From owner-p4-projects Fri Jan 24 16:39: 5 2003 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id C30A737B405; Fri, 24 Jan 2003 16:39:02 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5BB8637B401 for ; Fri, 24 Jan 2003 16:39:02 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id A3E5543F18 for ; Fri, 24 Jan 2003 16:39:01 -0800 (PST) (envelope-from chris@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h0P0d1bv044830 for ; Fri, 24 Jan 2003 16:39:01 -0800 (PST) (envelope-from chris@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h0P0d1bx044827 for perforce@freebsd.org; Fri, 24 Jan 2003 16:39:01 -0800 (PST) Date: Fri, 24 Jan 2003 16:39:01 -0800 (PST) Message-Id: <200301250039.h0P0d1bx044827@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to chris@freebsd.org using -f From: Chris Costello Subject: PERFORCE change 24158 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=24158 Change 24158 by chris@chris_holly on 2003/01/24 16:38:00 o Formatting nit o Define MAC and DAC Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/introduction/security-definitions.sgml#3 edit Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/introduction/security-definitions.sgml#3 (text+ko) ==== @@ -35,8 +35,7 @@ -
+
Subjects and Objects @@ -59,6 +58,34 @@ subject with person.
+ +
+ DAC + + DAC is short for + Discretionary Access Control. + DAC refers to the traditional file + permissions mechanism, as well as ACLs, or + Access Control Lists. DAC is so named + because its enforcement is directly at the discretion of the + file's owner: the owner can specify exactly what access + protections are necessary for the file. +
+ +
+ MAC + + MAC is short for + Mandatory Access Control. + MAC refers to security policies which do not + allow the owner of a system object to directly decide what + access protections the object has, and what access protections + the object does not have. Often, a MAC + policy will allow subjects and objects to carry with it a + label. A MAC label consists + of additional metadata to be used by MAC + policies in deciding access protections. +