The Trusted Solaris environment provides two special administrative labels that are used as labels or clearances: ADMIN_HIGH
and ADMIN_LOW
. (You can rename these two labels in the label_encodings(4) file if you choose.) These labels are used to protect system resources and are intended for administrators rather than normal
users.
ADMIN_HIGH
is the highest label. ADMIN_HIGH
dominates all other labels in the system and is used to protect system data, such as administration databases or audit trails, from being read. You need to work at the ADMIN_HIGH
label (typically in a role) or have the privilege to read up from your current
label to read data labeled ADMIN_HIGH
.
ADMIN_LOW
is the lowest label. ADMIN_LOW
is dominated by all other labels in a system. Mandatory access control does not permit users to write data to files with labels lower than the subject's label. Thus, applying ADMIN_LOW
,
the lowest label, to a file ensures that normal users cannot write to it although they can read it. ADMIN_LOW
is typically used to protect public executables and configuration files to prevent them from being modified, since only a user working at ADMIN_LOW
or with the privilege to write down would be
able to write to these files. Typically, only an administrator would work at ADMIN_LOW
.