NAME | Synopsis | Description | Examples | Attributes | Files | Bugs | See Also
/usr/dt/bin/dtappsession [hostname]
dtappsession is a specialized version of the Xsession shell script. It is an alternative to using the CDE remote login that allows you to access a remote host without logging out of your current CDE session. dtappsession starts a new instance of the CDE Application Manager in its own ToolTalkTM session. It can be used to remotely display the Application Manager back to your local display after logging in to a remote host with the rlogin(1) command.
A new, independent instance of ttsession(1) starts a simple session management window. This window displays the title
remote_hostname: Remote Administration
where remote_hostname is the system that is being accessed. The window also displays an Exit button. Clicking Exit terminates the ToolTalk session and all windows that are part of the session.
The Application Manager that is displayed can be used to start remote CDE actions to run in this session. Exiting the Application Manager does not terminate the session, and it is not recommended. Clicking Exit is the recommended way to end the session. To avoid confusing the remote CDE applications with local ones, it is recommended that a new CDE workspace be created for clients in the remote session.
The hostname is not needed when the DISPLAY environment variable is set to the local hostname on the remote host.
On a system that is configured with Trusted Extensions, dtappsession can be used for remote administration by administrative roles that have the ability to log in to the remote host.
dtappsession does not require any privilege, and it does not need to run on a system that is configured with Trusted Extensions. When installed in /usr/dt/bin on a Solaris system, along with the startApp.ds file, dtappsession can be used to administer the remote Solaris system from a local system that is configured with Trusted Extensions. However, in this case, the CDE workspace that is used for remote display must be a normal workspace, rather than a role workspace.
After creating a new CDE workspace, type the following in a terminal window:
# rlogin remote_hostname password: /*type the remote password*/ # dtappsession local_hostname /* on the remote host */ |
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE |
ATTRIBUTE VALUE |
---|---|
Availability |
SUNWdttsu |
X11/CDE applications that do not register with the ToolTalk session manager will not exit automatically when the session is terminated. Such applications must be explicitly terminated.
dtfile(1), rlogin(1), ttsession(1), attributes(5)
NAME | Synopsis | Description | Examples | Attributes | Files | Bugs | See Also
NAME | Synopsis | Description | Options | Return Values | Attributes | See Also
/usr/bin/getlabel [-sS] filename...
getlabel displays the label that is associated with each filename. When options are not specified, the output format of the label is displayed in default format.
Display the label that is associated with filename in short form.
Display the label that is associated with filename in long form.
getlabel exits with one of the following values:
Successful completion.
Unsuccessful completion due to usage error.
Unable to translate label.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE |
ATTRIBUTE VALUE |
---|---|
Availability |
SUNWtsu |
Stability (Command Line) |
Stable |
Stability (Output) |
Not an interface |
NAME | Synopsis | Description | Options | Return Values | Attributes | See Also
NAME | Synopsis | Description | Attributes | Diagnostics | See Also
/usr/bin/getzonepath {sensitivity-label}
getzonepath displays the root pathname of the running labeled zone that corresponds to the specified sensitivity label. The returned pathname is relative to the caller's root pathname, and has the specified sensitivity label.
If the caller is in the global zone, the returned pathname is not traversable unless the caller's processes have the file_dac_search privilege.
If the caller is in a labeled zone, the caller's label must dominate the specified label. Access to files under the returned pathname is restricted to read-only operations.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE |
ATTRIBUTE VALUE |
---|---|
Availability |
SUNWtsu |
Stability |
Stable |
getzonepath exits with one of the following values:
Success
Usage error
Failure; error message is the system error number from getzonerootbylabel(3TSOL)
getzonerootbylabel(3TSOL), attributes(5)
Acquiring a Sensitivity Label in Solaris Trusted Extensions Developer’s Guide
NAME | Synopsis | Description | Attributes | Diagnostics | See Also
NAME | Synopsis | Description | Options | Return Values | Attributes | See Also
/usr/bin/plabel [-sS] [pid...]
plabel, a proc tools command, gets the label of a process. If the pid is not specified, the label displayed is that of the plabel command. When options are not specified, the output format of the label is displayed in default format.
Display the label that is associated with pid in short form.
Display the label that is associated with pid in long form.
plabel exits with one of the following values:
Successful completion.
Unsuccessful completion because of a usage error.
Inability to translate label.
Inability to allocate memory.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE |
ATTRIBUTE VALUE |
---|---|
Availability |
SUNWtsu |
Stability |
Stable |
Stability (Output) |
Not an interface |
NAME | Synopsis | Description | Options | Return Values | Attributes | See Also
NAME | Synopsis | Description | Return Values | Attributes | Usage | Examples | Notes | See Also
/usr/bin/setlabel newlabel filename...
setlabel moves files into the zone whose label corresponds to newlabel. The old file pathname is adjusted so that it is relative to the root pathname of the new zone. If the old pathname for a file's parent directory does not exist as a directory in the new zone, the file is not moved. Once moved, the file might no longer be accessible in the current zone.
Unless newlabel and filename have been specified, no labels are set.
Labels are defined by the security administrator at your site. The system always displays labels in uppercase. Users can enter labels in any combination of uppercase and lowercase. Incremental changes to labels are supported.
Refer to setflabel(3TSOL) for a complete description of the conditions that are required to satisfy this command, and the privileges that are needed to execute this command.
setlabel exits with one of the following values:
Successful completion.
Usage error.
Error in getting, setting or translating the label.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE |
ATTRIBUTE VALUE |
---|---|
Availability |
SUNWtsu |
Stability |
Stable |
On the command line, enclose the label in double quotes unless the label is only one word. Without quotes, a second word or letter separated by a space is interpreted as a second argument.
% setlabel SECRET somefile % setlabel "TOP SECRET" somefile |
Use any combination of upper and lowercase letters. You can separate items in a label with blanks, tabs, commas or slashes (/). Do not use any other punctuation.
% setlabel "ts a b" somefile % setlabel "ts,a,b" somefile % setlabel "ts/a b" somefile % setlabel " TOP SECRET A B " somefile |
To set somefile's label to SECRET A:
example% setlabel "Secret a" somefile |
Plus and minus signs can be used to modify an existing label. A plus sign turns on the specified compartment for somefile's label.
example% setlabel +b somefile |
A minus sign turns off the compartments that are associated with a classification. To turn off compartment A in somefile's label:
example% setlabel -A somefile |
If an incremental change is being made to an existing label and the first character of the label is a hyphen (-), a preceding double-hyphen (–-) is required.
To turn off compartment -A in somefile's label:
example% setlabel -- -A somefile |
This implementation of setting a label is meaningful for the Defense Intelligence Agency (DIA) Mandatory Access Control (MAC) policy. For more information, see label_encodings(4).
NAME | Synopsis | Description | Return Values | Attributes | Usage | Examples | Notes | See Also