JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Trusted Extensions Label Administration     Oracle Solaris 11 Express 11/10
search filter icon
search icon

Document Information


1.  Labels in Trusted Extensions Software (Overview)

Labels and Security Policy

Types of Labels, Their Components and Uses

Label Ranges Restrict Access

Labels Are Used in Access Control Decisions

Label Components

Label Dominance

Accreditation Ranges, Label Ranges, and Valid Labels

System Accreditation Range

User Accreditation Range

Account Label Range

Account Label Range Examples

Session Range

Label Availability in Trusted Extensions Sessions

Labeled Workspaces

Label Administration

Label Visibility

Labels on Printed Output

Authorizations for Relabeling Information

Privileges for Translating Labels

2.  Planning Labels in Trusted Extensions(Tasks)

3.  Creating a Label Encodings File (Tasks)

4.  Labeling Printer Output (Tasks)

5.  Customizing the LOCAL DEFINITIONS Section (Tasks)

6.  Planning an Organization's Encodings File (Example)

A.  Encodings File for SecCompany (Example)


Label Administration

Several aspects about how labels appear to users can be configured. Label visibility, label color, and labels on printed output can be configured. Some actions on labels require authorization or privilege. For example, upgrading or downgrading an object's label requires an authorization. Manipulating a label between its internal and its textual representation can require a privilege.

Label Visibility

Labels can appear in title bars of applications on the desktop. On a single-label system, you might not want labels to be visible. Label visibility is configurable in the policy.conf file for a system and in the user_attr database for individual users. For information about the configuration procedures, see Managing a Label Encodings File (Task Map).

Typically, the content of files at a lower label can be read by a user at a higher label. For example, system files and commonly available executables are assigned an ADMIN_LOW label. According to the read down-read equal rule, users who work at any label can read ADMIN_LOW files. As in the Solaris OS, DAC permissions can prevent read access. Zones also protect files from being read. If a lower-level zone is not mounted, a user in a higher-level zone cannot access the files for reading.

Files that contain data that must not be viewed by regular users, such as system log files and the label_encodings files, are maintained at ADMIN_HIGH. To allow administrators access to protected system files, the ADMIN_LOW and ADMIN_HIGH administrative labels are assigned as the minimum label and clearance for roles.

Labels on Printed Output

The labels that are printed on banner, trailer and body pages of print jobs can be customized. Also, accompanying text that appears on the banner and trailer pages can be customized. For more information, see Chapter 4, Labeling Printer Output (Tasks).

Authorizations for Relabeling Information

The authorization to upgrade information to a label that dominates the label of the current information is called the Upgrade File Label authorization. The authorization that is used to downgrade information to a label that is lower than the label of the current information is called the Downgrade File Label authorization. For definitions of these authorizations, see the /etc/security/auth_attr file.

Privileges for Translating Labels

Label translation occurs whenever programs manipulate labels. Labels are translated to and from the textual strings to the internal representation. For example, when a program such as getlabel obtains the label of a file, before the label can be displayed to the user, the internal representation of the label is translated into readable output, that is, into a textual string. When the setlabel program sets a label specified on the command line, the textual string (that is, the label's name) is translated into the label's internal representation. Trusted Extensions permits label translations only if the calling process's label dominates the label that is to be translated. If a process attempts to translate a label that the process's label does not dominate, the translation is disallowed. The sys_trans_label privilege is required to override this restriction.