Rewrite the synopsis. Merge two paragraphs into one. Start off this
chapter by talking about security features of FreeBSD, rather than the history of the TrustedBSD project.
This commit is contained in:
Murray Stokely
parent
6ee331fa0a
commit
d554acbbc3
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=21436
1 changed files with 15 additions and 24 deletions
|
|
@ -22,32 +22,23 @@
|
||||||
<indexterm><primary>MAC</primary></indexterm>
|
<indexterm><primary>MAC</primary></indexterm>
|
||||||
<indexterm><primary>Mandatory Access Control</primary></indexterm>
|
<indexterm><primary>Mandatory Access Control</primary></indexterm>
|
||||||
|
|
||||||
<para>The TrustedBSD project was founded to meet the rising
|
<para>&os; 5.X introduced new security extensions from the
|
||||||
security requirements of modern operating systems. This project
|
TrustedBSD project based on the &posix;.1e draft. The most
|
||||||
aims at developing userland utilities and
|
important new security mechanisms are file system Access Control
|
||||||
kernel interfaces, based on the &posix;.1e draft, and merging
|
Lists (<acronym>ACLs</acronym>) and Mandatory Access Control
|
||||||
them back to &os; 5.X. While still in the development
|
(<acronym>MAC</acronym>). Mandatory Access Control allows an
|
||||||
stage, many of the features are nearing production stability.
|
administrator to enforce additional security for all subjects
|
||||||
Some of those include file system Access Control Lists
|
(e.g. processes or sockets) and objects (e.g. sockets, file
|
||||||
(<acronym>ACLs</acronym>) and Mandatory Access Control
|
system objects, sysctl nodes) in the system. The mandatory part
|
||||||
(<acronym>MAC</acronym>) mechanisms.</para>
|
of the definition comes from the fact that the enforcement of
|
||||||
|
the controls is done by administrators and the system, and is
|
||||||
|
not left up to the discretion of users as is done with
|
||||||
|
discretionary access control (<acronym>DAC</acronym>, the normal
|
||||||
|
access method).</para>
|
||||||
|
|
||||||
<para>So what is <acronym>MAC</acronym>? Mandatory Access Control
|
<para>This chapter will focus on the
|
||||||
is a mechanism that allows the system administrator to define
|
|
||||||
the protection decisions for system objects. The administrator
|
|
||||||
can define a policy to
|
|
||||||
prohibit the unauthorized disclosure of any system or user data;
|
|
||||||
or provide for the indefinite integrity of system objects or
|
|
||||||
subjects. For a definition of what objects and subjects are,
|
|
||||||
see below. The mandatory part of the definition comes from the
|
|
||||||
fact that the enforcement of the controls is done by
|
|
||||||
administrators and the system, and is not left up to the
|
|
||||||
discretion of users as is done with discretionary access control
|
|
||||||
(<acronym>DAC</acronym>, the normal access method).</para>
|
|
||||||
|
|
||||||
<para>This entire chapter will focus primarily on the
|
|
||||||
Mandatory Access Control framework, hereon referred to simply as
|
Mandatory Access Control framework, hereon referred to simply as
|
||||||
<acronym>MAC</acronym>, features.</para>
|
<acronym>MAC</acronym>.</para>
|
||||||
|
|
||||||
<para>After reading this chapter, you will know:</para>
|
<para>After reading this chapter, you will know:</para>
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue