diff options
author | Robert Watson <rwatson@FreeBSD.org> | 2002-11-04 20:52:09 +0000 |
---|---|---|
committer | Robert Watson <rwatson@FreeBSD.org> | 2002-11-04 20:52:09 +0000 |
commit | 1ccff0f49091b2c68fd47736ba4369fd242ce4eb (patch) | |
tree | d230de744f43ee6f2f6cba3259b96d8a88052ca2 /lib/libc | |
parent | 04b3b6443c84706257cd739a20a732278b7f75ea (diff) | |
download | src-1ccff0f49091b2c68fd47736ba4369fd242ce4eb.tar.gz src-1ccff0f49091b2c68fd47736ba4369fd242ce4eb.zip |
Clarify language relating to ACLs, Capabtilities, and MAC, since the
implementation status of these services has changed substantially
since this man page was last updated.
Notes
Notes:
svn path=/head/; revision=106432
Diffstat (limited to 'lib/libc')
-rw-r--r-- | lib/libc/posix1e/posix1e.3 | 64 |
1 files changed, 36 insertions, 28 deletions
diff --git a/lib/libc/posix1e/posix1e.3 b/lib/libc/posix1e/posix1e.3 index bd47b9613b0b..fd606cd7af65 100644 --- a/lib/libc/posix1e/posix1e.3 +++ b/lib/libc/posix1e/posix1e.3 @@ -49,40 +49,42 @@ although efforts are underway to complete the integration at this time. POSIX.1e describes five security extensions to the base POSIX.1 API: Access Control Lists (ACLs), Auditing, Capabilities, Mandatory Access Control, and Information Flow Labels. -Of these, the ACL interfaces are -currently included with -.Fx , -Auditing, Capabilities, and Mandatory -Access Control are in the wings, and Information Flow Labels are not on -the calendar. +.Fx +supports POSIX.1e ACL interfaces, as well as POSIX.1e-like MAC +interfaces. +The TrustedBSD Project has produced but not integrated an implementation +of POSIX.1e Capabilities. .Pp POSIX.1e defines both syntax and semantics for these features, but fairly substantial changes are required to implement these features in the operating system. +.Pp As shipped, .Fx 4.0 -permits file systems to export -Access Control Lists via the VFS, and provides a library for userland -access to and manipulation of these ACLs, but support for ACLs is not -provided by any file systems shipped in the base operating system. +provides API and VFS support for ACLs, but not an implementation on any +native file system. +.Fx 5.0 +includes support for ACLs as part of UFS1 and UFS2, as well as necessary +VFS support for additional file systems to export ACLs as appropriate. Available API calls relating to ACLs are described in detail in .Xr acl 3 . .Pp -.Fx -currently provides documentation and APIs for fine-grained capability -support, but implementation is currently not included in the base -system. -Documentation of these API calls is provided in -.Xr cap 3 . +As shipped, +.Fx 5.0 +includes support for Mandatory Access Control as well as POSIX.1e-like +APIs for label management. +More information on API calls relating to MAC is available in +.Xr mac 3 . .Pp Additional patches supporting POSIX.1e features are provided by the TrustedBSD project: .Pp -http://www.trustedbsd.org +http://www.TrustedBSD.org/ .Sh IMPLEMENTATION NOTES .Fx Ns 's support for POSIX.1e interfaces and features is still under -development at this time. +development at this time, and many of these features are considered new +or experimental. .Sh ENVIRONMENT POSIX.1e assigns security labels to all objects, extending the security functionality described in POSIX.1. @@ -91,17 +93,19 @@ fine-grained discretionary access control, fine-grained capabilities, and labels necessary for mandatory access control. POSIX.2c describes a set of userland utilities for manipulating these labels. -These userland -utilities are not bundled with -.Fx 4.0 -so as to discourage their -use in the short term. +.Pp +Many of these services are supported by extended attributes, documented +in +.Xr extattr 2 +and +.Xr extattr 9 . +While these APIs are not documented in POSIX.1e, they are similar in +structure. .Sh SEE ALSO .Xr acl 3 , -.Xr cap 3 , +.Xr extattr 2 , .Xr mac 3 , .Xr acl 9 , -.Xr cap 9 , .Xr extattr 9 , .Xr mac 9 .Sh STANDARDS @@ -115,12 +119,16 @@ POSIX.1e implementation page for more information. .Sh HISTORY POSIX.1e support was introduced in -.Fx 4.0 , -and development continues. +.Fx 4.0 ; +most of the features are available as of +.Fx 5.0 . +Development continues. .Sh AUTHORS .An Robert N M Watson .An Chris D. Faulhaber .An Thomas Moestl .An Ilmar S Habibulin .Sh BUGS -These features are not yet fully implemented. +Many of these features are considered new or experimental in +.Fx 5.0 +and should be deployed with appropriate caution. |