PERFORCE change 135261 for review

Gabor Pali pgj at FreeBSD.org
Tue Feb 12 09:13:13 PST 2008 

http://perforce.freebsd.org/chv.cgi?CH=135261

Change 135261 by pgj at disznohal on 2008/02/12 17:12:24

	Add initial Hungarian translation of Chapter 16: Mandatory Access
	Control. Raw translation of Part III is completed =)

Affected files ...

.. //depot/projects/docproj_hu/books/handbook/mac/chapter.sgml#2 edit

Differences ...

==== //depot/projects/docproj_hu/books/handbook/mac/chapter.sgml#2 (text+ko) ====

@@ -3,470 +3,722 @@
      $FreeBSD: doc/en_US.ISO8859-1/books/handbook/mac/chapter.sgml,v 1.70 2007/06/27 11:49:40 chinsan Exp $
 -->
 
-<chapter id="mac">
+<!-- The FreeBSD Hungarian Documentation Project
+     Translated by: PALI, Gabor <pgj at FreeBSD.org>
+     Original Revision: 1.70                      -->
+
+<chapter id="mac" lang="hu">
   <chapterinfo>
     <authorgroup>
       <author>
 	<firstname>Tom</firstname>
 	<surname>Rhodes</surname>
-	<contrib>Written by </contrib>
+	<contrib>&Iacute;rta: </contrib>
       </author>
     </authorgroup>
   </chapterinfo>
 
-  <title>Mandatory Access Control</title>
+  <title>K&ouml;telez&#245;
+    hozz&aacute;f&eacute;r&eacute;svez&eacute;rl&eacute;s</title>
 
   <sect1 id="mac-synopsis">
-    <title>Synopsis</title>
+    <title>&Aacute;ttekint&eacute;s</title>
 
     <indexterm><primary>MAC</primary></indexterm>
     <indexterm>
-      <primary>Mandatory Access Control</primary>
+      <primary>k&ouml;telez&#245;
+	hozz&aacute;f&eacute;r&eacute;svez&eacute;rl&eacute;s</primary>
       <see>MAC</see>
     </indexterm>
 
-    <para>&os;&nbsp;5.X introduced new security extensions from the
-      TrustedBSD project based on the &posix;.1e draft.  Two of the most
-      significant new security mechanisms are file system Access Control
-      Lists (<acronym>ACL</acronym>s) and Mandatory Access Control
-      (<acronym>MAC</acronym>) facilities.  Mandatory Access Control allows
-      new access control modules to be loaded, implementing new security
-      policies.  Some provide protections of a narrow subset of the
-      system, hardening a particular service.  Others provide
-      comprehensive labeled security across all subjects and objects.
-      The mandatory part
-      of the definition comes from the fact that the enforcement of
-      the controls is done by administrators and the system, and is
-      not left up to the discretion of users as is done with
-      discretionary access control (<acronym>DAC</acronym>, the standard
-      file and System V <acronym>IPC</acronym> permissions on &os;).</para>
+    <para>A &os;&nbsp;5.X v&aacute;ltozata &uacute;j biztons&aacute;gi
+      b&#245;v&iacute;t&eacute;seket vett a TrustedBSD projektb&#245;l a
+      &posix;.1e nyom&aacute;n.  A k&eacute;t legjelent&#245;sebb
+      &uacute;j biztons&aacute;gi mechanizmus az
+      &aacute;llom&aacute;nyrendszerekben megtal&aacute;lhat&oacute;
+      hozz&aacute;f&eacute;r&eacute;s-vez&eacute;rl&eacute;si
+      list&aacute;k (Access Control List, <acronym>ACL</acronym>)
+      &eacute;s a k&ouml;telez&#245;
+      hozz&aacute;f&eacute;r&eacute;svez&eacute;rl&eacute;s (Mandatory
+      Access Control, <acronym>MAC</acronym>).  A k&ouml;telez&#245;
+      hozz&aacute;f&eacute;r&eacute;svez&eacute;rl&eacute;s
+      seg&iacute;ts&eacute;g&eacute;vel olyan &uacute;j
+      hozz&aacute;f&eacute;r&eacute;svez&eacute;rl&eacute;si modulok
+      t&ouml;lthet&#245;ek be, amelyek &uacute;j biztons&aacute;gi
+      h&aacute;zirendeket implement&aacute;lnak.  N&eacute;melyek
+      k&ouml;z&uuml;l&uuml;k v&eacute;delmet ny&uacute;jtanak a rendszer
+      egy sz&#251;k r&eacute;sz&eacute;nek, amivel &iacute;gy egy adott
+      szolg&aacute;ltat&aacute;st b&aacute;sty&aacute;znak al&aacute;.
+      M&aacute;sok minden r&eacute;szletre kiterjed&#245;
+      c&iacute;mk&eacute;zett biztons&aacute;got szolg&aacute;ltatnak
+      alanyokon &eacute;s objektumokon kereszt&uuml;l.  A
+      meghat&aacute;roz&aacute;s <quote>k&ouml;telez&#245;</quote>
+      r&eacute;sze onnan fakad, hogy a szab&aacute;lyok
+      betartat&aacute;s&aacute;t a rendszergazd&aacute;k &eacute;s a
+      rendszer v&eacute;gzik, &eacute;s nem b&iacute;zz&aacute;k a
+      felhaszn&aacute;l&oacute;kra, ahogy azt a System V
+      t&iacute;pus&uacute; rendszerekben a szabv&aacute;nyos
+      &aacute;llom&aacute;nyokra &eacute;s <acronym>IPC</acronym>-re
+      &eacute;rv&eacute;nyes enged&eacute;lyeken kereszt&uuml;l a
+      tetsz&eacute;s szerinti
+      hozz&aacute;f&eacute;r&eacute;svez&eacute;rl&eacute;s
+      (Discretionary Access Control, <acronym>DAC</acronym>)
+      teszi.</para>
 
-    <para>This chapter will focus on the
-      Mandatory Access Control Framework (<acronym>MAC</acronym> Framework), and a set
-      of pluggable security policy modules enabling various security
-      mechanisms.</para>
+    <para>Ebben a fejezetben a k&ouml;telez&#245;
+      hozz&aacute;f&eacute;r&eacute;svez&eacute;rl&eacute;st
+      &ouml;vez&#245; keretrendszerre (<acronym>MAC</acronym> Framework)
+      &eacute;s a k&uuml;l&ouml;nb&ouml;z&#245; biztons&aacute;gi
+      h&aacute;zirendeket megval&oacute;s&iacute;t&oacute;
+      beilleszthet&#245; modulokra fogunk
+      &ouml;sszpontos&iacute;tani.</para>
 
-    <para>After reading this chapter, you will know:</para>
+    <para>A fejezet elolvas&aacute;sa sor&aacute;n
+      megismerj&uuml;k:</para>
 
     <itemizedlist>
       <listitem>
-	<para>What <acronym>MAC</acronym> security policy modules are currently
-          included in &os; and their associated mechanisms.</para>
+	<para>a &os; jelen pillanatban milyen modulokat tartalmaz a
+	  <acronym>MAC</acronym> rendszeren bel&uuml;l &eacute;s milyen
+	  mechanizmusok tartoznak hozz&aacute;juk</para>
       </listitem>
 
       <listitem>
-	<para>What <acronym>MAC</acronym> security policy modules implement as
-	  well as the difference between a labeled and non-labeled
-	  policy.</para>
+	<para>a <acronym>MAC</acronym> biztons&aacute;gi
+	  h&aacute;zirendjeit k&eacute;pez&#245; modulok miket
+	  val&oacute;s&iacute;tanak meg, valamint mint a
+	  k&uuml;l&ouml;nbs&eacute;g a c&iacute;mk&eacute;zett &eacute;s
+	  c&iacute;mk&eacute;zetlen h&aacute;zirendek
+	  k&ouml;z&ouml;tt</para>
       </listitem>
 
       <listitem>
-	<para>How to efficiently configure a system to use
-	  the <acronym>MAC</acronym> framework.</para>
+	<para>hogyan kell hat&eacute;konyan be&aacute;ll&iacute;tani
+	  &eacute;s haszn&aacute;lni rendszer&uuml;nkben a
+	  <acronym>MAC</acronym> rendszert</para>
       </listitem>
 
