Fix various typo's and grammar nits.
Noticed by: Samy Al Bahra <samy at kerneled dot org>
This commit is contained in:
Remko Lodder
parent
0168f9ce09
commit
287e5fe13b
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=25306
1 changed files with 7 additions and 7 deletions
|
|
@ -224,9 +224,9 @@
|
||||||
<title>Framework Management Interfaces</title>
|
<title>Framework Management Interfaces</title>
|
||||||
|
|
||||||
<para>The TrustedBSD MAC Framework may be directly managed using
|
<para>The TrustedBSD MAC Framework may be directly managed using
|
||||||
sysctls, loader tunables, and system calls.</para>
|
sysctl's, loader tunables, and system calls.</para>
|
||||||
|
|
||||||
<para>In most cases, sysctls and loader tunables of the same name
|
<para>In most cases, sysctl's and loader tunables of the same name
|
||||||
modify the same
|
modify the same
|
||||||
parameters, and control behavior such as enforcement of
|
parameters, and control behavior such as enforcement of
|
||||||
protections relating to various kernel subsystems. In addition,
|
protections relating to various kernel subsystems. In addition,
|
||||||
|
|
@ -314,7 +314,7 @@
|
||||||
<title>Policy Synchronization and Concurrency</title>
|
<title>Policy Synchronization and Concurrency</title>
|
||||||
|
|
||||||
<para>Policy modules must be written to assume that many
|
<para>Policy modules must be written to assume that many
|
||||||
kernel threads may simultaneously enter one more more
|
kernel threads may simultaneously enter one more
|
||||||
policy entry points due to the parallel and preemptive
|
policy entry points due to the parallel and preemptive
|
||||||
nature of the FreeBSD kernel. If the policy module makes
|
nature of the FreeBSD kernel. If the policy module makes
|
||||||
use of mutable state, this may require the use of
|
use of mutable state, this may require the use of
|
||||||
|
|
@ -468,7 +468,7 @@
|
||||||
security labels on vnodes--currently this support is present only
|
security labels on vnodes--currently this support is present only
|
||||||
in the UFS2 file system. Policy authors may choose to
|
in the UFS2 file system. Policy authors may choose to
|
||||||
implement multilabel file system object labels using one
|
implement multilabel file system object labels using one
|
||||||
(or more) extended attributes. For effiency reasons, the
|
(or more) extended attributes. For efficiency reasons, the
|
||||||
vnode label (<literal>v_label</literal>) is a cache of any
|
vnode label (<literal>v_label</literal>) is a cache of any
|
||||||
on-disk label; policies are able to load values into the
|
on-disk label; policies are able to load values into the
|
||||||
cache when the vnode is instantiated, and update the cache
|
cache when the vnode is instantiated, and update the cache
|
||||||
|
|
@ -529,7 +529,7 @@
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para><function>mac_set_fd()</function> may be used to request a
|
<para><function>mac_set_fd()</function> may be used to request
|
||||||
a change in the label of an object (file, socket, pipe, ...)
|
a change in the label of an object (file, socket, pipe, ...)
|
||||||
referenced by a file descriptor.</para>
|
referenced by a file descriptor.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
@ -577,7 +577,7 @@
|
||||||
<listitem>
|
<listitem>
|
||||||
<para><function>mac_get_peer()</function>, actually implemented
|
<para><function>mac_get_peer()</function>, actually implemented
|
||||||
via a socket option, retrieves the label of a remote peer on a
|
via a socket option, retrieves the label of a remote peer on a
|
||||||
socket, if availabl.</para>
|
socket, if available.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
|
||||||
|
|
@ -5322,7 +5322,7 @@ Label destruction o</programlisting>
|
||||||
<errorcode>EPERM</errorcode> for lack of privilege, or
|
<errorcode>EPERM</errorcode> for lack of privilege, or
|
||||||
<errorcode>ESRCH</errorcode> to hide visibility. This call
|
<errorcode>ESRCH</errorcode> to hide visibility. This call
|
||||||
may be made in a number of situations, including
|
may be made in a number of situations, including
|
||||||
inter-process status sysctls used by <command>ps</command>,
|
inter-process status sysctl's used by <command>ps</command>,
|
||||||
and in procfs lookups.</para>
|
and in procfs lookups.</para>
|
||||||
</sect3>
|
</sect3>
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue