|Skip Navigation Links|
|Exit Print View|
|Trusted Extensions Configuration and Administration Oracle Solaris 11.1 Information Library|
In the Oracle Solaris OS, Trusted Extensions is a service that is managed by the Service Management Facility (SMF). The name of the service is svc:/system/labeld:default. By default, the labeld service is disabled.
Note - Your Trusted Extensions system does not require a network to run a desktop with a directly connected bitmapped display, such as a laptop or workstation. Network configuration is required to communicate with other systems.
The labeld service attaches labels to communications endpoints. For example, the following are labeled:
All zones and the directories and files within each zone
All processes including window processes
All network communications
Before You Begin
You have completed the tasks in Preparing an Oracle Solaris System and Adding Trusted Extensions and Resolving Security Issues Before Enabling Trusted Extensions.
You must be in the root role in the global zone.
Caution - If you fail to move the panel, you might be unable to reach the desktop's main menu or panels when you log in to Trusted Extensions.
# cd /etc/gconf/2
# cp local-trusted-extensions-desktop-defaults.path.inactive \ local-trusted-extensions-desktop-defaults.path # cp local-trusted-extensions-desktop-mandatory.path.inactive \ local-trusted-extensions-desktop-mandatory.path
# svcadm enable -s labeld
The labeld service adds labels to the system and starts the device allocation services.
Caution - Do not perform other tasks on the system until the cursor returns to the prompt.
# svcs -x labeld svc:/system/labeld:default (Trusted Extensions) State: online since weekday month date hour:minute:second year See: labeld(1M) Impact: None.
Caution - If you are enabling and configuring Trusted Extensions remotely, carefully review Chapter 12, Remote Administration in Trusted Extensions (Tasks). Do not reboot until you have configured the system to allow remote administration. If you do not configure the Trusted Extensions system for remote administration, you will be unable to reach it from a remote system.
Continue with Log In to Trusted Extensions.
Logging in places you in the global zone, which is an environment that recognizes and enforces mandatory access control (MAC).
At most sites, two or more administrators serve as an initial setup team and are present when configuring the system.
Before You Begin
You have completed Enable Trusted Extensions and Reboot.
In the login dialog box, type username, then type the password.
Users must not disclose their passwords to another person, as that person might then have access to the data of the user and will not be uniquely identified or accountable. Note that disclosure can be direct, through the user deliberately disclosing her or his password to another person, or indirect, such as through writing it down or choosing an insecure password. Trusted Extensions provides protection against insecure passwords, but cannot prevent a user from disclosing her or his password or writing it down.
You will create the zone after you assume the root role.
The root role appears in a pulldown menu.
If prompted, create a new password for the role.
Note - You must log out or lock the screen before leaving a system unattended. Otherwise, a person can access the system without having to pass identification and authentication, and that person would not be uniquely identified or accountable.
Continue with one of the following:
To configure a default system, go to Creating Labeled Zones
To customize your system before you create labeled zones, go to Setting Up the Global Zone in Trusted Extensions.
If your system does not have a graphical display, go to Chapter 12, Remote Administration in Trusted Extensions (Tasks).