diff options
Diffstat (limited to 'en_US.ISO8859-1/books/handbook/mac')
-rw-r--r-- | en_US.ISO8859-1/books/handbook/mac/chapter.sgml | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml index 55ee7f018d..d3b7cd3690 100644 --- a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml @@ -140,7 +140,7 @@ </sect1> <sect1 id="mac-inline-glossary"> - <title>Key Terms in this Chapter</title> + <title>Key Terms in This Chapter</title> <para>Before reading this chapter, a few key terms must be explained. This will hopefully clear up any confusion that @@ -260,7 +260,7 @@ <listitem> <para><emphasis>subject</emphasis>: a subject is any active entity that causes information to flow between - <emphasis>objects</emphasis>; e.g. a user, user processor, + <emphasis>objects</emphasis>; e.g., a user, user process, system process, etc. On &os;, this is almost always a thread acting in a process on behalf of a user.</para> </listitem> @@ -1065,7 +1065,7 @@ test: biba/high</screen> using a variety of <command>sysctl</command> variables. In essence &man.mac.portacl.4; makes it possible to allow non-<username>root</username> users to bind to specified - privileged ports, i.e. ports fewer than 1024.</para> + privileged ports, i.e., ports below 1024.</para> <para>Once loaded, this module will enable the <acronym>MAC</acronym> policy on all sockets. The following @@ -1115,13 +1115,13 @@ test: biba/high</screen> <note> <para>Since the ruleset is interpreted directly by the kernel only numeric values can be used for the user ID, group ID, and - port parameters. I.e. user, group, and port service names - cannot be used.</para> + port parameters. Names cannot be used for users, groups, or + services.</para> </note> - <para>By default, on &unix;-like systems, ports fewer than 1024 + <para>By default, on &unix;-like systems, ports below 1024 can only be used by/bound to privileged processes, - i.e. those run as <username>root</username>. For + i.e., those run as <username>root</username>. For &man.mac.portacl.4; to allow non-privileged processes to bind to ports below 1024 this standard &unix; restriction has to be disabled. This can be accomplished by setting the &man.sysctl.8; @@ -1880,7 +1880,8 @@ setpmac biba/10\(10-10\) /usr/local/etc/rc.d/nagios.sh forcestart</userinput></s <para>For this scenario, the &man.mac.bsdextended.4; mixed with &man.mac.seeotheruids.4; could co-exist and block access not - only to system objects but to hide user processes as well. + only to system objects, but to hide user processes as + well.</para> <para>Begin by adding the following line to <filename>/boot/loader.conf</filename>:</para> @@ -1983,7 +1984,7 @@ setpmac biba/10\(10-10\) /usr/local/etc/rc.d/nagios.sh forcestart</userinput></s </sect2> <sect2> - <title>Cannot start a X11 server after <acronym>MAC</acronym></title> + <title>X11 Server Will Not Start After <acronym>MAC</acronym></title> <para>After establishing a secure environment with <acronym>MAC</acronym>, I am no longer able to start |