Some minor wording/grammar changes.

svn path=/head/; revision=27615
2006-04-22 06:51:42 +00:00 · 2006-04-22 06:51:42 +00:00 · bb455d5117 · 2020-12-08 03:00:23 +00:00
commit bb455d5117
parent c4661a24fb
1 changed files with 16 additions and 15 deletions
--- a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
@ -32,7 +32,7 @@
      (<acronym>MAC</acronym>) facilities.  Mandatory Access Control allows
      new access control modules to be loaded, implementing new security
      policies.  Some provide protections of a narrow subset of the
-      system, hardening a particular service, while others provide
+      system, hardening a particular service  Others provide
      comprehensive labeled security across all subjects and objects.
      The mandatory part
      of the definition comes from the fact that the enforcement of
@ -42,7 +42,7 @@
      file and System V <acronym>IPC</acronym> permissions on &os;).</para>
    <para>This chapter will focus on the
-      Mandatory Access Control Framework (MAC Framework), and a set
+      Mandatory Access Control Framework (<acronym>MAC</acronym> Framework), and a set
      of pluggable security policy modules enabling various security
      mechanisms.</para>
@ -127,7 +127,7 @@
      <title>What Will Not Be Covered</title>
      <para>This chapter covers a broad range of security issues relating
-	to the <acronym>MAC</acronym> framework; however, the
+	to the <acronym>MAC</acronym> framework.  The
 	development of new <acronym>MAC</acronym> security policy modules
 	will not be covered.  A number of security policy modules included with the
 	<acronym>MAC</acronym> framework have specific characteristics
@ -972,12 +972,12 @@ test: biba/high</screen>
      is iterated until either a matching rule is located or the end
      is reached.  This behavior may be changed by the use of a
      &man.sysctl.8; parameter,
-      security.mac.bsdextended.firstmatch_enabled is set.  Similar to
+      security.mac.bsdextended.firstmatch_enabled.  Similar to
-      other fire wall modules in &os;, a file containing access control
+      other firewall modules in &os;, a file containing access control
      rules can be created and read by the system at boot time using
      an &man.rc.conf.5; variable.</para>
-    <para>The rule list may be created using a utility, &man.ugidfw.8;,
+    <para>The rule list may be entered using a utility, &man.ugidfw.8;,
      that has a syntax similar to that of &man.ipfw.8;.  More tools
      can be written by using the functions in the
      &man.libugidfw.3; library.</para>
@ -1032,7 +1032,7 @@ test: biba/high</screen>
 	    by these changes.</para>
      </note>
-      <para>This should give a general idea of how the
+      <para>This should provide a general idea of how the
 	&man.mac.bsdextended.4; module may be used to help fortify
 	a file system.  For more information, see the
 	&man.mac.bsdextended.4; and the &man.ugidfw.8; manual
@ -1445,17 +1445,18 @@ test: biba/high</screen>
      <para>With the Multi-Level Security Policy Module, an
 	administrator plans for controlling the flow of sensitive
-	information.  By default, with its block read up block read
+	information.  By default, with its block read up block write
 	down nature, the system defaults everything to a low state.
-	Everything is pretty much accessible and an administrator
+	Everything is accessible and an administrator
-	slowly changes this during the configuration stage.</para>
+	slowly changes this during the configuration stage; augmenting
 	the confidentiality of the information.</para>
      <para>Beyond the three basic label options above, an administrator
 	may group users and groups as required to block the information
 	flow between them.  It might be easier to look at the
 	information in clearance levels familiarized with words, for
 	instance classifications such as
-	<literal>confidential</literal>, <literal>Secret</literal>,
+	<literal>Confidential</literal>, <literal>Secret</literal>,
 	and <literal>Top Secret</literal>.  Some administrators might
 	just create different groups based on project levels.
 	Regardless of classification method, a well thought out plan
@ -1592,9 +1593,9 @@ test: biba/low</screen>
      <para>The &man.mac.biba.4; security policy module permits an
 	administrator to address which files and programs a user or
-	users may see and invoke, while assuring that the programs and
+	users may see and invoke while assuring that the programs and
 	files are free from threats and trusted by the system for that
-	user or users.</para>
+	user, or group of users.</para>
      <para>During the initial planning phase, an administrator must be
 	prepared to partition users into grades, levels, and areas.
@ -1604,11 +1605,11 @@ test: biba/low</screen>
 	it is up to the administrator to configure the different grades
 	and levels for users.  Instead of using clearance levels as
 	described above, a good planning method could include topics.
-	For instance, only allow developers to access the source code
+	For instance, only allow developers modification access to the source code
 	repository, source code compiler, and other development
 	utilities.  While other users would be grouped into other
 	categories such as testers, designers, or just ordinary
-	users.</para>
+	users and would only be permitted read access.</para>
      <para>With its natural security control, a lower integrity subject
 	is unable to write to a higher integrity subject; a higher