files by setting certain objects as classified?</para>

      files by setting certain objects as classified?</para>

    <para>In the file system case, access to objects might be

    <para>In the file system case, access to objects might be

      For an example, a large development team might be broken

      For an example, a large development team might be broken

      off into smaller groups of individuals.  Developers in

      off into smaller groups of individuals.  Developers in

      project A might not be permitted to access objects written

      project A might not be permitted to access objects written

      with a value of <quote>low</quote>.</para>

      with a value of <quote>low</quote>.</para>

    <para>A few policies which support the labeling feature in

    <para>A few policies which support the labeling feature in

      are the low, high, and equal labels.  Although they enforce

      are the low, high, and equal labels.  Although they enforce

      access control in a different manner with each policy, you

      access control in a different manner with each policy, you

      can be sure that the low label will be the lowest setting,

      can be sure that the low label will be the lowest setting,

      used on objects.  This will enforce one set of

      used on objects.  This will enforce one set of

      access permissions across the entire system and in many

      access permissions across the entire system and in many

      environments may be all that is required.  There are a few

      environments may be all that is required.  There are a few

      or subjects in the file system.  For those cases, the

      or subjects in the file system.  For those cases, the

      <option>multilabel</option> option may be passed to

      <option>multilabel</option> option may be passed to

      &man.tunefs.8;.</para>

      &man.tunefs.8;.</para>

      configures the policy so that users are placed in the

      configures the policy so that users are placed in the

      appropriate categories/access levels.  Alas, many policies can

      appropriate categories/access levels.  Alas, many policies can

      restrict the <username>root</username> user as well.  Basic

      restrict the <username>root</username> user as well.  Basic

      <username>root</username> may revoke or modify the settings

      <username>root</username> may revoke or modify the settings

      at any time.  This is the hierarchal/clearance model covered

      at any time.  This is the hierarchal/clearance model covered

      by policies such as Biba and <acronym>MLS</acronym>.</para>

      by policies such as Biba and <acronym>MLS</acronym>.</para>

      <listitem>

      <listitem>

	<para>The <literal>biba/high</literal> label will permit

	<para>The <literal>biba/high</literal> label will permit

	  permit reading that object.  It is recommended that this

	  permit reading that object.  It is recommended that this

	  label be placed on objects that affect the integrity of

	  label be placed on objects that affect the integrity of

	  the entire system.</para>

	  the entire system.</para>

    <para>The <acronym>MAC</acronym> version of the Low-watermark

    <para>The <acronym>MAC</acronym> version of the Low-watermark

      integrity policy, not to be confused with the older &man.lomac.4;

      integrity policy, not to be confused with the older &man.lomac.4;

      exception of using floating labels to support subject

      exception of using floating labels to support subject

      demotion via an auxiliary grade compartment.  This secondary

      demotion via an auxiliary grade compartment.  This secondary

      compartment takes the form of <literal>[auxgrade]</literal>.

      compartment takes the form of <literal>[auxgrade]</literal>.