[REVIEW REQUEST]: New chapter on MAC (draft)
Brian Fundakowski Feldman
green at FreeBSD.org
Tue Jun 22 01:00:24 GMT 2004
On Tue, May 11, 2004 at 04:02:25PM -0400, Tom Rhodes wrote:
> On Mon, 10 May 2004 17:49:18 -0400
> Tom Rhodes <trhodes at FreeBSD.org> wrote:
>
> Updated with comments from this list and a few in private.
>
> Check it out:
>
> > Check out the built chapter at:
> > http://people.freebsd.org/~trhodes/mac/mac.html
> >
> > Check out the source at:
> > http://people.freebsd.org/~trhodes/mac/chapter.sgml
Very nice job! Here are my notes on what I've read:
1. In 11.4.1.1, a '/' is missing in the label setting.
2. In 11.4.2 "The Singlelabel" seems syntactically strange, as does
"swap file system."
3. In 11.4.3, perhaps "sysctl -d security.mac" would be better.
4. The 11.10.1 section seems to end prematurely.
5. "Sensibility" should be "sensitivity" in 11.11. Why is the number
"six thousand" specifically mentioned?
6. In 11.13, the behavior of auxiliary-labeled directories should
be explained. Specifically, this allows creation of directories
with one grade that allow objects, of the auxiliary grade, to be
created in them -- sort of like "sticky directories." For exec,
it results in something similar to "setuid execution."
Let us know whjen you finish the next draft.
--
Brian Fundakowski Feldman \'[ FreeBSD ]''''''''''\
<> green at FreeBSD.org \ The Power to Serve! \
Opinions expressed are my own. \,,,,,,,,,,,,,,,,,,,,,,\
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list