Solaris Trusted Extensions Administrator's Procedures

Managing Software in Trusted Extensions (Tasks)

Managing software in Trusted Extensions is similar to managing software on a Solaris system that has installed non-global zones. For details about zones, see Part II, Zones, in System Administration Guide: Virtualization Using the Solaris Operating System.

ProcedureHow to Add a Software Package in Trusted Extensions

Before You Begin

You must be in a role that can allocate a device.

  1. Start from the appropriate workspace.

  2. Allocate the CD-ROM drive.

    For details, see How to Allocate a Device in Trusted Extensions in Solaris Trusted Extensions User’s Guide.

  3. Install the software.

    For details, see Where to Find Software Management Tasks in System Administration Guide: Basic Administration.

  4. Deallocate the device when you are finished.

    For details, see How to Allocate a Device in Trusted Extensions in Solaris Trusted Extensions User’s Guide.

ProcedureHow to Install a Java Archive File in Trusted Extensions

This procedure downloads a JavaTM archive (JAR) file to the global zone. From the global zone, the administrator can make it available to regular users.

Before You Begin

The security administrator has verified that the source of the Java program is trustworthy, that the method of delivery is secure, and that the program can run in a trustworthy manner.

You are in the System Administrator role in the global zone.

  1. Download the JAR file to the /tmp directory.

    For example, if you are selecting software from http://www.sunfreeware.com, use the site's “Solaris pkg-get tool” instructions.

  2. Open the File Browser and navigate to the /tmp directory.

  3. Double-click the downloaded file.

  4. To install the software, answer the questions in the dialog boxes.

  5. Read the installation log.


Example 25–1 Downloading a JAR File to a User Label

To limit the security risk, the system administrator downloads the software to a single label within a regular user's accreditation range. Then, the security administrator tests the JAR file at that label. When the software passes the test, the security administrator then downgrades the label to ADMIN_LOW. The system administrator installs the software on an NFS server to make it available to all users.

  1. First, the system administrator creates a workspace at a user label.

  2. In that workspace, he downloads the JAR file.

  3. At that label, the security administrator tests the file.

  4. Then, the security administrator changes the label of the file to ADMIN_LOW.

  5. Finally, the system administrator copies the file to an NFS server whose label is ADMIN_LOW.