SunSHIELD Basic Security Module Guide

Object Reuse

Device allocation satisfies part of the object-reuse requirement. The device-clean scripts make sure that data left on a device by one user is cleared before the device is allocatable by another user.

Device-Clean Script for Tapes

The three supported tape devices and the device-clean script for each are shown in Table 4-2.

Table 4-2 Device-Clean Script for the Three Supported Tape Devices

Tape Device Type 

Device-Clean Script 

SCSI 1/4-inch tape 


Archive 1/4-inch tape 


Open-reel 1/2-inch tape 


The script uses the rewoffl option to mt to affect the device cleanup. See the mt(1) man page. If the script runs during system boot, it queries the device to see if the device is online and has media in it. The 1/4-inch tape devices that have media remaining, are placed in the allocate error state to force the administrator to clean up the device manually.

During normal system operation, when allocate or deallocate is executed in the interactive mode, the user is prompted to remove the media from the device being deallocated. The script pauses until the media is removed from the device.

Device-Clean Scripts for Diskettes and CD-ROM Devices

The device-clean scripts for the diskettes and CD-ROM devices are shown in Table 4-3.

Table 4-3 Device-Clean Scripts for the Diskette and CD-ROM Device

Disk Device Type 

Device-Clean Script 





The scripts use the eject command to remove the media from the drive. See the eject(1) man page. If eject fails, the device is placed in the allocate error state.

Device-Clean Script for Audio

The audio device is cleaned up with an audio-clean script. The script performs an AUDIO_DRAIN ioctl system call to flush the device, then an AUDIO_SETINFO ioctl system call to reset the device configuration to default. In addition, the script retrieves the audio chip registers using the AUDIOGETREG ioctl system call. Any registers deviating from default are reset using the AUDIOSETREG ioctl system call.