file and label it correctly please file " "a bug against SELinux policy.\n" "\n" " " msgstr "" #: ../src/public_content.py:30 msgid "" "\n" " SELinux denied access to $TARGET_PATH requested by $SOURCE.\n" " $TARGET_PATH has a context used for sharing by different program. If " "you\n" " would like to share $TARGET_PATH from $SOURCE also, you need to\n" " change its file context to public_content_t. If you did not intend to\n" " this access, this could signal a intrusion attempt.\n" " " msgstr "" #: ../src/public_content.py:38 msgid "" "\n" " You can alter the file context by executing chcon -t public_content_t " "'$TARGET_PATH'\n" " " msgstr "" #: ../src/qemu_blk_image.py:26 ../src/qemu_file_image.py:26 msgid "" "\n" " SELinux is preventing qemu ($SOURCE) \"$ACCESS\" to $TARGET_PATH " "($TARGET_TYPE).\n" " " msgstr "" #: ../src/qemu_blk_image.py:30 msgid "" "\n" " SELinux denied qemu access to the block device $TARGET_PATH.\n" " If this is a virtualization image, it needs to be labeled with a " "virtualization file context (virt_image_t). You can relabel $TARGET_PATH to " "be virt_image_t using chcon. You also need to execute semanage fcontext -a -" "t virt_image_t '$TARGET_PATH' to add this\n" " new path to the system defaults. If you did not intend to use " "$TARGET_PATH as a qemu\n" " image it could indicate either a bug or an intrusion attempt.\n" " " msgstr "" #: ../src/qemu_blk_image.py:37 ../src/qemu_file_image.py:40 msgid "" "\n" " You can alter the file context by executing chcon -t virt_image_t " "'$TARGET_PATH'\n" " You must also change the default file context files on the system in " "order to preserve them even on a full relabel. \"semanage fcontext -a -t " "virt_image_t '$TARGET_PATH'\"\n" " " msgstr "" #: ../src/qemu_file_image.py:30 msgid "" "\n" " SELinux denied qemu access to $TARGET_PATH.\n" " If this is a virtualization image, it has to have a file context label " "of\n" " virt_image_t. The system is setup to label image files in directory./var/" "lib/libvirt/images\n" " correctly. We recommend that you copy your image file to /var/lib/" "libvirt/images.\n" " If you really want to have your qemu image files in the current " "directory, you can relabel $TARGET_PATH to be virt_image_t using chcon. You " "also need to execute semanage fcontext -a -t virt_image_t '$TARGET_PATH' to " "add this\n" " new path to the system defaults. If you did not intend to use " "$TARGET_PATH as a qemu\n" " image it could indicate either a bug or an intrusion attempt.\n" " " msgstr "" #: ../src/read_default_t.py:28 msgid "" "\n" " SELinux prevented $SOURCE from $ACCESS files stored in directories " "marked with the default context.\n" " " msgstr "" #: ../src/read_default_t.py:32 msgid "" "\n" " SELinux prevented $SOURCE from $ACCESS files stored in directories " "marked with the default context.\n" "\n" " $SOURCE attempted to read one or more files or directories which are\n" " marked with the default context. Confined domains usually do not need " "to\n" " access these directories, this access attempt could signal an intrusion\n" " attempt. If this application and other confined applications need to\n" " access these files you can either change the file context of the files\n" " or set a boolean.\n" " " msgstr "" #: ../src/restorecon.py:35 msgid "" "\n" " SELinux denied access requested by $SOURCE. $TARGET_PATH may\n" " be a mislabeled. $TARGET_PATH default SELinux type is\n" " $MATCHTYPE, but its current type is $TARGET_TYPE. " "Changing\n" " this file back to the default type, may fix your problem.\n" "

\n" " File contexts can be assigned to a file in the following ways.\n" "

    \n" "
  • Files created in a directory receive the file context of the " "parent directory by default.\n" "
  • The SELinux policy might override the default label inherited " "from the parent directory by\n" " specifying a process running in context A which creates a file " "in a directory labeled B\n" " will instead create the file with label C. An example of this " "would be the dhcp client running\n" " with the dhclient_t type and creates a file in the directory /" "etc. This file would normally\n" " receive the etc_t type due to parental inheritance but instead " "the file\n" " is labeled with the net_conf_t type because the SELinux policy " "specifies this.\n" "
  • Users can change the file context on a file using tools such as " "chcon, or restorecon.\n" "
