| posix1e.3 (2e370a5c7a5528afb124f6273136736e5d5fb798) | posix1e.3 (3a67af38ba24cdf225a521d181e278c8b98722b9) |
|---|---|
| 1.\"- | 1.\"- |
| 2.\" Copyright (c) 2000 Robert N. M. Watson | 2.\" Copyright (c) 2000, 2009 Robert N. M. Watson |
| 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright --- 9 unchanged lines hidden (view full) --- 20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.\" 26.\" $FreeBSD$ 27.\" | 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright --- 9 unchanged lines hidden (view full) --- 20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.\" 26.\" $FreeBSD$ 27.\" |
| 28.Dd May 20, 2009 | 28.Dd August 7, 2009 |
| 29.Dt POSIX1E 3 30.Os 31.Sh NAME 32.Nm posix1e 33.Nd introduction to the POSIX.1e security API 34.Sh LIBRARY 35.Lb libc 36.Sh SYNOPSIS 37.In sys/types.h 38.In sys/acl.h | 29.Dt POSIX1E 3 30.Os 31.Sh NAME 32.Nm posix1e 33.Nd introduction to the POSIX.1e security API 34.Sh LIBRARY 35.Lb libc 36.Sh SYNOPSIS 37.In sys/types.h 38.In sys/acl.h |
| 39.\" .In sys/capability.h | |
| 40.In sys/mac.h 41.Sh DESCRIPTION | 39.In sys/mac.h 40.Sh DESCRIPTION |
| 42The IEEE POSIX.1e specification never left draft form, but the interfaces 43it describes are now widely used despite inherent limitations. 44Currently, only a few of the interfaces and features are implemented in 45.Fx , 46although efforts are underway to complete the integration at this time. | 41POSIX.1e describes five security extensions to the POSIX.1 API: Access 42Control Lists (ACLs), Auditing, Capabilities, Mandatory Access Control, and 43Information Flow Labels. 44While IEEE POSIX.1e D17 specification has not been standardized, several of 45its interfaces are widely used. |
| 47.Pp | 46.Pp |
| 48POSIX.1e describes five security extensions to the base POSIX.1 API: 49Access Control Lists (ACLs), Auditing, Capabilities, Mandatory Access 50Control, and Information Flow Labels. | |
| 51.Fx | 47.Fx |
| 52supports POSIX.1e ACL interfaces, as well as POSIX.1e-like MAC 53interfaces. 54The TrustedBSD Project has produced but not integrated an implementation 55of POSIX.1e Capabilities. | 48implements POSIX.1e interface for access control lists, described in 49.Xr acl 3 , 50and supports ACLs on the 51.Xr ffs 7 52file system; ACLs must be administratively enabled using 53.Xr tunefs 8 . |
| 56.Pp | 54.Pp |
| 57POSIX.1e defines both syntax and semantics for these features, but fairly 58substantial changes are required to implement these features in the 59operating system. | 55.Fx 56implements a POSIX.1e-like mandatory access control interface, described in 57.Xr mac 3 , 58although with a number of extensions and important semantic differences. |
| 60.Pp | 59.Pp |
| 61As shipped, 62.Fx 4.0 63provides API and VFS support for ACLs, but not an implementation on any 64native file system. 65.Fx 5.0 66includes support for ACLs as part of UFS1 and UFS2, as well as necessary 67VFS support for additional file systems to export ACLs as appropriate. 68Available API calls relating to ACLs are described in detail in 69.Xr acl 3 . 70.Pp 71As shipped, 72.Fx 5.0 73includes support for Mandatory Access Control as well as POSIX.1e-like 74APIs for label management. 75More information on API calls relating to MAC is available in 76.Xr mac 3 . 77.Pp 78Additional patches supporting POSIX.1e features are provided by the 79TrustedBSD project: 80.Pp 81http://www.TrustedBSD.org/ 82.Sh IMPLEMENTATION NOTES 83.Fx Ns 's 84support for POSIX.1e interfaces and features is still under 85development at this time, and many of these features are considered new 86or experimental. | 60.Fx 61does not implement the POSIX.1e audit, privilege (capability), or information 62flow label APIs. 63However, 64.Fx 65does implement the 66.Xr libbsm 67audit API. |
| 87.Sh ENVIRONMENT | 68.Sh ENVIRONMENT |
| 88POSIX.1e assigns security labels to all objects, extending the security | 69POSIX.1e assigns security attributes to all objects, extending the security |
| 89functionality described in POSIX.1. | 70functionality described in POSIX.1. |
| 90These additional labels provide 91fine-grained discretionary access control, fine-grained capabilities, 92and labels necessary for mandatory access control. 93POSIX.2c describes 94a set of userland utilities for manipulating these labels. | 71These additional attributes store fine-grained discretionary access control 72information and mandatory access control labels; for files, they are stored 73in extended attributes, described in 74.Xr extattr 3 . |
| 95.Pp | 75.Pp |
| 96Many of these services are supported by extended attributes, documented 97in 98.Xr extattr 2 | 76POSIX.2c describes 77a set of userland utilities for manipulating these attributes, including 78.Xr getfacl 1 |
| 99and | 79and |
| 100.Xr extattr 9 . 101While these APIs are not documented in POSIX.1e, they are similar in 102structure. | 80.Xr setfacl 1 81for access control lists, and 82.Xr getfmac 8 83and 84.Xr setfmac 8 85for mandatory access control labels. |
| 103.Sh SEE ALSO | 86.Sh SEE ALSO |
| 87.Xr getfacl 1 , 88.Xr setfacl 1 , |
|
| 104.Xr extattr 2 , 105.Xr acl 3 , | 89.Xr extattr 2 , 90.Xr acl 3 , |
| 91.Xr extattr 3 , |
|
| 106.Xr libbsm 3 , 107.Xr mac 3 , | 92.Xr libbsm 3 , 93.Xr mac 3 , |
| 94.Xr ffs 7 , 95.Xr getfmac 8 , 96.Xr setfmac 8 , 97.Xr tunefs 8 , |
|
| 108.Xr acl 9 , 109.Xr extattr 9 , 110.Xr mac 9 111.Sh STANDARDS 112POSIX.1e is described in IEEE POSIX.1e draft 17. | 98.Xr acl 9 , 99.Xr extattr 9 , 100.Xr mac 9 101.Sh STANDARDS 102POSIX.1e is described in IEEE POSIX.1e draft 17. |
| 113Discussion of the draft continues 114on the cross-platform POSIX.1e implementation 115mailing list. 116To join this list, see the 117.Fx 118POSIX.1e implementation 119page for more information. | |
| 120.Sh HISTORY 121POSIX.1e support was introduced in 122.Fx 4.0 ; | 103.Sh HISTORY 104POSIX.1e support was introduced in 105.Fx 4.0 ; |
| 123most of the features are available as of | 106most features were available as of |
| 124.Fx 5.0 . | 107.Fx 5.0 . |
| 125Development continues. | |
| 126.Sh AUTHORS 127.An Robert N M Watson 128.An Chris D. Faulhaber 129.An Thomas Moestl 130.An Ilmar S Habibulin | 108.Sh AUTHORS 109.An Robert N M Watson 110.An Chris D. Faulhaber 111.An Thomas Moestl 112.An Ilmar S Habibulin |
| 131.Sh BUGS 132Many of these features are considered new or experimental in 133.Fx 5.0 134and should be deployed with appropriate caution. | |