       <listitem>
-	<para>How to configure the different security policy modules included with the
-	  <acronym>MAC</acronym> framework.</para>
+	<para>hogyan &aacute;ll&iacute;tsuk be a <acronym>MAC</acronym>
+	  rendszerben tal&aacute;lhat&oacute; k&uuml;l&ouml;nf&eacute;le
+	  biztons&aacute;gi h&aacute;zirendeket k&eacute;pez&#245;
+	  modulokat</para>
       </listitem>
 
       <listitem>
-        <para>How to implement a more secure environment using the
-	  <acronym>MAC</acronym> framework and the examples
-	  shown.</para>
+	<para>hogyan hozzunk l&eacute;tre a <acronym>MAC</acronym>
+	  rendszer seg&iacute;ts&eacute;g&eacute;vel egy
+	  biztons&aacute;gosabb k&ouml;rnyezetet, amire
+	  p&eacute;ld&aacute;kat is mutatunk</para>
       </listitem>
 
       <listitem>
-	<para>How to test the <acronym>MAC</acronym> configuration
-	  to ensure the framework has been properly implemented.</para>
+	<para>hogyan tesztelj&uuml;k le a <acronym>MAC</acronym>
+	  rendszer be&aacute;ll&iacute;t&aacute;sait &eacute;s
+	  bizonyosodjunk meg m&#251;k&ouml;d&eacute;s&eacute;nek
+	  helyess&eacute;g&eacute;r&#245;l</para>
       </listitem>
     </itemizedlist>
 
-    <para>Before reading this chapter, you should:</para>
+    <para>A fejezet elolvas&aacute;s&aacute;hoz aj&aacute;nlott:</para>
 
     <itemizedlist>
       <listitem>
-	<para>Understand &unix; and &os; basics
-	  (<xref linkend="basics">).</para>
+	<para>a &unix; &eacute;s a &os; alapjainak ismerete (<xref
+	  linkend="basics">)</para>
       </listitem>
 
       <listitem>
-	<para>Be familiar with
-	  the basics of kernel configuration/compilation
-	  (<xref linkend="kernelconfig">).</para>
+	<para>a rendszermag be&aacute;ll&iacute;t&aacute;s&aacute;nak
+	  &eacute;s leford&iacute;t&aacute;s&aacute;nak ismerete (<xref
+	  linkend="kernelconfig">)</para>
       </listitem>
 
       <listitem>
-	<para>Have some familiarity with security and how it
-	  pertains to &os; (<xref linkend="security">).</para>
+	<para>tiszt&aacute;ban lenni az alapvet&#245; biztons&aacute;gi
+	  k&eacute;rd&eacute;sekkel &eacute;s azok hat&aacute;s&aacute;val
+	  a &os;-n bel&uuml;l (<xref linkend="security">)</para>
       </listitem>
     </itemizedlist>
 
     <warning>
-      <para>The improper use of the
-	information contained herein may cause loss of system access,
-	aggravation of users, or inability to access the features
-	provided by X11.  More importantly, <acronym>MAC</acronym> should not
-	be relied upon to completely secure a system.  The
-	<acronym>MAC</acronym> framework only augments
-	existing security policy; without sound security practices and
-	regular security checks, the system will never be completely
-	secure.</para>
+      <para>Az itt ismertet&eacute;sre ker&uuml;l&#245;
+	inform&aacute;ci&oacute;k helytelen alkalmaz&aacute;sa a rendszer
+	hozz&aacute;f&eacute;rhet&#245;s&eacute;g&eacute;nek teljes
+	elveszt&eacute;s&eacute;t, a felhaszn&aacute;l&oacute;k
+	bosszant&aacute;s&aacute;t vagy az X11 &aacute;ltal
+	felk&iacute;n&aacute;lt lehet&#245;s&eacute;gek
+	kirekeszt&eacute;s&eacute;t eredm&eacute;nyezheti.  De ami
+	enn&eacute;l is fontosabb, hogy a <acronym>MAC</acronym>
+	rendszerre nem &uacute;gy kell tekinteni, mint amit&#245;l a
+	rendszer&uuml;nk t&ouml;k&eacute;letesen
+	biztons&aacute;goss&aacute; v&aacute;lik.  A
+	<acronym>MAC</acronym> seg&iacute;ts&eacute;g&eacute;vel
+	csup&aacute;n a meglev&#245; biztons&aacute;gi
+	h&aacute;zirendeket gyarap&iacute;tjuk.  A szil&aacute;rd
+	biztons&aacute;gi rutin &eacute;s a rendszeres
+	ellen&#245;rz&eacute;sek elv&eacute;gz&eacute;se
+	n&eacute;lk&uuml;l a rendszer&uuml;nk val&oacute;j&aacute;ban
+	sosem lesz teljesen biztons&aacute;gos.</para>
 
-      <para>It should also be noted that the examples contained
-	within this chapter are just that, examples.  It is not
-	recommended that these particular settings be rolled out
-	on a production system.  Implementing the various security policy modules takes
-	a good deal of thought and testing.  One who does not fully understand
-	exactly how everything works may find him or herself going
-	back through the entire system and reconfiguring many files
-	or directories.</para>
+      <para>Valamint hozz&aacute; kell tenn&uuml;nk, hogy a fejezetben
+	bemutatott p&eacute;ld&aacute;k t&eacute;nyleg csak
+	p&eacute;ld&aacute;k.  Senkinek sem tan&aacute;csoljuk, hogy az
+	itt eml&iacute;tett be&aacute;ll&iacute;t&aacute;sokat egy
+	&eacute;les rendszerre is kiterjessze.  A
+	k&uuml;l&ouml;nb&ouml;z&#245; biztons&aacute;gi modulok
+	fel&eacute;p&iacute;t&eacute;se rengeteg gondolkod&aacute;st
+	&eacute;s pr&oacute;b&aacute;lgat&aacute;st ig&eacute;nyel.  Aki
+	nem &eacute;rti meg az eg&eacute;sz
+	m&#251;k&ouml;d&eacute;s&eacute;t, k&ouml;nnyen azon kaphatja
+	mag&aacute;t, hogy &uacute;jra v&eacute;gig kell mennie a
+	rendszeren &eacute;s egyenk&eacute;nt be kell
+	&aacute;ll&iacute;tania minden k&ouml;nyvt&aacute;rat &eacute;s
+	&aacute;llom&aacute;nyt.</para>
     </warning>
 
     <sect2>
-      <title>What Will Not Be Covered</title>
+      <title>Amivel itt nem foglalkozunk</title>
+
+      <para>Ebben a fejezetben a <acronym>MAC</acronym> rendszerrel
+	kapcsolatban rengeteg biztons&aacute;gi k&eacute;rd&eacute;ssel
+	foglalkozni fogunk.  Azonban az &uacute;j <acronym>MAC</acronym>
+	biztons&aacute;gi modulok kifejleszt&eacute;s&eacute;t
+	m&aacute;r nem &eacute;rintj&uuml;k.  Sz&aacute;mos olyan
+	biztons&aacute;gi modul tal&aacute;lhat&oacute; a
+	<acronym>MAC</acronym> rendszerben, amelyek rendelkeznek az
+	&uacute;j modulok kialak&iacute;t&aacute;s&aacute;hoz &eacute;s
+	tesztel&eacute;s&eacute;hez sz&uuml;ks&eacute;ges
+	jellemz&#245;kkel.  Ilyenek t&ouml;bbek k&ouml;zt a
+	&man.mac.test.4;, &man.mac.stub.4; &eacute;s a &man.mac.none.4;.
+	Ezekr&#245;l a biztons&aacute;gi modulokr&oacute;l &eacute;s az
+	&aacute;ltaluk szolg&aacute;ltatott mechnanizmusokr&oacute;l a
+	man oldalaik tudnak b&#245;vebb
+	t&aacute;j&eacute;koztat&aacute;st adni.</para>
 
