diff --git a/po/de/LC_MESSAGES/available-runtimes.po b/po/de/LC_MESSAGES/available-runtimes.po index 3605551e..60083e40 100644 --- a/po/de/LC_MESSAGES/available-runtimes.po +++ b/po/de/LC_MESSAGES/available-runtimes.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-12-01 08:17+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2018-05-20 10:36-0400\n" "Last-Translator: Copied by Zanata \n" "Language: de\n" @@ -17,7 +17,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.16.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../available-runtimes.rst:2 msgid "Available Runtimes" @@ -157,7 +157,7 @@ msgid "" "Major version releases of the runtime are synced with `GNOME releases " "`_ and are announced on `GNOME " "Discourse `_. Usually a " -"given branch of the runtime is supported for an year and EOL-ed upon the " +"given branch of the runtime is supported for a year and EOL-ed upon the " "release of a newstable version." msgstr "" @@ -515,3 +515,15 @@ msgstr "" #~ " ``io.elementary.Platform``" #~ msgstr "" +#~ msgid "" +#~ "Major version releases of the runtime" +#~ " are synced with `GNOME releases " +#~ "`_ and are " +#~ "announced on `GNOME Discourse " +#~ "`_. Usually " +#~ "a given branch of the runtime is" +#~ " supported for an year and EOL-" +#~ "ed upon the release of a newstable" +#~ " version." +#~ msgstr "" + diff --git a/po/de/LC_MESSAGES/electron.po b/po/de/LC_MESSAGES/electron.po index 58af4022..ed2f042b 100644 --- a/po/de/LC_MESSAGES/electron.po +++ b/po/de/LC_MESSAGES/electron.po @@ -9,14 +9,14 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-03-13 09:30+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../electron.rst:2 msgid "Electron" @@ -40,11 +40,10 @@ msgstr "" #: ../../electron.rst:13 msgid "" "The guide walks through the `manifest file `_ of the `sample Electron Flatpak application " -"`_. Before you start, it " -"is a good idea to take a look at this, either online or by downloading " -"the application." +"/electron-sample-app/blob/master/org.flathub.electron-sample-app.yml>`_ " +"of the `sample Electron Flatpak application `_. Before you start, it is a good idea to take a " +"look at this, either online or by downloading the application." msgstr "" #: ../../electron.rst:22 @@ -60,43 +59,42 @@ msgstr "" #: ../../electron.rst:27 msgid "" "To get setup for the build, download or clone the sample app from GitHub," -" and navigate to the ``/flatpak`` directory in the terminal. Then to " -"build::" +" and navigate to the project directory in the terminal. Then to build::" msgstr "" -#: ../../electron.rst:33 +#: ../../electron.rst:32 msgid "Finally, the application can be run with::" msgstr "" -#: ../../electron.rst:38 +#: ../../electron.rst:37 msgid "Basic configuration" msgstr "" -#: ../../electron.rst:40 +#: ../../electron.rst:39 msgid "" "The first part of the sample application's manifest specifies the " "application's ID. It also configures the runtime and SDK:" msgstr "" -#: ../../electron.rst:50 +#: ../../electron.rst:49 msgid "" "The Freedesktop runtime is generally the best runtime to use with " "Electron applications, since it is the most minimal runtime, and other " "dependencies will be specific to Electron itself." msgstr "" -#: ../../electron.rst:55 +#: ../../electron.rst:54 msgid "The Electron BaseApp" msgstr "" -#: ../../electron.rst:57 +#: ../../electron.rst:56 msgid "" "Next, the manifest specifies that the Electron BaseApp should be used, by" " specifying the ``base`` and ``base-version`` properties in the " "application manifest:" msgstr "" -#: ../../electron.rst:66 +#: ../../electron.rst:65 msgid "" "BaseApps are described in :doc:`dependencies`. Using the Electron base " "app is much faster and more convenient than manually building Electron " @@ -105,44 +103,44 @@ msgid "" "saved once on disk." msgstr "" -#: ../../electron.rst:72 +#: ../../electron.rst:71 msgid "The Node.js SDK extension" msgstr "" -#: ../../electron.rst:74 +#: ../../electron.rst:73 msgid "" "In order to build Electron-based apps, you need Node.js available at " "build time. Flathub provides Node.js LTS versions as extensions for the " "SDK, so you can install one of them and add it in your apps' manifest:" msgstr "" -#: ../../electron.rst:83 +#: ../../electron.rst:82 msgid "Enable the extension by adding it to ``PATH``:" msgstr "" -#: ../../electron.rst:90 +#: ../../electron.rst:89 msgid "" "Note that the extension name (last portion of reverse-dns notation, " "``node18`` in this example) must be the same in ``sdk-extensions`` and " "``append-path``." msgstr "" -#: ../../electron.rst:94 +#: ../../electron.rst:93 msgid "Command" msgstr "" -#: ../../electron.rst:96 +#: ../../electron.rst:95 msgid "" "The ``command`` property indicates that a script called ``run.sh`` is to " "be executed to run the application. This will be explained in further " "detail later." msgstr "" -#: ../../electron.rst:105 +#: ../../electron.rst:104 msgid "Sandbox permissions" msgstr "" -#: ../../electron.rst:107 +#: ../../electron.rst:106 msgid "" "The standard sandbox :ref:`sandbox-permissions:Permissions guidelines` " "also apply to Electron applications. However, Electron's Wayland support " @@ -151,13 +149,13 @@ msgid "" "Wayland session and nothing else is required." msgstr "" -#: ../../electron.rst:113 +#: ../../electron.rst:112 msgid "" "The sample app also configures PulseAudio for sound and enables network " "access:" msgstr "" -#: ../../electron.rst:126 +#: ../../electron.rst:125 msgid "" "To allow experimental `native Wayland` support in Electron>=20, the " "``--ozone-platform-hint=auto`` flag can be passed to the program. `auto` " @@ -165,31 +163,31 @@ msgid "" " Xwayland or X11 otherwise." msgstr "" -#: ../../electron.rst:131 +#: ../../electron.rst:130 msgid "" "It's recommended to leave actually `enabling` Wayland up to the user for " "now, i.e. set ``--socket=x11`` in the manifest. Wayland can then be " "tested with::" msgstr "" -#: ../../electron.rst:137 +#: ../../electron.rst:136 msgid "Enable native Wayland support by default" msgstr "" -#: ../../electron.rst:141 +#: ../../electron.rst:140 msgid "" "Native Wayland support in Electron is still experimental and often " "unstable. It is advised to stick with the X11/Xwayland configuration " "above as the default." msgstr "" -#: ../../electron.rst:145 +#: ../../electron.rst:144 msgid "" "To make native Wayland the `default` for users, ``--socket=fallback-x11``" " and ``--socket=wayland`` must be used in the manifest." msgstr "" -#: ../../electron.rst:148 +#: ../../electron.rst:147 msgid "" "For Electron versions between 17 and 27, client-side window decorations " "under native Wayland can be enabled by passing ``--enable-" @@ -197,7 +195,7 @@ msgid "" " Electron , this isn't necessary anymore." msgstr "" -#: ../../electron.rst:153 +#: ../../electron.rst:152 msgid "" "Electron uses ``libnotify`` on Linux to provide desktop notifications. " "`Since version 0.8.0 " @@ -210,18 +208,18 @@ msgid "" "``libnotify>=0.8.0`` since ``branch/23.08``." msgstr "" -#: ../../electron.rst:160 +#: ../../electron.rst:159 msgid "" "To ensure proper mouse cursor scaling on HiDPI displays under Wayland, " "the ``XCURSOR_PATH`` environment variable must be set to the host's " "corresponding directories:" msgstr "" -#: ../../electron.rst:172 +#: ../../electron.rst:171 msgid "Using correct desktop file name" msgstr "" -#: ../../electron.rst:174 +#: ../../electron.rst:173 #, python-brace-format msgid "" "It's important for Linux applications to set the correct desktop file " @@ -233,15 +231,16 @@ msgid "" "\"com.example.MyApp.desktop\"``." msgstr "" -#: ../../electron.rst:178 +#: ../../electron.rst:177 #, python-brace-format msgid "" -"In case you repack a binary, you can use the ``patch-desktop-filename`` " -"script provided by the BaseApp. Each Electron binary ships with " -"``resources/app.asar`` file. You need to call ``patch-desktop-filename`` " -"with this file as argument. If your application is installed under " -"``${FLATPAK_DEST}/my-app`` you need to run ``patch-desktop-filename " -"${FLATPAK_DEST}/my-app/resources/app.asar``." +"In case you repack a binary, you can use the `patch-electron-desktop-" +"filename `_ tool included in the BaseApp. Each Electron binary ships " +"with ``resources/app.asar`` file. You need to call ``patch-desktop-" +"filename`` with this file as argument. If your application is installed " +"under ``${FLATPAK_DEST}/my-app`` you need to run ``patch-desktop-filename" +" ${FLATPAK_DEST}/my-app/resources/app.asar``." msgstr "" #: ../../electron.rst:183 @@ -586,3 +585,37 @@ msgstr "" #~ "on ``$PATH``:" #~ msgstr "" +#~ msgid "" +#~ "The guide walks through the `manifest" +#~ " file `_ of the `sample Electron " +#~ "Flatpak application `_. Before you start," +#~ " it is a good idea to take " +#~ "a look at this, either online or" +#~ " by downloading the application." +#~ msgstr "" + +#~ msgid "" +#~ "To get setup for the build, " +#~ "download or clone the sample app " +#~ "from GitHub, and navigate to the " +#~ "``/flatpak`` directory in the terminal. " +#~ "Then to build::" +#~ msgstr "" + +#~ msgid "" +#~ "In case you repack a binary, you" +#~ " can use the ``patch-desktop-" +#~ "filename`` script provided by the " +#~ "BaseApp. Each Electron binary ships with" +#~ " ``resources/app.asar`` file. You need to" +#~ " call ``patch-desktop-filename`` with " +#~ "this file as argument. If your " +#~ "application is installed under " +#~ "``${FLATPAK_DEST}/my-app`` you need to " +#~ "run ``patch-desktop-filename ${FLATPAK_DEST" +#~ "}/my-app/resources/app.asar``." +#~ msgstr "" + diff --git a/po/de/LC_MESSAGES/extension.po b/po/de/LC_MESSAGES/extension.po index 68903d70..86606028 100644 --- a/po/de/LC_MESSAGES/extension.po +++ b/po/de/LC_MESSAGES/extension.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-08-31 14:40+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: de\n" @@ -18,7 +18,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../extension.rst:2 msgid "Extensions" @@ -62,14 +62,14 @@ msgstr "" #: ../../extension.rst:25 msgid "" "``.Debug, .Locale, .Sources`` extensions created by Flatpak builder do " -"not need to be specified manually. These are automaitcally created and " +"not need to be specified manually. These are automatically created and " "loaded if installed." msgstr "" #: ../../extension.rst:29 msgid "" "Note that, ``.Locale`` extensions are by default only partially installed" -" (only for the configued languages) by Flatpak. To install the full " +" (only for the configured languages) by Flatpak. To install the full " "locale extension ``flatpak update --subpath= $FLATPAK_ID.Locale`` can be " "used." msgstr "" @@ -330,7 +330,7 @@ msgstr "" #: ../../extension.rst:218 msgid "" "Some extensions are installed automatically by the runtime based on " -"certain conditions and these do not need be added to application " +"certain conditions and these do not need to be added to application " "manifests. Please see below for the purpose of extensions or extension " "points defined in the runtime. Similarly extensions created by Flatpak " "builder like ``.Locale, .Debug`` also do not need to be in application " @@ -991,3 +991,33 @@ msgstr "" #~ "````org.kde.Platform//5.15-24.08`` is ``24.08``." #~ msgstr "" +#~ msgid "" +#~ "``.Debug, .Locale, .Sources`` extensions " +#~ "created by Flatpak builder do not " +#~ "need to be specified manually. These " +#~ "are automaitcally created and loaded if" +#~ " installed." +#~ msgstr "" + +#~ msgid "" +#~ "Note that, ``.Locale`` extensions are by" +#~ " default only partially installed (only " +#~ "for the configued languages) by Flatpak." +#~ " To install the full locale extension" +#~ " ``flatpak update --subpath= $FLATPAK_ID.Locale``" +#~ " can be used." +#~ msgstr "" + +#~ msgid "" +#~ "Some extensions are installed automatically" +#~ " by the runtime based on certain " +#~ "conditions and these do not need " +#~ "be added to application manifests. " +#~ "Please see below for the purpose " +#~ "of extensions or extension points " +#~ "defined in the runtime. Similarly " +#~ "extensions created by Flatpak builder " +#~ "like ``.Locale, .Debug`` also do not " +#~ "need to be in application manifest." +#~ msgstr "" + diff --git a/po/de/LC_MESSAGES/flatpak-devel.po b/po/de/LC_MESSAGES/flatpak-devel.po index 6fe58fa1..fe7af3fd 100644 --- a/po/de/LC_MESSAGES/flatpak-devel.po +++ b/po/de/LC_MESSAGES/flatpak-devel.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-06-30 14:59+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: de\n" @@ -18,7 +18,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../flatpak-devel.rst:2 msgid "Flatpak as a developer platform" @@ -59,7 +59,7 @@ msgstr "" #: ../../flatpak-devel.rst:23 msgid "" -"`Flatpak Github Actions `_ can be used for GitHub." msgstr "" @@ -349,3 +349,9 @@ msgstr "" #~ msgid "Parallel nigthly and stable applications" #~ msgstr "" +#~ msgid "" +#~ "`Flatpak Github Actions `_ can " +#~ "be used for GitHub." +#~ msgstr "" + diff --git a/po/de/LC_MESSAGES/module-sources.po b/po/de/LC_MESSAGES/module-sources.po index 781a082d..cac961e3 100644 --- a/po/de/LC_MESSAGES/module-sources.po +++ b/po/de/LC_MESSAGES/module-sources.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-12-01 08:05+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: de\n" @@ -18,7 +18,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.16.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../module-sources.rst:2 msgid "Module Sources" @@ -420,6 +420,7 @@ msgid "" msgstr "" #: ../../module-sources.rst:475 +#, python-brace-format msgid "" "The last line creates an empty symlink from ``${FLATPAK_DEST}/extra/`` to" " ``${FLATPAK_DEST}/bin/`` so that the executable is found in ``$PATH`` " @@ -448,6 +449,7 @@ msgid "" msgstr "" #: ../../module-sources.rst:499 +#, python-brace-format msgid "" "The commands needed to extract the snap are specified in the " "``apply_extra`` script. These can be any shell commands that run when " @@ -504,7 +506,7 @@ msgstr "" #: ../../module-sources.rst:573 msgid "" "``path`` should be the path of the local directory relative to the " -"manifest root path, whoose contents will be copied during build." +"manifest root path, whose contents will be copied during build." msgstr "" #: ../../module-sources.rst:587 @@ -516,3 +518,10 @@ msgid "" "them." msgstr "" +#~ msgid "" +#~ "``path`` should be the path of the" +#~ " local directory relative to the " +#~ "manifest root path, whoose contents will" +#~ " be copied during build." +#~ msgstr "" + diff --git a/po/de/LC_MESSAGES/sandbox-permissions.po b/po/de/LC_MESSAGES/sandbox-permissions.po index 243b5c10..8006e818 100644 --- a/po/de/LC_MESSAGES/sandbox-permissions.po +++ b/po/de/LC_MESSAGES/sandbox-permissions.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-08-31 14:40+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2018-05-20 10:36-0400\n" "Last-Translator: Copied by Zanata \n" "Language: de\n" @@ -17,7 +17,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../sandbox-permissions.rst:2 msgid "Sandbox Permissions" @@ -229,7 +229,17 @@ msgid "" "clients or SSH frontends." msgstr "" -#: ../../sandbox-permissions.rst:105 +#: ../../sandbox-permissions.rst:102 +msgid "" +"``--socket=inherit-wayland-socket`` - Inherit the ``$WAYLAND_SOCKET`` " +"environment variable from the parent process (for example, the " +"compositor). This is not commonly needed unless the application needs " +"access to the parent process’ Wayland state. Input method applications " +"may need this. It’s a very sensitive permission as it prevents Wayland " +"client state from being sandboxed." +msgstr "" + +#: ../../sandbox-permissions.rst:111 msgid "" "Applications that do not support native Wayland should use only " "``--socket=x11`` and applications that do, should use " @@ -238,26 +248,26 @@ msgid "" "Wayland sessions of the desktop environment." msgstr "" -#: ../../sandbox-permissions.rst:111 +#: ../../sandbox-permissions.rst:117 msgid "``--socket=wayland`` - Show windows with Wayland" msgstr "" -#: ../../sandbox-permissions.rst:112 +#: ../../sandbox-permissions.rst:118 msgid "``--socket=x11`` - Show windows using X11" msgstr "" -#: ../../sandbox-permissions.rst:113 +#: ../../sandbox-permissions.rst:119 msgid "" "``--socket=fallback-x11`` - Show windows using X11, if Wayland is not " "available, overrides ``x11`` socket permission. Note that you must still " "use ``--socket=wayland`` for wayland permission" msgstr "" -#: ../../sandbox-permissions.rst:118 +#: ../../sandbox-permissions.rst:124 msgid "D-Bus access" msgstr "" -#: ../../sandbox-permissions.rst:120 +#: ../../sandbox-permissions.rst:126 msgid "" "D-Bus access is filtered by default. The default policy for the session " "bus only allows the application to own its own namespace named by " @@ -269,315 +279,330 @@ msgid "" "``org.freedesktop.portal.*``." msgstr "" -#: ../../sandbox-permissions.rst:128 +#: ../../sandbox-permissions.rst:134 msgid "" "Access to the entire bus with ``--socket=system-bus`` or ``--socket" "=session-bus`` stops the filtering and using them is a security risk. So " "they must be avoided, unless the application is a development tool." msgstr "" -#: ../../sandbox-permissions.rst:133 +#: ../../sandbox-permissions.rst:139 msgid "" "``flatpak run --log-session-bus $FLATPAK_ID`` can be used to find the " "specific D-Bus permissions needed. See :ref:`debugging:Audit session or " "system bus traffic` for more information." msgstr "" -#: ../../sandbox-permissions.rst:137 +#: ../../sandbox-permissions.rst:143 msgid "**Ownership**" msgstr "" -#: ../../sandbox-permissions.rst:139 +#: ../../sandbox-permissions.rst:145 msgid "" "Any ownership beyond what is granted by default ie. own namespace and " "``org.mpris.MediaPlayer2.$FLATPAK_ID`` is typically unnecessary although " "there can be exceptions." msgstr "" -#: ../../sandbox-permissions.rst:143 +#: ../../sandbox-permissions.rst:149 msgid "**Talk**" msgstr "" -#: ../../sandbox-permissions.rst:145 +#: ../../sandbox-permissions.rst:151 msgid "It is recommended to use the minimum required talk-name permissions." msgstr "" -#: ../../sandbox-permissions.rst:148 +#: ../../sandbox-permissions.rst:154 msgid "Filesystem access" msgstr "" -#: ../../sandbox-permissions.rst:150 +#: ../../sandbox-permissions.rst:156 msgid "" "As a general rule, static and permanent filesystem access should be " "limited as much as possible. This includes:" msgstr "" -#: ../../sandbox-permissions.rst:153 +#: ../../sandbox-permissions.rst:159 msgid "" "Using portals as an alternative to blanket filesystem access, wherever " "possible." msgstr "" -#: ../../sandbox-permissions.rst:155 +#: ../../sandbox-permissions.rst:161 msgid "Using read-only access wherever possible, using the ``:ro`` option." msgstr "" -#: ../../sandbox-permissions.rst:156 +#: ../../sandbox-permissions.rst:162 msgid "" "Using :ref:`conventions:XDG base directories` to store application's " "cache, config and state. Then no additional filesystem access would be " "required." msgstr "" -#: ../../sandbox-permissions.rst:159 +#: ../../sandbox-permissions.rst:165 msgid "" "Avoiding full home access and instead using XDG directories such as " "``xdg-music`` or ``xdg-download`` etc." msgstr "" -#: ../../sandbox-permissions.rst:162 +#: ../../sandbox-permissions.rst:168 msgid "The following permission options are available:" msgstr "" -#: ../../sandbox-permissions.rst:164 +#: ../../sandbox-permissions.rst:170 msgid "``:ro`` - read-only access" msgstr "" -#: ../../sandbox-permissions.rst:165 +#: ../../sandbox-permissions.rst:171 msgid "" "``:create`` - read/write access, and create the directory if it doesn't " "exist" msgstr "" -#: ../../sandbox-permissions.rst:168 +#: ../../sandbox-permissions.rst:174 msgid "Additionally the following permissions are available:" msgstr "" -#: ../../sandbox-permissions.rst:171 +#: ../../sandbox-permissions.rst:177 +msgid "``host-root``" +msgstr "" + +#: ../../sandbox-permissions.rst:177 +msgid "" +"Complete host operating system with no exclusions mounted at " +"``/run/host/root`` inside the sandbox. (v1.17.0+)" +msgstr "" + +#: ../../sandbox-permissions.rst:178 msgid "``host``" msgstr "" -#: ../../sandbox-permissions.rst:171 +#: ../../sandbox-permissions.rst:178 msgid "" -"Access to ``/home, /media, /opt, /run/media, /srv`` and everything " -"provided by ``host-os, host-etc`` mounted in ``/run/host``" +"Access to all toplevel paths and subpaths of ``/`` except some reserved " +"paths listed below." msgstr "" -#: ../../sandbox-permissions.rst:171 ../../sandbox-permissions.rst:175 -#: ../../sandbox-permissions.rst:176 -msgid "Includes any subpaths" +#: ../../sandbox-permissions.rst:178 +msgid "" +"Paths provided by ``host-etc, host-os`` are mounted at ``/run/host`` as " +"explained below." msgstr "" -#: ../../sandbox-permissions.rst:172 +#: ../../sandbox-permissions.rst:179 msgid "``host-etc``" msgstr "" -#: ../../sandbox-permissions.rst:172 +#: ../../sandbox-permissions.rst:179 msgid "Host's ``/etc``" msgstr "" -#: ../../sandbox-permissions.rst:172 +#: ../../sandbox-permissions.rst:179 msgid "Host's ``/etc`` is mounted at ``/run/host/etc``" msgstr "" -#: ../../sandbox-permissions.rst:173 +#: ../../sandbox-permissions.rst:180 msgid "``host-os``" msgstr "" -#: ../../sandbox-permissions.rst:173 +#: ../../sandbox-permissions.rst:180 #, python-brace-format msgid "" "Host's ``/usr, /bin, /sbin, /lib{32, 64}, /etc/ld.so.cache, " "/etc/alternatives``" msgstr "" -#: ../../sandbox-permissions.rst:173 +#: ../../sandbox-permissions.rst:180 msgid "Mounted at ``/run/host``" msgstr "" -#: ../../sandbox-permissions.rst:174 +#: ../../sandbox-permissions.rst:181 msgid "``home``" msgstr "" -#: ../../sandbox-permissions.rst:174 +#: ../../sandbox-permissions.rst:181 msgid "Access the home directory" msgstr "" -#: ../../sandbox-permissions.rst:174 +#: ../../sandbox-permissions.rst:181 msgid "Except ``~/.var/app``" msgstr "" -#: ../../sandbox-permissions.rst:175 +#: ../../sandbox-permissions.rst:182 msgid "``/some/dir``" msgstr "" -#: ../../sandbox-permissions.rst:175 +#: ../../sandbox-permissions.rst:182 msgid "Access an arbitrary path except any reserved path" msgstr "" -#: ../../sandbox-permissions.rst:176 +#: ../../sandbox-permissions.rst:182 ../../sandbox-permissions.rst:183 +msgid "Includes any subpaths" +msgstr "" + +#: ../../sandbox-permissions.rst:183 msgid "``~/some/dir``" msgstr "" -#: ../../sandbox-permissions.rst:176 +#: ../../sandbox-permissions.rst:183 msgid "Arbitrary path relative to the home directory" msgstr "" -#: ../../sandbox-permissions.rst:177 +#: ../../sandbox-permissions.rst:184 msgid "``xdg-desktop``" msgstr "" -#: ../../sandbox-permissions.rst:177 +#: ../../sandbox-permissions.rst:184 msgid "Access the XDG desktop directory" msgstr "" -#: ../../sandbox-permissions.rst:177 +#: ../../sandbox-permissions.rst:184 msgid "``$XDG_DESKTOP_DIR`` or ``$HOME/Desktop``" msgstr "" -#: ../../sandbox-permissions.rst:178 +#: ../../sandbox-permissions.rst:185 msgid "``xdg-documents``" msgstr "" -#: ../../sandbox-permissions.rst:178 +#: ../../sandbox-permissions.rst:185 msgid "Access the XDG documents directory" msgstr "" -#: ../../sandbox-permissions.rst:178 +#: ../../sandbox-permissions.rst:185 msgid "``$XDG_DOCUMENTS_DIR`` or ``$HOME/Documents``" msgstr "" -#: ../../sandbox-permissions.rst:179 +#: ../../sandbox-permissions.rst:186 msgid "``xdg-download``" msgstr "" -#: ../../sandbox-permissions.rst:179 +#: ../../sandbox-permissions.rst:186 msgid "Access the XDG download directory" msgstr "" -#: ../../sandbox-permissions.rst:179 +#: ../../sandbox-permissions.rst:186 msgid "``$XDG_DOWNLOAD_DIR`` or ``$HOME/Downloads``" msgstr "" -#: ../../sandbox-permissions.rst:180 +#: ../../sandbox-permissions.rst:187 msgid "``xdg-music``" msgstr "" -#: ../../sandbox-permissions.rst:180 +#: ../../sandbox-permissions.rst:187 msgid "Access the XDG music directory" msgstr "" -#: ../../sandbox-permissions.rst:180 +#: ../../sandbox-permissions.rst:187 msgid "``$XDG_MUSIC_DIR`` or ``$HOME/Music``" msgstr "" -#: ../../sandbox-permissions.rst:181 +#: ../../sandbox-permissions.rst:188 msgid "``xdg-pictures``" msgstr "" -#: ../../sandbox-permissions.rst:181 +#: ../../sandbox-permissions.rst:188 msgid "Access the XDG pictures directory" msgstr "" -#: ../../sandbox-permissions.rst:181 +#: ../../sandbox-permissions.rst:188 msgid "``$XDG_PICTURES_DIR`` or ``$HOME/Pictures``" msgstr "" -#: ../../sandbox-permissions.rst:182 +#: ../../sandbox-permissions.rst:189 msgid "``xdg-public-share``" msgstr "" -#: ../../sandbox-permissions.rst:182 +#: ../../sandbox-permissions.rst:189 msgid "Access the XDG public directory" msgstr "" -#: ../../sandbox-permissions.rst:182 +#: ../../sandbox-permissions.rst:189 msgid "``$XDG_PUBLICSHARE_DIR`` or ``$HOME/Public``" msgstr "" -#: ../../sandbox-permissions.rst:183 +#: ../../sandbox-permissions.rst:190 msgid "``xdg-videos``" msgstr "" -#: ../../sandbox-permissions.rst:183 +#: ../../sandbox-permissions.rst:190 msgid "Access the XDG videos directory" msgstr "" -#: ../../sandbox-permissions.rst:183 +#: ../../sandbox-permissions.rst:190 msgid "``$XDG_VIDEOS_DIR`` or ``$HOME/Videos``" msgstr "" -#: ../../sandbox-permissions.rst:184 +#: ../../sandbox-permissions.rst:191 msgid "``xdg-templates``" msgstr "" -#: ../../sandbox-permissions.rst:184 +#: ../../sandbox-permissions.rst:191 msgid "Access the XDG templates directory" msgstr "" -#: ../../sandbox-permissions.rst:184 +#: ../../sandbox-permissions.rst:191 msgid "``$XDG_TEMPLATES_DIR`` or ``$HOME/Templates``" msgstr "" -#: ../../sandbox-permissions.rst:185 +#: ../../sandbox-permissions.rst:192 msgid "``xdg-config``" msgstr "" -#: ../../sandbox-permissions.rst:185 +#: ../../sandbox-permissions.rst:192 msgid "Access the XDG config directory [#f3]_" msgstr "" -#: ../../sandbox-permissions.rst:185 +#: ../../sandbox-permissions.rst:192 msgid "``$XDG_CONFIG_HOME`` or ``$HOME/.config``" msgstr "" -#: ../../sandbox-permissions.rst:186 +#: ../../sandbox-permissions.rst:193 msgid "``xdg-cache``" msgstr "" -#: ../../sandbox-permissions.rst:186 +#: ../../sandbox-permissions.rst:193 msgid "Access the XDG cache directory [#f3]_" msgstr "" -#: ../../sandbox-permissions.rst:186 +#: ../../sandbox-permissions.rst:193 msgid "``$XDG_CACHE_HOME`` or ``$HOME/.cache``" msgstr "" -#: ../../sandbox-permissions.rst:187 +#: ../../sandbox-permissions.rst:194 msgid "``xdg-data``" msgstr "" -#: ../../sandbox-permissions.rst:187 +#: ../../sandbox-permissions.rst:194 msgid "Access the XDG data directory [#f3]_" msgstr "" -#: ../../sandbox-permissions.rst:187 +#: ../../sandbox-permissions.rst:194 msgid "``$XDG_DATA_HOME`` or ``$HOME/.local/share``" msgstr "" -#: ../../sandbox-permissions.rst:188 +#: ../../sandbox-permissions.rst:195 msgid "``xdg-run/path``" msgstr "" -#: ../../sandbox-permissions.rst:188 +#: ../../sandbox-permissions.rst:195 msgid "Access subdirectories of the XDG runtime directory" msgstr "" -#: ../../sandbox-permissions.rst:188 +#: ../../sandbox-permissions.rst:195 msgid "``$XDG_RUNTIME_DIR/path`` (``/run/user/$UID/path``)" msgstr "" -#: ../../sandbox-permissions.rst:191 +#: ../../sandbox-permissions.rst:198 msgid "" "Except ``host, host-etc, host-os`` paths can be added to all the above " "filesystem options. For example, ``--filesystem=xdg-documents/path``." msgstr "" -#: ../../sandbox-permissions.rst:194 +#: ../../sandbox-permissions.rst:201 msgid "Other filesystem access guidelines include:" msgstr "" -#: ../../sandbox-permissions.rst:196 +#: ../../sandbox-permissions.rst:203 msgid "" "The ``--persist=DIR`` option can be used to map directories from the " "user's home directory into the sandbox filesystem. This only works if the" @@ -585,7 +610,7 @@ msgid "" "includes ``home``." msgstr "" -#: ../../sandbox-permissions.rst:201 +#: ../../sandbox-permissions.rst:208 msgid "" "For example, if an application hardcodes the directory ``~/.foo``, " "without any ``home`` access and no ``--persist`` the directory will be " @@ -596,48 +621,48 @@ msgid "" "``~/.var/app/$FLATPAK_ID/.foo`` which would otherwise be lost." msgstr "" -#: ../../sandbox-permissions.rst:209 +#: ../../sandbox-permissions.rst:216 msgid "A ``--persist=.`` will `persist` all directories." msgstr "" -#: ../../sandbox-permissions.rst:211 +#: ../../sandbox-permissions.rst:218 msgid "" "This does not support ``:create, :ro, :rw`` suffixes or special values " "like ``xdg-documents``. However, the directory will be created by flatpak" " if it doesn't already exist." msgstr "" -#: ../../sandbox-permissions.rst:215 +#: ../../sandbox-permissions.rst:222 msgid "" "This makes it possible to avoid configuring access to the entire home " "directory, and can be useful for applications that hardcode file paths in" " ``~/``." msgstr "" -#: ../../sandbox-permissions.rst:218 +#: ../../sandbox-permissions.rst:225 msgid "" "If an application uses ``$TMPDIR`` to contain lock files you may want to " "add a wrapper script that sets it to ``$XDG_RUNTIME_DIR/app/$FLATPAK_ID``" " (tmpfs) or ``/var/tmp`` (persistent on host)." msgstr "" -#: ../../sandbox-permissions.rst:222 +#: ../../sandbox-permissions.rst:229 msgid "" "Retaining and sharing configuration with non-Flatpak installations is to " "be avoided." msgstr "" -#: ../../sandbox-permissions.rst:226 +#: ../../sandbox-permissions.rst:233 msgid "Reserved Paths" msgstr "" -#: ../../sandbox-permissions.rst:228 +#: ../../sandbox-permissions.rst:235 msgid "" "The following paths and subpaths of them are reserved and asking access " "to them with ``--filesystem`` will have no effect::" msgstr "" -#: ../../sandbox-permissions.rst:233 +#: ../../sandbox-permissions.rst:240 msgid "" "The entire ``/run`` is not allowed but all subpaths of ``/run`` except " "``/run/flatpak, /run/host`` are allowed to be exposed via " @@ -645,44 +670,46 @@ msgid "" "to ``../run``, exposing it or a subpath of it, is not allowed." msgstr "" -#: ../../sandbox-permissions.rst:238 +#: ../../sandbox-permissions.rst:245 msgid "" "Additionally the following directories from host need to be explicitly " "requested with ``--filesystem`` and are not available with ``home, host, " "host-os, host-etc`` by default:" msgstr "" -#: ../../sandbox-permissions.rst:242 +#: ../../sandbox-permissions.rst:249 msgid "" "``~/.var/app`` - The app can access only its own directory in " "``~/.var/app/$FLATPAK_ID``" msgstr "" -#: ../../sandbox-permissions.rst:243 +#: ../../sandbox-permissions.rst:250 msgid "``$XDG_DATA_HOME/flatpak`` (``~/.local/share/flatpak``)" msgstr "" -#: ../../sandbox-permissions.rst:244 +#: ../../sandbox-permissions.rst:251 msgid "``/boot``" msgstr "" -#: ../../sandbox-permissions.rst:245 +#: ../../sandbox-permissions.rst:252 msgid "``/efi``" msgstr "" -#: ../../sandbox-permissions.rst:246 +#: ../../sandbox-permissions.rst:253 msgid "``/root``" msgstr "" -#: ../../sandbox-permissions.rst:247 -msgid "``/sys``" +#: ../../sandbox-permissions.rst:254 +msgid "" +"``/sys`` - Only ``/sys/block, /sys/bus, /sys/class, /sys/dev, " +"/sys/devices`` are shared as read-only by default (if exists)" msgstr "" -#: ../../sandbox-permissions.rst:248 +#: ../../sandbox-permissions.rst:255 msgid "``/tmp``" msgstr "" -#: ../../sandbox-permissions.rst:249 +#: ../../sandbox-permissions.rst:256 #, python-brace-format msgid "" "``/var`` - Note that by default ``/var/{cache, config, data, tmp}`` " @@ -692,96 +719,96 @@ msgid "" "available." msgstr "" -#: ../../sandbox-permissions.rst:253 +#: ../../sandbox-permissions.rst:260 msgid "``/var/lib/flatpak`` - ``/var`` does not give access to this." msgstr "" -#: ../../sandbox-permissions.rst:256 +#: ../../sandbox-permissions.rst:263 msgid "Device access" msgstr "" -#: ../../sandbox-permissions.rst:257 +#: ../../sandbox-permissions.rst:264 msgid "You can provide the following device permissions:" msgstr "" -#: ../../sandbox-permissions.rst:260 +#: ../../sandbox-permissions.rst:267 msgid "``dri``" msgstr "" -#: ../../sandbox-permissions.rst:260 +#: ../../sandbox-permissions.rst:267 msgid "Direct Rendering Interface. Necessary for GL." msgstr "" -#: ../../sandbox-permissions.rst:261 +#: ../../sandbox-permissions.rst:268 msgid "``kvm``" msgstr "" -#: ../../sandbox-permissions.rst:261 +#: ../../sandbox-permissions.rst:268 msgid "Kernel based Virtual Machine ``/dev/kvm``" msgstr "" -#: ../../sandbox-permissions.rst:262 +#: ../../sandbox-permissions.rst:269 msgid "``shm``" msgstr "" -#: ../../sandbox-permissions.rst:262 +#: ../../sandbox-permissions.rst:269 msgid "Shared Memory in ``/dev/shm``." msgstr "" -#: ../../sandbox-permissions.rst:263 +#: ../../sandbox-permissions.rst:270 msgid "``input``" msgstr "" -#: ../../sandbox-permissions.rst:263 +#: ../../sandbox-permissions.rst:270 msgid "" "Input devices as exposed in ``/dev/input``. This includes game " "controllers. Since Flatpak 1.15.6." msgstr "" -#: ../../sandbox-permissions.rst:264 +#: ../../sandbox-permissions.rst:271 msgid "``usb``" msgstr "" -#: ../../sandbox-permissions.rst:264 +#: ../../sandbox-permissions.rst:271 msgid "Raw USB devices as exposed in ``/dev/bus/usb``. Since Flatpak 1.15.11." msgstr "" -#: ../../sandbox-permissions.rst:265 +#: ../../sandbox-permissions.rst:272 msgid "``all``" msgstr "" -#: ../../sandbox-permissions.rst:265 +#: ../../sandbox-permissions.rst:272 msgid "All devices, including all of the above except ``shm``" msgstr "" -#: ../../sandbox-permissions.rst:270 +#: ../../sandbox-permissions.rst:277 msgid "" "Using newer permissions like ``input`` or ``usb`` will have no effect on " "older Flatpak versions and will fail when used through Flatpak " "commandline." msgstr "" -#: ../../sandbox-permissions.rst:274 +#: ../../sandbox-permissions.rst:281 msgid "" "While not ideal, ``--device=all`` can be used to access devices like " "webcams, CD/DVD drives etc." msgstr "" -#: ../../sandbox-permissions.rst:278 +#: ../../sandbox-permissions.rst:285 msgid "USB portal" msgstr "" -#: ../../sandbox-permissions.rst:280 -msgid "Since 1.5.11." +#: ../../sandbox-permissions.rst:287 +msgid "Since 1.15.11." msgstr "" -#: ../../sandbox-permissions.rst:282 +#: ../../sandbox-permissions.rst:289 msgid "" "Sandboxed access to individual USB devices can be controlled by portals. " "Flatpak allows specifying enumerable USB devices to allow access." msgstr "" -#: ../../sandbox-permissions.rst:286 +#: ../../sandbox-permissions.rst:293 msgid "" "Like ``--device=usb``, this is just about accessing the raw USB device, " "that needs libusb (or equivalent). By using the portal, you can restrict " @@ -790,59 +817,59 @@ msgid "" "no reason for USB security devices to be accessible." msgstr "" -#: ../../sandbox-permissions.rst:293 +#: ../../sandbox-permissions.rst:300 msgid "" "A list of valid use cases includes scanners (handled, for example by " "SANE), photo cameras (handled by libgphoto2), flashing devices, etc." msgstr "" -#: ../../sandbox-permissions.rst:296 +#: ../../sandbox-permissions.rst:303 msgid "" "While this is portal dependent and ``xdg-desktop-portal`` is currently " "the only portal implementation, the overall permission flow is as " "follows:" msgstr "" -#: ../../sandbox-permissions.rst:300 +#: ../../sandbox-permissions.rst:307 msgid "" "The Flatpak package specifies the devices it wishes to enumerate through " "``finish-args``." msgstr "" -#: ../../sandbox-permissions.rst:302 +#: ../../sandbox-permissions.rst:309 msgid "" "The application requests the portal to enumerate the available USB " "devices based on that list. If the list is empty it will enumerate all " "USB devices." msgstr "" -#: ../../sandbox-permissions.rst:305 +#: ../../sandbox-permissions.rst:312 msgid "" "When the application wants to access the device, it will make a request " "for the device it wants to access via the portal." msgstr "" -#: ../../sandbox-permissions.rst:307 +#: ../../sandbox-permissions.rst:314 msgid "The portal then requests permission from the user if not already granted." msgstr "" -#: ../../sandbox-permissions.rst:309 +#: ../../sandbox-permissions.rst:316 msgid "" "If the permission was granted, a file descriptor for the device is passed" " back to the application." msgstr "" -#: ../../sandbox-permissions.rst:312 +#: ../../sandbox-permissions.rst:319 msgid "" "The application is then able to open the devices it is supposed to use " "while the others would be hidden." msgstr "" -#: ../../sandbox-permissions.rst:316 +#: ../../sandbox-permissions.rst:323 msgid "Specifying the enumerable devices" msgstr "" -#: ../../sandbox-permissions.rst:318 +#: ../../sandbox-permissions.rst:325 msgid "" "You can specify devices on the ``flatpak`` command line, and by extension" " in the finish arguments for Flatpak Builder. Enumerable devices are " @@ -853,17 +880,17 @@ msgid "" " shall not be enumerated." msgstr "" -#: ../../sandbox-permissions.rst:326 +#: ../../sandbox-permissions.rst:333 msgid "Queries are made out of rules. These rules are composable with ``+``." msgstr "" -#: ../../sandbox-permissions.rst:328 +#: ../../sandbox-permissions.rst:335 msgid "" "The rule ``all`` enumerates every USB device. There is no further rule " "allowed in the query." msgstr "" -#: ../../sandbox-permissions.rst:331 +#: ../../sandbox-permissions.rst:338 msgid "" "The ``vnd`` and ``dev`` rules specify a USB vendor and a USB device ID " "respectively. A vendor can be specified alone, but a device rule always " @@ -873,63 +900,63 @@ msgid "" "repository `_" msgstr "" -#: ../../sandbox-permissions.rst:338 +#: ../../sandbox-permissions.rst:345 msgid "" "``cls`` specifies the device USB class and subclass. Both class and " "subclass are two digit hex numbers separated by a colon ``:``. You can " "use ``*`` to specify any subclass within the class." msgstr "" -#: ../../sandbox-permissions.rst:342 +#: ../../sandbox-permissions.rst:349 msgid "Some examples of the syntax:" msgstr "" -#: ../../sandbox-permissions.rst:344 +#: ../../sandbox-permissions.rst:351 msgid "``vnd:1234``: Devices from vendor ``1234``" msgstr "" -#: ../../sandbox-permissions.rst:345 +#: ../../sandbox-permissions.rst:352 msgid "``vnd:1234+dev:3456``: Only device ``3456`` from vendor ``1234``." msgstr "" -#: ../../sandbox-permissions.rst:346 +#: ../../sandbox-permissions.rst:353 msgid "``vnd:1234+cls:06:*``: All the PTP devices from vendor ``1234``." msgstr "" -#: ../../sandbox-permissions.rst:347 +#: ../../sandbox-permissions.rst:354 msgid "``cls:06:*``: All the PTP devices." msgstr "" -#: ../../sandbox-permissions.rst:349 +#: ../../sandbox-permissions.rst:356 msgid "" "This permission only allows to enumerate devices. To open them, " "permission must be requested from the portal. It is not possible to open " "a device that is not enumerable." msgstr "" -#: ../../sandbox-permissions.rst:355 +#: ../../sandbox-permissions.rst:362 msgid "" "The ``--device=usb`` permission is broader than what the USB portal is " "supposed to provide and allows unfettered access to any USB device on the" " bus." msgstr "" -#: ../../sandbox-permissions.rst:359 +#: ../../sandbox-permissions.rst:366 msgid "In some situations you may need to specify a very long list of devices." msgstr "" -#: ../../sandbox-permissions.rst:361 +#: ../../sandbox-permissions.rst:368 msgid "Device lists can be passed in one single argument, or through a file." msgstr "" -#: ../../sandbox-permissions.rst:363 +#: ../../sandbox-permissions.rst:370 msgid "" "When using ``--usb-list``, the queries are separated by a semi-colon " "``;``, with queries for hidden devices (i.e. those that would be passed " "with ``--nousb``) prefixed with ``!``." msgstr "" -#: ../../sandbox-permissions.rst:367 +#: ../../sandbox-permissions.rst:374 msgid "" "When using ``--usb-list-file``, the filename of the file containing USB " "queries is passed line by line. Like with ``--usb-list`` queries for " @@ -939,24 +966,24 @@ msgid "" "list is persisted internally." msgstr "" -#: ../../sandbox-permissions.rst:375 +#: ../../sandbox-permissions.rst:382 msgid "dconf access" msgstr "" -#: ../../sandbox-permissions.rst:377 +#: ../../sandbox-permissions.rst:384 msgid "" "As of xdg-desktop-portal 1.1.0 and glib 2.60.5 (in the runtime) you do " "not need direct DConf access in most cases." msgstr "" -#: ../../sandbox-permissions.rst:380 +#: ../../sandbox-permissions.rst:387 msgid "" "As of now this glib version is included in " "``org.freedesktop.Platform//19.08`` and ``org.gnome.Platform//3.34`` and " "newer." msgstr "" -#: ../../sandbox-permissions.rst:383 +#: ../../sandbox-permissions.rst:390 msgid "" "If an application existed prior to these runtimes you can tell Flatpak " "(>= 1.3.4) to migrate the DConf settings on the host into the sandbox by " @@ -965,17 +992,17 @@ msgid "" " (case is ignored and ``_`` and ``-`` are treated equal)." msgstr "" -#: ../../sandbox-permissions.rst:390 +#: ../../sandbox-permissions.rst:397 msgid "" "If you are targeting older runtimes or require direct DConf access for " "other reasons you can use these permissions::" msgstr "" -#: ../../sandbox-permissions.rst:398 +#: ../../sandbox-permissions.rst:405 msgid "With those permissions glib will continue using dconf directly." msgstr "" -#: ../../sandbox-permissions.rst:400 +#: ../../sandbox-permissions.rst:407 msgid "" "If you use a newer runtime where dconf is no longer built and still need " "it you will have to build the `dconf " @@ -983,11 +1010,11 @@ msgid "" "``--env=GIO_EXTRA_MODULES=/app/lib/gio/modules/``." msgstr "" -#: ../../sandbox-permissions.rst:405 +#: ../../sandbox-permissions.rst:412 msgid "gvfs access" msgstr "" -#: ../../sandbox-permissions.rst:407 +#: ../../sandbox-permissions.rst:414 msgid "" "As of gvfs 1.48, the gvfs daemons and applications use an on-disk socket " "to communicate, rather than an abstract socket so that the gvfs " @@ -995,47 +1022,47 @@ msgid "" "application's sandbox." msgstr "" -#: ../../sandbox-permissions.rst:411 +#: ../../sandbox-permissions.rst:418 msgid "" "A number of different options need to be passed depending on the " "application's use of gvfs." msgstr "" -#: ../../sandbox-permissions.rst:414 +#: ../../sandbox-permissions.rst:421 msgid "" "``--talk-name=org.gtk.vfs.*`` is necessary to talk to the gvfs daemons " "over D-Bus and list mounts using the GIO APIs." msgstr "" -#: ../../sandbox-permissions.rst:417 +#: ../../sandbox-permissions.rst:424 msgid "" "``--filesystem=xdg-run/gvfsd`` is necessary to use the GIO APIs to list " "and access non-native files using the GIO APIs, using URLs rather than " "FUSE paths." msgstr "" -#: ../../sandbox-permissions.rst:420 +#: ../../sandbox-permissions.rst:427 msgid "" "``--filesystem=xdg-run/gvfs`` is necessary to give access to the FUSE " "mounts non-GIO and legacy applications can use. This is what will make " "native files appear under ``/run/user/`id -u`/gvfs/``." msgstr "" -#: ../../sandbox-permissions.rst:424 +#: ../../sandbox-permissions.rst:431 msgid "Typical GNOME and GTK applications should use::" msgstr "" -#: ../../sandbox-permissions.rst:429 +#: ../../sandbox-permissions.rst:436 msgid "Typical non-GNOME and non-GTK applications should use::" msgstr "" -#: ../../sandbox-permissions.rst:433 +#: ../../sandbox-permissions.rst:440 msgid "" "No application should be using ``--talk-name=org.gtk.vfs`` in its " "manifest, as there are no D-Bus services named ``org.gtk.vfs``." msgstr "" -#: ../../sandbox-permissions.rst:436 +#: ../../sandbox-permissions.rst:443 msgid "" "These permission grants the app, the ability to communicate with the gvfs" " daemon and backends running on host. Depending on the backends installed" @@ -1051,11 +1078,11 @@ msgid "" "host." msgstr "" -#: ../../sandbox-permissions.rst:450 +#: ../../sandbox-permissions.rst:457 msgid "External drive access" msgstr "" -#: ../../sandbox-permissions.rst:452 +#: ../../sandbox-permissions.rst:459 msgid "" "External drives are mounted by the host system using systemd, udev, udisk" " fstab etc. and each of them can have different defaults. Flatpak has no " @@ -1063,30 +1090,155 @@ msgid "" "permissions should work in most cases::" msgstr "" -#: ../../sandbox-permissions.rst:461 +#: ../../sandbox-permissions.rst:468 msgid "" "If ``--filesystem=host`` is used ``/media, /run/media`` is shared " "automatically if they exist." msgstr "" -#: ../../sandbox-permissions.rst:464 +#: ../../sandbox-permissions.rst:471 msgid "" "Note that these should not have subpaths in them unless the value of the " "subpath can be consistently pre-determined. Block device naming depends " "on the kernel/fstab configuration and cannot be pre-determined." msgstr "" -#: ../../sandbox-permissions.rst:469 +#: ../../sandbox-permissions.rst:476 +msgid "Conditional permissions" +msgstr "" + +#: ../../sandbox-permissions.rst:478 +msgid "" +"Since 1.17.0, Flatpak supports conditional permissions which allows them " +"to be granted only when certain runtime conditions are satisfied and " +"fallback otherwise. The intention of the system is to allow users or " +"developers to specify tighter permission grants (as they are added in new" +" Flatpak versions) while fallback to older grants for backwards " +"compatibility at run time." +msgstr "" + +#: ../../sandbox-permissions.rst:487 +msgid "" +"Older Flatpak versions will fail when encountering unknown commandline " +"options, while unrecognized metadata entries will be silently ignored." +msgstr "" + +#: ../../sandbox-permissions.rst:491 +msgid "" +"Flatpak manifests using conditional flags (for example, ``--socket-if=`` " +"etc.) will require Flatpak 1.17.0 or newer to build and attempting to " +"build them with older Flatpak versions will produce an error." +msgstr "" + +#: ../../sandbox-permissions.rst:496 +msgid "" +"The following flags are available to specify conditional permissions in " +"CLI and in Flatpak manifests::" +msgstr "" + +#: ../../sandbox-permissions.rst:504 +msgid "" +"The syntax of all the options are ``--socket-if=PERMISSION:CONDITION`` " +"and so on where ``PERMISSION`` is the available grants for that flag " +"(e.g., those listed for ``--socket=``). Conditions can be negated by " +"prefixing with ``!``. The following conditions are supported:" +msgstr "" + +#: ../../sandbox-permissions.rst:509 +msgid "``true`` - Always evaluates to true" +msgstr "" + +#: ../../sandbox-permissions.rst:510 +msgid "``false``- Always evaluates to false" +msgstr "" + +#: ../../sandbox-permissions.rst:511 +msgid "" +"``has-input-device`` - True if the Flatpak version supports " +"``--device=input``" +msgstr "" + +#: ../../sandbox-permissions.rst:513 +msgid "``has-wayland`` - True if the current desktop session supports Wayland" +msgstr "" + +#: ../../sandbox-permissions.rst:516 +msgid "" +"Multiple conditionals can be specified for the same grant, in which case " +"the permission is granted if any condition matches. If no conditional " +"rule evaluates to ``true``, the grant is denied unless it is also " +"unconditionally allowed. Duplicate conditions are ignored." +msgstr "" + +#: ../../sandbox-permissions.rst:523 +msgid "Examples" +msgstr "" + +#: ../../sandbox-permissions.rst:525 +msgid "" +"The unconditional grant ``--socket=x11`` can be tightened using " +"conditional permissions to ``--socket-if=x11:!has-wayland``. This allows " +"access to X11 only when a Wayland desktop session is not available. To " +"preserve backwards compatibility, the following pattern can be used::" +msgstr "" + +#: ../../sandbox-permissions.rst:534 +msgid "" +"This allows older Flatpak versions which do not understand the " +"conditional permissions function by allowing X11 access always while " +"newer Flatpak, which understands the conditional system will allow X11 " +"access only when the session is not Wayland." +msgstr "" + +#: ../../sandbox-permissions.rst:539 +msgid "" +"If an application requires only access to ``input`` device permission, " +"the following flags can be used to move away from ``--device=all`` to " +"``--device=input``::" +msgstr "" + +#: ../../sandbox-permissions.rst:547 +msgid "" +"This allows older Flatpak versions which do not understand the ``input`` " +"device permission to function by having the broader ``all`` access. Newer" +" Flatpak versions which understand the conditional system (and therefore " +"understands the ``input`` permission) will deny ``all`` due to " +"``--device-if=all:!has-input-device`` and allow only ``input`` due to " +"``--device=input``." +msgstr "" + +#: ../../sandbox-permissions.rst:555 +msgid "" +"To explicitly deny a permission that might be granted through runtime " +"metadata or overrides ``--nosocket=NAME, --unshare=NAME`` etc. can be " +"used::" +msgstr "" + +#: ../../sandbox-permissions.rst:561 +msgid "" +"This denial can be combined with conditional grants to remove " +"unconditional access while allowing conditional access::" +msgstr "" + +#: ../../sandbox-permissions.rst:568 +msgid "" +"This denies unconditional X11 access but allows X11 conditionally when " +"Wayland is unavailable. Older Flatpak versions will see only the final " +"``--socket=x11`` grant and allow X11 unconditionally, while newer " +"versions recognise the conditional logic and evaluates it at runtime." +msgstr "" + +#: ../../sandbox-permissions.rst:574 msgid "Footnotes" msgstr "" -#: ../../sandbox-permissions.rst:470 +#: ../../sandbox-permissions.rst:575 msgid "" "This is not necessarily required, but without it the X11 shared memory " "extension will not work, which is very bad for X11 performance." msgstr "" -#: ../../sandbox-permissions.rst:472 +#: ../../sandbox-permissions.rst:577 msgid "" "Giving network access also grants access to all host services listening " "on abstract Unix sockets (due to how network namespaces work), and these " @@ -1095,7 +1247,7 @@ msgid "" "secure distribution should disable these and just use regular sockets." msgstr "" -#: ../../sandbox-permissions.rst:477 +#: ../../sandbox-permissions.rst:582 #, python-brace-format msgid "" "``xdg-{cache, config, data}`` bind mounts the paths from host to the per-" @@ -1445,3 +1597,16 @@ msgstr "" #~ msgid "``--socket=ssh-auth``- Allow access to ``$SSH_AUTH_SOCK``" #~ msgstr "" +#~ msgid "" +#~ "Access to ``/home, /media, /opt, " +#~ "/run/media, /srv`` and everything provided " +#~ "by ``host-os, host-etc`` mounted " +#~ "in ``/run/host``" +#~ msgstr "" + +#~ msgid "``/sys``" +#~ msgstr "" + +#~ msgid "Since 1.5.11." +#~ msgstr "" + diff --git a/po/de/LC_MESSAGES/under-the-hood.po b/po/de/LC_MESSAGES/under-the-hood.po index 0fa139c6..2c120947 100644 --- a/po/de/LC_MESSAGES/under-the-hood.po +++ b/po/de/LC_MESSAGES/under-the-hood.