Date: Sat, 5 Feb 2005 21:00:46 GMT From: "Siebrand Mazeland" <s.mazeland@xs4all.nl> To: freebsd-doc@FreeBSD.org Subject: Re: docs/77148: [PATCH] Minor text fixes on Handbook chapter MAC Message-ID: <200502052100.j15L0k3W026776@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR docs/77148; it has been noted by GNATS. From: "Siebrand Mazeland" <s.mazeland@xs4all.nl> To: <freebsd-gnats-submit@FreeBSD.org> Cc: Subject: Re: docs/77148: [PATCH] Minor text fixes on Handbook chapter MAC Date: Sat, 5 Feb 2005 21:49:45 +0100 After a bit of discussion on #bsddocs, we've made a tiny change to the diff. Index: en_US.ISO8859-1/books/handbook/mac/chapter.sgml =================================================================== RCS file: /home/ncvs/doc/en_US.ISO8859-1/books/handbook/mac/chapter.sgml,v retrieving revision 1.38 diff -u -r1.38 chapter.sgml --- en_US.ISO8859-1/books/handbook/mac/chapter.sgml 12 Jan 2005 01:55:04 -0000 1.38 +++ en_US.ISO8859-1/books/handbook/mac/chapter.sgml 5 Feb 2005 19:35:13 -0000 @@ -303,7 +303,7 @@ files by setting certain objects as classified?</para> <para>In the file system case, access to objects might be - considered confidential to some users but not to others. + considered confidential to some users, but not to others. For an example, a large development team might be broken off into smaller groups of individuals. Developers in project A might not be permitted to access objects written @@ -372,7 +372,7 @@ with a value of <quote>low</quote>.</para> <para>A few policies which support the labeling feature in - &os; offers three specific predefined labels. These + &os; offer three specific predefined labels. These are the low, high, and equal labels. Although they enforce access control in a different manner with each policy, you can be sure that the low label will be the lowest setting, @@ -385,7 +385,7 @@ used on objects. This will enforce one set of access permissions across the entire system and in many environments may be all that is required. There are a few - cases; however, where multiple labels may be set on objects + cases where multiple labels may be set on objects or subjects in the file system. For those cases, the <option>multilabel</option> option may be passed to &man.tunefs.8;.</para> @@ -406,7 +406,7 @@ configures the policy so that users are placed in the appropriate categories/access levels. Alas, many policies can restrict the <username>root</username> user as well. Basic - control over objects will then be released to the group but + control over objects will then be released to the group, but <username>root</username> may revoke or modify the settings at any time. This is the hierarchal/clearance model covered by policies such as Biba and <acronym>MLS</acronym>.</para> @@ -1565,7 +1565,7 @@ <listitem> <para>The <literal>biba/high</literal> label will permit - writing to objects set at a lower label but not + writing to objects set at a lower label, but not permit reading that object. It is recommended that this label be placed on objects that affect the integrity of the entire system.</para> @@ -1653,7 +1653,7 @@ <para>The <acronym>MAC</acronym> version of the Low-watermark integrity policy, not to be confused with the older &man.lomac.4; - implementation, works almost identically to Biba but with the + implementation, works almost identically to Biba, but with the exception of using floating labels to support subject demotion via an auxiliary grade compartment. This secondary compartment takes the form of <literal>[auxgrade]</literal>.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502052100.j15L0k3W026776>