Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 10 May 2004 17:12:37 -0400 (EDT)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Tom Rhodes <trhodes@FreeBSD.org>
Cc:        FreeBSD-doc@FreeBSD.org
Subject:   Re: [REVIEW REQUEST]: New chapter on MAC (draft)
Message-ID:  <Pine.NEB.3.96L.1040510171049.98179C-100000@fledge.watson.org>
In-Reply-To: <20040510165153.37575e53@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help 


On Mon, 10 May 2004, Tom Rhodes wrote: 

> I've written a new chapter for the handbook on implementing the MAC
> features in 5.X.  It includes configuration, testing, module description
> that augments the section we already have, and shows examples of the
> policies. 
> 
> I'm not worried about whitespace right now, only correctness in the
> information presented, markup, and wording. 
> 
> Check out the built chapter at:
> http://people.freebsd.org/~trhodes/mac/mac.html
> 
> Check out the source at:
> http://people.freebsd.org/~trhodes/mac/chapter.sgml
> 
> And no, that chapter number will not be the same.  I plan to place
> this directly under the Security chapter.
> 
> Thanks for your time and attention. 

Suggestion: drop the coverage of mac_test, mac_none, and mac_stub.  Those
exist much more for the benefit of the developer than the user.  You can
mention they exist but I don't think I'd do much more than that, as they
add noise without any real pay-off for most end users.

I think you might want to add a section that summarizes what it is MAC
policies can do (labeling, etc).  You can use that to segway to a
discussion of MAC policy trade-offs, including the increased cost of
administration, multilabel file systems, etc.

BTW, feel free to send this thread (or related threads) to the trustedbsd
list.  I suspect there might be a greater audience there when it comes to 
reviewing technical content, but could be mistaken.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Senior Research Scientist, McAfee Research

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1040510171049.98179C-100000>