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-09-26 16:32-0300\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2018-05-20 10:36-0400\n" "Last-Translator: Copied by Zanata \n" "Language: de\n" @@ -17,7 +17,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.16.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../under-the-hood.rst:2 msgid "Under the Hood" @@ -99,51 +99,195 @@ msgid "" msgstr "" #: ../../under-the-hood.rst:51 -msgid "Underlying technologies" +msgid "Conditional permission system" msgstr "" #: ../../under-the-hood.rst:53 +msgid "" +"Since Flatpak 1.17.0, conditional permissions allow permissions to be " +"granted only when certain runtime conditions are satisfied, with fallback" +" to unconditional grants for compatibility with older versions." +msgstr "" + +#: ../../under-the-hood.rst:57 +msgid "Permissions are internally represented as:" +msgstr "" + +#: ../../under-the-hood.rst:59 +msgid "unconditionally allowed or denied" +msgstr "" + +#: ../../under-the-hood.rst:60 +msgid "" +"a reset flag indicating whether the current layer overrides rules from " +"lower layers" +msgstr "" + +#: ../../under-the-hood.rst:62 +msgid "a set of conditional rules under which the permission may be allowed" +msgstr "" + +#: ../../under-the-hood.rst:64 +msgid "For example:" +msgstr "" + +#: ../../under-the-hood.rst:66 +msgid "" +"``--socket=NAME`` unconditionally allows the permission and resets any " +"previously defined rules for that permission" +msgstr "" + +#: ../../under-the-hood.rst:68 +msgid "" +"``--nosocket=NAME`` unconditionally denies the permission and resets any " +"previously defined rules" +msgstr "" + +#: ../../under-the-hood.rst:70 +msgid "" +"``--socket-if=NAME:CONDITION`` adds a conditional rule without resetting " +"existing rules" +msgstr "" + +#: ../../under-the-hood.rst:73 +msgid "Conditions may be negated using ``!``." +msgstr "" + +#: ../../under-the-hood.rst:75 +msgid "" +"Multiple conditional rules can be specified for the same permission. In " +"this case, the permission is granted if any condition evaluates to true." +msgstr "" + +#: ../../under-the-hood.rst:78 +msgid "" +"Duplicate conditions are ignored. The order of conditions does not affect" +" evaluation." +msgstr "" + +#: ../../under-the-hood.rst:81 +msgid "" +"If no conditional rules are present, the permission is granted only if it" +" is unconditionally allowed." +msgstr "" + +#: ../../under-the-hood.rst:84 +msgid "" +"If conditional rules are present, the permission is granted if any " +"condition evaluates to true, and denied otherwise, unless it is also " +"unconditionally allowed." +msgstr "" + +#: ../../under-the-hood.rst:88 +msgid "" +"If an unconditional entry follows a conditional entry for the same grant " +"in commandline flags, the earlier unconditional entry is treated as " +"backwards compatibility fallback and does not affect the final permission" +" state. So the following is effectively treated as ``--socket-if=x11" +":!has-wayland`` in Flatpak versions supporting conditional permissions::" +msgstr "" + +#: ../../under-the-hood.rst:98 +msgid "Permissions are written to metadata using the following rules:" +msgstr "" + +#: ../../under-the-hood.rst:100 +msgid "Unconditionally allowed permissions are written as ``NAME``" +msgstr "" + +#: ../../under-the-hood.rst:101 +msgid "Unconditionally denied permissions are written as ``!NAME``" +msgstr "" + +#: ../../under-the-hood.rst:102 +msgid "Conditionally allowed permissions are written as:" +msgstr "" + +#: ../../under-the-hood.rst:104 +msgid "unconditional ``NAME`` entry for compat" +msgstr "" + +#: ../../under-the-hood.rst:105 +msgid "``if:NAME:CONDITION`` entries" +msgstr "" + +#: ../../under-the-hood.rst:107 +msgid "" +"If the permission resets previously defined rules, an explicit ``!NAME`` " +"entry is written first, followed by the unconditional ``NAME`` entry and " +"then the ``if:NAME:CONDITION`` entries. This is omitted when saving an " +"application's own metadata, as opposed to overrides." +msgstr "" + +#: ../../under-the-hood.rst:112 +msgid "" +"When parsing metadata, a non-negated unconditional ``NAME`` entry " +"appearing before a ``if:NAME:CONDITION`` entry is treated as a " +"compatibility fallback and does not affect the final permission state. " +"Eg. ``sockets=x11;if:x11:!has-wayland;`` is effectively treated as " +"``if:x11:!has-wayland`` in Flatpak versions supporting conditional " +"permissions." +msgstr "" + +#: ../../under-the-hood.rst:119 +msgid "" +"The ``fallback-x11`` socket, on pre-1.17 Flatpak versions implicitly " +"granted ``x11`` access and at runtime X11 access was suppressed when " +"Wayland was available, while on newer Flatpak (1.17+) it is internally " +"converted to the conditional syntax ``if:x11:!has-wayland``. When saving " +"the metadata, Flatpak converts ``if:x11:!has-wayland`` back to " +"``fallback-x11`` only when it is the sole conditional on ``x11``. If " +"additional conditionals are present, the new syntax is written directly " +"and older Flatpak versions will not understand the conditional entries. A" +" conditional grant for ``fallback-x11`` is not allowed." +msgstr "" + +#: ../../under-the-hood.rst:130 +msgid "Underlying technologies" +msgstr "" + +#: ../../under-the-hood.rst:132 msgid "Flatpak utilises a number of pre-existing technologies. These include:" msgstr "" -#: ../../under-the-hood.rst:55 +#: ../../under-the-hood.rst:134 msgid "" "The `bubblewrap `_ utility from" " `Project Atomic `_, which lets unprivileged " "users set up and run containers, using kernel features such as:" msgstr "" -#: ../../under-the-hood.rst:59 +#: ../../under-the-hood.rst:138 msgid "Namespaces" msgstr "" -#: ../../under-the-hood.rst:60 +#: ../../under-the-hood.rst:139 msgid "Bind mounts" msgstr "" -#: ../../under-the-hood.rst:61 +#: ../../under-the-hood.rst:140 msgid "Seccomp rules" msgstr "" -#: ../../under-the-hood.rst:63 +#: ../../under-the-hood.rst:142 msgid "" "`systemd `_ to set up" " cgroups for sandboxes" msgstr "" -#: ../../under-the-hood.rst:65 +#: ../../under-the-hood.rst:144 msgid "" "`D-Bus `_, a well-" "established way to provide high-level APIs to applications" msgstr "" -#: ../../under-the-hood.rst:67 +#: ../../under-the-hood.rst:146 msgid "" "The `OSTree `__ system for " "versioning and distributing filesystem trees" msgstr "" -#: ../../under-the-hood.rst:69 +#: ../../under-the-hood.rst:148 msgid "" "The OCI format from the `Open Container Initiative " "`_, as an alternative to OSTree used by the " @@ -151,11 +295,11 @@ msgid "" "fedora-now-live/>`__" msgstr "" -#: ../../under-the-hood.rst:73 +#: ../../under-the-hood.rst:152 msgid "Flatpak can use either OSTree or OCI for single-file bundles." msgstr "" -#: ../../under-the-hood.rst:74 +#: ../../under-the-hood.rst:153 msgid "" "`Appstream `_ " "metadata, to allow Flatpak applications to show up nicely in software " diff --git a/po/es/LC_MESSAGES/available-runtimes.po b/po/es/LC_MESSAGES/available-runtimes.po index fd1de7bb..e46d1ff5 100644 --- a/po/es/LC_MESSAGES/available-runtimes.po +++ b/po/es/LC_MESSAGES/available-runtimes.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-12-01 08:17+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2018-05-20 10:36-0400\n" "Last-Translator: Copied by Zanata \n" "Language: es\n" @@ -17,7 +17,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.16.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../available-runtimes.rst:2 msgid "Available Runtimes" @@ -157,7 +157,7 @@ msgid "" "Major version releases of the runtime are synced with `GNOME releases " "`_ and are announced on `GNOME " "Discourse `_. Usually a " -"given branch of the runtime is supported for an year and EOL-ed upon the " +"given branch of the runtime is supported for a year and EOL-ed upon the " "release of a newstable version." msgstr "" @@ -515,3 +515,15 @@ msgstr "" #~ " ``io.elementary.Platform``" #~ msgstr "" +#~ msgid "" +#~ "Major version releases of the runtime" +#~ " are synced with `GNOME releases " +#~ "`_ and are " +#~ "announced on `GNOME Discourse " +#~ "`_. Usually " +#~ "a given branch of the runtime is" +#~ " supported for an year and EOL-" +#~ "ed upon the release of a newstable" +#~ " version." +#~ msgstr "" + diff --git a/po/es/LC_MESSAGES/electron.po b/po/es/LC_MESSAGES/electron.po index 58af4022..ed2f042b 100644 --- a/po/es/LC_MESSAGES/electron.po +++ b/po/es/LC_MESSAGES/electron.po @@ -9,14 +9,14 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-03-13 09:30+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../electron.rst:2 msgid "Electron" @@ -40,11 +40,10 @@ msgstr "" #: ../../electron.rst:13 msgid "" "The guide walks through the `manifest file `_ of the `sample Electron Flatpak application " -"`_. Before you start, it " -"is a good idea to take a look at this, either online or by downloading " -"the application." +"/electron-sample-app/blob/master/org.flathub.electron-sample-app.yml>`_ " +"of the `sample Electron Flatpak application `_. Before you start, it is a good idea to take a " +"look at this, either online or by downloading the application." msgstr "" #: ../../electron.rst:22 @@ -60,43 +59,42 @@ msgstr "" #: ../../electron.rst:27 msgid "" "To get setup for the build, download or clone the sample app from GitHub," -" and navigate to the ``/flatpak`` directory in the terminal. Then to " -"build::" +" and navigate to the project directory in the terminal. Then to build::" msgstr "" -#: ../../electron.rst:33 +#: ../../electron.rst:32 msgid "Finally, the application can be run with::" msgstr "" -#: ../../electron.rst:38 +#: ../../electron.rst:37 msgid "Basic configuration" msgstr "" -#: ../../electron.rst:40 +#: ../../electron.rst:39 msgid "" "The first part of the sample application's manifest specifies the " "application's ID. It also configures the runtime and SDK:" msgstr "" -#: ../../electron.rst:50 +#: ../../electron.rst:49 msgid "" "The Freedesktop runtime is generally the best runtime to use with " "Electron applications, since it is the most minimal runtime, and other " "dependencies will be specific to Electron itself." msgstr "" -#: ../../electron.rst:55 +#: ../../electron.rst:54 msgid "The Electron BaseApp" msgstr "" -#: ../../electron.rst:57 +#: ../../electron.rst:56 msgid "" "Next, the manifest specifies that the Electron BaseApp should be used, by" " specifying the ``base`` and ``base-version`` properties in the " "application manifest:" msgstr "" -#: ../../electron.rst:66 +#: ../../electron.rst:65 msgid "" "BaseApps are described in :doc:`dependencies`. Using the Electron base " "app is much faster and more convenient than manually building Electron " @@ -105,44 +103,44 @@ msgid "" "saved once on disk." msgstr "" -#: ../../electron.rst:72 +#: ../../electron.rst:71 msgid "The Node.js SDK extension" msgstr "" -#: ../../electron.rst:74 +#: ../../electron.rst:73 msgid "" "In order to build Electron-based apps, you need Node.js available at " "build time. Flathub provides Node.js LTS versions as extensions for the " "SDK, so you can install one of them and add it in your apps' manifest:" msgstr "" -#: ../../electron.rst:83 +#: ../../electron.rst:82 msgid "Enable the extension by adding it to ``PATH``:" msgstr "" -#: ../../electron.rst:90 +#: ../../electron.rst:89 msgid "" "Note that the extension name (last portion of reverse-dns notation, " "``node18`` in this example) must be the same in ``sdk-extensions`` and " "``append-path``." msgstr "" -#: ../../electron.rst:94 +#: ../../electron.rst:93 msgid "Command" msgstr "" -#: ../../electron.rst:96 +#: ../../electron.rst:95 msgid "" "The ``command`` property indicates that a script called ``run.sh`` is to " "be executed to run the application. This will be explained in further " "detail later." msgstr "" -#: ../../electron.rst:105 +#: ../../electron.rst:104 msgid "Sandbox permissions" msgstr "" -#: ../../electron.rst:107 +#: ../../electron.rst:106 msgid "" "The standard sandbox :ref:`sandbox-permissions:Permissions guidelines` " "also apply to Electron applications. However, Electron's Wayland support " @@ -151,13 +149,13 @@ msgid "" "Wayland session and nothing else is required." msgstr "" -#: ../../electron.rst:113 +#: ../../electron.rst:112 msgid "" "The sample app also configures PulseAudio for sound and enables network " "access:" msgstr "" -#: ../../electron.rst:126 +#: ../../electron.rst:125 msgid "" "To allow experimental `native Wayland` support in Electron>=20, the " "``--ozone-platform-hint=auto`` flag can be passed to the program. `auto` " @@ -165,31 +163,31 @@ msgid "" " Xwayland or X11 otherwise." msgstr "" -#: ../../electron.rst:131 +#: ../../electron.rst:130 msgid "" "It's recommended to leave actually `enabling` Wayland up to the user for " "now, i.e. set ``--socket=x11`` in the manifest. Wayland can then be " "tested with::" msgstr "" -#: ../../electron.rst:137 +#: ../../electron.rst:136 msgid "Enable native Wayland support by default" msgstr "" -#: ../../electron.rst:141 +#: ../../electron.rst:140 msgid "" "Native Wayland support in Electron is still experimental and often " "unstable. It is advised to stick with the X11/Xwayland configuration " "above as the default." msgstr "" -#: ../../electron.rst:145 +#: ../../electron.rst:144 msgid "" "To make native Wayland the `default` for users, ``--socket=fallback-x11``" " and ``--socket=wayland`` must be used in the manifest." msgstr "" -#: ../../electron.rst:148 +#: ../../electron.rst:147 msgid "" "For Electron versions between 17 and 27, client-side window decorations " "under native Wayland can be enabled by passing ``--enable-" @@ -197,7 +195,7 @@ msgid "" " Electron , this isn't necessary anymore." msgstr "" -#: ../../electron.rst:153 +#: ../../electron.rst:152 msgid "" "Electron uses ``libnotify`` on Linux to provide desktop notifications. " "`Since version 0.8.0 " @@ -210,18 +208,18 @@ msgid "" "``libnotify>=0.8.0`` since ``branch/23.08``." msgstr "" -#: ../../electron.rst:160 +#: ../../electron.rst:159 msgid "" "To ensure proper mouse cursor scaling on HiDPI displays under Wayland, " "the ``XCURSOR_PATH`` environment variable must be set to the host's " "corresponding directories:" msgstr "" -#: ../../electron.rst:172 +#: ../../electron.rst:171 msgid "Using correct desktop file name" msgstr "" -#: ../../electron.rst:174 +#: ../../electron.rst:173 #, python-brace-format msgid "" "It's important for Linux applications to set the correct desktop file " @@ -233,15 +231,16 @@ msgid "" "\"com.example.MyApp.desktop\"``." msgstr "" -#: ../../electron.rst:178 +#: ../../electron.rst:177 #, python-brace-format msgid "" -"In case you repack a binary, you can use the ``patch-desktop-filename`` " -"script provided by the BaseApp. Each Electron binary ships with " -"``resources/app.asar`` file. You need to call ``patch-desktop-filename`` " -"with this file as argument. If your application is installed under " -"``${FLATPAK_DEST}/my-app`` you need to run ``patch-desktop-filename " -"${FLATPAK_DEST}/my-app/resources/app.asar``." +"In case you repack a binary, you can use the `patch-electron-desktop-" +"filename `_ tool included in the BaseApp. Each Electron binary ships " +"with ``resources/app.asar`` file. You need to call ``patch-desktop-" +"filename`` with this file as argument. If your application is installed " +"under ``${FLATPAK_DEST}/my-app`` you need to run ``patch-desktop-filename" +" ${FLATPAK_DEST}/my-app/resources/app.asar``." msgstr "" #: ../../electron.rst:183 @@ -586,3 +585,37 @@ msgstr "" #~ "on ``$PATH``:" #~ msgstr "" +#~ msgid "" +#~ "The guide walks through the `manifest" +#~ " file `_ of the `sample Electron " +#~ "Flatpak application `_. Before you start," +#~ " it is a good idea to take " +#~ "a look at this, either online or" +#~ " by downloading the application." +#~ msgstr "" + +#~ msgid "" +#~ "To get setup for the build, " +#~ "download or clone the sample app " +#~ "from GitHub, and navigate to the " +#~ "``/flatpak`` directory in the terminal. " +#~ "Then to build::" +#~ msgstr "" + +#~ msgid "" +#~ "In case you repack a binary, you" +#~ " can use the ``patch-desktop-" +#~ "filename`` script provided by the " +#~ "BaseApp. Each Electron binary ships with" +#~ " ``resources/app.asar`` file. You need to" +#~ " call ``patch-desktop-filename`` with " +#~ "this file as argument. If your " +#~ "application is installed under " +#~ "``${FLATPAK_DEST}/my-app`` you need to " +#~ "run ``patch-desktop-filename ${FLATPAK_DEST" +#~ "}/my-app/resources/app.asar``." +#~ msgstr "" + diff --git a/po/es/LC_MESSAGES/extension.po b/po/es/LC_MESSAGES/extension.po index 050e4ee3..317e039c 100644 --- a/po/es/LC_MESSAGES/extension.po +++ b/po/es/LC_MESSAGES/extension.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-08-31 14:40+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: es\n" @@ -18,7 +18,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../extension.rst:2 msgid "Extensions" @@ -62,14 +62,14 @@ msgstr "" #: ../../extension.rst:25 msgid "" "``.Debug, .Locale, .Sources`` extensions created by Flatpak builder do " -"not need to be specified manually. These are automaitcally created and " +"not need to be specified manually. These are automatically created and " "loaded if installed." msgstr "" #: ../../extension.rst:29 msgid "" "Note that, ``.Locale`` extensions are by default only partially installed" -" (only for the configued languages) by Flatpak. To install the full " +" (only for the configured languages) by Flatpak. To install the full " "locale extension ``flatpak update --subpath= $FLATPAK_ID.Locale`` can be " "used." msgstr "" @@ -330,7 +330,7 @@ msgstr "" #: ../../extension.rst:218 msgid "" "Some extensions are installed automatically by the runtime based on " -"certain conditions and these do not need be added to application " +"certain conditions and these do not need to be added to application " "manifests. Please see below for the purpose of extensions or extension " "points defined in the runtime. Similarly extensions created by Flatpak " "builder like ``.Locale, .Debug`` also do not need to be in application " @@ -991,3 +991,33 @@ msgstr "" #~ "````org.kde.Platform//5.15-24.08`` is ``24.08``." #~ msgstr "" +#~ msgid "" +#~ "``.Debug, .Locale, .Sources`` extensions " +#~ "created by Flatpak builder do not " +#~ "need to be specified manually. These " +#~ "are automaitcally created and loaded if" +#~ " installed." +#~ msgstr "" + +#~ msgid "" +#~ "Note that, ``.Locale`` extensions are by" +#~ " default only partially installed (only " +#~ "for the configued languages) by Flatpak." +#~ " To install the full locale extension" +#~ " ``flatpak update --subpath= $FLATPAK_ID.Locale``" +#~ " can be used." +#~ msgstr "" + +#~ msgid "" +#~ "Some extensions are installed automatically" +#~ " by the runtime based on certain " +#~ "conditions and these do not need " +#~ "be added to application manifests. " +#~ "Please see below for the purpose " +#~ "of extensions or extension points " +#~ "defined in the runtime. Similarly " +#~ "extensions created by Flatpak builder " +#~ "like ``.Locale, .Debug`` also do not " +#~ "need to be in application manifest." +#~ msgstr "" + diff --git a/po/es/LC_MESSAGES/flatpak-devel.po b/po/es/LC_MESSAGES/flatpak-devel.po index 12c95b9b..5c459466 100644 --- a/po/es/LC_MESSAGES/flatpak-devel.po +++ b/po/es/LC_MESSAGES/flatpak-devel.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-06-30 14:59+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: es\n" @@ -18,7 +18,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../flatpak-devel.rst:2 msgid "Flatpak as a developer platform" @@ -59,7 +59,7 @@ msgstr "" #: ../../flatpak-devel.rst:23 msgid "" -"`Flatpak Github Actions `_ can be used for GitHub." msgstr "" @@ -349,3 +349,9 @@ msgstr "" #~ msgid "Parallel nigthly and stable applications" #~ msgstr "" +#~ msgid "" +#~ "`Flatpak Github Actions `_ can " +#~ "be used for GitHub." +#~ msgstr "" + diff --git a/po/es/LC_MESSAGES/module-sources.po b/po/es/LC_MESSAGES/module-sources.po index bbcca925..d2fcb4b1 100644 --- a/po/es/LC_MESSAGES/module-sources.po +++ b/po/es/LC_MESSAGES/module-sources.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-12-01 08:05+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: es\n" @@ -18,7 +18,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.16.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../module-sources.rst:2 msgid "Module Sources" @@ -420,6 +420,7 @@ msgid "" msgstr "" #: ../../module-sources.rst:475 +#, python-brace-format msgid "" "The last line creates an empty symlink from ``${FLATPAK_DEST}/extra/`` to" " ``${FLATPAK_DEST}/bin/`` so that the executable is found in ``$PATH`` " @@ -448,6 +449,7 @@ msgid "" msgstr "" #: ../../module-sources.rst:499 +#, python-brace-format msgid "" "The commands needed to extract the snap are specified in the " "``apply_extra`` script. These can be any shell commands that run when " @@ -504,7 +506,7 @@ msgstr "" #: ../../module-sources.rst:573 msgid "" "``path`` should be the path of the local directory relative to the " -"manifest root path, whoose contents will be copied during build." +"manifest root path, whose contents will be copied during build." msgstr "" #: ../../module-sources.rst:587 @@ -516,3 +518,10 @@ msgid "" "them." msgstr "" +#~ msgid "" +#~ "``path`` should be the path of the" +#~ " local directory relative to the " +#~ "manifest root path, whoose contents will" +#~ " be copied during build." +#~ msgstr "" + diff --git a/po/es/LC_MESSAGES/sandbox-permissions.po b/po/es/LC_MESSAGES/sandbox-permissions.po index 4367ddc3..0ccefd4b 100644 --- a/po/es/LC_MESSAGES/sandbox-permissions.po +++ b/po/es/LC_MESSAGES/sandbox-permissions.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-08-31 14:40+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2018-05-20 10:37-0400\n" "Last-Translator: Copied by Zanata \n" "Language: es\n" @@ -17,7 +17,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../sandbox-permissions.rst:2 msgid "Sandbox Permissions" @@ -229,7 +229,17 @@ msgid "" "clients or SSH frontends." msgstr "" -#: ../../sandbox-permissions.rst:105 +#: ../../sandbox-permissions.rst:102 +msgid "" +"``--socket=inherit-wayland-socket`` - Inherit the ``$WAYLAND_SOCKET`` " +"environment variable from the parent process (for example, the " +"compositor). This is not commonly needed unless the application needs " +"access to the parent process’ Wayland state. Input method applications " +"may need this. It’s a very sensitive permission as it prevents Wayland " +"client state from being sandboxed." +msgstr "" + +#: ../../sandbox-permissions.rst:111 msgid "" "Applications that do not support native Wayland should use only " "``--socket=x11`` and applications that do, should use " @@ -238,26 +248,26 @@ msgid "" "Wayland sessions of the desktop environment." msgstr "" -#: ../../sandbox-permissions.rst:111 +#: ../../sandbox-permissions.rst:117 msgid "``--socket=wayland`` - Show windows with Wayland" msgstr "" -#: ../../sandbox-permissions.rst:112 +#: ../../sandbox-permissions.rst:118 msgid "``--socket=x11`` - Show windows using X11" msgstr "" -#: ../../sandbox-permissions.rst:113 +#: ../../sandbox-permissions.rst:119 msgid "" "``--socket=fallback-x11`` - Show windows using X11, if Wayland is not " "available, overrides ``x11`` socket permission. Note that you must still " "use ``--socket=wayland`` for wayland permission" msgstr "" -#: ../../sandbox-permissions.rst:118 +#: ../../sandbox-permissions.rst:124 msgid "D-Bus access" msgstr "" -#: ../../sandbox-permissions.rst:120 +#: ../../sandbox-permissions.rst:126 msgid "" "D-Bus access is filtered by default. The default policy for the session " "bus only allows the application to own its own namespace named by " @@ -269,315 +279,330 @@ msgid "" "``org.freedesktop.portal.*``." msgstr "" -#: ../../sandbox-permissions.rst:128 +#: ../../sandbox-permissions.rst:134 msgid "" "Access to the entire bus with ``--socket=system-bus`` or ``--socket" "=session-bus`` stops the filtering and using them is a security risk. So " "they must be avoided, unless the application is a development tool." msgstr "" -#: ../../sandbox-permissions.rst:133 +#: ../../sandbox-permissions.rst:139 msgid "" "``flatpak run --log-session-bus $FLATPAK_ID`` can be used to find the " "specific D-Bus permissions needed. See :ref:`debugging:Audit session or " "system bus traffic` for more information." msgstr "" -#: ../../sandbox-permissions.rst:137 +#: ../../sandbox-permissions.rst:143 msgid "**Ownership**" msgstr "" -#: ../../sandbox-permissions.rst:139 +#: ../../sandbox-permissions.rst:145 msgid "" "Any ownership beyond what is granted by default ie. own namespace and " "``org.mpris.MediaPlayer2.$FLATPAK_ID`` is typically unnecessary although " "there can be exceptions." msgstr "" -#: ../../sandbox-permissions.rst:143 +#: ../../sandbox-permissions.rst:149 msgid "**Talk**" msgstr "" -#: ../../sandbox-permissions.rst:145 +#: ../../sandbox-permissions.rst:151 msgid "It is recommended to use the minimum required talk-name permissions." msgstr "" -#: ../../sandbox-permissions.rst:148 +#: ../../sandbox-permissions.rst:154 msgid "Filesystem access" msgstr "" -#: ../../sandbox-permissions.rst:150 +#: ../../sandbox-permissions.rst:156 msgid "" "As a general rule, static and permanent filesystem access should be " "limited as much as possible. This includes:" msgstr "" -#: ../../sandbox-permissions.rst:153 +#: ../../sandbox-permissions.rst:159 msgid "" "Using portals as an alternative to blanket filesystem access, wherever " "possible." msgstr "" -#: ../../sandbox-permissions.rst:155 +#: ../../sandbox-permissions.rst:161 msgid "Using read-only access wherever possible, using the ``:ro`` option." msgstr "" -#: ../../sandbox-permissions.rst:156 +#: ../../sandbox-permissions.rst:162 msgid "" "Using :ref:`conventions:XDG base directories` to store application's " "cache, config and state. Then no additional filesystem access would be " "required." msgstr "" -#: ../../sandbox-permissions.rst:159 +#: ../../sandbox-permissions.rst:165 msgid "" "Avoiding full home access and instead using XDG directories such as " "``xdg-music`` or ``xdg-download`` etc." msgstr "" -#: ../../sandbox-permissions.rst:162 +#: ../../sandbox-permissions.rst:168 msgid "The following permission options are available:" msgstr "" -#: ../../sandbox-permissions.rst:164 +#: ../../sandbox-permissions.rst:170 msgid "``:ro`` - read-only access" msgstr "" -#: ../../sandbox-permissions.rst:165 +#: ../../sandbox-permissions.rst:171 msgid "" "``:create`` - read/write access, and create the directory if it doesn't " "exist" msgstr "" -#: ../../sandbox-permissions.rst:168 +#: ../../sandbox-permissions.rst:174 msgid "Additionally the following permissions are available:" msgstr "" -#: ../../sandbox-permissions.rst:171 +#: ../../sandbox-permissions.rst:177 +msgid "``host-root``" +msgstr "" + +#: ../../sandbox-permissions.rst:177 +msgid "" +"Complete host operating system with no exclusions mounted at " +"``/run/host/root`` inside the sandbox. (v1.17.0+)" +msgstr "" + +#: ../../sandbox-permissions.rst:178 msgid "``host``" msgstr "" -#: ../../sandbox-permissions.rst:171 +#: ../../sandbox-permissions.rst:178 msgid "" -"Access to ``/home, /media, /opt, /run/media, /srv`` and everything " -"provided by ``host-os, host-etc`` mounted in ``/run/host``" +"Access to all toplevel paths and subpaths of ``/`` except some reserved " +"paths listed below." msgstr "" -#: ../../sandbox-permissions.rst:171 ../../sandbox-permissions.rst:175 -#: ../../sandbox-permissions.rst:176 -msgid "Includes any subpaths" +#: ../../sandbox-permissions.rst:178 +msgid "" +"Paths provided by ``host-etc, host-os`` are mounted at ``/run/host`` as " +"explained below." msgstr "" -#: ../../sandbox-permissions.rst:172 +#: ../../sandbox-permissions.rst:179 msgid "``host-etc``" msgstr "" -#: ../../sandbox-permissions.rst:172 +#: ../../sandbox-permissions.rst:179 msgid "Host's ``/etc``" msgstr "" -#: ../../sandbox-permissions.rst:172 +#: ../../sandbox-permissions.rst:179 msgid "Host's ``/etc`` is mounted at ``/run/host/etc``" msgstr "" -#: ../../sandbox-permissions.rst:173 +#: ../../sandbox-permissions.rst:180 msgid "``host-os``" msgstr "" -#: ../../sandbox-permissions.rst:173 +#: ../../sandbox-permissions.rst:180 #, python-brace-format msgid "" "Host's ``/usr, /bin, /sbin, /lib{32, 64}, /etc/ld.so.cache, " "/etc/alternatives``" msgstr "" -#: ../../sandbox-permissions.rst:173 +#: ../../sandbox-permissions.rst:180 msgid "Mounted at ``/run/host``" msgstr "" -#: ../../sandbox-permissions.rst:174 +#: ../../sandbox-permissions.rst:181 msgid "``home``" msgstr "" -#: ../../sandbox-permissions.rst:174 +#: ../../sandbox-permissions.rst:181 msgid "Access the home directory" msgstr "" -#: ../../sandbox-permissions.rst:174 +#: ../../sandbox-permissions.rst:181 msgid "Except ``~/.var/app``" msgstr "" -#: ../../sandbox-permissions.rst:175 +#: ../../sandbox-permissions.rst:182 msgid "``/some/dir``" msgstr "" -#: ../../sandbox-permissions.rst:175 +#: ../../sandbox-permissions.rst:182 msgid "Access an arbitrary path except any reserved path" msgstr "" -#: ../../sandbox-permissions.rst:176 +#: ../../sandbox-permissions.rst:182 ../../sandbox-permissions.rst:183 +msgid "Includes any subpaths" +msgstr "" + +#: ../../sandbox-permissions.rst:183 msgid "``~/some/dir``" msgstr "" -#: ../../sandbox-permissions.rst:176 +#: ../../sandbox-permissions.rst:183 msgid "Arbitrary path relative to the home directory" msgstr "" -#: ../../sandbox-permissions.rst:177 +#: ../../sandbox-permissions.rst:184 msgid "``xdg-desktop``" msgstr "" -#: ../../sandbox-permissions.rst:177 +#: ../../sandbox-permissions.rst:184 msgid "Access the XDG desktop directory" msgstr "" -#: ../../sandbox-permissions.rst:177 +#: ../../sandbox-permissions.rst:184 msgid "``$XDG_DESKTOP_DIR`` or ``$HOME/Desktop``" msgstr "" -#: ../../sandbox-permissions.rst:178 +#: ../../sandbox-permissions.rst:185 msgid "``xdg-documents``" msgstr "" -#: ../../sandbox-permissions.rst:178 +#: ../../sandbox-permissions.rst:185 msgid "Access the XDG documents directory" msgstr "" -#: ../../sandbox-permissions.rst:178 +#: ../../sandbox-permissions.rst:185 msgid "``$XDG_DOCUMENTS_DIR`` or ``$HOME/Documents``" msgstr "" -#: ../../sandbox-permissions.rst:179 +#: ../../sandbox-permissions.rst:186 msgid "``xdg-download``" msgstr "" -#: ../../sandbox-permissions.rst:179 +#: ../../sandbox-permissions.rst:186 msgid "Access the XDG download directory" msgstr "" -#: ../../sandbox-permissions.rst:179 +#: ../../sandbox-permissions.rst:186 msgid "``$XDG_DOWNLOAD_DIR`` or ``$HOME/Downloads``" msgstr "" -#: ../../sandbox-permissions.rst:180 +#: ../../sandbox-permissions.rst:187 msgid "``xdg-music``" msgstr "" -#: ../../sandbox-permissions.rst:180 +#: ../../sandbox-permissions.rst:187 msgid "Access the XDG music directory" msgstr "" -#: ../../sandbox-permissions.rst:180 +#: ../../sandbox-permissions.rst:187 msgid "``$XDG_MUSIC_DIR`` or ``$HOME/Music``" msgstr "" -#: ../../sandbox-permissions.rst:181 +#: ../../sandbox-permissions.rst:188 msgid "``xdg-pictures``" msgstr "" -#: ../../sandbox-permissions.rst:181 +#: ../../sandbox-permissions.rst:188 msgid "Access the XDG pictures directory" msgstr "" -#: ../../sandbox-permissions.rst:181 +#: ../../sandbox-permissions.rst:188 msgid "``$XDG_PICTURES_DIR`` or ``$HOME/Pictures``" msgstr "" -#: ../../sandbox-permissions.rst:182 +#: ../../sandbox-permissions.rst:189 msgid "``xdg-public-share``" msgstr "" -#: ../../sandbox-permissions.rst:182 +#: ../../sandbox-permissions.rst:189 msgid "Access the XDG public directory" msgstr "" -#: ../../sandbox-permissions.rst:182 +#: ../../sandbox-permissions.rst:189 msgid "``$XDG_PUBLICSHARE_DIR`` or ``$HOME/Public``" msgstr "" -#: ../../sandbox-permissions.rst:183 +#: ../../sandbox-permissions.rst:190 msgid "``xdg-videos``" msgstr "" -#: ../../sandbox-permissions.rst:183 +#: ../../sandbox-permissions.rst:190 msgid "Access the XDG videos directory" msgstr "" -#: ../../sandbox-permissions.rst:183 +#: ../../sandbox-permissions.rst:190 msgid "``$XDG_VIDEOS_DIR`` or ``$HOME/Videos``" msgstr "" -#: ../../sandbox-permissions.rst:184 +#: ../../sandbox-permissions.rst:191 msgid "``xdg-templates``" msgstr "" -#: ../../sandbox-permissions.rst:184 +#: ../../sandbox-permissions.rst:191 msgid "Access the XDG templates directory" msgstr "" -#: ../../sandbox-permissions.rst:184 +#: ../../sandbox-permissions.rst:191 msgid "``$XDG_TEMPLATES_DIR`` or ``$HOME/Templates``" msgstr "" -#: ../../sandbox-permissions.rst:185 +#: ../../sandbox-permissions.rst:192 msgid "``xdg-config``" msgstr "" -#: ../../sandbox-permissions.rst:185 +#: ../../sandbox-permissions.rst:192 msgid "Access the XDG config directory [#f3]_" msgstr "" -#: ../../sandbox-permissions.rst:185 +#: ../../sandbox-permissions.rst:192 msgid "``$XDG_CONFIG_HOME`` or ``$HOME/.config``" msgstr "" -#: ../../sandbox-permissions.rst:186 +#: ../../sandbox-permissions.rst:193 msgid "``xdg-cache``" msgstr "" -#: ../../sandbox-permissions.rst:186 +#: ../../sandbox-permissions.rst:193 msgid "Access the XDG cache directory [#f3]_" msgstr "" -#: ../../sandbox-permissions.rst:186 +#: ../../sandbox-permissions.rst:193 msgid "``$XDG_CACHE_HOME`` or ``$HOME/.cache``" msgstr "" -#: ../../sandbox-permissions.rst:187 +#: ../../sandbox-permissions.rst:194 msgid "``xdg-data``" msgstr "" -#: ../../sandbox-permissions.rst:187 +#: ../../sandbox-permissions.rst:194 msgid "Access the XDG data directory [#f3]_" msgstr "" -#: ../../sandbox-permissions.rst:187 +#: ../../sandbox-permissions.rst:194 msgid "``$XDG_DATA_HOME`` or ``$HOME/.local/share``" msgstr "" -#: ../../sandbox-permissions.rst:188 +#: ../../sandbox-permissions.rst:195 msgid "``xdg-run/path``" msgstr "" -#: ../../sandbox-permissions.rst:188 +#: ../../sandbox-permissions.rst:195 msgid "Access subdirectories of the XDG runtime directory" msgstr "" -#: ../../sandbox-permissions.rst:188 +#: ../../sandbox-permissions.rst:195 msgid "``$XDG_RUNTIME_DIR/path`` (``/run/user/$UID/path``)" msgstr "" -#: ../../sandbox-permissions.rst:191 +#: ../../sandbox-permissions.rst:198 msgid "" "Except ``host, host-etc, host-os`` paths can be added to all the above " "filesystem options. For example, ``--filesystem=xdg-documents/path``." msgstr "" -#: ../../sandbox-permissions.rst:194 +#: ../../sandbox-permissions.rst:201 msgid "Other filesystem access guidelines include:" msgstr "" -#: ../../sandbox-permissions.rst:196 +#: ../../sandbox-permissions.rst:203 msgid "" "The ``--persist=DIR`` option can be used to map directories from the " "user's home directory into the sandbox filesystem. This only works if the" @@ -585,7 +610,7 @@ msgid "" "includes ``home``." msgstr "" -#: ../../sandbox-permissions.rst:201 +#: ../../sandbox-permissions.rst:208 msgid "" "For example, if an application hardcodes the directory ``~/.foo``, " "without any ``home`` access and no ``--persist`` the directory will be " @@ -596,48 +621,48 @@ msgid "" "``~/.var/app/$FLATPAK_ID/.foo`` which would otherwise be lost." msgstr "" -#: ../../sandbox-permissions.rst:209 +#: ../../sandbox-permissions.rst:216 msgid "A ``--persist=.`` will `persist` all directories." msgstr "" -#: ../../sandbox-permissions.rst:211 +#: ../../sandbox-permissions.rst:218 msgid "" "This does not support ``:create, :ro, :rw`` suffixes or special values " "like ``xdg-documents``. However, the directory will be created by flatpak" " if it doesn't already exist." msgstr "" -#: ../../sandbox-permissions.rst:215 +#: ../../sandbox-permissions.rst:222 msgid "" "This makes it possible to avoid configuring access to the entire home " "directory, and can be useful for applications that hardcode file paths in" " ``~/``." msgstr "" -#: ../../sandbox-permissions.rst:218 +#: ../../sandbox-permissions.rst:225 msgid "" "If an application uses ``$TMPDIR`` to contain lock files you may want to " "add a wrapper script that sets it to ``$XDG_RUNTIME_DIR/app/$FLATPAK_ID``" " (tmpfs) or ``/var/tmp`` (persistent on host)." msgstr "" -#: ../../sandbox-permissions.rst:222 +#: ../../sandbox-permissions.rst:229 msgid "" "Retaining and sharing configuration with non-Flatpak installations is to " "be avoided." msgstr "" -#: ../../sandbox-permissions.rst:226 +#: ../../sandbox-permissions.rst:233 msgid "Reserved Paths" msgstr "" -#: ../../sandbox-permissions.rst:228 +#: ../../sandbox-permissions.rst:235 msgid "" "The following paths and subpaths of them are reserved and asking access " "to them with ``--filesystem`` will have no effect::" msgstr "" -#: ../../sandbox-permissions.rst:233 +#: ../../sandbox-permissions.rst:240 msgid "" "The entire ``/run`` is not allowed but all subpaths of ``/run`` except " "``/run/flatpak, /run/host`` are allowed to be exposed via " @@ -645,44 +670,46 @@ msgid "" "to ``../run``, exposing it or a subpath of it, is not allowed." msgstr "" -#: ../../sandbox-permissions.rst:238 +#: ../../sandbox-permissions.rst:245 msgid "" "Additionally the following directories from host need to be explicitly " "requested with ``--filesystem`` and are not available with ``home, host, " "host-os, host-etc`` by default:" msgstr "" -#: ../../sandbox-permissions.rst:242 +#: ../../sandbox-permissions.rst:249 msgid "" "``~/.var/app`` - The app can access only its own directory in " "``~/.var/app/$FLATPAK_ID``" msgstr "" -#: ../../sandbox-permissions.rst:243 +#: ../../sandbox-permissions.rst:250 msgid "``$XDG_DATA_HOME/flatpak`` (``~/.local/share/flatpak``)" msgstr "" -#: ../../sandbox-permissions.rst:244 +#: ../../sandbox-permissions.rst:251 msgid "``/boot``" msgstr "" -#: ../../sandbox-permissions.rst:245 +#: ../../sandbox-permissions.rst:252 msgid "``/efi``" msgstr "" -#: ../../sandbox-permissions.rst:246 +#: ../../sandbox-permissions.rst:253 msgid "``/root``" msgstr "" -#: ../../sandbox-permissions.rst:247 -msgid "``/sys``" +#: ../../sandbox-permissions.rst:254 +msgid "" +"``/sys`` - Only ``/sys/block, /sys/bus, /sys/class, /sys/dev, " +"/sys/devices`` are shared as read-only by default (if exists)" msgstr "" -#: ../../sandbox-permissions.rst:248 +#: ../../sandbox-permissions.rst:255 msgid "``/tmp``" msgstr "" -#: ../../sandbox-permissions.rst:249 +#: ../../sandbox-permissions.rst:256 #, python-brace-format msgid "" "``/var`` - Note that by default ``/var/{cache, config, data, tmp}`` " @@ -692,96 +719,96 @@ msgid "" "available." msgstr "" -#: ../../sandbox-permissions.rst:253 +#: ../../sandbox-permissions.rst:260 msgid "``/var/lib/flatpak`` - ``/var`` does not give access to this." msgstr "" -#: ../../sandbox-permissions.rst:256 +#: ../../sandbox-permissions.rst:263 msgid "Device access" msgstr "" -#: ../../sandbox-permissions.rst:257 +#: ../../sandbox-permissions.rst:264 msgid "You can provide the following device permissions:" msgstr "" -#: ../../sandbox-permissions.rst:260 +#: ../../sandbox-permissions.rst:267 msgid "``dri``" msgstr "" -#: ../../sandbox-permissions.rst:260 +#: ../../sandbox-permissions.rst:267 msgid "Direct Rendering Interface. Necessary for GL." msgstr "" -#: ../../sandbox-permissions.rst:261 +#: ../../sandbox-permissions.rst:268 msgid "``kvm``" msgstr "" -#: ../../sandbox-permissions.rst:261 +#: ../../sandbox-permissions.rst:268 msgid "Kernel based Virtual Machine ``/dev/kvm``" msgstr "" -#: ../../sandbox-permissions.rst:262 +#: ../../sandbox-permissions.rst:269 msgid "``shm``" msgstr "" -#: ../../sandbox-permissions.rst:262 +#: ../../sandbox-permissions.rst:269 msgid "Shared Memory in ``/dev/shm``." msgstr "" -#: ../../sandbox-permissions.rst:263 +#: ../../sandbox-permissions.rst:270 msgid "``input``" msgstr "" -#: ../../sandbox-permissions.rst:263 +#: ../../sandbox-permissions.rst:270 msgid "" "Input devices as exposed in ``/dev/input``. This includes game " "controllers. Since Flatpak 1.15.6." msgstr "" -#: ../../sandbox-permissions.rst:264 +#: ../../sandbox-permissions.rst:271 msgid "``usb``" msgstr "" -#: ../../sandbox-permissions.rst:264 +#: ../../sandbox-permissions.rst:271 msgid "Raw USB devices as exposed in ``/dev/bus/usb``. Since Flatpak 1.15.11." msgstr "" -#: ../../sandbox-permissions.rst:265 +#: ../../sandbox-permissions.rst:272 msgid "``all``" msgstr "" -#: ../../sandbox-permissions.rst:265 +#: ../../sandbox-permissions.rst:272 msgid "All devices, including all of the above except ``shm``" msgstr "" -#: ../../sandbox-permissions.rst:270 +#: ../../sandbox-permissions.rst:277 msgid "" "Using newer permissions like ``input`` or ``usb`` will have no effect on " "older Flatpak versions and will fail when used through Flatpak " "commandline." msgstr "" -#: ../../sandbox-permissions.rst:274 +#: ../../sandbox-permissions.rst:281 msgid "" "While not ideal, ``--device=all`` can be used to access devices like " "webcams, CD/DVD drives etc." msgstr "" -#: ../../sandbox-permissions.rst:278 +#: ../../sandbox-permissions.rst:285 msgid "USB portal" msgstr "" -#: ../../sandbox-permissions.rst:280 -msgid "Since 1.5.11." +#: ../../sandbox-permissions.rst:287 +msgid "Since 1.15.11." msgstr "" -#: ../../sandbox-permissions.rst:282 +#: ../../sandbox-permissions.rst:289 msgid "" "Sandboxed access to individual USB devices can be controlled by portals. " "Flatpak allows specifying enumerable USB devices to allow access." msgstr "" -#: ../../sandbox-permissions.rst:286 +#: ../../sandbox-permissions.rst:293 msgid "" "Like ``--device=usb``, this is just about accessing the raw USB device, " "that needs libusb (or equivalent). By using the portal, you can restrict " @@ -790,59 +817,59 @@ msgid "" "no reason for USB security devices to be accessible." msgstr "" -#: ../../sandbox-permissions.rst:293 +#: ../../sandbox-permissions.rst:300 msgid "" "A list of valid use cases includes scanners (handled, for example by " "SANE), photo cameras (handled by libgphoto2), flashing devices, etc." msgstr "" -#: ../../sandbox-permissions.rst:296 +#: ../../sandbox-permissions.rst:303 msgid "" "While this is portal dependent and ``xdg-desktop-portal`` is currently " "the only portal implementation, the overall permission flow is as " "follows:" msgstr "" -#: ../../sandbox-permissions.rst:300 +#: ../../sandbox-permissions.rst:307 msgid "" "The Flatpak package specifies the devices it wishes to enumerate through " "``finish-args``." msgstr "" -#: ../../sandbox-permissions.rst:302 +#: ../../sandbox-permissions.rst:309 msgid "" "The application requests the portal to enumerate the available USB " "devices based on that list. If the list is empty it will enumerate all " "USB devices." msgstr "" -#: ../../sandbox-permissions.rst:305 +#: ../../sandbox-permissions.rst:312 msgid "" "When the application wants to access the device, it will make a request " "for the device it wants to access via the portal." msgstr "" -#: ../../sandbox-permissions.rst:307 +#: ../../sandbox-permissions.rst:314 msgid "The portal then requests permission from the user if not already granted." msgstr "" -#: ../../sandbox-permissions.rst:309 +#: ../../sandbox-permissions.rst:316 msgid "" "If the permission was granted, a file descriptor for the device is passed" " back to the application." msgstr "" -#: ../../sandbox-permissions.rst:312 +#: ../../sandbox-permissions.rst:319 msgid "" "The application is then able to open the devices it is supposed to use " "while the others would be hidden." msgstr "" -#: ../../sandbox-permissions.rst:316 +#: ../../sandbox-permissions.rst:323 msgid "Specifying the enumerable devices" msgstr "" -#: ../../sandbox-permissions.rst:318 +#: ../../sandbox-permissions.rst:325 msgid "" "You can specify devices on the ``flatpak`` command line, and by extension" " in the finish arguments for Flatpak Builder. Enumerable devices are " @@ -853,17 +880,17 @@ msgid "" " shall not be enumerated." msgstr "" -#: ../../sandbox-permissions.rst:326 +#: ../../sandbox-permissions.rst:333 msgid "Queries are made out of rules. These rules are composable with ``+``." msgstr "" -#: ../../sandbox-permissions.rst:328 +#: ../../sandbox-permissions.rst:335 msgid "" "The rule ``all`` enumerates every USB device. There is no further rule " "allowed in the query." msgstr "" -#: ../../sandbox-permissions.rst:331 +#: ../../sandbox-permissions.rst:338 msgid "" "The ``vnd`` and ``dev`` rules specify a USB vendor and a USB device ID " "respectively. A vendor can be specified alone, but a device rule always " @@ -873,63 +900,63 @@ msgid "" "repository `_" msgstr "" -#: ../../sandbox-permissions.rst:338 +#: ../../sandbox-permissions.rst:345 msgid "" "``cls`` specifies the device USB class and subclass. Both class and " "subclass are two digit hex numbers separated by a colon ``:``. You can " "use ``*`` to specify any subclass within the class." msgstr "" -#: ../../sandbox-permissions.rst:342 +#: ../../sandbox-permissions.rst:349 msgid "Some examples of the syntax:" msgstr "" -#: ../../sandbox-permissions.rst:344 +#: ../../sandbox-permissions.rst:351 msgid "``vnd:1234``: Devices from vendor ``1234``" msgstr "" -#: ../../sandbox-permissions.rst:345 +#: ../../sandbox-permissions.rst:352 msgid "``vnd:1234+dev:3456``: Only device ``3456`` from vendor ``1234``." msgstr "" -#: ../../sandbox-permissions.rst:346 +#: ../../sandbox-permissions.rst:353 msgid "``vnd:1234+cls:06:*``: All the PTP devices from vendor ``1234``." msgstr "" -#: ../../sandbox-permissions.rst:347 +#: ../../sandbox-permissions.rst:354 msgid "``cls:06:*``: All the PTP devices." msgstr "" -#: ../../sandbox-permissions.rst:349 +#: ../../sandbox-permissions.rst:356 msgid "" "This permission only allows to enumerate devices. To open them, " "permission must be requested from the portal. It is not possible to open " "a device that is not enumerable." msgstr "" -#: ../../sandbox-permissions.rst:355 +#: ../../sandbox-permissions.rst:362 msgid "" "The ``--device=usb`` permission is broader than what the USB portal is " "supposed to provide and allows unfettered access to any USB device on the" " bus." msgstr "" -#: ../../sandbox-permissions.rst:359 +#: ../../sandbox-permissions.rst:366 msgid "In some situations you may need to specify a very long list of devices." msgstr "" -#: ../../sandbox-permissions.rst:361 +#: ../../sandbox-permissions.rst:368 msgid "Device lists can be passed in one single argument, or through a file." msgstr "" -#: ../../sandbox-permissions.rst:363 +#: ../../sandbox-permissions.rst:370 msgid "" "When using ``--usb-list``, the queries are separated by a semi-colon " "``;``, with queries for hidden devices (i.e. those that would be passed " "with ``--nousb``) prefixed with ``!``." msgstr "" -#: ../../sandbox-permissions.rst:367 +#: ../../sandbox-permissions.rst:374 msgid "" "When using ``--usb-list-file``, the filename of the file containing USB " "queries is passed line by line. Like with ``--usb-list`` queries for " @@ -939,24 +966,24 @@ msgid "" "list is persisted internally." msgstr "" -#: ../../sandbox-permissions.rst:375 +#: ../../sandbox-permissions.rst:382 msgid "dconf access" msgstr "" -#: ../../sandbox-permissions.rst:377 +#: ../../sandbox-permissions.rst:384 msgid "" "As of xdg-desktop-portal 1.1.0 and glib 2.60.5 (in the runtime) you do " "not need direct DConf access in most cases." msgstr "" -#: ../../sandbox-permissions.rst:380 +#: ../../sandbox-permissions.rst:387 msgid "" "As of now this glib version is included in " "``org.freedesktop.Platform//19.08`` and ``org.gnome.Platform//3.34`` and " "newer." msgstr "" -#: ../../sandbox-permissions.rst:383 +#: ../../sandbox-permissions.rst:390 msgid "" "If an application existed prior to these runtimes you can tell Flatpak " "(>= 1.3.4) to migrate the DConf settings on the host into the sandbox by " @@ -965,17 +992,17 @@ msgid "" " (case is ignored and ``_`` and ``-`` are treated equal)." msgstr "" -#: ../../sandbox-permissions.rst:390 +#: ../../sandbox-permissions.rst:397 msgid "" "If you are targeting older runtimes or require direct DConf access for " "other reasons you can use these permissions::" msgstr "" -#: ../../sandbox-permissions.rst:398 +#: ../../sandbox-permissions.rst:405 msgid "With those permissions glib will continue using dconf directly." msgstr "" -#: ../../sandbox-permissions.rst:400 +#: ../../sandbox-permissions.rst:407 msgid "" "If you use a newer runtime where dconf is no longer built and still need " "it you will have to build the `dconf " @@ -983,11 +1010,11 @@ msgid "" "``--env=GIO_EXTRA_MODULES=/app/lib/gio/modules/``." msgstr "" -#: ../../sandbox-permissions.rst:405 +#: ../../sandbox-permissions.rst:412 msgid "gvfs access" msgstr "" -#: ../../sandbox-permissions.rst:407 +#: ../../sandbox-permissions.rst:414 msgid "" "As of gvfs 1.48, the gvfs daemons and applications use an on-disk socket " "to communicate, rather than an abstract socket so that the gvfs " @@ -995,47 +1022,47 @@ msgid "" "application's sandbox." msgstr "" -#: ../../sandbox-permissions.rst:411 +#: ../../sandbox-permissions.rst:418 msgid "" "A number of different options need to be passed depending on the " "application's use of gvfs." msgstr "" -#: ../../sandbox-permissions.rst:414 +#: ../../sandbox-permissions.rst:421 msgid "" "``--talk-name=org.gtk.vfs.