From bb455d511710a208eb90e9ac6919ab544e47313d Mon Sep 17 00:00:00 2001
From: Tom Rhodes <trhodes@FreeBSD.org>
Date: Sat, 22 Apr 2006 06:51:42 +0000
Subject: [PATCH] Some minor wording/grammar changes.

---
 .../books/handbook/mac/chapter.sgml           | 31 ++++++++++---------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
index 4e0b98ec95..b79791b40d 100644
--- a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
@@ -32,7 +32,7 @@
       (<acronym>MAC</acronym>) facilities.  Mandatory Access Control allows
       new access control modules to be loaded, implementing new security
       policies.  Some provide protections of a narrow subset of the
-      system, hardening a particular service, while others provide
+      system, hardening a particular service  Others provide
       comprehensive labeled security across all subjects and objects.
       The mandatory part
       of the definition comes from the fact that the enforcement of
@@ -42,7 +42,7 @@
       file and System V <acronym>IPC</acronym> permissions on &os;).</para>
 
     <para>This chapter will focus on the
-      Mandatory Access Control Framework (MAC Framework), and a set
+      Mandatory Access Control Framework (<acronym>MAC</acronym> Framework), and a set
       of pluggable security policy modules enabling various security
       mechanisms.</para>
 
@@ -127,7 +127,7 @@
       <title>What Will Not Be Covered</title>
 
       <para>This chapter covers a broad range of security issues relating
-	to the <acronym>MAC</acronym> framework; however, the
+	to the <acronym>MAC</acronym> framework.  The
 	development of new <acronym>MAC</acronym> security policy modules
 	will not be covered.  A number of security policy modules included with the
 	<acronym>MAC</acronym> framework have specific characteristics
@@ -972,12 +972,12 @@ test: biba/high</screen>
       is iterated until either a matching rule is located or the end
       is reached.  This behavior may be changed by the use of a
       &man.sysctl.8; parameter,
-      security.mac.bsdextended.firstmatch_enabled is set.  Similar to
-      other fire wall modules in &os;, a file containing access control
+      security.mac.bsdextended.firstmatch_enabled.  Similar to
+      other firewall modules in &os;, a file containing access control
       rules can be created and read by the system at boot time using
       an &man.rc.conf.5; variable.</para>
 
-    <para>The rule list may be created using a utility, &man.ugidfw.8;,
+    <para>The rule list may be entered using a utility, &man.ugidfw.8;,
       that has a syntax similar to that of &man.ipfw.8;.  More tools
       can be written by using the functions in the
       &man.libugidfw.3; library.</para>
@@ -1032,7 +1032,7 @@ test: biba/high</screen>
 	    by these changes.</para>
       </note>
 
-      <para>This should give a general idea of how the
+      <para>This should provide a general idea of how the
 	&man.mac.bsdextended.4; module may be used to help fortify
 	a file system.  For more information, see the
 	&man.mac.bsdextended.4; and the &man.ugidfw.8; manual
@@ -1445,17 +1445,18 @@ test: biba/high</screen>
 
       <para>With the Multi-Level Security Policy Module, an
 	administrator plans for controlling the flow of sensitive
-	information.  By default, with its block read up block read
+	information.  By default, with its block read up block write
 	down nature, the system defaults everything to a low state.
-	Everything is pretty much accessible and an administrator
-	slowly changes this during the configuration stage.</para>
+	Everything is accessible and an administrator
+	slowly changes this during the configuration stage; augmenting
+	the confidentiality of the information.</para>
 
       <para>Beyond the three basic label options above, an administrator
 	may group users and groups as required to block the information
 	flow between them.  It might be easier to look at the
 	information in clearance levels familiarized with words, for
 	instance classifications such as
-	<literal>confidential</literal>, <literal>Secret</literal>,
+	<literal>Confidential</literal>, <literal>Secret</literal>,
 	and <literal>Top Secret</literal>.  Some administrators might
 	just create different groups based on project levels.
 	Regardless of classification method, a well thought out plan
@@ -1592,9 +1593,9 @@ test: biba/low</screen>
 
       <para>The &man.mac.biba.4; security policy module permits an
  	administrator to address which files and programs a user or
-	users may see and invoke, while assuring that the programs and
+	users may see and invoke while assuring that the programs and
 	files are free from threats and trusted by the system for that
-	user or users.</para>
+	user, or group of users.</para>
 
       <para>During the initial planning phase, an administrator must be
 	prepared to partition users into grades, levels, and areas.
@@ -1604,11 +1605,11 @@ test: biba/low</screen>
 	it is up to the administrator to configure the different grades
 	and levels for users.  Instead of using clearance levels as
 	described above, a good planning method could include topics.
-	For instance, only allow developers to access the source code
+	For instance, only allow developers modification access to the source code
 	repository, source code compiler, and other development
 	utilities.  While other users would be grouped into other
 	categories such as testers, designers, or just ordinary
-	users.</para>
+	users and would only be permitted read access.</para>
 	
       <para>With its natural security control, a lower integrity subject
 	is unable to write to a higher integrity subject; a higher