path: root/en_US.ISO8859-1/books/handbook/mac
diff options
authorTom Rhodes <trhodes@FreeBSD.org>2006-04-29 02:04:06 +0000
committerTom Rhodes <trhodes@FreeBSD.org>2006-04-29 02:04:06 +0000
commite6f33d1c21f00b92e53a84d8e65fc1523271785e (patch)
treee14ea6e293ece5e1890bf28f9f63d59807540dbb /en_US.ISO8859-1/books/handbook/mac
parent99c2c85a757923ea43fb5663cd6e128b1439c236 (diff)
Remove two semicolons accidently removed in the previous revision.
Add definition of "low water mark" and "high water mark." The low water mark is used by mac_lomac(4), and high water mark is just here for completeness. Add a missing period.
Notes: svn path=/head/; revision=27660
Diffstat (limited to 'en_US.ISO8859-1/books/handbook/mac')
1 files changed, 24 insertions, 4 deletions
diff --git a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
index b1d6fcd4bf..cfb3bf90b0 100644
--- a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
@@ -32,7 +32,7 @@
(<acronym>MAC</acronym>) facilities. Mandatory Access Control allows
new access control modules to be loaded, implementing new security
policies. Some provide protections of a narrow subset of the
- system, hardening a particular service Others provide
+ system, hardening a particular service. Others provide
comprehensive labeled security across all subjects and objects.
The mandatory part
of the definition comes from the fact that the enforcement of
@@ -159,6 +159,16 @@
+ <para><emphasis>high water mark</emphasis>: A high water mark
+ policy is one which permits the raising of security levels
+ for the purpose of accessing higher level information. In
+ most cases, the original level is restored after the process
+ is complete. Currently, the &os; <acronym>MAC</acronym>
+ framework does not have a policy for this, but the definition
+ is included for completeness.</para>
+ </listitem>
+ <listitem>
<para><emphasis>integrity</emphasis>: Integrity, as a key
concept, is the level of trust which can be placed on data.
As the integrity of the data is elevated, so does the ability
@@ -186,6 +196,16 @@
+ <para><emphasis>low water mark</emphasis>: A low water mark
+ policy is one which permits lowering of the security levels
+ for the purpose of accessing information which is less
+ secure. In most cases, the original security level of the
+ user is restored after the process is complete. The only
+ security policy module in &os; to use this is
+ &man.mac.lomac.4;.</para>
+ </listitem>
+ <listitem>
<para><emphasis>multilabel</emphasis>: The
<option>multilabel</option> property is a file system option
which can be set in single user mode using the
@@ -842,11 +862,11 @@ test: biba/high</screen>
- <para>The implementation requirements</para>
+ <para>The implementation requirements;</para>
- <para>The implementation goals</para>
+ <para>The implementation goals;</para>
@@ -860,7 +880,7 @@ test: biba/high</screen>
<para>What sorts of information or resources to restrict
- access to and the type of restrictions that should be
+ access to along with the type of restrictions that should be