*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->FreeBSD man pages -> posix1e (3)              
Title
Content
Arch
Section
 

POSIX1E(3)

Contents


NAME    [Toc]    [Back]

     posix1e -- introduction to the POSIX.1e security API

LIBRARY    [Toc]    [Back]

     Standard C Library (libc, -lc)

SYNOPSIS    [Toc]    [Back]

     #include <sys/types.h>
     #include <sys/acl.h>
     #include <sys/capability.h>
     #include <sys/mac.h>

DESCRIPTION    [Toc]    [Back]

     The IEEE POSIX.1e specification never left draft form, but the interfaces
     it describes are now widely used despite inherent limitations.  Currently,
 only a few of the interfaces and features are implemented in
     FreeBSD, although efforts are underway to complete the integration at
     this time.

     POSIX.1e describes five security extensions to the base POSIX.1 API:
     Access Control Lists (ACLs), Auditing, Capabilities, Mandatory Access
     Control, and Information Flow Labels.  FreeBSD supports POSIX.1e ACL
     interfaces, as well as POSIX.1e-like MAC interfaces.  The TrustedBSD
     Project has produced but not integrated an implementation of POSIX.1e
     Capabilities.

     POSIX.1e defines both syntax and semantics for these features, but fairly
     substantial changes are required to implement these features in the operating
 system.

     As shipped, FreeBSD 4.0 provides API and VFS support for ACLs, but not an
     implementation on any native file system.	FreeBSD 5.0 includes support
     for ACLs as part of UFS1 and UFS2, as well as necessary VFS support for
     additional file systems to export ACLs as appropriate.  Available API
     calls relating to ACLs are described in detail in acl(3).

     As shipped, FreeBSD 5.0 includes support for Mandatory Access Control as
     well as POSIX.1e-like APIs for label management.  More information on API
     calls relating to MAC is available in mac(3).

     Additional patches supporting POSIX.1e features are provided by the
     TrustedBSD project:

     http://www.TrustedBSD.org/

IMPLEMENTATION NOTES    [Toc]    [Back]

     FreeBSD's support for POSIX.1e interfaces and features is still under
     development at this time, and many of these features are considered new
     or experimental.

ENVIRONMENT    [Toc]    [Back]

     POSIX.1e assigns security labels to all objects, extending the security
     functionality described in POSIX.1.  These additional labels provide
     fine-grained discretionary access control, fine-grained capabilities, and
     labels necessary for mandatory access control.  POSIX.2c describes a set
     of userland utilities for manipulating these labels.

     Many of these services are supported by extended attributes, documented
     in extattr(2) and extattr(9).  While these APIs are not documented in
     POSIX.1e, they are similar in structure.

SEE ALSO    [Toc]    [Back]

      
      
     extattr(2), acl(3), mac(3), acl(9), extattr(9), mac(9)

STANDARDS    [Toc]    [Back]

     POSIX.1e is described in IEEE POSIX.1e draft 17.  Discussion of the draft
     continues on the cross-platform POSIX.1e implementation mailing list.  To
     join this list, see the FreeBSD POSIX.1e implementation page for more
     information.

HISTORY    [Toc]    [Back]

     POSIX.1e support was introduced in FreeBSD 4.0; most of the features are
     available as of FreeBSD 5.0.  Development continues.

AUTHORS    [Toc]    [Back]

     Robert N M Watson
     Chris D. Faulhaber
     Thomas Moestl
     Ilmar S Habibulin

BUGS    [Toc]    [Back]

     Many of these features are considered new or experimental in FreeBSD 5.0
     and should be deployed with appropriate caution.


FreeBSD 5.2.1		       January 17, 2000 		 FreeBSD 5.2.1
[ Back ]
 Similar pages
Name OS Title
acl FreeBSD introduction to the POSIX.1e ACL security API
pthread_intro Tru64 Introduction to POSIX Threads
pthread Tru64 Introduction to POSIX Threads
intro_pxf IRIX Introduction to PXF POSIX library
pthreads IRIX introduction to POSIX thread characteristics
mac FreeBSD introduction to the MAC security API
security FreeBSD introduction to security under FreeBSD
sec_intro HP-UX Introduction to the DCE Security administrative files
sec_intro HP-UX Introduction to the DCE Security administrative commands
pipcrm HP-UX remove a POSIX message queue or a POSIX named semaphore
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service