Few minor fixes
This commit is contained in:
Denis Peplin
parent
f04d49b257
commit
d6f5184d09
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=22169
1 changed files with 4 additions and 4 deletions
|
|
@ -269,7 +269,7 @@
|
|||
policies can increase the overall performance of the system as well as
|
||||
offer flexibility of choice. A good implementation would
|
||||
consider the overall security requirements and effectively implement
|
||||
the various policies offered by the framework..</para>
|
||||
the various policies offered by the framework.</para>
|
||||
|
||||
<para>Thus a system utilizing <acronym>MAC</acronym> features
|
||||
should at least guarantee that a user will not be permitted
|
||||
|
|
@ -440,7 +440,7 @@
|
|||
For example: a user running at low integrity tries to change
|
||||
the label of a high integrity file. Or perhaps a user running
|
||||
at low integrity tries to change the label of a low integrity
|
||||
file to a high integrity label.i</para></footnote> The system administrator
|
||||
file to a high integrity label.</para></footnote> The system administrator
|
||||
may use the following commands to overcome this:</para>
|
||||
|
||||
<screen>&prompt.root; <userinput>setfmac biba/high test</userinput>
|
||||
|
|
@ -456,7 +456,7 @@ test: biba/high</screen>
|
|||
running processes, such as <application>sendmail</application>:
|
||||
although it takes a process ID in place of
|
||||
a command the logic is extremely similar. If users
|
||||
attempt to manipulate a file not in their access,subject to the
|
||||
attempt to manipulate a file not in their access, subject to the
|
||||
rules of the loaded policies, the
|
||||
<errorname>Operation not permitted</errorname> error
|
||||
will be displayed by the <function>mac_set_link</function>
|
||||
|
|
@ -885,7 +885,7 @@ test: biba/high</screen>
|
|||
<screen>&prompt.root; <userinput>ugidfw add subject not uid root new object not uid root mode n</userinput></screen>
|
||||
|
||||
<note>
|
||||
<para>In releases prior to &os; prior to 5.3, the
|
||||
<para>In releases prior to &os; 5.3, the
|
||||
<parameter>add</parameter> parameter did not exist. In those
|
||||
cases the <parameter>set</parameter> should be used
|
||||
instead. See below for a command example.</para></note>
|
||||
|
|
|
|||
Loading…
Reference in a new issue