PERFORCE change 24158 for review

Chris Costello chris at
Sat Jan 25 00:39:01 GMT 2003

Change 24158 by chris at chris_holly on 2003/01/24 16:38:00

	o Formatting nit
	o Define MAC and DAC

Affected files ...

.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/introduction/security-definitions.sgml#3 edit

Differences ...

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/introduction/security-definitions.sgml#3 (text+ko) ====

@@ -35,8 +35,7 @@
   <!-- XXX: Can we come up with a better name for this section? -->
-  <section
-           id="">
+  <section id="">
     <title>Subjects and Objects</title>
     <!-- XXX: Does this resource reference also need to go? -->
@@ -59,6 +58,34 @@
       <emphasis>subject</emphasis> with
+  <section id="">
+    <title>DAC</title>
+    <para><quote><acronym>DAC</acronym></quote> is short for
+      <emphasis>Discretionary Access Control</emphasis>.
+      <acronym>DAC</acronym> refers to the traditional file
+      permissions mechanism, as well as <acronym>ACLs</acronym>, or
+      Access Control Lists.  <acronym>DAC</acronym> is so named
+      because its enforcement is directly at the discretion of the
+      file's owner: the owner can specify exactly what access
+      protections are necessary for the file.</para>
+  </section>
+  <section id="">
+    <title>MAC</title>
+    <para><quote><acronym>MAC</acronym></quote> is short for
+      <emphasis>Mandatory Access Control</emphasis>.
+      <acronym>MAC</acronym> refers to security policies which do not
+      allow the owner of a system object to directly decide what
+      access protections the object has, and what access protections
+      the object does not have.  Often, a <acronym>MAC</acronym>
+      policy will allow subjects and objects to carry with it a
+      <quote>label</quote>.  A <acronym>MAC</acronym> label consists
+      of additional metadata to be used by <acronym>MAC</acronym>
+      policies in deciding access protections.</para>
+  </section>
 <!-- Keep this comment at the end of the file
 Local variables:
To Unsubscribe: send mail to majordomo at
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list