\n" " This file could have been mislabeled either by user error, or if an " "normally confined application\n" " was run under the wrong domain.\n" "

\n" " However, this might also indicate a bug in SELinux because the file " "should not have been labeled\n" " with this type.\n" "

\n" " If you believe this is a bug, please file a\n" " bug " "report\n" " against this package.\n" " " msgstr "" #: ../src/restorecon.py:63 msgid "" "\n" " You can restore the default system context to this file by executing " "the\n" " restorecon command. restorecon '$TARGET_PATH', if this file is a " "directory,\n" " you can recursively restore using restorecon -R '$TARGET_PATH'.\n" " " msgstr "" #: ../src/rsync_data.py:26 msgid "" "\n" " SELinux is preventing rsync ($SOURCE) \"$ACCESS\" to $TARGET_PATH " "($TARGET_TYPE).\n" " " msgstr "" #: ../src/rsync_data.py:30 msgid "" "\n" " SELinux denied rsync access to $TARGET_PATH.\n" " If this is a RSYNC repository it has to have a file context label of\n" " rsync_data_t. If you did not intend to use $TARGET_PATH as a rsync " "repository\n" " it could indicate either a bug or it could signal a intrusion attempt.\n" " " msgstr "" #: ../src/rsync_data.py:37 msgid "" "\n" " You can alter the file context by executing chcon -R -t rsync_data_t " "'$TARGET_PATH'\n" " You must also change the default file context files on the system in " "order to preserve them even on a full relabel. \"semanage fcontext -a -t " "rsync_data_t '$TARGET_PATH'\"\n" " " msgstr "" #: ../src/samba_enable_home_dirs.py:26 msgid "" "\n" " SELinux is preventing the samba daemon from reading users' home " "directories.\n" " " msgstr "" #: ../src/samba_enable_home_dirs.py:30 msgid "" "\n" " SELinux has denied the samba daemon access to users' home\n" " directories. Someone is attempting to access your home directories\n" " via your samba daemon. If you only setup samba to share non-home\n" " directories, this probably signals a intrusion attempt.\n" " For more information on SELinux integration with samba, look at the\n" " samba_selinux man page. (man samba_selinux)\n" " " msgstr "" #: ../src/samba_enable_home_dirs.py:39 msgid "" "\n" " If you want samba to share home directories you need to turn on\n" " the $BOOLEAN boolean: \"setsebool -P $BOOLEAN=1\"\n" " " msgstr "" #: ../src/samba_export_all_ro.py:26 msgid "" "\n" " SELinux is preventing the samba daemon from serving r/o local files to " "remote clients.\n" " " msgstr "" #: ../src/samba_export_all_ro.py:30 msgid "" "\n" " SELinux has preventing the samba daemon (smbd) from reading files on\n" " the local system. If you have not exported these file systems, this\n" " could signals an intrusion.\n" " " msgstr "" #: ../src/samba_export_all_ro.py:36 msgid "" "\n" " If you want to export file systems using samba you need to turn on\n" " the $BOOLEAN boolean: \"setsebool -P $BOOLEAN=1\".\n" " " msgstr "" #: ../src/samba_export_all_rw.py:26 msgid "" "\n" " SELinux is preventing the samba daemon from allowing remote clients to " "write local files.\n" " " msgstr "" #: ../src/samba_export_all_rw.py:30 msgid "" "\n" " SELinux has preventing the samba daemon (smbd) from writing files on the " "local system. If you have not exported any file systems (rw), this could " "signals an intrusion. \n" " " msgstr "" #: ../src/samba_export_all_rw.py:34 msgid "" "\n" " If you want to export writable file systems using samba you need to turn " "on the $BOOLEAN boolean: \"setsebool -P $BOOLEAN=1\".\n" " " msgstr "" #: ../src/samba_share_nfs.py:26 msgid "" "\n" " SELinux is preventing the samba daemon from reading nfs file systems.\n" " " msgstr "" #: ../src/samba_share_nfs.py:30 msgid "" "\n" " SELinux has denied the samba daemon access to nfs file\n" " systems. Someone is attempting to access an nfs file system via\n" " your samba daemon. If you did not setup samba to share nfs file\n" " systems, this probably signals a intrusion attempt.\n" " " msgstr "" #: ../src/samba_share_nfs.py:37 msgid "" "\n" " If you want samba to share nfs file systems you need to turn on\n" " the $BOOLEAN boolean: \"setsebool -P $BOOLEAN=1\"\n" " " msgstr "" #: ../src/samba_share.py:26 msgid "" "\n" " SELinux is preventing samba ($SOURCE) \"$ACCESS\" to $TARGET_PATH " "($TARGET_TYPE).\n" " " msgstr "" #: ../src/samba_share.py:30 msgid "" "\n" " SELinux denied samba access to $TARGET_PATH.