From owner-p4-projects  Mon Jan 20 21:23:25 2003
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 7A46337B405; Mon, 20 Jan 2003 21:23:20 -0800 (PST)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 28E1237B401
	for <perforce@freebsd.org>; Mon, 20 Jan 2003 21:23:20 -0800 (PST)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A697943F18
	for <perforce@freebsd.org>; Mon, 20 Jan 2003 21:23:19 -0800 (PST)
	(envelope-from chris@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h0L5NJbv063103
	for <perforce@freebsd.org>; Mon, 20 Jan 2003 21:23:19 -0800 (PST)
	(envelope-from chris@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h0L5NJ84063100
	for perforce@freebsd.org; Mon, 20 Jan 2003 21:23:19 -0800 (PST)
Date: Mon, 20 Jan 2003 21:23:19 -0800 (PST)
Message-Id: <200301210523.h0L5NJ84063100@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to chris@freebsd.org using -f
From: Chris Costello <chris@FreeBSD.org>
Subject: PERFORCE change 24012 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://perforce.freebsd.org/chv.cgi?CH=24012

Change 24012 by chris@chris_holly on 2003/01/20 21:22:40

	Break the chapters into individual files.
	
	Update the security definition as prompted by
	Wayne Morrison <tewok@tislabs.com>.  By not singling out privacy
	policies as being somehow more important than others and by
	expanding on well-being is, the risk of the reader thinking that
	privacy policies are the most common kind (they are not, FWIW, but
	that doesn't matter).

Affected files ...

.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/Makefile#2 edit
.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/book.sgml#5 edit
.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/chapter.decl#1 add
.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/chapters.ent#2 edit
.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/introduction/security-defined.sgml#1 add
.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/introduction/security-definitions.sgml#1 add

Differences ...

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/Makefile#2 (text+ko) ====

@@ -32,7 +32,7 @@
 
 MAINTAINER=	chris@FreeBSD.org
 DOC?=		book
-FORMATS?=	html-split
+FORMATS?=	html-split html
 
 INSTALL_COMPRESSED?=	gz
 

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/book.sgml#5 (text+ko) ====

@@ -157,7 +157,7 @@
   <preface id="preface">
     <title>Preface</title>
 
-    <section id="audience">
+    <section id="preface.audience">
       <title>This Book's Audience</title>
 
       <para>This book is primarily targeted at system developers in an
@@ -169,6 +169,12 @@
         &man.sprog.7; manual page is intended to serve that
         purpose.</para>
     </section>
+
+    <section id="preface.organization">
+      <title>Organization of this Book</title>
+
+      <para>...</para>
+    </section>
   </preface>
 
   <part id="introduction">
@@ -184,93 +190,8 @@
         FreeBSD security architecture.</para>
     </partintro>
 
-    <chapter id="introduction.security-defined">
-      <title>Security Defined</title>
-
-      <para>System security is often looked at as having the quality
-        of being inaccessible by unauthorized users.  Application
-        security is looked at as having the quality of being able to
-        handle any sort of input, regardless of validity.  Network
-        security is considered as having a fortress-like
-        impenetrability from the perspective of an outside
-        observer.</para>
-
-      <para>The common thread in all of these definitions is
-        essentially that security is the state of functioning as
-        intended.  Those that should have access to various files in
-        the system do, and those that should not do not.  Those that
-        should have access to the network have it, and those that
-        should not do not.</para>
-
-      <para><emphasis>Security, therefore, is defined as the
-          enforcement of the appropriate use of system
-          resources.</emphasis>  The implementation may enforce this
-        arbitrarily and may have its own ideas on what
-        <quote>appropriate</quote> is, but generally,
-        <quote>appropriate</quote> means that resources are protected
-        in a manner favoring privacy and the overall well-being of the
-        system.</para>
-    </chapter>
-
-    <chapter id="introduction.security-definitions">
-      <title>Security-Related Definitions</title>
-
-      <para>Aside from <quote>security,</quote> this document will
-        make reference to other terms which must be clearly defined.
-        These terms will be used in the strictest sense of the
-        definitions set forth below.</para>
-
-      <section id="introduction.security-definitions.security-policy">
-        <title>Security Policy</title>
-
-        <para>While <quote>security</quote> is defined as
-          <emphasis>the enforcement of the appropriate use of system
-            resources</emphasis>, <quote>security policy</quote> is
-          defined as <emphasis>the set of rules that determine what
-            constitutes <quote>appropriate</quote></emphasis>.  These
-          rules can usually be laid out in a similar fashion to a
-          standard or RFC document: <quote>this resource MUST be used
-            in this fashion only</quote>, <quote>this resource MUST
-            NOT be used in this fashion</quote>, etc.</para>
-
-        <para>The FreeBSD operating system does not specify one single
-          security policy.  Rather, a conglomeration of policies
-          specially tailored to specific <emphasis>classes</emphasis>
-          of resources, such as network-related resources, virtual
-          memory resources, file system resources, and system uses,
-          comes together to form the overall FreeBSD security
-          architecture.</para>
-
-        <para>Security policies are found in a variety of forms.
-          <emphasis>DAC</emphasis>, on file system objects,
-          <emphasis>MAC</emphasis>, on all system subjects and
-          objects.</para>
-      </section>
-
-      <section
-               id="introduction.security-definitions.resource-classification">
-        <title>Resource Classifications</title>
-
-        <para>This document classifies system resources into
-          <emphasis>subjects</emphasis> and
-          <emphasis>objects</emphasis>.  Most simply, a
-          <emphasis>subject</emphasis> is something that performs some
-          action.  Examples of subjects might be processes, sockets,
-          and pipes.  Logically, an <emphasis>object</emphasis> is
-          something that has some action performed on it.  Examples of
-          objects might be file system objects, devices, network
-          interfaces, processes, and processes.</para>
-
-        <para>The overlap in the examples for subjects and objects is
-          intentional&mdash;it emphasizes the point that due to the
-          principle that subjects might perform some action on one
-          another, then in having some action performed on it, that
-          subject must then be an object.  It is advised that the
-          reader does not make the mistake of equating
-          <emphasis>subject</emphasis> with
-          <emphasis>person</emphasis>.</para>
-      </section>
-    </chapter>
+    &chap.introduction.security-defined;
+    &chap.introduction.security-definitions;
   </part>
 </book>
 

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/chapters.ent#2 (text+ko) ====

@@ -1,5 +1,2 @@
-<!ENTITY chap.traditional.unixdac	SYSTEM	"traditional/unixdac.sgml">
-<!ENTITY chap.traditional.superuser	SYSTEM	"traditional/superuser.sgml">
-
-<!ENTITY chap.concepts.unix		SYSTEM	"concepts/unix.sgml">
-<!ENTITY chap.concepts.trusted		SYSTEM 	"concepts/trusted.sgml">
+<!ENTITY chap.introduction.security-defined	SYSTEM "introduction/security-defined.sgml">
+<!ENTITY chap.introduction.security-definitions	SYSTEM "introduction/security-definitions.sgml">

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message