diff options
author | Tom Rhodes <trhodes@FreeBSD.org> | 2006-04-29 02:04:06 +0000 |
---|---|---|
committer | Tom Rhodes <trhodes@FreeBSD.org> | 2006-04-29 02:04:06 +0000 |
commit | e6f33d1c21f00b92e53a84d8e65fc1523271785e (patch) | |
tree | e14ea6e293ece5e1890bf28f9f63d59807540dbb /en_US.ISO8859-1/books/handbook/mac | |
parent | 99c2c85a757923ea43fb5663cd6e128b1439c236 (diff) | |
download | doc-e6f33d1c21f00b92e53a84d8e65fc1523271785e.tar.gz doc-e6f33d1c21f00b92e53a84d8e65fc1523271785e.zip |
Remove two semicolons accidently removed in the previous revision.
Add definition of "low water mark" and "high water mark." The low water
mark is used by mac_lomac(4), and high water mark is just here for completeness.
Add a missing period.
Notes
Notes:
svn path=/head/; revision=27660
Diffstat (limited to 'en_US.ISO8859-1/books/handbook/mac')
-rw-r--r-- | en_US.ISO8859-1/books/handbook/mac/chapter.sgml | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml index b1d6fcd4bf..cfb3bf90b0 100644 --- a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml @@ -32,7 +32,7 @@ (<acronym>MAC</acronym>) facilities. Mandatory Access Control allows new access control modules to be loaded, implementing new security policies. Some provide protections of a narrow subset of the - system, hardening a particular service Others provide + system, hardening a particular service. Others provide comprehensive labeled security across all subjects and objects. The mandatory part of the definition comes from the fact that the enforcement of @@ -159,6 +159,16 @@ </listitem> <listitem> + <para><emphasis>high water mark</emphasis>: A high water mark + policy is one which permits the raising of security levels + for the purpose of accessing higher level information. In + most cases, the original level is restored after the process + is complete. Currently, the &os; <acronym>MAC</acronym> + framework does not have a policy for this, but the definition + is included for completeness.</para> + </listitem> + + <listitem> <para><emphasis>integrity</emphasis>: Integrity, as a key concept, is the level of trust which can be placed on data. As the integrity of the data is elevated, so does the ability @@ -186,6 +196,16 @@ </listitem> <listitem> + <para><emphasis>low water mark</emphasis>: A low water mark + policy is one which permits lowering of the security levels + for the purpose of accessing information which is less + secure. In most cases, the original security level of the + user is restored after the process is complete. The only + security policy module in &os; to use this is + &man.mac.lomac.4;.</para> + </listitem> + + <listitem> <para><emphasis>multilabel</emphasis>: The <option>multilabel</option> property is a file system option which can be set in single user mode using the @@ -842,11 +862,11 @@ test: biba/high</screen> <itemizedlist> <listitem> - <para>The implementation requirements</para> + <para>The implementation requirements;</para> </listitem> <listitem> - <para>The implementation goals</para> + <para>The implementation goals;</para> </listitem> </itemizedlist> @@ -860,7 +880,7 @@ test: biba/high</screen> <listitem> <para>What sorts of information or resources to restrict - access to and the type of restrictions that should be + access to along with the type of restrictions that should be applied.</para> </listitem> |