*`` is necessary to talk to the gvfs daemons " "over D-Bus and list mounts using the GIO APIs." msgstr "" -#: ../../sandbox-permissions.rst:417 +#: ../../sandbox-permissions.rst:424 msgid "" "``--filesystem=xdg-run/gvfsd`` is necessary to use the GIO APIs to list " "and access non-native files using the GIO APIs, using URLs rather than " "FUSE paths." msgstr "" -#: ../../sandbox-permissions.rst:420 +#: ../../sandbox-permissions.rst:427 msgid "" "``--filesystem=xdg-run/gvfs`` is necessary to give access to the FUSE " "mounts non-GIO and legacy applications can use. This is what will make " "native files appear under ``/run/user/`id -u`/gvfs/``." msgstr "" -#: ../../sandbox-permissions.rst:424 +#: ../../sandbox-permissions.rst:431 msgid "Typical GNOME and GTK applications should use::" msgstr "" -#: ../../sandbox-permissions.rst:429 +#: ../../sandbox-permissions.rst:436 msgid "Typical non-GNOME and non-GTK applications should use::" msgstr "" -#: ../../sandbox-permissions.rst:433 +#: ../../sandbox-permissions.rst:440 msgid "" "No application should be using ``--talk-name=org.gtk.vfs`` in its " "manifest, as there are no D-Bus services named ``org.gtk.vfs``." msgstr "" -#: ../../sandbox-permissions.rst:436 +#: ../../sandbox-permissions.rst:443 msgid "" "These permission grants the app, the ability to communicate with the gvfs" " daemon and backends running on host. Depending on the backends installed" @@ -1051,11 +1078,11 @@ msgid "" "host." msgstr "" -#: ../../sandbox-permissions.rst:450 +#: ../../sandbox-permissions.rst:457 msgid "External drive access" msgstr "" -#: ../../sandbox-permissions.rst:452 +#: ../../sandbox-permissions.rst:459 msgid "" "External drives are mounted by the host system using systemd, udev, udisk" " fstab etc. and each of them can have different defaults. Flatpak has no " @@ -1063,30 +1090,155 @@ msgid "" "permissions should work in most cases::" msgstr "" -#: ../../sandbox-permissions.rst:461 +#: ../../sandbox-permissions.rst:468 msgid "" "If ``--filesystem=host`` is used ``/media, /run/media`` is shared " "automatically if they exist." msgstr "" -#: ../../sandbox-permissions.rst:464 +#: ../../sandbox-permissions.rst:471 msgid "" "Note that these should not have subpaths in them unless the value of the " "subpath can be consistently pre-determined. Block device naming depends " "on the kernel/fstab configuration and cannot be pre-determined." msgstr "" -#: ../../sandbox-permissions.rst:469 +#: ../../sandbox-permissions.rst:476 +msgid "Conditional permissions" +msgstr "" + +#: ../../sandbox-permissions.rst:478 +msgid "" +"Since 1.17.0, Flatpak supports conditional permissions which allows them " +"to be granted only when certain runtime conditions are satisfied and " +"fallback otherwise. The intention of the system is to allow users or " +"developers to specify tighter permission grants (as they are added in new" +" Flatpak versions) while fallback to older grants for backwards " +"compatibility at run time." +msgstr "" + +#: ../../sandbox-permissions.rst:487 +msgid "" +"Older Flatpak versions will fail when encountering unknown commandline " +"options, while unrecognized metadata entries will be silently ignored." +msgstr "" + +#: ../../sandbox-permissions.rst:491 +msgid "" +"Flatpak manifests using conditional flags (for example, ``--socket-if=`` " +"etc.) will require Flatpak 1.17.0 or newer to build and attempting to " +"build them with older Flatpak versions will produce an error." +msgstr "" + +#: ../../sandbox-permissions.rst:496 +msgid "" +"The following flags are available to specify conditional permissions in " +"CLI and in Flatpak manifests::" +msgstr "" + +#: ../../sandbox-permissions.rst:504 +msgid "" +"The syntax of all the options are ``--socket-if=PERMISSION:CONDITION`` " +"and so on where ``PERMISSION`` is the available grants for that flag " +"(e.g., those listed for ``--socket=``). Conditions can be negated by " +"prefixing with ``!``. The following conditions are supported:" +msgstr "" + +#: ../../sandbox-permissions.rst:509 +msgid "``true`` - Always evaluates to true" +msgstr "" + +#: ../../sandbox-permissions.rst:510 +msgid "``false``- Always evaluates to false" +msgstr "" + +#: ../../sandbox-permissions.rst:511 +msgid "" +"``has-input-device`` - True if the Flatpak version supports " +"``--device=input``" +msgstr "" + +#: ../../sandbox-permissions.rst:513 +msgid "``has-wayland`` - True if the current desktop session supports Wayland" +msgstr "" + +#: ../../sandbox-permissions.rst:516 +msgid "" +"Multiple conditionals can be specified for the same grant, in which case " +"the permission is granted if any condition matches. If no conditional " +"rule evaluates to ``true``, the grant is denied unless it is also " +"unconditionally allowed. Duplicate conditions are ignored." +msgstr "" + +#: ../../sandbox-permissions.rst:523 +msgid "Examples" +msgstr "" + +#: ../../sandbox-permissions.rst:525 +msgid "" +"The unconditional grant ``--socket=x11`` can be tightened using " +"conditional permissions to ``--socket-if=x11:!has-wayland``. This allows " +"access to X11 only when a Wayland desktop session is not available. To " +"preserve backwards compatibility, the following pattern can be used::" +msgstr "" + +#: ../../sandbox-permissions.rst:534 +msgid "" +"This allows older Flatpak versions which do not understand the " +"conditional permissions function by allowing X11 access always while " +"newer Flatpak, which understands the conditional system will allow X11 " +"access only when the session is not Wayland." +msgstr "" + +#: ../../sandbox-permissions.rst:539 +msgid "" +"If an application requires only access to ``input`` device permission, " +"the following flags can be used to move away from ``--device=all`` to " +"``--device=input``::" +msgstr "" + +#: ../../sandbox-permissions.rst:547 +msgid "" +"This allows older Flatpak versions which do not understand the ``input`` " +"device permission to function by having the broader ``all`` access. Newer" +" Flatpak versions which understand the conditional system (and therefore " +"understands the ``input`` permission) will deny ``all`` due to " +"``--device-if=all:!has-input-device`` and allow only ``input`` due to " +"``--device=input``." +msgstr "" + +#: ../../sandbox-permissions.rst:555 +msgid "" +"To explicitly deny a permission that might be granted through runtime " +"metadata or overrides ``--nosocket=NAME, --unshare=NAME`` etc. can be " +"used::" +msgstr "" + +#: ../../sandbox-permissions.rst:561 +msgid "" +"This denial can be combined with conditional grants to remove " +"unconditional access while allowing conditional access::" +msgstr "" + +#: ../../sandbox-permissions.rst:568 +msgid "" +"This denies unconditional X11 access but allows X11 conditionally when " +"Wayland is unavailable. Older Flatpak versions will see only the final " +"``--socket=x11`` grant and allow X11 unconditionally, while newer " +"versions recognise the conditional logic and evaluates it at runtime." +msgstr "" + +#: ../../sandbox-permissions.rst:574 msgid "Footnotes" msgstr "" -#: ../../sandbox-permissions.rst:470 +#: ../../sandbox-permissions.rst:575 msgid "" "This is not necessarily required, but without it the X11 shared memory " "extension will not work, which is very bad for X11 performance." msgstr "" -#: ../../sandbox-permissions.rst:472 +#: ../../sandbox-permissions.rst:577 msgid "" "Giving network access also grants access to all host services listening " "on abstract Unix sockets (due to how network namespaces work), and these " @@ -1095,7 +1247,7 @@ msgid "" "secure distribution should disable these and just use regular sockets." msgstr "" -#: ../../sandbox-permissions.rst:477 +#: ../../sandbox-permissions.rst:582 #, python-brace-format msgid "" "``xdg-{cache, config, data}`` bind mounts the paths from host to the per-" @@ -1445,3 +1597,16 @@ msgstr "" #~ msgid "``--socket=ssh-auth``- Allow access to ``$SSH_AUTH_SOCK``" #~ msgstr "" +#~ msgid "" +#~ "Access to ``/home, /media, /opt, " +#~ "/run/media, /srv`` and everything provided " +#~ "by ``host-os, host-etc`` mounted " +#~ "in ``/run/host``" +#~ msgstr "" + +#~ msgid "``/sys``" +#~ msgstr "" + +#~ msgid "Since 1.5.11." +#~ msgstr "" + diff --git a/po/es/LC_MESSAGES/under-the-hood.po b/po/es/LC_MESSAGES/under-the-hood.po index 3d64d1d7..82f25efa 100644 --- a/po/es/LC_MESSAGES/under-the-hood.po +++ b/po/es/LC_MESSAGES/under-the-hood.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-09-26 16:32-0300\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2018-05-20 10:37-0400\n" "Last-Translator: Copied by Zanata \n" "Language: es\n" @@ -17,7 +17,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.16.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../under-the-hood.rst:2 msgid "Under the Hood" @@ -99,51 +99,195 @@ msgid "" msgstr "" #: ../../under-the-hood.rst:51 -msgid "Underlying technologies" +msgid "Conditional permission system" msgstr "" #: ../../under-the-hood.rst:53 +msgid "" +"Since Flatpak 1.17.0, conditional permissions allow permissions to be " +"granted only when certain runtime conditions are satisfied, with fallback" +" to unconditional grants for compatibility with older versions." +msgstr "" + +#: ../../under-the-hood.rst:57 +msgid "Permissions are internally represented as:" +msgstr "" + +#: ../../under-the-hood.rst:59 +msgid "unconditionally allowed or denied" +msgstr "" + +#: ../../under-the-hood.rst:60 +msgid "" +"a reset flag indicating whether the current layer overrides rules from " +"lower layers" +msgstr "" + +#: ../../under-the-hood.rst:62 +msgid "a set of conditional rules under which the permission may be allowed" +msgstr "" + +#: ../../under-the-hood.rst:64 +msgid "For example:" +msgstr "" + +#: ../../under-the-hood.rst:66 +msgid "" +"``--socket=NAME`` unconditionally allows the permission and resets any " +"previously defined rules for that permission" +msgstr "" + +#: ../../under-the-hood.rst:68 +msgid "" +"``--nosocket=NAME`` unconditionally denies the permission and resets any " +"previously defined rules" +msgstr "" + +#: ../../under-the-hood.rst:70 +msgid "" +"``--socket-if=NAME:CONDITION`` adds a conditional rule without resetting " +"existing rules" +msgstr "" + +#: ../../under-the-hood.rst:73 +msgid "Conditions may be negated using ``!``." +msgstr "" + +#: ../../under-the-hood.rst:75 +msgid "" +"Multiple conditional rules can be specified for the same permission. In " +"this case, the permission is granted if any condition evaluates to true." +msgstr "" + +#: ../../under-the-hood.rst:78 +msgid "" +"Duplicate conditions are ignored. The order of conditions does not affect" +" evaluation." +msgstr "" + +#: ../../under-the-hood.rst:81 +msgid "" +"If no conditional rules are present, the permission is granted only if it" +" is unconditionally allowed." +msgstr "" + +#: ../../under-the-hood.rst:84 +msgid "" +"If conditional rules are present, the permission is granted if any " +"condition evaluates to true, and denied otherwise, unless it is also " +"unconditionally allowed." +msgstr "" + +#: ../../under-the-hood.rst:88 +msgid "" +"If an unconditional entry follows a conditional entry for the same grant " +"in commandline flags, the earlier unconditional entry is treated as " +"backwards compatibility fallback and does not affect the final permission" +" state. So the following is effectively treated as ``--socket-if=x11" +":!has-wayland`` in Flatpak versions supporting conditional permissions::" +msgstr "" + +#: ../../under-the-hood.rst:98 +msgid "Permissions are written to metadata using the following rules:" +msgstr "" + +#: ../../under-the-hood.rst:100 +msgid "Unconditionally allowed permissions are written as ``NAME``" +msgstr "" + +#: ../../under-the-hood.rst:101 +msgid "Unconditionally denied permissions are written as ``!NAME``" +msgstr "" + +#: ../../under-the-hood.rst:102 +msgid "Conditionally allowed permissions are written as:" +msgstr "" + +#: ../../under-the-hood.rst:104 +msgid "unconditional ``NAME`` entry for compat" +msgstr "" + +#: ../../under-the-hood.rst:105 +msgid "``if:NAME:CONDITION`` entries" +msgstr "" + +#: ../../under-the-hood.rst:107 +msgid "" +"If the permission resets previously defined rules, an explicit ``!NAME`` " +"entry is written first, followed by the unconditional ``NAME`` entry and " +"then the ``if:NAME:CONDITION`` entries. This is omitted when saving an " +"application's own metadata, as opposed to overrides." +msgstr "" + +#: ../../under-the-hood.rst:112 +msgid "" +"When parsing metadata, a non-negated unconditional ``NAME`` entry " +"appearing before a ``if:NAME:CONDITION`` entry is treated as a " +"compatibility fallback and does not affect the final permission state. " +"Eg. ``sockets=x11;if:x11:!has-wayland;`` is effectively treated as " +"``if:x11:!has-wayland`` in Flatpak versions supporting conditional " +"permissions." +msgstr "" + +#: ../../under-the-hood.rst:119 +msgid "" +"The ``fallback-x11`` socket, on pre-1.17 Flatpak versions implicitly " +"granted ``x11`` access and at runtime X11 access was suppressed when " +"Wayland was available, while on newer Flatpak (1.17+) it is internally " +"converted to the conditional syntax ``if:x11:!has-wayland``. When saving " +"the metadata, Flatpak converts ``if:x11:!has-wayland`` back to " +"``fallback-x11`` only when it is the sole conditional on ``x11``. If " +"additional conditionals are present, the new syntax is written directly " +"and older Flatpak versions will not understand the conditional entries. A" +" conditional grant for ``fallback-x11`` is not allowed." +msgstr "" + +#: ../../under-the-hood.rst:130 +msgid "Underlying technologies" +msgstr "" + +#: ../../under-the-hood.rst:132 msgid "Flatpak utilises a number of pre-existing technologies. These include:" msgstr "" -#: ../../under-the-hood.rst:55 +#: ../../under-the-hood.rst:134 msgid "" "The `bubblewrap `_ utility from" " `Project Atomic `_, which lets unprivileged " "users set up and run containers, using kernel features such as:" msgstr "" -#: ../../under-the-hood.rst:59 +#: ../../under-the-hood.rst:138 msgid "Namespaces" msgstr "" -#: ../../under-the-hood.rst:60 +#: ../../under-the-hood.rst:139 msgid "Bind mounts" msgstr "" -#: ../../under-the-hood.rst:61 +#: ../../under-the-hood.rst:140 msgid "Seccomp rules" msgstr "" -#: ../../under-the-hood.rst:63 +#: ../../under-the-hood.rst:142 msgid "" "`systemd `_ to set up" " cgroups for sandboxes" msgstr "" -#: ../../under-the-hood.rst:65 +#: ../../under-the-hood.rst:144 msgid "" "`D-Bus `_, a well-" "established way to provide high-level APIs to applications" msgstr "" -#: ../../under-the-hood.rst:67 +#: ../../under-the-hood.rst:146 msgid "" "The `OSTree `__ system for " "versioning and distributing filesystem trees" msgstr "" -#: ../../under-the-hood.rst:69 +#: ../../under-the-hood.rst:148 msgid "" "The OCI format from the `Open Container Initiative " "`_, as an alternative to OSTree used by the " @@ -151,11 +295,11 @@ msgid "" "fedora-now-live/>`__" msgstr "" -#: ../../under-the-hood.rst:73 +#: ../../under-the-hood.rst:152 msgid "Flatpak can use either OSTree or OCI for single-file bundles." msgstr "" -#: ../../under-the-hood.rst:74 +#: ../../under-the-hood.rst:153 msgid "" "`Appstream `_ " "metadata, to allow Flatpak applications to show up nicely in software " diff --git a/po/fr/LC_MESSAGES/available-runtimes.po b/po/fr/LC_MESSAGES/available-runtimes.po index 9fab581f..ed3c9a3a 100644 --- a/po/fr/LC_MESSAGES/available-runtimes.po +++ b/po/fr/LC_MESSAGES/available-runtimes.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-12-01 08:17+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2018-05-20 02:11-0400\n" "Last-Translator: Baptiste Mille-Mathias " "\n" @@ -18,7 +18,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.16.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../available-runtimes.rst:2 msgid "Available Runtimes" @@ -173,7 +173,7 @@ msgid "" "Major version releases of the runtime are synced with `GNOME releases " "`_ and are announced on `GNOME " "Discourse `_. Usually a " -"given branch of the runtime is supported for an year and EOL-ed upon the " +"given branch of the runtime is supported for a year and EOL-ed upon the " "release of a newstable version." msgstr "" @@ -491,3 +491,15 @@ msgstr "" #~ " ``io.elementary.Platform``" #~ msgstr "" +#~ msgid "" +#~ "Major version releases of the runtime" +#~ " are synced with `GNOME releases " +#~ "`_ and are " +#~ "announced on `GNOME Discourse " +#~ "`_. Usually " +#~ "a given branch of the runtime is" +#~ " supported for an year and EOL-" +#~ "ed upon the release of a newstable" +#~ " version." +#~ msgstr "" + diff --git a/po/fr/LC_MESSAGES/electron.po b/po/fr/LC_MESSAGES/electron.po index 58af4022..ed2f042b 100644 --- a/po/fr/LC_MESSAGES/electron.po +++ b/po/fr/LC_MESSAGES/electron.po @@ -9,14 +9,14 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-03-13 09:30+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../electron.rst:2 msgid "Electron" @@ -40,11 +40,10 @@ msgstr "" #: ../../electron.rst:13 msgid "" "The guide walks through the `manifest file `_ of the `sample Electron Flatpak application " -"`_. Before you start, it " -"is a good idea to take a look at this, either online or by downloading " -"the application." +"/electron-sample-app/blob/master/org.flathub.electron-sample-app.yml>`_ " +"of the `sample Electron Flatpak application `_. Before you start, it is a good idea to take a " +"look at this, either online or by downloading the application." msgstr "" #: ../../electron.rst:22 @@ -60,43 +59,42 @@ msgstr "" #: ../../electron.rst:27 msgid "" "To get setup for the build, download or clone the sample app from GitHub," -" and navigate to the ``/flatpak`` directory in the terminal. Then to " -"build::" +" and navigate to the project directory in the terminal. Then to build::" msgstr "" -#: ../../electron.rst:33 +#: ../../electron.rst:32 msgid "Finally, the application can be run with::" msgstr "" -#: ../../electron.rst:38 +#: ../../electron.rst:37 msgid "Basic configuration" msgstr "" -#: ../../electron.rst:40 +#: ../../electron.rst:39 msgid "" "The first part of the sample application's manifest specifies the " "application's ID. It also configures the runtime and SDK:" msgstr "" -#: ../../electron.rst:50 +#: ../../electron.rst:49 msgid "" "The Freedesktop runtime is generally the best runtime to use with " "Electron applications, since it is the most minimal runtime, and other " "dependencies will be specific to Electron itself." msgstr "" -#: ../../electron.rst:55 +#: ../../electron.rst:54 msgid "The Electron BaseApp" msgstr "" -#: ../../electron.rst:57 +#: ../../electron.rst:56 msgid "" "Next, the manifest specifies that the Electron BaseApp should be used, by" " specifying the ``base`` and ``base-version`` properties in the " "application manifest:" msgstr "" -#: ../../electron.rst:66 +#: ../../electron.rst:65 msgid "" "BaseApps are described in :doc:`dependencies`. Using the Electron base " "app is much faster and more convenient than manually building Electron " @@ -105,44 +103,44 @@ msgid "" "saved once on disk." msgstr "" -#: ../../electron.rst:72 +#: ../../electron.rst:71 msgid "The Node.js SDK extension" msgstr "" -#: ../../electron.rst:74 +#: ../../electron.rst:73 msgid "" "In order to build Electron-based apps, you need Node.js available at " "build time. Flathub provides Node.js LTS versions as extensions for the " "SDK, so you can install one of them and add it in your apps' manifest:" msgstr "" -#: ../../electron.rst:83 +#: ../../electron.rst:82 msgid "Enable the extension by adding it to ``PATH``:" msgstr "" -#: ../../electron.rst:90 +#: ../../electron.rst:89 msgid "" "Note that the extension name (last portion of reverse-dns notation, " "``node18`` in this example) must be the same in ``sdk-extensions`` and " "``append-path``." msgstr "" -#: ../../electron.rst:94 +#: ../../electron.rst:93 msgid "Command" msgstr "" -#: ../../electron.rst:96 +#: ../../electron.rst:95 msgid "" "The ``command`` property indicates that a script called ``run.sh`` is to " "be executed to run the application. This will be explained in further " "detail later." msgstr "" -#: ../../electron.rst:105 +#: ../../electron.rst:104 msgid "Sandbox permissions" msgstr "" -#: ../../electron.rst:107 +#: ../../electron.rst:106 msgid "" "The standard sandbox :ref:`sandbox-permissions:Permissions guidelines` " "also apply to Electron applications. However, Electron's Wayland support " @@ -151,13 +149,13 @@ msgid "" "Wayland session and nothing else is required." msgstr "" -#: ../../electron.rst:113 +#: ../../electron.rst:112 msgid "" "The sample app also configures PulseAudio for sound and enables network " "access:" msgstr "" -#: ../../electron.rst:126 +#: ../../electron.rst:125 msgid "" "To allow experimental `native Wayland` support in Electron>=20, the " "``--ozone-platform-hint=auto`` flag can be passed to the program. `auto` " @@ -165,31 +163,31 @@ msgid "" " Xwayland or X11 otherwise." msgstr "" -#: ../../electron.rst:131 +#: ../../electron.rst:130 msgid "" "It's recommended to leave actually `enabling` Wayland up to the user for " "now, i.e. set ``--socket=x11`` in the manifest. Wayland can then be " "tested with::" msgstr "" -#: ../../electron.rst:137 +#: ../../electron.rst:136 msgid "Enable native Wayland support by default" msgstr "" -#: ../../electron.rst:141 +#: ../../electron.rst:140 msgid "" "Native Wayland support in Electron is still experimental and often " "unstable. It is advised to stick with the X11/Xwayland configuration " "above as the default." msgstr "" -#: ../../electron.rst:145 +#: ../../electron.rst:144 msgid "" "To make native Wayland the `default` for users, ``--socket=fallback-x11``" " and ``--socket=wayland`` must be used in the manifest." msgstr "" -#: ../../electron.rst:148 +#: ../../electron.rst:147 msgid "" "For Electron versions between 17 and 27, client-side window decorations " "under native Wayland can be enabled by passing ``--enable-" @@ -197,7 +195,7 @@ msgid "" " Electron , this isn't necessary anymore." msgstr "" -#: ../../electron.rst:153 +#: ../../electron.rst:152 msgid "" "Electron uses ``libnotify`` on Linux to provide desktop notifications. " "`Since version 0.8.0 " @@ -210,18 +208,18 @@ msgid "" "``libnotify>=0.8.0`` since ``branch/23.08``." msgstr "" -#: ../../electron.rst:160 +#: ../../electron.rst:159 msgid "" "To ensure proper mouse cursor scaling on HiDPI displays under Wayland, " "the ``XCURSOR_PATH`` environment variable must be set to the host's " "corresponding directories:" msgstr "" -#: ../../electron.rst:172 +#: ../../electron.rst:171 msgid "Using correct desktop file name" msgstr "" -#: ../../electron.rst:174 +#: ../../electron.rst:173 #, python-brace-format msgid "" "It's important for Linux applications to set the correct desktop file " @@ -233,15 +231,16 @@ msgid "" "\"com.example.MyApp.desktop\"``." msgstr "" -#: ../../electron.rst:178 +#: ../../electron.rst:177 #, python-brace-format msgid "" -"In case you repack a binary, you can use the ``patch-desktop-filename`` " -"script provided by the BaseApp. Each Electron binary ships with " -"``resources/app.asar`` file. You need to call ``patch-desktop-filename`` " -"with this file as argument. If your application is installed under " -"``${FLATPAK_DEST}/my-app`` you need to run ``patch-desktop-filename " -"${FLATPAK_DEST}/my-app/resources/app.asar``." +"In case you repack a binary, you can use the `patch-electron-desktop-" +"filename `_ tool included in the BaseApp. Each Electron binary ships " +"with ``resources/app.asar`` file. You need to call ``patch-desktop-" +"filename`` with this file as argument. If your application is installed " +"under ``${FLATPAK_DEST}/my-app`` you need to run ``patch-desktop-filename" +" ${FLATPAK_DEST}/my-app/resources/app.asar``." msgstr "" #: ../../electron.rst:183 @@ -586,3 +585,37 @@ msgstr "" #~ "on ``$PATH``:" #~ msgstr "" +#~ msgid "" +#~ "The guide walks through the `manifest" +#~ " file `_ of the `sample Electron " +#~ "Flatpak application `_. Before you start," +#~ " it is a good idea to take " +#~ "a look at this, either online or" +#~ " by downloading the application." +#~ msgstr "" + +#~ msgid "" +#~ "To get setup for the build, " +#~ "download or clone the sample app " +#~ "from GitHub, and navigate to the " +#~ "``/flatpak`` directory in the terminal. " +#~ "Then to build::" +#~ msgstr "" + +#~ msgid "" +#~ "In case you repack a binary, you" +#~ " can use the ``patch-desktop-" +#~ "filename`` script provided by the " +#~ "BaseApp. Each Electron binary ships with" +#~ " ``resources/app.asar`` file. You need to" +#~ " call ``patch-desktop-filename`` with " +#~ "this file as argument. If your " +#~ "application is installed under " +#~ "``${FLATPAK_DEST}/my-app`` you need to " +#~ "run ``patch-desktop-filename ${FLATPAK_DEST" +#~ "}/my-app/resources/app.asar``." +#~ msgstr "" + diff --git a/po/fr/LC_MESSAGES/extension.po b/po/fr/LC_MESSAGES/extension.po index 13b3b594..c57b7f1d 100644 --- a/po/fr/LC_MESSAGES/extension.po +++ b/po/fr/LC_MESSAGES/extension.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-08-31 14:40+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: fr\n" @@ -18,7 +18,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../extension.rst:2 msgid "Extensions" @@ -62,14 +62,14 @@ msgstr "" #: ../../extension.rst:25 msgid "" "``.Debug, .Locale, .Sources`` extensions created by Flatpak builder do " -"not need to be specified manually. These are automaitcally created and " +"not need to be specified manually. These are automatically created and " "loaded if installed." msgstr "" #: ../../extension.rst:29 msgid "" "Note that, ``.Locale`` extensions are by default only partially installed" -" (only for the configued languages) by Flatpak. To install the full " +" (only for the configured languages) by Flatpak. To install the full " "locale extension ``flatpak update --subpath= $FLATPAK_ID.Locale`` can be " "used." msgstr "" @@ -330,7 +330,7 @@ msgstr "" #: ../../extension.rst:218 msgid "" "Some extensions are installed automatically by the runtime based on " -"certain conditions and these do not need be added to application " +"certain conditions and these do not need to be added to application " "manifests. Please see below for the purpose of extensions or extension " "points defined in the runtime. Similarly extensions created by Flatpak " "builder like ``.Locale, .Debug`` also do not need to be in application " @@ -991,3 +991,33 @@ msgstr "" #~ "````org.kde.Platform//5.15-24.08`` is ``24.08``." #~ msgstr "" +#~ msgid "" +#~ "``.Debug, .Locale, .Sources`` extensions " +#~ "created by Flatpak builder do not " +#~ "need to be specified manually. These " +#~ "are automaitcally created and loaded if" +#~ " installed." +#~ msgstr "" + +#~ msgid "" +#~ "Note that, ``.Locale`` extensions are by" +#~ " default only partially installed (only " +#~ "for the configued languages) by Flatpak." +#~ " To install the full locale extension" +#~ " ``flatpak update --subpath= $FLATPAK_ID.Locale``" +#~ " can be used." +#~ msgstr "" + +#~ msgid "" +#~ "Some extensions are installed automatically" +#~ " by the runtime based on certain " +#~ "conditions and these do not need " +#~ "be added to application manifests. " +#~ "Please see below for the purpose " +#~ "of extensions or extension points " +#~ "defined in the runtime. Similarly " +#~ "extensions created by Flatpak builder " +#~ "like ``.Locale, .Debug`` also do not " +#~ "need to be in application manifest." +#~ msgstr "" + diff --git a/po/fr/LC_MESSAGES/flatpak-devel.po b/po/fr/LC_MESSAGES/flatpak-devel.po index a40e8fb5..a8f1a5a9 100644 --- a/po/fr/LC_MESSAGES/flatpak-devel.po +++ b/po/fr/LC_MESSAGES/flatpak-devel.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-06-30 14:59+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: fr\n" @@ -18,7 +18,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../flatpak-devel.rst:2 msgid "Flatpak as a developer platform" @@ -59,7 +59,7 @@ msgstr "" #: ../../flatpak-devel.rst:23 msgid "" -"`Flatpak Github Actions `_ can be used for GitHub." msgstr "" @@ -349,3 +349,9 @@ msgstr "" #~ msgid "Parallel nigthly and stable applications" #~ msgstr "" +#~ msgid "" +#~ "`Flatpak Github Actions `_ can " +#~ "be used for GitHub." +#~ msgstr "" + diff --git a/po/fr/LC_MESSAGES/module-sources.po b/po/fr/LC_MESSAGES/module-sources.po index be1ce140..f8e87b95 100644 --- a/po/fr/LC_MESSAGES/module-sources.po +++ b/po/fr/LC_MESSAGES/module-sources.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-12-01 08:05+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: fr\n" @@ -18,7 +18,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.16.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../module-sources.rst:2 msgid "Module Sources" @@ -420,6 +420,7 @@ msgid "" msgstr "" #: ../../module-sources.rst:475 +#, python-brace-format msgid "" "The last line creates an empty symlink from ``${FLATPAK_DEST}/extra/`` to" " ``${FLATPAK_DEST}/bin/`` so that the executable is found in ``$PATH`` " @@ -448,6 +449,7 @@ msgid "" msgstr "" #: ../../module-sources.rst:499 +#, python-brace-format msgid "" "The commands needed to extract the snap are specified in the " "``apply_extra`` script. These can be any shell commands that run when " @@ -504,7 +506,7 @@ msgstr "" #: ../../module-sources.rst:573 msgid "" "``path`` should be the path of the local directory relative to the " -"manifest root path, whoose contents will be copied during build." +"manifest root path, whose contents will be copied during build." msgstr "" #: ../../module-sources.rst:587 @@ -516,3 +518,10 @@ msgid "" "them." msgstr "" +#~ msgid "" +#~ "``path`` should be the path of the" +#~ " local directory relative to the " +#~ "manifest root path, whoose contents will" +#~ " be copied during build." +#~ msgstr "" + diff --git a/po/fr/LC_MESSAGES/sandbox-permissions.po b/po/fr/LC_MESSAGES/sandbox-permissions.po index ce8b1efd..9d586dc9 100644 --- a/po/fr/LC_MESSAGES/sandbox-permissions.po +++ b/po/fr/LC_MESSAGES/sandbox-permissions.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-08-31 14:40+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2018-05-20 10:37-0400\n" "Last-Translator: Copied by Zanata \n" "Language: fr\n" @@ -17,7 +17,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../sandbox-permissions.rst:2 msgid "Sandbox Permissions" @@ -229,7 +229,17 @@ msgid "" "clients or SSH frontends." msgstr "" -#: ../../sandbox-permissions.rst:105 +#: ../../sandbox-permissions.rst:102 +msgid "" +"``--socket=inherit-wayland-socket`` - Inherit the ``$WAYLAND_SOCKET`` " +"environment variable from the parent process (for example, the " +"compositor). This is not commonly needed unless the application needs " +"access to the parent process’ Wayland state. Input method applications " +"may need this. It’s a very sensitive permission as it prevents Wayland " +"client state from being sandboxed." +msgstr "" + +#: ../../sandbox-permissions.rst:111 msgid "" "Applications that do not support native Wayland should use only " "``--socket=x11`` and applications that do, should use " @@ -238,26 +248,26 @@ msgid "" "Wayland sessions of the desktop environment." msgstr "" -#: ../../sandbox-permissions.rst:111 +#: ../../sandbox-permissions.rst:117 msgid "``--socket=wayland`` - Show windows with Wayland" msgstr "" -#: ../../sandbox-permissions.rst:112 +#: ../../sandbox-permissions.rst:118 msgid "``--socket=x11`` - Show windows using X11" msgstr "" -#: ../../sandbox-permissions.rst:113 +#: ../../sandbox-permissions.rst:119 msgid "" "``--socket=fallback-x11`` - Show windows using X11, if Wayland is not " "available, overrides ``x11`` socket permission. Note that you must still " "use ``--socket=wayland`` for wayland permission" msgstr "" -#: ../../sandbox-permissions.rst:118 +#: ../../sandbox-permissions.rst:124 msgid "D-Bus access" msgstr "" -#: ../../sandbox-permissions.rst:120 +#: ../../sandbox-permissions.rst:126 msgid "" "D-Bus access is filtered by default. The default policy for the session " "bus only allows the application to own its own namespace named by " @@ -269,315 +279,330 @@ msgid "" "``org.freedesktop.portal.*``." msgstr "" -#: ../../sandbox-permissions.rst:128 +#: ../../sandbox-permissions.rst:134 msgid "" "Access to the entire bus with ``--socket=system-bus`` or ``--socket" "=session-bus`` stops the filtering and using them is a security risk. So " "they must be avoided, unless the application is a development tool." msgstr "" -#: ../../sandbox-permissions.rst:133 +#: ../../sandbox-permissions.rst:139 msgid "" "``flatpak run --log-session-bus $FLATPAK_ID`` can be used to find the " "specific D-Bus permissions needed. See :ref:`debugging:Audit session or " "system bus traffic` for more information." msgstr "" -#: ../../sandbox-permissions.rst:137 +#: ../../sandbox-permissions.rst:143 msgid "**Ownership**" msgstr "" -#: ../../sandbox-permissions.rst:139 +#: ../../sandbox-permissions.rst:145 msgid "" "Any ownership beyond what is granted by default ie. own namespace and " "``org.mpris.MediaPlayer2.$FLATPAK_ID`` is typically unnecessary although " "there can be exceptions." msgstr "" -#: ../../sandbox-permissions.rst:143 +#: ../../sandbox-permissions.rst:149 msgid "**Talk**" msgstr "" -#: ../../sandbox-permissions.rst:145 +#: ../../sandbox-permissions.rst:151 msgid "It is recommended to use the minimum required talk-name permissions." msgstr "" -#: ../../sandbox-permissions.rst:148 +#: ../../sandbox-permissions.rst:154 msgid "Filesystem access" msgstr "" -#: ../../sandbox-permissions.rst:150 +#: ../../sandbox-permissions.rst:156 msgid "" "As a general rule, static and permanent filesystem access should be " "limited as much as possible. This includes:" msgstr "" -#: ../../sandbox-permissions.rst:153 +#: ../../sandbox-permissions.rst:159 msgid "" "Using portals as an alternative to blanket filesystem access, wherever " "possible." msgstr "" -#: ../../sandbox-permissions.rst:155 +#: ../../sandbox-permissions.rst:161 msgid "Using read-only access wherever possible, using the ``:ro`` option." msgstr "" -#: ../../sandbox-permissions.rst:156 +#: ../../sandbox-permissions.rst:162 msgid "" "Using :ref:`conventions:XDG base directories` to store application's " "cache, config and state. Then no additional filesystem access would be " "required." msgstr "" -#: ../../sandbox-permissions.rst:159 +#: ../../sandbox-permissions.rst:165 msgid "" "Avoiding full home access and instead using XDG directories such as " "``xdg-music`` or ``xdg-download`` etc." msgstr "" -#: ../../sandbox-permissions.rst:162 +#: ../../sandbox-permissions.rst:168 msgid "The following permission options are available:" msgstr "" -#: ../../sandbox-permissions.rst:164 +#: ../../sandbox-permissions.rst:170 msgid "``:ro`` - read-only access" msgstr "" -#: ../../sandbox-permissions.rst:165 +#: ../../sandbox-permissions.rst:171 msgid "" "``:create`` - read/write access, and create the directory if it doesn't " "exist" msgstr "" -#: ../../sandbox-permissions.rst:168 +#: ../../sandbox-permissions.rst:174 msgid "Additionally the following permissions are available:" msgstr "" -#: ../../sandbox-permissions.rst:171 +#: ../../sandbox-permissions.rst:177 +msgid "``host-root``" +msgstr "" + +#: ../../sandbox-permissions.rst:177 +msgid "" +"Complete host operating system with no exclusions mounted at " +"``/run/host/root`` inside the sandbox. (v1.17.0+)" +msgstr "" + +#: ../../sandbox-permissions.rst:178 msgid "``host``" msgstr "" -#: ../../sandbox-permissions.rst:171 +#: ../../sandbox-permissions.rst:178 msgid "" -"Access to ``/home, /media, /opt, /run/media, /srv`` and everything " -"provided by ``host-os, host-etc`` mounted in ``/run/host``" +"Access to all toplevel paths and subpaths of ``/`` except some reserved " +"paths listed below." msgstr "" -#: ../../sandbox-permissions.rst:171 ../../sandbox-permissions.rst:175 -#: ../../sandbox-permissions.rst:176 -msgid "Includes any subpaths" +#: ../../sandbox-permissions.rst:178 +msgid "" +"Paths provided by ``host-etc, host-os`` are mounted at ``/run/host`` as " +"explained below." msgstr "" -#: ../../sandbox-permissions.rst:172 +#: ../../sandbox-permissions.rst:179 msgid "``host-etc``" msgstr "" -#: ../../sandbox-permissions.rst:172 +#: ../../sandbox-permissions.rst:179 msgid "Host's ``/etc``" msgstr "" -#: ../../sandbox-permissions.rst:172 +#: ../../sandbox-permissions.rst:179 msgid "Host's ``/etc`` is mounted at ``/run/host/etc``" msgstr "" -#: ../../sandbox-permissions.rst:173 +#: ../../sandbox-permissions.rst:180 msgid "``host-os``" msgstr "" -#: ../../sandbox-permissions.rst:173 +#: ../../sandbox-permissions.rst:180 #, python-brace-format msgid "" "Host's ``/usr, /bin, /sbin, /lib{32, 64}, /etc/ld.so.cache, " "/etc/alternatives``" msgstr "" -#: ../../sandbox-permissions.rst:173 +#: ../../sandbox-permissions.rst:180 msgid "Mounted at ``/run/host``" msgstr "" -#: ../../sandbox-permissions.rst:174 +#: ../../sandbox-permissions.rst:181 msgid "``home``" msgstr "" -#: ../../sandbox-permissions.rst:174 +#: ../../sandbox-permissions.rst:181 msgid "Access the home directory" msgstr "" -#: ../../sandbox-permissions.rst:174 +#: ../../sandbox-permissions.rst:181 msgid "Except ``~/.var/app``" msgstr "" -#: ../../sandbox-permissions.rst:175 +#: ../../sandbox-permissions.rst:182 msgid "``/some/dir``" msgstr "" -#: ../../sandbox-permissions.rst:175 +#: ../../sandbox-permissions.rst:182 msgid "Access an arbitrary path except any reserved path" msgstr "" -#: ../../sandbox-permissions.rst:176 +#: ../../sandbox-permissions.rst:182 ../../sandbox-permissions.rst:183 +msgid "Includes any subpaths" +msgstr "" + +#: ../../sandbox-permissions.rst:183 msgid "``~/some/dir``" msgstr "" -#: ../../sandbox-permissions.rst:176 +#: ../../sandbox-permissions.rst:183 msgid "Arbitrary path relative to the home directory" msgstr "" -#: ../../sandbox-permissions.rst:177 +#: ../../sandbox-permissions.rst:184 msgid "``xdg-desktop``" msgstr "" -#: ../../sandbox-permissions.rst:177 +#: ../../sandbox-permissions.rst:184 msgid "Access the XDG desktop directory" msgstr "" -#: ../../sandbox-permissions.rst:177 +#: ../../sandbox-permissions.rst:184 msgid "``$XDG_DESKTOP_DIR`` or ``$HOME/Desktop``" msgstr "" -#: ../../sandbox-permissions.rst:178 +#: ../../sandbox-permissions.rst:185 msgid "``xdg-documents``" msgstr "" -#: ../../sandbox-permissions.rst:178 +#: ../../sandbox-permissions.rst:185 msgid "Access the XDG documents directory" msgstr "" -#: ../../sandbox-permissions.rst:178 +#: ../../sandbox-permissions.rst:185 msgid "``$XDG_DOCUMENTS_DIR`` or ``$HOME/Documents``" msgstr "" -#: ../../sandbox-permissions.rst:179 +#: ../../sandbox-permissions.rst:186 msgid "``xdg-download``" msgstr "" -#: ../../sandbox-permissions.rst:179 +#: ../../sandbox-permissions.rst:186 msgid "Access the XDG download directory" msgstr "" -#: ../../sandbox-permissions.rst:179 +#: ../../sandbox-permissions.rst:186 msgid "``$XDG_DOWNLOAD_DIR`` or ``$HOME/Downloads``" msgstr "" -#: ../../sandbox-permissions.rst:180 +#: ../../sandbox-permissions.rst:187 msgid "``xdg-music``" msgstr "" -#: ../../sandbox-permissions.rst:180 +#: ../../sandbox-permissions.rst:187 msgid "Access the XDG music directory" msgstr "" -#: ../../sandbox-permissions.rst:180 +#: ../../sandbox-permissions.rst:187 msgid "``$XDG_MUSIC_DIR`` or ``$HOME/Music``" msgstr "" -#: ../../sandbox-permissions.rst:181 +#: ../../sandbox-permissions.rst:188 msgid "``xdg-pictures``" msgstr "" -#: ../../sandbox-permissions.rst:181 +#: ../../sandbox-permissions.rst:188 msgid "Access the XDG pictures directory" msgstr "" -#: ../../sandbox-permissions.rst:181 +#: ../../sandbox-permissions.rst:188 msgid "``$XDG_PICTURES_DIR`` or ``$HOME/Pictures``" msgstr "" -#: ../../sandbox-permissions.rst:182 +#: ../../sandbox-permissions.rst:189 msgid "``xdg-public-share``" msgstr "" -#: ../../sandbox-permissions.rst:182 +#: ../../sandbox-permissions.rst:189 msgid "Access the XDG public directory" msgstr "" -#: ../../sandbox-permissions.rst:182 +#: ../../sandbox-permissions.rst:189 msgid "``$XDG_PUBLICSHARE_DIR`` or ``$HOME/Public``" msgstr "" -#: ../../sandbox-permissions.rst:183 +#: ../../sandbox-permissions.rst:190 msgid "``xdg-videos``" msgstr "" -#: ../../sandbox-permissions.rst:183 +#: ../../sandbox-permissions.rst:190 msgid "Access the XDG videos directory" msgstr "" -#: ../../sandbox-permissions.rst:183 +#: ../../sandbox-permissions.rst:190 msgid "``$XDG_VIDEOS_DIR`` or ``$HOME/Videos``" msgstr "" -#: ../../sandbox-permissions.rst:184 +#: ../../sandbox-permissions.rst:191 msgid "``xdg-templates``" msgstr "" -#: ../../sandbox-permissions.rst:184 +#: ../../sandbox-permissions.rst:191 msgid "Access the XDG templates directory" msgstr "" -#: ../../sandbox-permissions.rst:184 +#: ../../sandbox-permissions.rst:191 msgid "``$XDG_TEMPLATES_DIR`` or ``$HOME/Templates``" msgstr "" -#: ../../sandbox-permissions.rst:185 +#: ../../sandbox-permissions.rst:192 msgid "``xdg-config``" msgstr "" -#: ../../sandbox-permissions.rst:185 +#: ../../sandbox-permissions.rst:192 msgid "Access the XDG config directory [#f3]_" msgstr "" -#: ../../sandbox-permissions.rst:185 +#: ../../sandbox-permissions.rst:192 msgid "``$XDG_CONFIG_HOME`` or ``$HOME/.config``" msgstr "" -#: ../../sandbox-permissions.rst:186 +#: ../../sandbox-permissions.rst:193 msgid "``xdg-cache``" msgstr "" -#: ../../sandbox-permissions.rst:186 +#: ../../sandbox-permissions.rst:193 msgid "Access the XDG cache directory [#f3]_" msgstr "" -#: ../../sandbox-permissions.rst:186 +#: ../../sandbox-permissions.rst:193 msgid "``$XDG_CACHE_HOME`` or ``$HOME/.cache``" msgstr "" -#: ../../sandbox-permissions.rst:187 +#: ../../sandbox-permissions.rst:194 msgid "``xdg-data``" msgstr "" -#: ../../sandbox-permissions.rst:187 +#: ../../sandbox-permissions.rst:194 msgid "Access the XDG data directory [#f3]_" msgstr "" -#: ../../sandbox-permissions.rst:187 +#: ../../sandbox-permissions.rst:194 msgid "``$XDG_DATA_HOME`` or ``$HOME/.local/share``" msgstr "" -#: ../../sandbox-permissions.rst:188 +#: ../../sandbox-permissions.rst:195 msgid "``xdg-run/path``" msgstr "" -#: ../../sandbox-permissions.rst:188 +#: ../../sandbox-permissions.rst:195 msgid "Access subdirectories of the XDG runtime directory" msgstr "" -#: ../../sandbox-permissions.rst:188 +#: ../../sandbox-permissions.rst:195 msgid "``$XDG_RUNTIME_DIR/path`` (``/run/user/$UID/path``)" msgstr "" -#: ../../sandbox-permissions.rst:191 +#: ../../sandbox-permissions.rst:198 msgid "" "Except ``host, host-etc, host-os`` paths can be added to all the above " "filesystem options. For example, ``--filesystem=xdg-documents/path``." msgstr "" -#: ../../sandbox-permissions.rst:194 +#: ../../sandbox-permissions.rst:201 msgid "Other filesystem access guidelines include:" msgstr "" -#: ../../sandbox-permissions.rst:196 +#: ../../sandbox-permissions.rst:203 msgid "" "The ``--persist=DIR`` option can be used to map directories from the " "user's home directory into the sandbox filesystem. This only works if the" @@ -585,7 +610,7 @@ msgid "" "includes ``home``." msgstr "" -#: ../../sandbox-permissions.rst:201 +#: ../../sandbox-permissions.rst:208 msgid "" "For example, if an application hardcodes the directory ``~/.foo``, " "without any ``home`` access and no ``--persist`` the directory will be " @@ -596,48 +621,48 @@ msgid "" "``~/.var/app/$FLATPAK_ID/.foo`` which would otherwise be lost." msgstr "" -#: ../../sandbox-permissions.rst:209 +#: ../../sandbox-permissions.rst:216 msgid "A ``--persist=.`` will `persist` all directories." msgstr "" -#: ../../sandbox-permissions.rst:211 +#: ../../sandbox-permissions.rst:218 msgid "" "This does not support ``:create, :ro, :rw`` suffixes or special values " "like ``xdg-documents``. However, the directory will be created by flatpak" " if it doesn't already exist." msgstr "" -#: ../../sandbox-permissions.rst:215 +#: ../../sandbox-permissions.rst:222 msgid "" "This makes it possible to avoid configuring access to the entire home " "directory, and can be useful for applications that hardcode file paths in" " ``~/``." msgstr "" -#: ../../sandbox-permissions.rst:218 +#: ../../sandbox-permissions.rst:225 msgid "" "If an application uses ``$TMPDIR`` to contain lock files you may want to " "add a wrapper script that sets it to ``$XDG_RUNTIME_DIR/app/$FLATPAK_ID``" " (tmpfs) or ``/var/tmp`` (persistent on host)." msgstr "" -#: ../../sandbox-permissions.rst:222 +#: ../../sandbox-permissions.rst:229 msgid "" "Retaining and sharing configuration with non-Flatpak installations is to " "be avoided." msgstr "" -#: ../../sandbox-permissions.rst:226 +#: ../../sandbox-permissions.rst:233 msgid "Reserved Paths" msgstr "" -#: ../../sandbox-permissions.rst:228 +#: ../../sandbox-permissions.rst:235 msgid "" "The following paths and subpaths of them are reserved and asking access " "to them with ``--filesystem`` will have no effect::" msgstr "" -#: ../../sandbox-permissions.rst:233 +#: ../../sandbox-permissions.rst:240 msgid "" "The entire ``/run`` is not allowed but all subpaths of ``/run`` except " "``/run/flatpak, /run/host`` are allowed to be exposed via " @@ -645,44 +670,46 @@ msgid "" "to ``../run``, exposing it or a subpath of it, is not allowed." msgstr "" -#: ../../sandbox-permissions.rst:238 +#: ../../sandbox-permissions.rst:245 msgid "" "Additionally the following directories from host need to be explicitly " "requested with ``--filesystem`` and are not available with ``home, host, " "host-os, host-etc`` by default:" msgstr "" -#: ../../sandbox-permissions.rst:242 +#: ../../sandbox-permissions.rst:249 msgid "" "``~/.var/app`` - The app can access only its own directory in " "``~/.var/app/$FLATPAK_ID``" msgstr "" -#: ../../sandbox-permissions.rst:243 +#: ../../sandbox-permissions.rst:250 msgid "``$XDG_DATA_HOME/flatpak`` (``~/.local/share/flatpak``)" msgstr "" -#: ../../sandbox-permissions.rst:244 +#: ../../sandbox-permissions.rst:251 msgid "``/boot``" msgstr "" -#: ../../sandbox-permissions.rst:245 +#: ../../sandbox-permissions.rst:252 msgid "``/efi``" msgstr "" -#: ../../sandbox-permissions.rst:246 +#: ../../sandbox-permissions.rst:253 msgid "``/root``" msgstr "" -#: ../../sandbox-permissions.rst:247 -msgid "``/sys``" +#: ../../sandbox-permissions.rst:254 +msgid "" +"``/sys`` - Only ``/sys/block, /sys/bus, /sys/class, /sys/dev, " +"/sys/devices`` are shared as read-only by default (if exists)" msgstr "" -#: ../../sandbox-permissions.rst:248 +#: ../../sandbox-permissions.rst:255 msgid "``/tmp``" msgstr "" -#: ../../sandbox-permissions.rst:249 +#: ../../sandbox-permissions.rst:256 #, python-brace-format msgid "" "``/var`` - Note that by default ``/var/{cache, config, data, tmp}`` " @@ -692,96 +719,96 @@ msgid "" "available." msgstr "" -#: ../../sandbox-permissions.rst:253 +#: ../../sandbox-permissions.rst:260 msgid "``/var/lib/flatpak`` - ``/var`` does not give access to this." msgstr "" -#: ../../sandbox-permissions.rst:256 +#: ../../sandbox-permissions.rst:263 msgid "Device access" msgstr "" -#: ../../sandbox-permissions.rst:257 +#: ../../sandbox-permissions.rst:264 msgid "You can provide the following device permissions:" msgstr "" -#: ../../sandbox-permissions.rst:260 +#: ../../sandbox-permissions.rst:267 msgid "``dri``" msgstr "" -#: ../../sandbox-permissions.rst:260 +#: ../../sandbox-permissions.rst:267 msgid "Direct Rendering Interface. Necessary for GL." msgstr "" -#: ../../sandbox-permissions.rst:261 +#: ../../sandbox-permissions.rst:268 msgid "``kvm``" msgstr "" -#: ../../sandbox-permissions.rst:261 +#: ../../sandbox-permissions.rst:268 msgid "Kernel based Virtual Machine ``/dev/kvm``" msgstr "" -#: ../../sandbox-permissions.rst:262 +#: ../../sandbox-permissions.rst:269 msgid "``shm``" msgstr "" -#: ../../sandbox-permissions.rst:262 +#: ../../sandbox-permissions.rst:269 msgid "Shared Memory in ``/dev/shm``." msgstr "" -#: ../../sandbox-permissions.rst:263 +#: ../../sandbox-permissions.rst:270 msgid "``input``" msgstr "" -#: ../../sandbox-permissions.rst:263 +#: ../../sandbox-permissions.rst:270 msgid "" "Input devices as exposed in ``/dev/input``. This includes game " "controllers. Since Flatpak 1.15.6." msgstr "" -#: ../../sandbox-permissions.rst:264 +#: ../../sandbox-permissions.rst:271 msgid "``usb``" msgstr "" -#: ../../sandbox-permissions.rst:264 +#: ../../sandbox-permissions.rst:271 msgid "Raw USB devices as exposed in ``/dev/bus/usb``. Since Flatpak 1.15.11." msgstr "" -#: ../../sandbox-permissions.rst:265 +#: ../../sandbox-permissions.rst:272 msgid "``all``" msgstr "" -#: ../../sandbox-permissions.rst:265 +#: ../../sandbox-permissions.rst:272 msgid "All devices, including all of the above except ``shm``" msgstr "" -#: ../../sandbox-permissions.rst:270 +#: ../../sandbox-permissions.rst:277 msgid "" "Using newer permissions like ``input`` or ``usb`` will have no effect on " "older Flatpak versions and will fail when used through Flatpak " "commandline." msgstr "" -#: ../../sandbox-permissions.rst:274 +#: ../../sandbox-permissions.rst:281 msgid "" "While not ideal, ``--device=all`` can be used to access devices like " "webcams, CD/DVD drives etc." msgstr "" -#: ../../sandbox-permissions.rst:278 +#: ../../sandbox-permissions.rst:285 msgid "USB portal" msgstr "" -#: ../../sandbox-permissions.rst:280 -msgid "Since 1.5.11." +#: ../../sandbox-permissions.rst:287 +msgid "Since 1.15.11." msgstr "" -#: ../../sandbox-permissions.rst:282 +#: ../../sandbox-permissions.rst:289 msgid "" "Sandboxed access to individual USB devices can be controlled by portals. " "Flatpak allows specifying enumerable USB devices to allow access." msgstr "" -#: ../../sandbox-permissions.rst:286 +#: ../../sandbox-permissions.rst:293 msgid "" "Like ``--device=usb``, this is just about accessing the raw USB device, " "that needs libusb (or equivalent). By using the portal, you can restrict " @@ -790,59 +817,59 @@ msgid "" "no reason for USB security devices to be accessible." msgstr "" -#: ../../sandbox-permissions.rst:293 +#: ../../sandbox-permissions.rst:300 msgid "" "A list of valid use cases includes scanners (handled, for example by " "SANE), photo cameras (handled by libgphoto2), flashing devices, etc." msgstr "" -#: ../../sandbox-permissions.rst:296 +#: ../../sandbox-permissions.rst:303 msgid "" "While this is portal dependent and ``xdg-desktop-portal`` is currently " "the only portal implementation, the overall permission flow is as " "follows:" msgstr "" -#: ../../sandbox-permissions.rst:300 +#: ../../sandbox-permissions.rst:307 msgid "" "The Flatpak package specifies the devices it wishes to enumerate through " "``finish-args``." msgstr "" -#: ../../sandbox-permissions.rst:302 +#: ../../sandbox-permissions.rst:309 msgid "" "The application requests the portal to enumerate the available USB " "devices based on that list. If the list is empty it will enumerate all " "USB devices." msgstr "" -#: ../../sandbox-permissions.rst:305 +#: ../../sandbox-permissions.rst:312 msgid "" "When the application wants to access the device, it will make a request " "for the device it wants to access via the portal." msgstr "" -#: ../../sandbox-permissions.rst:307 +#: ../../sandbox-permissions.rst:314 msgid "The portal then requests permission from the user if not already granted." msgstr "" -#: ../../sandbox-permissions.rst:309 +#: ../../sandbox-permissions.rst:316 msgid "" "If the permission was granted, a file descriptor for the device is passed" " back to the application." msgstr "" -#: ../../sandbox-permissions.rst:312 +#: ../../sandbox-permissions.rst:319 msgid "" "The application is then able to open the devices it is supposed to use " "while the others would be hidden." msgstr "" -#: ../../sandbox-permissions.rst:316 +#: ../../sandbox-permissions.rst:323 msgid "Specifying the enumerable devices" msgstr "" -#: ../../sandbox-permissions.rst:318 +#: ../../sandbox-permissions.rst:325 msgid "" "You can specify devices on the ``flatpak`` command line, and by extension" " in the finish arguments for Flatpak Builder. Enumerable devices are " @@ -853,17 +880,17 @@ msgid "" " shall not be enumerated." msgstr "" -#: ../../sandbox-permissions.rst:326 +#: ../../sandbox-permissions.rst:333 msgid "Queries are made out of rules. These rules are composable with ``+``." msgstr "" -#: ../../sandbox-permissions.rst:328 +#: ../../sandbox-permissions.rst:335 msgid "" "The rule ``all`` enumerates every USB device. There is no further rule " "allowed in the query." msgstr "" -#: ../../sandbox-permissions.rst:331 +#: ../../sandbox-permissions.rst:338 msgid "" "The ``vnd`` and ``dev`` rules specify a USB vendor and a USB device ID " "respectively. A vendor can be specified alone, but a device rule always " @@ -873,63 +900,63 @@ msgid "" "repository `_" msgstr "" -#: ../../sandbox-permissions.rst:338 +#: ../../sandbox-permissions.rst:345 msgid "" "``cls`` specifies the device USB class and subclass. Both class and " "subclass are two digit hex numbers separated by a colon ``:``. You can " "use ``*`` to specify any subclass within the class." msgstr "" -#: ../../sandbox-permissions.rst:342 +#: ../../sandbox-permissions.rst:349 msgid "Some examples of the syntax:" msgstr "" -#: ../../sandbox-permissions.rst:344 +#: ../../sandbox-permissions.rst:351 msgid "``vnd:1234``: Devices from vendor ``1234``" msgstr "" -#: ../../sandbox-permissions.rst:345 +#: ../../sandbox-permissions.rst:352 msgid "``vnd:1234+dev:3456``: Only device ``3456`` from vendor ``1234``." msgstr "" -#: ../../sandbox-permissions.rst:346 +#: ../../sandbox-permissions.rst:353 msgid "``vnd:1234+cls:06:*``: All the PTP devices from vendor ``1234``." msgstr "" -#: ../../sandbox-permissions.rst:347 +#: ../../sandbox-permissions.rst:354 msgid "``cls:06:*``: All the PTP devices." msgstr "" -#: ../../sandbox-permissions.rst:349 +#: ../../sandbox-permissions.rst:356 msgid "" "This permission only allows to enumerate devices. To open them, " "permission must be requested from the portal. It is not possible to open " "a device that is not enumerable." msgstr "" -#: ../../sandbox-permissions.rst:355 +#: ../../sandbox-permissions.rst:362 msgid "" "The ``--device=usb`` permission is broader than what the USB portal is " "supposed to provide and allows unfettered access to any USB device on the" " bus." msgstr "" -#: ../../sandbox-permissions.rst:359 +#: ../../sandbox-permissions.rst:366 msgid "In some situations you may need to specify a very long list of devices." msgstr "" -#: ../../sandbox-permissions.rst:361 +#: ../../sandbox-permissions.rst:368 msgid "Device lists can be passed in one single argument, or through a file." msgstr "" -#: ../../sandbox-permissions.rst:363 +#: ../../sandbox-permissions.rst:370 msgid "" "When using ``--usb-list``, the queries are separated by a semi-colon " "``;``, with queries for hidden devices (i.e. those that would be passed " "with ``--nousb``) prefixed with ``!