Date: Fri, 24 Jan 2003 16:39:01 -0800 (PST) From: Chris Costello <chris@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 24158 for review Message-ID: <200301250039.h0P0d1bx044827@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=24158 Change 24158 by chris@chris_holly on 2003/01/24 16:38:00 o Formatting nit o Define MAC and DAC Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/introduction/security-definitions.sgml#3 edit Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/introduction/security-definitions.sgml#3 (text+ko) ==== @@ -35,8 +35,7 @@ </section> <!-- XXX: Can we come up with a better name for this section? --> - <section - id="introduction.security-definitions.classifications"> + <section id="introduction.security-definitions.classifications"> <title>Subjects and Objects</title> <!-- XXX: Does this resource reference also need to go? --> @@ -59,6 +58,34 @@ <emphasis>subject</emphasis> with <emphasis>person</emphasis>.</para> </section> + + <section id="introduction.security-definitions.dac"> + <title>DAC</title> + + <para><quote><acronym>DAC</acronym></quote> is short for + <emphasis>Discretionary Access Control</emphasis>. + <acronym>DAC</acronym> refers to the traditional file + permissions mechanism, as well as <acronym>ACLs</acronym>, or + Access Control Lists. <acronym>DAC</acronym> is so named + because its enforcement is directly at the discretion of the + file's owner: the owner can specify exactly what access + protections are necessary for the file.</para> + </section> + + <section id="introduction.security-definitions.mac"> + <title>MAC</title> + + <para><quote><acronym>MAC</acronym></quote> is short for + <emphasis>Mandatory Access Control</emphasis>. + <acronym>MAC</acronym> refers to security policies which do not + allow the owner of a system object to directly decide what + access protections the object has, and what access protections + the object does not have. Often, a <acronym>MAC</acronym> + policy will allow subjects and objects to carry with it a + <quote>label</quote>. A <acronym>MAC</acronym> label consists + of additional metadata to be used by <acronym>MAC</acronym> + policies in deciding access protections.</para> + </section> </chapter> <!-- Keep this comment at the end of the file Local variables: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301250039.h0P0d1bx044827>