Trusted Device Management

The Solaris OS provides three methods of managing devices: the Volume Manager (vold), logindevperm and device allocation. As in the Trusted Solaris 8 releases, Trusted Extensions supports only device allocation. The Device Allocation Manager GUI is used to create an allocatable device. All devices that are allocated to a zone get deallocated when that zone shuts down, halts, or reboots. Device allocation can be done remotely or in shell scripts only from the global zone.

The allocate, deallocate, and list_devices commands do not work in labeled zones for roles or ordinary users. Users and roles must use the Device Allocation Manager GUI to allocate, deallocate and list devices. Trusted Extensions adds the solaris.device.config authorization to configure devices.

Trusted Printing

To manage printers, use the Printer Administrator action in the System_Admin folder in the global zone. To limit the label range of a printer, use the Device Allocation Manager in the global zone.

Trusted Extensions Software and Removable Media

Use the Solaris Management Console Devices and Hardware tool to manage serial lines and serial ports in the global zone. To limit the label range of removable media, use the Device Allocation Manager in the global zone.