Units
Translation components API.
See the Weblate's Web API documentation for detailed description of the API.
GET /api/translations/documentation/bookshandbookmac_index/zh_CN/units/?format=api&page=5
{ "count": 302, "next": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/units/?format=api&page=6", "previous": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/units/?format=api&page=4", "results": [ { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "# setpmac biba/10 csh\n" ], "previous_source": "", "target": [ "" ], "id_hash": 7870414873792823798, "content_hash": 7870414873792823798, "location": "documentation/content/en/books/handbook/mac/_index.adoc:916", "context": "", "note": "type: delimited block . 4", "flags": "no-wrap", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 280, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 4, "source_unit": "https://translate-dev.freebsd.org/api/units/361875/?format=api", "priority": 100, "id": 712782, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=ed3954a0e35f41f6", "url": "https://translate-dev.freebsd.org/api/units/712782/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-04-04T22:03:51.413705Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "Troubleshooting the MAC Framework" ], "previous_source": "", "target": [ "MAC 框架的故障排除" ], "id_hash": -8701660026775503718, "content_hash": -8701660026775503718, "location": "documentation/content/en/books/handbook/mac/_index.adoc:924", "context": "", "note": "type: Title ==", "flags": "no-wrap", "labels": [], "state": 20, "fuzzy": false, "translated": true, "approved": false, "position": 282, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 4, "source_unit": "https://translate-dev.freebsd.org/api/units/361879/?format=api", "priority": 100, "id": 712784, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=073d7e4f1bd47c9a", "url": "https://translate-dev.freebsd.org/api/units/712784/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-04-04T22:03:51.447259Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "This section discusses common configuration errors and how to resolve them." ], "previous_source": "", "target": [ "本节讨论常见的配置错误以及如何解决这些问题。" ], "id_hash": -3809885449249415795, "content_hash": -3809885449249415795, "location": "documentation/content/en/books/handbook/mac/_index.adoc:927", "context": "", "note": "type: delimited block = 4", "flags": "", "labels": [], "state": 20, "fuzzy": false, "translated": true, "approved": false, "position": 283, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 11, "source_unit": "https://translate-dev.freebsd.org/api/units/361881/?format=api", "priority": 100, "id": 712785, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=4b20915e9a8f1d8d", "url": "https://translate-dev.freebsd.org/api/units/712785/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-04-04T22:03:51.456030Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "The following steps may resolve this transient error:" ], "previous_source": "", "target": [ "以下步骤可以解决此暂时性错误:" ], "id_hash": 1360953320982565089, "content_hash": 1360953320982565089, "location": "documentation/content/en/books/handbook/mac/_index.adoc:930", "context": "", "note": "type: delimited block = 4", "flags": "", "labels": [], "state": 20, "fuzzy": false, "translated": true, "approved": false, "position": 285, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 8, "source_unit": "https://translate-dev.freebsd.org/api/units/361885/?format=api", "priority": 100, "id": 712787, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=92e313d5b50dd0e1", "url": "https://translate-dev.freebsd.org/api/units/712787/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-04-04T22:03:51.488675Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "Edit [.filename]#/etc/fstab# and set the root partition to `ro` for read-only." ], "previous_source": "", "target": [ "" ], "id_hash": 5720741249274245929, "content_hash": 5720741249274245929, "location": "documentation/content/en/books/handbook/mac/_index.adoc:934", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 286, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 11, "source_unit": "https://translate-dev.freebsd.org/api/units/361887/?format=api", "priority": 100, "id": 712788, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=cf6427db3eea7329", "url": "https://translate-dev.freebsd.org/api/units/712788/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-04-04T22:03:51.501162Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "Reboot into single user mode." ], "previous_source": "", "target": [ "重新启动到单用户模式。" ], "id_hash": -46773786927667937, "content_hash": -46773786927667937, "location": "documentation/content/en/books/handbook/mac/_index.adoc:935", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 20, "fuzzy": false, "translated": true, "approved": false, "position": 287, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 5, "source_unit": "https://translate-dev.freebsd.org/api/units/361889/?format=api", "priority": 100, "id": 712789, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=7f59d37d1560651f", "url": "https://translate-dev.freebsd.org/api/units/712789/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-04-04T22:03:51.540013Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "Run `tunefs -l enable` on [.filename]#/#." ], "previous_source": "", "target": [ "" ], "id_hash": -3709918071378585279, "content_hash": -3709918071378585279, "location": "documentation/content/en/books/handbook/mac/_index.adoc:936", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 288, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 6, "source_unit": "https://translate-dev.freebsd.org/api/units/361891/?format=api", "priority": 100, "id": 712790, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=4c83b92b89ad5941", "url": "https://translate-dev.freebsd.org/api/units/712790/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-04-04T22:03:51.556994Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "Reboot the system." ], "previous_source": "", "target": [ "重启系统。" ], "id_hash": 5849440081320399652, "content_hash": 5849440081320399652, "location": "documentation/content/en/books/handbook/mac/_index.adoc:937", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 20, "fuzzy": false, "translated": true, "approved": false, "position": 289, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 3, "source_unit": "https://translate-dev.freebsd.org/api/units/361893/?format=api", "priority": 100, "id": 712791, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=d12d62c32608d324", "url": "https://translate-dev.freebsd.org/api/units/712791/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-04-04T22:03:51.567847Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "Run `mount -urw`[.filename]#/# and change the `ro` back to `rw` in [.filename]#/etc/fstab# and reboot the system again." ], "previous_source": "", "target": [ "" ], "id_hash": -8393116598310016946, "content_hash": -8393116598310016946, "location": "documentation/content/en/books/handbook/mac/_index.adoc:938", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 290, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 17, "source_unit": "https://translate-dev.freebsd.org/api/units/361895/?format=api", "priority": 100, "id": 712792, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=0b85a8ec274be84e", "url": "https://translate-dev.freebsd.org/api/units/712792/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-04-04T22:03:51.589392Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "Double-check the output from `mount` to ensure that `multilabel` has been properly set on the root file system." ], "previous_source": "", "target": [ "" ], "id_hash": -2247515076003434529, "content_hash": -2247515076003434529, "location": "documentation/content/en/books/handbook/mac/_index.adoc:939", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 291, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 18, "source_unit": "https://translate-dev.freebsd.org/api/units/361897/?format=api", "priority": 100, "id": 712793, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=60cf38f23b7aefdf", "url": "https://translate-dev.freebsd.org/api/units/712793/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-04-04T22:03:51.599824Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "Check the error message. If the user is in the `insecure` class, the `partition` policy may be the culprit. Try setting the user's class back to the `default` class and rebuild the database with `cap_mkdb`. If this does not alleviate the problem, go to step two." ], "previous_source": "", "target": [ "" ], "id_hash": -3204961369006624841, "content_hash": -3204961369006624841, "location": "documentation/content/en/books/handbook/mac/_index.adoc:948", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 294, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 46, "source_unit": "https://translate-dev.freebsd.org/api/units/361903/?format=api", "priority": 100, "id": 712796, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=5385b09d9182afb7", "url": "https://translate-dev.freebsd.org/api/units/712796/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-04-04T22:03:51.651346Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "Double-check that the label policies are set correctly for the user, Xorg, and the [.filename]#/dev# entries." ], "previous_source": "", "target": [ "" ], "id_hash": 163969518794659783, "content_hash": 163969518794659783, "location": "documentation/content/en/books/handbook/mac/_index.adoc:949", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 295, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 16, "source_unit": "https://translate-dev.freebsd.org/api/units/361905/?format=api", "priority": 100, "id": 712797, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=8246896899bf57c7", "url": "https://translate-dev.freebsd.org/api/units/712797/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-04-04T22:03:51.674706Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "If neither of these resolve the problem, send the error message and a description of the environment to the {freebsd-questions}." ], "previous_source": "", "target": [ "" ], "id_hash": 4682233734352251976, "content_hash": 4682233734352251976, "location": "documentation/content/en/books/handbook/mac/_index.adoc:950", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 296, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 20, "source_unit": "https://translate-dev.freebsd.org/api/units/361907/?format=api", "priority": 100, "id": 712798, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=c0faa2c61b6aac48", "url": "https://translate-dev.freebsd.org/api/units/712798/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-04-04T22:03:51.689086Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "When this occurs, `whoami` returns `0` and `su` returns `who are you?`." ], "previous_source": "", "target": [ "" ], "id_hash": 7250201277476688868, "content_hash": 7250201277476688868, "location": "documentation/content/en/books/handbook/mac/_index.adoc:960", "context": "", "note": "type: delimited block = 4", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 300, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 12, "source_unit": "https://translate-dev.freebsd.org/api/units/361915/?format=api", "priority": 100, "id": 712802, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=e49de3a60e14d3e4", "url": "https://translate-dev.freebsd.org/api/units/712802/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-04-04T22:03:51.799282Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "This chapter focuses on the MAC framework and the set of pluggable security policy modules FreeBSD provides for enabling various security mechanisms" ], "previous_source": "", "target": [ "" ], "id_hash": -8721815742162511280, "content_hash": -8721815742162511280, "location": "documentation/content/en/books/handbook/mac/_index.adoc:1", "context": "", "note": "type: YAML Front Matter: description", "flags": "no-wrap", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 22, "source_unit": "https://translate-dev.freebsd.org/api/units/1181736/?format=api", "priority": 100, "id": 1181746, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=06f5e2caebfe5a50", "url": "https://translate-dev.freebsd.org/api/units/1181746/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-03T23:04:01.110172Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "FreeBSD supports security extensions based on the POSIX(R).1e draft. These security mechanisms include file system Access Control Lists (crossref:security[fs-acl,“Access Control Lists”]) and Mandatory Access Control (MAC). MAC allows access control modules to be loaded in order to implement security policies. Some modules provide protections for a narrow subset of the system, hardening a particular service. Others provide comprehensive labeled security across all subjects and objects. The mandatory part of the definition indicates that enforcement of controls is performed by administrators and the operating system. This is in contrast to the default security mechanism of Discretionary Access Control (DAC) where enforcement is left to the discretion of users." ], "previous_source": "", "target": [ "" ], "id_hash": -3400074394928423053, "content_hash": -3400074394928423053, "location": "documentation/content/en/books/handbook/mac/_index.adoc:62", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 6, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 107, "source_unit": "https://translate-dev.freebsd.org/api/units/1215180/?format=api", "priority": 100, "id": 1216000, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=50d0825a2863df73", "url": "https://translate-dev.freebsd.org/api/units/1216000/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:52.073971Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "Improper MAC configuration may cause loss of system access, aggravation of users, or inability to access the features provided by Xorg. More importantly, MAC should not be relied upon to completely secure a system. The MAC framework only augments an existing security policy. Without sound security practices and regular security checks, the system will never be completely secure." ], "previous_source": "", "target": [ "错误的<acronym>MAC</acronym>配置可能导致丧失系统访问权,激怒用户,或者无法访问<application>Xorg</application>提供的特性。更重要的是, <acronym>MAC</acronym> 不能用于彻底保护一个系统。<acronym>MAC</acronym> 框架仅用于增强现有安全策略。如果没有健全的安全条例以及定期的安全检查,系统将永远不会绝对安全。" ], "id_hash": -4671517744859340237, "content_hash": -4671517744859340237, "location": "documentation/content/en/books/handbook/mac/_index.adoc:85", "context": "", "note": "type: delimited block = 4", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 18, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 58, "source_unit": "https://translate-dev.freebsd.org/api/units/1215182/?format=api", "priority": 100, "id": 1216001, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=3f2b6f5c9fb9a233", "url": "https://translate-dev.freebsd.org/api/units/1216001/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:52.256681Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "The examples contained within this chapter are for demonstration purposes and the example settings should _not_ be implemented on a production system. Implementing any security policy takes a good deal of understanding, proper design, and thorough testing." ], "previous_source": "", "target": [ "本章中包含的示例仅用于演示,这些示例设置不应在生产系统中实施。实施任何安全策略都需要大量的理解、正确的设计和彻底的测试。" ], "id_hash": -4224321284030509012, "content_hash": -4224321284030509012, "location": "documentation/content/en/books/handbook/mac/_index.adoc:88", "context": "", "note": "type: delimited block = 4", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 19, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 37, "source_unit": "https://translate-dev.freebsd.org/api/units/1215184/?format=api", "priority": 100, "id": 1216002, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=4560322c703d502c", "url": "https://translate-dev.freebsd.org/api/units/1216002/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:52.272150Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "While this chapter covers a broad range of security issues relating to the MAC framework, the development of new MAC security policy modules will not be covered. A number of security policy modules included with the MAC framework have specific characteristics which are provided for both testing and new module development. Refer to man:mac_test[4], man:mac_stub[4] and man:mac_none[4] for more information on these security policy modules and the various mechanisms they provide." ], "previous_source": "", "target": [ "" ], "id_hash": 8240663052205809934, "content_hash": 8240663052205809934, "location": "documentation/content/en/books/handbook/mac/_index.adoc:93", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 20, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 71, "source_unit": "https://translate-dev.freebsd.org/api/units/1215186/?format=api", "priority": 100, "id": 1216003, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=f25cb7629469e10e", "url": "https://translate-dev.freebsd.org/api/units/1216003/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:52.280648Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "A MAC label is a security attribute which may be applied to subjects and objects throughout the system. When setting a label, the administrator must understand its implications in order to prevent unexpected or undesired behavior of the system. The attributes available on an object depend on the loaded policy module, as policy modules interpret their attributes in different ways." ], "previous_source": "", "target": [ "<acronym>MAC</acronym> 标签是一种安全属性,可以应用于整个系统中的主体和对象。在设置标签时,管理员必须了解其含义,以防止系统出现意外或不希望出现的行为。对象上可用的属性取决于加载的策略模块,因为策略模块以不同的方式解释其属性。" ], "id_hash": -8074675549764396232, "content_hash": -8074675549764396232, "location": "documentation/content/en/books/handbook/mac/_index.adoc:118", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 36, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 60, "source_unit": "https://translate-dev.freebsd.org/api/units/1215188/?format=api", "priority": 100, "id": 1216004, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=0ff0fd5e73c2db38", "url": "https://translate-dev.freebsd.org/api/units/1216004/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:52.546050Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "The security label on an object is used as a part of a security access control decision by a policy. With some policies, the label contains all of the information necessary to make a decision. In other policies, the labels may be processed as part of a larger rule set." ], "previous_source": "The security label on an object is used as a part of a security access control decision by a policy. With some policies, the label contains all of the information necessary to make a decision. In other policies, the labels may be processed as part of a larger rule set.", "target": [ "对象上的安全标签被策略作为安全访问控制决策的一部分。在某些策略中,标签包含了做出决定所需的所有信息。在其他策略中,标签可以作为一个更大的规则集的一部分来处理。" ], "id_hash": -5668210016399666281, "content_hash": -5668210016399666281, "location": "documentation/content/en/books/handbook/mac/_index.adoc:122", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 37, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 50, "source_unit": "https://translate-dev.freebsd.org/api/units/1215190/?format=api", "priority": 100, "id": 1216005, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=31567905842fd397", "url": "https://translate-dev.freebsd.org/api/units/1216005/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:52.554545Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "There are two types of label policies: single label and multi label. By default, the system will use single label. The administrator should be aware of the pros and cons of each in order to implement policies which meet the requirements of the system's security model." ], "previous_source": "There are two types of label policies: single label and multi label. By default, the system will use single label. The administrator should be aware of the pros and cons of each in order to implement policies which meet the requirements of the system's security model.", "target": [ "标签策略有两种:单标签和多标签。