posix1e man page on DragonFly
Man page or keyword search:  
man Server   44335 pages
apropos Keyword Search (all sections)
Output format
DragonFly logo
[printable version] 
POSIX1E(3)		 BSD Library Functions Manual		    POSIX1E(3)

NAME
     posix1e — introduction to the POSIX.1e security API

LIBRARY
     library “libposix1e”

SYNOPSIS
     #include <sys/types.h>
     #include <sys/acl.h>
     #include <sys/audit.h>
     #include <sys/capability.h>
     #include <sys/mac.h>

DESCRIPTION
     The IEEE POSIX.1e specification never left draft form, but the interfaces
     it describes are now widely used despite inherent limitations.  Cur‐
     rently, only a few of the interfaces and features are implemented in
     DragonFly, although efforts are underway to complete the integration at
     this time.

     POSIX.1e describes five security extensions to the base POSIX.1 API:
     Access Control Lists (ACLs), Auditing, Capabilities, Mandatory Access
     Control, and Information Flow Labels.  Of these, the ACL interfaces are
     currently included with DragonFly, Auditing, Capabilities, and Mandatory
     Access Control are in the wings, and Information Flow Labels are not on
     the calendar.

     POSIX.1e defines both syntax and semantics for these features, but fairly
     substantial changes are required to implement these features in the oper‐
     ating system.  As shipped, DragonFly permits file systems to export
     Access Control Lists via the VFS, and provides a library for userland
     access to and manipulation of these ACLs, but support for ACLs is not
     provided by any file systems shipped in the base operating system.
     Available API calls relating to ACLs are described in detail in acl(3).

     The patches supporting other POSIX.1e features are not available in the
     base operating system at this time--however, more information on them may
     be found on the FreeBSD POSIX.1e implementation web page:

     http://www.watson.org/fbsd-hardening/posix1e/

IMPLEMENTATION NOTES
     DragonFly's support for POSIX.1e interfaces and features is still under
     development at this time.

ENVIRONMENT
     POSIX.1e assigns security labels to all objects, extending the security
     functionality described in POSIX.1.  These additional labels provide
     fine-grained discretionary access control, fine-grained capabilities, and
     labels necessary for mandatory access control.  POSIX.2c describes a set
     of userland utilities for manipulating these labels.  These userland
     utilities are not bundled with DragonFly so as to discourage their use in
     the short term.

SEE ALSO
     acl(3), acl(9), extattr(9)

STANDARDS
     POSIX.1e is described in IEEE POSIX.1e draft 17.  Discussion of the draft
     continues on the cross-platform POSIX.1e implementation mailing list.  To
     join this list, see the FreeBSD POSIX.1e implementation page for more
     information.

HISTORY
     POSIX.1e support was introduced in FreeBSD 4.0, and development contin‐
     ues.

AUTHORS
     Robert N M Watson,
     Ilmar S Habibulin

BUGS
     These features are not yet fully implemented.  In particular, the shipped
     version of UFS/FFS does not support storage of additional security
     labels, and so is unable to (easily) provide support for most of these
     features.

BSD			       January 17, 2000				   BSD
[top]

List of man pages available for DragonFly

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net