-      <para>This chapter covers a broad range of security issues relating
-	to the <acronym>MAC</acronym> framework.  The
-	development of new <acronym>MAC</acronym> security policy modules
-	will not be covered.  A number of security policy modules included with the
-	<acronym>MAC</acronym> framework have specific characteristics
-	which are provided for both testing and new module
-	development. These include the &man.mac.test.4;,
-	&man.mac.stub.4; and &man.mac.none.4;.
-        For more information on these security policy modules and the various
-	mechanisms they provide, please review the manual pages.</para>
     </sect2>
   </sect1>
 
   <sect1 id="mac-inline-glossary">
-    <title>Key Terms in this Chapter</title>
+    <title>A fejezet fontosabb fogalmai</title>
 
-    <para>Before reading this chapter, a few key terms must be
-      explained.  This will hopefully clear up any confusion that
-      may occur and avoid the abrupt introduction of new terms
-      and information.</para>
+    <para>A fejezet tartalm&aacute;nak kifejt&eacute;s&eacute;hez
+      sz&uuml;ks&eacute;g&uuml;nk lesz n&eacute;h&aacute;ny fontosabb
+      alapfogalom tiszt&aacute;z&aacute;s&aacute;ra.
+      Seg&iacute;ts&eacute;g&uuml;kkel v&eacute;lhet&#245;en
+      siker&uuml;l eloszlatni a t&eacute;ma feldolgoz&aacute;sa
+      sor&aacute;n felmer&uuml;l&#245;
+      f&eacute;lre&eacute;rt&eacute;seket illetve elker&uuml;lni az
+      &uacute;j fogalmak &eacute;s inform&aacute;ci&oacute;k
+      v&aacute;ratlan felbukkan&aacute;s&aacute;t.</para>
 
     <itemizedlist>
-      <listitem>
-	<para><emphasis>compartment</emphasis>: A compartment is a
-	  set of programs and data to be partitioned or separated,
-	  where users are given explicit access to specific components
-	  of a system.  Also, a compartment represents a grouping,
-	  such as a work group, department, project, or topic.  Using
-	  compartments, it is possible to implement a need-to-know
-	  security policy.</para>
+       <listitem>
+	<para><emphasis>alany</emphasis>: Alanynak tekint&uuml;nk a
+	  rendszerben minden olyan akt&iacute;v egyedet, ami
+	  inform&aacute;ci&oacute;t &aacute;ramoltat az
+	  <emphasis>objektumok</emphasis>, teh&aacute;t a
+	  felhaszn&aacute;l&oacute;k, a processzorok, a rendszerben
+	  fut&oacute; programok stb.  k&ouml;z&ouml;tt.  A &os;-ben
+	  majdnem minden esetben a felhaszn&aacute;l&oacute;k egy
+	  sz&aacute;lon kereszt&uuml;l vez&eacute;rlik a fut&oacute;
+	  programokat.</para>
       </listitem>
 
-      <listitem>
-	<para><emphasis>high water mark</emphasis>: A high water mark
-	  policy is one which permits the raising of security levels
-	  for the purpose of accessing higher level information.  In
-	  most cases, the original level is restored after the process
-	  is complete.  Currently, the &os; <acronym>MAC</acronym>
-	  framework does not have a policy for this, but the definition
-	  is included for completeness.</para>
+       <listitem>
+	<para><emphasis>c&iacute;mke</emphasis>: A c&iacute;mke egy
+	  olyan biztons&aacute;gi tulajdons&aacute;g, ami vonatkozhat
+	  &aacute;llom&aacute;nyokra, k&ouml;nyvt&aacute;rakra vagy a
+	  rendszer m&aacute;s elemeire.  Egy c&iacute;mke
+	  tekinthet&#245; a bizalmass&aacute;got jelz&#245;
+	  pecs&eacute;tnek is: ha egy &aacute;llom&aacute;nyra
+	  c&iacute;mk&eacute;t tesz&uuml;nk, akkor benne megadjuk a
+	  r&aacute; vonatkoz&oacute; biztons&aacute;gi jellemz&#245;ket,
+	  &eacute;s csak a hozz&aacute; hasonl&oacute; biztons&aacute;gi
+	  be&aacute;ll&iacute;t&aacute;sokkal rendelkez&#245;
+	  &aacute;llom&aacute;nyok, felhaszn&aacute;l&oacute;k,
+	  er&#245;forr&aacute;sok stb.  &eacute;rhetik el.  A
+	  c&iacute;mk&eacute;k jelent&eacute;s&eacute;t &eacute;s
+	  &eacute;rtelmez&eacute;s&eacute;t a h&aacute;zirendek
+	  be&aacute;ll&iacute;t&aacute;sa hat&aacute;rozza meg:
+	  m&iacute;g egyes h&aacute;zirendek a c&iacute;mk&eacute;ket
+	  egy objektum s&eacute;rtetlens&eacute;g&eacute;nek vagy
+	  titkoss&aacute;g&aacute;nak tekintik, addig m&aacute;sok a
+	  hozz&aacute;f&eacute;r&eacute;ssel kapcsolatos
+	  szab&aacute;lyokat r&ouml;gz&iacute;tik benn&uuml;k.</para>
       </listitem>
 
       <listitem>
-	<para><emphasis>integrity</emphasis>: Integrity, as a key
-	  concept, is the level of trust which can be placed on data.
-	  As the integrity of the data is elevated, so does the ability
-	  to trust that data.</para>
+	<para><emphasis>egyc&iacute;mk&eacute;s</emphasis>:
+	  Egyc&iacute;mk&eacute;s esetr&#245;l akkor
+	  besz&eacute;l&uuml;nk, amikor az adat
+	  &aacute;raml&aacute;s&aacute;nak
+	  szab&aacute;lyoz&aacute;s&aacute;ra az eg&eacute;sz
+	  &aacute;llom&aacute;nyrendszer egyetlen c&iacute;mk&eacute;t
+	  alkalmaz.  Ha ezt be&aacute;ll&iacute;tjuk egy
+	  &aacute;llom&aacute;nyrendszern&eacute;l, de nem adjuk meg
+	  vele egy&uuml;tt a <option>multilabel</option> opci&oacute;t,
+	  akkor az &ouml;sszes &aacute;llom&aacute;nyra ugyanaz a
+	  c&iacute;mke &eacute;rv&eacute;nyes.</para>
       </listitem>
 
-      <listitem>
-	<para><emphasis>label</emphasis>: A label is a security
-	  attribute which can be applied to files, directories, or
-	  other items in the system.  It could be considered
-	  a confidentiality stamp; when a label is placed on
-	  a file it describes the security properties for that specific
-	  file and will only permit access by files, users, resources,
-	  etc. with a similar security setting.  The meaning and
-	  interpretation of label values depends on the policy configuration: while
-	  some policies might treat a label as representing the
-	  integrity or secrecy of an object, other policies might use
-	  labels to hold rules for access.</para>
+     <listitem>
+	<para><emphasis>er&#245;s v&iacute;zjel</emphasis>: Az er&#245;s
+	  v&iacute;zjel h&aacute;zirendje szerint a biztons&aacute;gi
+	  szint akkor n&ouml;velhet&#245;, ha magasabb szint&#251;
+	  inform&aacute;ci&oacute;khoz akarunk hozz&aacute;jutni.  A
+	  legt&ouml;bb esetben a folyamatok befejez&#245;d&eacute;se
+	  ut&aacute;n vissza&aacute;ll&iacute;t&oacute;dik az eredeti
+	  szint.  A &os; <acronym>MAC</acronym> rendszere pillanatnyilag
+	  ehhez nem tartalmaz h&aacute;zirendet, de a teljess&eacute;g
+	  kedv&eacute;&eacute;rt megadtuk ennek a
+	  defin&iacute;ci&oacute;j&aacute;t is.</para>
       </listitem>
 