默认情况下,系统将使用单个标签。管理员应了解每种策略的利弊,以便实施符合系统安全模型要求的策略。" ], "id_hash": -3229731612656472055, "content_hash": -3229731612656472055, "location": "documentation/content/en/books/handbook/mac/_index.adoc:126", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 38, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 46, "source_unit": "https://translate-dev.freebsd.org/api/units/1215192/?format=api", "priority": 100, "id": 1216006, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=532db035cbc2f009", "url": "https://translate-dev.freebsd.org/api/units/1216006/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:52.566804Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "A single label security policy only permits one label to be used for every subject or object. Since a single label policy enforces one set of access permissions across the entire system, it provides lower administration overhead, but decreases the flexibility of policies which support labeling. However, in many environments, a single label policy may be all that is required." ], "previous_source": "A single label security policy only permits one label to be used for every subject or object. Since a single label policy enforces one set of access permissions across the entire system, it provides lower administration overhead, but decreases the flexibility of policies which support labeling. However, in many environments, a single label policy may be all that is required.", "target": [ "单标签安全策略只允许为每个主体或对象使用一个标签。由于单标签策略在整个系统中强制实施一组访问权限,因此可提供较低的管理开销,但降低了支持标记的策略的灵活性。但是,在许多环境中,可能需要单个标签策略。" ], "id_hash": 3927575558510892642, "content_hash": 3927575558510892642, "location": "documentation/content/en/books/handbook/mac/_index.adoc:130", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 39, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 60, "source_unit": "https://translate-dev.freebsd.org/api/units/1215194/?format=api", "priority": 100, "id": 1216007, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=b6818d29498c5662", "url": "https://translate-dev.freebsd.org/api/units/1216007/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:52.578642Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "A single label policy is somewhat similar to DAC as `root` configures the policies so that users are placed in the appropriate categories and access levels. A notable difference is that many policy modules can also restrict `root`. Basic control over objects will then be released to the group, but `root` may revoke or modify the settings at any time." ], "previous_source": "", "target": [ "" ], "id_hash": 1666766924843053845, "content_hash": 1666766924843053845, "location": "documentation/content/en/books/handbook/mac/_index.adoc:134", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 40, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 60, "source_unit": "https://translate-dev.freebsd.org/api/units/1215196/?format=api", "priority": 100, "id": 1216008, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=97218bafeea3f315", "url": "https://translate-dev.freebsd.org/api/units/1216008/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:52.659840Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "When appropriate, a multi label policy can be set on a UFS file system by passing `multilabel` to man:tunefs[8]. A multi label policy permits each subject or object to have its own independent MAC label. The decision to use a multi label or single label policy is only required for policies which implement the labeling feature, such as `biba`, `lomac`, and `mls`. Some policies, such as `seeotheruids`, `portacl` and `partition`, do not use labels at all." ], "previous_source": "", "target": [ "" ], "id_hash": 7487293114844059423, "content_hash": 7487293114844059423, "location": "documentation/content/en/books/handbook/mac/_index.adoc:139", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 41, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 76, "source_unit": "https://translate-dev.freebsd.org/api/units/1215198/?format=api", "priority": 100, "id": 1216009, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=e7e8356b2782171f", "url": "https://translate-dev.freebsd.org/api/units/1216009/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:52.667759Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "Using a multi label policy on a partition and establishing a multi label security model can increase administrative overhead as everything in that file system has a label. This includes directories, files, and even device nodes." ], "previous_source": "Using a multi label policy on a partition and establishing a multi label security model can increase administrative overhead as everything in that file system has a label. This includes directories, files, and even device nodes.", "target": [ "在分区上使用多标签策略并建立多标签安全模型可能会增加管理开销,因为该文件系统中的所有内容都有标签。这包括目录,文件,甚至设备节点。" ], "id_hash": 966357625383177768, "content_hash": 966357625383177768, "location": "documentation/content/en/books/handbook/mac/_index.adoc:142", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 42, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 36, "source_unit": "https://translate-dev.freebsd.org/api/units/1215200/?format=api", "priority": 100, "id": 1216010, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=8d693123eaf44e28", "url": "https://translate-dev.freebsd.org/api/units/1216010/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:52.675302Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "The following command will set `multilabel` on the specified UFS file system. This may only be done in single-user mode and is not a requirement for the swap file system:" ], "previous_source": "", "target": [ "" ], "id_hash": -5987107806046690754, "content_hash": -5987107806046690754, "location": "documentation/content/en/books/handbook/mac/_index.adoc:145", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 43, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 30, "source_unit": "https://translate-dev.freebsd.org/api/units/1215202/?format=api", "priority": 100, "id": 1216011, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=2ce9852be49e623e", "url": "https://translate-dev.freebsd.org/api/units/1216011/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:52.689765Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "Since the multi label policy is set on a per-file system basis, a multi label policy may not be needed if the file system layout is well designed. Consider an example security MAC model for a FreeBSD web server. This machine uses the single label, `biba/high`, for everything in the default file systems. If the web server needs to run at `biba/low` to prevent write up capabilities, it could be installed to a separate UFS [.filename]#/usr/local# file system set at `biba/low`." ], "previous_source": "", "target": [ "由于多标签策略是以文件系统为基础进行设置的,因此如果文件系统的布局设计得很好,就可能不需要多标签策略。