* This chapter makes no mention of downloading -CURRENT or -STABLE
sources with CVSup, so remove that pre-requisite from the synopsis. * Remove trhodes user id in a few examples with 'user1' and add a replaceable tag around this user id so that it is rendered in italics. * Comment out a stub section that says something like "This should be written". The text is quite good without it, and when this planned section is added it will be even better. The Handbook is past the point where we should have 'This should be written' stub chapters or sections.
This commit is contained in:
Murray Stokely
parent
53fbdcceb4
commit
1643cf6500
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=21431
1 changed files with 11 additions and 8 deletions
|
|
@ -92,8 +92,7 @@
|
|||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Be familiar with keeping &os; sources up to date
|
||||
(<xref linkend="cutting-edge">), and
|
||||
<para>Be familiar with
|
||||
the basics of kernel configuration/compilation
|
||||
(<xref linkend="kernelconfig">).</para>
|
||||
</listitem>
|
||||
|
|
@ -843,15 +842,15 @@ test: biba/high</screen>
|
|||
<command>ls</command>. A more patriotic list of rules
|
||||
might be:</para>
|
||||
|
||||
<screen>&prompt.root; <userinput>ugidfw set 2 subject uid user object uid trhodes mode n</userinput>
|
||||
&prompt.root; <userinput>ugidfw set 3 subject uid user object gid trhodes mode n</userinput></screen>
|
||||
<screen>&prompt.root; <userinput>ugidfw set 2 subject uid <replaceable>user1</replaceable> object uid <replaceable>user2</replaceable> mode n</userinput>
|
||||
&prompt.root; <userinput>ugidfw set 3 subject uid <replaceable>user1</replaceable> object gid <replaceable>user2</replaceable> mode n</userinput></screen>
|
||||
|
||||
<para>This will block any and all access, including directory
|
||||
listings, to <username>trhodes</username>'s home
|
||||
directory from the username <username>user</username>.</para>
|
||||
listings, to <username><replaceable>user2</replaceable></username>'s home
|
||||
directory from the username <username>user1</username>.</para>
|
||||
|
||||
<para>In place of <username>user</username>, the
|
||||
<option>not uid trhodes</option> could be passed. This will
|
||||
<para>In place of <username>user1</username>, the
|
||||
<option>not uid <replaceable>user2</replaceable></option> could be passed. This will
|
||||
enforce the same access restrictions above for all users
|
||||
in place of just one user.</para>
|
||||
|
||||
|
|
@ -1987,12 +1986,16 @@ PROBLEM: CAN THIS WORK? OR SHOULD IT BE start_precmd? More testing need here.
|
|||
-->
|
||||
</sect1>
|
||||
|
||||
<!--
|
||||
XXX
|
||||
|
||||
<sect1 id="mac-examplesandbox">
|
||||
<title>An Example of a MAC Sandbox</title>
|
||||
|
||||
<para>An example of placing users in a sandbox using
|
||||
<acronym>MAC</acronym> should go here.</para>
|
||||
</sect1>
|
||||
-->
|
||||
|
||||
<sect1 id="mac-troubleshoot">
|
||||
<title>Troubleshooting the MAC Framework</title>
|
||||
|
|
|
|||
Loading…
Reference in a new issue