\n" " If you want to share this directory with samba it has to have a file " "context label of\n" " samba_share_t. If you did not intend to use $TARGET_PATH as a samba " "repository\n" " it could indicate either a bug or it could signal a intrusion attempt.\n" " " msgstr "" #: ../src/samba_share.py:37 msgid "" "\n" " You can alter the file context by executing chcon -R -t samba_share_t " "'$TARGET_PATH'\n" " You must also change the default file context files on the system in " "order to preserve them even on a full relabel. \"semanage fcontext -a -t " "samba_share_t '$TARGET_PATH'\"\n" " " msgstr "" #: ../src/secure_mode_insmod.py:25 msgid "" "\n" " SELinux is preventing the kernel modules from being loaded.\n" " " msgstr "" #: ../src/secure_mode_insmod.py:29 msgid "" "\n" " SELinux has denied kernel module utilities from modifying\n" " kernel modules. This machine is hardened to not allow the kernel to\n" " be modified, except in single user mode. If you did not try to\n" " manage a kernel module, this probably signals an intrusion.\n" " " msgstr "" #: ../src/secure_mode_insmod.py:36 msgid "" "\n" " If you allow the management of the kernel modules on your machine,\n" " turn off the $BOOLEAN boolean: \"setsebool -P\n" " $BOOLEAN=0\".\n" " " msgstr "" #: ../src/secure_mode_insmod.py:52 msgid "Kernel" msgstr "" #: ../src/secure_mode_policyload.py:26 msgid "" "\n" " SELinux is preventing the modification of the running policy.\n" " " msgstr "" #: ../src/secure_mode_policyload.py:30 msgid "" "\n" " SELinux has denied the management tools from modifying the way the\n" " SELinux policy runs. This machine is hardened if you did not run\n" " any SELinux tools, this probably signals an intrusion.\n" " " msgstr "" #: ../src/secure_mode_policyload.py:36 msgid "" "\n" " If you want to modify the way SELinux is running on your machine\n" " you need to bring the machine to single user mode with enforcing\n" " turned off. The turn off the secure_mode_policyload boolean:\n" " \"setsebool -P secure_mode_policyload=0\".\n" " " msgstr "" #: ../src/spamd_enable_home_dirs.py:27 msgid "" "\n" " SELinux is preventing the spamd daemon from reading users' home " "directories.\n" " " msgstr "" #: ../src/spamd_enable_home_dirs.py:31 msgid "" "\n" " SELinux has denied the spamd daemon access to users' home\n" " directories. Someone is attempting to access your home directories\n" " via your spamd daemon. If you only setup spamd to share non-home\n" " directories, this probably signals a intrusion attempt.\n" " " msgstr "" #: ../src/spamd_enable_home_dirs.py:38 msgid "" "\n" " If you want spamd to share home directories you need to turn on\n" " the $BOOLEAN boolean: \"setsebool -P $BOOLEAN=1\"\n" " " msgstr "" #: ../src/squid_connect_any.py:26 msgid "" "\n" " SELinux is preventing the squid daemon from connecting to network port " "$PORT_NUMBER" msgstr "" #: ../src/squid_connect_any.py:29 msgid "" "\n" " SELinux has denied the squid daemon from connecting to\n" " $PORT_NUMBER. By default squid policy is setup to deny squid\n" " connections. If you did not setup squid to network connections,\n" " this could signal a intrusion attempt.\n" " " msgstr "" #: ../src/squid_connect_any.py:36 msgid "" "\n" " If you want squid to connect to network ports you need to turn on\n" " the $BOOLEAN boolean: \"setsebool -P $BOOLEAN=1\"\n" " " msgstr "" #: ../src/stunnel_is_daemon.py:30 msgid "" "\n" " SELinux has denied the $SOURCE ($SOURCE_TYPE) \"$ACCESS\" access to " "device $TARGET_PATH.\n" " $TARGET_PATH is mislabeled, this device has the default label of the /" "dev directory, which should not\n" " happen. All Character and/or Block Devices should have a label. You " "can attempt to change the label of\n" " the file using restorecon '$TARGET_PATH'. If this device remains " "labeled device_t, then this is a bug in\n" " SELinux policy.\n" "\n" " " msgstr "" #: ../src/stunnel_is_daemon.py:39 msgid "" "\n" " If you want the SSL Tunnel to run as a daemon you need to turn on\n" " the $BOOLEAN boolean: \"setsebool -P $BOOLEAN=1\". You also need to\n" " tell SELinux which port SSL Tunnel will be running on. semanage\n" " port -a -t stunnel_port_t -p tcp $PORT_NUMBER\n" " " msgstr "" #: ../src/swapfile.py:30 msgid "" "\n" " SELinux denied $SOURCE access to $TARGET_PATH.