[src/trunk]: src/lib/libc/posix1e reality check

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/fd9ce256a1ca
branches:  trunk
changeset: 935275:fd9ce256a1ca
user:      christos <christos%NetBSD.org@localhost>
date:      Sun Jun 28 18:23:01 2020 +0000

description:
reality check

diffstat:

 lib/libc/posix1e/posix1e.3 |  53 ++++++++++++---------------------------------
 1 files changed, 14 insertions(+), 39 deletions(-)

diffs (104 lines):

diff -r 09587c395e4c -r fd9ce256a1ca lib/libc/posix1e/posix1e.3
--- a/lib/libc/posix1e/posix1e.3        Sun Jun 28 14:37:53 2020 +0000
+++ b/lib/libc/posix1e/posix1e.3        Sun Jun 28 18:23:01 2020 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: posix1e.3,v 1.2 2020/06/18 19:46:59 wiz Exp $
+.\" $NetBSD: posix1e.3,v 1.3 2020/06/28 18:23:01 christos Exp $
 .\"-
 .\" Copyright (c) 2000, 2009 Robert N. M. Watson
 .\" All rights reserved.
@@ -37,7 +37,7 @@
 .Sh SYNOPSIS
 .In sys/types.h
 .In sys/acl.h
-.In sys/mac.h
+.\" .In sys/mac.h
 .Sh DESCRIPTION
 POSIX.1e describes five security extensions to the POSIX.1 API: Access
 Control Lists (ACLs), Auditing, Capabilities, Mandatory Access Control, and
@@ -45,36 +45,25 @@
 While IEEE POSIX.1e D17 specification has not been standardized, several of
 its interfaces are widely used.
 .Pp
-.Fx
+.Nx
 implements POSIX.1e interface for access control lists, described in
 .Xr acl 3 ,
 and supports ACLs on the
 .Xr ffs 7
 file system; ACLs must be administratively enabled using
-.Xr tunefs 8 .
-.Pp
-.Fx
-implements a POSIX.1e-like mandatory access control interface, described in
-.Xr mac 3 ,
-although with a number of extensions and important semantic differences.
+.Xr tunefs 8 
+or via
+.Xr mount 8
+options.
 .Pp
-.Fx
-does not implement the POSIX.1e audit, privilege (capability), or information
-flow label APIs.
-However,
-.Fx
-does implement the
-.Xr libbsm 3
-audit API.
-It also provides
-.Xr capsicum 4 ,
-a lightweight OS capability and sandbox framework implementing a
-hybrid capability system model.
+.Nx
+does not implement the POSIX.1e mac, audit, privilege (capability),
+or information flow label APIs.
 .Sh ENVIRONMENT
 POSIX.1e assigns security attributes to all objects, extending the security
 functionality described in POSIX.1.
 These additional attributes store fine-grained discretionary access control
-information and mandatory access control labels; for files, they are stored
+information; for files, they are stored
 in extended attributes, described in
 .Xr extattr 3 .
 .Pp
@@ -82,36 +71,22 @@
 a set of userland utilities for manipulating these attributes, including
 .Xr getfacl 1
 and
-.Xr setfacl 1
-for access control lists, and
-.Xr getfmac 8
-and
-.Xr setfmac 8
-for mandatory access control labels.
+.Xr setfacl 1 .
 .Sh SEE ALSO
 .Xr getfacl 1 ,
 .Xr setfacl 1 ,
 .Xr extattr 2 ,
 .Xr acl 3 ,
 .Xr extattr 3 ,
-.Xr libbsm 3 ,
-.Xr libcasper 3 ,
-.Xr mac 3 ,
-.Xr capsicum 4 ,
 .Xr ffs 7 ,
-.Xr getfmac 8 ,
-.Xr setfmac 8 ,
 .Xr tunefs 8 ,
 .Xr acl 9 ,
-.Xr extattr 9 ,
-.Xr mac 9
+.Xr extattr 9
 .Sh STANDARDS
 POSIX.1e is described in IEEE POSIX.1e draft 17.
 .Sh HISTORY
 POSIX.1e support was introduced in
-.Fx 4.0 ;
-most features were available as of
-.Fx 5.0 .
+.Nx 10.0 .
 .Sh AUTHORS
 .An Robert N M Watson
 .An Chris D. Faulhaber