POSIX1E(3) BSD Library Functions Manual POSIX1E(3)NAMEposix1e — introduction to the POSIX.1e security API
Standard C Library (libc, -lc)
POSIX.1e describes five security extensions to the POSIX.1 API: Access
Control Lists (ACLs), Auditing, Capabilities, Mandatory Access Control,
and Information Flow Labels. While IEEE POSIX.1e D17 specification has
not been standardized, several of its interfaces are widely used.
FreeBSD implements POSIX.1e interface for access control lists, described
in acl(3), and supports ACLs on the ffs(7) file system; ACLs must be
administratively enabled using tunefs(8).
FreeBSD implements a POSIX.1e-like mandatory access control interface,
described in mac(3), although with a number of extensions and important
FreeBSD does not implement the POSIX.1e audit, privilege (capability), or
information flow label APIs. However, FreeBSD does implement the libbsm
POSIX.1e assigns security attributes to all objects, extending the secu‐
rity functionality described in POSIX.1. These additional attributes
store fine-grained discretionary access control information and mandatory
access control labels; for files, they are stored in extended attributes,
described in extattr(3).
POSIX.2c describes a set of userland utilities for manipulating these
attributes, including getfacl(1) and setfacl(1) for access control lists,
and getfmac(8) and setfmac(8) for mandatory access control labels.
SEE ALSOgetfacl(1), setfacl(1), extattr(2), acl(3), extattr(3), libbsm(3),
mac(3), ffs(7), getfmac(8), setfmac(8), tunefs(8), acl(9), extattr(9),
POSIX.1e is described in IEEE POSIX.1e draft 17.
POSIX.1e support was introduced in FreeBSD 4.0; most features were avail‐
able as of FreeBSD 5.0.
Robert N M Watson
Chris D. Faulhaber
Ilmar S Habibulin
BSD August 7, 2009 BSD