-      <listitem>
-	<para><emphasis>level</emphasis>: The increased or decreased
-	  setting of a security attribute.  As the level increases,
-	  its security is considered to elevate as well.</para>
+     <listitem>
+	<para><emphasis>gyenge v&iacute;zjel</emphasis>: A gyenge
+	  v&iacute;zjel h&aacute;zirendje szerint a biztons&aacute;gi
+	  szint cs&ouml;kkenthet&#245; az alacsonyabb szint&#251;
+	  inform&aacute;ci&oacute;k el&eacute;r&eacute;se
+	  &eacute;rdek&eacute;ben.  A legt&ouml;bb esetben a folyamatok
+	  befejez&#245;d&eacute;se ut&aacute;n
+	  vissza&aacute;ll&iacute;t&oacute;dik az eredeti szint.  A
+	  &os;-ben ezt a h&aacute;zirendet egyed&uuml;l a
+	  &man.mac.lomac.4; alkalmazza.</para>
       </listitem>
 
       <listitem>
-	<para><emphasis>low water mark</emphasis>: A low water mark
-	  policy is one which permits lowering of the security levels
-	  for the purpose of accessing information which is less
-	  secure.  In most cases, the original security level of the
-	  user is restored after the process is complete.  The only
-	  security policy module in &os; to use this is
-	  &man.mac.lomac.4;.</para>
+	<para><emphasis>h&aacute;zirend</emphasis>: Szab&aacute;lyok
+	  olyan gy&#251;jtem&eacute;nye, ami megadja, hogy mik&eacute;nt
+	  kell a c&eacute;lokat teljes&iacute;teni.  Egy
+	  <emphasis>h&aacute;zirend</emphasis> &aacute;ltal&aacute;ban
+	  az egyes elemek kezel&eacute;s&eacute;t r&ouml;gz&iacute;ti.
+	  Ebben a fejezetben a <emphasis>h&aacute;zirend</emphasis>
+	  kifejez&eacute;s alatt a <emphasis>biztons&aacute;gi
+	  h&aacute;zirendet</emphasis> &eacute;rtj&uuml;k, teh&aacute;t
+	  olyan szab&aacute;lyok gy&#251;jtem&eacute;ny&eacute;t,
+	  amelyek az adatok &eacute;s az inform&aacute;ci&oacute;
+	  &aacute;raml&aacute;s&aacute;t hat&aacute;rozz&aacute;k meg,
+	  tov&aacute;bb&aacute; megadj&aacute;k, hogy
+	  k&ouml;z&uuml;l&uuml;k ki mihez f&eacute;rhet
+	  hozz&aacute;.</para>
       </listitem>
 
       <listitem>
-	<para><emphasis>multilabel</emphasis>: The
-	  <option>multilabel</option> property is a file system option
-	  which can be set in single user mode using the
-	  &man.tunefs.8; utility, during the boot operation
-	  using the &man.fstab.5; file, or during the creation of
-	  a new file system.  This option will permit an administrator
-	  to apply different <acronym>MAC</acronym> labels on different
-	  objects.  This option
-	  only applies to security policy modules which support labeling.</para>
+	<para><emphasis>k&eacute;nyess&eacute;g</emphasis>:
+	  &Aacute;ltal&aacute;ban az <acronym>MLS</acronym>
+	  t&aacute;rgyal&aacute;sakor ker&uuml;l el&#245;.  Az
+	  k&eacute;nyess&eacute;g szintj&eacute;vel az adatok
+	  fontoss&aacute;g&aacute;t vagy titkoss&aacute;g&aacute;t
+	  szokt&aacute;k jel&ouml;lni.  A k&eacute;nyess&eacute;gi szint
+	  n&ouml;veked&eacute;s&eacute;vel n&ouml;vekszik az adat
+	  titkoss&aacute;g&aacute;nak vagy bizalmass&aacute;g&aacute;nak
+	  szintje.</para>
       </listitem>
 
-      <listitem>
-	<para><emphasis>object</emphasis>: An object or system
-	  object is an entity through which information flows
-	  under the direction of a <emphasis>subject</emphasis>.
-	  This includes directories, files, fields, screens, keyboards,
-	  memory, magnetic storage, printers or any other data
-	  storage/moving device.  Basically, an object is a data container or
-	  a system resource; access to an <emphasis>object</emphasis>
-	  effectively means access to the data.</para>
+    <listitem>
+	<para><emphasis>objektum</emphasis>: Objektum vagy
+	  rendszerobjektum minden olyan egyed, amelyen
+	  inform&aacute;ci&oacute; folyik kereszt&uuml;l az
+	  <emphasis>alanyok</emphasis>
+	  ir&aacute;ny&iacute;t&aacute;s&aacute;val.  Ezek lehetnek
+	  t&ouml;bbek k&ouml;zt k&ouml;nyvt&aacute;rak,
+	  &aacute;llom&aacute;nyok, mez&#245;k, k&eacute;perny&#245;k,
+	  billenty&#251;zetek, mem&oacute;ria, m&aacute;gneses
+	  t&aacute;rol&oacute;eszk&ouml;z&ouml;k, nyomtat&oacute;k vagy
+	  b&aacute;rmilyen m&aacute;s
+	  adatt&aacute;rol&oacute;/hordoz&oacute; eszk&ouml;z.  Az
+	  objektumok alapvet&#245;en adatt&aacute;rol&oacute;k vagy a
+	  rendszer er&#245;forr&aacute;sai.  Egy
+	  <emphasis>objektum</emphasis> el&eacute;r&eacute;s&eacute;n
+	  gyakorlatilag az adatok el&eacute;r&eacute;s&eacute;t
+	  &eacute;rtj&uuml;k.</para>
       </listitem>
 
       <listitem>
-	<para><emphasis>policy</emphasis>: A collection of rules
-	  which defines how objectives are to be achieved.  A
-	  <emphasis>policy</emphasis> usually documents how certain
-	  items are to be handled.  This chapter will
-	  consider the term <emphasis>policy</emphasis> in this
-	  context as a <emphasis>security policy</emphasis>; i.e.
-	  a collection of rules which will control the flow of data
-	  and information and define whom will have access to that
-	  data and information.</para>
+	<para><emphasis>rekesz</emphasis>: Egy rekeszbe soroljuk az
+	  elrekeszteni vagy elk&uuml;l&ouml;n&iacute;teni
+	  k&iacute;v&aacute;nt programok &eacute;s adatok
+	  &ouml;sszes&eacute;g&eacute;t, ahol a
+	  felhaszn&aacute;l&oacute;k explicit m&oacute;don
+	  k&eacute;pesek hozz&aacute;f&eacute;rni a rendszer bizonyos
+	  komponenseihez.  Emellett a rekesz utalhat egy
+	  tetsz&#245;leges csoportos&iacute;t&aacute;sra is,
+	  p&eacute;ld&aacute;ul munkacsoportra, oszt&aacute;lyra,
+	  projektre vagy t&eacute;m&aacute;ra.  A rekeszek
+	  haszn&aacute;lata elengedhetetlen a biztons&aacute;gi
+	  h&aacute;zirendek kialak&iacute;t&aacute;s&aacute;hoz.</para>
       </listitem>
 
       <listitem>
-	<para><emphasis>sensitivity</emphasis>: Usually used when
-	  discussing <acronym>MLS</acronym>.  A sensitivity level is
-	  a term used to describe how important or secret the data
-	  should be.  As the sensitivity level increases, so does the
-	  importance of the secrecy, or confidentiality of the data.</para>
+	<para><emphasis>s&eacute;rtetlens&eacute;g</emphasis>: A
+	  s&eacute;rtetlens&eacute;g, mint kulcsfogalom, az adatok
+	  megb&iacute;zhat&oacute;s&aacute;g&aacute;nak szintje.
+	  Min&eacute;l s&eacute;rtetlenebb az adat, ann&aacute;l
+	  ink&aacute;bb tekinthetj&uuml;k
+	  megb&iacute;zhat&oacute;nak.</para>
       </listitem>
 
       <listitem>
-	<para><emphasis>single label</emphasis>: A single label is
-	  when the entire file system uses one label to
-	  enforce access control over the flow of data.  When a file
-	  system has this set, which is any time when the
-	  <option>multilabel</option> option is not set, all
-	  files will conform to the same label setting.</para>
+	<para><emphasis>szint</emphasis>: Egy biztons&aacute;gi
+	  tulajdons&aacute;g megn&ouml;velt vagy lecs&ouml;kkentett
+	  be&aacute;ll&iacute;t&aacute;sa.  A szint
+	  n&ouml;veked&eacute;s&eacute;vel egy&uuml;tt a
+	  biztons&aacute;g m&eacute;rt&eacute;ke is
+	  n&ouml;vekszik.</para>
       </listitem>
 
