From owner-freebsd-doc@FreeBSD.ORG Mon May 10 14:25:43 2004 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E0DA916A4D0; Mon, 10 May 2004 14:25:43 -0700 (PDT) Received: from pittgoth.com (14.zlnp1.xdsl.nauticom.net [209.195.149.111]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2BFC043D39; Mon, 10 May 2004 14:25:43 -0700 (PDT) (envelope-from trhodes@FreeBSD.org) Received: from localhost (acs-24-154-235-189.zoominternet.net [24.154.235.189]) (authenticated bits=0) by pittgoth.com (8.12.11/8.12.11) with ESMTP id i4ALPec2063719 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 10 May 2004 17:25:41 -0400 (EDT) (envelope-from trhodes@FreeBSD.org) Date: Mon, 10 May 2004 17:26:07 -0400 From: Tom Rhodes To: Robert Watson Message-Id: <20040510172607.354ecb0a@localhost> In-Reply-To: References: <20040510165153.37575e53@localhost> X-Mailer: Sylpheed version 0.9.10claws (GTK+ 1.2.10; i386-portbld-freebsd5.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: FreeBSD-doc@FreeBSD.org Subject: Re: [REVIEW REQUEST]: New chapter on MAC (draft) X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 May 2004 21:25:44 -0000 On Mon, 10 May 2004 17:12:37 -0400 (EDT) Robert Watson wrote: > > > On Mon, 10 May 2004, Tom Rhodes wrote: > > > I've written a new chapter for the handbook on implementing the MAC > > features in 5.X. It includes configuration, testing, module description > > that augments the section we already have, and shows examples of the > > policies. > > > > I'm not worried about whitespace right now, only correctness in the > > information presented, markup, and wording. > > > > Check out the built chapter at: > > http://people.freebsd.org/~trhodes/mac/mac.html > > > > Check out the source at: > > http://people.freebsd.org/~trhodes/mac/chapter.sgml > > > > And no, that chapter number will not be the same. I plan to place > > this directly under the Security chapter. > > > > Thanks for your time and attention. > > Suggestion: drop the coverage of mac_test, mac_none, and mac_stub. Those > exist much more for the benefit of the developer than the user. You can > mention they exist but I don't think I'd do much more than that, as they > add noise without any real pay-off for most end users. Perhaps I can discuss them in the troubleshooting section or in a simple/basic section. :) > > I think you might want to add a section that summarizes what it is MAC > policies can do (labeling, etc). You can use that to segway to a > discussion of MAC policy trade-offs, including the increased cost of > administration, multilabel file systems, etc. We can do this at the beginning, right where it belongs. :) > > BTW, feel free to send this thread (or related threads) to the trustedbsd > list. I suspect there might be a greater audience there when it comes to > reviewing technical content, but could be mistaken. I was planning to do this; I just wanted some initial review from the doc team first. I'll try to merge your suggestions in tonight or tomorrow before I pack for BSDCan; thanks! -- Tom Rhodes