| posix1e.3 (a889d1fb766450bff9b27c3bccfe18fc39cd753d) | posix1e.3 (c32381ada4857b3c94e52f27fce687ebfdc75235) |
|---|---|
| 1.\"- 2.\" Copyright (c) 2000 Robert N. M. Watson 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright --- 15 unchanged lines hidden (view full) --- 24.\" SUCH DAMAGE. 25.\" 26.\" $FreeBSD$ 27.\" 28.Dd January 17, 2000 29.Dt POSIX1E 3 30.Os FreeBSD 4.0 31.Sh NAME | 1.\"- 2.\" Copyright (c) 2000 Robert N. M. Watson 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright --- 15 unchanged lines hidden (view full) --- 24.\" SUCH DAMAGE. 25.\" 26.\" $FreeBSD$ 27.\" 28.Dd January 17, 2000 29.Dt POSIX1E 3 30.Os FreeBSD 4.0 31.Sh NAME |
| 32.Nm posix1e \- introduction to the POSIX.1e security API | 32.Nm posix1e 33.Nd introduction to the POSIX.1e security API |
| 33.Sh SYNOPSIS 34.Fd #include <sys/acl.h> 35.Fd #include <sys/audit.h> 36.Fd #include <sys/capability.h> 37.Fd #include <sys/mac.h> 38.Sh DESCRIPTION 39The IEEE POSIX.1e specification never left draft form, but the interfaces | 34.Sh SYNOPSIS 35.Fd #include <sys/acl.h> 36.Fd #include <sys/audit.h> 37.Fd #include <sys/capability.h> 38.Fd #include <sys/mac.h> 39.Sh DESCRIPTION 40The IEEE POSIX.1e specification never left draft form, but the interfaces |
| 40it describes are now widely used despite inherrent limitations. Currently, | 41it describes are now widely used despite inherent limitations. Currently, |
| 41only a few of the interfaces and features are implemented in FreeBSD, 42although efforts are underway to complete the integration at this time. 43 44POSIX.1e describes five security extensions to the base POSIX.1 API: 45Access Control Lists (ACLs), Auditing, Capabilities, Mandatory Access 46Control, and Information Flow Labels. Of these, the ACL interfaces are 47currently included with FreeBSD, Auditing, Capabilities, and Mandatory 48Access Control are in the wings, and Information Flow Labels are not on --- 17 unchanged lines hidden (view full) --- 66FreeBSD's support for POSIX.1e interfaces and features is still under 67development at this time. 68.Sh ENVIRONMENT 69POSIX.1e assigns security labels to all objects, extending the security 70functionality described in POSIX.1. These additional labels provide 71fine-grained discretionary access control, fine-grained capabilities, 72and labels necessary for mandatory access control. POSIX.2c describes 73a set of userland utilities for manipulating these labels. These userland | 42only a few of the interfaces and features are implemented in FreeBSD, 43although efforts are underway to complete the integration at this time. 44 45POSIX.1e describes five security extensions to the base POSIX.1 API: 46Access Control Lists (ACLs), Auditing, Capabilities, Mandatory Access 47Control, and Information Flow Labels. Of these, the ACL interfaces are 48currently included with FreeBSD, Auditing, Capabilities, and Mandatory 49Access Control are in the wings, and Information Flow Labels are not on --- 17 unchanged lines hidden (view full) --- 67FreeBSD's support for POSIX.1e interfaces and features is still under 68development at this time. 69.Sh ENVIRONMENT 70POSIX.1e assigns security labels to all objects, extending the security 71functionality described in POSIX.1. These additional labels provide 72fine-grained discretionary access control, fine-grained capabilities, 73and labels necessary for mandatory access control. POSIX.2c describes 74a set of userland utilities for manipulating these labels. These userland |
| 74utilities are not bundled with FreeBSD 4.0 so as to discourage their | 75utilities are not bundled with 76.Fx 4.0 77so as to discourage their |
| 75use in the short term. 76.Sh FILES 77.Sh SEE ALSO 78.Xr acl 3 , 79.Xr acl 9 , 80.Xr extattr 9 81.Sh STANDARDS 82POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion 83of the draft continues on the cross-platform POSIX.1e implementation | 78use in the short term. 79.Sh FILES 80.Sh SEE ALSO 81.Xr acl 3 , 82.Xr acl 9 , 83.Xr extattr 9 84.Sh STANDARDS 85POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion 86of the draft continues on the cross-platform POSIX.1e implementation |
| 84mailing list. To join this list, see the FreeBSD POSIX.1e implementation | 87mailing list. To join this list, see the 88.Fx 89POSIX.1e implementation |
| 85page for more information. 86.Sh HISTORY | 90page for more information. 91.Sh HISTORY |
| 87POSIX.1e support was introduced in FreeBSD 4.0, and development continues. | 92POSIX.1e support was introduced in 93.Fx 4.0 , 94and development continues. |
| 88.Sh AUTHORS | 95.Sh AUTHORS |
| 89Robert N M Watson, Ilmar S Habibulin | 96.An Robert N M Watson , 97.An Ilmar S Habibulin |
| 90.Sh BUGS 91These features are not yet fully implemented. In particular, the shipped 92version of UFS/FFS does not support storage of additional security labels, 93and so is unable to (easily) provide support for most of these features. | 98.Sh BUGS 99These features are not yet fully implemented. In particular, the shipped 100version of UFS/FFS does not support storage of additional security labels, 101and so is unable to (easily) provide support for most of these features. |