[REVIEW REQUEST]: New chapter on MAC (draft)

[Tom Rhodes]

On Mon, 10 May 2004 17:12:37 -0400 (EDT)
Robert Watson <rwatson at FreeBSD.org> wrote:

> 
> 
> On Mon, 10 May 2004, Tom Rhodes wrote: 
> 
> > I've written a new chapter for the handbook on implementing the MAC
> > features in 5.X.  It includes configuration, testing, module description
> > that augments the section we already have, and shows examples of the
> > policies. 
> > 
> > I'm not worried about whitespace right now, only correctness in the
> > information presented, markup, and wording. 
> > 
> > Check out the built chapter at:
> > http://people.freebsd.org/~trhodes/mac/mac.html
> > 
> > Check out the source at:
> > http://people.freebsd.org/~trhodes/mac/chapter.sgml
> > 
> > And no, that chapter number will not be the same.  I plan to place
> > this directly under the Security chapter.
> > 
> > Thanks for your time and attention. 
> 
> Suggestion: drop the coverage of mac_test, mac_none, and mac_stub.  Those
> exist much more for the benefit of the developer than the user.  You can
> mention they exist but I don't think I'd do much more than that, as they
> add noise without any real pay-off for most end users.

Perhaps I can discuss them in the troubleshooting section or in
a simple/basic section.  :)

> 
> I think you might want to add a section that summarizes what it is MAC
> policies can do (labeling, etc).  You can use that to segway to a
> discussion of MAC policy trade-offs, including the increased cost of
> administration, multilabel file systems, etc.

We can do this at the beginning, right where it belongs.  :)

> 
> BTW, feel free to send this thread (or related threads) to the trustedbsd
> list.  I suspect there might be a greater audience there when it comes to 
> reviewing technical content, but could be mistaken.

I was planning to do this; I just wanted some initial review from
the doc team first.

I'll try to merge your suggestions in tonight or tomorrow before
I pack for BSDCan; thanks!

-- 
Tom Rhodes