       <listitem>
-	<para><emphasis>subject</emphasis>: a subject is any
-	  active entity that causes information to flow between
-	  <emphasis>objects</emphasis>; e.g. a user, user processor,
-	  system process, etc.  On &os;, this is almost always a thread
-	  acting in a process on behalf of a user.</para>
+	<para><emphasis>t&ouml;bbc&iacute;mk&eacute;s</emphasis>: A
+	  <option>multilabel</option> vagyis
+	  t&ouml;bbc&iacute;mk&eacute;s jellemz&#245; az
+	  &aacute;llom&aacute;nyrendszerek eset&eacute;n fordulhat
+	  el&#245;, &eacute;s a &man.tunefs.8; seg&eacute;dprogrammal
+	  &aacute;ll&iacute;that&oacute; be
+	  egyfelhaszn&aacute;l&oacute;s m&oacute;dban vagy a rendszer
+	  ind&iacute;t&aacute;sa sor&aacute;n az &man.fstab.5;
+	  &aacute;llom&aacute;nyon kereszt&uuml;l, esetleg egy &uacute;j
+	  &aacute;llom&aacute;nyrendszer l&eacute;trehoz&aacute;sakor.
+	  Ezzel a be&aacute;ll&iacute;t&aacute;ssal a rendszergazda
+	  k&uuml;l&ouml;nf&eacute;le <acronym>MAC</acronym>
+	  c&iacute;mk&eacute;ket rendelhet k&uuml;l&ouml;nb&ouml;z&#245;
+	  objektumokhoz.  Ez a be&aacute;ll&iacute;t&aacute;s
+	  term&eacute;szetesen csak olyan biztons&aacute;gi modulok
+	  eset&eacute;n &eacute;l, amelyek tudnak
+	  c&iacute;mk&eacute;zni.</para>
       </listitem>
-    </itemizedlist>
+
+   </itemizedlist>
   </sect1>
 
   <sect1 id="mac-initial">
-    <title>Explanation of MAC</title>
+    <title>A MAC ismertet&eacute;se</title>
 
-    <para>With all of these new terms in mind, consider how the
-      <acronym>MAC</acronym> framework augments the security of
-      the system as a whole.  The various security policy modules provided by
-      the <acronym>MAC</acronym> framework could be used to
-      protect the network and file systems, block users from
-      accessing certain ports and sockets, and more.  Perhaps
-      the best use of the policy modules is to blend them together, by loading
-      several security policy modules at a time for a multi-layered
-      security environment.  In a multi-layered security environment,
-      multiple policy modules are in effect to keep security in check.  This
-      is different to a hardening policy, which typically hardens
-      elements of a system that is used only for specific purposes.
-      The only downside is administrative overhead in cases of
-      multiple file system labels, setting network access control
-      user by user, etc.</para>
+    <para>Az im&eacute;nt defini&aacute;lt &uacute;j fogalmak
+      t&uuml;kr&eacute;ben most n&eacute;zz&uuml;k meg, hogy a
+      <acronym>MAC</acronym> rendszer alkalmaz&aacute;s&aacute;val
+      mik&eacute;nt jav&iacute;thatunk rendszer&uuml;nk
+      biztons&aacute;g&aacute;n.  A <acronym>MAC</acronym> rendszerhez
+      k&eacute;sz&iacute;tett k&uuml;l&ouml;nb&ouml;z&#245;
+      biztons&aacute;gi modulok alkalmasak a h&aacute;l&oacute;zat
+      &eacute;s az &aacute;llom&aacute;nyrendszerek
+      v&eacute;delm&eacute;re, valamint seg&iacute;ts&eacute;g&uuml;kkel
+      megakad&aacute;lyozhatjuk, hogy a felhaszn&aacute;l&oacute;k
+      el&eacute;rhessenek bizonyos portokat &eacute;s
+      csatlakoz&aacute;sokat stb.  A h&aacute;zirendeket
+      form&aacute;z&oacute; modulokat tal&aacute;n egy&uuml;ttesen
+      tudjuk a leghat&eacute;konyabban alkalmazni, &eacute;s ha
+      egyszerre t&ouml;bb modul bet&ouml;lt&eacute;s&eacute;vel egy
+      t&ouml;bbr&eacute;teg&#251; v&eacute;delmi rendszert
+      alak&iacute;tunk ki.  Ez nem ugyanaz, mint a rendszer
+      meger&#245;s&iacute;t&eacute;se, ahol a rendszer
+      &ouml;sszetev&#245;it jellemz&#245; m&oacute;don csak bizonyos
+      c&eacute;lok tekintet&eacute;ben edzz&uuml;k meg.  A
+      m&oacute;dszer egyed&uuml;li h&aacute;tul&uuml;t&#245;i a
+      t&ouml;bbsz&ouml;r&ouml;s &aacute;llom&aacute;nyrendszeri
+      c&iacute;mk&eacute;kkel, a felhaszn&aacute;l&oacute;nk&eacute;nt
+      be&aacute;ll&iacute;tand&oacute; h&aacute;l&oacute;zati
+      el&eacute;r&eacute;ssel stb.  j&aacute;r&oacute;
+      adminisztr&aacute;ci&oacute;s k&ouml;lts&eacute;gek.</para>
 
-    <para>These downsides are minimal when compared to the lasting
-      effect of the framework; for instance, the ability to pick and choose
-      which policies are required for a specific configuration keeps
-      performance overhead down.  The reduction of support for unneeded
-      policies can increase the overall performance of the system as well as
-      offer flexibility of choice.  A good implementation would
-      consider the overall security requirements and effectively implement
-      the various security policy modules offered by the framework.</para>
+    <para>Ezek a h&aacute;tr&aacute;nyok azonban elt&ouml;rp&uuml;lnek a
+      l&eacute;trehozott rendszer tart&oacute;ss&aacute;g&aacute;val
+      szemben.  P&eacute;ld&aacute;ul ha k&eacute;pesek vagyunk
+      megmondani, hogy az adott konfigur&aacute;ci&oacute;ban milyen
+      h&aacute;zirendek alkalmaz&aacute;s&aacute;ra van
+      sz&uuml;ks&eacute;g, akkor ezzel az adminisztr&aacute;ci&oacute;s
+      k&ouml;lts&eacute;gek visszaszor&iacute;that&oacute;ak.  A
+      sz&uuml;ks&eacute;gtelen h&aacute;zirendek
+      elt&aacute;vol&iacute;t&aacute;s&aacute;val m&eacute;g
+      n&ouml;velhetj&uuml;k is a rendszer
+      &ouml;sszteljes&iacute;tm&eacute;ny&eacute;t, valamint az
+      &iacute;gy felk&iacute;n&aacute;lt rugalmass&aacute;got.  Egy
+      j&oacute; kialak&iacute;t&aacute;sban figyelembe kell venni az
+      &ouml;sszes biztons&aacute;gi el&#245;&iacute;r&aacute;st
+      &eacute;s hat&eacute;konyan megval&oacute;s&iacute;tani ezeket a
+      rendszer &aacute;ltal felaj&aacute;nlott
+      k&uuml;l&ouml;nf&eacute;le biztons&aacute;gi modulokkal.</para>
 
