allocate(1M)
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | DIAGNOSTICS | FILES | ATTRIBUTES | SUMMARY OF TRUSTED SOLARIS CHANGES | SEE ALSO | NOTES
NAME
- allocate- Device allocation
SYNOPSIS
-
allocate [-s] [-r] [-w] [-F] [-U uname] dev-name
allocate [-s] [-r] [-w] [-U uname] -g dev-type
DESCRIPTION
Device allocation ensures that each allocatable device is accessible to only one user and one sensitivity label at a time. The allocate command sets an allocatable device's label and gives the user temporary ownership of the device. The device remains allocated to the user until freed by the deallocate(1M) command.
The dev-name parameter is the device to be allocated. It may be the allocation name of the device as given in the device_allocate(4) file (for example, mag_tape_0), or it may be the path of a device special file associated with the device (for example, /dev/rmt/0).
OPTIONS
- -g dev-type
-
Allocate any unallocated device with a type matching dev-type. Device types are specified in the device_allocate(4) file.
- -s
-
Silent. Suppresses any diagnostic output.
- -r
-
Reinitialize the device if it is already allocated by the same user at the same label. Allocate resets the permission and labels on the device special files and runs the device cleaning program.
- -w
-
Run the device cleaning program in a windowing environment. If a windowing version of the program exists, it is used. Otherwise, the standard version is run in a terminal window.
- -F
-
Forcibly allocate the device, even if it is currently allocated to another user. If the device is deallocated from another user, the device clean script is run as part of the deallocation, and again as part of the allocation. This option requires the
solaris.devices.revokeauthorization and can only be used from the trusted path. - -U uname
-
Allocate the device to user uname instead of the user executing the allocate command. This option requires the
solaris.devices.revokeauthorization and can only be used from the trusted path.
DIAGNOSTICS
allocate returns an nonzero exit status in the event of an error.
FILES
- /etc/security/device_allocate
-
Administrative file defining parameters for device allocation.
- /etc/security/device_deallocate
-
Administrative file defining parameters for device deallocation.
- /etc/security/device_maps
-
Administrative file defining the mapping of device special files to allocatable device names.
- /etc/security/dev/*
-
Device DAC files, whose attributes define the allocation state of devices. If the device is not currently allocated, its DAC file is owned by root with permissions 000, and its sensitivity label is
ADMIN_LOW. If the device is allocated, its DAC file is owned by the allocating user with permissions 600, and its label is the label of the allocation. If the device is in the error allocation state (due to an error during device allocation or deallocation), it is owned by bin with permissions 200, and its label isADMIN_LOW. - /etc/security/lib/*
-
Device cleaning scripts. Consult the comments in these scripts for an explanation of their use and implementation.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|---|---|
| Availability | SUNWcsu |
SUMMARY OF TRUSTED SOLARIS CHANGES
The -r and -w options may be specified. The -F and -U options require the solaris.devices.revoke authorization and must be used from the trusted path.
SEE ALSO
NOTES
The Device Allocation Manager provides an easy-to-use graphical interface for the allocate and deallocate commands.
Allocatable devices are those devices listed in the device_allocate(4) file. The device_allocate file specifies the authorizations required for allocation of each device, and the sensitivity labels at which the device can be allocated. It also specifies a device cleaning program that is run when the device is allocated or deallocated. The cleaning program ensures that the device is properly initiated and that no data can be passed through the device from one use to the next. The device cleaning program may interact with the user to give instructions for device initialization and cleanup.
The allocate command sets the ownership and label of an allocatable device by giving the user ownership of all the device special files associated with the device (as specified in the device_maps(4) file), and setting the labels on those files. For example, when the mag_tape_0 device is allocated, the device special files such as /dev/mt, /dev/rmt/0, and /dev/rmt/0h would all be owned by the allocating user. These files are given permissions of 600 so that, be default, only the allocating user can access them. They are given the sensitivity label of the allocating process, so that they are only accessible at that label.
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | DIAGNOSTICS | FILES | ATTRIBUTES | SUMMARY OF TRUSTED SOLARIS CHANGES | SEE ALSO | NOTES
- © 2010, Oracle Corporation and/or its affiliates