GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  POSIX1E (3)

NAME

posix1e - introduction to the POSIX.1e security API

CONTENTS

Library
Synopsis
Description
Environment
See Also
Standards
History
Authors

LIBRARY


.Lb libc

SYNOPSIS


.In sys/types.h
.In sys/acl.h
.In sys/mac.h

DESCRIPTION

POSIX.1e describes five security extensions to the POSIX.1 API: Access Control Lists (ACLs), Auditing, Capabilities, Mandatory Access Control, and Information Flow Labels. While IEEE POSIX.1e D17 specification has not been standardized, several of its interfaces are widely used.


.Fx implements POSIX.1e interface for access control lists, described in acl(3), and supports ACLs on the ffs(7) file system; ACLs must be administratively enabled using tunefs(8).


.Fx implements a POSIX.1e-like mandatory access control interface, described in mac(3), although with a number of extensions and important semantic differences.


.Fx does not implement the POSIX.1e audit, privilege (capability), or information flow label APIs. However,
.Fx does implement the libbsm audit API. It also provides capsicum(4), a lightweight OS capability and sandbox framework implementing a hybrid capability system model.

ENVIRONMENT

POSIX.1e assigns security attributes to all objects, extending the security functionality described in POSIX.1. These additional attributes store fine-grained discretionary access control information and mandatory access control labels; for files, they are stored in extended attributes, described in extattr(3).

POSIX.2c describes a set of userland utilities for manipulating these attributes, including getfacl(1) and setfacl(1) for access control lists, and getfmac(8) and setfmac(8) for mandatory access control labels.

SEE ALSO

getfacl(1), setfacl(1), extattr(2), acl(3), extattr(3), libcapsicum(3), libbsm(3), mac(3), capsicum(4), ffs(7), getfmac(8), setfmac(8), tunefs(8), acl(9), extattr(9), mac(9)

STANDARDS

POSIX.1e is described in IEEE POSIX.1e draft 17.

HISTORY

POSIX.1e support was introduced in
.Fx 4.0 ; most features were available as of
.Fx 5.0 .

AUTHORS


.An Robert N M Watson
.An Chris D. Faulhaber
.An Thomas Moestl
.An Ilmar S Habibulin
Search for    or go to Top of page |  Section 3 |  Main Index


Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.