-    <para>Thus a system utilizing <acronym>MAC</acronym> features
-      should at least guarantee that a user will not be permitted
-      to change security attributes at will; all user utilities,
-      programs and scripts must work within the constraints of
-      the access rules provided by the selected security policy modules; and
-      that total control of the <acronym>MAC</acronym> access
-      rules are in the hands of the system administrator.</para>
+    <para>Ez&eacute;rt teh&aacute;t a <acronym>MAC</acronym>
+      lehet&#245;s&eacute;geit kihaszn&aacute;l&oacute; rendszerekben
+      legal&aacute;bb annyit meg kell tudni oldani, hogy a
+      felhaszn&aacute;l&oacute;k ne v&aacute;ltoztathass&aacute;k
+      kedv&uuml;kre a biztons&aacute;gi tulajdons&aacute;gokat.  Az
+      &ouml;sszes felhaszn&aacute;l&oacute;i seg&eacute;dprogramnak,
+      programnak &eacute;s szkriptnek a kiv&aacute;lasztott
+      biztons&aacute;gi modulokban szerepl&#245;
+      hozz&aacute;f&eacute;r&eacute;si szab&aacute;lyokkal
+      kifesz&iacute;tett kereten bel&uuml;l kell mozognia.  A
+      <acronym>MAC</acronym> tot&aacute;lis
+      ir&aacute;ny&iacute;t&aacute;sa pedig a rendszergazda
+      kez&eacute;ben van.</para>
 
-    <para>It is the sole duty of the system administrator to
-      carefully select the correct security policy modules.  Some environments
-      may need to limit access control over the network; in these
-      cases, the &man.mac.portacl.4;, &man.mac.ifoff.4; and even
-      &man.mac.biba.4; policy modules might make good starting points.  In other
-      cases, strict confidentiality of file system objects might
-      be required.  Policy modules such as &man.mac.bsdextended.4;
-      and &man.mac.mls.4; exist for this purpose.</para>
+    <para>A rendszergazda &iacute;gy egyed&uuml;l csak a megfelel&#245;
+      biztons&aacute;gi modulok gondos
+      &ouml;sszev&aacute;logat&aacute;s&aacute;&eacute;rt felel&#245;s.
+      Bizonyos k&ouml;rnyezetekben sz&uuml;ks&eacute;ges lehet a
+      h&aacute;l&oacute;zaton kereszt&uuml;li
+      hozz&aacute;f&eacute;r&eacute;sek korl&aacute;toz&aacute;sa is.
+      Ilyen esetekben a &man.mac.portacl.4;, &man.mac.ifoff.4; vagy a
+      &man.mac.biba.4; modulokt&oacute;l &eacute;rdemes elindulnunk.
+      M&aacute;s esetekben az &aacute;llom&aacute;nyrendszerek
+      objektumainak bizalmass&aacute;g&aacute;t kell csup&aacute;n
+      meg&#245;rizn&uuml;nk.  Erre a c&eacute;lra a
+      &man.mac.bsdextended.4; &eacute;s &man.mac.mls.4; modulok a
+      legalkalmasabbak.</para>
 
-    <para>Policy decisions could be made based on network
-      configuration.  Perhaps only certain users should be permitted
-      access to facilities provided by &man.ssh.1; to access the
-      network or the Internet.  The &man.mac.portacl.4; would be
-      the policy module of choice for these situations.  But what should be
-      done in the case of file systems?  Should all access to certain
-      directories be severed from other groups or specific
-      users?  Or should we limit user or utility access to specific
-      files by setting certain objects as classified?</para>
+    <para>A h&aacute;zirendekhez kapcsol&oacute;d&oacute;
+      d&ouml;nt&eacute;sek a h&aacute;l&oacute;zati
+      be&aacute;ll&iacute;t&aacute;sok alapj&aacute;n is
+      meghozhat&oacute;ak.  Elk&eacute;pzelhet&#245;, hogy csak bizonyos
+      felhaszn&aacute;l&oacute;k f&eacute;rhetnek hozz&aacute; az
+      &man.ssh.1; szolg&aacute;ltat&aacute;sain kereszt&uuml;l a
+      h&aacute;l&oacute;zathoz vagy az internethez.  A
+      &man.mac.portacl.4; pontosan ilyen helyzetekben tud a
+      seg&iacute;ts&eacute;g&uuml;nkre sietni.  De mit tegy&uuml;nk az
+      &aacute;llom&aacute;nyrendszerek eset&eacute;n?  V&aacute;gjunk el
+      adott felhaszn&aacute;l&oacute;kat vagy csoportokat bizonyos
+      k&ouml;nyvt&aacute;rakt&oacute;l?  Vagy korl&aacute;tozzuk a
+      felhaszn&aacute;l&oacute;k vagy seg&eacute;dprogramok
+      hozz&aacute;f&eacute;r&eacute;s&eacute;t adott
+      &aacute;llom&aacute;nyokhoz bizonyos objektumok bizalmass&aacute;
+      nyilv&aacute;n&iacute;t&aacute;s&aacute;val?</para>
 
-    <para>In the file system case, access to objects might be
-      considered confidential to some users, but not to others.
-      For an example, a large development team might be broken
-      off into smaller groups of individuals.  Developers in
-      project A might not be permitted to access objects written
-      by developers in project B.  Yet they might need to access
-      objects created by developers in project C; that is quite a
-      situation indeed.  Using the different security policy modules provided by
-      the <acronym>MAC</acronym> framework; users could
-      be divided into these groups and then given access to the
-      appropriate areas without fear of information
-      leakage.</para>
+    <para>Az &aacute;llom&aacute;nyrendszerek eset&eacute;ben az
+      objektumokat n&eacute;h&aacute;ny felhaszn&aacute;l&oacute;
+      el&eacute;rheti, m&aacute;sok pedig nem.  P&eacute;ld&aacute;ul
+      egy nagyobb fejleszt&#245;csapat kisebb csoportokra
+      bonthat&oacute;.  Az A projektben r&eacute;sztvev&#245;
+      fejleszt&#245;k nem f&eacute;rhetnek hozz&aacute; a B projektben
+      dolgoz&oacute; fejleszt&#245;k munk&aacute;j&aacute;hoz.  Ellenben
+      sz&uuml;ks&eacute;g&uuml;k lehet a C projekten
+      munk&aacute;lkod&oacute; fejleszt&#245;k &aacute;ltal
+      l&eacute;trehozott objektumokra.  Ez egy igen &eacute;rdekes
+      helyzet.  A <acronym>MAC</acronym> rendszer &aacute;ltal
+      felk&iacute;n&aacute;lt k&uuml;l&ouml;nb&ouml;z&#245;
+      biztons&aacute;gi modulokra &eacute;p&iacute;tkezve azonban
+      k&ouml;nnyed&eacute;n csoportokba tudjuk szervezni a
+      felhaszn&aacute;l&oacute;kat, &eacute;s a megfelel&#245;
+      ter&uuml;letekhez az inform&aacute;ci&oacute;
+      kisziv&aacute;rg&aacute;sa n&eacute;lk&uuml;l hozz&aacute; tudjuk
+      &#245;ket engedni.</para>
 
-    <para>Thus, each security policy module has a unique way of dealing with
-      the overall security of a system.  Module selection should be based
-      on a well thought out security policy.  In many cases, the
-      overall policy may need to be revised and reimplemented on
-      the system.  Understanding the different security policy modules offered by
-      the <acronym>MAC</acronym> framework will help administrators
-      choose the best policies for their situations.</para>
+    <para>Ennek k&ouml;vetkezt&eacute;ben minden egyes biztons&aacute;gi
+      modul a maga m&oacute;dj&aacute;n gondoskodik az eg&eacute;sz
+      rendszer biztons&aacute;g&aacute;r&oacute;l.  A c&eacute;ljainknak
+      megfelel&#245; modulokat egy j&oacute;l &aacute;tgondolt
+      biztons&aacute;gi h&aacute;zirend alapj&aacute;n v&aacute;lasszuk
+      ki.  Sok esetben az eg&eacute;sz h&aacute;zirendet &aacute;t kell
+      tekinteni &eacute;s &uacute;jra kell alkalmazni a rendszerben.  A
+      <acronym>MAC</acronym> &aacute;ltal felaj&aacute;nlott
+      k&uuml;l&ouml;nb&ouml;z&#245; biztons&aacute;gi modulok
+      meg&eacute;rt&eacute;se seg&iacute;t a rendszergazd&aacute;knak
+      megv&aacute;lasztani az adott helyzetben legjobban
+      alkalmazhat&oacute; h&aacute;zirendeket.</para>
 