考虑一个FreeBSD web服务器的安全<acronym>MAC</acronym>模型的例子。这台机器对默认文件系统中的所有内容都使用单一标签,<literal>biba/high</literal>。如果 web 服务器需要以 <literal>biba/low</literal> 的速度运行,以防止写出功能,它可以安装到一个单独的 <acronym>UFS</acronym> <filename>/usr/local</filename> 文件系统中,设置为 <literal>biba/low</literal>。" ], "id_hash": 2711433001370374667, "content_hash": 2711433001370374667, "location": "documentation/content/en/books/handbook/mac/_index.adoc:161", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 46, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 81, "source_unit": "https://translate-dev.freebsd.org/api/units/1215206/?format=api", "priority": 100, "id": 1216013, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=a5a0f1f2eef3d20b", "url": "https://translate-dev.freebsd.org/api/units/1216013/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:52.788110Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "Virtually all aspects of label policy module configuration will be performed using the base system utilities. These commands provide a simple interface for object or subject configuration or the manipulation and verification of the configuration." ], "previous_source": "Virtually all aspects of label policy module configuration will be performed using the base system utilities. These commands provide a simple interface for object or subject configuration or the manipulation and verification of the configuration.", "target": [ "实际上,标签策略模块配置的所有方面都将使用基本系统实用程序执行。 这些命令为对象或主题配置或配置的操作和验证提供了简单的界面。" ], "id_hash": 6692393966663197592, "content_hash": 6692393966663197592, "location": "documentation/content/en/books/handbook/mac/_index.adoc:166", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 48, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 35, "source_unit": "https://translate-dev.freebsd.org/api/units/1215208/?format=api", "priority": 100, "id": 1216014, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=dce028dad7ed6398", "url": "https://translate-dev.freebsd.org/api/units/1216014/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:52.847401Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "All configuration may be done using `setfmac`, which is used to set MAC labels on system objects, and `setpmac`, which is used to set the labels on system subjects. For example, to set the `biba` MAC label to `high` on [.filename]#test#:" ], "previous_source": "", "target": [ "" ], "id_hash": 8531926204125927620, "content_hash": 8531926204125927620, "location": "documentation/content/en/books/handbook/mac/_index.adoc:169", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 49, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 41, "source_unit": "https://translate-dev.freebsd.org/api/units/1215210/?format=api", "priority": 100, "id": 1216015, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=f6677dadb6c5d8c4", "url": "https://translate-dev.freebsd.org/api/units/1216015/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:52.869586Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "If the configuration is successful, the prompt will be returned without error. A common error is `Permission denied` which usually occurs when the label is being set or modified on a restricted object. Other conditions may produce different failures. For instance, the file may not be owned by the user attempting to relabel the object, the object may not exist, or the object may be read-only. A mandatory policy will not allow the process to relabel the file, maybe because of a property of the file, a property of the process, or a property of the proposed new label value. For example, if a user running at low integrity tries to change the label of a high integrity file, or a user running at low integrity tries to change the label of a low integrity file to a high integrity label, these operations will fail." ], "previous_source": "", "target": [ "如果配置成功,将不会返回错误提示。一个常见的错误是<errorname>Permission denied</errorname>,通常在设置或修改受限对象上的标签时发生。其他条件可能会产生不同的错误提示。例如,该文件可能不是试图重新标注对象的用户所拥有,该对象可能不存在,或者该对象可能只读。强制策略将不允许进程重新标记文件,可能是因为文件的属性、进程的属性或建议的新标签值的属性。例如,如果以低完整性运行的用户试图改变高完整性文件的标签,或者以低完整性运行的用户试图将低完整性文件的标签改变为高完整性标签,这些操作将失败。" ], "id_hash": -2874454054893430778, "content_hash": -2874454054893430778, "location": "documentation/content/en/books/handbook/mac/_index.adoc:181", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 51, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 145, "source_unit": "https://translate-dev.freebsd.org/api/units/1215212/?format=api", "priority": 100, "id": 1216016, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=581be3443ee55806", "url": "https://translate-dev.freebsd.org/api/units/1216016/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:52.881498Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "For currently running processes, such as sendmail, `getpmac` is usually used instead. This command takes a process ID (PID) in place of a command name. If users attempt to manipulate a file not in their access, subject to the rules of the loaded policy modules, the `Operation not permitted` error will be displayed." ], "previous_source": "", "target": [ "" ], "id_hash": 9217642849381416262, "content_hash": 9217642849381416262, "location": "documentation/content/en/books/handbook/mac/_index.adoc:196", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 54, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 53, "source_unit": "https://translate-dev.freebsd.org/api/units/1215214/?format=api", "priority": 100, "id": 1216017, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=ffeba55597cc7d46", "url": "https://translate-dev.freebsd.org/api/units/1216017/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:52.959159Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "Such policy modules include man:mac_biba[4], man:mac_mls[4] and man:mac_lomac[4]. Each of the predefined labels establishes a different information flow directive. Refer to the manual page of the module to determine the traits of the generic label configurations." ], "previous_source": "", "target": [ "" ], "id_hash": -27887070722510815, "content_hash": -27887070722510815, "location": "documentation/content/en/books/handbook/mac/_index.adoc:208", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 60, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 36, "source_unit": "https://translate-dev.freebsd.org/api/units/1215216/?format=api", "priority": 100, "id": 1216018, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=7f9cecdb5fc23021", "url": "https://translate-dev.freebsd.org/api/units/1216018/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:53.046578Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "The Biba and MLS policy modules support a numeric label which may be set to indicate the precise level of hierarchical control. This numeric level is used to partition or sort information into different groups of classification, only permitting access to that group or a higher group level. For example:" ], "previous_source": "", "target": [ "Biba 和<acronym>MLS</acronym>策略模块支持数字标签,该标签可以设置为指示分层控制的精确级别。