path: root/en_US.ISO8859-1/books/handbook/mac
diff options
authorEitan Adler <eadler@FreeBSD.org>2012-02-15 18:37:26 +0000
committerEitan Adler <eadler@FreeBSD.org>2012-02-15 18:37:26 +0000
commit13e629bb887d0c3235ddc3a1e48903a25033066c (patch)
tree4946918fa5045b650d0de2010b2049733d2719a8 /en_US.ISO8859-1/books/handbook/mac
parent4740eff281d6a29d30d4600d12bfd6c4f11c9f79 (diff)
Undo previous commit
In case it isn't already obvious the following are not the same: dcvs ci -F install/chapter.sgml dcvs ci -F log install/chapter.sgml
Notes: svn path=/head/; revision=38463
Diffstat (limited to 'en_US.ISO8859-1/books/handbook/mac')
1 files changed, 7 insertions, 8 deletions
diff --git a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
index c96ff6ad72..55ee7f018d 100644
--- a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
@@ -140,7 +140,7 @@
<sect1 id="mac-inline-glossary">
- <title>Key Terms in This Chapter</title>
+ <title>Key Terms in this Chapter</title>
<para>Before reading this chapter, a few key terms must be
explained. This will hopefully clear up any confusion that
@@ -260,7 +260,7 @@
<para><emphasis>subject</emphasis>: a subject is any
active entity that causes information to flow between
- <emphasis>objects</emphasis>; e.g., a user, user processor,
+ <emphasis>objects</emphasis>; e.g. a user, user processor,
system process, etc. On &os;, this is almost always a thread
acting in a process on behalf of a user.</para>
@@ -1065,7 +1065,7 @@ test: biba/high</screen>
using a variety of <command>sysctl</command> variables. In
essence &man.mac.portacl.4; makes it possible to allow
non-<username>root</username> users to bind to specified
- privileged ports, i.e., ports fewer than 1024.</para>
+ privileged ports, i.e. ports fewer than 1024.</para>
<para>Once loaded, this module will enable the
<acronym>MAC</acronym> policy on all sockets. The following
@@ -1115,13 +1115,13 @@ test: biba/high</screen>
<para>Since the ruleset is interpreted directly by the kernel
only numeric values can be used for the user ID, group ID, and
- port parameters. User, group, and port service names
+ port parameters. I.e. user, group, and port service names
cannot be used.</para>
<para>By default, on &unix;-like systems, ports fewer than 1024
can only be used by/bound to privileged processes,
- i.e., those run as <username>root</username>. For
+ i.e. those run as <username>root</username>. For
&man.mac.portacl.4; to allow non-privileged processes to bind
to ports below 1024 this standard &unix; restriction has to be
disabled. This can be accomplished by setting the &man.sysctl.8;
@@ -1880,8 +1880,7 @@ setpmac biba/10\(10-10\) /usr/local/etc/rc.d/nagios.sh forcestart</userinput></s
<para>For this scenario, the &man.mac.bsdextended.4; mixed with
&man.mac.seeotheruids.4; could co-exist and block access not
- only to system objects, but to hide user processes as
- well.</para>
+ only to system objects but to hide user processes as well.
<para>Begin by adding the following line to
@@ -1984,7 +1983,7 @@ setpmac biba/10\(10-10\) /usr/local/etc/rc.d/nagios.sh forcestart</userinput></s
- <title>Cannot Start a X11 Server After <acronym>MAC</acronym></title>
+ <title>Cannot start a X11 server after <acronym>MAC</acronym></title>
<para>After establishing a secure environment with
<acronym>MAC</acronym>, I am no longer able to start