Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
POSIX1E(3)             FreeBSD Library Functions Manual             POSIX1E(3)

NAME
     posix1e - introduction to the POSIX.1e security API

LIBRARY
     Standard C Library (libc, -lc)

SYNOPSIS
     #include <sys/types.h>
     #include <sys/acl.h>
     #include <sys/mac.h>

DESCRIPTION
     The IEEE POSIX.1e specification never left draft form, but the interfaces
     it describes are now widely used despite inherent limitations.
     Currently, only a few of the interfaces and features are implemented in
     FreeBSD, although efforts are underway to complete the integration at
     this time.

     POSIX.1e describes five security extensions to the base POSIX.1 API:
     Access Control Lists (ACLs), Auditing, Capabilities, Mandatory Access
     Control, and Information Flow Labels.  FreeBSD supports POSIX.1e ACL
     interfaces, as well as POSIX.1e-like MAC interfaces.  The TrustedBSD
     Project has produced but not integrated an implementation of POSIX.1e
     Capabilities.

     POSIX.1e defines both syntax and semantics for these features, but fairly
     substantial changes are required to implement these features in the
     operating system.

     As shipped, FreeBSD 4.0 provides API and VFS support for ACLs, but not an
     implementation on any native file system.  FreeBSD 5.0 includes support
     for ACLs as part of UFS1 and UFS2, as well as necessary VFS support for
     additional file systems to export ACLs as appropriate.  Available API
     calls relating to ACLs are described in detail in acl(3).

     As shipped, FreeBSD 5.0 includes support for Mandatory Access Control as
     well as POSIX.1e-like APIs for label management.  More information on API
     calls relating to MAC is available in mac(3).

     Additional patches supporting POSIX.1e features are provided by the
     TrustedBSD project:

     http://www.TrustedBSD.org/

IMPLEMENTATION NOTES
     FreeBSD's support for POSIX.1e interfaces and features is still under
     development at this time, and many of these features are considered new
     or experimental.

ENVIRONMENT
     POSIX.1e assigns security labels to all objects, extending the security
     functionality described in POSIX.1.  These additional labels provide
     fine-grained discretionary access control, fine-grained capabilities, and
     labels necessary for mandatory access control.  POSIX.2c describes a set
     of userland utilities for manipulating these labels.

     Many of these services are supported by extended attributes, documented
     in extattr(2) and extattr(9).  While these APIs are not documented in
     POSIX.1e, they are similar in structure.

SEE ALSO
     extattr(2), acl(3), mac(3), acl(9), extattr(9), mac(9)

STANDARDS
     POSIX.1e is described in IEEE POSIX.1e draft 17.  Discussion of the draft
     continues on the cross-platform POSIX.1e implementation mailing list.  To
     join this list, see the FreeBSD POSIX.1e implementation page for more
     information.

HISTORY
     POSIX.1e support was introduced in FreeBSD 4.0; most of the features are
     available as of FreeBSD 5.0.  Development continues.

AUTHORS
     Robert N M Watson
     Chris D. Faulhaber
     Thomas Moestl
     Ilmar S Habibulin

BUGS
     Many of these features are considered new or experimental in FreeBSD 5.0
     and should be deployed with appropriate caution.

FreeBSD 11.0-PRERELEASE        January 17, 2000        FreeBSD 11.0-PRERELEASE

NAME | LIBRARY | SYNOPSIS | DESCRIPTION | IMPLEMENTATION NOTES | ENVIRONMENT | SEE ALSO | STANDARDS | HISTORY | AUTHORS | BUGS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=posix1e&sektion=3&manpath=FreeBSD+7.1-RELEASE>

home | help