Sprinkle a few commas around here to make the text sound better.
PR: 77148 Submitted by: Siebrand Mazeland <s.mazeland@xs4all.nl>
This commit is contained in:
Tom Rhodes
parent
222fa08633
commit
598692e3af
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=23754
1 changed files with 6 additions and 6 deletions
|
|
@ -303,7 +303,7 @@
|
||||||
files by setting certain objects as classified?</para>
|
files by setting certain objects as classified?</para>
|
||||||
|
|
||||||
<para>In the file system case, access to objects might be
|
<para>In the file system case, access to objects might be
|
||||||
considered confidential to some users but not to others.
|
considered confidential to some users, but not to others.
|
||||||
For an example, a large development team might be broken
|
For an example, a large development team might be broken
|
||||||
off into smaller groups of individuals. Developers in
|
off into smaller groups of individuals. Developers in
|
||||||
project A might not be permitted to access objects written
|
project A might not be permitted to access objects written
|
||||||
|
|
@ -372,7 +372,7 @@
|
||||||
with a value of <quote>low</quote>.</para>
|
with a value of <quote>low</quote>.</para>
|
||||||
|
|
||||||
<para>A few policies which support the labeling feature in
|
<para>A few policies which support the labeling feature in
|
||||||
&os; offers three specific predefined labels. These
|
&os; offer three specific predefined labels. These
|
||||||
are the low, high, and equal labels. Although they enforce
|
are the low, high, and equal labels. Although they enforce
|
||||||
access control in a different manner with each policy, you
|
access control in a different manner with each policy, you
|
||||||
can be sure that the low label will be the lowest setting,
|
can be sure that the low label will be the lowest setting,
|
||||||
|
|
@ -385,7 +385,7 @@
|
||||||
used on objects. This will enforce one set of
|
used on objects. This will enforce one set of
|
||||||
access permissions across the entire system and in many
|
access permissions across the entire system and in many
|
||||||
environments may be all that is required. There are a few
|
environments may be all that is required. There are a few
|
||||||
cases; however, where multiple labels may be set on objects
|
cases where multiple labels may be set on objects
|
||||||
or subjects in the file system. For those cases, the
|
or subjects in the file system. For those cases, the
|
||||||
<option>multilabel</option> option may be passed to
|
<option>multilabel</option> option may be passed to
|
||||||
&man.tunefs.8;.</para>
|
&man.tunefs.8;.</para>
|
||||||
|
|
@ -406,7 +406,7 @@
|
||||||
configures the policy so that users are placed in the
|
configures the policy so that users are placed in the
|
||||||
appropriate categories/access levels. Alas, many policies can
|
appropriate categories/access levels. Alas, many policies can
|
||||||
restrict the <username>root</username> user as well. Basic
|
restrict the <username>root</username> user as well. Basic
|
||||||
control over objects will then be released to the group but
|
control over objects will then be released to the group, but
|
||||||
<username>root</username> may revoke or modify the settings
|
<username>root</username> may revoke or modify the settings
|
||||||
at any time. This is the hierarchal/clearance model covered
|
at any time. This is the hierarchal/clearance model covered
|
||||||
by policies such as Biba and <acronym>MLS</acronym>.</para>
|
by policies such as Biba and <acronym>MLS</acronym>.</para>
|
||||||
|
|
@ -1565,7 +1565,7 @@ test: biba/high</screen>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>The <literal>biba/high</literal> label will permit
|
<para>The <literal>biba/high</literal> label will permit
|
||||||
writing to objects set at a lower label but not
|
writing to objects set at a lower label, but not
|
||||||
permit reading that object. It is recommended that this
|
permit reading that object. It is recommended that this
|
||||||
label be placed on objects that affect the integrity of
|
label be placed on objects that affect the integrity of
|
||||||
the entire system.</para>
|
the entire system.</para>
|
||||||
|
|
@ -1653,7 +1653,7 @@ test: biba/low</screen>
|
||||||
|
|
||||||
<para>The <acronym>MAC</acronym> version of the Low-watermark
|
<para>The <acronym>MAC</acronym> version of the Low-watermark
|
||||||
integrity policy, not to be confused with the older &man.lomac.4;
|
integrity policy, not to be confused with the older &man.lomac.4;
|
||||||
implementation, works almost identically to Biba but with the
|
implementation, works almost identically to Biba, but with the
|
||||||
exception of using floating labels to support subject
|
exception of using floating labels to support subject
|
||||||
demotion via an auxiliary grade compartment. This secondary
|
demotion via an auxiliary grade compartment. This secondary
|
||||||
compartment takes the form of <literal>[auxgrade]</literal>.
|
compartment takes the form of <literal>[auxgrade]</literal>.
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue