Permalink
Browse files

Dave Quigley's comments

  • Loading branch information...
1 parent f21e0be commit 72686b717882479d38ee3e6206a98294af317dc1 @loghyr committed May 1, 2012
Showing with 6 additions and 6 deletions.
  1. +2 −2 labreqs_middle_introduction.xml
  2. +4 −4 labreqs_middle_requirements.xml
@@ -4,8 +4,8 @@
<section anchor="sec:intro" title="Introduction">
<t>
Mandatory Access Control (MAC) systems have been mainstreamed in
- modern operating systems such as Linux (R), FreeBSD (R), Solaris
- (TM), and Windows Vista (R). MAC systems bind security attributes to
+ modern operating systems such as Linux (R), FreeBSD (R), and Solaris
+ (TM). MAC systems bind security attributes to
subjects (processes) and objects within a system. These attributes
are used with other information in the system to make access control
decisions.
@@ -88,9 +88,9 @@
be specified in a complete and unambiguous manner while maintaining the
flexibility of MAC implementations. To accomplish this the labels
should consist of an opaque component bound with a Label Format Specifier (LFS).
- The opaque component consists of the label which will be interpreted by the MAC
- model on the other end while the LFS provides a mechanism for identifying the
- structure and semantics of the label's components.
+ The LFS component provides a mechanism for identifying the structure and semantics of the
+ opaque component. Meanwhile, the opaque component is the security label which will
+ be interpreted by the MAC models.
</t>
<t>
@@ -349,7 +349,7 @@
Therefore, if an existing server is upgraded to include LNFS support,
then it is the responsibility of the security system to
define the behavior for existing objects. For example, if
- the security system is LFS 0, which means the server just
+ the security system is that the server just
stores and returns labels, then existing files should
return labels which are set to an empty value.
</t>

0 comments on commit 72686b7

Please sign in to comment.