From owner-freebsd-doc@FreeBSD.ORG Sat Feb 5 21:00:51 2005 Return-Path: Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E979716A574 for ; Sat, 5 Feb 2005 21:00:50 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2C03043D3F for ; Sat, 5 Feb 2005 21:00:47 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id j15L0lFI026777 for ; Sat, 5 Feb 2005 21:00:47 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.1/8.13.1/Submit) id j15L0k3W026776; Sat, 5 Feb 2005 21:00:46 GMT (envelope-from gnats) Date: Sat, 5 Feb 2005 21:00:46 GMT Message-Id: <200502052100.j15L0k3W026776@freefall.freebsd.org> To: freebsd-doc@FreeBSD.org From: "Siebrand Mazeland" Subject: Re: docs/77148: [PATCH] Minor text fixes on Handbook chapter MAC X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Siebrand Mazeland List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Feb 2005 21:00:51 -0000 The following reply was made to PR docs/77148; it has been noted by GNATS. From: "Siebrand Mazeland" To: Cc: Subject: Re: docs/77148: [PATCH] Minor text fixes on Handbook chapter MAC Date: Sat, 5 Feb 2005 21:49:45 +0100 After a bit of discussion on #bsddocs, we've made a tiny change to the diff. Index: en_US.ISO8859-1/books/handbook/mac/chapter.sgml =================================================================== RCS file: /home/ncvs/doc/en_US.ISO8859-1/books/handbook/mac/chapter.sgml,v retrieving revision 1.38 diff -u -r1.38 chapter.sgml --- en_US.ISO8859-1/books/handbook/mac/chapter.sgml 12 Jan 2005 01:55:04 -0000 1.38 +++ en_US.ISO8859-1/books/handbook/mac/chapter.sgml 5 Feb 2005 19:35:13 -0000 @@ -303,7 +303,7 @@ files by setting certain objects as classified? In the file system case, access to objects might be - considered confidential to some users but not to others. + considered confidential to some users, but not to others. For an example, a large development team might be broken off into smaller groups of individuals. Developers in project A might not be permitted to access objects written @@ -372,7 +372,7 @@ with a value of low. A few policies which support the labeling feature in - &os; offers three specific predefined labels. These + &os; offer three specific predefined labels. These are the low, high, and equal labels. Although they enforce access control in a different manner with each policy, you can be sure that the low label will be the lowest setting, @@ -385,7 +385,7 @@ used on objects. This will enforce one set of access permissions across the entire system and in many environments may be all that is required. There are a few - cases; however, where multiple labels may be set on objects + cases where multiple labels may be set on objects or subjects in the file system. For those cases, the option may be passed to &man.tunefs.8;. @@ -406,7 +406,7 @@ configures the policy so that users are placed in the appropriate categories/access levels. Alas, many policies can restrict the root user as well. Basic - control over objects will then be released to the group but + control over objects will then be released to the group, but root may revoke or modify the settings at any time. This is the hierarchal/clearance model covered by policies such as Biba and MLS. @@ -1565,7 +1565,7 @@ The biba/high label will permit - writing to objects set at a lower label but not + writing to objects set at a lower label, but not permit reading that object. It is recommended that this label be placed on objects that affect the integrity of the entire system. @@ -1653,7 +1653,7 @@ The MAC version of the Low-watermark integrity policy, not to be confused with the older &man.lomac.4; - implementation, works almost identically to Biba but with the + implementation, works almost identically to Biba, but with the exception of using floating labels to support subject demotion via an auxiliary grade compartment. This secondary compartment takes the form of [auxgrade].