Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
POSIX1E(3)	       FreeBSD Library Functions Manual		    POSIX1E(3)

NAME
     posix1e --	introduction to	the POSIX.1e security API

LIBRARY
     Standard C	Library	(libc, -lc)

SYNOPSIS
     #include <sys/types.h>
     #include <sys/acl.h>
     #include <sys/capability.h>
     #include <sys/mac.h>

DESCRIPTION
     The IEEE POSIX.1e specification never left	draft form, but	the interfaces
     it	describes are now widely used despite inherent limitations.  Cur-
     rently, only a few	of the interfaces and features are implemented in
     FreeBSD, although efforts are underway to complete	the integration	at
     this time.

     POSIX.1e describes	five security extensions to the	base POSIX.1 API:
     Access Control Lists (ACLs), Auditing, Capabilities, Mandatory Access
     Control, and Information Flow Labels.  FreeBSD supports POSIX.1e ACL
     interfaces, as well as POSIX.1e-like MAC interfaces.  The TrustedBSD
     Project has produced but not integrated an	implementation of POSIX.1e
     Capabilities.

     POSIX.1e defines both syntax and semantics	for these features, but	fairly
     substantial changes are required to implement these features in the oper-
     ating system.

     As	shipped, FreeBSD 4.0 provides API and VFS support for ACLs, but	not an
     implementation on any native file system.	FreeBSD	5.0 includes support
     for ACLs as part of UFS1 and UFS2,	as well	as necessary VFS support for
     additional	file systems to	export ACLs as appropriate.  Available API
     calls relating to ACLs are	described in detail in acl(3).

     As	shipped, FreeBSD 5.0 includes support for Mandatory Access Control as
     well as POSIX.1e-like APIs	for label management.  More information	on API
     calls relating to MAC is available	in mac(3).

     Additional	patches	supporting POSIX.1e features are provided by the
     TrustedBSD	project:

     http://www.TrustedBSD.org/

IMPLEMENTATION NOTES
     FreeBSD's support for POSIX.1e interfaces and features is still under
     development at this time, and many	of these features are considered new
     or	experimental.

ENVIRONMENT
     POSIX.1e assigns security labels to all objects, extending	the security
     functionality described in	POSIX.1.  These	additional labels provide
     fine-grained discretionary	access control,	fine-grained capabilities, and
     labels necessary for mandatory access control.  POSIX.2c describes	a set
     of	userland utilities for manipulating these labels.

     Many of these services are	supported by extended attributes, documented
     in	extattr(2) and extattr(9).  While these	APIs are not documented	in
     POSIX.1e, they are	similar	in structure.

SEE ALSO
     extattr(2), acl(3), mac(3), acl(9), extattr(9), mac(9)

STANDARDS
     POSIX.1e is described in IEEE POSIX.1e draft 17.  Discussion of the draft
     continues on the cross-platform POSIX.1e implementation mailing list.  To
     join this list, see the FreeBSD POSIX.1e implementation page for more
     information.

HISTORY
     POSIX.1e support was introduced in	FreeBSD	4.0; most of the features are
     available as of FreeBSD 5.0.  Development continues.

AUTHORS
     Robert N M	Watson
     Chris D. Faulhaber
     Thomas Moestl
     Ilmar S Habibulin

BUGS
     Many of these features are	considered new or experimental in FreeBSD 5.0
     and should	be deployed with appropriate caution.

FreeBSD	10.1		       January 17, 2000			  FreeBSD 10.1

NAME | LIBRARY | SYNOPSIS | DESCRIPTION | IMPLEMENTATION NOTES | ENVIRONMENT | SEE ALSO | STANDARDS | HISTORY | AUTHORS | BUGS

Want to link to this manual page? Use this URL:
<http://www.freebsd.org/cgi/man.cgi?query=posix1e&sektion=3&manpath=FreeBSD+5.3-RELEASE>

home | help