[REVIEW REQUEST]: New chapter on MAC (draft)
Wade Klaver
archeron at wavefire.com
Mon May 31 19:36:25 GMT 2004
Hello,
Just a thought, but as an example, (perhaps an intro to the httpd example) a
walkthrough to minimalist, default-allow multilabel setup could be useful. I
could easily have screwed up, but after following the current "Implementing a
Secure Environment with MAC" article, I ended up with a machine that could
not boot due to an inability to mount /usr. A default-allow (if such a thing
even makes sense) could allow experimenting users to start with a relatively
unconstrained system and add restriction as warrented or as they become more
comfortable with the system administration overhead of operating in a
multilabel environment.
Another suggestion, although it may be deemed tacky, is a "Suggested
Reading" page that could list paper and web resources with relevant
background information for both Trusted BSD and trusted environments in
general.
-Wade
On May 10, 2004 14:49, Tom Rhodes wrote:
> Hey TrustedBSD-discuss,
>
> I've written a new chapter for the handbook on implementing the
> MAC features in 5.X. It includes configuration, testing, module
> description that augments the section we already have, and shows
> examples of the policies.
>
> I'm not worried about whitespace right now, only correctness in the
> information presented, markup, and wording.
>
> Check out the built chapter at:
> http://people.freebsd.org/~trhodes/mac/mac.html
>
> Check out the source at:
> http://people.freebsd.org/~trhodes/mac/chapter.sgml
>
> And no, that chapter number will not be the same. I plan to place
> this directly under the Security chapter.
>
> Thanks for your time and attention.
--
Wade Klaver
Wavefire Technologies Corporation
GPG Public Key at http://archeron.wavefire.com
/"\ ASCII Ribbon Campaign .
\ / - NO HTML/RTF in e-mail .
X - NO Word docs in e-mail .
/ \ -----------------------------------------------------------------
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list