Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/lib/libc/posix1e reality check
details: https://anonhg.NetBSD.org/src/rev/fd9ce256a1ca
branches: trunk
changeset: 935275:fd9ce256a1ca
user: christos <christos%NetBSD.org@localhost>
date: Sun Jun 28 18:23:01 2020 +0000
description:
reality check
diffstat:
lib/libc/posix1e/posix1e.3 | 53 ++++++++++++---------------------------------
1 files changed, 14 insertions(+), 39 deletions(-)
diffs (104 lines):
diff -r 09587c395e4c -r fd9ce256a1ca lib/libc/posix1e/posix1e.3
--- a/lib/libc/posix1e/posix1e.3 Sun Jun 28 14:37:53 2020 +0000
+++ b/lib/libc/posix1e/posix1e.3 Sun Jun 28 18:23:01 2020 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: posix1e.3,v 1.2 2020/06/18 19:46:59 wiz Exp $
+.\" $NetBSD: posix1e.3,v 1.3 2020/06/28 18:23:01 christos Exp $
.\"-
.\" Copyright (c) 2000, 2009 Robert N. M. Watson
.\" All rights reserved.
@@ -37,7 +37,7 @@
.Sh SYNOPSIS
.In sys/types.h
.In sys/acl.h
-.In sys/mac.h
+.\" .In sys/mac.h
.Sh DESCRIPTION
POSIX.1e describes five security extensions to the POSIX.1 API: Access
Control Lists (ACLs), Auditing, Capabilities, Mandatory Access Control, and
@@ -45,36 +45,25 @@
While IEEE POSIX.1e D17 specification has not been standardized, several of
its interfaces are widely used.
.Pp
-.Fx
+.Nx
implements POSIX.1e interface for access control lists, described in
.Xr acl 3 ,
and supports ACLs on the
.Xr ffs 7
file system; ACLs must be administratively enabled using
-.Xr tunefs 8 .
-.Pp
-.Fx
-implements a POSIX.1e-like mandatory access control interface, described in
-.Xr mac 3 ,
-although with a number of extensions and important semantic differences.
+.Xr tunefs 8
+or via
+.Xr mount 8
+options.
.Pp
-.Fx
-does not implement the POSIX.1e audit, privilege (capability), or information
-flow label APIs.
-However,
-.Fx
-does implement the
-.Xr libbsm 3
-audit API.
-It also provides
-.Xr capsicum 4 ,
-a lightweight OS capability and sandbox framework implementing a
-hybrid capability system model.
+.Nx
+does not implement the POSIX.1e mac, audit, privilege (capability),
+or information flow label APIs.
.Sh ENVIRONMENT
POSIX.1e assigns security attributes to all objects, extending the security
functionality described in POSIX.1.
These additional attributes store fine-grained discretionary access control
-information and mandatory access control labels; for files, they are stored
+information; for files, they are stored
in extended attributes, described in
.Xr extattr 3 .
.Pp
@@ -82,36 +71,22 @@
a set of userland utilities for manipulating these attributes, including
.Xr getfacl 1
and
-.Xr setfacl 1
-for access control lists, and
-.Xr getfmac 8
-and
-.Xr setfmac 8
-for mandatory access control labels.
+.Xr setfacl 1 .
.Sh SEE ALSO
.Xr getfacl 1 ,
.Xr setfacl 1 ,
.Xr extattr 2 ,
.Xr acl 3 ,
.Xr extattr 3 ,
-.Xr libbsm 3 ,
-.Xr libcasper 3 ,
-.Xr mac 3 ,
-.Xr capsicum 4 ,
.Xr ffs 7 ,
-.Xr getfmac 8 ,
-.Xr setfmac 8 ,
.Xr tunefs 8 ,
.Xr acl 9 ,
-.Xr extattr 9 ,
-.Xr mac 9
+.Xr extattr 9
.Sh STANDARDS
POSIX.1e is described in IEEE POSIX.1e draft 17.
.Sh HISTORY
POSIX.1e support was introduced in
-.Fx 4.0 ;
-most features were available as of
-.Fx 5.0 .
+.Nx 10.0 .
.Sh AUTHORS
.An Robert N M Watson
.An Chris D. Faulhaber
Home |
Main Index |
Thread Index |
Old Index