test

SunSHIELD Basic Security Module Guide

The device_maps File

You can look at the /etc/security/device_maps file to determine the device names, device types, and device-special files that are associated with each allocatable device. See the device_maps(4) man page. Device maps are created by the system administrator when setting up device allocation. A rudimentary file is created by bsmconv when the BSM is enabled. This initial map file should be used only as a starting point. The system administrator is expected to augment and customize device_maps for the individual site.

This file defines the device-special file mappings for each device, which in many cases is not intuitive. This file allows various programs to discover which device-special files map to which devices. You can use the dminfo command, for example, to get the device name, the device type, and the device-special files to specify when setting up an allocatable device; dminfo uses the device_maps file.

Each device is represented by a one-line entry of the form:

device-name:device-type:device-list

Lines in the file can end with a \ to continue an entry on the next line. Comments may also be included. A # makes a comment of all further text until the next newline not immediately preceded by a \. Leading and trailing blanks are allowed in any of the fields.

device-name

The name of the device, for example st0, fd0, or audio. The device name specified here must correspond to the name of the lockfile used in the /etc/security/dev directory.

device-type

The generic device type (the name for the class of devices, such as st, fd, audio). The device-type logically groups related devices.

device-list

A list of the device-special files associated with the physical device. The device-list must contain all of the special files that allow access to a particular device. If the list is incomplete, a malevolent user can still obtain or modify private information. Also, as in the example below, either the real device files located under /devices or the symbolic links in /dev, provided for binary compatibility, are valid entries for the device-list field.

For an example of entries for SCSI tape st0 and diskette fd0 in a device_maps file, see the following screen. 


fd0:\
	fd:\
	/dev/fd0 /dev/fd0a /dev/fd0b /dev/rfd0 /dev/rfd0a /dev/rfd0b:\
					.
					.
					.
st0:\
	st:\
	/dev/rst0 /dev/rst8 /dev/rst16 /dev/nrst0 /dev/nrst8 /dev/nrst16:\