``." msgstr "" -#: ../../sandbox-permissions.rst:367 +#: ../../sandbox-permissions.rst:374 msgid "" "When using ``--usb-list-file``, the filename of the file containing USB " "queries is passed line by line. Like with ``--usb-list`` queries for " @@ -939,24 +966,24 @@ msgid "" "list is persisted internally." msgstr "" -#: ../../sandbox-permissions.rst:375 +#: ../../sandbox-permissions.rst:382 msgid "dconf access" msgstr "" -#: ../../sandbox-permissions.rst:377 +#: ../../sandbox-permissions.rst:384 msgid "" "As of xdg-desktop-portal 1.1.0 and glib 2.60.5 (in the runtime) you do " "not need direct DConf access in most cases." msgstr "" -#: ../../sandbox-permissions.rst:380 +#: ../../sandbox-permissions.rst:387 msgid "" "As of now this glib version is included in " "``org.freedesktop.Platform//19.08`` and ``org.gnome.Platform//3.34`` and " "newer." msgstr "" -#: ../../sandbox-permissions.rst:383 +#: ../../sandbox-permissions.rst:390 msgid "" "If an application existed prior to these runtimes you can tell Flatpak " "(>= 1.3.4) to migrate the DConf settings on the host into the sandbox by " @@ -965,17 +992,17 @@ msgid "" " (case is ignored and ``_`` and ``-`` are treated equal)." msgstr "" -#: ../../sandbox-permissions.rst:390 +#: ../../sandbox-permissions.rst:397 msgid "" "If you are targeting older runtimes or require direct DConf access for " "other reasons you can use these permissions::" msgstr "" -#: ../../sandbox-permissions.rst:398 +#: ../../sandbox-permissions.rst:405 msgid "With those permissions glib will continue using dconf directly." msgstr "" -#: ../../sandbox-permissions.rst:400 +#: ../../sandbox-permissions.rst:407 msgid "" "If you use a newer runtime where dconf is no longer built and still need " "it you will have to build the `dconf " @@ -983,11 +1010,11 @@ msgid "" "``--env=GIO_EXTRA_MODULES=/app/lib/gio/modules/``." msgstr "" -#: ../../sandbox-permissions.rst:405 +#: ../../sandbox-permissions.rst:412 msgid "gvfs access" msgstr "" -#: ../../sandbox-permissions.rst:407 +#: ../../sandbox-permissions.rst:414 msgid "" "As of gvfs 1.48, the gvfs daemons and applications use an on-disk socket " "to communicate, rather than an abstract socket so that the gvfs " @@ -995,47 +1022,47 @@ msgid "" "application's sandbox." msgstr "" -#: ../../sandbox-permissions.rst:411 +#: ../../sandbox-permissions.rst:418 msgid "" "A number of different options need to be passed depending on the " "application's use of gvfs." msgstr "" -#: ../../sandbox-permissions.rst:414 +#: ../../sandbox-permissions.rst:421 msgid "" "``--talk-name=org.gtk.vfs.*`` is necessary to talk to the gvfs daemons " "over D-Bus and list mounts using the GIO APIs." msgstr "" -#: ../../sandbox-permissions.rst:417 +#: ../../sandbox-permissions.rst:424 msgid "" "``--filesystem=xdg-run/gvfsd`` is necessary to use the GIO APIs to list " "and access non-native files using the GIO APIs, using URLs rather than " "FUSE paths." msgstr "" -#: ../../sandbox-permissions.rst:420 +#: ../../sandbox-permissions.rst:427 msgid "" "``--filesystem=xdg-run/gvfs`` is necessary to give access to the FUSE " "mounts non-GIO and legacy applications can use. This is what will make " "native files appear under ``/run/user/`id -u`/gvfs/``." msgstr "" -#: ../../sandbox-permissions.rst:424 +#: ../../sandbox-permissions.rst:431 msgid "Typical GNOME and GTK applications should use::" msgstr "" -#: ../../sandbox-permissions.rst:429 +#: ../../sandbox-permissions.rst:436 msgid "Typical non-GNOME and non-GTK applications should use::" msgstr "" -#: ../../sandbox-permissions.rst:433 +#: ../../sandbox-permissions.rst:440 msgid "" "No application should be using ``--talk-name=org.gtk.vfs`` in its " "manifest, as there are no D-Bus services named ``org.gtk.vfs``." msgstr "" -#: ../../sandbox-permissions.rst:436 +#: ../../sandbox-permissions.rst:443 msgid "" "These permission grants the app, the ability to communicate with the gvfs" " daemon and backends running on host. Depending on the backends installed" @@ -1051,11 +1078,11 @@ msgid "" "host." msgstr "" -#: ../../sandbox-permissions.rst:450 +#: ../../sandbox-permissions.rst:457 msgid "External drive access" msgstr "" -#: ../../sandbox-permissions.rst:452 +#: ../../sandbox-permissions.rst:459 msgid "" "External drives are mounted by the host system using systemd, udev, udisk" " fstab etc. and each of them can have different defaults. Flatpak has no " @@ -1063,30 +1090,155 @@ msgid "" "permissions should work in most cases::" msgstr "" -#: ../../sandbox-permissions.rst:461 +#: ../../sandbox-permissions.rst:468 msgid "" "If ``--filesystem=host`` is used ``/media, /run/media`` is shared " "automatically if they exist." msgstr "" -#: ../../sandbox-permissions.rst:464 +#: ../../sandbox-permissions.rst:471 msgid "" "Note that these should not have subpaths in them unless the value of the " "subpath can be consistently pre-determined. Block device naming depends " "on the kernel/fstab configuration and cannot be pre-determined." msgstr "" -#: ../../sandbox-permissions.rst:469 +#: ../../sandbox-permissions.rst:476 +msgid "Conditional permissions" +msgstr "" + +#: ../../sandbox-permissions.rst:478 +msgid "" +"Since 1.17.0, Flatpak supports conditional permissions which allows them " +"to be granted only when certain runtime conditions are satisfied and " +"fallback otherwise. The intention of the system is to allow users or " +"developers to specify tighter permission grants (as they are added in new" +" Flatpak versions) while fallback to older grants for backwards " +"compatibility at run time." +msgstr "" + +#: ../../sandbox-permissions.rst:487 +msgid "" +"Older Flatpak versions will fail when encountering unknown commandline " +"options, while unrecognized metadata entries will be silently ignored." +msgstr "" + +#: ../../sandbox-permissions.rst:491 +msgid "" +"Flatpak manifests using conditional flags (for example, ``--socket-if=`` " +"etc.) will require Flatpak 1.17.0 or newer to build and attempting to " +"build them with older Flatpak versions will produce an error." +msgstr "" + +#: ../../sandbox-permissions.rst:496 +msgid "" +"The following flags are available to specify conditional permissions in " +"CLI and in Flatpak manifests::" +msgstr "" + +#: ../../sandbox-permissions.rst:504 +msgid "" +"The syntax of all the options are ``--socket-if=PERMISSION:CONDITION`` " +"and so on where ``PERMISSION`` is the available grants for that flag " +"(e.g., those listed for ``--socket=``). Conditions can be negated by " +"prefixing with ``!``. The following conditions are supported:" +msgstr "" + +#: ../../sandbox-permissions.rst:509 +msgid "``true`` - Always evaluates to true" +msgstr "" + +#: ../../sandbox-permissions.rst:510 +msgid "``false``- Always evaluates to false" +msgstr "" + +#: ../../sandbox-permissions.rst:511 +msgid "" +"``has-input-device`` - True if the Flatpak version supports " +"``--device=input``" +msgstr "" + +#: ../../sandbox-permissions.rst:513 +msgid "``has-wayland`` - True if the current desktop session supports Wayland" +msgstr "" + +#: ../../sandbox-permissions.rst:516 +msgid "" +"Multiple conditionals can be specified for the same grant, in which case " +"the permission is granted if any condition matches. If no conditional " +"rule evaluates to ``true``, the grant is denied unless it is also " +"unconditionally allowed. Duplicate conditions are ignored." +msgstr "" + +#: ../../sandbox-permissions.rst:523 +msgid "Examples" +msgstr "" + +#: ../../sandbox-permissions.rst:525 +msgid "" +"The unconditional grant ``--socket=x11`` can be tightened using " +"conditional permissions to ``--socket-if=x11:!has-wayland``. This allows " +"access to X11 only when a Wayland desktop session is not available. To " +"preserve backwards compatibility, the following pattern can be used::" +msgstr "" + +#: ../../sandbox-permissions.rst:534 +msgid "" +"This allows older Flatpak versions which do not understand the " +"conditional permissions function by allowing X11 access always while " +"newer Flatpak, which understands the conditional system will allow X11 " +"access only when the session is not Wayland." +msgstr "" + +#: ../../sandbox-permissions.rst:539 +msgid "" +"If an application requires only access to ``input`` device permission, " +"the following flags can be used to move away from ``--device=all`` to " +"``--device=input``::" +msgstr "" + +#: ../../sandbox-permissions.rst:547 +msgid "" +"This allows older Flatpak versions which do not understand the ``input`` " +"device permission to function by having the broader ``all`` access. Newer" +" Flatpak versions which understand the conditional system (and therefore " +"understands the ``input`` permission) will deny ``all`` due to " +"``--device-if=all:!has-input-device`` and allow only ``input`` due to " +"``--device=input``." +msgstr "" + +#: ../../sandbox-permissions.rst:555 +msgid "" +"To explicitly deny a permission that might be granted through runtime " +"metadata or overrides ``--nosocket=NAME, --unshare=NAME`` etc. can be " +"used::" +msgstr "" + +#: ../../sandbox-permissions.rst:561 +msgid "" +"This denial can be combined with conditional grants to remove " +"unconditional access while allowing conditional access::" +msgstr "" + +#: ../../sandbox-permissions.rst:568 +msgid "" +"This denies unconditional X11 access but allows X11 conditionally when " +"Wayland is unavailable. Older Flatpak versions will see only the final " +"``--socket=x11`` grant and allow X11 unconditionally, while newer " +"versions recognise the conditional logic and evaluates it at runtime." +msgstr "" + +#: ../../sandbox-permissions.rst:574 msgid "Footnotes" msgstr "" -#: ../../sandbox-permissions.rst:470 +#: ../../sandbox-permissions.rst:575 msgid "" "This is not necessarily required, but without it the X11 shared memory " "extension will not work, which is very bad for X11 performance." msgstr "" -#: ../../sandbox-permissions.rst:472 +#: ../../sandbox-permissions.rst:577 msgid "" "Giving network access also grants access to all host services listening " "on abstract Unix sockets (due to how network namespaces work), and these " @@ -1095,7 +1247,7 @@ msgid "" "secure distribution should disable these and just use regular sockets." msgstr "" -#: ../../sandbox-permissions.rst:477 +#: ../../sandbox-permissions.rst:582 #, python-brace-format msgid "" "``xdg-{cache, config, data}`` bind mounts the paths from host to the per-" @@ -1445,3 +1597,16 @@ msgstr "" #~ msgid "``--socket=ssh-auth``- Allow access to ``$SSH_AUTH_SOCK``" #~ msgstr "" +#~ msgid "" +#~ "Access to ``/home, /media, /opt, " +#~ "/run/media, /srv`` and everything provided " +#~ "by ``host-os, host-etc`` mounted " +#~ "in ``/run/host``" +#~ msgstr "" + +#~ msgid "``/sys``" +#~ msgstr "" + +#~ msgid "Since 1.5.11." +#~ msgstr "" + diff --git a/po/fr/LC_MESSAGES/under-the-hood.po b/po/fr/LC_MESSAGES/under-the-hood.po index ed9b8fa2..15cb912a 100644 --- a/po/fr/LC_MESSAGES/under-the-hood.po +++ b/po/fr/LC_MESSAGES/under-the-hood.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-09-26 16:32-0300\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2018-05-29 09:14-0400\n" "Last-Translator: Baptiste Mille-Mathias " "\n" @@ -19,7 +19,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.16.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../under-the-hood.rst:2 msgid "Under the Hood" @@ -101,51 +101,195 @@ msgid "" msgstr "" #: ../../under-the-hood.rst:51 -msgid "Underlying technologies" +msgid "Conditional permission system" msgstr "" #: ../../under-the-hood.rst:53 +msgid "" +"Since Flatpak 1.17.0, conditional permissions allow permissions to be " +"granted only when certain runtime conditions are satisfied, with fallback" +" to unconditional grants for compatibility with older versions." +msgstr "" + +#: ../../under-the-hood.rst:57 +msgid "Permissions are internally represented as:" +msgstr "" + +#: ../../under-the-hood.rst:59 +msgid "unconditionally allowed or denied" +msgstr "" + +#: ../../under-the-hood.rst:60 +msgid "" +"a reset flag indicating whether the current layer overrides rules from " +"lower layers" +msgstr "" + +#: ../../under-the-hood.rst:62 +msgid "a set of conditional rules under which the permission may be allowed" +msgstr "" + +#: ../../under-the-hood.rst:64 +msgid "For example:" +msgstr "" + +#: ../../under-the-hood.rst:66 +msgid "" +"``--socket=NAME`` unconditionally allows the permission and resets any " +"previously defined rules for that permission" +msgstr "" + +#: ../../under-the-hood.rst:68 +msgid "" +"``--nosocket=NAME`` unconditionally denies the permission and resets any " +"previously defined rules" +msgstr "" + +#: ../../under-the-hood.rst:70 +msgid "" +"``--socket-if=NAME:CONDITION`` adds a conditional rule without resetting " +"existing rules" +msgstr "" + +#: ../../under-the-hood.rst:73 +msgid "Conditions may be negated using ``!``." +msgstr "" + +#: ../../under-the-hood.rst:75 +msgid "" +"Multiple conditional rules can be specified for the same permission. In " +"this case, the permission is granted if any condition evaluates to true." +msgstr "" + +#: ../../under-the-hood.rst:78 +msgid "" +"Duplicate conditions are ignored. The order of conditions does not affect" +" evaluation." +msgstr "" + +#: ../../under-the-hood.rst:81 +msgid "" +"If no conditional rules are present, the permission is granted only if it" +" is unconditionally allowed." +msgstr "" + +#: ../../under-the-hood.rst:84 +msgid "" +"If conditional rules are present, the permission is granted if any " +"condition evaluates to true, and denied otherwise, unless it is also " +"unconditionally allowed." +msgstr "" + +#: ../../under-the-hood.rst:88 +msgid "" +"If an unconditional entry follows a conditional entry for the same grant " +"in commandline flags, the earlier unconditional entry is treated as " +"backwards compatibility fallback and does not affect the final permission" +" state. So the following is effectively treated as ``--socket-if=x11" +":!has-wayland`` in Flatpak versions supporting conditional permissions::" +msgstr "" + +#: ../../under-the-hood.rst:98 +msgid "Permissions are written to metadata using the following rules:" +msgstr "" + +#: ../../under-the-hood.rst:100 +msgid "Unconditionally allowed permissions are written as ``NAME``" +msgstr "" + +#: ../../under-the-hood.rst:101 +msgid "Unconditionally denied permissions are written as ``!NAME``" +msgstr "" + +#: ../../under-the-hood.rst:102 +msgid "Conditionally allowed permissions are written as:" +msgstr "" + +#: ../../under-the-hood.rst:104 +msgid "unconditional ``NAME`` entry for compat" +msgstr "" + +#: ../../under-the-hood.rst:105 +msgid "``if:NAME:CONDITION`` entries" +msgstr "" + +#: ../../under-the-hood.rst:107 +msgid "" +"If the permission resets previously defined rules, an explicit ``!NAME`` " +"entry is written first, followed by the unconditional ``NAME`` entry and " +"then the ``if:NAME:CONDITION`` entries. This is omitted when saving an " +"application's own metadata, as opposed to overrides." +msgstr "" + +#: ../../under-the-hood.rst:112 +msgid "" +"When parsing metadata, a non-negated unconditional ``NAME`` entry " +"appearing before a ``if:NAME:CONDITION`` entry is treated as a " +"compatibility fallback and does not affect the final permission state. " +"Eg. ``sockets=x11;if:x11:!has-wayland;`` is effectively treated as " +"``if:x11:!has-wayland`` in Flatpak versions supporting conditional " +"permissions." +msgstr "" + +#: ../../under-the-hood.rst:119 +msgid "" +"The ``fallback-x11`` socket, on pre-1.17 Flatpak versions implicitly " +"granted ``x11`` access and at runtime X11 access was suppressed when " +"Wayland was available, while on newer Flatpak (1.17+) it is internally " +"converted to the conditional syntax ``if:x11:!has-wayland``. When saving " +"the metadata, Flatpak converts ``if:x11:!has-wayland`` back to " +"``fallback-x11`` only when it is the sole conditional on ``x11``. If " +"additional conditionals are present, the new syntax is written directly " +"and older Flatpak versions will not understand the conditional entries. A" +" conditional grant for ``fallback-x11`` is not allowed." +msgstr "" + +#: ../../under-the-hood.rst:130 +msgid "Underlying technologies" +msgstr "" + +#: ../../under-the-hood.rst:132 msgid "Flatpak utilises a number of pre-existing technologies. These include:" msgstr "" -#: ../../under-the-hood.rst:55 +#: ../../under-the-hood.rst:134 msgid "" "The `bubblewrap `_ utility from" " `Project Atomic `_, which lets unprivileged " "users set up and run containers, using kernel features such as:" msgstr "" -#: ../../under-the-hood.rst:59 +#: ../../under-the-hood.rst:138 msgid "Namespaces" msgstr "" -#: ../../under-the-hood.rst:60 +#: ../../under-the-hood.rst:139 msgid "Bind mounts" msgstr "" -#: ../../under-the-hood.rst:61 +#: ../../under-the-hood.rst:140 msgid "Seccomp rules" msgstr "Règles Seccomp" -#: ../../under-the-hood.rst:63 +#: ../../under-the-hood.rst:142 msgid "" "`systemd `_ to set up" " cgroups for sandboxes" msgstr "" -#: ../../under-the-hood.rst:65 +#: ../../under-the-hood.rst:144 msgid "" "`D-Bus `_, a well-" "established way to provide high-level APIs to applications" msgstr "" -#: ../../under-the-hood.rst:67 +#: ../../under-the-hood.rst:146 msgid "" "The `OSTree `__ system for " "versioning and distributing filesystem trees" msgstr "" -#: ../../under-the-hood.rst:69 +#: ../../under-the-hood.rst:148 msgid "" "The OCI format from the `Open Container Initiative " "`_, as an alternative to OSTree used by the " @@ -153,11 +297,11 @@ msgid "" "fedora-now-live/>`__" msgstr "" -#: ../../under-the-hood.rst:73 +#: ../../under-the-hood.rst:152 msgid "Flatpak can use either OSTree or OCI for single-file bundles." msgstr "" -#: ../../under-the-hood.rst:74 +#: ../../under-the-hood.rst:153 msgid "" "`Appstream `_ " "metadata, to allow Flatpak applications to show up nicely in software " diff --git a/po/ko/LC_MESSAGES/available-runtimes.po b/po/ko/LC_MESSAGES/available-runtimes.po index 5539df67..63b04203 100644 --- a/po/ko/LC_MESSAGES/available-runtimes.po +++ b/po/ko/LC_MESSAGES/available-runtimes.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-12-01 08:17+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2018-05-20 10:37-0400\n" "Last-Translator: Copied by Zanata \n" "Language: ko\n" @@ -17,7 +17,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.16.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../available-runtimes.rst:2 msgid "Available Runtimes" @@ -166,7 +166,7 @@ msgid "" "Major version releases of the runtime are synced with `GNOME releases " "`_ and are announced on `GNOME " "Discourse `_. Usually a " -"given branch of the runtime is supported for an year and EOL-ed upon the " +"given branch of the runtime is supported for a year and EOL-ed upon the " "release of a newstable version." msgstr "" @@ -482,3 +482,15 @@ msgstr "" #~ " ``io.elementary.Platform``" #~ msgstr "" +#~ msgid "" +#~ "Major version releases of the runtime" +#~ " are synced with `GNOME releases " +#~ "`_ and are " +#~ "announced on `GNOME Discourse " +#~ "`_. Usually " +#~ "a given branch of the runtime is" +#~ " supported for an year and EOL-" +#~ "ed upon the release of a newstable" +#~ " version." +#~ msgstr "" + diff --git a/po/ko/LC_MESSAGES/electron.po b/po/ko/LC_MESSAGES/electron.po index 58af4022..ed2f042b 100644 --- a/po/ko/LC_MESSAGES/electron.po +++ b/po/ko/LC_MESSAGES/electron.po @@ -9,14 +9,14 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-03-13 09:30+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../electron.rst:2 msgid "Electron" @@ -40,11 +40,10 @@ msgstr "" #: ../../electron.rst:13 msgid "" "The guide walks through the `manifest file `_ of the `sample Electron Flatpak application " -"`_. Before you start, it " -"is a good idea to take a look at this, either online or by downloading " -"the application." +"/electron-sample-app/blob/master/org.flathub.electron-sample-app.yml>`_ " +"of the `sample Electron Flatpak application `_. Before you start, it is a good idea to take a " +"look at this, either online or by downloading the application." msgstr "" #: ../../electron.rst:22 @@ -60,43 +59,42 @@ msgstr "" #: ../../electron.rst:27 msgid "" "To get setup for the build, download or clone the sample app from GitHub," -" and navigate to the ``/flatpak`` directory in the terminal. Then to " -"build::" +" and navigate to the project directory in the terminal. Then to build::" msgstr "" -#: ../../electron.rst:33 +#: ../../electron.rst:32 msgid "Finally, the application can be run with::" msgstr "" -#: ../../electron.rst:38 +#: ../../electron.rst:37 msgid "Basic configuration" msgstr "" -#: ../../electron.rst:40 +#: ../../electron.rst:39 msgid "" "The first part of the sample application's manifest specifies the " "application's ID. It also configures the runtime and SDK:" msgstr "" -#: ../../electron.rst:50 +#: ../../electron.rst:49 msgid "" "The Freedesktop runtime is generally the best runtime to use with " "Electron applications, since it is the most minimal runtime, and other " "dependencies will be specific to Electron itself." msgstr "" -#: ../../electron.rst:55 +#: ../../electron.rst:54 msgid "The Electron BaseApp" msgstr "" -#: ../../electron.rst:57 +#: ../../electron.rst:56 msgid "" "Next, the manifest specifies that the Electron BaseApp should be used, by" " specifying the ``base`` and ``base-version`` properties in the " "application manifest:" msgstr "" -#: ../../electron.rst:66 +#: ../../electron.rst:65 msgid "" "BaseApps are described in :doc:`dependencies`. Using the Electron base " "app is much faster and more convenient than manually building Electron " @@ -105,44 +103,44 @@ msgid "" "saved once on disk." msgstr "" -#: ../../electron.rst:72 +#: ../../electron.rst:71 msgid "The Node.js SDK extension" msgstr "" -#: ../../electron.rst:74 +#: ../../electron.rst:73 msgid "" "In order to build Electron-based apps, you need Node.js available at " "build time. Flathub provides Node.js LTS versions as extensions for the " "SDK, so you can install one of them and add it in your apps' manifest:" msgstr "" -#: ../../electron.rst:83 +#: ../../electron.rst:82 msgid "Enable the extension by adding it to ``PATH``:" msgstr "" -#: ../../electron.rst:90 +#: ../../electron.rst:89 msgid "" "Note that the extension name (last portion of reverse-dns notation, " "``node18`` in this example) must be the same in ``sdk-extensions`` and " "``append-path``." msgstr "" -#: ../../electron.rst:94 +#: ../../electron.rst:93 msgid "Command" msgstr "" -#: ../../electron.rst:96 +#: ../../electron.rst:95 msgid "" "The ``command`` property indicates that a script called ``run.sh`` is to " "be executed to run the application. This will be explained in further " "detail later." msgstr "" -#: ../../electron.rst:105 +#: ../../electron.rst:104 msgid "Sandbox permissions" msgstr "" -#: ../../electron.rst:107 +#: ../../electron.rst:106 msgid "" "The standard sandbox :ref:`sandbox-permissions:Permissions guidelines` " "also apply to Electron applications. However, Electron's Wayland support " @@ -151,13 +149,13 @@ msgid "" "Wayland session and nothing else is required." msgstr "" -#: ../../electron.rst:113 +#: ../../electron.rst:112 msgid "" "The sample app also configures PulseAudio for sound and enables network " "access:" msgstr "" -#: ../../electron.rst:126 +#: ../../electron.rst:125 msgid "" "To allow experimental `native Wayland` support in Electron>=20, the " "``--ozone-platform-hint=auto`` flag can be passed to the program. `auto` " @@ -165,31 +163,31 @@ msgid "" " Xwayland or X11 otherwise." msgstr "" -#: ../../electron.rst:131 +#: ../../electron.rst:130 msgid "" "It's recommended to leave actually `enabling` Wayland up to the user for " "now, i.e. set ``--socket=x11`` in the manifest. Wayland can then be " "tested with::" msgstr "" -#: ../../electron.rst:137 +#: ../../electron.rst:136 msgid "Enable native Wayland support by default" msgstr "" -#: ../../electron.rst:141 +#: ../../electron.rst:140 msgid "" "Native Wayland support in Electron is still experimental and often " "unstable. It is advised to stick with the X11/Xwayland configuration " "above as the default." msgstr "" -#: ../../electron.rst:145 +#: ../../electron.rst:144 msgid "" "To make native Wayland the `default` for users, ``--socket=fallback-x11``" " and ``--socket=wayland`` must be used in the manifest." msgstr "" -#: ../../electron.rst:148 +#: ../../electron.rst:147 msgid "" "For Electron versions between 17 and 27, client-side window decorations " "under native Wayland can be enabled by passing ``--enable-" @@ -197,7 +195,7 @@ msgid "" " Electron , this isn't necessary anymore." msgstr "" -#: ../../electron.rst:153 +#: ../../electron.rst:152 msgid "" "Electron uses ``libnotify`` on Linux to provide desktop notifications. " "`Since version 0.8.0 " @@ -210,18 +208,18 @@ msgid "" "``libnotify>=0.8.0`` since ``branch/23.08``." msgstr "" -#: ../../electron.rst:160 +#: ../../electron.rst:159 msgid "" "To ensure proper mouse cursor scaling on HiDPI displays under Wayland, " "the ``XCURSOR_PATH`` environment variable must be set to the host's " "corresponding directories:" msgstr "" -#: ../../electron.rst:172 +#: ../../electron.rst:171 msgid "Using correct desktop file name" msgstr "" -#: ../../electron.rst:174 +#: ../../electron.rst:173 #, python-brace-format msgid "" "It's important for Linux applications to set the correct desktop file " @@ -233,15 +231,16 @@ msgid "" "\"com.example.MyApp.desktop\"``." msgstr "" -#: ../../electron.rst:178 +#: ../../electron.rst:177 #, python-brace-format msgid "" -"In case you repack a binary, you can use the ``patch-desktop-filename`` " -"script provided by the BaseApp. Each Electron binary ships with " -"``resources/app.asar`` file. You need to call ``patch-desktop-filename`` " -"with this file as argument. If your application is installed under " -"``${FLATPAK_DEST}/my-app`` you need to run ``patch-desktop-filename " -"${FLATPAK_DEST}/my-app/resources/app.asar``." +"In case you repack a binary, you can use the `patch-electron-desktop-" +"filename `_ tool included in the BaseApp. Each Electron binary ships " +"with ``resources/app.asar`` file. You need to call ``patch-desktop-" +"filename`` with this file as argument. If your application is installed " +"under ``${FLATPAK_DEST}/my-app`` you need to run ``patch-desktop-filename" +" ${FLATPAK_DEST}/my-app/resources/app.asar``." msgstr "" #: ../../electron.rst:183 @@ -586,3 +585,37 @@ msgstr "" #~ "on ``$PATH``:" #~ msgstr "" +#~ msgid "" +#~ "The guide walks through the `manifest" +#~ " file `_ of the `sample Electron " +#~ "Flatpak application `_. Before you start," +#~ " it is a good idea to take " +#~ "a look at this, either online or" +#~ " by downloading the application." +#~ msgstr "" + +#~ msgid "" +#~ "To get setup for the build, " +#~ "download or clone the sample app " +#~ "from GitHub, and navigate to the " +#~ "``/flatpak`` directory in the terminal. " +#~ "Then to build::" +#~ msgstr "" + +#~ msgid "" +#~ "In case you repack a binary, you" +#~ " can use the ``patch-desktop-" +#~ "filename`` script provided by the " +#~ "BaseApp. Each Electron binary ships with" +#~ " ``resources/app.asar`` file. You need to" +#~ " call ``patch-desktop-filename`` with " +#~ "this file as argument. If your " +#~ "application is installed under " +#~ "``${FLATPAK_DEST}/my-app`` you need to " +#~ "run ``patch-desktop-filename ${FLATPAK_DEST" +#~ "}/my-app/resources/app.asar``." +#~ msgstr "" + diff --git a/po/ko/LC_MESSAGES/extension.po b/po/ko/LC_MESSAGES/extension.po index 8a8c5104..de99a3bd 100644 --- a/po/ko/LC_MESSAGES/extension.po +++ b/po/ko/LC_MESSAGES/extension.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-08-31 14:40+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: ko\n" @@ -18,7 +18,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../extension.rst:2 msgid "Extensions" @@ -62,14 +62,14 @@ msgstr "" #: ../../extension.rst:25 msgid "" "``.Debug, .Locale, .Sources`` extensions created by Flatpak builder do " -"not need to be specified manually. These are automaitcally created and " +"not need to be specified manually. These are automatically created and " "loaded if installed." msgstr "" #: ../../extension.rst:29 msgid "" "Note that, ``.Locale`` extensions are by default only partially installed" -" (only for the configued languages) by Flatpak. To install the full " +" (only for the configured languages) by Flatpak. To install the full " "locale extension ``flatpak update --subpath= $FLATPAK_ID.Locale`` can be " "used." msgstr "" @@ -330,7 +330,7 @@ msgstr "" #: ../../extension.rst:218 msgid "" "Some extensions are installed automatically by the runtime based on " -"certain conditions and these do not need be added to application " +"certain conditions and these do not need to be added to application " "manifests. Please see below for the purpose of extensions or extension " "points defined in the runtime. Similarly extensions created by Flatpak " "builder like ``.Locale, .Debug`` also do not need to be in application " @@ -991,3 +991,33 @@ msgstr "" #~ "````org.kde.Platform//5.15-24.08`` is ``24.08``." #~ msgstr "" +#~ msgid "" +#~ "``.Debug, .Locale, .Sources`` extensions " +#~ "created by Flatpak builder do not " +#~ "need to be specified manually. These " +#~ "are automaitcally created and loaded if" +#~ " installed." +#~ msgstr "" + +#~ msgid "" +#~ "Note that, ``.Locale`` extensions are by" +#~ " default only partially installed (only " +#~ "for the configued languages) by Flatpak." +#~ " To install the full locale extension" +#~ " ``flatpak update --subpath= $FLATPAK_ID.Locale``" +#~ " can be used." +#~ msgstr "" + +#~ msgid "" +#~ "Some extensions are installed automatically" +#~ " by the runtime based on certain " +#~ "conditions and these do not need " +#~ "be added to application manifests. " +#~ "Please see below for the purpose " +#~ "of extensions or extension points " +#~ "defined in the runtime. Similarly " +#~ "extensions created by Flatpak builder " +#~ "like ``.Locale, .Debug`` also do not " +#~ "need to be in application manifest." +#~ msgstr "" + diff --git a/po/ko/LC_MESSAGES/flatpak-devel.po b/po/ko/LC_MESSAGES/flatpak-devel.po index 5e60d722..3ae8238b 100644 --- a/po/ko/LC_MESSAGES/flatpak-devel.po +++ b/po/ko/LC_MESSAGES/flatpak-devel.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-06-30 14:59+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: ko\n" @@ -18,7 +18,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../flatpak-devel.rst:2 msgid "Flatpak as a developer platform" @@ -59,7 +59,7 @@ msgstr "" #: ../../flatpak-devel.rst:23 msgid "" -"`Flatpak Github Actions `_ can be used for GitHub." msgstr "" @@ -349,3 +349,9 @@ msgstr "" #~ msgid "Parallel nigthly and stable applications" #~ msgstr "" +#~ msgid "" +#~ "`Flatpak Github Actions `_ can " +#~ "be used for GitHub." +#~ msgstr "" + diff --git a/po/ko/LC_MESSAGES/module-sources.po b/po/ko/LC_MESSAGES/module-sources.po index 176242fb..127ef900 100644 --- a/po/ko/LC_MESSAGES/module-sources.po +++ b/po/ko/LC_MESSAGES/module-sources.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-12-01 08:05+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: ko\n" @@ -18,7 +18,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.16.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../module-sources.rst:2 msgid "Module Sources" @@ -420,6 +420,7 @@ msgid "" msgstr "" #: ../../module-sources.rst:475 +#, python-brace-format msgid "" "The last line creates an empty symlink from ``${FLATPAK_DEST}/extra/`` to" " ``${FLATPAK_DEST}/bin/`` so that the executable is found in ``$PATH`` " @@ -448,6 +449,7 @@ msgid "" msgstr "" #: ../../module-sources.rst:499 +#, python-brace-format msgid "" "The commands needed to extract the snap are specified in the " "``apply_extra`` script. These can be any shell commands that run when " @@ -504,7 +506,7 @@ msgstr "" #: ../../module-sources.rst:573 msgid "" "``path`` should be the path of the local directory relative to the " -"manifest root path, whoose contents will be copied during build." +"manifest root path, whose contents will be copied during build." msgstr "" #: ../../module-sources.rst:587 @@ -516,3 +518,10 @@ msgid "" "them." msgstr "" +#~ msgid "" +#~ "``path`` should be the path of the" +#~ " local directory relative to the " +#~ "manifest root path, whoose contents will" +#~ " be copied during build." +#~ msgstr "" + diff --git a/po/ko/LC_MESSAGES/sandbox-permissions.po b/po/ko/LC_MESSAGES/sandbox-permissions.po index a9c6de03..e2f1f871 100644 --- a/po/ko/LC_MESSAGES/sandbox-permissions.po +++ b/po/ko/LC_MESSAGES/sandbox-permissions.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-08-31 14:40+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2018-05-20 10:37-0400\n" "Last-Translator: Copied by Zanata \n" "Language: ko\n" @@ -17,7 +17,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../sandbox-permissions.rst:2 msgid "Sandbox Permissions" @@ -234,7 +234,17 @@ msgid "" "clients or SSH frontends." msgstr "" -#: ../../sandbox-permissions.rst:105 +#: ../../sandbox-permissions.rst:102 +msgid "" +"``--socket=inherit-wayland-socket`` - Inherit the ``$WAYLAND_SOCKET`` " +"environment variable from the parent process (for example, the " +"compositor). This is not commonly needed unless the application needs " +"access to the parent process’ Wayland state. Input method applications " +"may need this. It’s a very sensitive permission as it prevents Wayland " +"client state from being sandboxed." +msgstr "" + +#: ../../sandbox-permissions.rst:111 msgid "" "Applications that do not support native Wayland should use only " "``--socket=x11`` and applications that do, should use " @@ -243,27 +253,27 @@ msgid "" "Wayland sessions of the desktop environment." msgstr "" -#: ../../sandbox-permissions.rst:111 +#: ../../sandbox-permissions.rst:117 #, fuzzy msgid "``--socket=wayland`` - Show windows with Wayland" msgstr "``—socket=pulseaudio``" -#: ../../sandbox-permissions.rst:112 +#: ../../sandbox-permissions.rst:118 msgid "``--socket=x11`` - Show windows using X11" msgstr "" -#: ../../sandbox-permissions.rst:113 +#: ../../sandbox-permissions.rst:119 msgid "" "``--socket=fallback-x11`` - Show windows using X11, if Wayland is not " "available, overrides ``x11`` socket permission. Note that you must still " "use ``--socket=wayland`` for wayland permission" msgstr "" -#: ../../sandbox-permissions.rst:118 +#: ../../sandbox-permissions.rst:124 msgid "D-Bus access" msgstr "" -#: ../../sandbox-permissions.rst:120 +#: ../../sandbox-permissions.rst:126 msgid "" "D-Bus access is filtered by default. The default policy for the session " "bus only allows the application to own its own namespace named by " @@ -275,316 +285,331 @@ msgid "" "``org.freedesktop.portal.*``." msgstr "" -#: ../../sandbox-permissions.rst:128 +#: ../../sandbox-permissions.rst:134 msgid "" "Access to the entire bus with ``--socket=system-bus`` or ``--socket" "=session-bus`` stops the filtering and using them is a security risk. So " "they must be avoided, unless the application is a development tool." msgstr "" -#: ../../sandbox-permissions.rst:133 +#: ../../sandbox-permissions.rst:139 msgid "" "``flatpak run --log-session-bus $FLATPAK_ID`` can be used to find the " "specific D-Bus permissions needed. See :ref:`debugging:Audit session or " "system bus traffic` for more information." msgstr "" -#: ../../sandbox-permissions.rst:137 +#: ../../sandbox-permissions.rst:143 msgid "**Ownership**" msgstr "" -#: ../../sandbox-permissions.rst:139 +#: ../../sandbox-permissions.rst:145 msgid "" "Any ownership beyond what is granted by default ie. own namespace and " "``org.mpris.MediaPlayer2.$FLATPAK_ID`` is typically unnecessary although " "there can be exceptions." msgstr "" -#: ../../sandbox-permissions.rst:143 +#: ../../sandbox-permissions.rst:149 msgid "**Talk**" msgstr "" -#: ../../sandbox-permissions.rst:145 +#: ../../sandbox-permissions.rst:151 msgid "It is recommended to use the minimum required talk-name permissions." msgstr "" -#: ../../sandbox-permissions.rst:148 +#: ../../sandbox-permissions.rst:154 msgid "Filesystem access" msgstr "" -#: ../../sandbox-permissions.rst:150 +#: ../../sandbox-permissions.rst:156 msgid "" "As a general rule, static and permanent filesystem access should be " "limited as much as possible. This includes:" msgstr "" -#: ../../sandbox-permissions.rst:153 +#: ../../sandbox-permissions.rst:159 msgid "" "Using portals as an alternative to blanket filesystem access, wherever " "possible." msgstr "" -#: ../../sandbox-permissions.rst:155 +#: ../../sandbox-permissions.rst:161 msgid "Using read-only access wherever possible, using the ``:ro`` option." msgstr "" -#: ../../sandbox-permissions.rst:156 +#: ../../sandbox-permissions.rst:162 msgid "" "Using :ref:`conventions:XDG base directories` to store application's " "cache, config and state. Then no additional filesystem access would be " "required." msgstr "" -#: ../../sandbox-permissions.rst:159 +#: ../../sandbox-permissions.rst:165 msgid "" "Avoiding full home access and instead using XDG directories such as " "``xdg-music`` or ``xdg-download`` etc." msgstr "" -#: ../../sandbox-permissions.rst:162 +#: ../../sandbox-permissions.rst:168 msgid "The following permission options are available:" msgstr "" -#: ../../sandbox-permissions.rst:164 +#: ../../sandbox-permissions.rst:170 msgid "``:ro`` - read-only access" msgstr "" -#: ../../sandbox-permissions.rst:165 +#: ../../sandbox-permissions.rst:171 msgid "" "``:create`` - read/write access, and create the directory if it doesn't " "exist" msgstr "" -#: ../../sandbox-permissions.rst:168 +#: ../../sandbox-permissions.rst:174 msgid "Additionally the following permissions are available:" msgstr "" -#: ../../sandbox-permissions.rst:171 +#: ../../sandbox-permissions.rst:177 +msgid "``host-root``" +msgstr "" + +#: ../../sandbox-permissions.rst:177 +msgid "" +"Complete host operating system with no exclusions mounted at " +"``/run/host/root`` inside the sandbox. (v1.17.0+)" +msgstr "" + +#: ../../sandbox-permissions.rst:178 msgid "``host``" msgstr "" -#: ../../sandbox-permissions.rst:171 +#: ../../sandbox-permissions.rst:178 msgid "" -"Access to ``/home, /media, /opt, /run/media, /srv`` and everything " -"provided by ``host-os, host-etc`` mounted in ``/run/host``" +"Access to all toplevel paths and subpaths of ``/`` except some reserved " +"paths listed below." msgstr "" -#: ../../sandbox-permissions.rst:171 ../../sandbox-permissions.rst:175 -#: ../../sandbox-permissions.rst:176 -msgid "Includes any subpaths" +#: ../../sandbox-permissions.rst:178 +msgid "" +"Paths provided by ``host-etc, host-os`` are mounted at ``/run/host`` as " +"explained below." msgstr "" -#: ../../sandbox-permissions.rst:172 +#: ../../sandbox-permissions.rst:179 msgid "``host-etc``" msgstr "" -#: ../../sandbox-permissions.rst:172 +#: ../../sandbox-permissions.rst:179 msgid "Host's ``/etc``" msgstr "" -#: ../../sandbox-permissions.rst:172 +#: ../../sandbox-permissions.rst:179 msgid "Host's ``/etc`` is mounted at ``/run/host/etc``" msgstr "" -#: ../../sandbox-permissions.rst:173 +#: ../../sandbox-permissions.rst:180 msgid "``host-os``" msgstr "" -#: ../../sandbox-permissions.rst:173 +#: ../../sandbox-permissions.rst:180 #, python-brace-format msgid "" "Host's ``/usr, /bin, /sbin, /lib{32, 64}, /etc/ld.so.cache, " "/etc/alternatives``" msgstr "" -#: ../../sandbox-permissions.rst:173 +#: ../../sandbox-permissions.rst:180 msgid "Mounted at ``/run/host``" msgstr "" -#: ../../sandbox-permissions.rst:174 +#: ../../sandbox-permissions.rst:181 msgid "``home``" msgstr "" -#: ../../sandbox-permissions.rst:174 +#: ../../sandbox-permissions.rst:181 #, fuzzy msgid "Access the home directory" msgstr "네트워크 [#f2]_ 접근" -#: ../../sandbox-permissions.rst:174 +#: ../../sandbox-permissions.rst:181 msgid "Except ``~/.var/app``" msgstr "" -#: ../../sandbox-permissions.rst:175 +#: ../../sandbox-permissions.rst:182 msgid "``/some/dir``" msgstr "" -#: ../../sandbox-permissions.rst:175 +#: ../../sandbox-permissions.rst:182 msgid "Access an arbitrary path except any reserved path" msgstr "" -#: ../../sandbox-permissions.rst:176 +#: ../../sandbox-permissions.rst:182 ../../sandbox-permissions.rst:183 +msgid "Includes any subpaths" +msgstr "" + +#: ../../sandbox-permissions.rst:183 msgid "``~/some/dir``" msgstr "" -#: ../../sandbox-permissions.rst:176 +#: ../../sandbox-permissions.rst:183 msgid "Arbitrary path relative to the home directory" msgstr "" -#: ../../sandbox-permissions.rst:177 +#: ../../sandbox-permissions.rst:184 msgid "``xdg-desktop``" msgstr "" -#: ../../sandbox-permissions.rst:177 +#: ../../sandbox-permissions.rst:184 msgid "Access the XDG desktop directory" msgstr "" -#: ../../sandbox-permissions.rst:177 +#: ../../sandbox-permissions.rst:184 msgid "``$XDG_DESKTOP_DIR`` or ``$HOME/Desktop``" msgstr "" -#: ../../sandbox-permissions.rst:178 +#: ../../sandbox-permissions.rst:185 msgid "``xdg-documents``" msgstr "" -#: ../../sandbox-permissions.rst:178 +#: ../../sandbox-permissions.rst:185 msgid "Access the XDG documents directory" msgstr "" -#: ../../sandbox-permissions.rst:178 +#: ../../sandbox-permissions.rst:185 msgid "``$XDG_DOCUMENTS_DIR`` or ``$HOME/Documents``" msgstr "" -#: ../../sandbox-permissions.rst:179 +#: ../../sandbox-permissions.rst:186 msgid "``xdg-download``" msgstr "" -#: ../../sandbox-permissions.rst:179 +#: ../../sandbox-permissions.rst:186 msgid "Access the XDG download directory" msgstr "" -#: ../../sandbox-permissions.rst:179 +#: ../../sandbox-permissions.rst:186 msgid "``$XDG_DOWNLOAD_DIR`` or ``$HOME/Downloads``" msgstr "" -#: ../../sandbox-permissions.rst:180 +#: ../../sandbox-permissions.rst:187 msgid "``xdg-music``" msgstr "" -#: ../../sandbox-permissions.rst:180 +#: ../../sandbox-permissions.rst:187 msgid "Access the XDG music directory" msgstr "" -#: ../../sandbox-permissions.rst:180 +#: ../../sandbox-permissions.rst:187 msgid "``$XDG_MUSIC_DIR`` or ``$HOME/Music``" msgstr "" -#: ../../sandbox-permissions.rst:181 +#: ../../sandbox-permissions.rst:188 msgid "``xdg-pictures``" msgstr "" -#: ../../sandbox-permissions.rst:181 +#: ../../sandbox-permissions.rst:188 msgid "Access the XDG pictures directory" msgstr "" -#: ../../sandbox-permissions.rst:181 +#: ../../sandbox-permissions.rst:188 msgid "``$XDG_PICTURES_DIR`` or ``$HOME/Pictures``" msgstr "" -#: ../../sandbox-permissions.rst:182 +#: ../../sandbox-permissions.rst:189 msgid "``xdg-public-share``" msgstr "" -#: ../../sandbox-permissions.rst:182 +#: ../../sandbox-permissions.rst:189 msgid "Access the XDG public directory" msgstr "" -#: ../../sandbox-permissions.rst:182 +#: ../../sandbox-permissions.rst:189 msgid "``$XDG_PUBLICSHARE_DIR`` or ``$HOME/Public``" msgstr "" -#: ../../sandbox-permissions.rst:183 +#: ../../sandbox-permissions.rst:190 msgid "``xdg-videos``" msgstr "" -#: ../../sandbox-permissions.rst:183 +#: ../../sandbox-permissions.rst:190 msgid "Access the XDG videos directory" msgstr "" -#: ../../sandbox-permissions.rst:183 +#: ../../sandbox-permissions.rst:190 msgid "``$XDG_VIDEOS_DIR`` or ``$HOME/Videos``" msgstr "" -#: ../../sandbox-permissions.rst:184 +#: ../../sandbox-permissions.rst:191 msgid "``xdg-templates``" msgstr "" -#: ../../sandbox-permissions.rst:184 +#: ../../sandbox-permissions.rst:191 msgid "Access the XDG templates directory" msgstr "" -#: ../../sandbox-permissions.rst:184 +#: ../../sandbox-permissions.rst:191 msgid "``$XDG_TEMPLATES_DIR`` or ``$HOME/Templates``" msgstr "" -#: ../../sandbox-permissions.rst:185 +#: ../../sandbox-permissions.rst:192 msgid "``xdg-config``" msgstr "" -#: ../../sandbox-permissions.rst:185 +#: ../../sandbox-permissions.rst:192 msgid "Access the XDG config directory [#f3]_" msgstr "" -#: ../../sandbox-permissions.rst:185 +#: ../../sandbox-permissions.rst:192 msgid "``$XDG_CONFIG_HOME`` or ``$HOME/.config``" msgstr "" -#: ../../sandbox-permissions.rst:186 +#: ../../sandbox-permissions.rst:193 msgid "``xdg-cache``" msgstr "" -#: ../../sandbox-permissions.rst:186 +#: ../../sandbox-permissions.rst:193 msgid "Access the XDG cache directory [#f3]_" msgstr "" -#: ../../sandbox-permissions.rst:186 +#: ../../sandbox-permissions.rst:193 msgid "``$XDG_CACHE_HOME`` or ``$HOME/.cache``" msgstr "" -#: ../../sandbox-permissions.rst:187 +#: ../../sandbox-permissions.rst:194 msgid "``xdg-data``" msgstr "" -#: ../../sandbox-permissions.rst:187 +#: ../../sandbox-permissions.rst:194 msgid "Access the XDG data directory [#f3]_" msgstr "" -#: ../../sandbox-permissions.rst:187 +#: ../../sandbox-permissions.rst:194 msgid "``$XDG_DATA_HOME`` or ``$HOME/.local/share``" msgstr "" -#: ../../sandbox-permissions.rst:188 +#: ../../sandbox-permissions.rst:195 msgid "``xdg-run/path``" msgstr "" -#: ../../sandbox-permissions.rst:188 +#: ../../sandbox-permissions.rst:195 msgid "Access subdirectories of the XDG runtime directory" msgstr "" -#: ../../sandbox-permissions.rst:188 +#: ../../sandbox-permissions.rst:195 msgid "``$XDG_RUNTIME_DIR/path`` (``/run/user/$UID/path``)" msgstr "" -#: ../../sandbox-permissions.rst:191 +#: ../../sandbox-permissions.rst:198 msgid "" "Except ``host, host-etc, host-os`` paths can be added to all the above " "filesystem options. For example, ``--filesystem=xdg-documents/path``." msgstr "" -#: ../../sandbox-permissions.rst:194 +#: ../../sandbox-permissions.rst:201 msgid "Other filesystem access guidelines include:" msgstr "" -#: ../../sandbox-permissions.rst:196 +#: ../../sandbox-permissions.rst:203 msgid "" "The ``--persist=DIR`` option can be used to map directories from the " "user's home directory into the sandbox filesystem. This only works if the" @@ -592,7 +617,7 @@ msgid "" "includes ``home``." msgstr "" -#: ../../sandbox-permissions.rst:201 +#: ../../sandbox-permissions.rst:208 msgid "" "For example, if an application hardcodes the directory ``~/.foo``, " "without any ``home`` access and no ``--persist`` the directory will be " @@ -603,48 +628,48 @@ msgid "" "``~/.var/app/$FLATPAK_ID/.foo`` which would otherwise be lost." msgstr "" -#: ../../sandbox-permissions.rst:209 +#: ../../sandbox-permissions.rst:216 msgid "A ``--persist=.