summaryrefslogtreecommitdiffstats
path: root/lib/libc/posix1e/posix1e.3
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libc/posix1e/posix1e.3')
-rw-r--r--lib/libc/posix1e/posix1e.3134
1 files changed, 134 insertions, 0 deletions
diff --git a/lib/libc/posix1e/posix1e.3 b/lib/libc/posix1e/posix1e.3
new file mode 100644
index 0000000..6333b08
--- /dev/null
+++ b/lib/libc/posix1e/posix1e.3
@@ -0,0 +1,134 @@
+.\"-
+.\" Copyright (c) 2000 Robert N. M. Watson
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd January 17, 2000
+.Dt POSIX1E 3
+.Os
+.Sh NAME
+.Nm posix1e
+.Nd introduction to the POSIX.1e security API
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.In sys/types.h
+.In sys/acl.h
+.\" .In sys/audit.h
+.\" .In sys/capability.h
+.In sys/mac.h
+.Sh DESCRIPTION
+The IEEE POSIX.1e specification never left draft form, but the interfaces
+it describes are now widely used despite inherent limitations.
+Currently, only a few of the interfaces and features are implemented in
+.Fx ,
+although efforts are underway to complete the integration at this time.
+.Pp
+POSIX.1e describes five security extensions to the base POSIX.1 API:
+Access Control Lists (ACLs), Auditing, Capabilities, Mandatory Access
+Control, and Information Flow Labels.
+.Fx
+supports POSIX.1e ACL interfaces, as well as POSIX.1e-like MAC
+interfaces.
+The TrustedBSD Project has produced but not integrated an implementation
+of POSIX.1e Capabilities.
+.Pp
+POSIX.1e defines both syntax and semantics for these features, but fairly
+substantial changes are required to implement these features in the
+operating system.
+.Pp
+As shipped,
+.Fx 4.0
+provides API and VFS support for ACLs, but not an implementation on any
+native file system.
+.Fx 5.0
+includes support for ACLs as part of UFS1 and UFS2, as well as necessary
+VFS support for additional file systems to export ACLs as appropriate.
+Available API calls relating to ACLs are described in detail in
+.Xr acl 3 .
+.Pp
+As shipped,
+.Fx 5.0
+includes support for Mandatory Access Control as well as POSIX.1e-like
+APIs for label management.
+More information on API calls relating to MAC is available in
+.Xr mac 3 .
+.Pp
+Additional patches supporting POSIX.1e features are provided by the
+TrustedBSD project:
+.Pp
+http://www.TrustedBSD.org/
+.Sh IMPLEMENTATION NOTES
+.Fx Ns 's
+support for POSIX.1e interfaces and features is still under
+development at this time, and many of these features are considered new
+or experimental.
+.Sh ENVIRONMENT
+POSIX.1e assigns security labels to all objects, extending the security
+functionality described in POSIX.1.
+These additional labels provide
+fine-grained discretionary access control, fine-grained capabilities,
+and labels necessary for mandatory access control.
+POSIX.2c describes
+a set of userland utilities for manipulating these labels.
+.Pp
+Many of these services are supported by extended attributes, documented
+in
+.Xr extattr 2
+and
+.Xr extattr 9 .
+While these APIs are not documented in POSIX.1e, they are similar in
+structure.
+.Sh SEE ALSO
+.Xr extattr 2 ,
+.Xr acl 3 ,
+.Xr mac 3 ,
+.Xr acl 9 ,
+.Xr extattr 9 ,
+.Xr mac 9
+.Sh STANDARDS
+POSIX.1e is described in IEEE POSIX.1e draft 17.
+Discussion of the draft continues
+on the cross-platform POSIX.1e implementation
+mailing list.
+To join this list, see the
+.Fx
+POSIX.1e implementation
+page for more information.
+.Sh HISTORY
+POSIX.1e support was introduced in
+.Fx 4.0 ;
+most of the features are available as of
+.Fx 5.0 .
+Development continues.
+.Sh AUTHORS
+.An Robert N M Watson
+.An Chris D. Faulhaber
+.An Thomas Moestl
+.An Ilmar S Habibulin
+.Sh BUGS
+Many of these features are considered new or experimental in
+.Fx 5.0
+and should be deployed with appropriate caution.
OpenPOWER on IntegriCloud