PERFORCE change 24012 for review

Chris Costello chris at
Tue Jan 21 05:23:19 GMT 2003

Change 24012 by chris at chris_holly on 2003/01/20 21:22:40

	Break the chapters into individual files.
	Update the security definition as prompted by
	Wayne Morrison <tewok at>.  By not singling out privacy
	policies as being somehow more important than others and by
	expanding on well-being is, the risk of the reader thinking that
	privacy policies are the most common kind (they are not, FWIW, but
	that doesn't matter).

Affected files ...

.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/Makefile#2 edit
.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/book.sgml#5 edit
.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/chapter.decl#1 add
.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/chapters.ent#2 edit
.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/introduction/security-defined.sgml#1 add
.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/introduction/security-definitions.sgml#1 add

Differences ...

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/Makefile#2 (text+ko) ====

@@ -32,7 +32,7 @@
 MAINTAINER=	chris at
 DOC?=		book
-FORMATS?=	html-split
+FORMATS?=	html-split html

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/book.sgml#5 (text+ko) ====

@@ -157,7 +157,7 @@
   <preface id="preface">
-    <section id="audience">
+    <section id="preface.audience">
       <title>This Book's Audience</title>
       <para>This book is primarily targeted at system developers in an
@@ -169,6 +169,12 @@
         &man.sprog.7; manual page is intended to serve that
+    <section id="preface.organization">
+      <title>Organization of this Book</title>
+      <para>...</para>
+    </section>
   <part id="introduction">
@@ -184,93 +190,8 @@
         FreeBSD security architecture.</para>
-    <chapter id="">
-      <title>Security Defined</title>
-      <para>System security is often looked at as having the quality
-        of being inaccessible by unauthorized users.  Application
-        security is looked at as having the quality of being able to
-        handle any sort of input, regardless of validity.  Network
-        security is considered as having a fortress-like
-        impenetrability from the perspective of an outside
-        observer.</para>
-      <para>The common thread in all of these definitions is
-        essentially that security is the state of functioning as
-        intended.  Those that should have access to various files in
-        the system do, and those that should not do not.  Those that
-        should have access to the network have it, and those that
-        should not do not.</para>
-      <para><emphasis>Security, therefore, is defined as the
-          enforcement of the appropriate use of system
-          resources.</emphasis>  The implementation may enforce this
-        arbitrarily and may have its own ideas on what
-        <quote>appropriate</quote> is, but generally,
-        <quote>appropriate</quote> means that resources are protected
-        in a manner favoring privacy and the overall well-being of the
-        system.</para>
-    </chapter>
-    <chapter id="">
-      <title>Security-Related Definitions</title>
-      <para>Aside from <quote>security,</quote> this document will
-        make reference to other terms which must be clearly defined.
-        These terms will be used in the strictest sense of the
-        definitions set forth below.</para>
-      <section id="">
-        <title>Security Policy</title>
-        <para>While <quote>security</quote> is defined as
-          <emphasis>the enforcement of the appropriate use of system
-            resources</emphasis>, <quote>security policy</quote> is
-          defined as <emphasis>the set of rules that determine what
-            constitutes <quote>appropriate</quote></emphasis>.  These
-          rules can usually be laid out in a similar fashion to a
-          standard or RFC document: <quote>this resource MUST be used
-            in this fashion only</quote>, <quote>this resource MUST
-            NOT be used in this fashion</quote>, etc.</para>
-        <para>The FreeBSD operating system does not specify one single
-          security policy.  Rather, a conglomeration of policies
-          specially tailored to specific <emphasis>classes</emphasis>
-          of resources, such as network-related resources, virtual
-          memory resources, file system resources, and system uses,
-          comes together to form the overall FreeBSD security
-          architecture.</para>
-        <para>Security policies are found in a variety of forms.
-          <emphasis>DAC</emphasis>, on file system objects,
-          <emphasis>MAC</emphasis>, on all system subjects and
-          objects.</para>
-      </section>
-      <section
-               id="">
-        <title>Resource Classifications</title>
-        <para>This document classifies system resources into
-          <emphasis>subjects</emphasis> and
-          <emphasis>objects</emphasis>.  Most simply, a
-          <emphasis>subject</emphasis> is something that performs some
-          action.  Examples of subjects might be processes, sockets,
-          and pipes.  Logically, an <emphasis>object</emphasis> is
-          something that has some action performed on it.  Examples of
-          objects might be file system objects, devices, network
-          interfaces, processes, and processes.</para>
-        <para>The overlap in the examples for subjects and objects is
-          intentional&mdash;it emphasizes the point that due to the
-          principle that subjects might perform some action on one
-          another, then in having some action performed on it, that
-          subject must then be an object.  It is advised that the
-          reader does not make the mistake of equating
-          <emphasis>subject</emphasis> with
-          <emphasis>person</emphasis>.</para>
-      </section>
-    </chapter>
+    &;
+    &;

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/chapters.ent#2 (text+ko) ====

@@ -1,5 +1,2 @@
-<!ENTITY chap.traditional.unixdac	SYSTEM	"traditional/unixdac.sgml">
-<!ENTITY chap.traditional.superuser	SYSTEM	"traditional/superuser.sgml">
-<!ENTITY chap.concepts.unix		SYSTEM	"concepts/unix.sgml">
-<!ENTITY chap.concepts.trusted		SYSTEM 	"concepts/trusted.sgml">
+<!ENTITY	SYSTEM "introduction/security-defined.sgml">
+<!ENTITY	SYSTEM "introduction/security-definitions.sgml">
To Unsubscribe: send mail to majordomo at
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list