`` will `persist` all directories." msgstr "" -#: ../../sandbox-permissions.rst:211 +#: ../../sandbox-permissions.rst:218 msgid "" "This does not support ``:create, :ro, :rw`` suffixes or special values " "like ``xdg-documents``. However, the directory will be created by flatpak" " if it doesn't already exist." msgstr "" -#: ../../sandbox-permissions.rst:215 +#: ../../sandbox-permissions.rst:222 msgid "" "This makes it possible to avoid configuring access to the entire home " "directory, and can be useful for applications that hardcode file paths in" " ``~/``." msgstr "" -#: ../../sandbox-permissions.rst:218 +#: ../../sandbox-permissions.rst:225 msgid "" "If an application uses ``$TMPDIR`` to contain lock files you may want to " "add a wrapper script that sets it to ``$XDG_RUNTIME_DIR/app/$FLATPAK_ID``" " (tmpfs) or ``/var/tmp`` (persistent on host)." msgstr "" -#: ../../sandbox-permissions.rst:222 +#: ../../sandbox-permissions.rst:229 msgid "" "Retaining and sharing configuration with non-Flatpak installations is to " "be avoided." msgstr "" -#: ../../sandbox-permissions.rst:226 +#: ../../sandbox-permissions.rst:233 msgid "Reserved Paths" msgstr "" -#: ../../sandbox-permissions.rst:228 +#: ../../sandbox-permissions.rst:235 msgid "" "The following paths and subpaths of them are reserved and asking access " "to them with ``--filesystem`` will have no effect::" msgstr "" -#: ../../sandbox-permissions.rst:233 +#: ../../sandbox-permissions.rst:240 msgid "" "The entire ``/run`` is not allowed but all subpaths of ``/run`` except " "``/run/flatpak, /run/host`` are allowed to be exposed via " @@ -652,44 +677,46 @@ msgid "" "to ``../run``, exposing it or a subpath of it, is not allowed." msgstr "" -#: ../../sandbox-permissions.rst:238 +#: ../../sandbox-permissions.rst:245 msgid "" "Additionally the following directories from host need to be explicitly " "requested with ``--filesystem`` and are not available with ``home, host, " "host-os, host-etc`` by default:" msgstr "" -#: ../../sandbox-permissions.rst:242 +#: ../../sandbox-permissions.rst:249 msgid "" "``~/.var/app`` - The app can access only its own directory in " "``~/.var/app/$FLATPAK_ID``" msgstr "" -#: ../../sandbox-permissions.rst:243 +#: ../../sandbox-permissions.rst:250 msgid "``$XDG_DATA_HOME/flatpak`` (``~/.local/share/flatpak``)" msgstr "" -#: ../../sandbox-permissions.rst:244 +#: ../../sandbox-permissions.rst:251 msgid "``/boot``" msgstr "" -#: ../../sandbox-permissions.rst:245 +#: ../../sandbox-permissions.rst:252 msgid "``/efi``" msgstr "" -#: ../../sandbox-permissions.rst:246 +#: ../../sandbox-permissions.rst:253 msgid "``/root``" msgstr "" -#: ../../sandbox-permissions.rst:247 -msgid "``/sys``" +#: ../../sandbox-permissions.rst:254 +msgid "" +"``/sys`` - Only ``/sys/block, /sys/bus, /sys/class, /sys/dev, " +"/sys/devices`` are shared as read-only by default (if exists)" msgstr "" -#: ../../sandbox-permissions.rst:248 +#: ../../sandbox-permissions.rst:255 msgid "``/tmp``" msgstr "" -#: ../../sandbox-permissions.rst:249 +#: ../../sandbox-permissions.rst:256 #, python-brace-format msgid "" "``/var`` - Note that by default ``/var/{cache, config, data, tmp}`` " @@ -699,96 +726,96 @@ msgid "" "available." msgstr "" -#: ../../sandbox-permissions.rst:253 +#: ../../sandbox-permissions.rst:260 msgid "``/var/lib/flatpak`` - ``/var`` does not give access to this." msgstr "" -#: ../../sandbox-permissions.rst:256 +#: ../../sandbox-permissions.rst:263 msgid "Device access" msgstr "" -#: ../../sandbox-permissions.rst:257 +#: ../../sandbox-permissions.rst:264 msgid "You can provide the following device permissions:" msgstr "" -#: ../../sandbox-permissions.rst:260 +#: ../../sandbox-permissions.rst:267 msgid "``dri``" msgstr "" -#: ../../sandbox-permissions.rst:260 +#: ../../sandbox-permissions.rst:267 msgid "Direct Rendering Interface. Necessary for GL." msgstr "" -#: ../../sandbox-permissions.rst:261 +#: ../../sandbox-permissions.rst:268 msgid "``kvm``" msgstr "" -#: ../../sandbox-permissions.rst:261 +#: ../../sandbox-permissions.rst:268 msgid "Kernel based Virtual Machine ``/dev/kvm``" msgstr "" -#: ../../sandbox-permissions.rst:262 +#: ../../sandbox-permissions.rst:269 msgid "``shm``" msgstr "" -#: ../../sandbox-permissions.rst:262 +#: ../../sandbox-permissions.rst:269 msgid "Shared Memory in ``/dev/shm``." msgstr "" -#: ../../sandbox-permissions.rst:263 +#: ../../sandbox-permissions.rst:270 msgid "``input``" msgstr "" -#: ../../sandbox-permissions.rst:263 +#: ../../sandbox-permissions.rst:270 msgid "" "Input devices as exposed in ``/dev/input``. This includes game " "controllers. Since Flatpak 1.15.6." msgstr "" -#: ../../sandbox-permissions.rst:264 +#: ../../sandbox-permissions.rst:271 msgid "``usb``" msgstr "" -#: ../../sandbox-permissions.rst:264 +#: ../../sandbox-permissions.rst:271 msgid "Raw USB devices as exposed in ``/dev/bus/usb``. Since Flatpak 1.15.11." msgstr "" -#: ../../sandbox-permissions.rst:265 +#: ../../sandbox-permissions.rst:272 msgid "``all``" msgstr "" -#: ../../sandbox-permissions.rst:265 +#: ../../sandbox-permissions.rst:272 msgid "All devices, including all of the above except ``shm``" msgstr "" -#: ../../sandbox-permissions.rst:270 +#: ../../sandbox-permissions.rst:277 msgid "" "Using newer permissions like ``input`` or ``usb`` will have no effect on " "older Flatpak versions and will fail when used through Flatpak " "commandline." msgstr "" -#: ../../sandbox-permissions.rst:274 +#: ../../sandbox-permissions.rst:281 msgid "" "While not ideal, ``--device=all`` can be used to access devices like " "webcams, CD/DVD drives etc." msgstr "" -#: ../../sandbox-permissions.rst:278 +#: ../../sandbox-permissions.rst:285 msgid "USB portal" msgstr "" -#: ../../sandbox-permissions.rst:280 -msgid "Since 1.5.11." +#: ../../sandbox-permissions.rst:287 +msgid "Since 1.15.11." msgstr "" -#: ../../sandbox-permissions.rst:282 +#: ../../sandbox-permissions.rst:289 msgid "" "Sandboxed access to individual USB devices can be controlled by portals. " "Flatpak allows specifying enumerable USB devices to allow access." msgstr "" -#: ../../sandbox-permissions.rst:286 +#: ../../sandbox-permissions.rst:293 msgid "" "Like ``--device=usb``, this is just about accessing the raw USB device, " "that needs libusb (or equivalent). By using the portal, you can restrict " @@ -797,59 +824,59 @@ msgid "" "no reason for USB security devices to be accessible." msgstr "" -#: ../../sandbox-permissions.rst:293 +#: ../../sandbox-permissions.rst:300 msgid "" "A list of valid use cases includes scanners (handled, for example by " "SANE), photo cameras (handled by libgphoto2), flashing devices, etc." msgstr "" -#: ../../sandbox-permissions.rst:296 +#: ../../sandbox-permissions.rst:303 msgid "" "While this is portal dependent and ``xdg-desktop-portal`` is currently " "the only portal implementation, the overall permission flow is as " "follows:" msgstr "" -#: ../../sandbox-permissions.rst:300 +#: ../../sandbox-permissions.rst:307 msgid "" "The Flatpak package specifies the devices it wishes to enumerate through " "``finish-args``." msgstr "" -#: ../../sandbox-permissions.rst:302 +#: ../../sandbox-permissions.rst:309 msgid "" "The application requests the portal to enumerate the available USB " "devices based on that list. If the list is empty it will enumerate all " "USB devices." msgstr "" -#: ../../sandbox-permissions.rst:305 +#: ../../sandbox-permissions.rst:312 msgid "" "When the application wants to access the device, it will make a request " "for the device it wants to access via the portal." msgstr "" -#: ../../sandbox-permissions.rst:307 +#: ../../sandbox-permissions.rst:314 msgid "The portal then requests permission from the user if not already granted." msgstr "" -#: ../../sandbox-permissions.rst:309 +#: ../../sandbox-permissions.rst:316 msgid "" "If the permission was granted, a file descriptor for the device is passed" " back to the application." msgstr "" -#: ../../sandbox-permissions.rst:312 +#: ../../sandbox-permissions.rst:319 msgid "" "The application is then able to open the devices it is supposed to use " "while the others would be hidden." msgstr "" -#: ../../sandbox-permissions.rst:316 +#: ../../sandbox-permissions.rst:323 msgid "Specifying the enumerable devices" msgstr "" -#: ../../sandbox-permissions.rst:318 +#: ../../sandbox-permissions.rst:325 msgid "" "You can specify devices on the ``flatpak`` command line, and by extension" " in the finish arguments for Flatpak Builder. Enumerable devices are " @@ -860,17 +887,17 @@ msgid "" " shall not be enumerated." msgstr "" -#: ../../sandbox-permissions.rst:326 +#: ../../sandbox-permissions.rst:333 msgid "Queries are made out of rules. These rules are composable with ``+``." msgstr "" -#: ../../sandbox-permissions.rst:328 +#: ../../sandbox-permissions.rst:335 msgid "" "The rule ``all`` enumerates every USB device. There is no further rule " "allowed in the query." msgstr "" -#: ../../sandbox-permissions.rst:331 +#: ../../sandbox-permissions.rst:338 msgid "" "The ``vnd`` and ``dev`` rules specify a USB vendor and a USB device ID " "respectively. A vendor can be specified alone, but a device rule always " @@ -880,63 +907,63 @@ msgid "" "repository `_" msgstr "" -#: ../../sandbox-permissions.rst:338 +#: ../../sandbox-permissions.rst:345 msgid "" "``cls`` specifies the device USB class and subclass. Both class and " "subclass are two digit hex numbers separated by a colon ``:``. You can " "use ``*`` to specify any subclass within the class." msgstr "" -#: ../../sandbox-permissions.rst:342 +#: ../../sandbox-permissions.rst:349 msgid "Some examples of the syntax:" msgstr "" -#: ../../sandbox-permissions.rst:344 +#: ../../sandbox-permissions.rst:351 msgid "``vnd:1234``: Devices from vendor ``1234``" msgstr "" -#: ../../sandbox-permissions.rst:345 +#: ../../sandbox-permissions.rst:352 msgid "``vnd:1234+dev:3456``: Only device ``3456`` from vendor ``1234``." msgstr "" -#: ../../sandbox-permissions.rst:346 +#: ../../sandbox-permissions.rst:353 msgid "``vnd:1234+cls:06:*``: All the PTP devices from vendor ``1234``." msgstr "" -#: ../../sandbox-permissions.rst:347 +#: ../../sandbox-permissions.rst:354 msgid "``cls:06:*``: All the PTP devices." msgstr "" -#: ../../sandbox-permissions.rst:349 +#: ../../sandbox-permissions.rst:356 msgid "" "This permission only allows to enumerate devices. To open them, " "permission must be requested from the portal. It is not possible to open " "a device that is not enumerable." msgstr "" -#: ../../sandbox-permissions.rst:355 +#: ../../sandbox-permissions.rst:362 msgid "" "The ``--device=usb`` permission is broader than what the USB portal is " "supposed to provide and allows unfettered access to any USB device on the" " bus." msgstr "" -#: ../../sandbox-permissions.rst:359 +#: ../../sandbox-permissions.rst:366 msgid "In some situations you may need to specify a very long list of devices." msgstr "" -#: ../../sandbox-permissions.rst:361 +#: ../../sandbox-permissions.rst:368 msgid "Device lists can be passed in one single argument, or through a file." msgstr "" -#: ../../sandbox-permissions.rst:363 +#: ../../sandbox-permissions.rst:370 msgid "" "When using ``--usb-list``, the queries are separated by a semi-colon " "``;``, with queries for hidden devices (i.e. those that would be passed " "with ``--nousb``) prefixed with ``!``." msgstr "" -#: ../../sandbox-permissions.rst:367 +#: ../../sandbox-permissions.rst:374 msgid "" "When using ``--usb-list-file``, the filename of the file containing USB " "queries is passed line by line. Like with ``--usb-list`` queries for " @@ -946,24 +973,24 @@ msgid "" "list is persisted internally." msgstr "" -#: ../../sandbox-permissions.rst:375 +#: ../../sandbox-permissions.rst:382 msgid "dconf access" msgstr "" -#: ../../sandbox-permissions.rst:377 +#: ../../sandbox-permissions.rst:384 msgid "" "As of xdg-desktop-portal 1.1.0 and glib 2.60.5 (in the runtime) you do " "not need direct DConf access in most cases." msgstr "" -#: ../../sandbox-permissions.rst:380 +#: ../../sandbox-permissions.rst:387 msgid "" "As of now this glib version is included in " "``org.freedesktop.Platform//19.08`` and ``org.gnome.Platform//3.34`` and " "newer." msgstr "" -#: ../../sandbox-permissions.rst:383 +#: ../../sandbox-permissions.rst:390 msgid "" "If an application existed prior to these runtimes you can tell Flatpak " "(>= 1.3.4) to migrate the DConf settings on the host into the sandbox by " @@ -972,17 +999,17 @@ msgid "" " (case is ignored and ``_`` and ``-`` are treated equal)." msgstr "" -#: ../../sandbox-permissions.rst:390 +#: ../../sandbox-permissions.rst:397 msgid "" "If you are targeting older runtimes or require direct DConf access for " "other reasons you can use these permissions::" msgstr "" -#: ../../sandbox-permissions.rst:398 +#: ../../sandbox-permissions.rst:405 msgid "With those permissions glib will continue using dconf directly." msgstr "" -#: ../../sandbox-permissions.rst:400 +#: ../../sandbox-permissions.rst:407 msgid "" "If you use a newer runtime where dconf is no longer built and still need " "it you will have to build the `dconf " @@ -990,11 +1017,11 @@ msgid "" "``--env=GIO_EXTRA_MODULES=/app/lib/gio/modules/``." msgstr "" -#: ../../sandbox-permissions.rst:405 +#: ../../sandbox-permissions.rst:412 msgid "gvfs access" msgstr "" -#: ../../sandbox-permissions.rst:407 +#: ../../sandbox-permissions.rst:414 msgid "" "As of gvfs 1.48, the gvfs daemons and applications use an on-disk socket " "to communicate, rather than an abstract socket so that the gvfs " @@ -1002,47 +1029,47 @@ msgid "" "application's sandbox." msgstr "" -#: ../../sandbox-permissions.rst:411 +#: ../../sandbox-permissions.rst:418 msgid "" "A number of different options need to be passed depending on the " "application's use of gvfs." msgstr "" -#: ../../sandbox-permissions.rst:414 +#: ../../sandbox-permissions.rst:421 msgid "" "``--talk-name=org.gtk.vfs.*`` is necessary to talk to the gvfs daemons " "over D-Bus and list mounts using the GIO APIs." msgstr "" -#: ../../sandbox-permissions.rst:417 +#: ../../sandbox-permissions.rst:424 msgid "" "``--filesystem=xdg-run/gvfsd`` is necessary to use the GIO APIs to list " "and access non-native files using the GIO APIs, using URLs rather than " "FUSE paths." msgstr "" -#: ../../sandbox-permissions.rst:420 +#: ../../sandbox-permissions.rst:427 msgid "" "``--filesystem=xdg-run/gvfs`` is necessary to give access to the FUSE " "mounts non-GIO and legacy applications can use. This is what will make " "native files appear under ``/run/user/`id -u`/gvfs/``." msgstr "" -#: ../../sandbox-permissions.rst:424 +#: ../../sandbox-permissions.rst:431 msgid "Typical GNOME and GTK applications should use::" msgstr "" -#: ../../sandbox-permissions.rst:429 +#: ../../sandbox-permissions.rst:436 msgid "Typical non-GNOME and non-GTK applications should use::" msgstr "" -#: ../../sandbox-permissions.rst:433 +#: ../../sandbox-permissions.rst:440 msgid "" "No application should be using ``--talk-name=org.gtk.vfs`` in its " "manifest, as there are no D-Bus services named ``org.gtk.vfs``." msgstr "" -#: ../../sandbox-permissions.rst:436 +#: ../../sandbox-permissions.rst:443 msgid "" "These permission grants the app, the ability to communicate with the gvfs" " daemon and backends running on host. Depending on the backends installed" @@ -1058,11 +1085,11 @@ msgid "" "host." msgstr "" -#: ../../sandbox-permissions.rst:450 +#: ../../sandbox-permissions.rst:457 msgid "External drive access" msgstr "" -#: ../../sandbox-permissions.rst:452 +#: ../../sandbox-permissions.rst:459 msgid "" "External drives are mounted by the host system using systemd, udev, udisk" " fstab etc. and each of them can have different defaults. Flatpak has no " @@ -1070,30 +1097,156 @@ msgid "" "permissions should work in most cases::" msgstr "" -#: ../../sandbox-permissions.rst:461 +#: ../../sandbox-permissions.rst:468 msgid "" "If ``--filesystem=host`` is used ``/media, /run/media`` is shared " "automatically if they exist." msgstr "" -#: ../../sandbox-permissions.rst:464 +#: ../../sandbox-permissions.rst:471 msgid "" "Note that these should not have subpaths in them unless the value of the " "subpath can be consistently pre-determined. Block device naming depends " "on the kernel/fstab configuration and cannot be pre-determined." msgstr "" -#: ../../sandbox-permissions.rst:469 +#: ../../sandbox-permissions.rst:476 +#, fuzzy +msgid "Conditional permissions" +msgstr "샌드박스 권한" + +#: ../../sandbox-permissions.rst:478 +msgid "" +"Since 1.17.0, Flatpak supports conditional permissions which allows them " +"to be granted only when certain runtime conditions are satisfied and " +"fallback otherwise. The intention of the system is to allow users or " +"developers to specify tighter permission grants (as they are added in new" +" Flatpak versions) while fallback to older grants for backwards " +"compatibility at run time." +msgstr "" + +#: ../../sandbox-permissions.rst:487 +msgid "" +"Older Flatpak versions will fail when encountering unknown commandline " +"options, while unrecognized metadata entries will be silently ignored." +msgstr "" + +#: ../../sandbox-permissions.rst:491 +msgid "" +"Flatpak manifests using conditional flags (for example, ``--socket-if=`` " +"etc.) will require Flatpak 1.17.0 or newer to build and attempting to " +"build them with older Flatpak versions will produce an error." +msgstr "" + +#: ../../sandbox-permissions.rst:496 +msgid "" +"The following flags are available to specify conditional permissions in " +"CLI and in Flatpak manifests::" +msgstr "" + +#: ../../sandbox-permissions.rst:504 +msgid "" +"The syntax of all the options are ``--socket-if=PERMISSION:CONDITION`` " +"and so on where ``PERMISSION`` is the available grants for that flag " +"(e.g., those listed for ``--socket=``). Conditions can be negated by " +"prefixing with ``!``. The following conditions are supported:" +msgstr "" + +#: ../../sandbox-permissions.rst:509 +msgid "``true`` - Always evaluates to true" +msgstr "" + +#: ../../sandbox-permissions.rst:510 +msgid "``false``- Always evaluates to false" +msgstr "" + +#: ../../sandbox-permissions.rst:511 +msgid "" +"``has-input-device`` - True if the Flatpak version supports " +"``--device=input``" +msgstr "" + +#: ../../sandbox-permissions.rst:513 +msgid "``has-wayland`` - True if the current desktop session supports Wayland" +msgstr "" + +#: ../../sandbox-permissions.rst:516 +msgid "" +"Multiple conditionals can be specified for the same grant, in which case " +"the permission is granted if any condition matches. If no conditional " +"rule evaluates to ``true``, the grant is denied unless it is also " +"unconditionally allowed. Duplicate conditions are ignored." +msgstr "" + +#: ../../sandbox-permissions.rst:523 +msgid "Examples" +msgstr "" + +#: ../../sandbox-permissions.rst:525 +msgid "" +"The unconditional grant ``--socket=x11`` can be tightened using " +"conditional permissions to ``--socket-if=x11:!has-wayland``. This allows " +"access to X11 only when a Wayland desktop session is not available. To " +"preserve backwards compatibility, the following pattern can be used::" +msgstr "" + +#: ../../sandbox-permissions.rst:534 +msgid "" +"This allows older Flatpak versions which do not understand the " +"conditional permissions function by allowing X11 access always while " +"newer Flatpak, which understands the conditional system will allow X11 " +"access only when the session is not Wayland." +msgstr "" + +#: ../../sandbox-permissions.rst:539 +msgid "" +"If an application requires only access to ``input`` device permission, " +"the following flags can be used to move away from ``--device=all`` to " +"``--device=input``::" +msgstr "" + +#: ../../sandbox-permissions.rst:547 +msgid "" +"This allows older Flatpak versions which do not understand the ``input`` " +"device permission to function by having the broader ``all`` access. Newer" +" Flatpak versions which understand the conditional system (and therefore " +"understands the ``input`` permission) will deny ``all`` due to " +"``--device-if=all:!has-input-device`` and allow only ``input`` due to " +"``--device=input``." +msgstr "" + +#: ../../sandbox-permissions.rst:555 +msgid "" +"To explicitly deny a permission that might be granted through runtime " +"metadata or overrides ``--nosocket=NAME, --unshare=NAME`` etc. can be " +"used::" +msgstr "" + +#: ../../sandbox-permissions.rst:561 +msgid "" +"This denial can be combined with conditional grants to remove " +"unconditional access while allowing conditional access::" +msgstr "" + +#: ../../sandbox-permissions.rst:568 +msgid "" +"This denies unconditional X11 access but allows X11 conditionally when " +"Wayland is unavailable. Older Flatpak versions will see only the final " +"``--socket=x11`` grant and allow X11 unconditionally, while newer " +"versions recognise the conditional logic and evaluates it at runtime." +msgstr "" + +#: ../../sandbox-permissions.rst:574 msgid "Footnotes" msgstr "" -#: ../../sandbox-permissions.rst:470 +#: ../../sandbox-permissions.rst:575 msgid "" "This is not necessarily required, but without it the X11 shared memory " "extension will not work, which is very bad for X11 performance." msgstr "" -#: ../../sandbox-permissions.rst:472 +#: ../../sandbox-permissions.rst:577 msgid "" "Giving network access also grants access to all host services listening " "on abstract Unix sockets (due to how network namespaces work), and these " @@ -1102,7 +1255,7 @@ msgid "" "secure distribution should disable these and just use regular sockets." msgstr "" -#: ../../sandbox-permissions.rst:477 +#: ../../sandbox-permissions.rst:582 #, python-brace-format msgid "" "``xdg-{cache, config, data}`` bind mounts the paths from host to the per-" @@ -1449,3 +1602,16 @@ msgstr "" #~ msgid "``--socket=ssh-auth``- Allow access to ``$SSH_AUTH_SOCK``" #~ msgstr "" +#~ msgid "" +#~ "Access to ``/home, /media, /opt, " +#~ "/run/media, /srv`` and everything provided " +#~ "by ``host-os, host-etc`` mounted " +#~ "in ``/run/host``" +#~ msgstr "" + +#~ msgid "``/sys``" +#~ msgstr "" + +#~ msgid "Since 1.5.11." +#~ msgstr "" + diff --git a/po/ko/LC_MESSAGES/under-the-hood.po b/po/ko/LC_MESSAGES/under-the-hood.po index 323ffc74..b36c722b 100644 --- a/po/ko/LC_MESSAGES/under-the-hood.po +++ b/po/ko/LC_MESSAGES/under-the-hood.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-09-26 16:32-0300\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2018-05-20 10:37-0400\n" "Last-Translator: Copied by Zanata \n" "Language: ko\n" @@ -17,7 +17,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.16.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../under-the-hood.rst:2 msgid "Under the Hood" @@ -99,51 +99,195 @@ msgid "" msgstr "" #: ../../under-the-hood.rst:51 -msgid "Underlying technologies" +msgid "Conditional permission system" msgstr "" #: ../../under-the-hood.rst:53 +msgid "" +"Since Flatpak 1.17.0, conditional permissions allow permissions to be " +"granted only when certain runtime conditions are satisfied, with fallback" +" to unconditional grants for compatibility with older versions." +msgstr "" + +#: ../../under-the-hood.rst:57 +msgid "Permissions are internally represented as:" +msgstr "" + +#: ../../under-the-hood.rst:59 +msgid "unconditionally allowed or denied" +msgstr "" + +#: ../../under-the-hood.rst:60 +msgid "" +"a reset flag indicating whether the current layer overrides rules from " +"lower layers" +msgstr "" + +#: ../../under-the-hood.rst:62 +msgid "a set of conditional rules under which the permission may be allowed" +msgstr "" + +#: ../../under-the-hood.rst:64 +msgid "For example:" +msgstr "" + +#: ../../under-the-hood.rst:66 +msgid "" +"``--socket=NAME`` unconditionally allows the permission and resets any " +"previously defined rules for that permission" +msgstr "" + +#: ../../under-the-hood.rst:68 +msgid "" +"``--nosocket=NAME`` unconditionally denies the permission and resets any " +"previously defined rules" +msgstr "" + +#: ../../under-the-hood.rst:70 +msgid "" +"``--socket-if=NAME:CONDITION`` adds a conditional rule without resetting " +"existing rules" +msgstr "" + +#: ../../under-the-hood.rst:73 +msgid "Conditions may be negated using ``!``." +msgstr "" + +#: ../../under-the-hood.rst:75 +msgid "" +"Multiple conditional rules can be specified for the same permission. In " +"this case, the permission is granted if any condition evaluates to true." +msgstr "" + +#: ../../under-the-hood.rst:78 +msgid "" +"Duplicate conditions are ignored. The order of conditions does not affect" +" evaluation." +msgstr "" + +#: ../../under-the-hood.rst:81 +msgid "" +"If no conditional rules are present, the permission is granted only if it" +" is unconditionally allowed." +msgstr "" + +#: ../../under-the-hood.rst:84 +msgid "" +"If conditional rules are present, the permission is granted if any " +"condition evaluates to true, and denied otherwise, unless it is also " +"unconditionally allowed." +msgstr "" + +#: ../../under-the-hood.rst:88 +msgid "" +"If an unconditional entry follows a conditional entry for the same grant " +"in commandline flags, the earlier unconditional entry is treated as " +"backwards compatibility fallback and does not affect the final permission" +" state. So the following is effectively treated as ``--socket-if=x11" +":!has-wayland`` in Flatpak versions supporting conditional permissions::" +msgstr "" + +#: ../../under-the-hood.rst:98 +msgid "Permissions are written to metadata using the following rules:" +msgstr "" + +#: ../../under-the-hood.rst:100 +msgid "Unconditionally allowed permissions are written as ``NAME``" +msgstr "" + +#: ../../under-the-hood.rst:101 +msgid "Unconditionally denied permissions are written as ``!NAME``" +msgstr "" + +#: ../../under-the-hood.rst:102 +msgid "Conditionally allowed permissions are written as:" +msgstr "" + +#: ../../under-the-hood.rst:104 +msgid "unconditional ``NAME`` entry for compat" +msgstr "" + +#: ../../under-the-hood.rst:105 +msgid "``if:NAME:CONDITION`` entries" +msgstr "" + +#: ../../under-the-hood.rst:107 +msgid "" +"If the permission resets previously defined rules, an explicit ``!NAME`` " +"entry is written first, followed by the unconditional ``NAME`` entry and " +"then the ``if:NAME:CONDITION`` entries. This is omitted when saving an " +"application's own metadata, as opposed to overrides." +msgstr "" + +#: ../../under-the-hood.rst:112 +msgid "" +"When parsing metadata, a non-negated unconditional ``NAME`` entry " +"appearing before a ``if:NAME:CONDITION`` entry is treated as a " +"compatibility fallback and does not affect the final permission state. " +"Eg. ``sockets=x11;if:x11:!has-wayland;`` is effectively treated as " +"``if:x11:!has-wayland`` in Flatpak versions supporting conditional " +"permissions." +msgstr "" + +#: ../../under-the-hood.rst:119 +msgid "" +"The ``fallback-x11`` socket, on pre-1.17 Flatpak versions implicitly " +"granted ``x11`` access and at runtime X11 access was suppressed when " +"Wayland was available, while on newer Flatpak (1.17+) it is internally " +"converted to the conditional syntax ``if:x11:!has-wayland``. When saving " +"the metadata, Flatpak converts ``if:x11:!has-wayland`` back to " +"``fallback-x11`` only when it is the sole conditional on ``x11``. If " +"additional conditionals are present, the new syntax is written directly " +"and older Flatpak versions will not understand the conditional entries. A" +" conditional grant for ``fallback-x11`` is not allowed." +msgstr "" + +#: ../../under-the-hood.rst:130 +msgid "Underlying technologies" +msgstr "" + +#: ../../under-the-hood.rst:132 msgid "Flatpak utilises a number of pre-existing technologies. These include:" msgstr "" -#: ../../under-the-hood.rst:55 +#: ../../under-the-hood.rst:134 msgid "" "The `bubblewrap `_ utility from" " `Project Atomic `_, which lets unprivileged " "users set up and run containers, using kernel features such as:" msgstr "" -#: ../../under-the-hood.rst:59 +#: ../../under-the-hood.rst:138 msgid "Namespaces" msgstr "" -#: ../../under-the-hood.rst:60 +#: ../../under-the-hood.rst:139 msgid "Bind mounts" msgstr "" -#: ../../under-the-hood.rst:61 +#: ../../under-the-hood.rst:140 msgid "Seccomp rules" msgstr "" -#: ../../under-the-hood.rst:63 +#: ../../under-the-hood.rst:142 msgid "" "`systemd `_ to set up" " cgroups for sandboxes" msgstr "" -#: ../../under-the-hood.rst:65 +#: ../../under-the-hood.rst:144 msgid "" "`D-Bus `_, a well-" "established way to provide high-level APIs to applications" msgstr "" -#: ../../under-the-hood.rst:67 +#: ../../under-the-hood.rst:146 msgid "" "The `OSTree `__ system for " "versioning and distributing filesystem trees" msgstr "" -#: ../../under-the-hood.rst:69 +#: ../../under-the-hood.rst:148 msgid "" "The OCI format from the `Open Container Initiative " "`_, as an alternative to OSTree used by the " @@ -151,11 +295,11 @@ msgid "" "fedora-now-live/>`__" msgstr "" -#: ../../under-the-hood.rst:73 +#: ../../under-the-hood.rst:152 msgid "Flatpak can use either OSTree or OCI for single-file bundles." msgstr "" -#: ../../under-the-hood.rst:74 +#: ../../under-the-hood.rst:153 msgid "" "`Appstream `_ " "metadata, to allow Flatpak applications to show up nicely in software " diff --git a/po/pt_BR/LC_MESSAGES/available-runtimes.po b/po/pt_BR/LC_MESSAGES/available-runtimes.po index 45336236..477c32bd 100644 --- a/po/pt_BR/LC_MESSAGES/available-runtimes.po +++ b/po/pt_BR/LC_MESSAGES/available-runtimes.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: https://github.com/flatpak/flatpak-docs/issues\n" -"POT-Creation-Date: 2024-12-01 08:17+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2022-09-29 12:02-0300\n" "Last-Translator: Rafael Fontenelle \n" "Language: pt_BR\n" @@ -17,7 +17,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.16.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../available-runtimes.rst:2 msgid "Available Runtimes" @@ -173,7 +173,7 @@ msgid "" "Major version releases of the runtime are synced with `GNOME releases " "`_ and are announced on `GNOME " "Discourse `_. Usually a " -"given branch of the runtime is supported for an year and EOL-ed upon the " +"given branch of the runtime is supported for a year and EOL-ed upon the " "release of a newstable version." msgstr "" @@ -489,3 +489,15 @@ msgstr "" #~ " ``io.elementary.Platform``" #~ msgstr "" +#~ msgid "" +#~ "Major version releases of the runtime" +#~ " are synced with `GNOME releases " +#~ "`_ and are " +#~ "announced on `GNOME Discourse " +#~ "`_. Usually " +#~ "a given branch of the runtime is" +#~ " supported for an year and EOL-" +#~ "ed upon the release of a newstable" +#~ " version." +#~ msgstr "" + diff --git a/po/pt_BR/LC_MESSAGES/electron.po b/po/pt_BR/LC_MESSAGES/electron.po index 80c2cc74..5e5922cd 100644 --- a/po/pt_BR/LC_MESSAGES/electron.po +++ b/po/pt_BR/LC_MESSAGES/electron.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: https://github.com/flatpak/flatpak-docs/issues\n" -"POT-Creation-Date: 2025-03-13 09:30+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2022-09-29 14:47-0300\n" "Last-Translator: Rafael Fontenelle \n" "Language: pt_BR\n" @@ -17,7 +17,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../electron.rst:2 msgid "Electron" @@ -48,13 +48,13 @@ msgstr "" "usá-lo." #: ../../electron.rst:13 +#, fuzzy msgid "" "The guide walks through the `manifest file `_ of the `sample Electron Flatpak application " -"`_. Before you start, it " -"is a good idea to take a look at this, either online or by downloading " -"the application." +"/electron-sample-app/blob/master/org.flathub.electron-sample-app.yml>`_ " +"of the `sample Electron Flatpak application `_. Before you start, it is a good idea to take a " +"look at this, either online or by downloading the application." msgstr "" "O guia percorre o `arquivo de manifesto =20, the " "``--ozone-platform-hint=auto`` flag can be passed to the program. `auto` " @@ -219,31 +218,31 @@ msgid "" " Xwayland or X11 otherwise." msgstr "" -#: ../../electron.rst:131 +#: ../../electron.rst:130 msgid "" "It's recommended to leave actually `enabling` Wayland up to the user for " "now, i.e. set ``--socket=x11`` in the manifest. Wayland can then be " "tested with::" msgstr "" -#: ../../electron.rst:137 +#: ../../electron.rst:136 msgid "Enable native Wayland support by default" msgstr "" -#: ../../electron.rst:141 +#: ../../electron.rst:140 msgid "" "Native Wayland support in Electron is still experimental and often " "unstable. It is advised to stick with the X11/Xwayland configuration " "above as the default." msgstr "" -#: ../../electron.rst:145 +#: ../../electron.rst:144 msgid "" "To make native Wayland the `default` for users, ``--socket=fallback-x11``" " and ``--socket=wayland`` must be used in the manifest." msgstr "" -#: ../../electron.rst:148 +#: ../../electron.rst:147 msgid "" "For Electron versions between 17 and 27, client-side window decorations " "under native Wayland can be enabled by passing ``--enable-" @@ -251,7 +250,7 @@ msgid "" " Electron , this isn't necessary anymore." msgstr "" -#: ../../electron.rst:153 +#: ../../electron.rst:152 msgid "" "Electron uses ``libnotify`` on Linux to provide desktop notifications. " "`Since version 0.8.0 " @@ -264,18 +263,18 @@ msgid "" "``libnotify>=0.8.0`` since ``branch/23.08``." msgstr "" -#: ../../electron.rst:160 +#: ../../electron.rst:159 msgid "" "To ensure proper mouse cursor scaling on HiDPI displays under Wayland, " "the ``XCURSOR_PATH`` environment variable must be set to the host's " "corresponding directories:" msgstr "" -#: ../../electron.rst:172 +#: ../../electron.rst:171 msgid "Using correct desktop file name" msgstr "" -#: ../../electron.rst:174 +#: ../../electron.rst:173 #, python-brace-format msgid "" "It's important for Linux applications to set the correct desktop file " @@ -287,15 +286,16 @@ msgid "" "\"com.example.MyApp.desktop\"``." msgstr "" -#: ../../electron.rst:178 +#: ../../electron.rst:177 #, python-brace-format msgid "" -"In case you repack a binary, you can use the ``patch-desktop-filename`` " -"script provided by the BaseApp. Each Electron binary ships with " -"``resources/app.asar`` file. You need to call ``patch-desktop-filename`` " -"with this file as argument. If your application is installed under " -"``${FLATPAK_DEST}/my-app`` you need to run ``patch-desktop-filename " -"${FLATPAK_DEST}/my-app/resources/app.asar``." +"In case you repack a binary, you can use the `patch-electron-desktop-" +"filename `_ tool included in the BaseApp. Each Electron binary ships " +"with ``resources/app.asar`` file. You need to call ``patch-desktop-" +"filename`` with this file as argument. If your application is installed " +"under ``${FLATPAK_DEST}/my-app`` you need to run ``patch-desktop-filename" +" ${FLATPAK_DEST}/my-app/resources/app.asar``." msgstr "" #: ../../electron.rst:183 @@ -645,3 +645,17 @@ msgstr "" #~ "``branch/23.08`` comes with ``libnotify>=0.8.0``" #~ msgstr "" +#~ msgid "" +#~ "In case you repack a binary, you" +#~ " can use the ``patch-desktop-" +#~ "filename`` script provided by the " +#~ "BaseApp. Each Electron binary ships with" +#~ " ``resources/app.asar`` file. You need to" +#~ " call ``patch-desktop-filename`` with " +#~ "this file as argument. If your " +#~ "application is installed under " +#~ "``${FLATPAK_DEST}/my-app`` you need to " +#~ "run ``patch-desktop-filename ${FLATPAK_DEST" +#~ "}/my-app/resources/app.asar``." +#~ msgstr "" + diff --git a/po/pt_BR/LC_MESSAGES/extension.po b/po/pt_BR/LC_MESSAGES/extension.po index 28fda0fb..68ea6b86 100644 --- a/po/pt_BR/LC_MESSAGES/extension.po +++ b/po/pt_BR/LC_MESSAGES/extension.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-08-31 14:40+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: pt_BR\n" @@ -18,7 +18,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../extension.rst:2 msgid "Extensions" @@ -62,14 +62,14 @@ msgstr "" #: ../../extension.rst:25 msgid "" "``.Debug, .Locale, .Sources`` extensions created by Flatpak builder do " -"not need to be specified manually. These are automaitcally created and " +"not need to be specified manually. These are automatically created and " "loaded if installed." msgstr "" #: ../../extension.rst:29 msgid "" "Note that, ``.Locale`` extensions are by default only partially installed" -" (only for the configued languages) by Flatpak. To install the full " +" (only for the configured languages) by Flatpak. To install the full " "locale extension ``flatpak update --subpath= $FLATPAK_ID.Locale`` can be " "used." msgstr "" @@ -330,7 +330,7 @@ msgstr "" #: ../../extension.rst:218 msgid "" "Some extensions are installed automatically by the runtime based on " -"certain conditions and these do not need be added to application " +"certain conditions and these do not need to be added to application " "manifests. Please see below for the purpose of extensions or extension " "points defined in the runtime. Similarly extensions created by Flatpak " "builder like ``.Locale, .Debug`` also do not need to be in application " @@ -991,3 +991,33 @@ msgstr "" #~ "````org.kde.Platform//5.15-24.08`` is ``24.08``." #~ msgstr "" +#~ msgid "" +#~ "``.Debug, .Locale, .Sources`` extensions " +#~ "created by Flatpak builder do not " +#~ "need to be specified manually. These " +#~ "are automaitcally created and loaded if" +#~ " installed." +#~ msgstr "" + +#~ msgid "" +#~ "Note that, ``.Locale`` extensions are by" +#~ " default only partially installed (only " +#~ "for the configued languages) by Flatpak." +#~ " To install the full locale extension" +#~ " ``flatpak update --subpath= $FLATPAK_ID.Locale``" +#~ " can be used." +#~ msgstr "" + +#~ msgid "" +#~ "Some extensions are installed automatically" +#~ " by the runtime based on certain " +#~ "conditions and these do not need " +#~ "be added to application manifests. " +#~ "Please see below for the purpose " +#~ "of extensions or extension points " +#~ "defined in the runtime. Similarly " +#~ "extensions created by Flatpak builder " +#~ "like ``.Locale, .Debug`` also do not " +#~ "need to be in application manifest." +#~ msgstr "" + diff --git a/po/pt_BR/LC_MESSAGES/flatpak-devel.po b/po/pt_BR/LC_MESSAGES/flatpak-devel.po index 32a87ba8..22905b3a 100644 --- a/po/pt_BR/LC_MESSAGES/flatpak-devel.po +++ b/po/pt_BR/LC_MESSAGES/flatpak-devel.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-06-30 14:59+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: pt_BR\n" @@ -18,7 +18,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../flatpak-devel.rst:2 msgid "Flatpak as a developer platform" @@ -59,7 +59,7 @@ msgstr "" #: ../../flatpak-devel.rst:23 msgid "" -"`Flatpak Github Actions `_ can be used for GitHub." msgstr "" @@ -349,3 +349,9 @@ msgstr "" #~ msgid "Parallel nigthly and stable applications" #~ msgstr "" +#~ msgid "" +#~ "`Flatpak Github Actions `_ can " +#~ "be used for GitHub." +#~ msgstr "" + diff --git a/po/pt_BR/LC_MESSAGES/module-sources.po b/po/pt_BR/LC_MESSAGES/module-sources.po index fcfe107b..0f3c0295 100644 --- a/po/pt_BR/LC_MESSAGES/module-sources.po +++ b/po/pt_BR/LC_MESSAGES/module-sources.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-12-01 08:05+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: pt_BR\n" @@ -18,7 +18,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.16.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../module-sources.rst:2 msgid "Module Sources" @@ -420,6 +420,7 @@ msgid "" msgstr "" #: ../../module-sources.rst:475 +#, python-brace-format msgid "" "The last line creates an empty symlink from ``${FLATPAK_DEST}/extra/`` to" " ``${FLATPAK_DEST}/bin/`` so that the executable is found in ``$PATH`` " @@ -448,6 +449,7 @@ msgid "" msgstr "" #: ../../module-sources.rst:499 +#, python-brace-format msgid "" "The commands needed to extract the snap are specified in the " "``apply_extra`` script. These can be any shell commands that run when " @@ -504,7 +506,7 @@ msgstr "" #: ../../module-sources.rst:573 msgid "" "``path`` should be the path of the local directory relative to the " -"manifest root path, whoose contents will be copied during build." +"manifest root path, whose contents will be copied during build." msgstr "" #: ../../module-sources.rst:587 @@ -516,3 +518,10 @@ msgid "" "them." msgstr "" +#~ msgid "" +#~ "``path`` should be the path of the" +#~ " local directory relative to the " +#~ "manifest root path, whoose contents will" +#~ " be copied during build." +#~ msgstr "" + diff --git a/po/pt_BR/LC_MESSAGES/sandbox-permissions.po b/po/pt_BR/LC_MESSAGES/sandbox-permissions.po index 8e880f15..0e4dfa19 100644 --- a/po/pt_BR/LC_MESSAGES/sandbox-permissions.po +++ b/po/pt_BR/LC_MESSAGES/sandbox-permissions.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: https://github.com/flatpak/flatpak-docs/issues\n" -"POT-Creation-Date: 2025-08-31 14:40+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2023-05-31 14:38-0300\n" "Last-Translator: Rafael Fontenelle \n" "Language: pt_BR\n" @@ -17,7 +17,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../sandbox-permissions.rst:2 msgid "Sandbox Permissions" @@ -281,7 +281,17 @@ msgid "" "clients or SSH frontends." msgstr "" -#: ../../sandbox-permissions.rst:105 +#: ../../sandbox-permissions.rst:102 +msgid "" +"``--socket=inherit-wayland-socket`` - Inherit the ``$WAYLAND_SOCKET`` " +"environment variable from the parent process (for example, the " +"compositor). This is not commonly needed unless the application needs " +"access to the parent process’ Wayland state. Input method applications " +"may need this. It’s a very sensitive permission as it prevents Wayland " +"client state from being sandboxed." +msgstr "" + +#: ../../sandbox-permissions.rst:111 msgid "" "Applications that do not support native Wayland should use only " "``--socket=x11`` and applications that do, should use " @@ -290,17 +300,17 @@ msgid "" "Wayland sessions of the desktop environment." msgstr "" -#: ../../sandbox-permissions.rst:111 +#: ../../sandbox-permissions.rst:117 #, fuzzy msgid "``--socket=wayland`` - Show windows with Wayland" msgstr "``--socket=wayland`` – mostra janelas com Wayland" -#: ../../sandbox-permissions.rst:112 +#: ../../sandbox-permissions.rst:118 #, fuzzy msgid "``--socket=x11`` - Show windows using X11" msgstr "``--socket=x11`` – mostra janelas usando X11" -#: ../../sandbox-permissions.rst:113 +#: ../../sandbox-permissions.rst:119 #, fuzzy msgid "" "``--socket=fallback-x11`` - Show windows using X11, if Wayland is not " @@ -311,11 +321,11 @@ msgstr "" "estiver disponível, substitui a permissão de soquete ``x11``. Observe que" " você ainda deve usar ``--socket=wayland`` para permissão de wayland" -#: ../../sandbox-permissions.rst:118 +#: ../../sandbox-permissions.rst:124 msgid "D-Bus access" msgstr "Acesso a D-Bus" -#: ../../sandbox-permissions.rst:120 +#: ../../sandbox-permissions.rst:126 msgid "" "D-Bus access is filtered by default. The default policy for the session " "bus only allows the application to own its own namespace named by " @@ -327,7 +337,7 @@ msgid "" "``org.freedesktop.portal.*``." msgstr "" -#: ../../sandbox-permissions.rst:128 +#: ../../sandbox-permissions.rst:134 #, fuzzy msgid "" "Access to the entire bus with ``--socket=system-bus`` or ``--socket" @@ -338,37 +348,37 @@ msgstr "" "=session-bus`` deve ser evitado, a menos que o aplicativo seja uma " "ferramenta de desenvolvimento." -#: ../../sandbox-permissions.rst:133 +#: ../../sandbox-permissions.rst:139 msgid "" "``flatpak run --log-session-bus $FLATPAK_ID`` can be used to find the " "specific D-Bus permissions needed. See :ref:`debugging:Audit session or " "system bus traffic` for more information." msgstr "" -#: ../../sandbox-permissions.rst:137 +#: ../../sandbox-permissions.rst:143 msgid "**Ownership**" msgstr "**Propriedade**" -#: ../../sandbox-permissions.rst:139 +#: ../../sandbox-permissions.rst:145 msgid "" "Any ownership beyond what is granted by default ie. own namespace and " "``org.mpris.MediaPlayer2.$FLATPAK_ID`` is typically unnecessary although " "there can be exceptions." msgstr "" -#: ../../sandbox-permissions.rst:143 +#: ../../sandbox-permissions.rst:149 msgid "**Talk**" msgstr "**Conversa**" -#: ../../sandbox-permissions.rst:145 +#: ../../sandbox-permissions.rst:151 msgid "It is recommended to use the minimum required talk-name permissions." msgstr "" -#: ../../sandbox-permissions.rst:148 +#: ../../sandbox-permissions.rst:154 msgid "Filesystem access" msgstr "Acesso ao sistema de arquivos" -#: ../../sandbox-permissions.rst:150 +#: ../../sandbox-permissions.rst:156 #, fuzzy msgid "" "As a general rule, static and permanent filesystem access should be " @@ -377,7 +387,7 @@ msgstr "" "Como regra geral, o acesso ao sistema de arquivos deve ser limitado o " "máximo possível. Isso inclui o uso de:" -#: ../../sandbox-permissions.rst:153 +#: ../../sandbox-permissions.rst:159 msgid "" "Using portals as an alternative to blanket filesystem access, wherever " "possible." @@ -385,267 +395,282 @@ msgstr "" "Usar portais como uma alternativa ao acesso geral ao sistema de arquivos," " sempre que possível" -#: ../../sandbox-permissions.rst:155 +#: ../../sandbox-permissions.rst:161 msgid "Using read-only access wherever possible, using the ``:ro`` option." msgstr "Usar acesso somente leitura sempre que possível, usando a opção ``:ro``." -#: ../../sandbox-permissions.rst:156 +#: ../../sandbox-permissions.rst:162 msgid "" "Using :ref:`conventions:XDG base directories` to store application's " "cache, config and state. Then no additional filesystem access would be " "required." msgstr "" -#: ../../sandbox-permissions.rst:159 +#: ../../sandbox-permissions.rst:165 msgid "" "Avoiding full home access and instead using XDG directories such as " "``xdg-music`` or ``xdg-download`` etc." msgstr "" -#: ../../sandbox-permissions.rst:162 +#: ../../sandbox-permissions.rst:168 msgid "The following permission options are available:" msgstr "" -#: ../../sandbox-permissions.rst:164 +#: ../../sandbox-permissions.rst:170 msgid "``:ro`` - read-only access" msgstr "" -#: ../../sandbox-permissions.rst:165 +#: ../../sandbox-permissions.rst:171 msgid "" "``:create`` - read/write access, and create the directory if it doesn't " "exist" msgstr "" -#: ../../sandbox-permissions.rst:168 +#: ../../sandbox-permissions.rst:174 msgid "Additionally the following permissions are available:" msgstr "" -#: ../../sandbox-permissions.rst:171 +#: ../../sandbox-permissions.rst:177 +msgid "``host-root``" +msgstr "" + +#: ../../sandbox-permissions.rst:177 +msgid "" +"Complete host operating system with no exclusions mounted at " +"``/run/host/root`` inside the sandbox. (v1.17.0+)" +msgstr "" + +#: ../../sandbox-permissions.rst:178 msgid "``host``" msgstr "" -#: ../../sandbox-permissions.rst:171 +#: ../../sandbox-permissions.rst:178 msgid "" -"Access to ``/home, /media, /opt, /run/media, /srv`` and everything " -"provided by ``host-os, host-etc`` mounted in ``/run/host``" +"Access to all toplevel paths and subpaths of ``/`` except some reserved " +"paths listed below." msgstr "" -#: ../../sandbox-permissions.rst:171 ../../sandbox-permissions.rst:175 -#: ../../sandbox-permissions.rst:176 -msgid "Includes any subpaths" +#: ../../sandbox-permissions.rst:178 +msgid "" +"Paths provided by ``host-etc, host-os`` are mounted at ``/run/host`` as " +"explained below." msgstr "" -#: ../../sandbox-permissions.rst:172 +#: ../../sandbox-permissions.rst:179 msgid "``host-etc``" msgstr "" -#: ../../sandbox-permissions.rst:172 +#: ../../sandbox-permissions.rst:179 msgid "Host's ``/etc``" msgstr "" -#: ../../sandbox-permissions.rst:172 +#: ../../sandbox-permissions.rst:179 msgid "Host's ``/etc`` is mounted at ``/run/host/etc``" msgstr "" -#: ../../sandbox-permissions.rst:173 +#: ../../sandbox-permissions.rst:180 msgid "``host-os``" msgstr "" -#: ../../sandbox-permissions.rst:173 +#: ../../sandbox-permissions.rst:180 #, python-brace-format msgid "" "Host's ``/usr, /bin, /sbin, /lib{32, 64}, /etc/ld.so.cache, " "/etc/alternatives``" msgstr "" -#: ../../sandbox-permissions.rst:173 +#: ../../sandbox-permissions.rst:180 msgid "Mounted at ``/run/host``" msgstr "" -#: ../../sandbox-permissions.rst:174 +#: ../../sandbox-permissions.rst:181 msgid "``home``" msgstr "" -#: ../../sandbox-permissions.rst:174 +#: ../../sandbox-permissions.rst:181 #, fuzzy msgid "Access the home directory" msgstr "``--filesystem=home`` – acessa a pasta pessoal (home) do usuário" -#: ../../sandbox-permissions.rst:174 +#: ../../sandbox-permissions.rst:181 msgid "Except ``~/.var/app``" msgstr "" -#: ../../sandbox-permissions.rst:175 +#: ../../sandbox-permissions.rst:182 msgid "``/some/dir``" msgstr "" -#: ../../sandbox-permissions.rst:175 +#: ../../sandbox-permissions.rst:182 msgid "Access an arbitrary path except any reserved path" msgstr "" -#: ../../sandbox-permissions.rst:176 +#: ../../sandbox-permissions.rst:182 ../../sandbox-permissions.rst:183 +msgid "Includes any subpaths" +msgstr "" + +#: ../../sandbox-permissions.rst:183 msgid "``~/some/dir``" msgstr "" -#: ../../sandbox-permissions.rst:176 +#: ../../sandbox-permissions.rst:183 msgid "Arbitrary path relative to the home directory" msgstr "" -#: ../../sandbox-permissions.rst:177 +#: ../../sandbox-permissions.rst:184 msgid "``xdg-desktop``" msgstr "" -#: ../../sandbox-permissions.rst:177 +#: ../../sandbox-permissions.rst:184 msgid "Access the XDG desktop directory" msgstr "" -#: ../../sandbox-permissions.rst:177 +#: ../../sandbox-permissions.rst:184 msgid "``$XDG_DESKTOP_DIR`` or ``$HOME/Desktop``" msgstr "" -#: ../../sandbox-permissions.rst:178 +#: ../../sandbox-permissions.rst:185 msgid "``xdg-documents``" msgstr "" -#: ../../sandbox-permissions.rst:178 +#: ../../sandbox-permissions.rst:185 msgid "Access the XDG documents directory" msgstr "" -#: ../../sandbox-permissions.rst:178 +#: ../../sandbox-permissions.rst:185 msgid "``$XDG_DOCUMENTS_DIR`` or ``$HOME/Documents``" msgstr "" -#: ../../sandbox-permissions.rst:179 +#: ../../sandbox-permissions.rst:186 msgid "``xdg-download``" msgstr "" -#: ../../sandbox-permissions.rst:179 +#: ../../sandbox-permissions.rst:186 msgid "Access the XDG download directory" msgstr "" -#: ../../sandbox-permissions.rst:179 +#: ../../sandbox-permissions.rst:186 msgid "``$XDG_DOWNLOAD_DIR`` or ``$HOME/Downloads``" msgstr "" -#: ../../sandbox-permissions.rst:180 +#: ../../sandbox-permissions.rst:187 msgid "``xdg-music``" msgstr "" -#: ../../sandbox-permissions.rst:180 +#: ../../sandbox-permissions.rst:187 msgid "Access the XDG music directory" msgstr "" -#: ../../sandbox-permissions.rst:180 +#: ../../sandbox-permissions.rst:187 msgid "``$XDG_MUSIC_DIR`` or ``$HOME/Music``" msgstr "" -#: ../../sandbox-permissions.rst:181 +#: ../../sandbox-permissions.rst:188 msgid "``xdg-pictures``" msgstr "" -#: ../../sandbox-permissions.rst:181 +#: ../../sandbox-permissions.rst:188 msgid "Access the XDG pictures directory" msgstr "" -#: ../../sandbox-permissions.rst:181 +#: ../../sandbox-permissions.rst:188 msgid "``$XDG_PICTURES_DIR`` or ``$HOME/Pictures``" msgstr "" -#: ../../sandbox-permissions.rst:182 +#: ../../sandbox-permissions.rst:189 msgid "``xdg-public-share``" msgstr "" -#: ../../sandbox-permissions.rst:182 +#: ../../sandbox-permissions.rst:189 msgid "Access the XDG public directory" msgstr "" -#: ../../sandbox-permissions.rst:182 +#: ../../sandbox-permissions.rst:189 msgid "``$XDG_PUBLICSHARE_DIR`` or ``$HOME/Public``" msgstr "" -#: ../../sandbox-permissions.rst:183 +#: ../../sandbox-permissions.rst:190 msgid "``xdg-videos``" msgstr "" -#: ../../sandbox-permissions.rst:183 +#: ../../sandbox-permissions.rst:190 msgid "Access the XDG videos directory" msgstr "" -#: ../../sandbox-permissions.rst:183 +#: ../../sandbox-permissions.rst:190 msgid "``$XDG_VIDEOS_DIR`` or ``$HOME/Videos``" msgstr "" -#: ../../sandbox-permissions.rst:184 +#: ../../sandbox-permissions.rst:191 msgid "``xdg-templates``" msgstr "" -#: ../../sandbox-permissions.rst:184 +#: ../../sandbox-permissions.rst:191 msgid "Access the XDG templates directory" msgstr "" -#: ../../sandbox-permissions.rst:184 +#: ../../sandbox-permissions.rst:191 msgid "``$XDG_TEMPLATES_DIR`` or ``$HOME/Templates``" msgstr "" -#: ../../sandbox-permissions.rst:185 +#: ../../sandbox-permissions.rst:192 msgid "``xdg-config``" msgstr "" -#: ../../sandbox-permissions.rst:185 +#: ../../sandbox-permissions.rst:192 msgid "Access the XDG config directory [#f3]_" msgstr "" -#: ../../sandbox-permissions.rst:185 +#: ../../sandbox-permissions.rst:192 msgid "``$XDG_CONFIG_HOME`` or ``$HOME/.config``" msgstr "" -#: ../../sandbox-permissions.rst:186 +#: ../../sandbox-permissions.rst:193 msgid "``xdg-cache``" msgstr "" -#: ../../sandbox-permissions.rst:186 +#: ../../sandbox-permissions.rst:193 msgid "Access the XDG cache directory [#f3]_" msgstr "" -#: ../../sandbox-permissions.rst:186 +#: ../../sandbox-permissions.rst:193 msgid "``$XDG_CACHE_HOME`` or ``$HOME/.cache``" msgstr "" -#: ../../sandbox-permissions.rst:187 +#: ../../sandbox-permissions.rst:194 msgid "``xdg-data``" msgstr "" -#: ../../sandbox-permissions.rst:187 +#: ../../sandbox-permissions.rst:194 msgid "Access the XDG data directory [#f3]_" msgstr "" -#: ../../sandbox-permissions.rst:187 +#: ../../sandbox-permissions.rst:194 msgid "``$XDG_DATA_HOME`` or ``$HOME/.local/share``" msgstr "" -#: ../../sandbox-permissions.rst:188 +#: ../../sandbox-permissions.rst:195 msgid "``xdg-run/path``" msgstr "" -#: ../../sandbox-permissions.rst:188 +#: ../../sandbox-permissions.rst:195 msgid "Access subdirectories of the XDG runtime directory" msgstr "" -#: ../../sandbox-permissions.rst:188 +#: ../../sandbox-permissions.rst:195 msgid "``$XDG_RUNTIME_DIR/path`` (``/run/user/$UID/path``)" msgstr "" -#: ../../sandbox-permissions.rst:191 +#: ../../sandbox-permissions.rst:198 msgid "" "Except ``host, host-etc, host-os`` paths can be added to all the above " "filesystem options. For example, ``--filesystem=xdg-documents/path``." msgstr "" -#: ../../sandbox-permissions.rst:194 +#: ../../sandbox-permissions.rst:201 msgid "Other filesystem access guidelines include:" msgstr "" -#: ../../sandbox-permissions.rst:196 +#: ../../sandbox-permissions.rst:203 #, fuzzy msgid "" "The ``--persist=DIR`` option can be used to map directories from the " @@ -659,7 +684,7 @@ msgstr "" " e pode ser útil para aplicativos que codificam os caminhos do arquivo em" " ``~/``." -#: ../../sandbox-permissions.rst:201 +#: ../../sandbox-permissions.rst:208 msgid "" "For example, if an application hardcodes the directory ``~/.foo``, " "without any ``home`` access and no ``--persist`` the directory will be " @@ -670,18 +695,18 @@ msgid "" "``~/.var/app/$FLATPAK_ID/.foo`` which would otherwise be lost." msgstr "" -#: ../../sandbox-permissions.rst:209 +#: ../../sandbox-permissions.rst:216 msgid "A ``--persist=.