From owner-svn-doc-head@FreeBSD.ORG  Sun Nov 17 05:21:12 2013
Return-Path: <owner-svn-doc-head@FreeBSD.ORG>
Delivered-To: svn-doc-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 2F825BE9;
 Sun, 17 Nov 2013 05:21:12 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0DCB22957;
 Sun, 17 Nov 2013 05:21:12 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id rAH5LBCr040158;
 Sun, 17 Nov 2013 05:21:11 GMT (envelope-from trhodes@svn.freebsd.org)
Received: (from trhodes@localhost)
 by svn.freebsd.org (8.14.7/8.14.5/Submit) id rAH5LBMQ040157;
 Sun, 17 Nov 2013 05:21:11 GMT (envelope-from trhodes@svn.freebsd.org)
Message-Id: <201311170521.rAH5LBMQ040157@svn.freebsd.org>
From: Tom Rhodes <trhodes@FreeBSD.org>
Date: Sun, 17 Nov 2013 05:21:11 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r43200 - head/en_US.ISO8859-1/books/handbook/mac
X-SVN-Group: doc-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-head@freebsd.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: SVN commit messages for the doc tree for head
 <svn-doc-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-doc-head>,
 <mailto:svn-doc-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-head/>
List-Post: <mailto:svn-doc-head@freebsd.org>
List-Help: <mailto:svn-doc-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-doc-head>,
 <mailto:svn-doc-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Nov 2013 05:21:12 -0000

Author: trhodes
Date: Sun Nov 17 05:21:11 2013
New Revision: 43200
URL: http://svnweb.freebsd.org/changeset/doc/43200

Log:
  Collapse the various policy discussions into a
  single section.
  
  Discussed with:	dru

Modified:
  head/en_US.ISO8859-1/books/handbook/mac/chapter.xml

Modified: head/en_US.ISO8859-1/books/handbook/mac/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/mac/chapter.xml	Sat Nov 16 22:58:33 2013	(r43199)
+++ head/en_US.ISO8859-1/books/handbook/mac/chapter.xml	Sun Nov 17 05:21:11 2013	(r43200)
@@ -763,7 +763,14 @@ test: biba/high</screen>
       option is called <option>multilabel</option>.</para>
   </sect1>
 
-  <sect1 xml:id="mac-seeotheruids">
+  <sect1 xml:id="mac-policies">
+    <title>Available MAC Policies</title>
+
+    <para>&os; includes a group of policies that will cover
+      most security requirements.  Each policy is discussed
+      below.</para>
+
+  <sect2 xml:id="mac-seeotheruids">
     <title>The MAC See Other UIDs Policy</title>
 
     <indexterm>
@@ -816,9 +823,9 @@ test: biba/high</screen>
 	  may not be set.</para>
       </listitem>
     </itemizedlist>
-  </sect1>
+  </sect2>
 
-  <sect1 xml:id="mac-bsdextended">
+  <sect2 xml:id="mac-bsdextended">
     <title>The MAC BSD Extended Policy</title>
 
     <indexterm>
@@ -855,7 +862,7 @@ test: biba/high</screen>
       module as incorrect use could block access to certain parts of
       the file system.</para>
 
-    <sect2>
+    <sect3>
       <title>Examples</title>
 
       <para>After the &man.mac.bsdextended.4; module has been loaded,
@@ -895,10 +902,10 @@ test: biba/high</screen>
 
       <para>For more information, refer to &man.mac.bsdextended.4; and
 	&man.ugidfw.8;</para>
-    </sect2>
-  </sect1>
+    </sect3>
+  </sect2>
 
-  <sect1 xml:id="mac-ifoff">
+  <sect2 xml:id="mac-ifoff">
     <title>The MAC Interface Silencing Policy</title>
 
     <indexterm>
@@ -947,9 +954,9 @@ test: biba/high</screen>
       <package>security/aide</package> to
       automatically block network traffic if it finds new or altered
       files in protected directories.</para>
-  </sect1>
+  </sect2>
 
