diff mbox series

[02/13] mac: Tidy formatting

Message ID 20200902131738.18425-3-richard_c_haines@btinternet.com (mailing list archive)
State Accepted
Headers show
Series SELinux Notebook: Convert batch 2 to markdown | expand

Commit Message

Richard Haines Sept. 2, 2020, 1:17 p.m. UTC
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
---
 src/mac.md | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)
diff mbox series

Patch

diff --git a/src/mac.md b/src/mac.md
index 7b88c24..7f673fe 100644
--- a/src/mac.md
+++ b/src/mac.md
@@ -9,13 +9,13 @@  Each of the subjects and objects have a set of security attributes that
 can be interrogated by the operating system to check if the requested
 operation can be performed or not. For SELinux the:
 
--   [**subjects**](subjects.md#subjects) are processes.
--   [**objects**](objects.md#objects) are system resources such as files,
-    sockets, etc.
--   security attributes are the [**security context**](security_context.md#security-context).
--   Security Server within the Linux kernel authorizes access (or not)
-    using the security policy (or policy) that describes rules that must
-    be enforced.
+- [**subjects**](subjects.md#subjects) are processes.
+- [**objects**](objects.md#objects) are system resources such as files,
+  sockets, etc.
+- security attributes are the [**security context**](security_context.md#security-context).
+- Security Server within the Linux kernel authorizes access (or not)
+  using the security policy (or policy) that describes rules that must
+  be enforced.
 
 Note that the subject (and therefore the user) cannot decide to bypass
 the policy rules being enforced by the MAC policy with SELinux enabled.
@@ -35,8 +35,8 @@  SELinux supports two forms of MAC:
 objects are controlled by policy. This is the implementation used for
 general purpose MAC within SELinux along with Role Based Access Control.
 The [**Type Enforcement (TE)**](type_enforcement.md#type-enforcement) and
-[**Role Based Access Control**](rbac.md#role-based-access-control) sections covers
-these in more detail.
+[**Role Based Access Control**](rbac.md#role-based-access-control) sections
+covers these in more detail.
 
 **Multi-Level Security** - This is an implementation based on the
 Bell-La Padula (BLP) model, and used by organizations where different
@@ -51,14 +51,14 @@  Multi-Category Security (MCS).
 The MLS / MCS services are now more generally used to maintain
 application separation, for example SELinux enabled:
 
--   virtual machines use MCS categories to allow each VM to run within
-    its own domain to isolate VMs from each other (see the
-    [**SELinux Virtual Machine Support**](vm_support.md#selinux-virtual-machine-support)
-    section).
--   Android devices use dynamically generated MCS categories so that an
-    app running on behalf of one user cannot read or write files created
-    by the same app running on behalf of another user (see the
-    [**Security Enhancements for Android - Computing a Context**](seandroid.md#computing-process-context-examples) section).
+- virtual machines use MCS categories to allow each VM to run within
+  its own domain to isolate VMs from each other (see the
+  [**SELinux Virtual Machine Support**](vm_support.md#selinux-virtual-machine-support)
+  section).
+- Android devices use dynamically generated MCS categories so that an
+  app running on behalf of one user cannot read or write files created
+  by the same app running on behalf of another user (see the
+  [**Security Enhancements for Android - Computing a Context**](seandroid.md#computing-process-context-examples) section).
 
 <!-- %CUTHERE% -->