`` will `persist` all directories." msgstr "" -#: ../../sandbox-permissions.rst:211 +#: ../../sandbox-permissions.rst:218 msgid "" "This does not support ``:create, :ro, :rw`` suffixes or special values " "like ``xdg-documents``. However, the directory will be created by flatpak" " if it doesn't already exist." msgstr "" -#: ../../sandbox-permissions.rst:215 +#: ../../sandbox-permissions.rst:222 #, fuzzy msgid "" "This makes it possible to avoid configuring access to the entire home " @@ -694,7 +719,7 @@ msgstr "" " e pode ser útil para aplicativos que codificam os caminhos do arquivo em" " ``~/``." -#: ../../sandbox-permissions.rst:218 +#: ../../sandbox-permissions.rst:225 #, fuzzy msgid "" "If an application uses ``$TMPDIR`` to contain lock files you may want to " @@ -705,7 +730,7 @@ msgstr "" " querer adicionar um script wrapper que o defina como " "``$XDG_RUNTIME_DIR/app/$FLATPAK_ID``." -#: ../../sandbox-permissions.rst:222 +#: ../../sandbox-permissions.rst:229 msgid "" "Retaining and sharing configuration with non-Flatpak installations is to " "be avoided." @@ -713,17 +738,17 @@ msgstr "" "Reter e compartilhar a configuração com instalações que não sejam do " "Flatpak deve ser evitado." -#: ../../sandbox-permissions.rst:226 +#: ../../sandbox-permissions.rst:233 msgid "Reserved Paths" msgstr "" -#: ../../sandbox-permissions.rst:228 +#: ../../sandbox-permissions.rst:235 msgid "" "The following paths and subpaths of them are reserved and asking access " "to them with ``--filesystem`` will have no effect::" msgstr "" -#: ../../sandbox-permissions.rst:233 +#: ../../sandbox-permissions.rst:240 msgid "" "The entire ``/run`` is not allowed but all subpaths of ``/run`` except " "``/run/flatpak, /run/host`` are allowed to be exposed via " @@ -731,44 +756,46 @@ msgid "" "to ``../run``, exposing it or a subpath of it, is not allowed." msgstr "" -#: ../../sandbox-permissions.rst:238 +#: ../../sandbox-permissions.rst:245 msgid "" "Additionally the following directories from host need to be explicitly " "requested with ``--filesystem`` and are not available with ``home, host, " "host-os, host-etc`` by default:" msgstr "" -#: ../../sandbox-permissions.rst:242 +#: ../../sandbox-permissions.rst:249 msgid "" "``~/.var/app`` - The app can access only its own directory in " "``~/.var/app/$FLATPAK_ID``" msgstr "" -#: ../../sandbox-permissions.rst:243 +#: ../../sandbox-permissions.rst:250 msgid "``$XDG_DATA_HOME/flatpak`` (``~/.local/share/flatpak``)" msgstr "" -#: ../../sandbox-permissions.rst:244 +#: ../../sandbox-permissions.rst:251 msgid "``/boot``" msgstr "" -#: ../../sandbox-permissions.rst:245 +#: ../../sandbox-permissions.rst:252 msgid "``/efi``" msgstr "" -#: ../../sandbox-permissions.rst:246 +#: ../../sandbox-permissions.rst:253 msgid "``/root``" msgstr "" -#: ../../sandbox-permissions.rst:247 -msgid "``/sys``" +#: ../../sandbox-permissions.rst:254 +msgid "" +"``/sys`` - Only ``/sys/block, /sys/bus, /sys/class, /sys/dev, " +"/sys/devices`` are shared as read-only by default (if exists)" msgstr "" -#: ../../sandbox-permissions.rst:248 +#: ../../sandbox-permissions.rst:255 msgid "``/tmp``" msgstr "" -#: ../../sandbox-permissions.rst:249 +#: ../../sandbox-permissions.rst:256 #, python-brace-format msgid "" "``/var`` - Note that by default ``/var/{cache, config, data, tmp}`` " @@ -778,76 +805,76 @@ msgid "" "available." msgstr "" -#: ../../sandbox-permissions.rst:253 +#: ../../sandbox-permissions.rst:260 msgid "``/var/lib/flatpak`` - ``/var`` does not give access to this." msgstr "" -#: ../../sandbox-permissions.rst:256 +#: ../../sandbox-permissions.rst:263 msgid "Device access" msgstr "Acesso a dispositivo" -#: ../../sandbox-permissions.rst:257 +#: ../../sandbox-permissions.rst:264 msgid "You can provide the following device permissions:" msgstr "" -#: ../../sandbox-permissions.rst:260 +#: ../../sandbox-permissions.rst:267 msgid "``dri``" msgstr "" -#: ../../sandbox-permissions.rst:260 +#: ../../sandbox-permissions.rst:267 msgid "Direct Rendering Interface. Necessary for GL." msgstr "" -#: ../../sandbox-permissions.rst:261 +#: ../../sandbox-permissions.rst:268 msgid "``kvm``" msgstr "" -#: ../../sandbox-permissions.rst:261 +#: ../../sandbox-permissions.rst:268 msgid "Kernel based Virtual Machine ``/dev/kvm``" msgstr "" -#: ../../sandbox-permissions.rst:262 +#: ../../sandbox-permissions.rst:269 msgid "``shm``" msgstr "" -#: ../../sandbox-permissions.rst:262 +#: ../../sandbox-permissions.rst:269 msgid "Shared Memory in ``/dev/shm``." msgstr "" -#: ../../sandbox-permissions.rst:263 +#: ../../sandbox-permissions.rst:270 msgid "``input``" msgstr "" -#: ../../sandbox-permissions.rst:263 +#: ../../sandbox-permissions.rst:270 msgid "" "Input devices as exposed in ``/dev/input``. This includes game " "controllers. Since Flatpak 1.15.6." msgstr "" -#: ../../sandbox-permissions.rst:264 +#: ../../sandbox-permissions.rst:271 msgid "``usb``" msgstr "" -#: ../../sandbox-permissions.rst:264 +#: ../../sandbox-permissions.rst:271 msgid "Raw USB devices as exposed in ``/dev/bus/usb``. Since Flatpak 1.15.11." msgstr "" -#: ../../sandbox-permissions.rst:265 +#: ../../sandbox-permissions.rst:272 msgid "``all``" msgstr "" -#: ../../sandbox-permissions.rst:265 +#: ../../sandbox-permissions.rst:272 msgid "All devices, including all of the above except ``shm``" msgstr "" -#: ../../sandbox-permissions.rst:270 +#: ../../sandbox-permissions.rst:277 msgid "" "Using newer permissions like ``input`` or ``usb`` will have no effect on " "older Flatpak versions and will fail when used through Flatpak " "commandline." msgstr "" -#: ../../sandbox-permissions.rst:274 +#: ../../sandbox-permissions.rst:281 #, fuzzy msgid "" "While not ideal, ``--device=all`` can be used to access devices like " @@ -856,22 +883,22 @@ msgstr "" "Embora não seja o ideal, ``--device=all`` pode ser usado para acessar " "dispositivos como controladores ou webcams." -#: ../../sandbox-permissions.rst:278 +#: ../../sandbox-permissions.rst:285 #, fuzzy msgid "USB portal" msgstr "Portais" -#: ../../sandbox-permissions.rst:280 -msgid "Since 1.5.11." +#: ../../sandbox-permissions.rst:287 +msgid "Since 1.15.11." msgstr "" -#: ../../sandbox-permissions.rst:282 +#: ../../sandbox-permissions.rst:289 msgid "" "Sandboxed access to individual USB devices can be controlled by portals. " "Flatpak allows specifying enumerable USB devices to allow access." msgstr "" -#: ../../sandbox-permissions.rst:286 +#: ../../sandbox-permissions.rst:293 msgid "" "Like ``--device=usb``, this is just about accessing the raw USB device, " "that needs libusb (or equivalent). By using the portal, you can restrict " @@ -880,59 +907,59 @@ msgid "" "no reason for USB security devices to be accessible." msgstr "" -#: ../../sandbox-permissions.rst:293 +#: ../../sandbox-permissions.rst:300 msgid "" "A list of valid use cases includes scanners (handled, for example by " "SANE), photo cameras (handled by libgphoto2), flashing devices, etc." msgstr "" -#: ../../sandbox-permissions.rst:296 +#: ../../sandbox-permissions.rst:303 msgid "" "While this is portal dependent and ``xdg-desktop-portal`` is currently " "the only portal implementation, the overall permission flow is as " "follows:" msgstr "" -#: ../../sandbox-permissions.rst:300 +#: ../../sandbox-permissions.rst:307 msgid "" "The Flatpak package specifies the devices it wishes to enumerate through " "``finish-args``." msgstr "" -#: ../../sandbox-permissions.rst:302 +#: ../../sandbox-permissions.rst:309 msgid "" "The application requests the portal to enumerate the available USB " "devices based on that list. If the list is empty it will enumerate all " "USB devices." msgstr "" -#: ../../sandbox-permissions.rst:305 +#: ../../sandbox-permissions.rst:312 msgid "" "When the application wants to access the device, it will make a request " "for the device it wants to access via the portal." msgstr "" -#: ../../sandbox-permissions.rst:307 +#: ../../sandbox-permissions.rst:314 msgid "The portal then requests permission from the user if not already granted." msgstr "" -#: ../../sandbox-permissions.rst:309 +#: ../../sandbox-permissions.rst:316 msgid "" "If the permission was granted, a file descriptor for the device is passed" " back to the application." msgstr "" -#: ../../sandbox-permissions.rst:312 +#: ../../sandbox-permissions.rst:319 msgid "" "The application is then able to open the devices it is supposed to use " "while the others would be hidden." msgstr "" -#: ../../sandbox-permissions.rst:316 +#: ../../sandbox-permissions.rst:323 msgid "Specifying the enumerable devices" msgstr "" -#: ../../sandbox-permissions.rst:318 +#: ../../sandbox-permissions.rst:325 msgid "" "You can specify devices on the ``flatpak`` command line, and by extension" " in the finish arguments for Flatpak Builder. Enumerable devices are " @@ -943,17 +970,17 @@ msgid "" " shall not be enumerated." msgstr "" -#: ../../sandbox-permissions.rst:326 +#: ../../sandbox-permissions.rst:333 msgid "Queries are made out of rules. These rules are composable with ``+``." msgstr "" -#: ../../sandbox-permissions.rst:328 +#: ../../sandbox-permissions.rst:335 msgid "" "The rule ``all`` enumerates every USB device. There is no further rule " "allowed in the query." msgstr "" -#: ../../sandbox-permissions.rst:331 +#: ../../sandbox-permissions.rst:338 msgid "" "The ``vnd`` and ``dev`` rules specify a USB vendor and a USB device ID " "respectively. A vendor can be specified alone, but a device rule always " @@ -963,63 +990,63 @@ msgid "" "repository `_" msgstr "" -#: ../../sandbox-permissions.rst:338 +#: ../../sandbox-permissions.rst:345 msgid "" "``cls`` specifies the device USB class and subclass. Both class and " "subclass are two digit hex numbers separated by a colon ``:``. You can " "use ``*`` to specify any subclass within the class." msgstr "" -#: ../../sandbox-permissions.rst:342 +#: ../../sandbox-permissions.rst:349 msgid "Some examples of the syntax:" msgstr "" -#: ../../sandbox-permissions.rst:344 +#: ../../sandbox-permissions.rst:351 msgid "``vnd:1234``: Devices from vendor ``1234``" msgstr "" -#: ../../sandbox-permissions.rst:345 +#: ../../sandbox-permissions.rst:352 msgid "``vnd:1234+dev:3456``: Only device ``3456`` from vendor ``1234``." msgstr "" -#: ../../sandbox-permissions.rst:346 +#: ../../sandbox-permissions.rst:353 msgid "``vnd:1234+cls:06:*``: All the PTP devices from vendor ``1234``." msgstr "" -#: ../../sandbox-permissions.rst:347 +#: ../../sandbox-permissions.rst:354 msgid "``cls:06:*``: All the PTP devices." msgstr "" -#: ../../sandbox-permissions.rst:349 +#: ../../sandbox-permissions.rst:356 msgid "" "This permission only allows to enumerate devices. To open them, " "permission must be requested from the portal. It is not possible to open " "a device that is not enumerable." msgstr "" -#: ../../sandbox-permissions.rst:355 +#: ../../sandbox-permissions.rst:362 msgid "" "The ``--device=usb`` permission is broader than what the USB portal is " "supposed to provide and allows unfettered access to any USB device on the" " bus." msgstr "" -#: ../../sandbox-permissions.rst:359 +#: ../../sandbox-permissions.rst:366 msgid "In some situations you may need to specify a very long list of devices." msgstr "" -#: ../../sandbox-permissions.rst:361 +#: ../../sandbox-permissions.rst:368 msgid "Device lists can be passed in one single argument, or through a file." msgstr "" -#: ../../sandbox-permissions.rst:363 +#: ../../sandbox-permissions.rst:370 msgid "" "When using ``--usb-list``, the queries are separated by a semi-colon " "``;``, with queries for hidden devices (i.e. those that would be passed " "with ``--nousb``) prefixed with ``!``." msgstr "" -#: ../../sandbox-permissions.rst:367 +#: ../../sandbox-permissions.rst:374 msgid "" "When using ``--usb-list-file``, the filename of the file containing USB " "queries is passed line by line. Like with ``--usb-list`` queries for " @@ -1029,11 +1056,11 @@ msgid "" "list is persisted internally." msgstr "" -#: ../../sandbox-permissions.rst:375 +#: ../../sandbox-permissions.rst:382 msgid "dconf access" msgstr "Acesso a dconf" -#: ../../sandbox-permissions.rst:377 +#: ../../sandbox-permissions.rst:384 msgid "" "As of xdg-desktop-portal 1.1.0 and glib 2.60.5 (in the runtime) you do " "not need direct DConf access in most cases." @@ -1041,7 +1068,7 @@ msgstr "" "No xdg-desktop-portal 1.1.0 e glib 2.60.5 (no runtime), você não precisa " "de acesso direto ao DConf na maioria dos casos." -#: ../../sandbox-permissions.rst:380 +#: ../../sandbox-permissions.rst:387 msgid "" "As of now this glib version is included in " "``org.freedesktop.Platform//19.08`` and ``org.gnome.Platform//3.34`` and " @@ -1051,7 +1078,7 @@ msgstr "" "``org.freedesktop.Platform//19.08`` e ``org.gnome.Platform//3.34`` e mais" " novos." -#: ../../sandbox-permissions.rst:383 +#: ../../sandbox-permissions.rst:390 msgid "" "If an application existed prior to these runtimes you can tell Flatpak " "(>= 1.3.4) to migrate the DConf settings on the host into the sandbox by " @@ -1066,7 +1093,7 @@ msgstr "" "semelhante ao seu ID de aplicativo ou não será permitido (não diferencia " "maiúsculo de minúsculo, e ``_`` e `` -`` são tratados da mesma forma)." -#: ../../sandbox-permissions.rst:390 +#: ../../sandbox-permissions.rst:397 msgid "" "If you are targeting older runtimes or require direct DConf access for " "other reasons you can use these permissions::" @@ -1074,11 +1101,11 @@ msgstr "" "Se você estiver direcionando runtimes mais antigos ou precisar de acesso " "direto ao DConf por outros motivos, poderá usar estas permissões::" -#: ../../sandbox-permissions.rst:398 +#: ../../sandbox-permissions.rst:405 msgid "With those permissions glib will continue using dconf directly." msgstr "Com essas permissões, o glib continuará usando o dconf diretamente." -#: ../../sandbox-permissions.rst:400 +#: ../../sandbox-permissions.rst:407 msgid "" "If you use a newer runtime where dconf is no longer built and still need " "it you will have to build the `dconf " @@ -1086,11 +1113,11 @@ msgid "" "``--env=GIO_EXTRA_MODULES=/app/lib/gio/modules/``." msgstr "" -#: ../../sandbox-permissions.rst:405 +#: ../../sandbox-permissions.rst:412 msgid "gvfs access" msgstr "Acesso a gvfs" -#: ../../sandbox-permissions.rst:407 +#: ../../sandbox-permissions.rst:414 msgid "" "As of gvfs 1.48, the gvfs daemons and applications use an on-disk socket " "to communicate, rather than an abstract socket so that the gvfs " @@ -1102,7 +1129,7 @@ msgstr "" "infraestrutura do gvfs ainda funcione quando o suporte à rede estiver " "desabilitado no isolamento do aplicativo." -#: ../../sandbox-permissions.rst:411 +#: ../../sandbox-permissions.rst:418 msgid "" "A number of different options need to be passed depending on the " "application's use of gvfs." @@ -1110,7 +1137,7 @@ msgstr "" "Várias opções diferentes precisam ser passadas dependendo do uso de gvfs " "do aplicativo." -#: ../../sandbox-permissions.rst:414 +#: ../../sandbox-permissions.rst:421 msgid "" "``--talk-name=org.gtk.vfs.*`` is necessary to talk to the gvfs daemons " "over D-Bus and list mounts using the GIO APIs." @@ -1118,7 +1145,7 @@ msgstr "" "``--talk-name=org.gtk.vfs.*`` é necessário para falar com os daemons do " "gvfs sobre D-Bus e listar montagens usando as APIs do GIO." -#: ../../sandbox-permissions.rst:417 +#: ../../sandbox-permissions.rst:424 msgid "" "``--filesystem=xdg-run/gvfsd`` is necessary to use the GIO APIs to list " "and access non-native files using the GIO APIs, using URLs rather than " @@ -1128,7 +1155,7 @@ msgstr "" "listar e acessar arquivos não nativos usando as APIs do GIO, usando URLs " "em vez de caminhos FUSE." -#: ../../sandbox-permissions.rst:420 +#: ../../sandbox-permissions.rst:427 msgid "" "``--filesystem=xdg-run/gvfs`` is necessary to give access to the FUSE " "mounts non-GIO and legacy applications can use. This is what will make " @@ -1138,15 +1165,15 @@ msgstr "" "FUSE não-GIO e aplicativos legados podem usar. Isto é o que fará com que " "os arquivos nativos apareçam em ``/run/user/`id -u`/gvfs/``." -#: ../../sandbox-permissions.rst:424 +#: ../../sandbox-permissions.rst:431 msgid "Typical GNOME and GTK applications should use::" msgstr "Os aplicativos GNOME e GTK típicos devem usar::" -#: ../../sandbox-permissions.rst:429 +#: ../../sandbox-permissions.rst:436 msgid "Typical non-GNOME and non-GTK applications should use::" msgstr "Os aplicativos não-GNOME e não-GTK típicos devem usar::" -#: ../../sandbox-permissions.rst:433 +#: ../../sandbox-permissions.rst:440 msgid "" "No application should be using ``--talk-name=org.gtk.vfs`` in its " "manifest, as there are no D-Bus services named ``org.gtk.vfs``." @@ -1154,7 +1181,7 @@ msgstr "" "Nenhum aplicativo deve usar ``--talk-name=org.gtk.vfs`` em seu manifesto," " pois não há serviços D-Bus chamados ``org.gtk.vfs``." -#: ../../sandbox-permissions.rst:436 +#: ../../sandbox-permissions.rst:443 msgid "" "These permission grants the app, the ability to communicate with the gvfs" " daemon and backends running on host. Depending on the backends installed" @@ -1170,11 +1197,11 @@ msgid "" "host." msgstr "" -#: ../../sandbox-permissions.rst:450 +#: ../../sandbox-permissions.rst:457 msgid "External drive access" msgstr "" -#: ../../sandbox-permissions.rst:452 +#: ../../sandbox-permissions.rst:459 msgid "" "External drives are mounted by the host system using systemd, udev, udisk" " fstab etc. and each of them can have different defaults. Flatpak has no " @@ -1182,30 +1209,156 @@ msgid "" "permissions should work in most cases::" msgstr "" -#: ../../sandbox-permissions.rst:461 +#: ../../sandbox-permissions.rst:468 msgid "" "If ``--filesystem=host`` is used ``/media, /run/media`` is shared " "automatically if they exist." msgstr "" -#: ../../sandbox-permissions.rst:464 +#: ../../sandbox-permissions.rst:471 msgid "" "Note that these should not have subpaths in them unless the value of the " "subpath can be consistently pre-determined. Block device naming depends " "on the kernel/fstab configuration and cannot be pre-determined." msgstr "" -#: ../../sandbox-permissions.rst:469 +#: ../../sandbox-permissions.rst:476 +#, fuzzy +msgid "Conditional permissions" +msgstr "Permissões de sandbox" + +#: ../../sandbox-permissions.rst:478 +msgid "" +"Since 1.17.0, Flatpak supports conditional permissions which allows them " +"to be granted only when certain runtime conditions are satisfied and " +"fallback otherwise. The intention of the system is to allow users or " +"developers to specify tighter permission grants (as they are added in new" +" Flatpak versions) while fallback to older grants for backwards " +"compatibility at run time." +msgstr "" + +#: ../../sandbox-permissions.rst:487 +msgid "" +"Older Flatpak versions will fail when encountering unknown commandline " +"options, while unrecognized metadata entries will be silently ignored." +msgstr "" + +#: ../../sandbox-permissions.rst:491 +msgid "" +"Flatpak manifests using conditional flags (for example, ``--socket-if=`` " +"etc.) will require Flatpak 1.17.0 or newer to build and attempting to " +"build them with older Flatpak versions will produce an error." +msgstr "" + +#: ../../sandbox-permissions.rst:496 +msgid "" +"The following flags are available to specify conditional permissions in " +"CLI and in Flatpak manifests::" +msgstr "" + +#: ../../sandbox-permissions.rst:504 +msgid "" +"The syntax of all the options are ``--socket-if=PERMISSION:CONDITION`` " +"and so on where ``PERMISSION`` is the available grants for that flag " +"(e.g., those listed for ``--socket=``). Conditions can be negated by " +"prefixing with ``!``. The following conditions are supported:" +msgstr "" + +#: ../../sandbox-permissions.rst:509 +msgid "``true`` - Always evaluates to true" +msgstr "" + +#: ../../sandbox-permissions.rst:510 +msgid "``false``- Always evaluates to false" +msgstr "" + +#: ../../sandbox-permissions.rst:511 +msgid "" +"``has-input-device`` - True if the Flatpak version supports " +"``--device=input``" +msgstr "" + +#: ../../sandbox-permissions.rst:513 +msgid "``has-wayland`` - True if the current desktop session supports Wayland" +msgstr "" + +#: ../../sandbox-permissions.rst:516 +msgid "" +"Multiple conditionals can be specified for the same grant, in which case " +"the permission is granted if any condition matches. If no conditional " +"rule evaluates to ``true``, the grant is denied unless it is also " +"unconditionally allowed. Duplicate conditions are ignored." +msgstr "" + +#: ../../sandbox-permissions.rst:523 +msgid "Examples" +msgstr "" + +#: ../../sandbox-permissions.rst:525 +msgid "" +"The unconditional grant ``--socket=x11`` can be tightened using " +"conditional permissions to ``--socket-if=x11:!has-wayland``. This allows " +"access to X11 only when a Wayland desktop session is not available. To " +"preserve backwards compatibility, the following pattern can be used::" +msgstr "" + +#: ../../sandbox-permissions.rst:534 +msgid "" +"This allows older Flatpak versions which do not understand the " +"conditional permissions function by allowing X11 access always while " +"newer Flatpak, which understands the conditional system will allow X11 " +"access only when the session is not Wayland." +msgstr "" + +#: ../../sandbox-permissions.rst:539 +msgid "" +"If an application requires only access to ``input`` device permission, " +"the following flags can be used to move away from ``--device=all`` to " +"``--device=input``::" +msgstr "" + +#: ../../sandbox-permissions.rst:547 +msgid "" +"This allows older Flatpak versions which do not understand the ``input`` " +"device permission to function by having the broader ``all`` access. Newer" +" Flatpak versions which understand the conditional system (and therefore " +"understands the ``input`` permission) will deny ``all`` due to " +"``--device-if=all:!has-input-device`` and allow only ``input`` due to " +"``--device=input``." +msgstr "" + +#: ../../sandbox-permissions.rst:555 +msgid "" +"To explicitly deny a permission that might be granted through runtime " +"metadata or overrides ``--nosocket=NAME, --unshare=NAME`` etc. can be " +"used::" +msgstr "" + +#: ../../sandbox-permissions.rst:561 +msgid "" +"This denial can be combined with conditional grants to remove " +"unconditional access while allowing conditional access::" +msgstr "" + +#: ../../sandbox-permissions.rst:568 +msgid "" +"This denies unconditional X11 access but allows X11 conditionally when " +"Wayland is unavailable. Older Flatpak versions will see only the final " +"``--socket=x11`` grant and allow X11 unconditionally, while newer " +"versions recognise the conditional logic and evaluates it at runtime." +msgstr "" + +#: ../../sandbox-permissions.rst:574 msgid "Footnotes" msgstr "" -#: ../../sandbox-permissions.rst:470 +#: ../../sandbox-permissions.rst:575 msgid "" "This is not necessarily required, but without it the X11 shared memory " "extension will not work, which is very bad for X11 performance." msgstr "" -#: ../../sandbox-permissions.rst:472 +#: ../../sandbox-permissions.rst:577 msgid "" "Giving network access also grants access to all host services listening " "on abstract Unix sockets (due to how network namespaces work), and these " @@ -1214,7 +1367,7 @@ msgid "" "secure distribution should disable these and just use regular sockets." msgstr "" -#: ../../sandbox-permissions.rst:477 +#: ../../sandbox-permissions.rst:582 #, python-brace-format msgid "" "``xdg-{cache, config, data}`` bind mounts the paths from host to the per-" @@ -1476,3 +1629,16 @@ msgstr "" #~ msgid "``--socket=ssh-auth``- Allow access to ``$SSH_AUTH_SOCK``" #~ msgstr "" +#~ msgid "" +#~ "Access to ``/home, /media, /opt, " +#~ "/run/media, /srv`` and everything provided " +#~ "by ``host-os, host-etc`` mounted " +#~ "in ``/run/host``" +#~ msgstr "" + +#~ msgid "``/sys``" +#~ msgstr "" + +#~ msgid "Since 1.5.11." +#~ msgstr "" + diff --git a/po/pt_BR/LC_MESSAGES/under-the-hood.po b/po/pt_BR/LC_MESSAGES/under-the-hood.po index dae391f2..beec5e26 100644 --- a/po/pt_BR/LC_MESSAGES/under-the-hood.po +++ b/po/pt_BR/LC_MESSAGES/under-the-hood.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: https://github.com/flatpak/flatpak-docs/issues\n" -"POT-Creation-Date: 2024-09-26 16:32-0300\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2023-05-31 14:32-0300\n" "Last-Translator: Rafael Fontenelle \n" "Language: pt_BR\n" @@ -17,7 +17,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.16.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../under-the-hood.rst:2 msgid "Under the Hood" @@ -138,14 +138,158 @@ msgid "" msgstr "" #: ../../under-the-hood.rst:51 +msgid "Conditional permission system" +msgstr "" + +#: ../../under-the-hood.rst:53 +msgid "" +"Since Flatpak 1.17.0, conditional permissions allow permissions to be " +"granted only when certain runtime conditions are satisfied, with fallback" +" to unconditional grants for compatibility with older versions." +msgstr "" + +#: ../../under-the-hood.rst:57 +msgid "Permissions are internally represented as:" +msgstr "" + +#: ../../under-the-hood.rst:59 +msgid "unconditionally allowed or denied" +msgstr "" + +#: ../../under-the-hood.rst:60 +msgid "" +"a reset flag indicating whether the current layer overrides rules from " +"lower layers" +msgstr "" + +#: ../../under-the-hood.rst:62 +msgid "a set of conditional rules under which the permission may be allowed" +msgstr "" + +#: ../../under-the-hood.rst:64 +msgid "For example:" +msgstr "" + +#: ../../under-the-hood.rst:66 +msgid "" +"``--socket=NAME`` unconditionally allows the permission and resets any " +"previously defined rules for that permission" +msgstr "" + +#: ../../under-the-hood.rst:68 +msgid "" +"``--nosocket=NAME`` unconditionally denies the permission and resets any " +"previously defined rules" +msgstr "" + +#: ../../under-the-hood.rst:70 +msgid "" +"``--socket-if=NAME:CONDITION`` adds a conditional rule without resetting " +"existing rules" +msgstr "" + +#: ../../under-the-hood.rst:73 +msgid "Conditions may be negated using ``!``." +msgstr "" + +#: ../../under-the-hood.rst:75 +msgid "" +"Multiple conditional rules can be specified for the same permission. In " +"this case, the permission is granted if any condition evaluates to true." +msgstr "" + +#: ../../under-the-hood.rst:78 +msgid "" +"Duplicate conditions are ignored. The order of conditions does not affect" +" evaluation." +msgstr "" + +#: ../../under-the-hood.rst:81 +msgid "" +"If no conditional rules are present, the permission is granted only if it" +" is unconditionally allowed." +msgstr "" + +#: ../../under-the-hood.rst:84 +msgid "" +"If conditional rules are present, the permission is granted if any " +"condition evaluates to true, and denied otherwise, unless it is also " +"unconditionally allowed." +msgstr "" + +#: ../../under-the-hood.rst:88 +msgid "" +"If an unconditional entry follows a conditional entry for the same grant " +"in commandline flags, the earlier unconditional entry is treated as " +"backwards compatibility fallback and does not affect the final permission" +" state. So the following is effectively treated as ``--socket-if=x11" +":!has-wayland`` in Flatpak versions supporting conditional permissions::" +msgstr "" + +#: ../../under-the-hood.rst:98 +msgid "Permissions are written to metadata using the following rules:" +msgstr "" + +#: ../../under-the-hood.rst:100 +msgid "Unconditionally allowed permissions are written as ``NAME``" +msgstr "" + +#: ../../under-the-hood.rst:101 +msgid "Unconditionally denied permissions are written as ``!NAME``" +msgstr "" + +#: ../../under-the-hood.rst:102 +msgid "Conditionally allowed permissions are written as:" +msgstr "" + +#: ../../under-the-hood.rst:104 +msgid "unconditional ``NAME`` entry for compat" +msgstr "" + +#: ../../under-the-hood.rst:105 +msgid "``if:NAME:CONDITION`` entries" +msgstr "" + +#: ../../under-the-hood.rst:107 +msgid "" +"If the permission resets previously defined rules, an explicit ``!NAME`` " +"entry is written first, followed by the unconditional ``NAME`` entry and " +"then the ``if:NAME:CONDITION`` entries. This is omitted when saving an " +"application's own metadata, as opposed to overrides." +msgstr "" + +#: ../../under-the-hood.rst:112 +msgid "" +"When parsing metadata, a non-negated unconditional ``NAME`` entry " +"appearing before a ``if:NAME:CONDITION`` entry is treated as a " +"compatibility fallback and does not affect the final permission state. " +"Eg. ``sockets=x11;if:x11:!has-wayland;`` is effectively treated as " +"``if:x11:!has-wayland`` in Flatpak versions supporting conditional " +"permissions." +msgstr "" + +#: ../../under-the-hood.rst:119 +msgid "" +"The ``fallback-x11`` socket, on pre-1.17 Flatpak versions implicitly " +"granted ``x11`` access and at runtime X11 access was suppressed when " +"Wayland was available, while on newer Flatpak (1.17+) it is internally " +"converted to the conditional syntax ``if:x11:!has-wayland``. When saving " +"the metadata, Flatpak converts ``if:x11:!has-wayland`` back to " +"``fallback-x11`` only when it is the sole conditional on ``x11``. If " +"additional conditionals are present, the new syntax is written directly " +"and older Flatpak versions will not understand the conditional entries. A" +" conditional grant for ``fallback-x11`` is not allowed." +msgstr "" + +#: ../../under-the-hood.rst:130 msgid "Underlying technologies" msgstr "Tecnologias subjacentes" -#: ../../under-the-hood.rst:53 +#: ../../under-the-hood.rst:132 msgid "Flatpak utilises a number of pre-existing technologies. These include:" msgstr "O Flatpak utiliza várias tecnologias preexistentes. Esses incluem:" -#: ../../under-the-hood.rst:55 +#: ../../under-the-hood.rst:134 msgid "" "The `bubblewrap `_ utility from" " `Project Atomic `_, which lets unprivileged " @@ -156,19 +300,19 @@ msgstr "" "sem privilégios configurem e executem contêineres, usando recursos do " "kernel, como:" -#: ../../under-the-hood.rst:59 +#: ../../under-the-hood.rst:138 msgid "Namespaces" msgstr "Espaços de nomes" -#: ../../under-the-hood.rst:60 +#: ../../under-the-hood.rst:139 msgid "Bind mounts" msgstr "Montagens vinculadas (\"bind\")" -#: ../../under-the-hood.rst:61 +#: ../../under-the-hood.rst:140 msgid "Seccomp rules" msgstr "Regras seccomp" -#: ../../under-the-hood.rst:63 +#: ../../under-the-hood.rst:142 msgid "" "`systemd `_ to set up" " cgroups for sandboxes" @@ -176,7 +320,7 @@ msgstr "" "`systemd `_ para " "configurar cgroups para sandboxes" -#: ../../under-the-hood.rst:65 +#: ../../under-the-hood.rst:144 msgid "" "`D-Bus `_, a well-" "established way to provide high-level APIs to applications" @@ -184,7 +328,7 @@ msgstr "" "`D-Bus `_, uma maneira " "bem estabelecida de fornecer APIs de alto nível para aplicativos" -#: ../../under-the-hood.rst:67 +#: ../../under-the-hood.rst:146 #, fuzzy msgid "" "The `OSTree `__ system for " @@ -193,7 +337,7 @@ msgstr "" "O sistema `OSTree `__ para " "versionamento e distribuição de árvores de sistema de arquivos" -#: ../../under-the-hood.rst:69 +#: ../../under-the-hood.rst:148 msgid "" "The OCI format from the `Open Container Initiative " "`_, as an alternative to OSTree used by the " @@ -205,11 +349,11 @@ msgstr "" "pela `infraestrutura do Fedora `__" -#: ../../under-the-hood.rst:73 +#: ../../under-the-hood.rst:152 msgid "Flatpak can use either OSTree or OCI for single-file bundles." msgstr "Flatpak pode usar OSTree ou OCI para pacotes de arquivo único." -#: ../../under-the-hood.rst:74 +#: ../../under-the-hood.rst:153 msgid "" "`Appstream `_ " "metadata, to allow Flatpak applications to show up nicely in software " diff --git a/po/ru/LC_MESSAGES/available-runtimes.po b/po/ru/LC_MESSAGES/available-runtimes.po index 6f5c8a7a..7946346b 100644 --- a/po/ru/LC_MESSAGES/available-runtimes.po +++ b/po/ru/LC_MESSAGES/available-runtimes.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak\n" "Report-Msgid-Bugs-To: https://github.com/flatpak/flatpak-docs/issues\n" -"POT-Creation-Date: 2024-12-01 08:17+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2023-11-07 01:23+0700\n" "Last-Translator: Dmitry \n" "Language: ru\n" @@ -18,7 +18,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.16.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../available-runtimes.rst:2 msgid "Available Runtimes" @@ -175,7 +175,7 @@ msgid "" "Major version releases of the runtime are synced with `GNOME releases " "`_ and are announced on `GNOME " "Discourse `_. Usually a " -"given branch of the runtime is supported for an year and EOL-ed upon the " +"given branch of the runtime is supported for a year and EOL-ed upon the " "release of a newstable version." msgstr "" @@ -492,3 +492,15 @@ msgstr "" #~ " ``io.elementary.Platform``" #~ msgstr "" +#~ msgid "" +#~ "Major version releases of the runtime" +#~ " are synced with `GNOME releases " +#~ "`_ and are " +#~ "announced on `GNOME Discourse " +#~ "`_. Usually " +#~ "a given branch of the runtime is" +#~ " supported for an year and EOL-" +#~ "ed upon the release of a newstable" +#~ " version." +#~ msgstr "" + diff --git a/po/ru/LC_MESSAGES/electron.po b/po/ru/LC_MESSAGES/electron.po index 6d1ce3a2..0b9f6978 100644 --- a/po/ru/LC_MESSAGES/electron.po +++ b/po/ru/LC_MESSAGES/electron.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-03-13 09:30+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2023-02-04 00:21+0700\n" "Last-Translator: Dmitry \n" "Language: ru\n" @@ -18,7 +18,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../electron.rst:2 msgid "Electron" @@ -49,13 +49,13 @@ msgstr "" "использовать." #: ../../electron.rst:13 +#, fuzzy msgid "" "The guide walks through the `manifest file `_ of the `sample Electron Flatpak application " -"`_. Before you start, it " -"is a good idea to take a look at this, either online or by downloading " -"the application." +"/electron-sample-app/blob/master/org.flathub.electron-sample-app.yml>`_ " +"of the `sample Electron Flatpak application `_. Before you start, it is a good idea to take a " +"look at this, either online or by downloading the application." msgstr "" "В руководстве рассматривается «файл манифеста =20, the " "``--ozone-platform-hint=auto`` flag can be passed to the program. `auto` " @@ -220,31 +219,31 @@ msgid "" " Xwayland or X11 otherwise." msgstr "" -#: ../../electron.rst:131 +#: ../../electron.rst:130 msgid "" "It's recommended to leave actually `enabling` Wayland up to the user for " "now, i.e. set ``--socket=x11`` in the manifest. Wayland can then be " "tested with::" msgstr "" -#: ../../electron.rst:137 +#: ../../electron.rst:136 msgid "Enable native Wayland support by default" msgstr "" -#: ../../electron.rst:141 +#: ../../electron.rst:140 msgid "" "Native Wayland support in Electron is still experimental and often " "unstable. It is advised to stick with the X11/Xwayland configuration " "above as the default." msgstr "" -#: ../../electron.rst:145 +#: ../../electron.rst:144 msgid "" "To make native Wayland the `default` for users, ``--socket=fallback-x11``" " and ``--socket=wayland`` must be used in the manifest." msgstr "" -#: ../../electron.rst:148 +#: ../../electron.rst:147 msgid "" "For Electron versions between 17 and 27, client-side window decorations " "under native Wayland can be enabled by passing ``--enable-" @@ -252,7 +251,7 @@ msgid "" " Electron , this isn't necessary anymore." msgstr "" -#: ../../electron.rst:153 +#: ../../electron.rst:152 msgid "" "Electron uses ``libnotify`` on Linux to provide desktop notifications. " "`Since version 0.8.0 " @@ -265,18 +264,18 @@ msgid "" "``libnotify>=0.8.0`` since ``branch/23.08``." msgstr "" -#: ../../electron.rst:160 +#: ../../electron.rst:159 msgid "" "To ensure proper mouse cursor scaling on HiDPI displays under Wayland, " "the ``XCURSOR_PATH`` environment variable must be set to the host's " "corresponding directories:" msgstr "" -#: ../../electron.rst:172 +#: ../../electron.rst:171 msgid "Using correct desktop file name" msgstr "" -#: ../../electron.rst:174 +#: ../../electron.rst:173 #, python-brace-format msgid "" "It's important for Linux applications to set the correct desktop file " @@ -288,15 +287,16 @@ msgid "" "\"com.example.MyApp.desktop\"``." msgstr "" -#: ../../electron.rst:178 +#: ../../electron.rst:177 #, python-brace-format msgid "" -"In case you repack a binary, you can use the ``patch-desktop-filename`` " -"script provided by the BaseApp. Each Electron binary ships with " -"``resources/app.asar`` file. You need to call ``patch-desktop-filename`` " -"with this file as argument. If your application is installed under " -"``${FLATPAK_DEST}/my-app`` you need to run ``patch-desktop-filename " -"${FLATPAK_DEST}/my-app/resources/app.asar``." +"In case you repack a binary, you can use the `patch-electron-desktop-" +"filename `_ tool included in the BaseApp. Each Electron binary ships " +"with ``resources/app.asar`` file. You need to call ``patch-desktop-" +"filename`` with this file as argument. If your application is installed " +"under ``${FLATPAK_DEST}/my-app`` you need to run ``patch-desktop-filename" +" ${FLATPAK_DEST}/my-app/resources/app.asar``." msgstr "" #: ../../electron.rst:183 @@ -641,3 +641,17 @@ msgstr "" #~ "``branch/23.08`` comes with ``libnotify>=0.8.0``" #~ msgstr "" +#~ msgid "" +#~ "In case you repack a binary, you" +#~ " can use the ``patch-desktop-" +#~ "filename`` script provided by the " +#~ "BaseApp. Each Electron binary ships with" +#~ " ``resources/app.asar`` file. You need to" +#~ " call ``patch-desktop-filename`` with " +#~ "this file as argument. If your " +#~ "application is installed under " +#~ "``${FLATPAK_DEST}/my-app`` you need to " +#~ "run ``patch-desktop-filename ${FLATPAK_DEST" +#~ "}/my-app/resources/app.asar``." +#~ msgstr "" + diff --git a/po/ru/LC_MESSAGES/extension.po b/po/ru/LC_MESSAGES/extension.po index 6a6f0976..1267599f 100644 --- a/po/ru/LC_MESSAGES/extension.po +++ b/po/ru/LC_MESSAGES/extension.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-08-31 14:40+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: ru\n" @@ -19,7 +19,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../extension.rst:2 msgid "Extensions" @@ -63,14 +63,14 @@ msgstr "" #: ../../extension.rst:25 msgid "" "``.Debug, .Locale, .Sources`` extensions created by Flatpak builder do " -"not need to be specified manually. These are automaitcally created and " +"not need to be specified manually. These are automatically created and " "loaded if installed." msgstr "" #: ../../extension.rst:29 msgid "" "Note that, ``.Locale`` extensions are by default only partially installed" -" (only for the configued languages) by Flatpak. To install the full " +" (only for the configured languages) by Flatpak. To install the full " "locale extension ``flatpak update --subpath= $FLATPAK_ID.Locale`` can be " "used." msgstr "" @@ -331,7 +331,7 @@ msgstr "" #: ../../extension.rst:218 msgid "" "Some extensions are installed automatically by the runtime based on " -"certain conditions and these do not need be added to application " +"certain conditions and these do not need to be added to application " "manifests. Please see below for the purpose of extensions or extension " "points defined in the runtime. Similarly extensions created by Flatpak " "builder like ``.Locale, .Debug`` also do not need to be in application " @@ -992,3 +992,33 @@ msgstr "" #~ "````org.kde.Platform//5.15-24.08`` is ``24.08``." #~ msgstr "" +#~ msgid "" +#~ "``.Debug, .Locale, .Sources`` extensions " +#~ "created by Flatpak builder do not " +#~ "need to be specified manually. These " +#~ "are automaitcally created and loaded if" +#~ " installed." +#~ msgstr "" + +#~ msgid "" +#~ "Note that, ``.Locale`` extensions are by" +#~ " default only partially installed (only " +#~ "for the configued languages) by Flatpak." +#~ " To install the full locale extension" +#~ " ``flatpak update --subpath= $FLATPAK_ID.Locale``" +#~ " can be used." +#~ msgstr "" + +#~ msgid "" +#~ "Some extensions are installed automatically" +#~ " by the runtime based on certain " +#~ "conditions and these do not need " +#~ "be added to application manifests. " +#~ "Please see below for the purpose " +#~ "of extensions or extension points " +#~ "defined in the runtime. Similarly " +#~ "extensions created by Flatpak builder " +#~ "like ``.Locale, .Debug`` also do not " +#~ "need to be in application manifest." +#~ msgstr "" + diff --git a/po/ru/LC_MESSAGES/flatpak-devel.po b/po/ru/LC_MESSAGES/flatpak-devel.po index a821d583..72a2372a 100644 --- a/po/ru/LC_MESSAGES/flatpak-devel.po +++ b/po/ru/LC_MESSAGES/flatpak-devel.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-06-30 14:59+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: ru\n" @@ -19,7 +19,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../flatpak-devel.rst:2 msgid "Flatpak as a developer platform" @@ -60,7 +60,7 @@ msgstr "" #: ../../flatpak-devel.rst:23 msgid "" -"`Flatpak Github Actions `_ can be used for GitHub." msgstr "" @@ -350,3 +350,9 @@ msgstr "" #~ msgid "Parallel nigthly and stable applications" #~ msgstr "" +#~ msgid "" +#~ "`Flatpak Github Actions `_ can " +#~ "be used for GitHub." +#~ msgstr "" + diff --git a/po/ru/LC_MESSAGES/module-sources.po b/po/ru/LC_MESSAGES/module-sources.po index a993f11d..5b3eb9f3 100644 --- a/po/ru/LC_MESSAGES/module-sources.po +++ b/po/ru/LC_MESSAGES/module-sources.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-12-01 08:05+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: ru\n" @@ -19,7 +19,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.16.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../module-sources.rst:2 msgid "Module Sources" @@ -421,6 +421,7 @@ msgid "" msgstr "" #: ../../module-sources.rst:475 +#, python-brace-format msgid "" "The last line creates an empty symlink from ``${FLATPAK_DEST}/extra/`` to" " ``${FLATPAK_DEST}/bin/`` so that the executable is found in ``$PATH`` " @@ -449,6 +450,7 @@ msgid "" msgstr "" #: ../../module-sources.rst:499 +#, python-brace-format msgid "" "The commands needed to extract the snap are specified in the " "``apply_extra`` script. These can be any shell commands that run when " @@ -505,7 +507,7 @@ msgstr "" #: ../../module-sources.rst:573 msgid "" "``path`` should be the path of the local directory relative to the " -"manifest root path, whoose contents will be copied during build." +"manifest root path, whose contents will be copied during build." msgstr "" #: ../../module-sources.rst:587 @@ -517,3 +519,10 @@ msgid "" "them." msgstr "" +#~ msgid "" +#~ "``path`` should be the path of the" +#~ " local directory relative to the " +#~ "manifest root path, whoose contents will" +#~ " be copied during build." +#~ msgstr "" + diff --git a/po/ru/LC_MESSAGES/sandbox-permissions.po b/po/ru/LC_MESSAGES/sandbox-permissions.po index f595ba84..c865c009 100644 --- a/po/ru/LC_MESSAGES/sandbox-permissions.po +++ b/po/ru/LC_MESSAGES/sandbox-permissions.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak\n" "Report-Msgid-Bugs-To: https://github.com/flatpak/flatpak-docs/issues\n" -"POT-Creation-Date: 2025-08-31 14:40+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2023-11-06 23:55+0700\n" "Last-Translator: Dmitry \n" "Language: ru\n" @@ -18,7 +18,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../sandbox-permissions.rst:2 msgid "Sandbox Permissions" @@ -282,7 +282,17 @@ msgid "" "clients or SSH frontends." msgstr "" -#: ../../sandbox-permissions.rst:105 +#: ../../sandbox-permissions.rst:102 +msgid "" +"``--socket=inherit-wayland-socket`` - Inherit the ``$WAYLAND_SOCKET`` " +"environment variable from the parent process (for example, the " +"compositor). This is not commonly needed unless the application needs " +"access to the parent process’ Wayland state. Input method applications " +"may need this. It’s a very sensitive permission as it prevents Wayland " +"client state from being sandboxed." +msgstr "" + +#: ../../sandbox-permissions.rst:111 msgid "" "Applications that do not support native Wayland should use only " "``--socket=x11`` and applications that do, should use " @@ -291,17 +301,17 @@ msgid "" "Wayland sessions of the desktop environment." msgstr "" -#: ../../sandbox-permissions.rst:111 +#: ../../sandbox-permissions.rst:117 #, fuzzy msgid "``--socket=wayland`` - Show windows with Wayland" msgstr "``--socket=wayland`` - показать окна Wayland" -#: ../../sandbox-permissions.rst:112 +#: ../../sandbox-permissions.rst:118 #, fuzzy msgid "``--socket=x11`` - Show windows using X11" msgstr "``--socket=x11`` - показать окна с помощью X11" -#: ../../sandbox-permissions.rst:113 +#: ../../sandbox-permissions.rst:119 #, fuzzy msgid "" "``--socket=fallback-x11`` - Show windows using X11, if Wayland is not " @@ -313,11 +323,11 @@ msgstr "" "внимание, что вы все равно должны использовать ``--socket=wayland`` для " "разрешения wayland" -#: ../../sandbox-permissions.rst:118 +#: ../../sandbox-permissions.rst:124 msgid "D-Bus access" msgstr "Доступ к D-Bus" -#: ../../sandbox-permissions.rst:120 +#: ../../sandbox-permissions.rst:126 msgid "" "D-Bus access is filtered by default. The default policy for the session " "bus only allows the application to own its own namespace named by " @@ -329,7 +339,7 @@ msgid "" "``org.freedesktop.portal.*``." msgstr "" -#: ../../sandbox-permissions.rst:128 +#: ../../sandbox-permissions.rst:134 #, fuzzy msgid "" "Access to the entire bus with ``--socket=system-bus`` or ``--socket" @@ -340,37 +350,37 @@ msgstr "" "или ``--socket=session-bus`` если только приложение не является " "инструментом разработки." -#: ../../sandbox-permissions.rst:133 +#: ../../sandbox-permissions.rst:139 msgid "" "``flatpak run --log-session-bus $FLATPAK_ID`` can be used to find the " "specific D-Bus permissions needed. See :ref:`debugging:Audit session or " "system bus traffic` for more information." msgstr "" -#: ../../sandbox-permissions.rst:137 +#: ../../sandbox-permissions.rst:143 msgid "**Ownership**" msgstr "**Право собственности**" -#: ../../sandbox-permissions.rst:139 +#: ../../sandbox-permissions.rst:145 msgid "" "Any ownership beyond what is granted by default ie. own namespace and " "``org.mpris.MediaPlayer2.