posix1e —
introduction to the POSIX.1e security API
Standard C Library (libc, -lc)
POSIX.1e describes five security extensions to the POSIX.1 API: Access Control
  Lists (ACLs), Auditing, Capabilities, Mandatory Access Control, and
  Information Flow Labels. While IEEE POSIX.1e D17 specification has not been
  standardized, several of its interfaces are widely used.
NetBSD implements POSIX.1e interface for
    access control lists, described in
    acl(3), and supports ACLs on the
    ffs(7) file system; ACLs must be
    administratively enabled using
    tunefs(8) or via
    mount(8) options.
NetBSD does not implement the POSIX.1e
    mac, audit, privilege (capability), or information flow label APIs.
POSIX.1e assigns security attributes to all objects, extending the security
  functionality described in POSIX.1. These additional attributes store
  fine-grained discretionary access control information; for files, they are
  stored in extended attributes, described in
  extattr(3).
POSIX.2c describes a set of userland utilities for manipulating
    these attributes, including
    getfacl(1) and
    setfacl(1).
POSIX.1e is described in IEEE POSIX.1e draft 17.
POSIX.1e support was introduced in NetBSD 10.0.
Robert N M Watson
Chris D. Faulhaber
Thomas Moestl
Ilmar S Habibulin