Label Encodings File Defaults

The label_encodings file defines the Minimum Label, Clearance, and Default Label View that are applied to a user account if the attributes are not explicitly set for the account. The values shown in the following table are those in the Trusted Solaris version of the label_encodings file. Typically, a site replaces the Trusted Solaris version during system configuration with a site version.

Table 3-1 Security Defaults for Users in the label_encodings File

Trusted Solaris Attribute	Keyword in LOCAL DEFINITIONS Section	Default
Minimum Label	Default User Sensitivity Label= u;	In ACCREDITATION RANGE Section: minimum sensitivity label=u;
Clearance	Default User Clearance= c;	In ACCREDITATION RANGE Section: minimum clearance= c nationality: cntry1/cntry2;
Default Label View	Default Label View is External;	External

At some sites the names of administrative labels are considered to be classified information. The value EXTERNAL hides that classified information.

The user account's clearance and minimum label must be dominated by the highest label and must dominate the minimum clearance that are defined in the user ACCREDITATION RANGE section in the label_encodings(4) file. See Trusted Solaris Label Administration for more about labels.

The following algorithm determines which value the system uses:

1. If the administrator explicitly set a value in the Solaris Management Console when creating the user, use that value.

2. Otherwise, use the values for the "Default User ..." and "Default Label View" keywords in the label_encodings file.

3. If there is no specific value for the "Default User ..." and "Default Label View" keywords, use the Accreditation Range values.