$FLATPAK_ID`` is typically unnecessary although " "there can be exceptions." msgstr "" -#: ../../sandbox-permissions.rst:143 +#: ../../sandbox-permissions.rst:149 msgid "**Talk**" msgstr "**Разговор**" -#: ../../sandbox-permissions.rst:145 +#: ../../sandbox-permissions.rst:151 msgid "It is recommended to use the minimum required talk-name permissions." msgstr "" -#: ../../sandbox-permissions.rst:148 +#: ../../sandbox-permissions.rst:154 msgid "Filesystem access" msgstr "Доступ к файловой системе" -#: ../../sandbox-permissions.rst:150 +#: ../../sandbox-permissions.rst:156 #, fuzzy msgid "" "As a general rule, static and permanent filesystem access should be " @@ -379,7 +389,7 @@ msgstr "" "Как правило, доступ к файловой системе должен быть максимально ограничен." " Это включает:" -#: ../../sandbox-permissions.rst:153 +#: ../../sandbox-permissions.rst:159 msgid "" "Using portals as an alternative to blanket filesystem access, wherever " "possible." @@ -387,269 +397,284 @@ msgstr "" "Использование порталов в качестве альтернативы общему доступу к файловой " "системе везде, где это возможно." -#: ../../sandbox-permissions.rst:155 +#: ../../sandbox-permissions.rst:161 msgid "Using read-only access wherever possible, using the ``:ro`` option." msgstr "" "Использование доступа только для чтения везде, где это возможно, с " "использованием параметра ``:ro``." -#: ../../sandbox-permissions.rst:156 +#: ../../sandbox-permissions.rst:162 msgid "" "Using :ref:`conventions:XDG base directories` to store application's " "cache, config and state. Then no additional filesystem access would be " "required." msgstr "" -#: ../../sandbox-permissions.rst:159 +#: ../../sandbox-permissions.rst:165 msgid "" "Avoiding full home access and instead using XDG directories such as " "``xdg-music`` or ``xdg-download`` etc." msgstr "" -#: ../../sandbox-permissions.rst:162 +#: ../../sandbox-permissions.rst:168 msgid "The following permission options are available:" msgstr "" -#: ../../sandbox-permissions.rst:164 +#: ../../sandbox-permissions.rst:170 msgid "``:ro`` - read-only access" msgstr "" -#: ../../sandbox-permissions.rst:165 +#: ../../sandbox-permissions.rst:171 msgid "" "``:create`` - read/write access, and create the directory if it doesn't " "exist" msgstr "" -#: ../../sandbox-permissions.rst:168 +#: ../../sandbox-permissions.rst:174 msgid "Additionally the following permissions are available:" msgstr "" -#: ../../sandbox-permissions.rst:171 +#: ../../sandbox-permissions.rst:177 +msgid "``host-root``" +msgstr "" + +#: ../../sandbox-permissions.rst:177 +msgid "" +"Complete host operating system with no exclusions mounted at " +"``/run/host/root`` inside the sandbox. (v1.17.0+)" +msgstr "" + +#: ../../sandbox-permissions.rst:178 msgid "``host``" msgstr "" -#: ../../sandbox-permissions.rst:171 +#: ../../sandbox-permissions.rst:178 msgid "" -"Access to ``/home, /media, /opt, /run/media, /srv`` and everything " -"provided by ``host-os, host-etc`` mounted in ``/run/host``" +"Access to all toplevel paths and subpaths of ``/`` except some reserved " +"paths listed below." msgstr "" -#: ../../sandbox-permissions.rst:171 ../../sandbox-permissions.rst:175 -#: ../../sandbox-permissions.rst:176 -msgid "Includes any subpaths" +#: ../../sandbox-permissions.rst:178 +msgid "" +"Paths provided by ``host-etc, host-os`` are mounted at ``/run/host`` as " +"explained below." msgstr "" -#: ../../sandbox-permissions.rst:172 +#: ../../sandbox-permissions.rst:179 msgid "``host-etc``" msgstr "" -#: ../../sandbox-permissions.rst:172 +#: ../../sandbox-permissions.rst:179 msgid "Host's ``/etc``" msgstr "" -#: ../../sandbox-permissions.rst:172 +#: ../../sandbox-permissions.rst:179 msgid "Host's ``/etc`` is mounted at ``/run/host/etc``" msgstr "" -#: ../../sandbox-permissions.rst:173 +#: ../../sandbox-permissions.rst:180 msgid "``host-os``" msgstr "" -#: ../../sandbox-permissions.rst:173 +#: ../../sandbox-permissions.rst:180 #, python-brace-format msgid "" "Host's ``/usr, /bin, /sbin, /lib{32, 64}, /etc/ld.so.cache, " "/etc/alternatives``" msgstr "" -#: ../../sandbox-permissions.rst:173 +#: ../../sandbox-permissions.rst:180 msgid "Mounted at ``/run/host``" msgstr "" -#: ../../sandbox-permissions.rst:174 +#: ../../sandbox-permissions.rst:181 msgid "``home``" msgstr "" -#: ../../sandbox-permissions.rst:174 +#: ../../sandbox-permissions.rst:181 #, fuzzy msgid "Access the home directory" msgstr "``--filesystem=home`` - доступ к домашнему каталогу пользователя" -#: ../../sandbox-permissions.rst:174 +#: ../../sandbox-permissions.rst:181 msgid "Except ``~/.var/app``" msgstr "" -#: ../../sandbox-permissions.rst:175 +#: ../../sandbox-permissions.rst:182 msgid "``/some/dir``" msgstr "" -#: ../../sandbox-permissions.rst:175 +#: ../../sandbox-permissions.rst:182 msgid "Access an arbitrary path except any reserved path" msgstr "" -#: ../../sandbox-permissions.rst:176 +#: ../../sandbox-permissions.rst:182 ../../sandbox-permissions.rst:183 +msgid "Includes any subpaths" +msgstr "" + +#: ../../sandbox-permissions.rst:183 msgid "``~/some/dir``" msgstr "" -#: ../../sandbox-permissions.rst:176 +#: ../../sandbox-permissions.rst:183 msgid "Arbitrary path relative to the home directory" msgstr "" -#: ../../sandbox-permissions.rst:177 +#: ../../sandbox-permissions.rst:184 msgid "``xdg-desktop``" msgstr "" -#: ../../sandbox-permissions.rst:177 +#: ../../sandbox-permissions.rst:184 msgid "Access the XDG desktop directory" msgstr "" -#: ../../sandbox-permissions.rst:177 +#: ../../sandbox-permissions.rst:184 msgid "``$XDG_DESKTOP_DIR`` or ``$HOME/Desktop``" msgstr "" -#: ../../sandbox-permissions.rst:178 +#: ../../sandbox-permissions.rst:185 msgid "``xdg-documents``" msgstr "" -#: ../../sandbox-permissions.rst:178 +#: ../../sandbox-permissions.rst:185 msgid "Access the XDG documents directory" msgstr "" -#: ../../sandbox-permissions.rst:178 +#: ../../sandbox-permissions.rst:185 msgid "``$XDG_DOCUMENTS_DIR`` or ``$HOME/Documents``" msgstr "" -#: ../../sandbox-permissions.rst:179 +#: ../../sandbox-permissions.rst:186 msgid "``xdg-download``" msgstr "" -#: ../../sandbox-permissions.rst:179 +#: ../../sandbox-permissions.rst:186 msgid "Access the XDG download directory" msgstr "" -#: ../../sandbox-permissions.rst:179 +#: ../../sandbox-permissions.rst:186 msgid "``$XDG_DOWNLOAD_DIR`` or ``$HOME/Downloads``" msgstr "" -#: ../../sandbox-permissions.rst:180 +#: ../../sandbox-permissions.rst:187 msgid "``xdg-music``" msgstr "" -#: ../../sandbox-permissions.rst:180 +#: ../../sandbox-permissions.rst:187 msgid "Access the XDG music directory" msgstr "" -#: ../../sandbox-permissions.rst:180 +#: ../../sandbox-permissions.rst:187 msgid "``$XDG_MUSIC_DIR`` or ``$HOME/Music``" msgstr "" -#: ../../sandbox-permissions.rst:181 +#: ../../sandbox-permissions.rst:188 msgid "``xdg-pictures``" msgstr "" -#: ../../sandbox-permissions.rst:181 +#: ../../sandbox-permissions.rst:188 msgid "Access the XDG pictures directory" msgstr "" -#: ../../sandbox-permissions.rst:181 +#: ../../sandbox-permissions.rst:188 msgid "``$XDG_PICTURES_DIR`` or ``$HOME/Pictures``" msgstr "" -#: ../../sandbox-permissions.rst:182 +#: ../../sandbox-permissions.rst:189 msgid "``xdg-public-share``" msgstr "" -#: ../../sandbox-permissions.rst:182 +#: ../../sandbox-permissions.rst:189 msgid "Access the XDG public directory" msgstr "" -#: ../../sandbox-permissions.rst:182 +#: ../../sandbox-permissions.rst:189 msgid "``$XDG_PUBLICSHARE_DIR`` or ``$HOME/Public``" msgstr "" -#: ../../sandbox-permissions.rst:183 +#: ../../sandbox-permissions.rst:190 msgid "``xdg-videos``" msgstr "" -#: ../../sandbox-permissions.rst:183 +#: ../../sandbox-permissions.rst:190 msgid "Access the XDG videos directory" msgstr "" -#: ../../sandbox-permissions.rst:183 +#: ../../sandbox-permissions.rst:190 msgid "``$XDG_VIDEOS_DIR`` or ``$HOME/Videos``" msgstr "" -#: ../../sandbox-permissions.rst:184 +#: ../../sandbox-permissions.rst:191 msgid "``xdg-templates``" msgstr "" -#: ../../sandbox-permissions.rst:184 +#: ../../sandbox-permissions.rst:191 msgid "Access the XDG templates directory" msgstr "" -#: ../../sandbox-permissions.rst:184 +#: ../../sandbox-permissions.rst:191 msgid "``$XDG_TEMPLATES_DIR`` or ``$HOME/Templates``" msgstr "" -#: ../../sandbox-permissions.rst:185 +#: ../../sandbox-permissions.rst:192 msgid "``xdg-config``" msgstr "" -#: ../../sandbox-permissions.rst:185 +#: ../../sandbox-permissions.rst:192 msgid "Access the XDG config directory [#f3]_" msgstr "" -#: ../../sandbox-permissions.rst:185 +#: ../../sandbox-permissions.rst:192 msgid "``$XDG_CONFIG_HOME`` or ``$HOME/.config``" msgstr "" -#: ../../sandbox-permissions.rst:186 +#: ../../sandbox-permissions.rst:193 msgid "``xdg-cache``" msgstr "" -#: ../../sandbox-permissions.rst:186 +#: ../../sandbox-permissions.rst:193 msgid "Access the XDG cache directory [#f3]_" msgstr "" -#: ../../sandbox-permissions.rst:186 +#: ../../sandbox-permissions.rst:193 msgid "``$XDG_CACHE_HOME`` or ``$HOME/.cache``" msgstr "" -#: ../../sandbox-permissions.rst:187 +#: ../../sandbox-permissions.rst:194 msgid "``xdg-data``" msgstr "" -#: ../../sandbox-permissions.rst:187 +#: ../../sandbox-permissions.rst:194 msgid "Access the XDG data directory [#f3]_" msgstr "" -#: ../../sandbox-permissions.rst:187 +#: ../../sandbox-permissions.rst:194 msgid "``$XDG_DATA_HOME`` or ``$HOME/.local/share``" msgstr "" -#: ../../sandbox-permissions.rst:188 +#: ../../sandbox-permissions.rst:195 msgid "``xdg-run/path``" msgstr "" -#: ../../sandbox-permissions.rst:188 +#: ../../sandbox-permissions.rst:195 msgid "Access subdirectories of the XDG runtime directory" msgstr "" -#: ../../sandbox-permissions.rst:188 +#: ../../sandbox-permissions.rst:195 msgid "``$XDG_RUNTIME_DIR/path`` (``/run/user/$UID/path``)" msgstr "" -#: ../../sandbox-permissions.rst:191 +#: ../../sandbox-permissions.rst:198 msgid "" "Except ``host, host-etc, host-os`` paths can be added to all the above " "filesystem options. For example, ``--filesystem=xdg-documents/path``." msgstr "" -#: ../../sandbox-permissions.rst:194 +#: ../../sandbox-permissions.rst:201 msgid "Other filesystem access guidelines include:" msgstr "" -#: ../../sandbox-permissions.rst:196 +#: ../../sandbox-permissions.rst:203 #, fuzzy msgid "" "The ``--persist=DIR`` option can be used to map directories from the " @@ -663,7 +688,7 @@ msgstr "" "быть полезно для приложений, которые жестко шифруют пути к файлам в " "``~/``." -#: ../../sandbox-permissions.rst:201 +#: ../../sandbox-permissions.rst:208 msgid "" "For example, if an application hardcodes the directory ``~/.foo``, " "without any ``home`` access and no ``--persist`` the directory will be " @@ -674,18 +699,18 @@ msgid "" "``~/.var/app/$FLATPAK_ID/.foo`` which would otherwise be lost." msgstr "" -#: ../../sandbox-permissions.rst:209 +#: ../../sandbox-permissions.rst:216 msgid "A ``--persist=.`` will `persist` all directories." msgstr "" -#: ../../sandbox-permissions.rst:211 +#: ../../sandbox-permissions.rst:218 msgid "" "This does not support ``:create, :ro, :rw`` suffixes or special values " "like ``xdg-documents``. However, the directory will be created by flatpak" " if it doesn't already exist." msgstr "" -#: ../../sandbox-permissions.rst:215 +#: ../../sandbox-permissions.rst:222 #, fuzzy msgid "" "This makes it possible to avoid configuring access to the entire home " @@ -698,7 +723,7 @@ msgstr "" "быть полезно для приложений, которые жестко шифруют пути к файлам в " "``~/``." -#: ../../sandbox-permissions.rst:218 +#: ../../sandbox-permissions.rst:225 #, fuzzy msgid "" "If an application uses ``$TMPDIR`` to contain lock files you may want to " @@ -709,7 +734,7 @@ msgstr "" "блокировки, вы можете добавить скрипт обертки, который устанавливает его " "на ``$XDG_RUNTIME_DIR/app/$FLATPAK_ID``." -#: ../../sandbox-permissions.rst:222 +#: ../../sandbox-permissions.rst:229 msgid "" "Retaining and sharing configuration with non-Flatpak installations is to " "be avoided." @@ -717,17 +742,17 @@ msgstr "" "Сохранение и совместное использование конфигурация с установкой отличной " "от Flatpak следует избегать." -#: ../../sandbox-permissions.rst:226 +#: ../../sandbox-permissions.rst:233 msgid "Reserved Paths" msgstr "" -#: ../../sandbox-permissions.rst:228 +#: ../../sandbox-permissions.rst:235 msgid "" "The following paths and subpaths of them are reserved and asking access " "to them with ``--filesystem`` will have no effect::" msgstr "" -#: ../../sandbox-permissions.rst:233 +#: ../../sandbox-permissions.rst:240 msgid "" "The entire ``/run`` is not allowed but all subpaths of ``/run`` except " "``/run/flatpak, /run/host`` are allowed to be exposed via " @@ -735,44 +760,46 @@ msgid "" "to ``../run``, exposing it or a subpath of it, is not allowed." msgstr "" -#: ../../sandbox-permissions.rst:238 +#: ../../sandbox-permissions.rst:245 msgid "" "Additionally the following directories from host need to be explicitly " "requested with ``--filesystem`` and are not available with ``home, host, " "host-os, host-etc`` by default:" msgstr "" -#: ../../sandbox-permissions.rst:242 +#: ../../sandbox-permissions.rst:249 msgid "" "``~/.var/app`` - The app can access only its own directory in " "``~/.var/app/$FLATPAK_ID``" msgstr "" -#: ../../sandbox-permissions.rst:243 +#: ../../sandbox-permissions.rst:250 msgid "``$XDG_DATA_HOME/flatpak`` (``~/.local/share/flatpak``)" msgstr "" -#: ../../sandbox-permissions.rst:244 +#: ../../sandbox-permissions.rst:251 msgid "``/boot``" msgstr "" -#: ../../sandbox-permissions.rst:245 +#: ../../sandbox-permissions.rst:252 msgid "``/efi``" msgstr "" -#: ../../sandbox-permissions.rst:246 +#: ../../sandbox-permissions.rst:253 msgid "``/root``" msgstr "" -#: ../../sandbox-permissions.rst:247 -msgid "``/sys``" +#: ../../sandbox-permissions.rst:254 +msgid "" +"``/sys`` - Only ``/sys/block, /sys/bus, /sys/class, /sys/dev, " +"/sys/devices`` are shared as read-only by default (if exists)" msgstr "" -#: ../../sandbox-permissions.rst:248 +#: ../../sandbox-permissions.rst:255 msgid "``/tmp``" msgstr "" -#: ../../sandbox-permissions.rst:249 +#: ../../sandbox-permissions.rst:256 #, python-brace-format msgid "" "``/var`` - Note that by default ``/var/{cache, config, data, tmp}`` " @@ -782,76 +809,76 @@ msgid "" "available." msgstr "" -#: ../../sandbox-permissions.rst:253 +#: ../../sandbox-permissions.rst:260 msgid "``/var/lib/flatpak`` - ``/var`` does not give access to this." msgstr "" -#: ../../sandbox-permissions.rst:256 +#: ../../sandbox-permissions.rst:263 msgid "Device access" msgstr "Доступ к устройству" -#: ../../sandbox-permissions.rst:257 +#: ../../sandbox-permissions.rst:264 msgid "You can provide the following device permissions:" msgstr "" -#: ../../sandbox-permissions.rst:260 +#: ../../sandbox-permissions.rst:267 msgid "``dri``" msgstr "" -#: ../../sandbox-permissions.rst:260 +#: ../../sandbox-permissions.rst:267 msgid "Direct Rendering Interface. Necessary for GL." msgstr "" -#: ../../sandbox-permissions.rst:261 +#: ../../sandbox-permissions.rst:268 msgid "``kvm``" msgstr "" -#: ../../sandbox-permissions.rst:261 +#: ../../sandbox-permissions.rst:268 msgid "Kernel based Virtual Machine ``/dev/kvm``" msgstr "" -#: ../../sandbox-permissions.rst:262 +#: ../../sandbox-permissions.rst:269 msgid "``shm``" msgstr "" -#: ../../sandbox-permissions.rst:262 +#: ../../sandbox-permissions.rst:269 msgid "Shared Memory in ``/dev/shm``." msgstr "" -#: ../../sandbox-permissions.rst:263 +#: ../../sandbox-permissions.rst:270 msgid "``input``" msgstr "" -#: ../../sandbox-permissions.rst:263 +#: ../../sandbox-permissions.rst:270 msgid "" "Input devices as exposed in ``/dev/input``. This includes game " "controllers. Since Flatpak 1.15.6." msgstr "" -#: ../../sandbox-permissions.rst:264 +#: ../../sandbox-permissions.rst:271 msgid "``usb``" msgstr "" -#: ../../sandbox-permissions.rst:264 +#: ../../sandbox-permissions.rst:271 msgid "Raw USB devices as exposed in ``/dev/bus/usb``. Since Flatpak 1.15.11." msgstr "" -#: ../../sandbox-permissions.rst:265 +#: ../../sandbox-permissions.rst:272 msgid "``all``" msgstr "" -#: ../../sandbox-permissions.rst:265 +#: ../../sandbox-permissions.rst:272 msgid "All devices, including all of the above except ``shm``" msgstr "" -#: ../../sandbox-permissions.rst:270 +#: ../../sandbox-permissions.rst:277 msgid "" "Using newer permissions like ``input`` or ``usb`` will have no effect on " "older Flatpak versions and will fail when used through Flatpak " "commandline." msgstr "" -#: ../../sandbox-permissions.rst:274 +#: ../../sandbox-permissions.rst:281 #, fuzzy msgid "" "While not ideal, ``--device=all`` can be used to access devices like " @@ -860,22 +887,22 @@ msgstr "" "Хотя это и не совсем хорошо, ``--device=all`` можно использовать для " "доступа к таким устройствам, как контроллеры или веб-камеры." -#: ../../sandbox-permissions.rst:278 +#: ../../sandbox-permissions.rst:285 #, fuzzy msgid "USB portal" msgstr "Порталы" -#: ../../sandbox-permissions.rst:280 -msgid "Since 1.5.11." +#: ../../sandbox-permissions.rst:287 +msgid "Since 1.15.11." msgstr "" -#: ../../sandbox-permissions.rst:282 +#: ../../sandbox-permissions.rst:289 msgid "" "Sandboxed access to individual USB devices can be controlled by portals. " "Flatpak allows specifying enumerable USB devices to allow access." msgstr "" -#: ../../sandbox-permissions.rst:286 +#: ../../sandbox-permissions.rst:293 msgid "" "Like ``--device=usb``, this is just about accessing the raw USB device, " "that needs libusb (or equivalent). By using the portal, you can restrict " @@ -884,59 +911,59 @@ msgid "" "no reason for USB security devices to be accessible." msgstr "" -#: ../../sandbox-permissions.rst:293 +#: ../../sandbox-permissions.rst:300 msgid "" "A list of valid use cases includes scanners (handled, for example by " "SANE), photo cameras (handled by libgphoto2), flashing devices, etc." msgstr "" -#: ../../sandbox-permissions.rst:296 +#: ../../sandbox-permissions.rst:303 msgid "" "While this is portal dependent and ``xdg-desktop-portal`` is currently " "the only portal implementation, the overall permission flow is as " "follows:" msgstr "" -#: ../../sandbox-permissions.rst:300 +#: ../../sandbox-permissions.rst:307 msgid "" "The Flatpak package specifies the devices it wishes to enumerate through " "``finish-args``." msgstr "" -#: ../../sandbox-permissions.rst:302 +#: ../../sandbox-permissions.rst:309 msgid "" "The application requests the portal to enumerate the available USB " "devices based on that list. If the list is empty it will enumerate all " "USB devices." msgstr "" -#: ../../sandbox-permissions.rst:305 +#: ../../sandbox-permissions.rst:312 msgid "" "When the application wants to access the device, it will make a request " "for the device it wants to access via the portal." msgstr "" -#: ../../sandbox-permissions.rst:307 +#: ../../sandbox-permissions.rst:314 msgid "The portal then requests permission from the user if not already granted." msgstr "" -#: ../../sandbox-permissions.rst:309 +#: ../../sandbox-permissions.rst:316 msgid "" "If the permission was granted, a file descriptor for the device is passed" " back to the application." msgstr "" -#: ../../sandbox-permissions.rst:312 +#: ../../sandbox-permissions.rst:319 msgid "" "The application is then able to open the devices it is supposed to use " "while the others would be hidden." msgstr "" -#: ../../sandbox-permissions.rst:316 +#: ../../sandbox-permissions.rst:323 msgid "Specifying the enumerable devices" msgstr "" -#: ../../sandbox-permissions.rst:318 +#: ../../sandbox-permissions.rst:325 msgid "" "You can specify devices on the ``flatpak`` command line, and by extension" " in the finish arguments for Flatpak Builder. Enumerable devices are " @@ -947,17 +974,17 @@ msgid "" " shall not be enumerated." msgstr "" -#: ../../sandbox-permissions.rst:326 +#: ../../sandbox-permissions.rst:333 msgid "Queries are made out of rules. These rules are composable with ``+``." msgstr "" -#: ../../sandbox-permissions.rst:328 +#: ../../sandbox-permissions.rst:335 msgid "" "The rule ``all`` enumerates every USB device. There is no further rule " "allowed in the query." msgstr "" -#: ../../sandbox-permissions.rst:331 +#: ../../sandbox-permissions.rst:338 msgid "" "The ``vnd`` and ``dev`` rules specify a USB vendor and a USB device ID " "respectively. A vendor can be specified alone, but a device rule always " @@ -967,63 +994,63 @@ msgid "" "repository `_" msgstr "" -#: ../../sandbox-permissions.rst:338 +#: ../../sandbox-permissions.rst:345 msgid "" "``cls`` specifies the device USB class and subclass. Both class and " "subclass are two digit hex numbers separated by a colon ``:``. You can " "use ``*`` to specify any subclass within the class." msgstr "" -#: ../../sandbox-permissions.rst:342 +#: ../../sandbox-permissions.rst:349 msgid "Some examples of the syntax:" msgstr "" -#: ../../sandbox-permissions.rst:344 +#: ../../sandbox-permissions.rst:351 msgid "``vnd:1234``: Devices from vendor ``1234``" msgstr "" -#: ../../sandbox-permissions.rst:345 +#: ../../sandbox-permissions.rst:352 msgid "``vnd:1234+dev:3456``: Only device ``3456`` from vendor ``1234``." msgstr "" -#: ../../sandbox-permissions.rst:346 +#: ../../sandbox-permissions.rst:353 msgid "``vnd:1234+cls:06:*``: All the PTP devices from vendor ``1234``." msgstr "" -#: ../../sandbox-permissions.rst:347 +#: ../../sandbox-permissions.rst:354 msgid "``cls:06:*``: All the PTP devices." msgstr "" -#: ../../sandbox-permissions.rst:349 +#: ../../sandbox-permissions.rst:356 msgid "" "This permission only allows to enumerate devices. To open them, " "permission must be requested from the portal. It is not possible to open " "a device that is not enumerable." msgstr "" -#: ../../sandbox-permissions.rst:355 +#: ../../sandbox-permissions.rst:362 msgid "" "The ``--device=usb`` permission is broader than what the USB portal is " "supposed to provide and allows unfettered access to any USB device on the" " bus." msgstr "" -#: ../../sandbox-permissions.rst:359 +#: ../../sandbox-permissions.rst:366 msgid "In some situations you may need to specify a very long list of devices." msgstr "" -#: ../../sandbox-permissions.rst:361 +#: ../../sandbox-permissions.rst:368 msgid "Device lists can be passed in one single argument, or through a file." msgstr "" -#: ../../sandbox-permissions.rst:363 +#: ../../sandbox-permissions.rst:370 msgid "" "When using ``--usb-list``, the queries are separated by a semi-colon " "``;``, with queries for hidden devices (i.e. those that would be passed " "with ``--nousb``) prefixed with ``!``." msgstr "" -#: ../../sandbox-permissions.rst:367 +#: ../../sandbox-permissions.rst:374 msgid "" "When using ``--usb-list-file``, the filename of the file containing USB " "queries is passed line by line. Like with ``--usb-list`` queries for " @@ -1033,11 +1060,11 @@ msgid "" "list is persisted internally." msgstr "" -#: ../../sandbox-permissions.rst:375 +#: ../../sandbox-permissions.rst:382 msgid "dconf access" msgstr "доступ к dconf" -#: ../../sandbox-permissions.rst:377 +#: ../../sandbox-permissions.rst:384 msgid "" "As of xdg-desktop-portal 1.1.0 and glib 2.60.5 (in the runtime) you do " "not need direct DConf access in most cases." @@ -1045,7 +1072,7 @@ msgstr "" "По состоянию на xdg-desktop-portal 1.1.0 и glib 2.60.5 (во время " "выполнения) вам не нужен прямой доступ DConf в большинстве случаев." -#: ../../sandbox-permissions.rst:380 +#: ../../sandbox-permissions.rst:387 msgid "" "As of now this glib version is included in " "``org.freedesktop.Platform//19.08`` and ``org.gnome.Platform//3.34`` and " @@ -1055,7 +1082,7 @@ msgstr "" "``org.freedesktop.Platform//19.08`` and ``org.gnome.Platform//3.34`` и " "новее." -#: ../../sandbox-permissions.rst:383 +#: ../../sandbox-permissions.rst:390 msgid "" "If an application existed prior to these runtimes you can tell Flatpak " "(>= 1.3.4) to migrate the DConf settings on the host into the sandbox by " @@ -1069,7 +1096,7 @@ msgstr "" "args``. Путь должен быть похож на ваше ID приложения или его не допущено" " (случай игнорируется и ``_`` и ``-`` , обработанные одинаково)." -#: ../../sandbox-permissions.rst:390 +#: ../../sandbox-permissions.rst:397 msgid "" "If you are targeting older runtimes or require direct DConf access for " "other reasons you can use these permissions::" @@ -1077,11 +1104,11 @@ msgstr "" "Если вы нацеливаете более старые runtimes или требуют прямых доступа " "DConf по другим причинам, вы можете использовать эти разрешения::" -#: ../../sandbox-permissions.rst:398 +#: ../../sandbox-permissions.rst:405 msgid "With those permissions glib will continue using dconf directly." msgstr "С этими разрешениями glib продолжит использовать dconf напрямую." -#: ../../sandbox-permissions.rst:400 +#: ../../sandbox-permissions.rst:407 msgid "" "If you use a newer runtime where dconf is no longer built and still need " "it you will have to build the `dconf " @@ -1089,11 +1116,11 @@ msgid "" "``--env=GIO_EXTRA_MODULES=/app/lib/gio/modules/``." msgstr "" -#: ../../sandbox-permissions.rst:405 +#: ../../sandbox-permissions.rst:412 msgid "gvfs access" msgstr "gvfs-доступ" -#: ../../sandbox-permissions.rst:407 +#: ../../sandbox-permissions.rst:414 msgid "" "As of gvfs 1.48, the gvfs daemons and applications use an on-disk socket " "to communicate, rather than an abstract socket so that the gvfs " @@ -1105,7 +1132,7 @@ msgstr "" "работать, когда поддержка сети отключена в изолированной программной " "среде приложения." -#: ../../sandbox-permissions.rst:411 +#: ../../sandbox-permissions.rst:418 msgid "" "A number of different options need to be passed depending on the " "application's use of gvfs." @@ -1113,7 +1140,7 @@ msgstr "" "В зависимости от того, как приложение использует gvfs, необходимо " "передать ряд различных параметров." -#: ../../sandbox-permissions.rst:414 +#: ../../sandbox-permissions.rst:421 msgid "" "``--talk-name=org.gtk.vfs.*`` is necessary to talk to the gvfs daemons " "over D-Bus and list mounts using the GIO APIs." @@ -1121,7 +1148,7 @@ msgstr "" "``--talk-name=org.gtk.vfs.*`` необходим для связи с демонами gvfs через " "D-Bus и составления списка подключений с использованием GIO APIs." -#: ../../sandbox-permissions.rst:417 +#: ../../sandbox-permissions.rst:424 msgid "" "``--filesystem=xdg-run/gvfsd`` is necessary to use the GIO APIs to list " "and access non-native files using the GIO APIs, using URLs rather than " @@ -1131,7 +1158,7 @@ msgstr "" " для просмотра и доступа к неродным файлам с использованием " "API-интерфейсов GIO, используя URL-адреса, а не пути FUSE." -#: ../../sandbox-permissions.rst:420 +#: ../../sandbox-permissions.rst:427 msgid "" "``--filesystem=xdg-run/gvfs`` is necessary to give access to the FUSE " "mounts non-GIO and legacy applications can use. This is what will make " @@ -1142,15 +1169,15 @@ msgstr "" "приложения. Это то, что заставит родные файлы появиться в ``/run/user/`id" " -u`/gvfs/``." -#: ../../sandbox-permissions.rst:424 +#: ../../sandbox-permissions.rst:431 msgid "Typical GNOME and GTK applications should use::" msgstr "Типичные приложения GNOME и GTK должны использовать::" -#: ../../sandbox-permissions.rst:429 +#: ../../sandbox-permissions.rst:436 msgid "Typical non-GNOME and non-GTK applications should use::" msgstr "Типичные приложения, отличные от GNOME и GTK, должны использовать::" -#: ../../sandbox-permissions.rst:433 +#: ../../sandbox-permissions.rst:440 msgid "" "No application should be using ``--talk-name=org.gtk.vfs`` in its " "manifest, as there are no D-Bus services named ``org.gtk.vfs``." @@ -1158,7 +1185,7 @@ msgstr "" "Ни одно приложение не должно использовать ``--talk-name=org.gtk.vfs`` в " "своем манифесте, так как нет сервисов D-Bus с именем ``org.gtk.vfs``." -#: ../../sandbox-permissions.rst:436 +#: ../../sandbox-permissions.rst:443 msgid "" "These permission grants the app, the ability to communicate with the gvfs" " daemon and backends running on host. Depending on the backends installed" @@ -1174,11 +1201,11 @@ msgid "" "host." msgstr "" -#: ../../sandbox-permissions.rst:450 +#: ../../sandbox-permissions.rst:457 msgid "External drive access" msgstr "" -#: ../../sandbox-permissions.rst:452 +#: ../../sandbox-permissions.rst:459 msgid "" "External drives are mounted by the host system using systemd, udev, udisk" " fstab etc. and each of them can have different defaults. Flatpak has no " @@ -1186,30 +1213,156 @@ msgid "" "permissions should work in most cases::" msgstr "" -#: ../../sandbox-permissions.rst:461 +#: ../../sandbox-permissions.rst:468 msgid "" "If ``--filesystem=host`` is used ``/media, /run/media`` is shared " "automatically if they exist." msgstr "" -#: ../../sandbox-permissions.rst:464 +#: ../../sandbox-permissions.rst:471 msgid "" "Note that these should not have subpaths in them unless the value of the " "subpath can be consistently pre-determined. Block device naming depends " "on the kernel/fstab configuration and cannot be pre-determined." msgstr "" -#: ../../sandbox-permissions.rst:469 +#: ../../sandbox-permissions.rst:476 +#, fuzzy +msgid "Conditional permissions" +msgstr "Разрешения песочницы" + +#: ../../sandbox-permissions.rst:478 +msgid "" +"Since 1.17.0, Flatpak supports conditional permissions which allows them " +"to be granted only when certain runtime conditions are satisfied and " +"fallback otherwise. The intention of the system is to allow users or " +"developers to specify tighter permission grants (as they are added in new" +" Flatpak versions) while fallback to older grants for backwards " +"compatibility at run time." +msgstr "" + +#: ../../sandbox-permissions.rst:487 +msgid "" +"Older Flatpak versions will fail when encountering unknown commandline " +"options, while unrecognized metadata entries will be silently ignored." +msgstr "" + +#: ../../sandbox-permissions.rst:491 +msgid "" +"Flatpak manifests using conditional flags (for example, ``--socket-if=`` " +"etc.) will require Flatpak 1.17.0 or newer to build and attempting to " +"build them with older Flatpak versions will produce an error." +msgstr "" + +#: ../../sandbox-permissions.rst:496 +msgid "" +"The following flags are available to specify conditional permissions in " +"CLI and in Flatpak manifests::" +msgstr "" + +#: ../../sandbox-permissions.rst:504 +msgid "" +"The syntax of all the options are ``--socket-if=PERMISSION:CONDITION`` " +"and so on where ``PERMISSION`` is the available grants for that flag " +"(e.g., those listed for ``--socket=``). Conditions can be negated by " +"prefixing with ``!``. The following conditions are supported:" +msgstr "" + +#: ../../sandbox-permissions.rst:509 +msgid "``true`` - Always evaluates to true" +msgstr "" + +#: ../../sandbox-permissions.rst:510 +msgid "``false``- Always evaluates to false" +msgstr "" + +#: ../../sandbox-permissions.rst:511 +msgid "" +"``has-input-device`` - True if the Flatpak version supports " +"``--device=input``" +msgstr "" + +#: ../../sandbox-permissions.rst:513 +msgid "``has-wayland`` - True if the current desktop session supports Wayland" +msgstr "" + +#: ../../sandbox-permissions.rst:516 +msgid "" +"Multiple conditionals can be specified for the same grant, in which case " +"the permission is granted if any condition matches. If no conditional " +"rule evaluates to ``true``, the grant is denied unless it is also " +"unconditionally allowed. Duplicate conditions are ignored." +msgstr "" + +#: ../../sandbox-permissions.rst:523 +msgid "Examples" +msgstr "" + +#: ../../sandbox-permissions.rst:525 +msgid "" +"The unconditional grant ``--socket=x11`` can be tightened using " +"conditional permissions to ``--socket-if=x11:!has-wayland``. This allows " +"access to X11 only when a Wayland desktop session is not available. To " +"preserve backwards compatibility, the following pattern can be used::" +msgstr "" + +#: ../../sandbox-permissions.rst:534 +msgid "" +"This allows older Flatpak versions which do not understand the " +"conditional permissions function by allowing X11 access always while " +"newer Flatpak, which understands the conditional system will allow X11 " +"access only when the session is not Wayland." +msgstr "" + +#: ../../sandbox-permissions.rst:539 +msgid "" +"If an application requires only access to ``input`` device permission, " +"the following flags can be used to move away from ``--device=all`` to " +"``--device=input``::" +msgstr "" + +#: ../../sandbox-permissions.rst:547 +msgid "" +"This allows older Flatpak versions which do not understand the ``input`` " +"device permission to function by having the broader ``all`` access. Newer" +" Flatpak versions which understand the conditional system (and therefore " +"understands the ``input`` permission) will deny ``all`` due to " +"``--device-if=all:!has-input-device`` and allow only ``input`` due to " +"``--device=input``." +msgstr "" + +#: ../../sandbox-permissions.rst:555 +msgid "" +"To explicitly deny a permission that might be granted through runtime " +"metadata or overrides ``--nosocket=NAME, --unshare=NAME`` etc. can be " +"used::" +msgstr "" + +#: ../../sandbox-permissions.rst:561 +msgid "" +"This denial can be combined with conditional grants to remove " +"unconditional access while allowing conditional access::" +msgstr "" + +#: ../../sandbox-permissions.rst:568 +msgid "" +"This denies unconditional X11 access but allows X11 conditionally when " +"Wayland is unavailable. Older Flatpak versions will see only the final " +"``--socket=x11`` grant and allow X11 unconditionally, while newer " +"versions recognise the conditional logic and evaluates it at runtime." +msgstr "" + +#: ../../sandbox-permissions.rst:574 msgid "Footnotes" msgstr "" -#: ../../sandbox-permissions.rst:470 +#: ../../sandbox-permissions.rst:575 msgid "" "This is not necessarily required, but without it the X11 shared memory " "extension will not work, which is very bad for X11 performance." msgstr "" -#: ../../sandbox-permissions.rst:472 +#: ../../sandbox-permissions.rst:577 msgid "" "Giving network access also grants access to all host services listening " "on abstract Unix sockets (due to how network namespaces work), and these " @@ -1218,7 +1371,7 @@ msgid "" "secure distribution should disable these and just use regular sockets." msgstr "" -#: ../../sandbox-permissions.rst:477 +#: ../../sandbox-permissions.rst:582 #, python-brace-format msgid "" "``xdg-{cache, config, data}`` bind mounts the paths from host to the per-" @@ -1497,3 +1650,16 @@ msgstr "" #~ msgid "``--socket=ssh-auth``- Allow access to ``$SSH_AUTH_SOCK``" #~ msgstr "" +#~ msgid "" +#~ "Access to ``/home, /media, /opt, " +#~ "/run/media, /srv`` and everything provided " +#~ "by ``host-os, host-etc`` mounted " +#~ "in ``/run/host``" +#~ msgstr "" + +#~ msgid "``/sys``" +#~ msgstr "" + +#~ msgid "Since 1.5.11." +#~ msgstr "" + diff --git a/po/ru/LC_MESSAGES/under-the-hood.po b/po/ru/LC_MESSAGES/under-the-hood.po index 6a2ee6b2..9d2a9656 100644 --- a/po/ru/LC_MESSAGES/under-the-hood.po +++ b/po/ru/LC_MESSAGES/under-the-hood.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak\n" "Report-Msgid-Bugs-To: https://github.com/flatpak/flatpak-docs/issues\n" -"POT-Creation-Date: 2024-09-26 16:32-0300\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2023-01-16 23:03+0700\n" "Last-Translator: Dmitry \n" "Language: ru\n" @@ -18,7 +18,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.16.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../under-the-hood.rst:2 msgid "Under the Hood" @@ -137,14 +137,158 @@ msgid "" msgstr "" #: ../../under-the-hood.rst:51 +msgid "Conditional permission system" +msgstr "" + +#: ../../under-the-hood.rst:53 +msgid "" +"Since Flatpak 1.17.0, conditional permissions allow permissions to be " +"granted only when certain runtime conditions are satisfied, with fallback" +" to unconditional grants for compatibility with older versions." +msgstr "" + +#: ../../under-the-hood.rst:57 +msgid "Permissions are internally represented as:" +msgstr "" + +#: ../../under-the-hood.rst:59 +msgid "unconditionally allowed or denied" +msgstr "" + +#: ../../under-the-hood.rst:60 +msgid "" +"a reset flag indicating whether the current layer overrides rules from " +"lower layers" +msgstr "" + +#: ../../under-the-hood.rst:62 +msgid "a set of conditional rules under which the permission may be allowed" +msgstr "" + +#: ../../under-the-hood.rst:64 +msgid "For example:" +msgstr "" + +#: ../../under-the-hood.rst:66 +msgid "" +"``--socket=NAME`` unconditionally allows the permission and resets any " +"previously defined rules for that permission" +msgstr "" + +#: ../../under-the-hood.rst:68 +msgid "" +"``--nosocket=NAME`` unconditionally denies the permission and resets any " +"previously defined rules" +msgstr "" + +#: ../../under-the-hood.rst:70 +msgid "" +"``--socket-if=NAME:CONDITION`` adds a conditional rule without resetting " +"existing rules" +msgstr "" + +#: ../../under-the-hood.rst:73 +msgid "Conditions may be negated using ``!``." +msgstr "" + +#: ../../under-the-hood.rst:75 +msgid "" +"Multiple conditional rules can be specified for the same permission. In " +"this case, the permission is granted if any condition evaluates to true." +msgstr "" + +#: ../../under-the-hood.rst:78 +msgid "" +"Duplicate conditions are ignored. The order of conditions does not affect" +" evaluation." +msgstr "" + +#: ../../under-the-hood.rst:81 +msgid "" +"If no conditional rules are present, the permission is granted only if it" +" is unconditionally allowed." +msgstr "" + +#: ../../under-the-hood.rst:84 +msgid "" +"If conditional rules are present, the permission is granted if any " +"condition evaluates to true, and denied otherwise, unless it is also " +"unconditionally allowed." +msgstr "" + +#: ../../under-the-hood.rst:88 +msgid "" +"If an unconditional entry follows a conditional entry for the same grant " +"in commandline flags, the earlier unconditional entry is treated as " +"backwards compatibility fallback and does not affect the final permission" +" state. So the following is effectively treated as ``--socket-if=x11" +":!has-wayland`` in Flatpak versions supporting conditional permissions::" +msgstr "" + +#: ../../under-the-hood.rst:98 +msgid "Permissions are written to metadata using the following rules:" +msgstr "" + +#: ../../under-the-hood.rst:100 +msgid "Unconditionally allowed permissions are written as ``NAME``" +msgstr "" + +#: ../../under-the-hood.rst:101 +msgid "Unconditionally denied permissions are written as ``!NAME``" +msgstr "" + +#: ../../under-the-hood.rst:102 +msgid "Conditionally allowed permissions are written as:" +msgstr "" + +#: ../../under-the-hood.rst:104 +msgid "unconditional ``NAME`` entry for compat" +msgstr "" + +#: ../../under-the-hood.rst:105 +msgid "``if:NAME:CONDITION`` entries" +msgstr "" + +#: ../../under-the-hood.rst:107 +msgid "" +"If the permission resets previously defined rules, an explicit ``!NAME`` " +"entry is written first, followed by the unconditional ``NAME`` entry and " +"then the ``if:NAME:CONDITION`` entries. This is omitted when saving an " +"application's own metadata, as opposed to overrides." +msgstr "" + +#: ../../under-the-hood.rst:112 +msgid "" +"When parsing metadata, a non-negated unconditional ``NAME`` entry " +"appearing before a ``if:NAME:CONDITION`` entry is treated as a " +"compatibility fallback and does not affect the final permission state. " +"Eg. ``sockets=x11;if:x11:!has-wayland;`` is effectively treated as " +"``if:x11:!has-wayland`` in Flatpak versions supporting conditional " +"permissions." +msgstr "" + +#: ../../under-the-hood.rst:119 +msgid "" +"The ``fallback-x11`` socket, on pre-1.17 Flatpak versions implicitly " +"granted ``x11`` access and at runtime X11 access was suppressed when " +"Wayland was available, while on newer Flatpak (1.17+) it is internally " +"converted to the conditional syntax ``if:x11:!has-wayland``. When saving " +"the metadata, Flatpak converts ``if:x11:!has-wayland`` back to " +"``fallback-x11`` only when it is the sole conditional on ``x11``. If " +"additional conditionals are present, the new syntax is written directly " +"and older Flatpak versions will not understand the conditional entries. A" +" conditional grant for ``fallback-x11`` is not allowed." +msgstr "" + +#: ../../under-the-hood.rst:130 msgid "Underlying technologies" msgstr "Базовые технологии" -#: ../../under-the-hood.rst:53 +#: ../../under-the-hood.rst:132 msgid "Flatpak utilises a number of pre-existing technologies. These include:" msgstr "Flatpak использует ряд уже существующих технологий. К ним относятся:" -#: ../../under-the-hood.rst:55 +#: ../../under-the-hood.rst:134 msgid "" "The `bubblewrap `_ utility from" " `Project Atomic `_, which lets unprivileged " @@ -155,19 +299,19 @@ msgstr "" "непривилегированным пользователям устанавливать и запускать контейнеры, " "используя такие функции ядра, как:" -#: ../../under-the-hood.rst:59 +#: ../../under-the-hood.rst:138 msgid "Namespaces" msgstr "Namespaces" -#: ../../under-the-hood.rst:60 +#: ../../under-the-hood.rst:139 msgid "Bind mounts" msgstr "Bind mounts" -#: ../../under-the-hood.rst:61 +#: ../../under-the-hood.rst:140 msgid "Seccomp rules" msgstr "Seccomp rules" -#: ../../under-the-hood.rst:63 +#: ../../under-the-hood.rst:142 msgid "" "`systemd `_ to set up" " cgroups for sandboxes" @@ -175,7 +319,7 @@ msgstr "" "`systemd `_ для " "настройки контрольных групп для песочниц" -#: ../../under-the-hood.rst:65 +#: ../../under-the-hood.rst:144 msgid "" "`D-Bus `_, a well-" "established way to provide high-level APIs to applications" @@ -184,7 +328,7 @@ msgstr "" "зарекомендовавший себя способ предоставления высокоуровневых API для " "приложений" -#: ../../under-the-hood.rst:67 +#: ../../under-the-hood.rst:146 #, fuzzy msgid "" "The `OSTree `__ system for " @@ -193,7 +337,7 @@ msgstr "" "Система `OSTree `_ для " "управления версиями и распространения различных файловых систем" -#: ../../under-the-hood.rst:69 +#: ../../under-the-hood.rst:148 msgid "" "The OCI format from the `Open Container Initiative " "`_, as an alternative to OSTree used by the " @@ -204,11 +348,11 @@ msgstr "" " качестве альтернативы OSTree, используемой инфраструктурой Fedora " "`__" -#: ../../under-the-hood.rst:73 +#: ../../under-the-hood.rst:152 msgid "Flatpak can use either OSTree or OCI for single-file bundles." msgstr "Flatpak может использовать OSTree или OCI для однофайловых пакетов." -#: ../../under-the-hood.rst:74 +#: ../../under-the-hood.rst:153 msgid "" "`Appstream `_ " "metadata, to allow Flatpak applications to show up nicely in software " diff --git a/po/zh_CN/LC_MESSAGES/available-runtimes.po b/po/zh_CN/LC_MESSAGES/available-runtimes.po index feb9c443..6adfdc36 100644 --- a/po/zh_CN/LC_MESSAGES/available-runtimes.po +++ b/po/zh_CN/LC_MESSAGES/available-runtimes.po @@ -4,7 +4,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-12-01 08:17+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2018-10-10 07:18-0400\n" "Last-Translator: PikachuHy \n" "Language: zh_Hans_CN\n" @@ -13,7 +13,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.16.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../available-runtimes.rst:2 msgid "Available Runtimes" @@ -160,7 +160,7 @@ msgid "" "Major version releases of the runtime are synced with `GNOME releases " "`_ and are announced on `GNOME " "Discourse `_. Usually a " -"given branch of the runtime is supported for an year and EOL-ed upon the " +"given branch of the runtime is supported for a year and EOL-ed upon the " "release of a newstable version." msgstr "" @@ -472,3 +472,15 @@ msgstr "" #~ " ``io.elementary.Platform``" #~ msgstr "" +#~ msgid "" +#~ "Major version releases of the runtime" +#~ " are synced with `GNOME releases " +#~ "`_ and are " +#~ "announced on `GNOME Discourse " +#~ "`_. Usually " +#~ "a given branch of the runtime is" +#~ " supported for an year and EOL-" +#~ "ed upon the release of a newstable" +#~ " version." +#~ msgstr "" + diff --git a/po/zh_CN/LC_MESSAGES/electron.po b/po/zh_CN/LC_MESSAGES/electron.po index 70df11b8..a91eda19 100644 --- a/po/zh_CN/LC_MESSAGES/electron.po +++ b/po/zh_CN/LC_MESSAGES/electron.po @@ -4,7 +4,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-03-13 09:30+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2018-11-03 12:59-0400\n" "Last-Translator: PikachuHy \n" "Language: zh_Hans_CN\n" @@ -13,7 +13,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../electron.rst:2 msgid "Electron" @@ -39,11 +39,10 @@ msgstr "本教程提供有关如何构建Electron应用程序与其他应用程 #, fuzzy msgid "" "The guide walks through the `manifest file `_ of the `sample Electron Flatpak application " -"`_. Before you start, it " -"is a good idea to take a look at this, either online or by downloading " -"the application." +"/electron-sample-app/blob/master/org.flathub.electron-sample-app.yml>`_ " +"of the `sample Electron Flatpak application `_. Before you start, it is a good idea to take a " +"look at this, either online or by downloading the application." msgstr "" "该指南介绍了 `清单文件 `_ ,来自 " @@ -64,39 +63,38 @@ msgstr "虽然并非绝对必要,但最好自己尝试构建和运行示例应 #, fuzzy msgid "" "To get setup for the build, download or clone the sample app from GitHub," -" and navigate to the ``/flatpak`` directory in the terminal. Then to " -"build::" +" and navigate to the project directory in the terminal. Then to build::" msgstr "" "要获取构建的设置,请从GitHub下载或克隆示例应用程序,然后导航到终端中的 ``/flatpak`` 目录。 " "您还必须安装Electron基础应用程序:" -#: ../../electron.rst:33 +#: ../../electron.rst:32 msgid "Finally, the application can be run with::" msgstr "最后,运行应用:" -#: ../../electron.rst:38 +#: ../../electron.rst:37 msgid "Basic configuration" msgstr "基本配置" -#: ../../electron.rst:40 +#: ../../electron.rst:39 msgid "" "The first part of the sample application's manifest specifies the " "application's ID. It also configures the runtime and SDK:" msgstr "示例应用清单文件的第一部分指定了应用ID、runtime和SDK:" -#: ../../electron.rst:50 +#: ../../electron.rst:49 msgid "" "The Freedesktop runtime is generally the best runtime to use with " "Electron applications, since it is the most minimal runtime, and other " "dependencies will be specific to Electron itself." msgstr "Freedesktop运行时通常是与Electron应用程序一起使用的最佳运行时,因为它是最小的运行时,其他依赖项将特定于Electron本身。" -#: ../../electron.rst:55 +#: ../../electron.rst:54 #, fuzzy msgid "The Electron BaseApp" msgstr "Electron base应用" -#: ../../electron.rst:57 +#: ../../electron.rst:56 #, fuzzy msgid "" "Next, the manifest specifies that the Electron BaseApp should be used, by" @@ -104,7 +102,7 @@ msgid "" "application manifest:" msgstr "然后,清单文件通过 ``base`` 和 ``base-version`` 属性指明了Electron要使用的的base app::" -#: ../../electron.rst:66 +#: ../../electron.rst:65 #, fuzzy msgid "" "BaseApps are described in :doc:`dependencies`. Using the Electron base " @@ -116,44 +114,44 @@ msgstr "" "base app在 :doc:`building-basics` 有介绍。使用Electron的base " "app比手动构建Electron和它的依赖要方便和快速得多。也有在用户的机器上减少大量副本文件的优点,因为这意味着Electron在磁盘上只保存一份。" -#: ../../electron.rst:72 +#: ../../electron.rst:71 msgid "The Node.js SDK extension" msgstr "" -#: ../../electron.rst:74 +#: ../../electron.rst:73 msgid "" "In order to build Electron-based apps, you need Node.js available at " "build time. Flathub provides Node.js LTS versions as extensions for the " "SDK, so you can install one of them and add it in your apps' manifest:" msgstr "" -#: ../../electron.rst:83 +#: ../../electron.rst:82 msgid "Enable the extension by adding it to ``PATH``:" msgstr "" -#: ../../electron.rst:90 +#: ../../electron.rst:89 msgid "" "Note that the extension name (last portion of reverse-dns notation, " "``node18`` in this example) must be the same in ``sdk-extensions`` and " "``append-path``." msgstr "" -#: ../../electron.rst:94 +#: ../../electron.rst:93 msgid "Command" msgstr "命令" -#: ../../electron.rst:96 +#: ../../electron.rst:95 msgid "" "The ``command`` property indicates that a script called ``run.sh`` is to " "be executed to run the application. This will be explained in further " "detail later." msgstr "这个 ``command`` 表明执行一个名为 ``run.sh`` 的脚本用来运行这个应用。这会在后续详细介绍。" -#: ../../electron.rst:105 +#: ../../electron.rst:104 msgid "Sandbox permissions" msgstr "沙箱权限" -#: ../../electron.rst:107 +#: ../../electron.rst:106 #, fuzzy msgid "" "The standard sandbox :ref:`sandbox-permissions:Permissions guidelines` " @@ -163,13 +161,13 @@ msgid "" "Wayland session and nothing else is required." msgstr "标准的指南可以用于Electron应用。可是Electron还不支持Wayland,所以只能使用X11进行显示。示例的应用也为声音配置了pulseaudio和开启了网络的访问:" -#: ../../electron.rst:113 +#: ../../electron.rst:112 msgid "" "The sample app also configures PulseAudio for sound and enables network " "access:" msgstr "" -#: ../../electron.rst:126 +#: ../../electron.rst:125 msgid "" "To allow experimental `native Wayland` support in Electron>=20, the " "``--ozone-platform-hint=auto`` flag can be passed to the program. `auto` " @@ -177,31 +175,31 @@ msgid "" " Xwayland or X11 otherwise." msgstr "" -#: ../../electron.rst:131 +#: ../../electron.rst:130 msgid "" "It's recommended to leave actually `enabling` Wayland up to the user for " "now, i.e. set ``--socket=x11`` in the manifest. Wayland can then be " "tested with::" msgstr "" -#: ../../electron.rst:137 +#: ../../electron.rst:136 msgid "Enable native Wayland support by default" msgstr "" -#: ../../electron.rst:141 +#: ../../electron.rst:140 msgid "" "Native Wayland support in Electron is still experimental and often " "unstable. It is advised to stick with the X11/Xwayland configuration " "above as the default." msgstr "" -#: ../../electron.rst:145 +#: ../../electron.rst:144 msgid "" "To make native Wayland the `default` for users, ``--socket=fallback-x11``" " and ``--socket=wayland`` must be used in the manifest." msgstr "" -#: ../../electron.rst:148 +#: ../../electron.rst:147 msgid "" "For Electron versions between 17 and 27, client-side window decorations " "under native Wayland can be enabled by passing ``--enable-" @@ -209,7 +207,7 @@ msgid "" " Electron , this isn't necessary anymore." msgstr "" -#: ../../electron.rst:153 +#: ../../electron.rst:152 msgid "" "Electron uses ``libnotify`` on Linux to provide desktop notifications. " "`Since version 0.8.0 " @@ -222,18 +220,18 @@ msgid "" "``libnotify>=0.8.0`` since ``branch/23.08``." msgstr "" -#: ../../electron.rst:160 +#: ../../electron.rst:159 msgid "" "To ensure proper mouse cursor scaling on HiDPI displays under Wayland, " "the ``XCURSOR_PATH`` environment variable must be set to the host's " "corresponding directories:" msgstr "" -#: ../../electron.rst:172 +#: ../../electron.rst:171 msgid "Using correct desktop file name" msgstr "" -#: ../../electron.rst:174 +#: ../../electron.rst:173 #, python-brace-format msgid "" "It's important for Linux applications to set the correct desktop file " @@ -245,15 +243,16 @@ msgid "" "\"com.example.MyApp.desktop\"``." msgstr "" -#: ../../electron.rst:178 +#: ../../electron.rst:177 #, python-brace-format msgid "" -"In case you repack a binary, you can use the ``patch-desktop-filename`` " -"script provided by the BaseApp. Each Electron binary ships with " -"``resources/app.asar`` file. You need to call ``patch-desktop-filename`` " -"with this file as argument. If your application is installed under " -"``${FLATPAK_DEST}/my-app`` you need to run ``patch-desktop-filename " -"${FLATPAK_DEST}/my-app/resources/app.asar``." +"In case you repack a binary, you can use the `patch-electron-desktop-" +"filename `_ tool included in the BaseApp. Each Electron binary ships " +"with ``resources/app.asar`` file. You need to call ``patch-desktop-" +"filename`` with this file as argument. If your application is installed " +"under ``${FLATPAK_DEST}/my-app`` you need to run ``patch-desktop-filename" +" ${FLATPAK_DEST}/my-app/resources/app.asar``." msgstr "" #: ../../electron.rst:183 @@ -557,3 +556,17 @@ msgstr "" #~ "``branch/23.08`` comes with ``libnotify>=0.8.0``" #~ msgstr "" +#~ msgid "" +#~ "In case you repack a binary, you" +#~ " can use the ``patch-desktop-" +#~ "filename`` script provided by the " +#~ "BaseApp. Each Electron binary ships with" +#~ " ``resources/app.asar`` file. You need to" +#~ " call ``patch-desktop-filename`` with " +#~ "this file as argument. If your " +#~ "application is installed under " +#~ "``${FLATPAK_DEST}/my-app`` you need to " +#~ "run ``patch-desktop-filename ${FLATPAK_DEST" +#~ "}/my-app/resources/app.asar``." +#~ msgstr "" + diff --git a/po/zh_CN/LC_MESSAGES/extension.po b/po/zh_CN/LC_MESSAGES/extension.po index 9b5bb5f9..11a56b57 100644 --- a/po/zh_CN/LC_MESSAGES/extension.po +++ b/po/zh_CN/LC_MESSAGES/extension.