Zen

Translation


The $SOURCE application attempted to change the access protection of memory on
the heap (e.g., allocated using malloc). This is a potential security
problem. Applications should not be doing this. Applications are
sometimes coded incorrectly and request this permission. The
<a href="http://people.redhat.com/drepper/selinux-mem.html">SELinux Memory Protection Tests</a>
web page explains how to remove this requirement. If $SOURCE does not work and
you need it to work, you can configure SELinux temporarily to allow
this access until the application is fixed. Please file a bug
report against this package.
315/6540 · 654

Sign in to save the translation.

English Chinese (Simplified) (zh_CN) Actions

SELinux policy is preventing an httpd script from writing to a public
directory.

SELinux 策略正在阻止 httpd 脚本在公共
目录中写入内容。

SELinux policy is preventing an httpd script from writing to a public
directory. If httpd is not setup to write to public directories, this
could signal an intrusion attempt.

SELinux 策略正在阻止 httpd 脚本向公共目录写入内容。
如果没有将 httpd 设置为可写入公共目录,
这可能是尝试入侵的信号。

If httpd scripts should be allowed to write to public directories you need to turn on the $BOOLEAN boolean and change the file context of the public directory to public_content_rw_t. Read the httpd_selinux
man page for further information:
"setsebool -P $BOOLEAN=1; chcon -t public_content_rw_t <path>"
You must also change the default file context labeling files on the system in order to preserve public directory labeling even on a full relabel. "semanage fcontext -a -t public_content_rw_t <path>"

如果应允许 httpd 脚本写入公共目录,则需要打开 $BOOLEAN 布尔值,并且将公共目录的文件环境改为 public_content_rw_t。详情请查看阅读 httpd_selinux
的 man page:
"setsebool -P $BOOLEAN=1; chcon -t public_content_rw_t <path>"
另外,还必须更改系统默认文件环境的标记文件,以便即使在完全重新标记时仍可保留公共目录的标记。 "semanage fcontext -a -t public_content_rw_t <path>"
If you want to allow $SOURCE_PATH to be able to write to shared public content
如果您想要允许 $SOURCE_PATH 拥有向共享公用内容写入的权限
you need to change the label on $TARGET_PATH to public_content_rw_t, and potentially turn on the allow_httpd_sys_script_anon_write boolean.
您需要将 $TARGET_PATH 的标记改为 public_content_rw_t,可能还要再打开 allow_httpd_sys_script_anon_write 布尔值。

SELinux is preventing $SOURCE_PATH from changing the access
protection of memory on the heap.

SELinux 将阻止 $SOURCE 修改堆上
的内存 (memory on the heap) 访问保护。

The $SOURCE application attempted to change the access protection of memory on
the heap (e.g., allocated using malloc). This is a potential security
problem. Applications should not be doing this. Applications are
sometimes coded incorrectly and request this permission. The
<a href="http://people.redhat.com/drepper/selinux-mem.html">SELinux Memory Protection Tests</a>
web page explains how to remove this requirement. If $SOURCE does not work and
you need it to work, you can configure SELinux temporarily to allow
this access until the application is fixed. Please file a bug
report against this package.

$SOURCE 应用程序试图修改内存堆 (memory on the heap,
比如使用 malloc 分配的内存) 的访问保护。这是潜在的安全问题。
正常情况下应用程序不会有这样的行为,不过有时错误的代码也可能
会请求此权限。<a href="http://people.redhat.com/drepper/selinux-mem.html">SELinux 内存保护测试</a>页面介绍了删除此
请求的方法。如果 $SOURCE 不能正常工作,但又需要它运行,
则在此应用得到修正前可以配置 SELinux 临时允许此访问。
请针对此软件包上报 bug。

If you want $SOURCE to continue, you must turn on the
$BOOLEAN boolean. Note: This boolean will affect all applications
on the system.

如果想让 $SOURCE 继续执行, 必须将
$BOOLEAN 布尔值设为开启。注意:该布尔值将会影响系统中的
所有应用程序。
If you do not think $SOURCE_PATH should need to map heap memory that is both writable and executable.
如果你不思考 $SOURCE_PATH应该映射既可写又可执行的堆内存。
you need to report a bug. This is a potentially dangerous access.
应该报告 bug。此访问可能有危险。
Contact your security administrator and report this issue.
联络安全管理员并报告此问题。

SELinux is preventing $SOURCE_PATH from loading $TARGET_PATH which requires text relocation.

SELinux 将阻止 $SOURCE 加载需要重新定位文本的 $TARGET_PATH。

The $SOURCE application attempted to load $TARGET_PATH which
requires text relocation. This is a potential security problem.
Most libraries do not need this permission. Libraries are
sometimes coded incorrectly and request this permission. The
<a href="http://people.redhat.com/drepper/selinux-mem.html">SELinux Memory Protection Tests</a>
web page explains how to remove this requirement. You can configure
SELinux temporarily to allow $TARGET_PATH to use relocation as a
workaround, until the library is fixed. Please file a bug report.

$SOURCE 应用程序试图读取需要文本重定位的 $TARGET_PATH。
这是潜在的安全问题。
多数程序库不需要这样做。有时候不正确编码的程序库会有这样的请求。
<a href="http://people.redhat.com/drepper/selinux-mem.html">SELinux 内存保护测试</a>
页面说明如何移除这个请求。请你提交此bug。 在程序库修复前,您可暂时设置 SELinux 允许 $TARGET_PATH做文本重定向。

The $SOURCE application attempted to load $TARGET_PATH which
requires text relocation. This is a potential security problem.
Most libraries should not need this permission. The
<a href="http://people.redhat.com/drepper/selinux-mem.html">
SELinux Memory Protection Tests</a>
web page explains this check. This tool examined the library and it looks
like it was built correctly. So setroubleshoot can not determine if this
application is compromised or not. This could be a serious issue. Your
system may very well be compromised.

