The following table shows session label limitations and availability based on users' session choices; it continues the example from Figure 1-6. The left column identifies the types of label settings used in sessions. The middle two columns apply to a Multilevel Session and the right two columns apply to a Single-level Session. The columns labeled General Case show how the label types are determined. The columns marked Example show a typical user's session selections at login.
Table 1-4 Labels in Trusted Solaris Sessions
|
Multilevel Session |
Single-level Session |
||
---|---|---|---|---|
|
General Case |
Example #1: Multilevel with clearance of [SECRET A B] |
General Case |
Example #2: Single-level with session label of [SECRET A B] |
Initial Workspace Label (at first login) |
Lowest label in account label range. |
[CONFIDENTIAL] |
Session label specified by user |
[SECRET A B] |
Available workspace SLs |
Any label in account label range up to the session clearance |
[CONFIDENTIAL] [CONFIDENTIAL A B] [SECRET A B] |
Session label specified by user |
[SECRET A B] |
In Example #1, the initial workspace label is set to [CONFIDENTIAL], which is the label at the bottom of the user's account label range. The user can work at a label of [CONFIDENTIAL], [CONFIDENTIAL A B], or [SECRET A B].
In Example #2, the user's initial workspace SL is [SECRET A B]. Since this is a single-level session, the only available workspace label is [SECRET A B].