[13/22] type_enforcement: Convert to markdown

Message ID	20200909133039.44498-14-richard_c_haines@btinternet.com (mailing list archive)
State	Accepted
Headers	show Return-Path: <SRS0=Milt=CT=vger.kernel.org=selinux-owner@kernel.org> From: Richard Haines <richard_c_haines@btinternet.com> To: paul@paul-moore.com, selinux@vger.kernel.org Cc: Richard Haines <richard_c_haines@btinternet.com> Subject: [PATCH 13/22] type_enforcement: Convert to markdown Date: Wed, 9 Sep 2020 14:30:30 +0100 Message-Id: <20200909133039.44498-14-richard_c_haines@btinternet.com> In-Reply-To: <20200909133039.44498-1-richard_c_haines@btinternet.com> References: <20200909133039.44498-1-richard_c_haines@btinternet.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: selinux-owner@vger.kernel.org Precedence: bulk
Series	SELinux Notebook: Convert batch 3 to markdown/tidy up \| expand [00/22] SELinux Notebook: Convert batch 3 to markdown/tidy up [01/22] kernel_policy_language: Tidy up formatting [02/22] mls_statements: Convert to markdown [03/22] object_classes_permissions: : Tidy up formatting [04/22] policy_config_files: Tidy up formatting [05/22] policy_validation_example: Tidy up formatting [06/22] postgresql: Tidy up formatting [07/22] security_context: Convert to markdown [08/22] selinux_cmds: Convert to markdown [09/22] selinux_overview: Convert to markdown [10/22] sid_statement: Convert to markdown [11/22] subjects: Convert to markdown [12/22] toc: Tidy up formatting [13/22] type_enforcement: Convert to markdown [14/22] type_statements: Add toc, tidy up formatting [15/22] types_of_policy: Convert to markdown [16/22] user_statements:: Tidy up formatting [17/22] users: Tidy up formatting [18/22] userspace_libraries: Tidy up formatting, add toc [19/22] vm_support: Tidy up formatting [20/22] x_windows: Tidy up formatting [21/22] xen_statements: Tidy up formatting [22/22] xperm_rules: Tidy up formatting

Message ID

20200909133039.44498-14-richard_c_haines@btinternet.com (mailing list archive)

State

Accepted

Headers

From: Richard Haines <richard_c_haines@btinternet.com>
To: paul@paul-moore.com, selinux@vger.kernel.org
Cc: Richard Haines <richard_c_haines@btinternet.com>
Subject: [PATCH 13/22] type_enforcement: Convert to markdown
Date: Wed,  9 Sep 2020 14:30:30 +0100
Message-Id: <20200909133039.44498-14-richard_c_haines@btinternet.com>
In-Reply-To: <20200909133039.44498-1-richard_c_haines@btinternet.com>
References: <20200909133039.44498-1-richard_c_haines@btinternet.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: selinux-owner@vger.kernel.org
Precedence: bulk

Series

SELinux Notebook: Convert batch 3 to markdown/tidy up | expand

Commit Message

Richard Haines Sept. 9, 2020, 1:30 p.m. UTC

Add a TOC to aid navigation and convert to markdown.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
---
 src/type_enforcement.md | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/type_enforcement.md b/src/type_enforcement.md
index d8d08be..bfd75b8 100644
--- a/src/type_enforcement.md
+++ b/src/type_enforcement.md
@@ -1,5 +1,8 @@ 
 # Type Enforcement
 
+- [Constraints](#constraints)
+- [Bounds](#bounds)
+
 SELinux makes use of a specific style of type enforcement (TE) to enforce
 mandatory access control. For SELinux it means that all
 [**subjects**](subjects.md#subjects) and [**objects**](objects.md#objects)
@@ -17,7 +20,7 @@  server, enforce policy via the object managers.
 Because the *type* identifier (or just 'type') is associated to all
 subjects and objects, it can sometimes be difficult to distinguish what
 the type is actually associated with (it's not helped by the fact that
-by convention, type identifiers end in *_t*). In the end it comes down
+by convention, type identifiers end in *\_t*). In the end it comes down
 to understanding how they are allocated in the policy itself and how
 they are used by SELinux services (although CIL policies with namespaces
 do help in that a domain process 'type' could be declared as
@@ -33,7 +36,7 @@  While SELinux refers to a subject as being an active process that is
 associated to a domain type, the scope of an SELinux type enforcement
 domain can vary widely. For example in the simple
 [**Kernel policy**](./notebook-examples/selinux-policy/kernel/kern-nb-policy.txt)
-in the notebook-examples, all the processes on the system run in the
+in the *notebook-examples*, all the processes on the system run in the
 *unconfined_t* domain, therefore every process is
 'of type *unconfined_t*' (that means it can do whatever it likes within
 the limits of the standard Linux DAC policy as all access is allowed by
@@ -49,7 +52,7 @@  where the majority of user space processes run under the *unconfined_t*
 domain.
 
 The SELinux type is the third component of a 'security context' and by
-convention SELinux types end in *_t*, however this is not enforced by
+convention SELinux types end in *\_t*, however this is not enforced by
 any SELinux service (i.e. it is only used to identify the type
 component), although as explained above CIL with namespaces does make
 identification of types easier.

[13/22] type_enforcement: Convert to markdown

Commit Message

Patch