[REVIEW REQUEST]: New chapter on MAC (draft)
trhodes at FreeBSD.org
Tue Jun 22 01:06:39 UTC 2004
On Mon, 21 Jun 2004 21:00:24 -0400
Brian Fundakowski Feldman <green at FreeBSD.org> wrote:
Whats up Brian? :)
> On Tue, May 11, 2004 at 04:02:25PM -0400, Tom Rhodes wrote:
> > On Mon, 10 May 2004 17:49:18 -0400
> > Tom Rhodes <trhodes at FreeBSD.org> wrote:
> > Updated with comments from this list and a few in private.
> > Check it out:
> > > Check out the built chapter at:
> > > http://people.freebsd.org/~trhodes/mac/mac.html
> > >
> > > Check out the source at:
> > > http://people.freebsd.org/~trhodes/mac/chapter.sgml
> Very nice job! Here are my notes on what I've read:
> 1. In 184.108.40.206, a '/' is missing in the label setting.
Can't remember if I fixed this or not.
> 2. In 11.4.2 "The Singlelabel" seems syntactically strange, as does
> "swap file system."
> 3. In 11.4.3, perhaps "sysctl -d security.mac" would be better.
Hmmm, good point.
> 4. The 11.10.1 section seems to end prematurely.
I think this has been fixed,
> 5. "Sensibility" should be "sensitivity" in 11.11. Why is the number
> "six thousand" specifically mentioned?
Random pull out of my ass.
> 6. In 11.13, the behavior of auxiliary-labeled directories should
> be explained. Specifically, this allows creation of directories
> with one grade that allow objects, of the auxiliary grade, to be
> created in them -- sort of like "sticky directories." For exec,
> it results in something similar to "setuid execution."
Noted, I'll probably fix this later.
Note that I already committed a version to doc/ but it
was a lot better than this version. :)
Thanks for the review, sorry I already fixed it.
More information about the freebsd-doc