此数字级别用于将信息分区或分类到不同的分类组中,仅允许访问该组或更高的组级别。例如:" ], "id_hash": 7647327100315939509, "content_hash": 7647327100315939509, "location": "documentation/content/en/books/handbook/mac/_index.adoc:214", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 62, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 50, "source_unit": "https://translate-dev.freebsd.org/api/units/1215218/?format=api", "priority": 100, "id": 1216019, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=ea20c37aff8cb2b5", "url": "https://translate-dev.freebsd.org/api/units/1216019/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:53.059013Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "In this example, the first grade would be considered the effective grade with effective compartments, the second grade is the low grade, and the last one is the high grade. In most configurations, such fine-grained settings are not needed as they are considered to be advanced configurations." ], "previous_source": "In this example, the first grade would be considered the effective grade with effective compartments, the second grade is the low grade, and the last one is the high grade. In most configurations, such fine-grained settings are not needed as they are considered to be advanced configurations.", "target": [ "在此示例中,一年级将被视为有效隔间的有效等级,第二级为低等级,最后一级为高等级。在大多数配置中,不需要这种细粒度设置,因为它们被视为高级配置。" ], "id_hash": -5916151113563780475, "content_hash": -5916151113563780475, "location": "documentation/content/en/books/handbook/mac/_index.adoc:224", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 65, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 47, "source_unit": "https://translate-dev.freebsd.org/api/units/1215220/?format=api", "priority": 100, "id": 1216020, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=2de59be8467fca85", "url": "https://translate-dev.freebsd.org/api/units/1216020/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:53.078129Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "System objects only have a current grade and compartment. System subjects reflect the range of available rights in the system, and network interfaces, where they are used for access control." ], "previous_source": "System objects only have a current grade and compartment. System subjects reflect the range of available rights in the system, and network interfaces, where they are used for access control.", "target": [ "系统对象只有当前等级和区间。系统主体反映系统中可用权限的范围,以及用于访问控制的网络接口。" ], "id_hash": 720356291898216437, "content_hash": 720356291898216437, "location": "documentation/content/en/books/handbook/mac/_index.adoc:227", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 66, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 30, "source_unit": "https://translate-dev.freebsd.org/api/units/1215222/?format=api", "priority": 100, "id": 1216021, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=89ff383b1a4f8ff5", "url": "https://translate-dev.freebsd.org/api/units/1216021/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:53.148180Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "The grade and compartments in a subject and object pair are used to construct a relationship known as _dominance_, in which a subject dominates an object, the object dominates the subject, neither dominates the other, or both dominate each other. The \"both dominate\" case occurs when the two labels are equal. Due to the information flow nature of Biba, a user has rights to a set of compartments that might correspond to projects, but objects also have a set of compartments. Users may have to subset their rights using `su` or `setpmac` in order to access objects in a compartment from which they are not restricted." ], "previous_source": "", "target": [ "" ], "id_hash": -1846691560302673981, "content_hash": -1846691560302673981, "location": "documentation/content/en/books/handbook/mac/_index.adoc:232", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 67, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 106, "source_unit": "https://translate-dev.freebsd.org/api/units/1215224/?format=api", "priority": 100, "id": 1216022, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=665f3bcf62727fc3", "url": "https://translate-dev.freebsd.org/api/units/1216022/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:53.162876Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "Users are required to have labels so that their files and processes properly interact with the security policy defined on the system. This is configured in [.filename]#/etc/login.conf# using login classes. Every policy module that uses labels will implement the user class setting." ], "previous_source": "", "target": [ "用户本身也需要设置标签, 以使其文件和进程能够正确地与系统上定义的安全策略互动, 这是通过使用登录分级在文件 <filename>login.conf</filename> 中配置的。 每个使用标签的策略模块都会进行用户分级设定。" ], "id_hash": -6387952209861339247, "content_hash": -6387952209861339247, "location": "documentation/content/en/books/handbook/mac/_index.adoc:238", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 69, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 42, "source_unit": "https://translate-dev.freebsd.org/api/units/1215226/?format=api", "priority": 100, "id": 1216023, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=27596f4f590b1791", "url": "https://translate-dev.freebsd.org/api/units/1216023/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:53.174615Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "To set the user class default label which will be enforced by MAC, add a `label` entry. An example `label` entry containing every policy module is displayed below. Note that in a real configuration, the administrator would never enable every policy module. It is recommended that the rest of this chapter be reviewed before any configuration is implemented." ], "previous_source": "", "target": [ "要设置将由<acronym>MAC</acronym>强制执行的用户类默认标签,添加<option>label</option>条目。