Remove two semicolons accidently removed in the previous revision.
Add definition of "low water mark" and "high water mark." The low water mark is used by mac_lomac(4), and high water mark is just here for completeness. Add a missing period.
This commit is contained in:
Tom Rhodes
parent
99c2c85a75
commit
e6f33d1c21
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=27660
1 changed files with 24 additions and 4 deletions
|
|
@ -32,7 +32,7 @@
|
|||
(<acronym>MAC</acronym>) facilities. Mandatory Access Control allows
|
||||
new access control modules to be loaded, implementing new security
|
||||
policies. Some provide protections of a narrow subset of the
|
||||
system, hardening a particular service Others provide
|
||||
system, hardening a particular service. Others provide
|
||||
comprehensive labeled security across all subjects and objects.
|
||||
The mandatory part
|
||||
of the definition comes from the fact that the enforcement of
|
||||
|
|
@ -158,6 +158,16 @@
|
|||
security policy.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><emphasis>high water mark</emphasis>: A high water mark
|
||||
policy is one which permits the raising of security levels
|
||||
for the purpose of accessing higher level information. In
|
||||
most cases, the original level is restored after the process
|
||||
is complete. Currently, the &os; <acronym>MAC</acronym>
|
||||
framework does not have a policy for this, but the definition
|
||||
is included for completeness.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><emphasis>integrity</emphasis>: Integrity, as a key
|
||||
concept, is the level of trust which can be placed on data.
|
||||
|
|
@ -185,6 +195,16 @@
|
|||
its security is considered to elevate as well.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><emphasis>low water mark</emphasis>: A low water mark
|
||||
policy is one which permits lowering of the security levels
|
||||
for the purpose of accessing information which is less
|
||||
secure. In most cases, the original security level of the
|
||||
user is restored after the process is complete. The only
|
||||
security policy module in &os; to use this is
|
||||
&man.mac.lomac.4;.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><emphasis>multilabel</emphasis>: The
|
||||
<option>multilabel</option> property is a file system option
|
||||
|
|
@ -842,11 +862,11 @@ test: biba/high</screen>
|
|||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>The implementation requirements</para>
|
||||
<para>The implementation requirements;</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>The implementation goals</para>
|
||||
<para>The implementation goals;</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
|
|
@ -860,7 +880,7 @@ test: biba/high</screen>
|
|||
|
||||
<listitem>
|
||||
<para>What sorts of information or resources to restrict
|
||||
access to and the type of restrictions that should be
|
||||
access to along with the type of restrictions that should be
|
||||
applied.</para>
|
||||
</listitem>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue