Documentation/security/LSM.txt

Chinese translated version of Documentation/security/LSM.txt

If you have any comment or update to the content, please contact the
original document maintainer directly.  However, if you have a problem
communicating in English you can also ask the Chinese maintainer for
help.  Contact the Chinese maintainer if this translation is outdated
or if there is a problem with the translation.

Chinese maintainer:Luo Yangyang <794436342@qq.com>
---------------------------------------------------------------------
Documentation/security/LSM.txt 的中文翻译

如果想评论或更新本文的内容,请直接联系原文档的维护者。如果你使用英文
交流有困难的话,也可以向中文版维护者求助。如果本翻译更新不及时或者翻
译存在问题,请联系中文版维护者。

中文版维护者: 罗秧秧  <794436342@qq.com>
中文版翻译者: 罗秧秧  <794436342@qq.com>
中文版校译者: 罗秧秧  <794436342@qq.com>

以下为正文
---------------------------------------------------------------------

Linux Security Module framework
-------------------------------
Linux安全模块框架
-------------------------------


The Linux Security Module (LSM) framework provides a mechanism for
various security checks to be hooked by new kernel extensions. The name
"module" is a bit of a misnomer since these extensions are not actually
loadable kernel modules. Instead, they are selectable at build-time via
CONFIG_DEFAULT_SECURITY and can be overridden at boot-time via the
"security=..." kernel command line argument, in the case where multiple
LSMs were built into a given kernel.

Linux安全模块( LSM )框架提供了一种机制,可以通过新的内核扩展钩进行各种安全检查。
这个名字“模块”是一个有点使用不当的名称,因为这些扩展实际上不是
真的可加载内核模块。相反,它们在编译时选择通过
CONFIG_DEFAULT_SECURITY,和在开机时通过
“security=...”内核命令行参数可以重写覆盖,在这种情况下,多
个Linux安全模块被建在一个给定的内核里。

The primary users of the LSM interface are Mandatory Access Control
(MAC) extensions which provide a comprehensive security policy. Examples
include SELinux, Smack, Tomoyo, and AppArmor. In addition to the larger
MAC extensions, other extensions can be built using the LSM to provide
specific changes to system operation when these tweaks are not available
in the core functionality of Linux itself.

LSM接口的主要用户是强制访问控制
( MAC )的扩展,它提供了一个全面的安全策略。
比如SELinux, Smack, Tomoyo和AppArmor的。除了较大的
MAC扩展,当这些调整功能不可用在Linux本身的核心功能上时,
其它扩展可以被建立,使用LSM提供对系统操作的具体变化。

Without a specific LSM built into the kernel, the default LSM will be the
Linux capabilities system. Most LSMs choose to extend the capabilities
system, building their checks on top of the defined capability hooks.
For more details on capabilities, see capabilities(7) in the Linux
man-pages project.

没有一个具体的LSM被构建到内核中 ,默认的LSM将是
Linux的能力系统。大多数LSM选择扩展能力
系统,是建立在它们在对定义的能力钩上的检测。
为了得到功能上的更多细节,请参阅Linux人个网页项目里的功能(7)。

Based on http://kerneltrap.org/Linux/Documenting_Security_Module_Intent,
a new LSM is accepted into the kernel when its intent (a description of
what it tries to protect against and in what cases one would expect to
use it) has been appropriately documented in Documentation/security/.
This allows an LSM's code to be easily compared to its goals, and so
that end users and distros can make a more informed decision about which
LSMs suit their requirements.

根据http://kerneltrap.org/Linux/Documenting_Security_Module_Intent ,
当一个新的LSM的意图(描述它试图防止和在什么情况下,人们会期望
使用它)已经被适当地记录在Documentation/security/时,它就被接受进入内核。
这使得一个LSM的代码很容易地与它的目标相比较,所以
最终用户和发行版可以在哪些
LSM满足他们的要求做出更明智的决定。

For extensive documentation on the available LSM hook interfaces, please
see include/linux/security.h.