示例<option>label</option>包含每个策略模块的标签条目如下所示。请注意,在实际配置中,管理员永远不会启用每个策略模块。建议在实施任何配置之前检查本章的其余部分。" ], "id_hash": -2155305427495614212, "content_hash": -2155305427495614212, "location": "documentation/content/en/books/handbook/mac/_index.adoc:243", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 70, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 58, "source_unit": "https://translate-dev.freebsd.org/api/units/1215228/?format=api", "priority": 100, "id": 1216024, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=6216d1220ba708fc", "url": "https://translate-dev.freebsd.org/api/units/1216024/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:53.181780Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "While users can not modify the default value, they may change their label after they login, subject to the constraints of the policy. The example above tells the Biba policy that a process's minimum integrity is `5`, its maximum is `15`, and the default effective label is `10`. The process will run at `10` until it chooses to change label, perhaps due to the user using `setpmac`, which will be constrained by Biba to the configured range." ], "previous_source": "", "target": [ "尽管用户无法修改默认值,但是他们可以在登录后根据策略的限制更改其标签。上面的示例告诉 Biba 策略,进程的最低完整性为<literal>5,</literal>最大值为<literal>15,</literal>默认有效标签为<literal>10</literal>。进程将在<literal>10</literal>处运行,直到它选择更改标签,这种情况可能是由于用户使用<command>setpmac</command>导致,该用户将被 Biba 约束在配置的范围。" ], "id_hash": -1548521091848775431, "content_hash": -1548521091848775431, "location": "documentation/content/en/books/handbook/mac/_index.adoc:274", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 72, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 77, "source_unit": "https://translate-dev.freebsd.org/api/units/1215230/?format=api", "priority": 100, "id": 1216025, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=6a828c45792758f9", "url": "https://translate-dev.freebsd.org/api/units/1216025/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:53.263049Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "Many sites have a large number of users requiring several different user classes. In depth planning is required as this can become difficult to manage." ], "previous_source": "Many sites have a large number of users requiring several different user classes. In depth planning is required as this can become difficult to manage.", "target": [ "许多站点有大量用户需要多个不同的用户类。需要仔细规划,因为这可能变得难以管理。" ], "id_hash": 5588457189332579165, "content_hash": 5588457189332579165, "location": "documentation/content/en/books/handbook/mac/_index.adoc:279", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 74, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 25, "source_unit": "https://translate-dev.freebsd.org/api/units/1215232/?format=api", "priority": 100, "id": 1216026, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=cd8e30346ca5735d", "url": "https://translate-dev.freebsd.org/api/units/1216026/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:53.276899Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "Labels may be set on network interfaces to help control the flow of data across the network. Policies using network interface labels function in the same way that policies function with respect to objects. Users at high settings in Biba, for example, will not be permitted to access network interfaces with a label of `low`." ], "previous_source": "", "target": [ "可以在网络接口上设置标签,以便控制网络中的数据流。使用网络接口标签的策略的功能与策略对对象的功能相同。例如,Biba 中的高设置的用户将不允许访问带有<literal>low</literal>标签的网络接口。" ], "id_hash": -5880426427094431204, "content_hash": -5880426427094431204, "location": "documentation/content/en/books/handbook/mac/_index.adoc:285", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 76, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 55, "source_unit": "https://translate-dev.freebsd.org/api/units/1215234/?format=api", "priority": 100, "id": 1216027, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=2e64875205378a1c", "url": "https://translate-dev.freebsd.org/api/units/1216027/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:53.347804Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "This example will set the MAC label of `biba/equal` on the `bge0` interface. When using a setting similar to `biba/high(low-high)`, the entire label should be quoted to prevent an error from being returned." ], "previous_source": "", "target": [ "" ], "id_hash": -6684600929455966377, "content_hash": -6684600929455966377, "location": "documentation/content/en/books/handbook/mac/_index.adoc:295", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 79, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 33, "source_unit": "https://translate-dev.freebsd.org/api/units/1215236/?format=api", "priority": 100, "id": 1216028, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=233b86df0687f757", "url": "https://translate-dev.freebsd.org/api/units/1216028/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:53.370146Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "Each policy module which supports labeling has a tunable which may be used to disable the MAC label on network interfaces. Setting the label to `equal` will have a similar effect. Review the output of `sysctl`, the policy manual pages, and the information in the rest of this chapter for more information on those tunables." ], "previous_source": "", "target": [ "" ], "id_hash": 3829759552726952458, "content_hash": 3829759552726952458, "location": "documentation/content/en/books/handbook/mac/_index.adoc:299", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 80, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 55, "source_unit": "https://translate-dev.freebsd.org/api/units/1215238/?format=api", "priority": 100, "id": 1216029, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=b5260a05b372ea0a", "url": "https://translate-dev.freebsd.org/api/units/1216029/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:53.377835Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "Before implementing any MAC policies, a planning phase is recommended. During the planning stages, an administrator should consider the implementation requirements and goals, such as:" ], "previous_source": "", "target": [ "建议在<acronym>MAC</acronym>策略之前先进行规划。