Fix various typo's and grammar nits.
Noticed by: Samy Al Bahra <samy at kerneled dot org>
This commit is contained in:
Remko Lodder
parent
0168f9ce09
commit
287e5fe13b
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=25306
1 changed files with 7 additions and 7 deletions
|
|
@ -224,9 +224,9 @@
|
|||
<title>Framework Management Interfaces</title>
|
||||
|
||||
<para>The TrustedBSD MAC Framework may be directly managed using
|
||||
sysctls, loader tunables, and system calls.</para>
|
||||
sysctl's, loader tunables, and system calls.</para>
|
||||
|
||||
<para>In most cases, sysctls and loader tunables of the same name
|
||||
<para>In most cases, sysctl's and loader tunables of the same name
|
||||
modify the same
|
||||
parameters, and control behavior such as enforcement of
|
||||
protections relating to various kernel subsystems. In addition,
|
||||
|
|
@ -314,7 +314,7 @@
|
|||
<title>Policy Synchronization and Concurrency</title>
|
||||
|
||||
<para>Policy modules must be written to assume that many
|
||||
kernel threads may simultaneously enter one more more
|
||||
kernel threads may simultaneously enter one more
|
||||
policy entry points due to the parallel and preemptive
|
||||
nature of the FreeBSD kernel. If the policy module makes
|
||||
use of mutable state, this may require the use of
|
||||
|
|
@ -468,7 +468,7 @@
|
|||
security labels on vnodes--currently this support is present only
|
||||
in the UFS2 file system. Policy authors may choose to
|
||||
implement multilabel file system object labels using one
|
||||
(or more) extended attributes. For effiency reasons, the
|
||||
(or more) extended attributes. For efficiency reasons, the
|
||||
vnode label (<literal>v_label</literal>) is a cache of any
|
||||
on-disk label; policies are able to load values into the
|
||||
cache when the vnode is instantiated, and update the cache
|
||||
|
|
@ -529,7 +529,7 @@
|
|||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><function>mac_set_fd()</function> may be used to request a
|
||||
<para><function>mac_set_fd()</function> may be used to request
|
||||
a change in the label of an object (file, socket, pipe, ...)
|
||||
referenced by a file descriptor.</para>
|
||||
</listitem>
|
||||
|
|
@ -577,7 +577,7 @@
|
|||
<listitem>
|
||||
<para><function>mac_get_peer()</function>, actually implemented
|
||||
via a socket option, retrieves the label of a remote peer on a
|
||||
socket, if availabl.</para>
|
||||
socket, if available.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
|
|
@ -5322,7 +5322,7 @@ Label destruction o</programlisting>
|
|||
<errorcode>EPERM</errorcode> for lack of privilege, or
|
||||
<errorcode>ESRCH</errorcode> to hide visibility. This call
|
||||
may be made in a number of situations, including
|
||||
inter-process status sysctls used by <command>ps</command>,
|
||||
inter-process status sysctl's used by <command>ps</command>,
|
||||
and in procfs lookups.</para>
|
||||
</sect3>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue