From babae0ae2d48995241b88b9274eea99667941ec2 Mon Sep 17 00:00:00 2001
From: Chin-San Huang <chinsan@FreeBSD.org>
Date: Wed, 27 Jun 2007 11:49:40 +0000
Subject: Remove the deprecated description about MAC.

Noticed by:	kevlo, vanilla (via irc)
---
 en_US.ISO8859-1/books/handbook/mac/chapter.sgml | 86 -------------------------
 1 file changed, 86 deletions(-)

(limited to 'en_US.ISO8859-1/books/handbook')

diff --git a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
index 0b93f16ad6..4f6fa68844 100644
--- a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
@@ -764,92 +764,6 @@ test: biba/high</screen>
 	  <xref linkend="mac-troubleshoot"> of this chapter.</para>
       </note>
     </sect2>
-
-    <sect2>
-      <title>Controlling MAC with Tunables</title>
-
-      <para>Without any modules loaded, there are still some parts
-        of <acronym>MAC</acronym> which may be configured using
-	the <command>sysctl</command> interface.  These tunables
-	are described below and in all cases the number one (1)
-	means enabled while the number zero (0) means
-	disabled:</para>
-
-      <itemizedlist>
-	<listitem>
-	  <para><literal>security.mac.enforce_fs</literal> defaults to
-	    one (1) and enforces <acronym>MAC</acronym> file system
-	    policies on the file systems.</para>
-	</listitem>
-
-	<listitem>
-	  <para><literal>security.mac.enforce_kld</literal> defaults to
-	    one (1) and enforces <acronym>MAC</acronym> kernel linking
-	    policies on the dynamic kernel linker (see
-	    &man.kld.4;).</para>
-	</listitem>
-
-	<listitem>
-	  <para><literal>security.mac.enforce_network</literal> defaults
-	    to one (1) and enforces <acronym>MAC</acronym> network
-	    policies.</para>
-	</listitem>
-
-	<listitem>
-	  <para><literal>security.mac.enforce_pipe</literal> defaults
-	    to one (1) and enforces <acronym>MAC</acronym> policies
-	    on pipes.</para>
-	</listitem>
-
-	<listitem>
-	  <para><literal>security.mac.enforce_process</literal> defaults
-	    to one (1) and enforces <acronym>MAC</acronym> policies
-	    on processes which utilize inter-process
-	    communication.</para>
-	</listitem>
-
-	<listitem>
-	  <para><literal>security.mac.enforce_socket</literal> defaults
-	    to one (1) and enforces <acronym>MAC</acronym> policies
-	    on sockets (see the &man.socket.2; manual page).</para>
-	</listitem>
-
-	<listitem>
-	  <para><literal>security.mac.enforce_system</literal> defaults
-	    to one (1) and enforces <acronym>MAC</acronym> policies
-	    on system activities such as accounting and
-	    rebooting.</para>
-	</listitem>
-
-	<listitem>
-	  <para><literal>security.mac.enforce_vm</literal> defaults
-	    to one (1) and enforces <acronym>MAC</acronym> policies
-	    on the virtual memory system.</para>
-	</listitem>
-      </itemizedlist>
-
-      <note>
-	<para>Every policy or <acronym>MAC</acronym> option supports
-	  tunables.  These usually hang off of the
-	  <literal>security.mac.&lt;policyname&gt;</literal> tree.
-	  To view all of the tunables from <acronym>MAC</acronym>
-	  use the following command:</para>
-
-	<screen>&prompt.root; <userinput>sysctl -da | grep mac</userinput></screen>
-      </note>
-
-      <para>This should be interpreted as all of the basic
-	<acronym>MAC</acronym> policies are enforced by default.
-	If the modules were built into the kernel the system
-	would be extremely locked down and most likely unable to
-	communicate with the local network or connect to the Internet,
-	etc.  This is why building the modules into the kernel is not
-	completely recommended.  Not because it limits the ability to
-	disable features on the fly with <command>sysctl</command>,
-	but it permits the administrator to instantly switch the
-	policies of a system without the requirement of rebuilding
-	and reinstalling a new system.</para>
-    </sect2>
   </sect1>
 
   <sect1 id="mac-planning">
-- 
cgit v1.2.3