-    <para>The default &os; kernel does not include the option for
-      the <acronym>MAC</acronym> framework; thus the following
-      kernel option must be added before trying any of the examples or
-      information in this chapter:</para>
+    <para>A &os; rendszermagja alapb&oacute;l nem tartalmazza a
+      <acronym>MAC</acronym> rendszert.  Ez&eacute;rt a fejezetben
+      szerepl&#245; p&eacute;ld&aacute;k vagy az itt le&iacute;rtak
+      kipr&oacute;b&aacute;l&aacute;s&aacute;hoz az al&aacute;bbi
+      be&aacute;ll&iacute;t&aacute;st kell hozz&aacute;tenn&uuml;nk a
+      rendszermag be&aacute;ll&iacute;t&aacute;sait tartalmaz&oacute;
+      &aacute;llom&aacute;nyhoz:</para>
 
     <programlisting>options	MAC</programlisting>
 
-    <para>And the kernel will require a rebuild and a reinstall.</para>
+    <para>Majd ford&iacute;tsuk &eacute;s telep&iacute;ts&uuml;k
+      &uacute;jra a rendszermagot.</para>
 
     <caution>
-      <para>While the various manual pages for <acronym>MAC</acronym>
-	policy modules state that they may be built into the kernel,
-	it is possible to lock the system out of
-	the network and more.  Implementing <acronym>MAC</acronym>
-	is much like implementing a firewall, care must be taken
-	to prevent being completely locked out of the system.  The
-	ability to revert back to a previous configuration should be
-	considered while the implementation of <acronym>MAC</acronym>
-	remotely should be done with extreme caution.</para>
+      <para>Mik&ouml;zben a <acronym>MAC</acronym> rendszerhez
+	k&eacute;sz&uuml;lt k&uuml;l&ouml;nb&ouml;z&#245; modulok a
+	saj&aacute;t man oldalaik szerint szint&eacute;n ig&eacute;nylik
+	a be&eacute;p&iacute;t&eacute;s&uuml;ket, vigy&aacute;zzunk
+	vel&uuml;k, mert ezzel a rendszer&uuml;ket pillanatok alatt ki
+	tudjuk z&aacute;rni a h&aacute;l&oacute;zatb&oacute;l &eacute;s
+	&iacute;gy tov&aacute;bb.  A <acronym>MAC</acronym> alap&uacute;
+	v&eacute;delem fel&eacute;p&iacute;t&eacute;se legink&aacute;bb
+	egy t&#251;zfal
+	&ouml;ssze&aacute;ll&iacute;t&aacute;s&aacute;hoz
+	hasonl&iacute;that&oacute;, ahol ugyan&iacute;gy sz&aacute;molni
+	kell azzal, hogy egy &oacute;vatlan paranccsal
+	kiz&aacute;rhatjuk magunkat a rendszerb&#245;l.  Valamilyen
+	m&oacute;don mindig pr&oacute;b&aacute;ljunk gondoskodni a
+	rendszer el&#245;z&#245; &aacute;llapot&aacute;nak
+	vissza&aacute;ll&iacute;that&oacute;s&aacute;g&aacute;r&oacute;l,
+	&eacute;s a <acronym>MAC</acronym> t&aacute;voli
+	adminisztr&aacute;ci&oacute;j&aacute;t mindig nagyfok&uacute;
+	k&ouml;r&uuml;ltekint&eacute;ssel v&eacute;gezz&uuml;k.</para>
     </caution>
+
   </sect1>
 
   <sect1 id="mac-understandlabel">
-    <title>Understanding MAC Labels</title>
+    <title>B&#245;vebben a MAC c&iacute;mk&eacute;ir&#245;l</title>
 
-    <para>A <acronym>MAC</acronym> label is a security attribute
-      which may be applied to subjects and objects throughout
-      the system.</para>
+    <para>A <acronym>MAC</acronym>-c&iacute;mke egy olyan
+      biztons&aacute;gi tulajdons&aacute;g, amelyet a rendszerben
+      tal&aacute;lhat&oacute; alanyokhoz &eacute;s objektumokhoz
+      rendelhet&uuml;nk.</para>
 
-    <para>When setting a label, the user must be able to comprehend
-      what it is, exactly, that is being done.  The attributes
-      available on an object depend on the policy module loaded, and that
-      policy modules interpret their attributes in different
-      ways.  If improperly configured due to lack of comprehension, or
-      the inability to understand the implications, the result will
-      be the unexpected and perhaps, undesired, behavior of the
-      system.</para>
+    <para>Egy c&iacute;mke be&aacute;ll&iacute;t&aacute;s&aacute;hoz a
+      felhaszn&aacute;l&oacute;nak pontosan ismernie kell, hogy ilyenkor
+      mi t&ouml;rt&eacute;nik.  Az objektumokhoz tartoz&oacute;
+      tulajdons&aacute;gok a bet&ouml;lt&ouml;tt modulokt&oacute;l
+      f&uuml;ggenek, &eacute;s az egyes modulok elt&eacute;r&#245;
+      m&oacute;don &eacute;rtelmezik ezeket a tulajdons&aacute;gokat.
+      Ha a prec&iacute;z meg&eacute;rt&eacute;s&uuml;k
+      hi&aacute;ny&aacute;ban helytelen&uuml;l &aacute;ll&iacute;tjuk be
+      ezeket, vagy nem vagyunk k&eacute;pesek tiszt&aacute;zni a
+      vel&uuml;k j&aacute;r&oacute; k&ouml;vetkezm&eacute;nyeket, akkor
+      az a rendszer&uuml;nk kisz&aacute;m&iacute;thatatlan &eacute;s
+      val&oacute;sz&iacute;n&#251;leg kedvez&#245;tlen
+      viselked&eacute;s&eacute;t eredm&eacute;nyezi.</para>
 
-    <para>The security label on an object is used as a part of a
-      security access control decision by a policy.  With some
-      policies, the label by itself contains all information necessary
-      to make a decision; in other models, the labels may be processed
-      as part of a larger rule set, etc.</para>
+    <para>A h&aacute;zirendek az objektumhoz rendelt biztons&aacute;gi
+      c&iacute;mk&eacute;ket a hozz&aacute;f&eacute;r&eacute;ssel
+      kapcsolatos d&ouml;nt&eacute;sek meghoz&aacute;s&aacute;ban
+      haszn&aacute;lj&aacute;k fel.  Bizonyos h&aacute;zirendek
+      eset&eacute;ben m&aacute;r maga a c&iacute;mke elegend&#245;
+      inform&aacute;ci&oacute;t tartalmaz a d&ouml;nt&eacute;s
+      megform&aacute;l&aacute;s&aacute;hoz.  M&aacute;shol viszont a
+      c&iacute;mk&eacute;k egy nagyobb szab&aacute;lyrendszer
+      r&eacute;szek&eacute;nt dolgoz&oacute;dnak fel stb.</para>
 
-    <para>For instance, setting the label of <literal>biba/low</literal>
-      on a file will represent a label maintained by the Biba security policy module,
-      with a value of <quote>low</quote>.</para>
+    <para>P&eacute;ld&aacute;ul ha egy &aacute;llom&aacute;nyra
+      be&aacute;ll&iacute;tjuk a <literal>biba/low</literal>
+      c&iacute;mk&eacute;t, akkor az arra fog utalni, hogy a
+      c&iacute;mk&eacute;t a Biba nev&#251; biztons&aacute;gi modul
+      kezeli &eacute;s &eacute;rt&eacute;ke <quote>low</quote>.</para>
 
