This is ~miro/libi/iff/constraint, the directory of constraint pictures. It
contains the following files.

   gm-*.iff	constraints suggested by Grampp/Morris paper on Unix Security
   tse-*.iff	constraints adapted from the Miro TSE paper

   gm-1.iff	write on a directory implies write perm on files in it
   gm-3.iff	no SUID file should be writeable by anyone except its owner
   gm-4a.iff	".profile" should be unreadable/unwriteable by all but owner
   gm-4b.iff	".login" should be unreadable/unwriteable by all but owner
   gm-4c.iff	".cshrc" should be unreadable/unwriteable by all but owner
   gm-5a.iff	"bin" directories should be unwriteable by all but owner
   gm-5b.iff	"etc" directories should be unwriteable by all but owner
   gm-7.iff	"/etc/passwd" should be unwriteable by all but owner

   tse-1a.iff	every syntax arrow must connect a subject to an object
   tse-1b.iff	every box contained in a subject must be a subject
   tse-1c.iff	every box contained in an object must be an object
   tse-2a.iff	every group must be contained in at most one world
   tse-2b.iff	every group may be contained only in boxes of type world
   tse-2c.iff	a world box may not be contained in any other kind of box
   tse-3.iff	write permission on files implies read permission
   tse-4a.iff	every home directory must contain a "bin" directory
   tse-4b.iff	every home directory must contain a "src" directory
   tse-4c.iff	every home directory must contain a "man" directory
   tse-5.iff	every user must have a home directory and that directory must
		  contain a "Mail" file that only they can read
*  tse-6.iff	if a user has a "private" directory in their home directory,
		  then any files contained in the subtree of that directory
		  should be readable by them and unreadable/unwritable by
		  anyone else
*  tse-7.iff	every directory in the "/usr/" subtree must contain at least
		  one box

* These constraints contain starred containment arrows, which are unsupported
by the current instance picture translator iff2ipql(1).