在规划阶段,管理员应考虑实施要求和目标,例如:" ], "id_hash": 4616793093582416073, "content_hash": 4616793093582416073, "location": "documentation/content/en/books/handbook/mac/_index.adoc:305", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 82, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 25, "source_unit": "https://translate-dev.freebsd.org/api/units/1215240/?format=api", "priority": 100, "id": 1216030, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=c01224db9874e8c9", "url": "https://translate-dev.freebsd.org/api/units/1216030/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:53.455087Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "A trial run of the trusted system and its configuration should occur _before_ a MAC implementation is used on production systems. Since different environments have different needs and requirements, establishing a complete security profile will decrease the need of changes once the system goes live." ], "previous_source": "", "target": [ "" ], "id_hash": 7527558232117626920, "content_hash": 7527558232117626920, "location": "documentation/content/en/books/handbook/mac/_index.adoc:312", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 86, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 45, "source_unit": "https://translate-dev.freebsd.org/api/units/1215242/?format=api", "priority": 100, "id": 1216031, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=e877425453704828", "url": "https://translate-dev.freebsd.org/api/units/1216031/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:53.477620Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "Consider how the MAC framework augments the security of the system as a whole. The various security policy modules provided by the MAC framework could be used to protect the network and file systems or to block users from accessing certain ports and sockets. Perhaps the best use of the policy modules is to load several security policy modules at a time in order to provide a MLS environment. This approach differs from a hardening policy, which typically hardens elements of a system which are used only for specific purposes. The downside to MLS is increased administrative overhead." ], "previous_source": "", "target": [ "考虑<acronym>MAC</acronym>框架如何增强整个系统的安全性。<acronym>MAC</acronym>框架提供的各种安全策略模块可用于保护网络和文件系统或阻止用户访问某些端口和套接字。策略模块的最佳用途可能是一次加载多个安全策略模块,以便提供<acronym>MLS</acronym>环境。此方法不同于强化策略,后者通常强化系统仅用于特定目的的元素。<acronym>MLS</acronym>的缺点是管理开销增加。" ], "id_hash": 4040486085230281452, "content_hash": 4040486085230281452, "location": "documentation/content/en/books/handbook/mac/_index.adoc:318", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 87, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 98, "source_unit": "https://translate-dev.freebsd.org/api/units/1215244/?format=api", "priority": 100, "id": 1216032, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=b812b0afe60f42ec", "url": "https://translate-dev.freebsd.org/api/units/1216032/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:53.546878Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "The overhead is minimal when compared to the lasting effect of a framework which provides the ability to pick and choose which policies are required for a specific configuration and which keeps performance overhead down. The reduction of support for unneeded policies can increase the overall performance of the system as well as offer flexibility of choice. A good implementation would consider the overall security requirements and effectively implement the various security policy modules offered by the framework." ], "previous_source": "The overhead is minimal when compared to the lasting effect of a framework which provides the ability to pick and choose which policies are required for a specific configuration and which keeps performance overhead down. The reduction of support for unneeded policies can increase the overall performance of the system as well as offer flexibility of choice. A good implementation would consider the overall security requirements and effectively implement the various security policy modules offered by the framework.", "target": [ "与框架的持久效果相比,开销最小,该框架提供了选择特定配置所需的策略和降低性能开销的能力。减少对不需要的政策的支持可以提高系统的整体性能,并提供选择的灵活性。良好的实施将考虑总体安全要求,并有效地实施框架提供的各种安全策略模块。" ], "id_hash": 3127861410786901087, "content_hash": 3127861410786901087, "location": "documentation/content/en/books/handbook/mac/_index.adoc:322", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 88, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 78, "source_unit": "https://translate-dev.freebsd.org/api/units/1215246/?format=api", "priority": 100, "id": 1216033, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=ab686561889afc5f", "url": "https://translate-dev.freebsd.org/api/units/1216033/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:53.557653Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "A system utilizing MAC guarantees that a user will not be permitted to change security attributes at will. All user utilities, programs, and scripts must work within the constraints of the access rules provided by the selected security policy modules and control of the MAC access rules is in the hands of the system administrator." ], "previous_source": "", "target": [ "使用<acronym>MAC</acronym>的系统保证不允许用户随时更改安全属性。所有用户实用程序、程序和脚本必须在所选安全策略模块提供的访问规则的约束范围内工作,<acronym>MAC</acronym>访问规则的控制由系统管理员负责。" ], "id_hash": -5188191311149629977, "content_hash": -5188191311149629977, "location": "documentation/content/en/books/handbook/mac/_index.adoc:325", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 89, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 55, "source_unit": "https://translate-dev.freebsd.org/api/units/1215248/?format=api", "priority": 100, "id": 1216034, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=37ffd77da0287de7", "url": "https://translate-dev.freebsd.org/api/units/1216034/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:53.570709Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbookmac_index/zh_CN/?format=api", "source": [ "It is the duty of the system administrator to carefully select the correct security policy modules. For an environment that needs to limit access control over the network, the man:mac_portacl[4], man:mac_ifoff[4], and man:mac_biba[4] policy modules make good starting points. For an environment where strict confidentiality of file system objects is required, consider the man:mac_bsdextended[4] and man:mac_mls[4] policy modules." ], "previous_source": "", "target": [ "" ], "id_hash": 9004375605756115487, "content_hash": 9004375605756115487, "location": "documentation/content/en/books/handbook/mac/_index.adoc:329", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 90, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 58, "source_unit": "https://translate-dev.freebsd.org/api/units/1215250/?format=api", "priority": 100, "id": 1216035, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbookmac_index/zh_CN/?checksum=fcf5f7e7fd493a1f", "url": "https://translate-dev.freebsd.org/api/units/1216035/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:02:53.581026Z" } ] }