Date: Mon, 21 Jun 2004 21:07:07 -0400 From: Tom Rhodes <trhodes@FreeBSD.org> To: Brian Fundakowski Feldman <green@FreeBSD.org> Cc: trustedbsd-discuss@TrustedBSD.org Subject: Re: [REVIEW REQUEST]: New chapter on MAC (draft) Message-ID: <20040621210707.1fdf7bcb@localhost.pittgoth.com> In-Reply-To: <20040622010024.GB5470@green.homeunix.org> References: <20040510174918.146df71c@localhost> <20040511160225.1630f3ee@localhost> <20040622010024.GB5470@green.homeunix.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 21 Jun 2004 21:00:24 -0400 Brian Fundakowski Feldman <green@FreeBSD.org> wrote: Whats up Brian? :) > On Tue, May 11, 2004 at 04:02:25PM -0400, Tom Rhodes wrote: > > On Mon, 10 May 2004 17:49:18 -0400 > > Tom Rhodes <trhodes@FreeBSD.org> wrote: > > > > Updated with comments from this list and a few in private. > > > > Check it out: > > > > > Check out the built chapter at: > > > http://people.freebsd.org/~trhodes/mac/mac.html > > > > > > Check out the source at: > > > http://people.freebsd.org/~trhodes/mac/chapter.sgml > > Very nice job! Here are my notes on what I've read: > > 1. In 11.4.1.1, a '/' is missing in the label setting. Can't remember if I fixed this or not. > 2. In 11.4.2 "The Singlelabel" seems syntactically strange, as does > "swap file system." Fixed, > 3. In 11.4.3, perhaps "sysctl -d security.mac" would be better. Hmmm, good point. > 4. The 11.10.1 section seems to end prematurely. I think this has been fixed, > 5. "Sensibility" should be "sensitivity" in 11.11. Why is the number > "six thousand" specifically mentioned? Random pull out of my ass. > 6. In 11.13, the behavior of auxiliary-labeled directories should > be explained. Specifically, this allows creation of directories > with one grade that allow objects, of the auxiliary grade, to be > created in them -- sort of like "sticky directories." For exec, > it results in something similar to "setuid execution." > Noted, I'll probably fix this later. Note that I already committed a version to doc/ but it was a lot better than this version. :) Thanks for the review, sorry I already fixed it. -- Tom Rhodes
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040621210707.1fdf7bcb>