vfstab_adjunct(4)

NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | ATTRIBUTES | SEE ALSO

NAME

vfstab_adjunct- Attribute data file for mounting a file system

SYNOPSIS

/etc/security/tsol/vfstab_adjunct

DESCRIPTION

The vfstab_adjunct file can be used to assign any or all of the following mount-time security attributes to the named file system when appropriate: a sensitivity label, forced privilege(s), allowed privilege(s), a filesystem label range, or an MLD prefix. If the mount(1M) command is called with the -o or -S option to specify security attributes, the vfstab_adjunct file is not consulted.

When access control decisions are made, any security attributes on a file or directory always take precedence over security attributes specified either at the filesystem level or mount time.

The vfstab_adjunct file is protected at the label admin_high and is not edited directly. It should be edited in an admin_high workspace by an administrator using the Set Mount Attributes action in the System_Admin folder in the Application Manager. The action maintains the proper user, group, sensitivity label, and file permissions for the file and audits all changes. By default, the security administrator (secadmin) role has the Set Mount Attributes action in its rights profiles.

Mount-time security attributes can be specified for all file systems. When an appropriate attribute is not specified at mount time for a fixed attribute file system, a default value is applied. The default values are described later in this section.

File system types UFS, TMPFS, and NFS (from a Trusted Solaris server) have a full set of Trusted Solaris extended security attributes already defined. (See the getfsattr(1M) man page for how to get attributes on mounted file systems). Because the attributes can be changed on these file systems after they are mounted, they are called variable file systems. For example, the sensitivity label on a file in a variable file system can be changed by an authorized user. Security attributes on variable file systems can be overridden at mount-time, but objects in the file system that have assigned security attributes retain those attributes.

File systems that do not support the Trusted Solaris extended security attributes are called fixed because any attributes assigned to them (either at mount time or by default) cannot be changed. For example, the sensitivity label specified for a mounted fixed-attribute file system cannot be changed on any of the objects in that file system. An object that is moved or copied from the fixed file system to a variable file system can be changed after the move.

Mount-time security attributes override existing security attributes on a file system. However, mount-time attributes never override security attributes on the files and directories within the file system.

Each record in the vfstab_adjunct file represents a single file system. An entry consists of the file system's full pathname followed by a semicolon, followed by keyword=value assignments in semicolon-separated fields.

The pathname of the file system is the only portion of the entry that is required and therefore has no keyword associated with it. All keyword fields are optional and follow the format: keyword=value where keyword is one of the following:

slabel

Sets the sensitivity label for all objects in the file system. Specify the sensitivity label in string (text) or hexadecimal format.

forced

Specify one or more forced privileges for all executable files in the file system. Specify symbolic privilege name(s) in a comma-separated list (such as: forced=file_audit, file_chown;) or use all to indicate all privileges. Using none or omitting the keyword results in no forced privileges being applied. For example, the assignment of forced=; results in the default of none being applied. Any forced privileges must be a subset of the allowed privileges. See priv_desc(4) for names of privileges.

allowed

Specify one or more allowed privilege(s) for all executable files in the file system. Specify symbolic privilege names in a comma-separated list (such as: allowed=file_audit, file_chown;) or use all to indicate all privileges. Using none or omitting the keyword results in no allowed privileges being applied. See priv_desc(4) for names of privileges. Any allowed privilege(s) must be a superset of the forced privileges.

low_range

Specify the lower bound of the file system label range as a sensitivity label in string (text) or hexadecimal format.

hi_range

Specify the upper bound of the file system label range as a sensitivity label in string (text) or hexadecimal format.

mld_prefix

Set a prefix to be used in the adorned names of multilevel directories. (See multilevel directories in the DEFINITIONS in Intro(2) for more about the MLD prefix.) Specify the value in text format (such as: .MLD. or .hidden.). On unlabeled (fixed attribute) file systems, the prefix generally has no useful effect--with the exception that an mld_prefix should be supplied if a variable filesystem is being mounted on the unlabeled filesystem and the root of the variable filesystem is an MLD.

A comment line or entry is terminated by an unescaped newline character. Lines ending with a (\) (backslash) continue the current entry to the next line. Leading and trailing white space characters (blank, tab) surrounding a keyword or an attribute value are ignored. When a keyword value is quoted, spaces can be included within the value. Comments are indicated by a pound sign (#) at the beginning of a line and cause the rest of the line to be ignored.

When a keyword appears without an attribute value or when a keyword is missing, a default value is assigned to that attribute. The default values for fixed attribute file systems are:

slabel

The default sensitivity label of a fixed file system being mounted from a local device (such as a hard disk, floppy, or CD-ROM) is the sensitivity label of the device. For an allocated device, the file system is assigned the sensitivity label at which the device was allocated.

forced

None

allowed

None

low_range

ADMIN_LOW

hi_range

ADMIN_HIGH

mld_prefix

None

EXAMPLES

---

Example 1 PUBLIC Filesystem




The following example sets a sensitivity label of PUBLIC on a file system (/workspaces) being mounted from an unlabeled host running the Solaris operating environment. For this to work, PUBLIC must be a valid sensitivity label on the local host, the file system must either be automounted or an entry must exist for the file system in the vfstab(4) file. Also, entries for the unlabeled host in the tnrhdb/tnrhtp files must assign a template to the unlabeled host that specifies a matching default sensitivity label of PUBLIC.

/workspaces; \ 
slabel=PUBLIC;

---

---

Example 2 DOS Filesystem




The following example is for a DOS file system named /no_attributes, being mounted from a floppy disk. The file system contains an executable that needs the file_chown privilege in order to work. The entry sets the low_range for the file system to ADMIN_LOW and lowers the hi_range from the default of ADMIN_HIGH to ADMIN_LOW.

/no_attributes; \
slabel=admin_low; \
low_range=admin_low; \
hi_range=admin_low;

---

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWtsr

SEE ALSO

Trusted Solaris 8 4/01 Reference Manual

getfattrflag(1), getfsattr(1M), setfsattr(1M), getmldadorn(1), mount(1M), mount_hsfs(1M), mount_nfs(1M), mount_tmpfs(1M), mount_ufs(1M), newsecfs(1M), priv_desc(4)

Trusted Solaris Administrator's Procedures

SunOS 5.8 Reference Manual

attributes(5)

SunOS 5.8  Last Revised 21 Aug 2000

NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | ATTRIBUTES | SEE ALSO