Navigation

← Previous Changeset
Next Changeset →

Changeset 2241

Timestamp:

06/13/08 10:33:10 (4 months ago)

Author:

dsugar

Message:

Karen's comment on stuff I changed before.

Files:

trunk/helpfiles/overview/mls.html (modified) (2 diffs)
trunk/helpfiles/settings/mls.html (modified) (1 diff)
trunk/helpfiles/setup/abilities.html (modified) (1 diff)
trunk/helpfiles/setup/basedomain.html (modified) (1 diff)
trunk/helpfiles/setup/baseresource.html (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/helpfiles/overview/mls.html

r2228	r2241
18	18
19	19	<p>
20		The CDS Framework toolkit ~~allows you to~~ leverage the Multi-Level Security (MLS) features of SELinux.
	20	The CDS Framework toolkit can leverage the Multi-Level Security (MLS) features of SELinux.
21	21	MLS features provide additional restrictions on accesses including:
22	22	<ul>
…	…
39	39	<p>
40	40	To set the MLS level for a resource or domain, select the policy item and choose the desired MLS level on the <a href='../views/properties.html'>property sheet</a>.
41		Unless MLS highlighting has been turned off, the policy item will be in the graphical editor to indicate the MLS level.
	41	Unless MLS highlighting has been turned off, the policy item will be color highlighted in the graphical editor to indicate the MLS level.
42	42	</p>
43	43
44	44	<p>
45		~~The MLS restrictions may need to be circumvented on some domains to meet the system's requirement~~s.
46		~~The abilities <i>MLSReadAllLevels</i> and <i>MLSWriteAllLevels</i> (on the <a href='../views/properties.html'>property sheet</a>) can be added~~ to those domains to meet these system requirements.
	45	System requirements may require circumventing MLS restrictions on some domains.
	46	Add the abilities <i>MLSReadAllLevels</i> and <i>MLSWriteAllLevels</i> (on the <a href='../views/properties.html'>property sheet</a>) to those domains to meet these system requirements.
47	47	</p>
48	48

trunk/helpfiles/settings/mls.html

r2230	r2241
18	18
19	19	<p>
20		MLS Settings allows the user to set the MLS levels that can be used in the project.
21		MLS is enabled from the <a href='../settings/system.html'>System Properties</a> by selecting the MLS policy type.
22		When MLS is enabled for the system, each domain and resource can be assigned an MLS level.
23		The generated policy will include appropriate rules for enforcement of both MLS and type enforcement.
	20	MLS Settings configures the MLS levels that are used in the project.
24	21	All systems in the project use the same MLS definitions.
25	22	</p>
26	23
27	24	<p>
28		The color specified is used as a highlight for each of the policy items that are assigned the particular MLS level.
29		The name is a unique name to distinguish each MLS level.
30		The range is the specific MLS level for the item.
31		</p>
	25	For each MLS Level, specify:
	26	</p>
	27	<ul>
	28	<li><b>Name</b> - a unique name for the MLS level</li>
	29	<li><b>Color</b> - highlight color for policy items assigned the particular MLS level</li>
	30	<li><b>Range</b> - the specific MLS level for the item</li>
	31	</ul>
32	32
33	33	<p>
34		The 'Default Level' is the level assigned to all newly created policy item.
35		The MLS level is a property that is settable on the <a href='../views/properties.html'>property sheet</a>.
	34	<b>Default Level</b> is the MLS level assigned to all newly created policy items.
	35	Change the MLS level for a domain or resource from that item's <a href='../views/properties.html'>property sheet</a>.
	36	</p>
	37
	38	<p>
	39	MLS must be enabled for the system to assign MLS levels to domains and resources. Enable MLS from the <a href='../settings/system.html'>System Properties</a> by selecting the MLS policy type.
	40	With MLS enabled, the generated SELinux policy will include appropriate rules for both MLS and type enforcement.
36	41	</p>
37	42

trunk/helpfiles/setup/abilities.html

r2228	r2241
28	28
29	29	<p>
30		~~The <i>Add Class</i> button is used~~ to add a new SELinux object class to the permission list for the ability.
31		Once the object class is added ~~the permissions can be modified~~ by clicking checkboxes on the right.
	30	Click the <i>Add Class</i> button to add a new SELinux object class to the permission list for the ability.
	31	Once the object class is added, modify the permissions by clicking checkboxes on the right.
32	32	</p>
33	33

trunk/helpfiles/setup/basedomain.html

r2228	r2241
18	18
19	19	<p>
20		~~The Base Domain Editor allows the creation and editing~~ a custom <a href="../concepts/base.html">base domain</a>.
	20	Use the Base Domain Editor to create or edit a custom <a href="../concepts/base.html">base domain</a>.
21	21	The base domain specifies the role and type as shown.
22	22	</p>

trunk/helpfiles/setup/baseresource.html

r2228	r2241
18	18
19	19	<p>
20		The Base Resource Editor allows the creation and editing of a custom <a href="../concepts/base.html">base resource</a>.
21		Each access definition specifies which reference policy interfaces are called to grant other access to the domain reading or writing.
	20	Use the Base Resource Editor to create or edit a custom <a href="../concepts/base.html">base resource</a>.
	21	</p>
	22	<p>
	23	Each access definition specifies the Reference Policy interfaces called to grant other access to the domain for reading or writing.
22	24	Modify the access definition name and description on the right, then select the desired interfaces by selecting the interface's checkbox.
23		~~Existing access definitions can be modified~~ by selecting the access definition and making updates as desired.
	25	Modify existing access definitions by selecting the access definition and making updates as desired.
24	26	</p>
25	27

Download in other formats:

Unified Diff
Zip Disabled

* Generating other formats may take time.