-    <para>A few policy modules which support the labeling feature in
-      &os; offer three specific predefined labels.  These
-      are the low, high, and equal labels.  Although they enforce
-      access control in a different manner with each policy module, you
-      can be sure that the low label will be the lowest setting,
-      the equal label will set the subject or object to be disabled
-      or unaffected, and the high label will enforce the highest
-      setting available in the Biba and <acronym>MLS</acronym>
-      policy modules.</para>
+    <para>Az a n&eacute;h&aacute;ny modul, ami a &os;-ben
+      t&aacute;mogatja a c&iacute;mk&eacute;z&eacute;s
+      lehet&#245;s&eacute;g&eacute;t, h&aacute;rom speci&aacute;lis
+      c&iacute;mk&eacute;t defini&aacute;l el&#245;re.  Ezek rendre a
+      <quote>low</quote> (alacsony), <quote>high</quote> (magas)
+      &eacute;s <quote>equal</quote> (egyez&#245;) c&iacute;mk&eacute;k.
+      Hab&aacute;r az egyes modulok eset&eacute;n elt&eacute;r&#245;
+      m&oacute;don k&eacute;pesek vez&eacute;relni a
+      hozz&aacute;f&eacute;r&eacute;st, azt mindig biztosra
+      vehetj&uuml;k, hogy a <quote>low</quote> a legalacsonyabb
+      &eacute;rt&eacute;k, az <quote>equal</quote> c&iacute;mke
+      hat&aacute;s&aacute;ra az adott alanyt vagy objektumot
+      &eacute;rintetlen&uuml;l hagyj&aacute;k, &eacute;s a
+      <quote>high</quote> &eacute;rt&eacute;k&#251; c&iacute;mke a Biba
+      &eacute;s <acronym>MLS</acronym> modulok eset&eacute;ben a
+      legmagasabb be&aacute;ll&iacute;t&aacute;st jelenti.</para>
 
-    <para>Within single label file system environments, only one label may be
-      used on objects.  This will enforce one set of
-      access permissions across the entire system and in many
-      environments may be all that is required.  There are a few
-      cases where multiple labels may be set on objects
-      or subjects in the file system.  For those cases, the
-      <option>multilabel</option> option may be passed to
-      &man.tunefs.8;.</para>
+    <para>Az egyc&iacute;mk&eacute;s &aacute;llom&aacute;nyrendszerek
+      haszn&aacute;lata sor&aacute;n az egyes objektumonkhoz csak egyetlen
+      c&iacute;mk&eacute;t rendelhet&uuml;nk hozz&aacute;.  Ezzel az
+      eg&eacute;sz rendszerben csak egyfajta enged&eacute;lyt
+      alkalmazunk, ami sok esetben pontosan elegend&#245;.
+      L&eacute;tezik n&eacute;h&aacute;ny k&uuml;l&ouml;nleges eset,
+      amikor az &aacute;llom&aacute;nyrendszerben lev&#245; alanyokhoz
+      vagy objektumokhoz egyszerre t&ouml;bb c&iacute;mk&eacute;t is
+      hozz&aacute; kell rendeln&uuml;nk.  Ilyenkor a
+      <option>multilabel</option> opci&oacute;t kell &aacute;tadnunk a
+      &man.tunefs.8; seg&eacute;dprogramnak.</para>
 
-    <para>In the case of Biba and <acronym>MLS</acronym>, a numeric
-      label may be set to indicate the precise level of hierarchical
-      control.  This numeric level is used to partition or sort
-      information into different groups of say, classification only
-      permitting access to that group or a higher group level.</para>
+    <para>A Biba &eacute;s az <acronym>MLS</acronym> eset&eacute;ben
+      el&#245;fordulhat, hogy egy numerikus c&iacute;mk&eacute;vel fogjuk
+      jel&ouml;lni a hierarchikus ir&aacute;ny&iacute;t&aacute;s pontos
+      szintj&eacute;t.  A numerikus szintek haszn&aacute;lat&aacute;val
+      tudjuk az inform&aacute;ci&oacute;t k&uuml;l&ouml;nb&ouml;z&#245;
+      csoportokba sz&eacute;tosztani vagy elrendezni, mondjuk
+      &uacute;gy, hogy csak az adott szint&#251; vagy a felette
+      &aacute;ll&oacute; csoportok sz&aacute;m&aacute;ra
+      enged&eacute;lyezz&uuml;k a
+      hozz&aacute;f&eacute;r&eacute;st.</para>
 
-    <para>In most cases the administrator will only be setting up a
-      single label to use throughout the file system.</para>
+    <para>Az esetek t&ouml;bbs&eacute;g&eacute;ben a
+      rendszergazd&aacute;nak csak egyetlen c&iacute;mk&eacute;t kell
+      be&aacute;ll&iacute;tania az eg&eacute;sz
+      &aacute;llom&aacute;nyrendszerre.</para>
 
-    <para><emphasis>Hey wait, this is similar to <acronym>DAC</acronym>!
-      I thought <acronym>MAC</acronym> gave control strictly to the
-      administrator.</emphasis>  That statement still holds true, to some
-      extent as <username>root</username> is the one in control and who
-      configures the policies so that users are placed in the
-      appropriate categories/access levels.  Alas, many policy modules can
-      restrict the <username>root</username> user as well.  Basic
-      control over objects will then be released to the group, but
-      <username>root</username> may revoke or modify the settings
-      at any time.  This is the hierarchal/clearance model covered
-      by policies such as Biba and <acronym>MLS</acronym>.</para>
+    <para><emphasis>H&eacute;, &aacute;lljunk csak meg!  De akkor ez
+      pont olyan, mint a <acronym>DAC</acronym>!  &Eacute;n azt hittem,
+      hogy a <acronym>MAC</acronym> szigor&uacute;an a rendszergazda
+      kez&eacute;be adja az ir&aacute;ny&iacute;t&aacute;st.</emphasis>
+      Ez az &aacute;ll&iacute;t&aacute;s tov&aacute;bbra is
+      fenn&aacute;ll, mivel bizonyos &eacute;rtelemben a
+      <username>root</username> lesz az, aki be&aacute;ll&iacute;tja a
+      h&aacute;zirendeket, teh&aacute;t &#245; mondja meg, hogy a
+      felhaszn&aacute;l&oacute;k milyen kateg&oacute;ri&aacute;kba vagy
+      hozz&aacute;f&eacute;r&eacute;si szintekbe sorol&oacute;dnak.
+      Sajna sok biztons&aacute;gi modul m&eacute;g mag&aacute;t a
+      <username>root</username> felhaszn&aacute;l&oacute;t is
+      korl&aacute;tozza.  Az objektumok feletti
+      ir&aacute;ny&iacute;t&aacute;s ilyenkor a csoportra sz&aacute;ll,
+      de a <username>root</username> b&aacute;rmikor visszavonhatja vagy
+      m&oacute;dos&iacute;thatja a be&aacute;ll&iacute;t&aacute;sokat.
+      Ezzel a hierarchikus/enged&eacute;ly alap&uacute; modellel a Biba
+      &eacute;s <acronym>MLS</acronym> nev&#251; h&aacute;zirendek
+      foglalkoznak.</para>
 
     <sect2>
-      <title>Label Configuration</title>
+      <title>A c&iacute;mk&eacute;k
+	be&aacute;ll&iacute;t&aacute;sa</title>
 
-      <para>Virtually all aspects of label policy module configuration
-	will be performed using the base system utilities.  These
-	commands provide a simple interface for object or subject
-	configuration or the manipulation and verification of
-	the configuration.</para>
+      <para>A c&iacute;mk&eacute;z&eacute;shez kapcsol&oacute;d&oacute;
+	&ouml;sszes be&aacute;ll&iacute;t&aacute;st gyakorlatilag az
+	alapvet&#245; rendszerprogramokkal v&eacute;gezhetj&uuml;k el.
+	Ezek a parancsok az objektumok &eacute;s az alanyok
+	szab&aacute;lyoz&aacute;s&aacute;hoz, valamint a
+	konfigur&aacute;ci&oacute;
+	m&oacute;dos&iacute;t&aacute;s&aacute;hoz &eacute;s
+	ellen&#245;rz&eacute;s&eacute;hez adnak egy egyszer&#251;
+	kezel&#245;fel&uuml;letet.</para>
 
-      <para>All configuration may be done by use of the
-	&man.setfmac.8; and &man.setpmac.8; utilities.
-	The <command>setfmac</command> command is used to set
-	<acronym>MAC</acronym> labels on system objects while the
-	<command>setpmac</command> command is used to set the labels
-	on system subjects.  Observe:</para>
+      <para>Az &ouml;sszes konfigur&aacute;ci&oacute;s

>>> TRUNCATED FOR MAIL (1000 lines) <<<

More information about the p4-projects mailing list