POSIX1E (3) | C library functions | Unix Manual Pages | :man|

Alphabetical Categories About us



POSIX1E (3) \| C library functions \| Unix Manual Pages \| :man▋ NAME posix1e - introduction to the POSIX.1e security API CONTENTS Library Synopsis Description Implementation Notes Environment See Also Standards History Authors Bugs LIBRARY .Lb libc SYNOPSIS .In sys/types.h .In sys/acl.h .In sys/capability.h .In sys/mac.h DESCRIPTION The IEEE POSIX.1e specification never left draft form, but the interfaces it describes are now widely used despite inherent limitations. Currently, only a few of the interfaces and features are implemented in .Fx , although efforts are underway to complete the integration at this time. POSIX.1e describes five security extensions to the base POSIX.1 API: Access Control Lists (ACLs), Auditing, Capabilities, Mandatory Access Control, and Information Flow Labels. .Fx supports POSIX.1e ACL interfaces, as well as POSIX.1e-like MAC interfaces. The TrustedBSD Project has produced but not integrated an implementation of POSIX.1e Capabilities. POSIX.1e defines both syntax and semantics for these features, but fairly substantial changes are required to implement these features in the operating system. As shipped, .Fx 4.0 provides API and VFS support for ACLs, but not an implementation on any native file system. .Fx 5.0 includes support for ACLs as part of UFS1 and UFS2, as well as necessary VFS support for additional file systems to export ACLs as appropriate. Available API calls relating to ACLs are described in detail in acl(3). As shipped, .Fx 5.0 includes support for Mandatory Access Control as well as POSIX.1e-like APIs for label management. More information on API calls relating to MAC is available in mac(3). Additional patches supporting POSIX.1e features are provided by the TrustedBSD project: http://www.TrustedBSD.org/ IMPLEMENTATION NOTES .Fx Ns ’s support for POSIX.1e interfaces and features is still under development at this time, and many of these features are considered new or experimental. ENVIRONMENT POSIX.1e assigns security labels to all objects, extending the security functionality described in POSIX.1. These additional labels provide fine-grained discretionary access control, fine-grained capabilities, and labels necessary for mandatory access control. POSIX.2c describes a set of userland utilities for manipulating these labels. Many of these services are supported by extended attributes, documented in extattr(2) and extattr(9). While these APIs are not documented in POSIX.1e, they are similar in structure. SEE ALSO extattr(2), acl(3), mac(3), acl(9), extattr(9), mac(9) STANDARDS HISTORY AUTHORS BUGS

Created by Blin Media, 2008-2013