This section identifies known problems in the Trusted Solaris 8 4/01 software, describes them, and suggests solutions to them. These bugs may or may not be fixed in a future release.
This release supports only the C locale (U.S. English). Thus, no Languages CD is provided.
The praudit and auditreduce commands are both listed in the Audit Review profile as requiring euid=0. This should work, but in fact uid=0 is required.
Workaround: Change the two entries in the exec_attr database to use uid=0 instead of euid=0.
Network packets using the TSIX protocol are not processed correctly when AH headers are present.
Workaround: None.
Network packets that are labeled with the TSOL protocol are not processed correctly by IKE in the SunScreenTM 3.2 product that is co-packaged with this release. The SunScreen log messages show IKE_INVALID_COOKIE.
SunScreen properly processes TSOL-labeled network traffic that is in clear text. SunScreen IKE also behaves correctly in the Trusted Solaris operating environment to protect traffic between unlabeled network connections.
Workaround: None.
A SIGSEGV error is produced when using the nisaddent -avf command to add an incorrectly formatted file to the tnrhdb NIS+ map. This produces a core dump.
Workaround: The nisaddent command works correctly with a valid input file. To ensure that the input file has fields separated by colons and not by spaces, use niscat -s : when dumping a NIS+ table that will be used later as input to NIS+.
The interfaces listed below have code paths which check for the sys_suser_compat
privilege instead of the proper privilege.
LOG_FLUSH, SVCPOOL_CREATE opcodes for NFSSYS().
Creation/deletion of a ufs file system snapshot via the _FIOSNAPSHOTCREATE and _FIOSNAPSHOTDELETE ioctl commands.
Many of the power-management ioctls. These are nominally used by /usr/sbin/pmconfig, and include the following ioctls:
PM_SET_THRESHOLD
PM_SET_CUR_PWRPM_ADD_DEP
PM_REM_DEVICES
PM_SET_DEVICE_THRESHOLD
PM_SET_SYSTEM_THRESHOLD
PM_START_PM
PM_STOP_PM
PM_RESET_PM
PM_DIRECT_PM
PM_RESET_DEVICE_THRESHOLD
PM_SET_COMPONENT_THRESHOLDS
PM_IDLE_DOWN
PM_ADD_DEPENDENT
PM_ADD_DEPENDENT_PROPERTY
The PPMIOCSET ioctl for power management.
Workaround: These interfaces may need to be invoked with the PRIV_SUSER_COMPAT
privilege. This can be accomplished via profiles by using an exec_attr entry specifying this privilege.
This bug occurs in a very unusual situation. The administrator must have consciously configured a NFS remote host to be at one label, and the label range to be another.
Workaround: To prevent the creation of files at the default label for the server, mount the file system as "read-only". Existing files are unaffected, but the read-only mount option prevents the creation of files at a label outside the label range.
The new utilities sdtgwm, sdtwsm, and sdtwinlst and their corresponding actions in the Desktop_Apps folder generate errors, such as Warning: Query Module Not Running.
Workaround: None. These tools are inappropriate for users in the Trusted Solaris environment. They are not supported.
The bug is known to occur when SMC is running on a NIS+ client or master and has loaded its toolbox from a NIS+ replica. Next, the replica is shut down and SMC is used to update any NIS+ maps. Since the machine from which SMC loaded its toolbox is down, the SMC client has no way to communicate with the SMC server, which is the machine from which the toolbox has been loaded.
Workaround: Do not use SMC to update NIS+ databases when a NIS+ replica is down. Use the standard NIS+ command line interface instead.
Although Trusted Solaris 8 4/01 software does not support information labels (ILs), the chk_encodings(1M) command fails with the following error if the label_encodings file omits information about ILs.
# chk_encodings label_encodings Label encodings conversion error at line 37: Can't find INFORMATION LABELS specification. Found instead: "SENSITIVITY LABELS:". label_encodings: label encodings syntax check failed.
Workaround: Copy a valid SENSITIVITY LABELS: section in your label_encodings file, and rename it to INFORMATION LABELS:, as in:
INFORMATION LABELS: ... WORDS: ... REQUIRED COMBINATIONS: ... COMBINATION CONSTRAINTS: ...
The SMC commands smosservice and smdiskless do not work correctly.
Workaround: Set up diskless service manually. On the OS server, name and allocate the client disk partitions during the installation program.
A device's configuration is unchanged the first time that you click OK in the Device Allocation: Configuration dialog box.
Workaround: Repeat the configuration procedure without closing the Device Allocation Manager. When you have repeated the procedure, you can then configure other devices without clicking OK a second time.
Drag and drop operations do not work reliably for OpenLook applications.
Workaround: Use the copy and paste keys with OpenLook applications.
This bug is seen when you perform the following steps:
Insert Floppy disk.
floppy_0 is allocated by Device Allocation Manager.
From File Manager, click the File menu and select Removable Media Manager.
Select the floppy icon and click mouse button 3 to open the Labels menu item.
In Removable Media Manager - File Labels (the Trusted Solaris Label Builder), click the Help button at bottom right of the dialog box.
Workaround: Perform the following steps:
Click mouse button 3 on the Front Panel and select Help from the pop-up menu. The Workspace Manager - Help window appears.
In the Workspace Manager - Help window, scroll down in the top pane to Trusted Solaris Applications and select it.
In the bottom pane, click Create Labels.
The SMC Mounts tool and SMC Shares tool do not manipulate Trusted Solaris attributes.
Workaround: Use the Set Mount Points and Share Filesystems actions to handle Trusted Solaris attributes, or use the Admin Editor on the /etc/vfstab and the /etc/dfs/dfstab file.