Wrap paragraphs.

svn path=/head/; revision=15267
2002-12-10 00:24:38 +00:00 · 2002-12-10 00:24:38 +00:00 · 94507d9438 · 2020-12-08 03:00:23 +00:00
commit 94507d9438
parent ecd32ee9b9
1 changed files with 43 additions and 43 deletions
--- a/en_US.ISO8859-1/books/handbook/security/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
@ -3567,13 +3567,14 @@ user@unfirewalled.myserver.com's password: <userinput>*******</userinput></scree
    <para>When configured into a kernel, the MAC Framework permits
      security modules to augment the existing kernel access control
      model, restricting access to system services and objects.  For
-      example, the &man.mac.bsdextended.4; module augments file system access
+      example, the &man.mac.bsdextended.4; module augments file system
-      control, permitting administrators to provide a firewall-like
+      access control, permitting administrators to provide a
-      ruleset constraining access to file system objects based on user
+      firewall-like ruleset constraining access to file system objects
-      ids and group membership.  Some modules require little or no
+      based on user ids and group membership.  Some modules require
-      configuration, such as &man.mac.seeotheruids.4, whereas others perform
+      little or no configuration, such as &man.mac.seeotheruids.4,
-      ubiquitous object labeling, such as &man.mac.biba.4; and &man.mac.mls.4;, and
+      whereas others perform ubiquitous object labeling, such as
-      require extensive configuration.</para>
+      &man.mac.biba.4; and &man.mac.mls.4;, and require extensive
      configuration.</para>
    <para>To enable the MAC Framework in your system kernel, you must
      add the following entry to your kernel configuration:</para>
@ -3588,11 +3589,11 @@ user@unfirewalled.myserver.com's password: <userinput>*******</userinput></scree
    <para>Different MAC policies may be configured in different ways;
      frequently, MAC policy modules export configuration parameters
      using the &man.sysctl.8; <acronym>MIB</acronym> using the
-      <varname>security.mac</varname> namespace.  Policies relying on file system
+      <varname>security.mac</varname> namespace.  Policies relying on
-      or other labels may require a configuration step that involes
+      file system or other labels may require a configuration step
-      assigning initial labels to system objects or creating a
+      that involes assigning initial labels to system objects or
-      policy configuration file.  For information on how to configure
+      creating a policy configuration file.  For information on how to
-      and use each policy module, see its man page.</para>
+      configure and use each policy module, see its man page.</para>
    <para>A variety of tools are available to configure the MAC Framework
      and labels maintained by various policies.  Extensions have been
@ -3712,22 +3713,20 @@ user@unfirewalled.myserver.com's password: <userinput>*******</userinput></scree
      <para>Module name: mac_mls.ko</para>
      <para>Kernel option: <literal>MAC_MLS</literal></para>
      <para>Multi-Level Security (<acronym>MLS</acronym>)
-	(&man.mac.mls.4;) provides for hierarchal and
+        (&man.mac.mls.4;) provides for hierarchal and non-hierarchal
-	non-hierarchal labeling of all system objects with
+        labeling of all system objects with sensitivity data, and the
-	sensitivity data, and the strict enforcement of an
+        strict enforcement of an information flow policy to prevent
-	information flow policy to prevent the leakage of
+        the leakage of confidential data to untrusted parties.  The
-	confidential data to untrusted parties.  The logical
+        logical conjugate of the Biba Integrity Policy,
-	conjugate of the Biba Integrity Policy,
+        <acronym>MLS</acronym> is frequently shipped in commercial
-	<acronym>MLS</acronym> is frequently shipped in
+        trusted operating systems to protect data secrecy in
-	commercial trusted operating systems to protect data
+        multi-user environments.  Hierarchal labels provide support
-	secrecy in multi-user environments.  Hierarchal labels
+        for the notion of clearances and classifications in
-	provide support for the notion of clearances and
+        traditional parlance; non-hierarchal labels provide support
-	classifications in traditional parlance; non-hierarchal
+        for <quote>need-to-know.</quote>  As with Biba, ubiquitous
-	labels provide support for <quote>need-to-know.</quote>  As with
+        labeling of objects occurs, and it must therefore be compiled
-	Biba, ubiquitous labeling of objects occurs, and it
+        into the kernel or loaded at boot.  As with Biba, extensive
-	must therefore be compiled into the kernel or loaded
+        initial configuration may be required.</para>
 	at boot.  As with Biba, extensive initial configuration
 	may be required.</para>
    </sect2>
    <sect2 id="mac-policy-none">
      <title>MAC Stub Policy (mac_none)</title>
@ -3768,14 +3767,15 @@ user@unfirewalled.myserver.com's password: <userinput>*******</userinput></scree
      <para>Vendor: TrustedBSD Project</para>
      <para>Module name: mac_seeotheruids.ko</para>
      <para>Kernel option: <literal>MAC_SEEOTHERUIDS</literal></para>
-      <para>The See Other Uids policy (&man.mac.seeotheruids.4;) implements
+      <para>The See Other Uids policy (&man.mac.seeotheruids.4;)
-	a similar process visibility model to mac_partition,
+        implements a similar process visibility model to
-	except that it relies on process credentials to control
+        mac_partition, except that it relies on process credentials to
-	visibility of processes, rather than partition labels.  This
+        control visibility of processes, rather than partition labels.
-	policy may be configured to exempt certain users and groups,
+        This policy may be configured to exempt certain users and
-	including permitting system operators to view all processes
+        groups, including permitting system operators to view all
-	without special privilege.  This policy may be compiled into
+        processes without special privilege.  This policy may be
-	the kernel, loaded at boot, or loaded at run-time.</para>
+        compiled into the kernel, loaded at boot, or loaded at
        run-time.</para>
    </sect2>
    <sect2 id="mac-policy-test">
      <title>MAC Framework Test Policy (mac_test)</title>
@ -3785,13 +3785,13 @@ user@unfirewalled.myserver.com's password: <userinput>*******</userinput></scree
      <para>Vendor: TrustedBSD Project</para>
      <para>Module name: mac_test.ko</para>
      <para>Kernel option: <literal>MAC_TEST</literal></para>
-      <para>The Test policy (&man.mac.test.4;) provides a regression test
+      <para>The Test policy (&man.mac.test.4;) provides a regression
-	environment for the MAC Framework, and will cause a
+        test environment for the MAC Framework, and will cause a
-	fail-stop in the event that internal MAC Framework assertions
+        fail-stop in the event that internal MAC Framework assertions
-	about proper data labeling fail.  This module can be used to
+        about proper data labeling fail.  This module can be used to
-	detect failures to properly label system objects in the kernel
+        detect failures to properly label system objects in the kernel
-	implementation.  This policy may be compiled into the kernel,
+        implementation.  This policy may be compiled into the kernel,
-	loaded at boot, or loaded at run-time.</para>
+        loaded at boot, or loaded at run-time.</para>
    </sect2>
  </sect1>