Collapse the various policy discussions into a

single section.

Discussed with:	dru

en_US.ISO8859-1/books/handbook/mac/chapter.xml

@@ -763,7 +763,14 @@ test: biba/high</screen>
       option is called <option>multilabel</option>.</para>
   </sect1>
 
-  <sect1 xml:id="mac-seeotheruids">
+  <sect1 xml:id="mac-policies">
+    <title>Available MAC Policies</title>
+
+    <para>&os; includes a group of policies that will cover
+      most security requirements.  Each policy is discussed
+      below.</para>
+
+  <sect2 xml:id="mac-seeotheruids">
     <title>The MAC See Other UIDs Policy</title>
 
     <indexterm>
@@ -816,9 +823,9 @@ test: biba/high</screen>
 	  may not be set.</para>
       </listitem>
     </itemizedlist>
-  </sect1>
+  </sect2>
 
-  <sect1 xml:id="mac-bsdextended">
+  <sect2 xml:id="mac-bsdextended">
     <title>The MAC BSD Extended Policy</title>
 
     <indexterm>
@@ -855,7 +862,7 @@ test: biba/high</screen>
       module as incorrect use could block access to certain parts of
       the file system.</para>
 
-    <sect2>
+    <sect3>
       <title>Examples</title>
 
       <para>After the &man.mac.bsdextended.4; module has been loaded,
@@ -895,10 +902,10 @@ test: biba/high</screen>
 
       <para>For more information, refer to &man.mac.bsdextended.4; and
 	&man.ugidfw.8;</para>
-    </sect2>
-  </sect1>
+    </sect3>
+  </sect2>
 
-  <sect1 xml:id="mac-ifoff">
+  <sect2 xml:id="mac-ifoff">
     <title>The MAC Interface Silencing Policy</title>
 
     <indexterm>
@@ -947,9 +954,9 @@ test: biba/high</screen>
       <package>security/aide</package> to
       automatically block network traffic if it finds new or altered
       files in protected directories.</para>
-  </sect1>
+  </sect2>
 
-  <sect1 xml:id="mac-portacl">
+  <sect2 xml:id="mac-portacl">
     <title>The MAC Port Access Control List Policy</title>
 
     <indexterm>
@@ -1035,7 +1042,7 @@ net.inet.ip.portrange.reservedhigh=0</userinput></screen>
     <para>See the examples below or refer to &man.mac.portacl.4; for
       further information.</para>
 
-    <sect2>
+    <sect3>
       <title>Examples</title>
 
       <para>Since the <systemitem class="username">root</systemitem> user should not be
@@ -1060,10 +1067,10 @@ net.inet.ip.portrange.reservedhigh=0</userinput></screen>
 
       <screen>&prompt.root; <userinput>sysctl security.mac.portacl.rules=uid:1001:tcp:110,uid:1001:tcp:995</userinput></screen>
 
-    </sect2>
-  </sect1>
+    </sect3>
+  </sect2>
 
-  <sect1 xml:id="mac-partition">
+  <sect2 xml:id="mac-partition">
     <title>The MAC Partition Policy</title>
 
     <indexterm>
@@ -1113,7 +1120,7 @@ net.inet.ip.portrange.reservedhigh=0</userinput></screen>
       spawned by users in the <literal>insecure</literal> class will
       stay in the <literal>partition/13</literal> label.</para>
 
-    <sect2>
+    <sect3>
       <title>Examples</title>
 
       <para>The following command will display the partition label
@@ -1143,10 +1150,10 @@ net.inet.ip.portrange.reservedhigh=0</userinput></screen>
 	  options, including their limitations, are further explained
 	  in the module manual pages.</para>
       </note>
-    </sect2>
-  </sect1>
+    </sect3>
+  </sect2>
 
-  <sect1 xml:id="mac-mls">
+  <sect2 xml:id="mac-mls">
     <title>The MAC Multi-Level Security Module</title>
 
     <indexterm>
@@ -1277,7 +1284,7 @@ net.inet.ip.portrange.reservedhigh=0</userinput></screen>
       to <command>setfmac</command>.  This method will be explained
       after all policies are covered.</para>
 
-    <sect2>
+    <sect3>
       <title>Planning Mandatory Sensitivity</title>
 
       <para>When using the MLS policy module, an administrator plans
@@ -1302,10 +1309,10 @@ net.inet.ip.portrange.reservedhigh=0</userinput></screen>
 	include an e-commerce web server, a file server holding
 	critical company information, and financial institution
 	environments.</para>
-    </sect2>
-  </sect1>
+    </sect3>
+  </sect2>
 
-  <sect1 xml:id="mac-biba">
+  <sect2 xml:id="mac-biba">
     <title>The MAC Biba Module</title>
 
     <indexterm>
@@ -1419,7 +1426,7 @@ net.inet.ip.portrange.reservedhigh=0</userinput></screen>
 &prompt.root; <userinput>getfmac test</userinput>
 test: biba/low</screen>
 
-    <sect2>
+    <sect3>
       <title>Planning Mandatory Integrity</title>
 
       <para>Integrity, which is different from sensitivity, guarantees
@@ -1457,10 +1464,10 @@ test: biba/low</screen>
 	development and test machine, and a source code repository.  A
 	less useful implementation would be a personal workstation, a
 	machine used as a router, or a network firewall.</para>
-    </sect2>
-  </sect1>
+    </sect3>
+  </sect2>
 
-  <sect1 xml:id="mac-lomac">
+  <sect2 xml:id="mac-lomac">
     <title>The MAC LOMAC Module</title>
 
     <indexterm>
@@ -1495,7 +1502,7 @@ test: biba/low</screen>
       policy may provide for greater compatibility and require less
       initial configuration than Biba.</para>
 
-    <sect2>
+    <sect3>
       <title>Examples</title>
 
       <para>Like the Biba and <acronym>MLS</acronym> policies,
@@ -1508,7 +1515,8 @@ test: biba/low</screen>
       <para>The auxiliary grade <literal>low</literal> is a feature
 	provided only by the <acronym>MAC</acronym> LOMAC
 	policy.</para>
-    </sect2>
+    </sect3>
+  </sect2>
   </sect1>
 
   <sect1 xml:id="mac-implementing">