See the man pages for the following commands and databases:
Table 12-4 Device-related Commands and Databases
Command or Database Name |
Description |
---|---|
Device allocation command line interface |
|
Add a device to device_allocate(4), device_maps(4), and create an ancillary file in /etc/security/dev |
|
Device deallocation command line interface |
|
Device cleaning programs |
|
Report on specified device's entry in the device_maps file. |
|
List devices specified in the device_maps file. |
|
Remove a device from device_allocate, device_maps and delete its ancillary file from /etc/security/dev. |
|
Database for managing allocatable and some nonallocatable devices. |
|
Database for device entries that are required for devices to be allocatable or to have their labels restricted. |
Each allocatable device has an ancillary file, which is a zero-length file in /etc/security/dev. The ancillary file is also referred to as a DAC file because the file must not only exist but its DAC permissions, owner, and group depend on its state.
The following table shows the DAC permissions, owner, and group for each of the possible states:
Table 12-5 Required Ancillary File Characteristics for Devices
Device State |
DAC permissions (mode) |
Owner |
Group |
Label |
---|---|---|---|---|
Allocatable |
0000 |
bin |
bin |
|
Allocated |
0600 |
user |
user's group |
user's process's label |
Error State |
0100 |
bin |
bin |
|