有关可用的LSM钩接口的大量文档,请查看文档include/linux/security.h。














将QT += core QT -= gui CONFIG += c++11 TARGET = UavRectifyLoadLIb CONFIG += console CONFIG -= app_bundle TEMPLATE = app SOURCES += main.cpp # The following define makes your compiler emit warnings if you use # any feature of Qt which as been marked deprecated (the exact warnings # depend on your compiler). Please consult the documentation of the # deprecated API in order to know how to port your code away from it. DEFINES += QT_DEPRECATED_WARNINGS win32{ CONFIG(debug, debug|release){ DESTDIR = $$PWD/../../../../RasterManager/bin/Debug } else{ DESTDIR = $$PWD/../../../../RasterManager/bin/release } INCLUDEPATH += $$PWD/../../../include/gdal1101 DEPENDPATH += $$PWD/../../../include/gdal1101 } else{ CONFIG(debug, debug|release){ DESTDIR = $$PWD/../../../product/release32 } else{ DESTDIR = $$PWD/../../../product/release32 } } # You can also make your code fail to compile if you use deprecated APIs. # In order to do so, uncomment the following line. # You can also select to disable deprecated APIs only up to a certain version of Qt. #DEFINES += QT_DISABLE_DEPRECATED_BEFORE=0x060000 # disables all the APIs deprecated before Qt 6.0.0 unix:!macx: LIBS += -L$$PWD/../../../product/release32/ -lUAVAutoRectifyMt -lUAVAutoRectify -lUAVAutoRectifyFi INCLUDEPATH += $$PWD/../include DEPENDPATH += $$PWD/../include unix:!macx: LIBS += -L$$PWD/../../../lib/opencvf249/ -lopencv_core unix:!macx: LIBS += -L$$PWD/../../../lib/opencvf249/ -lopencv_highgui unix:!macx: LIBS += -L$$PWD/../../../lib/opencvf249/ -lopencv_imgproc INCLUDEPATH += $$PWD/../../../lib/opencvf249 DEPENDPATH += $$PWD/../../../lib/opencvf249 unix:!macx: LIBS += -L$$PWD/../../../../../../../usr/local/lib/ -lopencv_core #unix:!macx: LIBS += -L$$PWD/../../../../../../../usr/local/lib/ -lopencv_highgui unix:!macx: LIBS += -L$$PWD/../../../../../../../usr/local/lib/ -lopencv_imgproc unix:!macx: LIBS += -L$$PWD/../../../../../../../usr/local/lib/ -lopencv_features2d unix:!macx: LIBS += -L$$PWD/../../../../../../../usr/local/lib/ -lopencv_imgcodecs INCLUDEPATH += $$PWD/../../../../../../../usr/local/include DEPENDPATH += $$PWD/../../../../../../../usr/local/include unix:!macx: LIBS += -L$$PWD/../../../product/release32/ -lDEMDriver unix:!macx: LIBS += -L$$PWD/../../../product/release32/ -lProjection unix:!macx: LIBS += -L$$PWD/../../../product/release32/ -lIImage_gC QMAKE_CXXFLAGS_RELEASE = $$QMAKE_CFLAGS_RELEASE_WITH_DEBUGINFO QMAKE_LFLAGS_RELEASE = $$QMAKE_LFLAGS_RELEASE_WITH_DEBUGINFO 转为cmake格式
06-11
根据给出的代码,可以将其转化为以下CMake代码: ``` cmake_minimum_required(VERSION 3.5) project(UavRectifyLoadLIb LANGUAGES CXX) set(CMAKE_CXX_STANDARD 11) set(CMAKE_CXX_STANDARD_REQUIRED ON) set(CMAKE_AUTOMOC ON) set(CMAKE_AUTORCC ON) set(CMAKE_AUTOUIC ON) find_package(Qt5Core REQUIRED) add_executable(UavRectifyLoadLIb main.cpp ) target_link_libraries(UavRectifyLoadLIb PRIVATE Qt5::Core UAVAutoRectifyMt UAVAutoRectify UAVAutoRectifyFi DEMDriver Projection IImage_gC opencv_core opencv_highgui opencv_imgproc opencv_features2d opencv_imgcodecs ) target_include_directories(UavRectifyLoadLIb PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../../include/gdal1101 ${CMAKE_CURRENT_SOURCE_DIR}/../include ${CMAKE_CURRENT_SOURCE_DIR}/../../../lib/opencvf249 ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../../usr/local/include ) if(UNIX AND NOT APPLE) target_link_directories(UavRectifyLoadLIb PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../../product/release32 ${CMAKE_CURRENT_SOURCE_DIR}/../../../../../../../usr/local/lib ) endif() if(WIN32) if(CMAKE_BUILD_TYPE STREQUAL "Debug") set_target_properties(UavRectifyLoadLIb PROPERTIES RUNTIME_OUTPUT_DIRECTORY_DEBUG ${CMAKE_CURRENT_SOURCE_DIR}/../../../../RasterManager/bin/Debug ) else() set_target_properties(UavRectifyLoadLIb PROPERTIES RUNTIME_OUTPUT_DIRECTORY_RELEASE ${CMAKE_CURRENT_SOURCE_DIR}/../../../../RasterManager/bin/release ) endif() else() if(CMAKE_BUILD_TYPE STREQUAL "Debug") set_target_properties(UavRectifyLoadLIb PROPERTIES RUNTIME_OUTPUT_DIRECTORY_DEBUG ${CMAKE_CURRENT_SOURCE_DIR}/../../../product/release32 ) else() set_target_properties(UavRectifyLoadLIb PROPERTIES RUNTIME_OUTPUT_DIRECTORY_RELEASE ${CMAKE_CURRENT_SOURCE_DIR}/../../../product/release32 ) endif() endif() ```
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值