Rewrite the synopsis. Merge two paragraphs into one. Start off this

chapter by talking about security features of FreeBSD, rather than the history of the TrustedBSD project.
svn path=/head/; revision=21436
2004-07-12 05:29:37 +00:00 · 2004-07-12 05:29:37 +00:00 · d554acbbc3 · 2020-12-08 03:00:23 +00:00
commit d554acbbc3
parent 6ee331fa0a
1 changed files with 15 additions and 24 deletions
--- a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
@ -22,32 +22,23 @@
    <indexterm><primary>MAC</primary></indexterm>
    <indexterm><primary>Mandatory Access Control</primary></indexterm>

-    <para>The TrustedBSD project was founded to meet the rising
-      security requirements of modern operating systems.  This project
-      aims at developing userland utilities and
-      kernel interfaces, based on the &posix;.1e draft, and merging
-      them back to &os;&nbsp;5.X.  While still in the development
-      stage, many of the features are nearing production stability.
-      Some of those include file system Access Control Lists
-      (<acronym>ACLs</acronym>) and Mandatory Access Control
-      (<acronym>MAC</acronym>) mechanisms.</para>
+    <para>&os;&nbsp;5.X introduced new security extensions from the
+      TrustedBSD project based on the &posix;.1e draft.  The most
+      important new security mechanisms are file system Access Control
+      Lists (<acronym>ACLs</acronym>) and Mandatory Access Control
+      (<acronym>MAC</acronym>).  Mandatory Access Control allows an
+      administrator to enforce additional security for all subjects
+      (e.g. processes or sockets) and objects (e.g. sockets, file
+      system objects, sysctl nodes) in the system.  The mandatory part
+      of the definition comes from the fact that the enforcement of
+      the controls is done by administrators and the system, and is
+      not left up to the discretion of users as is done with
+      discretionary access control (<acronym>DAC</acronym>, the normal
+      access method).</para>

-    <para>So what is <acronym>MAC</acronym>?  Mandatory Access Control
-      is a mechanism that allows the system administrator to define
-      the protection decisions for system objects.  The administrator
-      can define a policy to
-      prohibit the unauthorized disclosure of any system or user data;
-      or provide for the indefinite integrity of system objects or
-      subjects.  For a definition of what objects and subjects are,
-      see below.  The mandatory part of the definition comes from the
-      fact that the enforcement of the controls is done by
-      administrators and the system, and is not left up to the
-      discretion of users as is done with discretionary access control
-      (<acronym>DAC</acronym>, the normal access method).</para>
-
-    <para>This entire chapter will focus primarily on the
+    <para>This chapter will focus on the
      Mandatory Access Control framework, hereon referred to simply as
-      <acronym>MAC</acronym>, features.</para>
+      <acronym>MAC</acronym>.</para>

    <para>After reading this chapter, you will know:</para>