这些是设备白名单cgroup的指令，它协调由容器执行的设备创建、读和写。

These are directives to the devices whitelist cgroup which will mediate device creation, read, and write by the container.

youdao

读操作的数据必须结束或者截断，否则不能发送写指令。

Data from READ burst must be completed or truncated before a subsequent WRITE command can be issued.

youdao

每个被映射的页面都有读、写以及取指令(也叫执行)的限制。

Each mapped page is restricted in the types of operations that may be performed on its contents: read, write, and instruction fetch (also called execute).

youdao