Manual Reference Pages - POSIX1E (3)
- introduction to the POSIX.1e security API
POSIX.1e describes five security extensions to the POSIX.1 API: Access
Control Lists (ACLs), Auditing, Capabilities, Mandatory Access Control, and
Information Flow Labels.
While IEEE POSIX.1e D17 specification has not been standardized, several of
its interfaces are widely used.
implements POSIX.1e interface for access control lists, described in
and supports ACLs on the
file system; ACLs must be administratively enabled using
implements a POSIX.1e-like mandatory access control interface, described in
although with a number of extensions and important semantic differences.
does not implement the POSIX.1e audit, privilege (capability), or information
flow label APIs.
does implement the
It also provides
a lightweight OS capability and sandbox framework implementing a
hybrid capability system model.
POSIX.1e assigns security attributes to all objects, extending the security
functionality described in POSIX.1.
These additional attributes store fine-grained discretionary access control
information and mandatory access control labels; for files, they are stored
in extended attributes, described in
a set of userland utilities for manipulating these attributes, including
for access control lists, and
for mandatory access control labels.
POSIX.1e is described in IEEE POSIX.1e draft 17.
POSIX.1e support was introduced in
.Fx 4.0 ;
most features were available as of
.Fx 5.0 .
.An Robert N M Watson
.An Chris D. Faulhaber
.An Thomas Moestl
.An Ilmar S Habibulin
Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.