From 598692e3af9f0cdd725bca8bcc7aaa03426ae2bb Mon Sep 17 00:00:00 2001 From: Tom Rhodes Date: Tue, 8 Feb 2005 19:43:56 +0000 Subject: [PATCH] Sprinkle a few commas around here to make the text sound better. PR: 77148 Submitted by: Siebrand Mazeland --- en_US.ISO8859-1/books/handbook/mac/chapter.sgml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml index ce356dc37d..a256731a3e 100644 --- a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml @@ -303,7 +303,7 @@ files by setting certain objects as classified? In the file system case, access to objects might be - considered confidential to some users but not to others. + considered confidential to some users, but not to others. For an example, a large development team might be broken off into smaller groups of individuals. Developers in project A might not be permitted to access objects written @@ -372,7 +372,7 @@ with a value of low. A few policies which support the labeling feature in - &os; offers three specific predefined labels. These + &os; offer three specific predefined labels. These are the low, high, and equal labels. Although they enforce access control in a different manner with each policy, you can be sure that the low label will be the lowest setting, @@ -385,7 +385,7 @@ used on objects. This will enforce one set of access permissions across the entire system and in many environments may be all that is required. There are a few - cases; however, where multiple labels may be set on objects + cases where multiple labels may be set on objects or subjects in the file system. For those cases, the option may be passed to &man.tunefs.8;. @@ -406,7 +406,7 @@ configures the policy so that users are placed in the appropriate categories/access levels. Alas, many policies can restrict the root user as well. Basic - control over objects will then be released to the group but + control over objects will then be released to the group, but root may revoke or modify the settings at any time. This is the hierarchal/clearance model covered by policies such as Biba and MLS. @@ -1565,7 +1565,7 @@ test: biba/high The biba/high label will permit - writing to objects set at a lower label but not + writing to objects set at a lower label, but not permit reading that object. It is recommended that this label be placed on objects that affect the integrity of the entire system. @@ -1653,7 +1653,7 @@ test: biba/low The MAC version of the Low-watermark integrity policy, not to be confused with the older &man.lomac.4; - implementation, works almost identically to Biba but with the + implementation, works almost identically to Biba, but with the exception of using floating labels to support subject demotion via an auxiliary grade compartment. This secondary compartment takes the form of [auxgrade].