-  <sect1 xml:id="mac-portacl">
+  <sect2 xml:id="mac-portacl">
     <title>The MAC Port Access Control List Policy</title>
 
     <indexterm>
@@ -1035,7 +1042,7 @@ net.inet.ip.portrange.reservedhigh=0</us
     <para>See the examples below or refer to &man.mac.portacl.4; for
       further information.</para>
 
-    <sect2>
+    <sect3>
       <title>Examples</title>
 
       <para>Since the <systemitem class="username">root</systemitem> user should not be
@@ -1060,10 +1067,10 @@ net.inet.ip.portrange.reservedhigh=0</us
 
       <screen>&prompt.root; <userinput>sysctl security.mac.portacl.rules=uid:1001:tcp:110,uid:1001:tcp:995</userinput></screen>
 
-    </sect2>
-  </sect1>
+    </sect3>
+  </sect2>
 
-  <sect1 xml:id="mac-partition">
+  <sect2 xml:id="mac-partition">
     <title>The MAC Partition Policy</title>
 
     <indexterm>
@@ -1113,7 +1120,7 @@ net.inet.ip.portrange.reservedhigh=0</us
       spawned by users in the <literal>insecure</literal> class will
       stay in the <literal>partition/13</literal> label.</para>
 
-    <sect2>
+    <sect3>
       <title>Examples</title>
 
       <para>The following command will display the partition label
@@ -1143,10 +1150,10 @@ net.inet.ip.portrange.reservedhigh=0</us
 	  options, including their limitations, are further explained
 	  in the module manual pages.</para>
       </note>
-    </sect2>
-  </sect1>
+    </sect3>
+  </sect2>
 
-  <sect1 xml:id="mac-mls">
+  <sect2 xml:id="mac-mls">
     <title>The MAC Multi-Level Security Module</title>
 
     <indexterm>
@@ -1277,7 +1284,7 @@ net.inet.ip.portrange.reservedhigh=0</us
       to <command>setfmac</command>.  This method will be explained
       after all policies are covered.</para>
 
-    <sect2>
+    <sect3>
       <title>Planning Mandatory Sensitivity</title>
 
       <para>When using the MLS policy module, an administrator plans
@@ -1302,10 +1309,10 @@ net.inet.ip.portrange.reservedhigh=0</us
 	include an e-commerce web server, a file server holding
 	critical company information, and financial institution
 	environments.</para>
-    </sect2>
-  </sect1>
+    </sect3>
+  </sect2>
 
-  <sect1 xml:id="mac-biba">
+  <sect2 xml:id="mac-biba">
     <title>The MAC Biba Module</title>
 
     <indexterm>
@@ -1419,7 +1426,7 @@ net.inet.ip.portrange.reservedhigh=0</us
 &prompt.root; <userinput>getfmac test</userinput>
 test: biba/low</screen>
 
-    <sect2>
+    <sect3>
       <title>Planning Mandatory Integrity</title>
 
       <para>Integrity, which is different from sensitivity, guarantees
@@ -1457,10 +1464,10 @@ test: biba/low</screen>
 	development and test machine, and a source code repository.  A
 	less useful implementation would be a personal workstation, a
 	machine used as a router, or a network firewall.</para>
-    </sect2>
-  </sect1>
+    </sect3>
+  </sect2>
 
-  <sect1 xml:id="mac-lomac">
+  <sect2 xml:id="mac-lomac">
     <title>The MAC LOMAC Module</title>
 
     <indexterm>
@@ -1495,7 +1502,7 @@ test: biba/low</screen>
       policy may provide for greater compatibility and require less
       initial configuration than Biba.</para>
 
-    <sect2>
+    <sect3>
       <title>Examples</title>
 
       <para>Like the Biba and <acronym>MLS</acronym> policies,
@@ -1508,7 +1515,8 @@ test: biba/low</screen>
       <para>The auxiliary grade <literal>low</literal> is a feature
 	provided only by the <acronym>MAC</acronym> LOMAC
 	policy.</para>
-    </sect2>
+    </sect3>
+  </sect2>
   </sect1>
 
   <sect1 xml:id="mac-implementing">