Your encodings file must be compatible with any Trusted Extensions host with which you are communicating.
Trusted Extensions installs a default label_encodings file. This default file is useful for demonstrations. However, this file might not be a good choice for your use. If you plan to use the default file, you can skip this procedure.
If you are familiar with encodings files, you can use the following procedure.
If you are not familiar with encodings files, consult Oracle Solaris Trusted Extensions Label Administration for requirements, procedures, and examples.
You must successfully install labels before continuing, or the configuration will fail.
You are the security administrator. The security administrator is responsible for editing, checking, and maintaining the label_encodings file. If you plan to edit the label_encodings file, make sure that the file itself is writable. For more information, see the label_encodings(4) man page.
Insert the media with the label_encodings file into the appropriate device.
Copy the label_encodings file to the disk.
Check the syntax of the file and make it the active label_encodings file.
In Trusted JDS, check and install the file from the command line.
Open a terminal window.
Run the chk_encodings command.
# /usr/sbin/chk_encodings /full-pathname-of-label-encodings-file |
Read the output and do one of the following:
Resolve errors.
If the command reports errors, the errors must be resolved before continuing. For assistance, see Chapter 3, Making a Label Encodings File (Tasks), in Oracle Solaris Trusted Extensions Label Administration
Make the file the active label_encodings file.
# cp /full-pathname-of-label-encodings-file \ /etc/security/tsol/label.encodings.site # cd /etc/security/tsol # cp label_encodings label_encodings.tx.orig # cp label.encodings.site label_encodings |
Your label_encodings file must pass the chk_encodings test before you continue.
In Trusted CDE, use the Check Encodings action.
Open the Trusted_Extensions folder.
Click mouse button 3 on the background.
From the Workspace menu, choose Applications -> Application Manager.
Double-click the Trusted_Extensions folder icon.
Double-click the Check Encodings action.
In the dialog box, type the full path name to the file:
/full-pathname-of-label-encodings-file |
The chk_encodings command is invoked to check the syntax of the file. The results are displayed in the Check Encodings dialog box.
Read the contents of the Check Encodings dialog box and do one of the following:
Resolve errors.
If the Check Encodings action reports errors, the errors must be resolved before continuing. For assistance, see Chapter 3, Making a Label Encodings File (Tasks), in Oracle Solaris Trusted Extensions Label Administration.
Click Yes to make the file the active label_encodings file.
The Check Encodings action creates a backup copy of the original file, then installs the checked version in /etc/security/tsol/label_encodings. The action then restarts the label daemon.
Your label_encodings file must pass the Check Encodings test before you continue.
Check the syntax of the file and make it the active label_encodings file.
Use the command line.
Open a terminal window.
Run the chk_encodings command.
# /usr/sbin/chk_encodings /full-pathname-of-label-encodings-file |
Read the output and do one of the following:
Resolve errors.
If the command reports errors, the errors must be resolved before continuing. For assistance, see Chapter 3, Making a Label Encodings File (Tasks), in Oracle Solaris Trusted Extensions Label Administration
Make the file the active label_encodings file.
# cp /full-pathname-of-label-encodings-file \ /etc/security/tsol/label.encodings.site # cd /etc/security/tsol # cp label_encodings label_encodings.tx.orig # cp label.encodings.site label_encodings |
Your label_encodings file must pass the Check Encodings test before you continue.
In this example, the administrator tests several label_encodings files by using the command line.
# /usr/sbin/chk_encodings /var/encodings/label_encodings1 No errors found in /var/encodings/label_encodings1 # /usr/sbin/chk_encodings /var/encodings/label_encodings2 No errors found in /var/encodings/label_encodings2 |
When management decides to use the label_encodings2 file, the administrator runs a semantic analysis of the file.
# /usr/sbin/chk_encodings -a /var/encodings/label_encodings2 No errors found in /var/encodings/label_encodings2 ---> VERSION = MYCOMPANY LABEL ENCODINGS 2.0 10/10/2006 ---> CLASSIFICATIONS <--- Classification 1: PUBLIC Initial Compartment bits: 10 Initial Markings bits: NONE ---> COMPARTMENTS AND MARKINGS USAGE ANALYSIS <--- ... ---> SENSITIVITY LABEL to COLOR MAPPING <--- ... |
The administrator prints a copy of the semantic analysis for her records, then moves the file to the /etc/security/tsol directory.
# cp /var/encodings/label_encodings2 /etc/security/tsol/label.encodings.10.10.06 # cd /etc/security/tsol # cp label_encodings label_encodings.tx.orig # cp label.encodings.10.10.06 label_encodings |
Finally, the administrator verifies that the label_encodings file is the company file.
# /usr/sbin/chk_encodings -a /etc/security/tsol/label_encodings | head -4 No errors found in /etc/security/tsol/label_encodings ---> VERSION = MYCOMPANY LABEL ENCODINGS 2.0 10/10/2006 |