\n" " If this is a swapfile it has to have a file context label of\n" " swapfile_t. If you did not intend to use\n" " $TARGET_PATH as a swapfile it probably indicates a bug, however it could " "also\n" " signal a intrusion attempt.\n" " " msgstr "" #: ../src/swapfile.py:38 msgid "" "\n" " You can alter the file context by executing chcon -t swapfile_t " "'$TARGET_PATH'\n" " You must also change the default file context files on the system in " "order to preserve them even on a full relabel. \"semanage fcontext -a -t " "swapfile_t '$TARGET_PATH'\"\n" " " msgstr "" #: ../src/use_nfs_home_dirs.py:28 msgid "" "\n" " SELinux prevented $SOURCE from $ACCESS files stored on a NFS filesytem.\n" " " msgstr "" #: ../src/use_nfs_home_dirs.py:32 msgid "" "\n" " SELinux prevented $SOURCE from $ACCESS files stored on a NFS " "filesystem.\n" " NFS (Network Filesystem) is a network filesystem commonly used on Unix / " "Linux\n" " systems.\n" " \n" " $SOURCE attempted to read one or more files or directories from\n" " a mounted filesystem of this type. As NFS filesystems do not support\n" " fine-grained SELinux labeling, all files and directories in the\n" " filesystem will have the same security context.\n" " \n" " If you have not configured $SOURCE to read files from a NFS filesystem\n" " this access attempt could signal an intrusion attempt.\n" " " msgstr "" #: ../src/use_samba_home_dirs.py:28 msgid "" "\n" " SELinux prevented $SOURCE from $ACCESS files stored on a Windows SMB/" "CIFS (Samba) filesytem.\n" " " msgstr "" #: ../src/use_samba_home_dirs.py:32 msgid "" "\n" " SELinux prevented $SOURCE from $ACCESS files stored on a Windows SMB/" "CIFS (Samba) filesystem.\n" " CIFS is a network filesystem commonly used on Windows systems.\n" " \n" " $SOURCE attempted to read one or more files or directories from\n" " a mounted filesystem of this type. As CIFS filesystems do not support\n" " fine-grained SELinux labeling, all files and directories in the\n" " filesystem will have the same security context.\n" " \n" " If you have not configured $SOURCE to read files from a CIFS filesystem\n" " this access attempt could signal an intrusion attempt.\n" " " msgstr "" #: ../src/user_tcp_server.py:26 msgid "" "\n" " SELinux is preventing the users from running TCP servers in the " "usedomain.\n" " " msgstr "" #: ../src/user_tcp_server.py:30 msgid "" "\n" " SELinux has denied the $SOURCE program from binding to a network port " "$PORT_NUMBER which does not have an SELinux type associated with it.\n" " $SOURCE does not have an SELinux policy defined for it when run by the " "user, so it runs in the users domain. SELinux is currently setup to\n" " deny TCP server to run within the user domain. If you did not expect " "programs like $SOURCE to bind to a network port, then this could signal\n" " a intrusion attempt. If this system is running as an NIS Client, turning " "on the allow_ypbind boolean, may fix the problem.\n" " setsebool -P allow_ypbind=1.\n" " " msgstr "" #: ../src/user_tcp_server.py:38 msgid "" "\n" " If you want to allow user programs to run as TCP Servers, you can turn " "on the user_tcp_server boolean, by executing:\n" " setsebool -P $BOOLEAN=1\n" " " msgstr "" #: ../src/xen_image.py:26 msgid "" "\n" " SELinux is preventing xen ($SOURCE) \"$ACCESS\" to $TARGET_PATH " "($TARGET_TYPE).\n" " " msgstr "" #: ../src/xen_image.py:30 msgid "" "\n" " SELinux denied xen access to $TARGET_PATH.\n" " If this is a XEN image, it has to have a file context label of\n" " xen_image_t. The system is setup to label image files in directory./var/" "lib/xen/images\n" " correctly. We recommend that you copy your image file to /var/lib/xen/" "images.\n" " If you really want to have your xen image files in the current " "directory, you can relabel $TARGET_PATH to be xen_image_t using chcon. You " "also need to execute semanage fcontext -a -t xen_image_t '$TARGET_PATH' to " "add this\n" " new path to the system defaults. If you did not intend to use " "$TARGET_PATH as a xen\n" " image it could indicate either a bug or an intrusion attempt.\n" " " msgstr "" #: ../src/xen_image.py:40 msgid "" "\n" " You can alter the file context by executing chcon -t xen_image_t " "'$TARGET_PATH'\n" " You must also change the default file context files on the system in " "order to preserve them even on a full relabel. \"semanage fcontext -a -t " "xen_image_t '$TARGET_PATH'\"\n" " " msgstr ""