summaryrefslogtreecommitdiffstats
path: root/lib/libc/posix1e/posix1e.3
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libc/posix1e/posix1e.3')
-rw-r--r--lib/libc/posix1e/posix1e.3117
1 files changed, 117 insertions, 0 deletions
diff --git a/lib/libc/posix1e/posix1e.3 b/lib/libc/posix1e/posix1e.3
new file mode 100644
index 0000000..77e8b7f
--- /dev/null
+++ b/lib/libc/posix1e/posix1e.3
@@ -0,0 +1,117 @@
+.\"-
+.\" Copyright (c) 2000 Robert N. M. Watson
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd January 17, 2000
+.Dt POSIX1E 3
+.Os
+.Sh NAME
+.Nm posix1e
+.Nd introduction to the POSIX.1e security API
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.In sys/types.h
+.In sys/acl.h
+.\" .In sys/audit.h
+.In sys/capability.h
+.\" .In sys/mac.h
+.Sh DESCRIPTION
+The IEEE POSIX.1e specification never left draft form, but the interfaces
+it describes are now widely used despite inherent limitations. Currently,
+only a few of the interfaces and features are implemented in
+.Fx ,
+although efforts are underway to complete the integration at this time.
+.Pp
+POSIX.1e describes five security extensions to the base POSIX.1 API:
+Access Control Lists (ACLs), Auditing, Capabilities, Mandatory Access
+Control, and Information Flow Labels. Of these, the ACL interfaces are
+currently included with
+.Fx ,
+Auditing, Capabilities, and Mandatory
+Access Control are in the wings, and Information Flow Labels are not on
+the calendar.
+.Pp
+POSIX.1e defines both syntax and semantics for these features, but fairly
+substantial changes are required to implement these features in the
+operating system. As shipped,
+.Fx 4.0
+permits file systems to export
+Access Control Lists via the VFS, and provides a library for userland
+access to and manipulation of these ACLs, but support for ACLs is not
+provided by any file systems shipped in the base operating system.
+Available API calls relating to ACLs are described in detail in
+.Xr acl 3 .
+.Pp
+.Fx
+currently provides documentation and APIs for fine-grained capability
+support, but implementation is currently not included in the base
+system. Documentation of these API calls is provided in
+.Xr cap 3 .
+.Pp
+Additional patches supporting POSIX.1e features are provided by the
+TrustedBSD project:
+.Pp
+http://www.trustedbsd.org
+.Sh IMPLEMENTATION NOTES
+.Fx Ns 's
+support for POSIX.1e interfaces and features is still under
+development at this time.
+.Sh ENVIRONMENT
+POSIX.1e assigns security labels to all objects, extending the security
+functionality described in POSIX.1. These additional labels provide
+fine-grained discretionary access control, fine-grained capabilities,
+and labels necessary for mandatory access control. POSIX.2c describes
+a set of userland utilities for manipulating these labels. These userland
+utilities are not bundled with
+.Fx 4.0
+so as to discourage their
+use in the short term.
+.Sh FILES
+.Sh SEE ALSO
+.Xr acl 3 ,
+.Xr cap 3 ,
+.Xr acl 9 ,
+.Xr cap 9 ,
+.Xr extattr 9
+.Sh STANDARDS
+POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion
+of the draft continues on the cross-platform POSIX.1e implementation
+mailing list. To join this list, see the
+.Fx
+POSIX.1e implementation
+page for more information.
+.Sh HISTORY
+POSIX.1e support was introduced in
+.Fx 4.0 ,
+and development continues.
+.Sh AUTHORS
+.An Robert N M Watson
+.An Chris D. Faulhaber
+.An Thomas Moestl
+.An Ilmar S Habibulin
+.Sh BUGS
+These features are not yet fully implemented.
OpenPOWER on IntegriCloud