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-08-31 14:40+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: zh_CN\n" @@ -18,7 +18,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../extension.rst:2 msgid "Extensions" @@ -62,14 +62,14 @@ msgstr "" #: ../../extension.rst:25 msgid "" "``.Debug, .Locale, .Sources`` extensions created by Flatpak builder do " -"not need to be specified manually. These are automaitcally created and " +"not need to be specified manually. These are automatically created and " "loaded if installed." msgstr "" #: ../../extension.rst:29 msgid "" "Note that, ``.Locale`` extensions are by default only partially installed" -" (only for the configued languages) by Flatpak. To install the full " +" (only for the configured languages) by Flatpak. To install the full " "locale extension ``flatpak update --subpath= $FLATPAK_ID.Locale`` can be " "used." msgstr "" @@ -330,7 +330,7 @@ msgstr "" #: ../../extension.rst:218 msgid "" "Some extensions are installed automatically by the runtime based on " -"certain conditions and these do not need be added to application " +"certain conditions and these do not need to be added to application " "manifests. Please see below for the purpose of extensions or extension " "points defined in the runtime. Similarly extensions created by Flatpak " "builder like ``.Locale, .Debug`` also do not need to be in application " @@ -991,3 +991,33 @@ msgstr "" #~ "````org.kde.Platform//5.15-24.08`` is ``24.08``." #~ msgstr "" +#~ msgid "" +#~ "``.Debug, .Locale, .Sources`` extensions " +#~ "created by Flatpak builder do not " +#~ "need to be specified manually. These " +#~ "are automaitcally created and loaded if" +#~ " installed." +#~ msgstr "" + +#~ msgid "" +#~ "Note that, ``.Locale`` extensions are by" +#~ " default only partially installed (only " +#~ "for the configued languages) by Flatpak." +#~ " To install the full locale extension" +#~ " ``flatpak update --subpath= $FLATPAK_ID.Locale``" +#~ " can be used." +#~ msgstr "" + +#~ msgid "" +#~ "Some extensions are installed automatically" +#~ " by the runtime based on certain " +#~ "conditions and these do not need " +#~ "be added to application manifests. " +#~ "Please see below for the purpose " +#~ "of extensions or extension points " +#~ "defined in the runtime. Similarly " +#~ "extensions created by Flatpak builder " +#~ "like ``.Locale, .Debug`` also do not " +#~ "need to be in application manifest." +#~ msgstr "" + diff --git a/po/zh_CN/LC_MESSAGES/flatpak-devel.po b/po/zh_CN/LC_MESSAGES/flatpak-devel.po index 598e3f97..820ff759 100644 --- a/po/zh_CN/LC_MESSAGES/flatpak-devel.po +++ b/po/zh_CN/LC_MESSAGES/flatpak-devel.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-06-30 14:59+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: zh_CN\n" @@ -18,7 +18,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../flatpak-devel.rst:2 msgid "Flatpak as a developer platform" @@ -59,7 +59,7 @@ msgstr "" #: ../../flatpak-devel.rst:23 msgid "" -"`Flatpak Github Actions `_ can be used for GitHub." msgstr "" @@ -349,3 +349,9 @@ msgstr "" #~ msgid "Parallel nigthly and stable applications" #~ msgstr "" +#~ msgid "" +#~ "`Flatpak Github Actions `_ can " +#~ "be used for GitHub." +#~ msgstr "" + diff --git a/po/zh_CN/LC_MESSAGES/module-sources.po b/po/zh_CN/LC_MESSAGES/module-sources.po index 3eab81ab..0652a6de 100644 --- a/po/zh_CN/LC_MESSAGES/module-sources.po +++ b/po/zh_CN/LC_MESSAGES/module-sources.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-12-01 08:05+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: zh_CN\n" @@ -18,7 +18,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.16.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../module-sources.rst:2 msgid "Module Sources" @@ -420,6 +420,7 @@ msgid "" msgstr "" #: ../../module-sources.rst:475 +#, python-brace-format msgid "" "The last line creates an empty symlink from ``${FLATPAK_DEST}/extra/`` to" " ``${FLATPAK_DEST}/bin/`` so that the executable is found in ``$PATH`` " @@ -448,6 +449,7 @@ msgid "" msgstr "" #: ../../module-sources.rst:499 +#, python-brace-format msgid "" "The commands needed to extract the snap are specified in the " "``apply_extra`` script. These can be any shell commands that run when " @@ -504,7 +506,7 @@ msgstr "" #: ../../module-sources.rst:573 msgid "" "``path`` should be the path of the local directory relative to the " -"manifest root path, whoose contents will be copied during build." +"manifest root path, whose contents will be copied during build." msgstr "" #: ../../module-sources.rst:587 @@ -516,3 +518,10 @@ msgid "" "them." msgstr "" +#~ msgid "" +#~ "``path`` should be the path of the" +#~ " local directory relative to the " +#~ "manifest root path, whoose contents will" +#~ " be copied during build." +#~ msgstr "" + diff --git a/po/zh_CN/LC_MESSAGES/sandbox-permissions.po b/po/zh_CN/LC_MESSAGES/sandbox-permissions.po index 58ad466c..3afbc8fa 100644 --- a/po/zh_CN/LC_MESSAGES/sandbox-permissions.po +++ b/po/zh_CN/LC_MESSAGES/sandbox-permissions.po @@ -4,7 +4,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-08-31 14:40+0530\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2018-11-03 02:03-0400\n" "Last-Translator: PikachuHy \n" "Language: zh_Hans_CN\n" @@ -13,7 +13,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.17.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../sandbox-permissions.rst:2 msgid "Sandbox Permissions" @@ -237,7 +237,17 @@ msgid "" "clients or SSH frontends." msgstr "" -#: ../../sandbox-permissions.rst:105 +#: ../../sandbox-permissions.rst:102 +msgid "" +"``--socket=inherit-wayland-socket`` - Inherit the ``$WAYLAND_SOCKET`` " +"environment variable from the parent process (for example, the " +"compositor). This is not commonly needed unless the application needs " +"access to the parent process’ Wayland state. Input method applications " +"may need this. It’s a very sensitive permission as it prevents Wayland " +"client state from being sandboxed." +msgstr "" + +#: ../../sandbox-permissions.rst:111 msgid "" "Applications that do not support native Wayland should use only " "``--socket=x11`` and applications that do, should use " @@ -246,17 +256,17 @@ msgid "" "Wayland sessions of the desktop environment." msgstr "" -#: ../../sandbox-permissions.rst:111 +#: ../../sandbox-permissions.rst:117 #, fuzzy msgid "``--socket=wayland`` - Show windows with Wayland" msgstr "``--socket=wayland`` - 使用Wayland显示窗口" -#: ../../sandbox-permissions.rst:112 +#: ../../sandbox-permissions.rst:118 #, fuzzy msgid "``--socket=x11`` - Show windows using X11" msgstr " ``--socket=x11`` - 用X11显示窗口" -#: ../../sandbox-permissions.rst:113 +#: ../../sandbox-permissions.rst:119 #, fuzzy msgid "" "``--socket=fallback-x11`` - Show windows using X11, if Wayland is not " @@ -264,11 +274,11 @@ msgid "" "use ``--socket=wayland`` for wayland permission" msgstr "``--socket=fallback-x11`` - 如果Wayland不可用,使用X11显示窗口" -#: ../../sandbox-permissions.rst:118 +#: ../../sandbox-permissions.rst:124 msgid "D-Bus access" msgstr "D-Bus访问" -#: ../../sandbox-permissions.rst:120 +#: ../../sandbox-permissions.rst:126 msgid "" "D-Bus access is filtered by default. The default policy for the session " "bus only allows the application to own its own namespace named by " @@ -280,7 +290,7 @@ msgid "" "``org.freedesktop.portal.*``." msgstr "" -#: ../../sandbox-permissions.rst:128 +#: ../../sandbox-permissions.rst:134 #, fuzzy msgid "" "Access to the entire bus with ``--socket=system-bus`` or ``--socket" @@ -290,310 +300,325 @@ msgstr "" "避免使用 ``--socket=system-bus`` 或 ``--socket=session-bus`` " "访问整个总线,除非应用是一个开发工具。" -#: ../../sandbox-permissions.rst:133 +#: ../../sandbox-permissions.rst:139 msgid "" "``flatpak run --log-session-bus $FLATPAK_ID`` can be used to find the " "specific D-Bus permissions needed. See :ref:`debugging:Audit session or " "system bus traffic` for more information." msgstr "" -#: ../../sandbox-permissions.rst:137 +#: ../../sandbox-permissions.rst:143 msgid "**Ownership**" msgstr "**Ownership**" -#: ../../sandbox-permissions.rst:139 +#: ../../sandbox-permissions.rst:145 msgid "" "Any ownership beyond what is granted by default ie. own namespace and " "``org.mpris.MediaPlayer2.$FLATPAK_ID`` is typically unnecessary although " "there can be exceptions." msgstr "" -#: ../../sandbox-permissions.rst:143 +#: ../../sandbox-permissions.rst:149 msgid "**Talk**" msgstr "**Talk**" -#: ../../sandbox-permissions.rst:145 +#: ../../sandbox-permissions.rst:151 msgid "It is recommended to use the minimum required talk-name permissions." msgstr "" -#: ../../sandbox-permissions.rst:148 +#: ../../sandbox-permissions.rst:154 msgid "Filesystem access" msgstr "文件系统访问" -#: ../../sandbox-permissions.rst:150 +#: ../../sandbox-permissions.rst:156 #, fuzzy msgid "" "As a general rule, static and permanent filesystem access should be " "limited as much as possible. This includes:" msgstr "作为一个通用规则,对文件系统的访问应该尽可能地进行限制。这包括:" -#: ../../sandbox-permissions.rst:153 +#: ../../sandbox-permissions.rst:159 msgid "" "Using portals as an alternative to blanket filesystem access, wherever " "possible." msgstr "尽量使用门户来代替文件系统访问。" -#: ../../sandbox-permissions.rst:155 +#: ../../sandbox-permissions.rst:161 msgid "Using read-only access wherever possible, using the ``:ro`` option." msgstr "尽量使用读取权限来访问,使用 ``:ro`` 选项。" -#: ../../sandbox-permissions.rst:156 +#: ../../sandbox-permissions.rst:162 msgid "" "Using :ref:`conventions:XDG base directories` to store application's " "cache, config and state. Then no additional filesystem access would be " "required." msgstr "" -#: ../../sandbox-permissions.rst:159 +#: ../../sandbox-permissions.rst:165 msgid "" "Avoiding full home access and instead using XDG directories such as " "``xdg-music`` or ``xdg-download`` etc." msgstr "" -#: ../../sandbox-permissions.rst:162 +#: ../../sandbox-permissions.rst:168 msgid "The following permission options are available:" msgstr "" -#: ../../sandbox-permissions.rst:164 +#: ../../sandbox-permissions.rst:170 msgid "``:ro`` - read-only access" msgstr "" -#: ../../sandbox-permissions.rst:165 +#: ../../sandbox-permissions.rst:171 msgid "" "``:create`` - read/write access, and create the directory if it doesn't " "exist" msgstr "" -#: ../../sandbox-permissions.rst:168 +#: ../../sandbox-permissions.rst:174 msgid "Additionally the following permissions are available:" msgstr "" -#: ../../sandbox-permissions.rst:171 +#: ../../sandbox-permissions.rst:177 +msgid "``host-root``" +msgstr "" + +#: ../../sandbox-permissions.rst:177 +msgid "" +"Complete host operating system with no exclusions mounted at " +"``/run/host/root`` inside the sandbox. (v1.17.0+)" +msgstr "" + +#: ../../sandbox-permissions.rst:178 msgid "``host``" msgstr "" -#: ../../sandbox-permissions.rst:171 +#: ../../sandbox-permissions.rst:178 msgid "" -"Access to ``/home, /media, /opt, /run/media, /srv`` and everything " -"provided by ``host-os, host-etc`` mounted in ``/run/host``" +"Access to all toplevel paths and subpaths of ``/`` except some reserved " +"paths listed below." msgstr "" -#: ../../sandbox-permissions.rst:171 ../../sandbox-permissions.rst:175 -#: ../../sandbox-permissions.rst:176 -msgid "Includes any subpaths" +#: ../../sandbox-permissions.rst:178 +msgid "" +"Paths provided by ``host-etc, host-os`` are mounted at ``/run/host`` as " +"explained below." msgstr "" -#: ../../sandbox-permissions.rst:172 +#: ../../sandbox-permissions.rst:179 msgid "``host-etc``" msgstr "" -#: ../../sandbox-permissions.rst:172 +#: ../../sandbox-permissions.rst:179 msgid "Host's ``/etc``" msgstr "" -#: ../../sandbox-permissions.rst:172 +#: ../../sandbox-permissions.rst:179 msgid "Host's ``/etc`` is mounted at ``/run/host/etc``" msgstr "" -#: ../../sandbox-permissions.rst:173 +#: ../../sandbox-permissions.rst:180 msgid "``host-os``" msgstr "" -#: ../../sandbox-permissions.rst:173 +#: ../../sandbox-permissions.rst:180 #, python-brace-format msgid "" "Host's ``/usr, /bin, /sbin, /lib{32, 64}, /etc/ld.so.cache, " "/etc/alternatives``" msgstr "" -#: ../../sandbox-permissions.rst:173 +#: ../../sandbox-permissions.rst:180 msgid "Mounted at ``/run/host``" msgstr "" -#: ../../sandbox-permissions.rst:174 +#: ../../sandbox-permissions.rst:181 msgid "``home``" msgstr "" -#: ../../sandbox-permissions.rst:174 +#: ../../sandbox-permissions.rst:181 #, fuzzy msgid "Access the home directory" msgstr "``--filesystem=home`` - 访问用户home目录" -#: ../../sandbox-permissions.rst:174 +#: ../../sandbox-permissions.rst:181 msgid "Except ``~/.var/app``" msgstr "" -#: ../../sandbox-permissions.rst:175 +#: ../../sandbox-permissions.rst:182 msgid "``/some/dir``" msgstr "" -#: ../../sandbox-permissions.rst:175 +#: ../../sandbox-permissions.rst:182 msgid "Access an arbitrary path except any reserved path" msgstr "" -#: ../../sandbox-permissions.rst:176 +#: ../../sandbox-permissions.rst:182 ../../sandbox-permissions.rst:183 +msgid "Includes any subpaths" +msgstr "" + +#: ../../sandbox-permissions.rst:183 msgid "``~/some/dir``" msgstr "" -#: ../../sandbox-permissions.rst:176 +#: ../../sandbox-permissions.rst:183 msgid "Arbitrary path relative to the home directory" msgstr "" -#: ../../sandbox-permissions.rst:177 +#: ../../sandbox-permissions.rst:184 msgid "``xdg-desktop``" msgstr "" -#: ../../sandbox-permissions.rst:177 +#: ../../sandbox-permissions.rst:184 msgid "Access the XDG desktop directory" msgstr "" -#: ../../sandbox-permissions.rst:177 +#: ../../sandbox-permissions.rst:184 msgid "``$XDG_DESKTOP_DIR`` or ``$HOME/Desktop``" msgstr "" -#: ../../sandbox-permissions.rst:178 +#: ../../sandbox-permissions.rst:185 msgid "``xdg-documents``" msgstr "" -#: ../../sandbox-permissions.rst:178 +#: ../../sandbox-permissions.rst:185 msgid "Access the XDG documents directory" msgstr "" -#: ../../sandbox-permissions.rst:178 +#: ../../sandbox-permissions.rst:185 msgid "``$XDG_DOCUMENTS_DIR`` or ``$HOME/Documents``" msgstr "" -#: ../../sandbox-permissions.rst:179 +#: ../../sandbox-permissions.rst:186 msgid "``xdg-download``" msgstr "" -#: ../../sandbox-permissions.rst:179 +#: ../../sandbox-permissions.rst:186 msgid "Access the XDG download directory" msgstr "" -#: ../../sandbox-permissions.rst:179 +#: ../../sandbox-permissions.rst:186 msgid "``$XDG_DOWNLOAD_DIR`` or ``$HOME/Downloads``" msgstr "" -#: ../../sandbox-permissions.rst:180 +#: ../../sandbox-permissions.rst:187 msgid "``xdg-music``" msgstr "" -#: ../../sandbox-permissions.rst:180 +#: ../../sandbox-permissions.rst:187 msgid "Access the XDG music directory" msgstr "" -#: ../../sandbox-permissions.rst:180 +#: ../../sandbox-permissions.rst:187 msgid "``$XDG_MUSIC_DIR`` or ``$HOME/Music``" msgstr "" -#: ../../sandbox-permissions.rst:181 +#: ../../sandbox-permissions.rst:188 msgid "``xdg-pictures``" msgstr "" -#: ../../sandbox-permissions.rst:181 +#: ../../sandbox-permissions.rst:188 msgid "Access the XDG pictures directory" msgstr "" -#: ../../sandbox-permissions.rst:181 +#: ../../sandbox-permissions.rst:188 msgid "``$XDG_PICTURES_DIR`` or ``$HOME/Pictures``" msgstr "" -#: ../../sandbox-permissions.rst:182 +#: ../../sandbox-permissions.rst:189 msgid "``xdg-public-share``" msgstr "" -#: ../../sandbox-permissions.rst:182 +#: ../../sandbox-permissions.rst:189 msgid "Access the XDG public directory" msgstr "" -#: ../../sandbox-permissions.rst:182 +#: ../../sandbox-permissions.rst:189 msgid "``$XDG_PUBLICSHARE_DIR`` or ``$HOME/Public``" msgstr "" -#: ../../sandbox-permissions.rst:183 +#: ../../sandbox-permissions.rst:190 msgid "``xdg-videos``" msgstr "" -#: ../../sandbox-permissions.rst:183 +#: ../../sandbox-permissions.rst:190 msgid "Access the XDG videos directory" msgstr "" -#: ../../sandbox-permissions.rst:183 +#: ../../sandbox-permissions.rst:190 msgid "``$XDG_VIDEOS_DIR`` or ``$HOME/Videos``" msgstr "" -#: ../../sandbox-permissions.rst:184 +#: ../../sandbox-permissions.rst:191 msgid "``xdg-templates``" msgstr "" -#: ../../sandbox-permissions.rst:184 +#: ../../sandbox-permissions.rst:191 msgid "Access the XDG templates directory" msgstr "" -#: ../../sandbox-permissions.rst:184 +#: ../../sandbox-permissions.rst:191 msgid "``$XDG_TEMPLATES_DIR`` or ``$HOME/Templates``" msgstr "" -#: ../../sandbox-permissions.rst:185 +#: ../../sandbox-permissions.rst:192 msgid "``xdg-config``" msgstr "" -#: ../../sandbox-permissions.rst:185 +#: ../../sandbox-permissions.rst:192 msgid "Access the XDG config directory [#f3]_" msgstr "" -#: ../../sandbox-permissions.rst:185 +#: ../../sandbox-permissions.rst:192 msgid "``$XDG_CONFIG_HOME`` or ``$HOME/.config``" msgstr "" -#: ../../sandbox-permissions.rst:186 +#: ../../sandbox-permissions.rst:193 msgid "``xdg-cache``" msgstr "" -#: ../../sandbox-permissions.rst:186 +#: ../../sandbox-permissions.rst:193 msgid "Access the XDG cache directory [#f3]_" msgstr "" -#: ../../sandbox-permissions.rst:186 +#: ../../sandbox-permissions.rst:193 msgid "``$XDG_CACHE_HOME`` or ``$HOME/.cache``" msgstr "" -#: ../../sandbox-permissions.rst:187 +#: ../../sandbox-permissions.rst:194 msgid "``xdg-data``" msgstr "" -#: ../../sandbox-permissions.rst:187 +#: ../../sandbox-permissions.rst:194 msgid "Access the XDG data directory [#f3]_" msgstr "" -#: ../../sandbox-permissions.rst:187 +#: ../../sandbox-permissions.rst:194 msgid "``$XDG_DATA_HOME`` or ``$HOME/.local/share``" msgstr "" -#: ../../sandbox-permissions.rst:188 +#: ../../sandbox-permissions.rst:195 msgid "``xdg-run/path``" msgstr "" -#: ../../sandbox-permissions.rst:188 +#: ../../sandbox-permissions.rst:195 msgid "Access subdirectories of the XDG runtime directory" msgstr "" -#: ../../sandbox-permissions.rst:188 +#: ../../sandbox-permissions.rst:195 msgid "``$XDG_RUNTIME_DIR/path`` (``/run/user/$UID/path``)" msgstr "" -#: ../../sandbox-permissions.rst:191 +#: ../../sandbox-permissions.rst:198 msgid "" "Except ``host, host-etc, host-os`` paths can be added to all the above " "filesystem options. For example, ``--filesystem=xdg-documents/path``." msgstr "" -#: ../../sandbox-permissions.rst:194 +#: ../../sandbox-permissions.rst:201 msgid "Other filesystem access guidelines include:" msgstr "" -#: ../../sandbox-permissions.rst:196 +#: ../../sandbox-permissions.rst:203 #, fuzzy msgid "" "The ``--persist=DIR`` option can be used to map directories from the " @@ -604,7 +629,7 @@ msgstr "" "``--persist=path`` 选项可以用来将用户目录映射到沙箱的文件系统。这可以避免配置整个home目录访问权限。并且对于在硬编码使用 " "``~/`` 文件路径的应用程序非常有用。" -#: ../../sandbox-permissions.rst:201 +#: ../../sandbox-permissions.rst:208 msgid "" "For example, if an application hardcodes the directory ``~/.foo``, " "without any ``home`` access and no ``--persist`` the directory will be " @@ -615,18 +640,18 @@ msgid "" "``~/.var/app/$FLATPAK_ID/.foo`` which would otherwise be lost." msgstr "" -#: ../../sandbox-permissions.rst:209 +#: ../../sandbox-permissions.rst:216 msgid "A ``--persist=.`` will `persist` all directories." msgstr "" -#: ../../sandbox-permissions.rst:211 +#: ../../sandbox-permissions.rst:218 msgid "" "This does not support ``:create, :ro, :rw`` suffixes or special values " "like ``xdg-documents``. However, the directory will be created by flatpak" " if it doesn't already exist." msgstr "" -#: ../../sandbox-permissions.rst:215 +#: ../../sandbox-permissions.rst:222 #, fuzzy msgid "" "This makes it possible to avoid configuring access to the entire home " @@ -636,30 +661,30 @@ msgstr "" "``--persist=path`` 选项可以用来将用户目录映射到沙箱的文件系统。这可以避免配置整个home目录访问权限。并且对于在硬编码使用 " "``~/`` 文件路径的应用程序非常有用。" -#: ../../sandbox-permissions.rst:218 +#: ../../sandbox-permissions.rst:225 msgid "" "If an application uses ``$TMPDIR`` to contain lock files you may want to " "add a wrapper script that sets it to ``$XDG_RUNTIME_DIR/app/$FLATPAK_ID``" " (tmpfs) or ``/var/tmp`` (persistent on host)." msgstr "" -#: ../../sandbox-permissions.rst:222 +#: ../../sandbox-permissions.rst:229 msgid "" "Retaining and sharing configuration with non-Flatpak installations is to " "be avoided." msgstr "应该避免与非flatpak安装的应用共享配置。" -#: ../../sandbox-permissions.rst:226 +#: ../../sandbox-permissions.rst:233 msgid "Reserved Paths" msgstr "" -#: ../../sandbox-permissions.rst:228 +#: ../../sandbox-permissions.rst:235 msgid "" "The following paths and subpaths of them are reserved and asking access " "to them with ``--filesystem`` will have no effect::" msgstr "" -#: ../../sandbox-permissions.rst:233 +#: ../../sandbox-permissions.rst:240 msgid "" "The entire ``/run`` is not allowed but all subpaths of ``/run`` except " "``/run/flatpak, /run/host`` are allowed to be exposed via " @@ -667,44 +692,46 @@ msgid "" "to ``../run``, exposing it or a subpath of it, is not allowed." msgstr "" -#: ../../sandbox-permissions.rst:238 +#: ../../sandbox-permissions.rst:245 msgid "" "Additionally the following directories from host need to be explicitly " "requested with ``--filesystem`` and are not available with ``home, host, " "host-os, host-etc`` by default:" msgstr "" -#: ../../sandbox-permissions.rst:242 +#: ../../sandbox-permissions.rst:249 msgid "" "``~/.var/app`` - The app can access only its own directory in " "``~/.var/app/$FLATPAK_ID``" msgstr "" -#: ../../sandbox-permissions.rst:243 +#: ../../sandbox-permissions.rst:250 msgid "``$XDG_DATA_HOME/flatpak`` (``~/.local/share/flatpak``)" msgstr "" -#: ../../sandbox-permissions.rst:244 +#: ../../sandbox-permissions.rst:251 msgid "``/boot``" msgstr "" -#: ../../sandbox-permissions.rst:245 +#: ../../sandbox-permissions.rst:252 msgid "``/efi``" msgstr "" -#: ../../sandbox-permissions.rst:246 +#: ../../sandbox-permissions.rst:253 msgid "``/root``" msgstr "" -#: ../../sandbox-permissions.rst:247 -msgid "``/sys``" +#: ../../sandbox-permissions.rst:254 +msgid "" +"``/sys`` - Only ``/sys/block, /sys/bus, /sys/class, /sys/dev, " +"/sys/devices`` are shared as read-only by default (if exists)" msgstr "" -#: ../../sandbox-permissions.rst:248 +#: ../../sandbox-permissions.rst:255 msgid "``/tmp``" msgstr "" -#: ../../sandbox-permissions.rst:249 +#: ../../sandbox-permissions.rst:256 #, python-brace-format msgid "" "``/var`` - Note that by default ``/var/{cache, config, data, tmp}`` " @@ -714,98 +741,98 @@ msgid "" "available." msgstr "" -#: ../../sandbox-permissions.rst:253 +#: ../../sandbox-permissions.rst:260 msgid "``/var/lib/flatpak`` - ``/var`` does not give access to this." msgstr "" -#: ../../sandbox-permissions.rst:256 +#: ../../sandbox-permissions.rst:263 msgid "Device access" msgstr "设备访问" -#: ../../sandbox-permissions.rst:257 +#: ../../sandbox-permissions.rst:264 msgid "You can provide the following device permissions:" msgstr "" -#: ../../sandbox-permissions.rst:260 +#: ../../sandbox-permissions.rst:267 msgid "``dri``" msgstr "" -#: ../../sandbox-permissions.rst:260 +#: ../../sandbox-permissions.rst:267 msgid "Direct Rendering Interface. Necessary for GL." msgstr "" -#: ../../sandbox-permissions.rst:261 +#: ../../sandbox-permissions.rst:268 msgid "``kvm``" msgstr "" -#: ../../sandbox-permissions.rst:261 +#: ../../sandbox-permissions.rst:268 msgid "Kernel based Virtual Machine ``/dev/kvm``" msgstr "" -#: ../../sandbox-permissions.rst:262 +#: ../../sandbox-permissions.rst:269 msgid "``shm``" msgstr "" -#: ../../sandbox-permissions.rst:262 +#: ../../sandbox-permissions.rst:269 msgid "Shared Memory in ``/dev/shm``." msgstr "" -#: ../../sandbox-permissions.rst:263 +#: ../../sandbox-permissions.rst:270 msgid "``input``" msgstr "" -#: ../../sandbox-permissions.rst:263 +#: ../../sandbox-permissions.rst:270 msgid "" "Input devices as exposed in ``/dev/input``. This includes game " "controllers. Since Flatpak 1.15.6." msgstr "" -#: ../../sandbox-permissions.rst:264 +#: ../../sandbox-permissions.rst:271 msgid "``usb``" msgstr "" -#: ../../sandbox-permissions.rst:264 +#: ../../sandbox-permissions.rst:271 msgid "Raw USB devices as exposed in ``/dev/bus/usb``. Since Flatpak 1.15.11." msgstr "" -#: ../../sandbox-permissions.rst:265 +#: ../../sandbox-permissions.rst:272 msgid "``all``" msgstr "" -#: ../../sandbox-permissions.rst:265 +#: ../../sandbox-permissions.rst:272 msgid "All devices, including all of the above except ``shm``" msgstr "" -#: ../../sandbox-permissions.rst:270 +#: ../../sandbox-permissions.rst:277 msgid "" "Using newer permissions like ``input`` or ``usb`` will have no effect on " "older Flatpak versions and will fail when used through Flatpak " "commandline." msgstr "" -#: ../../sandbox-permissions.rst:274 +#: ../../sandbox-permissions.rst:281 #, fuzzy msgid "" "While not ideal, ``--device=all`` can be used to access devices like " "webcams, CD/DVD drives etc." msgstr "尽管不理想, ``--device=all`` 可以用来访问控制器和网络摄像头之类的设备。" -#: ../../sandbox-permissions.rst:278 +#: ../../sandbox-permissions.rst:285 #, fuzzy msgid "USB portal" msgstr "门户(译者注:英文portals)" -#: ../../sandbox-permissions.rst:280 -msgid "Since 1.5.11." +#: ../../sandbox-permissions.rst:287 +msgid "Since 1.15.11." msgstr "" -#: ../../sandbox-permissions.rst:282 +#: ../../sandbox-permissions.rst:289 msgid "" "Sandboxed access to individual USB devices can be controlled by portals. " "Flatpak allows specifying enumerable USB devices to allow access." msgstr "" -#: ../../sandbox-permissions.rst:286 +#: ../../sandbox-permissions.rst:293 msgid "" "Like ``--device=usb``, this is just about accessing the raw USB device, " "that needs libusb (or equivalent). By using the portal, you can restrict " @@ -814,59 +841,59 @@ msgid "" "no reason for USB security devices to be accessible." msgstr "" -#: ../../sandbox-permissions.rst:293 +#: ../../sandbox-permissions.rst:300 msgid "" "A list of valid use cases includes scanners (handled, for example by " "SANE), photo cameras (handled by libgphoto2), flashing devices, etc." msgstr "" -#: ../../sandbox-permissions.rst:296 +#: ../../sandbox-permissions.rst:303 msgid "" "While this is portal dependent and ``xdg-desktop-portal`` is currently " "the only portal implementation, the overall permission flow is as " "follows:" msgstr "" -#: ../../sandbox-permissions.rst:300 +#: ../../sandbox-permissions.rst:307 msgid "" "The Flatpak package specifies the devices it wishes to enumerate through " "``finish-args``." msgstr "" -#: ../../sandbox-permissions.rst:302 +#: ../../sandbox-permissions.rst:309 msgid "" "The application requests the portal to enumerate the available USB " "devices based on that list. If the list is empty it will enumerate all " "USB devices." msgstr "" -#: ../../sandbox-permissions.rst:305 +#: ../../sandbox-permissions.rst:312 msgid "" "When the application wants to access the device, it will make a request " "for the device it wants to access via the portal." msgstr "" -#: ../../sandbox-permissions.rst:307 +#: ../../sandbox-permissions.rst:314 msgid "The portal then requests permission from the user if not already granted." msgstr "" -#: ../../sandbox-permissions.rst:309 +#: ../../sandbox-permissions.rst:316 msgid "" "If the permission was granted, a file descriptor for the device is passed" " back to the application." msgstr "" -#: ../../sandbox-permissions.rst:312 +#: ../../sandbox-permissions.rst:319 msgid "" "The application is then able to open the devices it is supposed to use " "while the others would be hidden." msgstr "" -#: ../../sandbox-permissions.rst:316 +#: ../../sandbox-permissions.rst:323 msgid "Specifying the enumerable devices" msgstr "" -#: ../../sandbox-permissions.rst:318 +#: ../../sandbox-permissions.rst:325 msgid "" "You can specify devices on the ``flatpak`` command line, and by extension" " in the finish arguments for Flatpak Builder. Enumerable devices are " @@ -877,17 +904,17 @@ msgid "" " shall not be enumerated." msgstr "" -#: ../../sandbox-permissions.rst:326 +#: ../../sandbox-permissions.rst:333 msgid "Queries are made out of rules. These rules are composable with ``+``." msgstr "" -#: ../../sandbox-permissions.rst:328 +#: ../../sandbox-permissions.rst:335 msgid "" "The rule ``all`` enumerates every USB device. There is no further rule " "allowed in the query." msgstr "" -#: ../../sandbox-permissions.rst:331 +#: ../../sandbox-permissions.rst:338 msgid "" "The ``vnd`` and ``dev`` rules specify a USB vendor and a USB device ID " "respectively. A vendor can be specified alone, but a device rule always " @@ -897,63 +924,63 @@ msgid "" "repository `_" msgstr "" -#: ../../sandbox-permissions.rst:338 +#: ../../sandbox-permissions.rst:345 msgid "" "``cls`` specifies the device USB class and subclass. Both class and " "subclass are two digit hex numbers separated by a colon ``:``. You can " "use ``*`` to specify any subclass within the class." msgstr "" -#: ../../sandbox-permissions.rst:342 +#: ../../sandbox-permissions.rst:349 msgid "Some examples of the syntax:" msgstr "" -#: ../../sandbox-permissions.rst:344 +#: ../../sandbox-permissions.rst:351 msgid "``vnd:1234``: Devices from vendor ``1234``" msgstr "" -#: ../../sandbox-permissions.rst:345 +#: ../../sandbox-permissions.rst:352 msgid "``vnd:1234+dev:3456``: Only device ``3456`` from vendor ``1234``." msgstr "" -#: ../../sandbox-permissions.rst:346 +#: ../../sandbox-permissions.rst:353 msgid "``vnd:1234+cls:06:*``: All the PTP devices from vendor ``1234``." msgstr "" -#: ../../sandbox-permissions.rst:347 +#: ../../sandbox-permissions.rst:354 msgid "``cls:06:*``: All the PTP devices." msgstr "" -#: ../../sandbox-permissions.rst:349 +#: ../../sandbox-permissions.rst:356 msgid "" "This permission only allows to enumerate devices. To open them, " "permission must be requested from the portal. It is not possible to open " "a device that is not enumerable." msgstr "" -#: ../../sandbox-permissions.rst:355 +#: ../../sandbox-permissions.rst:362 msgid "" "The ``--device=usb`` permission is broader than what the USB portal is " "supposed to provide and allows unfettered access to any USB device on the" " bus." msgstr "" -#: ../../sandbox-permissions.rst:359 +#: ../../sandbox-permissions.rst:366 msgid "In some situations you may need to specify a very long list of devices." msgstr "" -#: ../../sandbox-permissions.rst:361 +#: ../../sandbox-permissions.rst:368 msgid "Device lists can be passed in one single argument, or through a file." msgstr "" -#: ../../sandbox-permissions.rst:363 +#: ../../sandbox-permissions.rst:370 msgid "" "When using ``--usb-list``, the queries are separated by a semi-colon " "``;``, with queries for hidden devices (i.e. those that would be passed " "with ``--nousb``) prefixed with ``!``." msgstr "" -#: ../../sandbox-permissions.rst:367 +#: ../../sandbox-permissions.rst:374 msgid "" "When using ``--usb-list-file``, the filename of the file containing USB " "queries is passed line by line. Like with ``--usb-list`` queries for " @@ -963,24 +990,24 @@ msgid "" "list is persisted internally." msgstr "" -#: ../../sandbox-permissions.rst:375 +#: ../../sandbox-permissions.rst:382 msgid "dconf access" msgstr "dconf访问" -#: ../../sandbox-permissions.rst:377 +#: ../../sandbox-permissions.rst:384 msgid "" "As of xdg-desktop-portal 1.1.0 and glib 2.60.5 (in the runtime) you do " "not need direct DConf access in most cases." msgstr "" -#: ../../sandbox-permissions.rst:380 +#: ../../sandbox-permissions.rst:387 msgid "" "As of now this glib version is included in " "``org.freedesktop.Platform//19.08`` and ``org.gnome.Platform//3.34`` and " "newer." msgstr "" -#: ../../sandbox-permissions.rst:383 +#: ../../sandbox-permissions.rst:390 msgid "" "If an application existed prior to these runtimes you can tell Flatpak " "(>= 1.3.4) to migrate the DConf settings on the host into the sandbox by " @@ -989,17 +1016,17 @@ msgid "" " (case is ignored and ``_`` and ``-`` are treated equal)." msgstr "" -#: ../../sandbox-permissions.rst:390 +#: ../../sandbox-permissions.rst:397 msgid "" "If you are targeting older runtimes or require direct DConf access for " "other reasons you can use these permissions::" msgstr "" -#: ../../sandbox-permissions.rst:398 +#: ../../sandbox-permissions.rst:405 msgid "With those permissions glib will continue using dconf directly." msgstr "" -#: ../../sandbox-permissions.rst:400 +#: ../../sandbox-permissions.rst:407 msgid "" "If you use a newer runtime where dconf is no longer built and still need " "it you will have to build the `dconf " @@ -1007,12 +1034,12 @@ msgid "" "``--env=GIO_EXTRA_MODULES=/app/lib/gio/modules/``." msgstr "" -#: ../../sandbox-permissions.rst:405 +#: ../../sandbox-permissions.rst:412 #, fuzzy msgid "gvfs access" msgstr "dconf访问" -#: ../../sandbox-permissions.rst:407 +#: ../../sandbox-permissions.rst:414 msgid "" "As of gvfs 1.48, the gvfs daemons and applications use an on-disk socket " "to communicate, rather than an abstract socket so that the gvfs " @@ -1020,47 +1047,47 @@ msgid "" "application's sandbox." msgstr "" -#: ../../sandbox-permissions.rst:411 +#: ../../sandbox-permissions.rst:418 msgid "" "A number of different options need to be passed depending on the " "application's use of gvfs." msgstr "" -#: ../../sandbox-permissions.rst:414 +#: ../../sandbox-permissions.rst:421 msgid "" "``--talk-name=org.gtk.vfs.*`` is necessary to talk to the gvfs daemons " "over D-Bus and list mounts using the GIO APIs." msgstr "" -#: ../../sandbox-permissions.rst:417 +#: ../../sandbox-permissions.rst:424 msgid "" "``--filesystem=xdg-run/gvfsd`` is necessary to use the GIO APIs to list " "and access non-native files using the GIO APIs, using URLs rather than " "FUSE paths." msgstr "" -#: ../../sandbox-permissions.rst:420 +#: ../../sandbox-permissions.rst:427 msgid "" "``--filesystem=xdg-run/gvfs`` is necessary to give access to the FUSE " "mounts non-GIO and legacy applications can use. This is what will make " "native files appear under ``/run/user/`id -u`/gvfs/``." msgstr "" -#: ../../sandbox-permissions.rst:424 +#: ../../sandbox-permissions.rst:431 msgid "Typical GNOME and GTK applications should use::" msgstr "" -#: ../../sandbox-permissions.rst:429 +#: ../../sandbox-permissions.rst:436 msgid "Typical non-GNOME and non-GTK applications should use::" msgstr "" -#: ../../sandbox-permissions.rst:433 +#: ../../sandbox-permissions.rst:440 msgid "" "No application should be using ``--talk-name=org.gtk.vfs`` in its " "manifest, as there are no D-Bus services named ``org.gtk.vfs``." msgstr "" -#: ../../sandbox-permissions.rst:436 +#: ../../sandbox-permissions.rst:443 msgid "" "These permission grants the app, the ability to communicate with the gvfs" " daemon and backends running on host. Depending on the backends installed" @@ -1076,11 +1103,11 @@ msgid "" "host." msgstr "" -#: ../../sandbox-permissions.rst:450 +#: ../../sandbox-permissions.rst:457 msgid "External drive access" msgstr "" -#: ../../sandbox-permissions.rst:452 +#: ../../sandbox-permissions.rst:459 msgid "" "External drives are mounted by the host system using systemd, udev, udisk" " fstab etc. and each of them can have different defaults. Flatpak has no " @@ -1088,30 +1115,156 @@ msgid "" "permissions should work in most cases::" msgstr "" -#: ../../sandbox-permissions.rst:461 +#: ../../sandbox-permissions.rst:468 msgid "" "If ``--filesystem=host`` is used ``/media, /run/media`` is shared " "automatically if they exist." msgstr "" -#: ../../sandbox-permissions.rst:464 +#: ../../sandbox-permissions.rst:471 msgid "" "Note that these should not have subpaths in them unless the value of the " "subpath can be consistently pre-determined. Block device naming depends " "on the kernel/fstab configuration and cannot be pre-determined." msgstr "" -#: ../../sandbox-permissions.rst:469 +#: ../../sandbox-permissions.rst:476 +#, fuzzy +msgid "Conditional permissions" +msgstr "沙箱权限" + +#: ../../sandbox-permissions.rst:478 +msgid "" +"Since 1.17.0, Flatpak supports conditional permissions which allows them " +"to be granted only when certain runtime conditions are satisfied and " +"fallback otherwise. The intention of the system is to allow users or " +"developers to specify tighter permission grants (as they are added in new" +" Flatpak versions) while fallback to older grants for backwards " +"compatibility at run time." +msgstr "" + +#: ../../sandbox-permissions.rst:487 +msgid "" +"Older Flatpak versions will fail when encountering unknown commandline " +"options, while unrecognized metadata entries will be silently ignored." +msgstr "" + +#: ../../sandbox-permissions.rst:491 +msgid "" +"Flatpak manifests using conditional flags (for example, ``--socket-if=`` " +"etc.) will require Flatpak 1.17.0 or newer to build and attempting to " +"build them with older Flatpak versions will produce an error." +msgstr "" + +#: ../../sandbox-permissions.rst:496 +msgid "" +"The following flags are available to specify conditional permissions in " +"CLI and in Flatpak manifests::" +msgstr "" + +#: ../../sandbox-permissions.rst:504 +msgid "" +"The syntax of all the options are ``--socket-if=PERMISSION:CONDITION`` " +"and so on where ``PERMISSION`` is the available grants for that flag " +"(e.g., those listed for ``--socket=``). Conditions can be negated by " +"prefixing with ``!``. The following conditions are supported:" +msgstr "" + +#: ../../sandbox-permissions.rst:509 +msgid "``true`` - Always evaluates to true" +msgstr "" + +#: ../../sandbox-permissions.rst:510 +msgid "``false``- Always evaluates to false" +msgstr "" + +#: ../../sandbox-permissions.rst:511 +msgid "" +"``has-input-device`` - True if the Flatpak version supports " +"``--device=input``" +msgstr "" + +#: ../../sandbox-permissions.rst:513 +msgid "``has-wayland`` - True if the current desktop session supports Wayland" +msgstr "" + +#: ../../sandbox-permissions.rst:516 +msgid "" +"Multiple conditionals can be specified for the same grant, in which case " +"the permission is granted if any condition matches. If no conditional " +"rule evaluates to ``true``, the grant is denied unless it is also " +"unconditionally allowed. Duplicate conditions are ignored." +msgstr "" + +#: ../../sandbox-permissions.rst:523 +msgid "Examples" +msgstr "" + +#: ../../sandbox-permissions.rst:525 +msgid "" +"The unconditional grant ``--socket=x11`` can be tightened using " +"conditional permissions to ``--socket-if=x11:!has-wayland``. This allows " +"access to X11 only when a Wayland desktop session is not available. To " +"preserve backwards compatibility, the following pattern can be used::" +msgstr "" + +#: ../../sandbox-permissions.rst:534 +msgid "" +"This allows older Flatpak versions which do not understand the " +"conditional permissions function by allowing X11 access always while " +"newer Flatpak, which understands the conditional system will allow X11 " +"access only when the session is not Wayland." +msgstr "" + +#: ../../sandbox-permissions.rst:539 +msgid "" +"If an application requires only access to ``input`` device permission, " +"the following flags can be used to move away from ``--device=all`` to " +"``--device=input``::" +msgstr "" + +#: ../../sandbox-permissions.rst:547 +msgid "" +"This allows older Flatpak versions which do not understand the ``input`` " +"device permission to function by having the broader ``all`` access. Newer" +" Flatpak versions which understand the conditional system (and therefore " +"understands the ``input`` permission) will deny ``all`` due to " +"``--device-if=all:!has-input-device`` and allow only ``input`` due to " +"``--device=input``." +msgstr "" + +#: ../../sandbox-permissions.rst:555 +msgid "" +"To explicitly deny a permission that might be granted through runtime " +"metadata or overrides ``--nosocket=NAME, --unshare=NAME`` etc. can be " +"used::" +msgstr "" + +#: ../../sandbox-permissions.rst:561 +msgid "" +"This denial can be combined with conditional grants to remove " +"unconditional access while allowing conditional access::" +msgstr "" + +#: ../../sandbox-permissions.rst:568 +msgid "" +"This denies unconditional X11 access but allows X11 conditionally when " +"Wayland is unavailable. Older Flatpak versions will see only the final " +"``--socket=x11`` grant and allow X11 unconditionally, while newer " +"versions recognise the conditional logic and evaluates it at runtime." +msgstr "" + +#: ../../sandbox-permissions.rst:574 msgid "Footnotes" msgstr "" -#: ../../sandbox-permissions.rst:470 +#: ../../sandbox-permissions.rst:575 msgid "" "This is not necessarily required, but without it the X11 shared memory " "extension will not work, which is very bad for X11 performance." msgstr "" -#: ../../sandbox-permissions.rst:472 +#: ../../sandbox-permissions.rst:577 msgid "" "Giving network access also grants access to all host services listening " "on abstract Unix sockets (due to how network namespaces work), and these " @@ -1120,7 +1273,7 @@ msgid "" "secure distribution should disable these and just use regular sockets." msgstr "" -#: ../../sandbox-permissions.rst:477 +#: ../../sandbox-permissions.rst:582 #, python-brace-format msgid "" "``xdg-{cache, config, data}`` bind mounts the paths from host to the per-" @@ -1338,3 +1491,16 @@ msgstr "" #~ msgid "``--socket=ssh-auth``- Allow access to ``$SSH_AUTH_SOCK``" #~ msgstr "" +#~ msgid "" +#~ "Access to ``/home, /media, /opt, " +#~ "/run/media, /srv`` and everything provided " +#~ "by ``host-os, host-etc`` mounted " +#~ "in ``/run/host``" +#~ msgstr "" + +#~ msgid "``/sys``" +#~ msgstr "" + +#~ msgid "Since 1.5.11." +#~ msgstr "" + diff --git a/po/zh_CN/LC_MESSAGES/under-the-hood.po b/po/zh_CN/LC_MESSAGES/under-the-hood.po index 43a412ff..5eff42c0 100644 --- a/po/zh_CN/LC_MESSAGES/under-the-hood.po +++ b/po/zh_CN/LC_MESSAGES/under-the-hood.po @@ -4,7 +4,7 @@ msgid "" msgstr "" "Project-Id-Version: Flatpak\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-09-26 16:32-0300\n" +"POT-Creation-Date: 2026-04-10 07:35+0530\n" "PO-Revision-Date: 2019-04-23 06:29-0400\n" "Last-Translator: ZiqiangXu \n" "Language: zh_Hans_CN\n" @@ -13,7 +13,7 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.16.0\n" +"Generated-By: Babel 2.18.0\n" #: ../../under-the-hood.rst:2 msgid "Under the Hood" @@ -109,14 +109,158 @@ msgid "" msgstr "" #: ../../under-the-hood.rst:51 +msgid "Conditional permission system" +msgstr "" + +#: ../../under-the-hood.rst:53 +msgid "" +"Since Flatpak 1.17.0, conditional permissions allow permissions to be " +"granted only when certain runtime conditions are satisfied, with fallback" +" to unconditional grants for compatibility with older versions." +msgstr "" + +#: ../../under-the-hood.rst:57 +msgid "Permissions are internally represented as:" +msgstr "" + +#: ../../under-the-hood.rst:59 +msgid "unconditionally allowed or denied" +msgstr "" + +#: ../../under-the-hood.rst:60 +msgid "" +"a reset flag indicating whether the current layer overrides rules from " +"lower layers" +msgstr "" + +#: ../../under-the-hood.rst:62 +msgid "a set of conditional rules under which the permission may be allowed" +msgstr "" + +#: ../../under-the-hood.rst:64 +msgid "For example:" +msgstr "" + +#: ../../under-the-hood.rst:66 +msgid "" +"``--socket=NAME`` unconditionally allows the permission and resets any " +"previously defined rules for that permission" +msgstr "" + +#: ../../under-the-hood.rst:68 +msgid "" +"``--nosocket=NAME`` unconditionally denies the permission and resets any " +"previously defined rules" +msgstr "" + +#: ../../under-the-hood.rst:70 +msgid "" +"``--socket-if=NAME:CONDITION`` adds a conditional rule without resetting " +"existing rules" +msgstr "" + +#: ../../under-the-hood.rst:73 +msgid "Conditions may be negated using ``!``." +msgstr "" + +#: ../../under-the-hood.rst:75 +msgid "" +"Multiple conditional rules can be specified for the same permission. In " +"this case, the permission is granted if any condition evaluates to true." +msgstr "" + +#: ../../under-the-hood.rst:78 +msgid "" +"Duplicate conditions are ignored. The order of conditions does not affect" +" evaluation." +msgstr "" + +#: ../../under-the-hood.rst:81 +msgid "" +"If no conditional rules are present, the permission is granted only if it" +" is unconditionally allowed." +msgstr "" + +#: ../../under-the-hood.rst:84 +msgid "" +"If conditional rules are present, the permission is granted if any " +"condition evaluates to true, and denied otherwise, unless it is also " +"unconditionally allowed." +msgstr "" + +#: ../../under-the-hood.rst:88 +msgid "" +"If an unconditional entry follows a conditional entry for the same grant " +"in commandline flags, the earlier unconditional entry is treated as " +"backwards compatibility fallback and does not affect the final permission" +" state. So the following is effectively treated as ``--socket-if=x11" +":!has-wayland`` in Flatpak versions supporting conditional permissions::" +msgstr "" + +#: ../../under-the-hood.rst:98 +msgid "Permissions are written to metadata using the following rules:" +msgstr "" + +#: ../../under-the-hood.rst:100 +msgid "Unconditionally allowed permissions are written as ``NAME``" +msgstr "" + +#: ../../under-the-hood.rst:101 +msgid "Unconditionally denied permissions are written as ``!NAME``" +msgstr "" + +#: ../../under-the-hood.rst:102 +msgid "Conditionally allowed permissions are written as:" +msgstr "" + +#: ../../under-the-hood.rst:104 +msgid "unconditional ``NAME`` entry for compat" +msgstr "" + +#: ../../under-the-hood.rst:105 +msgid "``if:NAME:CONDITION`` entries" +msgstr "" + +#: ../../under-the-hood.rst:107 +msgid "" +"If the permission resets previously defined rules, an explicit ``!NAME`` " +"entry is written first, followed by the unconditional ``NAME`` entry and " +"then the ``if:NAME:CONDITION`` entries. This is omitted when saving an " +"application's own metadata, as opposed to overrides." +msgstr "" + +#: ../../under-the-hood.rst:112 +msgid "" +"When parsing metadata, a non-negated unconditional ``NAME`` entry " +"appearing before a ``if:NAME:CONDITION`` entry is treated as a " +"compatibility fallback and does not affect the final permission state. " +"Eg. ``sockets=x11;if:x11:!has-wayland;`` is effectively treated as " +"``if:x11:!has-wayland`` in Flatpak versions supporting conditional " +"permissions." +msgstr "" + +#: ../../under-the-hood.rst:119 +msgid "" +"The ``fallback-x11`` socket, on pre-1.17 Flatpak versions implicitly " +"granted ``x11`` access and at runtime X11 access was suppressed when " +"Wayland was available, while on newer Flatpak (1.17+) it is internally " +"converted to the conditional syntax ``if:x11:!has-wayland``. When saving " +"the metadata, Flatpak converts ``if:x11:!has-wayland`` back to " +"``fallback-x11`` only when it is the sole conditional on ``x11``. If " +"additional conditionals are present, the new syntax is written directly " +"and older Flatpak versions will not understand the conditional entries. A" +" conditional grant for ``fallback-x11`` is not allowed." +msgstr "" + +#: ../../under-the-hood.rst:130 msgid "Underlying technologies" msgstr "基础技术" -#: ../../under-the-hood.rst:53 +#: ../../under-the-hood.rst:132 msgid "Flatpak utilises a number of pre-existing technologies. These include:" msgstr "Flatpak使用了许多已经存在的技术。如:" -#: ../../under-the-hood.rst:55 +#: ../../under-the-hood.rst:134 #, fuzzy msgid "" "The `bubblewrap `_ utility from" @@ -126,25 +270,25 @@ msgstr "" " 来自 `Project Atomic `_的`bubblewrap " "`_,它可以让非特权的用户启动和运行容器。使用到的内核特性:" -#: ../../under-the-hood.rst:59 +#: ../../under-the-hood.rst:138 msgid "Namespaces" msgstr "Namespaces" -#: ../../under-the-hood.rst:60 +#: ../../under-the-hood.rst:139 msgid "Bind mounts" msgstr "Bind mounts" -#: ../../under-the-hood.rst:61 +#: ../../under-the-hood.rst:140 msgid "Seccomp rules" msgstr "Seccomp rules" -#: ../../under-the-hood.rst:63 +#: ../../under-the-hood.rst:142 msgid "" "`systemd `_ to set up" " cgroups for sandboxes" msgstr "`systemd `为沙盒启动cgroups" -#: ../../under-the-hood.rst:65 +#: ../../under-the-hood.rst:144 msgid "" "`D-Bus `_, a well-" "established way to provide high-level APIs to applications" @@ -152,14 +296,14 @@ msgstr "" "`D-Bus " "`,一种成熟的为应用程序提供高级API的方法" -#: ../../under-the-hood.rst:67 +#: ../../under-the-hood.rst:146 #, fuzzy msgid "" "The `OSTree `__ system for " "versioning and distributing filesystem trees" msgstr "`OSTree `系统,版本化和分布式文件系统树" -#: ../../under-the-hood.rst:69 +#: ../../under-the-hood.rst:148 msgid "" "The OCI format from the `Open Container Initiative " "`_, as an alternative to OSTree used by the " @@ -167,11 +311,11 @@ msgid "" "fedora-now-live/>`__" msgstr "" -#: ../../under-the-hood.rst:73 +#: ../../under-the-hood.rst:152 msgid "Flatpak can use either OSTree or OCI for single-file bundles." msgstr "" -#: ../../under-the-hood.rst:74 +#: ../../under-the-hood.rst:153 msgid "" "`Appstream `_ " "metadata, to allow Flatpak applications to show up nicely in software "