Preface
Labels, clearances, and handling instructions are used to protect information on a system that is configured with Solaris Trusted Extensions software. The components of labels, clearances, and handling instructions are specified in the label_encodings file. This guide provides background for creating or modifying the file. The guide provides examples, and helps you to create and install a label_encodings file that is appropriate for your site.
Who Should Use This Book
This book is for security administrators. Security administrators are responsible for defining the organization's labels. Some security administrators are also responsible for implementing the labels. This book is for definers and implementers.
Note –
Even though Trusted Extensions can be configured with no visible labels, labels are always being used. Labels provide mandatory access control (MAC), and MAC is always enforced. Therefore, the site's label_encodings file must be in place before any users or roles are created.
Trusted Extensions installs a default label_encodings file. The security administrator must provide a file that is appropriate for the site.
The security administrator who implements the labels should be familiar with Solaris administration. The necessary level of knowledge can be acquired through training and documentation. For details, see Documentation, Support, and Training.
How the Solaris Trusted Extensions Books Are Organized
The Solaris Trusted Extensions documentation set supplements the documentation for the Solaris Express Developer Edition 1/08 release. Review both sets of documentation for a more complete understanding of Solaris Trusted Extensions. The Solaris Trusted Extensions documentation set consists of the following books.
|
Book Title |
Topics |
Audience |
|---|---|---|
|
Obsolete. Provides an overview of the differences between Trusted Solaris 8 software, Solaris Express Developer Edition 9/07 software, and Solaris Trusted Extensions software. For this release, the What's New document for the Solaris OS provides an overview of Trusted Extensions changes. |
All |
|
|
Solaris Trusted Extensions Reference Manual |
Obsolete. Provides Solaris Trusted Extensions man pages for releases prior to the Solaris Express Developer Edition 9/07 release. For this release, Trusted Extensions man pages are included with the Solaris man pages. |
All |
|
Describes the basic features of Solaris Trusted Extensions. This book contains a glossary. |
End users, administrators, developers |
|
|
Obsolete. Describes how to plan for, install, and configure Solaris Trusted Extensions for the Solaris 10 10/06 and Solaris 10 8/07 releases of Trusted Extensions. |
Administrators, developers |
|
|
For this release, Part I describes how to prepare for, enable, and initially configure Trusted Extensions. Part I replaces Solaris Trusted Extensions Installation and Configuration. Part II describes how to administer a Trusted Extensions system. This book contains a glossary. |
Administrators, developers |
|
|
Describes how to develop applications with Solaris Trusted Extensions. |
Developers, administrators |
|
|
Provides information about how to specify label components in the label encodings file. |
Administrators |
|
|
Describes the syntax used in the label encodings file. The syntax enforces the various rules for well-formed labels for a system. |
Administrators |
How This Book Is Organized
-
Chapter 1, Labels in Trusted Extensions Software discusses labels-related concepts for the security administrator who prepares the site's label_encodings file.
-
Chapter 2, Planning Labels (Tasks) provides planning steps for the security administrator who prepares the site's label_encodings file. This chapter also describes the encodings files that Trusted Extensions provides.
-
Chapter 3, Making a Label Encodings File (Tasks) describes how to create, customize, and check the label_encodings file.
-
Chapter 4, Labeling Printer Output (Tasks) describes the labels and handling instructions on printer output and gives procedures for modifying them.
-
Chapter 5, Customizing LOCAL DEFINITIONS describes the optional LOCAL DEFINITIONS section of the label_encodings file.
-
Chapter 6, Example: Planning an Organization's Labels models how a site analyzes its label requirements and creates a label_encodings file.
-
Appendix A, Sample Label Encodings File contains the example of the label_encodings file from Chapter 6, Example: Planning an Organization's Labels.
Documentation, Support, and Training
The Sun web site provides information about the following additional resources:
Typographic Conventions
The following table describes the typographic conventions that are used in this book.
Table P–1 Typographic Conventions|
Typeface |
Meaning |
Example |
|---|---|---|
|
AaBbCc123 |
The names of commands, files, and directories, and onscreen computer output |
Edit your .login file. Use ls -a to list all files. machine_name% you have mail. |
|
AaBbCc123 |
What you type, contrasted with onscreen computer output |
machine_name% su Password: |
|
aabbcc123 |
Placeholder: replace with a real name or value |
The command to remove a file is rm filename. |
|
AaBbCc123 |
Book titles, new terms, and terms to be emphasized |
Read Chapter 6 in the User's Guide. A cache is a copy that is stored locally. Do not save the file. Note: Some emphasized items appear bold online. |
Shell Prompts in Command Examples
The following table shows the default UNIX® system prompt and superuser prompt for the C shell, Bourne shell, and Korn shell.
Table P–2 Shell Prompts|
Shell |
Prompt |
|---|---|
|
C shell |
machine_name% |
|
C shell for superuser |
machine_name# |
|
Bourne shell and Korn shell |
$ |
|
Bourne shell and Korn shell for superuser |
# |
- © 2010, Oracle Corporation and/or its affiliates