Storing Files in Separate Directories by Labels

The Trusted Solaris environment provides two special types of directories for storing files and subdirectories with different labels and keeping them separate:

• Multi-level directory (MLD) - A special type of directory that transparently stores information by label in separate subdirectories called single-level directories. Your administrator typically creates your home directory as multi-level directory.

• Single-level directory (SLD) - A hidden subdirectory within a multi-level directory containing files and, optionally, subdirectories at a single label only.

When you attempt to view or access files in a multi-level directory (either through an application such as File Manager or through a shell using standard commands), only those files that are at your current label are visible and accessible. If you keep files at different labels in your home directory, for example, you cannot normally view files at labels other than your current label.

The following figure illustrates the concept of hidden single-level directories within a multi-level directory. The top part of the figure shows the contents of a multi-level home directory called /myHomeDir from the user's view while working at Confidential A B. The lower part of the figure shows the user at Secret A B. Dashed lines and unbolded text indicate hidden directories and files; the solid lines and bolded text indicate visible ones. (Note that the labels associated with the single-level directories are shown in their short form inside parentheses. The labels do not actually appear in the directory names.)

Figure 1-4 SLD Subdirectories

While working at Confidential A B, the user has the following results when trying to list the contents of the /myHomeDir directory:

% pwd
/myhomedir
% ls
file1

At Secret A B, the user sees these results:

% pwd
/myhomedir
% ls
file2    file3