[REVIEW REQUEST]: New chapter on MAC (draft)
rwatson at FreeBSD.org
Mon May 10 21:13:01 UTC 2004
On Mon, 10 May 2004, Tom Rhodes wrote:
> I've written a new chapter for the handbook on implementing the MAC
> features in 5.X. It includes configuration, testing, module description
> that augments the section we already have, and shows examples of the
> I'm not worried about whitespace right now, only correctness in the
> information presented, markup, and wording.
> Check out the built chapter at:
> Check out the source at:
> And no, that chapter number will not be the same. I plan to place
> this directly under the Security chapter.
> Thanks for your time and attention.
Suggestion: drop the coverage of mac_test, mac_none, and mac_stub. Those
exist much more for the benefit of the developer than the user. You can
mention they exist but I don't think I'd do much more than that, as they
add noise without any real pay-off for most end users.
I think you might want to add a section that summarizes what it is MAC
policies can do (labeling, etc). You can use that to segway to a
discussion of MAC policy trade-offs, including the increased cost of
administration, multilabel file systems, etc.
BTW, feel free to send this thread (or related threads) to the trustedbsd
list. I suspect there might be a greater audience there when it comes to
reviewing technical content, but could be mistaken.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Senior Research Scientist, McAfee Research
More information about the freebsd-doc