Chapter 5 Managing Labels on Files and Directories
This chapter shows you the basics of managing the security of files and directories in the Trusted Solaris environment. The chapter discusses these topics:
Manipulating File Labels
This section focuses on manipulating a file's sensitivity labels.
Note -
These procedures are only available to authorized users. You cannot change the label of a file or directory without being authorized by your administrator.
To View a File's Label
-
In File Manager, navigate to the directory containing the file.
-
Select the file and choose Labels from the Selected menu, or press mouse button 3 over the file and choose Labels from the pop-up menu.
The Labels dialog box is displayed (see Figure 5-1).
-
Click Cancel to close the Labels dialog box.
Figure 5-1 File Manager Change Label Dialog Box in Label Mode
The file's label appears in the Current Label field. The label will be a label or CMW label (combined), depending on how your user account is configured.
To Copy/Move/Link Files at Different Labels
Caution - Make sure that no one else is using the file whose label is to be changed.
-
Open a second workspace at a different label.
-
Open File Manager in the second workspace.
-
From the window menu in File Manager, choose Occupy Workspace, and select your original workspace.
This moves the File Manager running at the current label to the previous workspace. Note that the trusted path symbol reappears when the pointer is in the Occupy Workspace dialog box because occupying a workspace has a potential effect on the trusted computing base.
-
Complete your desired action.
-
To move the file, drag the file icon from the source File Manager to the File Manager at the new label.
-
To copy the file, press the Control key and drag the file icon from the source File Manager to the File Manager at the new label.
-
To link the file, press Shift and Control while dragging the file icon from the source File Manager to the File Manager at the new label.
Linking a file to another label is useful when you want to make a file with a lower label visible at higher labels. The file is only writable at the lower level.
Figure 5-2 Dragging a File Between File Managers at Different Labels
This causes the File Manager Confirmation dialog box to be displayed. See figure below.
Figure 5-3 File Manager Drag and Drop Confirmer Dialog Box
-
-
Click the Apply button in the File Manager Drag and Drop Confirmer dialog box to complete the action.
Copying and Linking Files to Different Labels by Default
There are two special files that can be stored in your home directory for copying and linking files from your home directory at your minimum labels to your home directory at different labels. These files are provided to circumvent such problems as an application at one label that needs a file in a single-level directory at a different label. The files are:
-
.copy_files - Stores file names to be copied when you first change to a workspace with a different label. This is useful when you have an application that always writes to a file with a specific name and you need to separate the data at different labels.
-
.link_files - Stores file names to be linked when you first change to a workspace with a different label. This is useful when a specific file needs to be available at multiple labels but writable at its minimum label only. Two good candidates for the .link_files file are .dtprofile and .login.
Both files store their entries one file per line. You can specify paths to subdirectories in your home directory, but you should never use a leading slash since all paths should be within your home directory.
Note -
Your administrator may have already installed a .copy_files and .link_files file in your home directory; they are at your discretion to modify. Since there are no safeguards for dealing with such anomalies as duplicate entries in both files or file entries that already exist at other labels, work with your administrator when modifying these files.
- © 2010, Oracle Corporation and/or its affiliates