Contact your security administrator and report this issue.

该 $SOURCE 应用程序试图加载 $TARGET_PATH需要文本重定位。这是一个潜在的安全问题。大多数图书馆不需要此权限。该 <a href="http://people.redhat.com/drepper/selinux-mem.html">SELinux内存保护测试</a>网页解释了这个检查。该工具检查了库,看起来它是正确构建的。因此,setroubleshoot无法确定此应用程序是否已被泄露。这可能是一个严重的问题。您的系统可能会受到损害。请与您的安全管理员联系并报告此问题。

If you trust $TARGET_PATH to run correctly, you can change the
file context to textrel_shlib_t. "chcon -t textrel_shlib_t
'$TARGET_PATH'"
You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t '$FIX_TARGET_PATH'"

如果您确信 $TARGET_PATH 可正常运行,则可将文件环境 (context)
改为 textrel_shlib_t。"chcon -t textrel_shlib_t
'$TARGET_PATH'"
您还必须修改系统中的默认文件环境文件,以便即使在完全重新标记 (relabel) 后也能保留它们。"semanage fcontext -a -t textrel_shlib_t '$FIX_TARGET_PATH'"
Change label on the library.
更改库上的标签。

SELinux is preventing $SOURCE_PATH from making the program stack executable.

SELinux 将阻止 $SOURCE_PATH 使程序栈可执行。

The $SOURCE application attempted to make its stack
executable. This is a potential security problem. This should
never ever be necessary. Stack memory is not executable on most
OSes these days and this will not change. Executable stack memory
is one of the biggest security problems. An execstack error might
in fact be most likely raised by malicious code. Applications are
sometimes coded incorrectly and request this permission. The
<a href="http://people.redhat.com/drepper/selinux-mem.html">SELinux Memory Protection Tests</a>
web page explains how to remove this requirement. If $SOURCE does not
work and you need it to work, you can configure SELinux
temporarily to allow this access until the application is fixed. Please
file a bug report.

$SOURCE 应用尝试将其栈变成可执行。 这是个潜在的安全问题。
此行为没有任何必要。在当今多数操作系统中,栈内存都是不可执行
的,并且在将来也不会有变化。栈内存可执行是最严重的安全问题
之一。而造成此问题的最可能原因就是恶意代码。有时不正确的应用
程序代码会请求此项权限。<a href="http://people.redhat.com/drepper/selinux-mem.html">SELinux 内存保护测试</a>解释了
如何移除此种请求。如果 $SOURCE 无法正常运行,但您需要让它
正常运行,那么在此应用程序修正之前,可临时配置 SELinux 以允许
此请求。欢迎提交 bug 报告。

Sometimes a library is accidentally marked with the execstack flag,
if you find a library with this flag you can clear it with the
execstack -c LIBRARY_PATH. Then retry your application. If the
app continues to not work, you can turn the flag back on with
execstack -s LIBRARY_PATH.

有时库文件会意外被标上 execstack 标记。如果您发现有
库带有此标记,您可以使用命令 execstack -c LIBRARY_PATH
将其清除。然后尝试重新应用程序。如果程序仍然无法运行,
您可用 execstack -s LIBRARY_PATH 命令重新为库加上
此标记。
If you do not think $SOURCE_PATH should need to map stack memory that is both writable and executable.
如果你不思考 $SOURCE_PATH应该需要映射既可写又可执行的堆栈内存。
you need to report a bug.
This is a potentially dangerous access.
需要报告这个 bug。
这可能是个潜在的危险访问。
If you believe that
%s
should not require execstack
如果你相信%s不应该要求execstack

Loading…

User avatar None

String updated in the repository

The $SOURCE application attempted to change the access protection of memory on
the heap (e.g., allocated using malloc). This is a potential security
problem. Applications should not be doing this. Applications are
sometimes coded incorrectly and request this permission. The
<a href="http://people.redhat.com/drepper/selinux-mem.html">SELinux Memory Protection Tests</a>
web page explains how to remove this requirement. If $SOURCE does not work and
you need it to work, you can configure SELinux temporarily to allow
this access until the application is fixed. Please file a bug
report against this package.

$SOURCE 应用程序试图修改内存堆 (memory on the heap,
比如使用 malloc 分配的内存) 的访问保护。这是潜在的安全问题。
正常情况下应用程序不会有这样的行为,不过有时错误的代码也可能
会请求此权限。<a href="http://people.redhat.com/drepper/selinux-mem.html">SELinux 内存保护测试</a>页面介绍了删除此
请求的方法。如果 $SOURCE 不能正常工作,但又需要它运行,
则在此应用得到修正前可以配置 SELinux 临时允许此访问。
请针对此软件包上报 bug。
a year ago
Browse all string changes

Things to check

Mismatching line breaks

Number of new lines in translation does not match source

Reset

Glossary

English Chinese (Simplified) (zh_CN)
No related strings found in the glossary.

String information

Source string location
../src/allow_execheap.py:32
String age
a year ago
Last updated
a year ago
Source string age
a year ago
Translation file
setroubleshoot/plugins/plugins/po/zh_CN.po, string 7