From owner-freebsd-doc@FreeBSD.ORG Tue Jun 22 01:00:26 2004 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from green.homeunix.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 5714816A4CE; Tue, 22 Jun 2004 01:00:26 +0000 (GMT) Received: from green.homeunix.org (green@localhost [127.0.0.1]) by green.homeunix.org (8.12.11/8.12.11) with ESMTP id i5M10PcE008259; Mon, 21 Jun 2004 21:00:25 -0400 (EDT) (envelope-from green@green.homeunix.org) Received: (from green@localhost) by green.homeunix.org (8.12.11/8.12.11/Submit) id i5M10PaR008258; Mon, 21 Jun 2004 21:00:25 -0400 (EDT) (envelope-from green) Date: Mon, 21 Jun 2004 21:00:24 -0400 From: Brian Fundakowski Feldman To: Tom Rhodes Message-ID: <20040622010024.GB5470@green.homeunix.org> References: <20040510174918.146df71c@localhost> <20040511160225.1630f3ee@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040511160225.1630f3ee@localhost> User-Agent: Mutt/1.5.6i cc: FreeBSD-doc@FreeBSD.org cc: trustedbsd-discuss@TrustedBSD.org Subject: Re: [REVIEW REQUEST]: New chapter on MAC (draft) X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Jun 2004 01:00:26 -0000 On Tue, May 11, 2004 at 04:02:25PM -0400, Tom Rhodes wrote: > On Mon, 10 May 2004 17:49:18 -0400 > Tom Rhodes wrote: > > Updated with comments from this list and a few in private. > > Check it out: > > > Check out the built chapter at: > > http://people.freebsd.org/~trhodes/mac/mac.html > > > > Check out the source at: > > http://people.freebsd.org/~trhodes/mac/chapter.sgml Very nice job! Here are my notes on what I've read: 1. In 11.4.1.1, a '/' is missing in the label setting. 2. In 11.4.2 "The Singlelabel" seems syntactically strange, as does "swap file system." 3. In 11.4.3, perhaps "sysctl -d security.mac" would be better. 4. The 11.10.1 section seems to end prematurely. 5. "Sensibility" should be "sensitivity" in 11.11. Why is the number "six thousand" specifically mentioned? 6. In 11.13, the behavior of auxiliary-labeled directories should be explained. Specifically, this allows creation of directories with one grade that allow objects, of the auxiliary grade, to be created in them -- sort of like "sticky directories." For exec, it results in something similar to "setuid execution." Let us know whjen you finish the next draft. -- Brian Fundakowski Feldman \'[ FreeBSD ]''''''''''\ <> green@FreeBSD.org \ The Power to Serve! \ Opinions expressed are my own. \,,,,,,,,,,,,,,,,,,,,,,\