Any software that can be added to an Oracle Solaris system can be added to a system that is configured with Trusted Extensions. Additionally, programs that use Trusted Extensions APIs can be added. Adding software to a Trusted Extensions system is similar to adding software to an Oracle Solaris system that is running non-global zones.
In Trusted Extensions, programs are typically installed in the global zone for use by regular users in labeled zones. However, you can install packages in a labeled zone by running the pkg command in the zone. If you do so, you must ensure that the zone can handle administrative accounts and password prompts. For a discussion, see Applications That Are Restricted to a Labeled Zone. For details about packages and zones, see Chapter 8, About Automatic Installation and Packages on an Oracle Solaris 11.2 System With Zones Installed, in Creating and Using Oracle Solaris Zones .
At a Trusted Extensions site, the system administrator and the security administrator work together to install software. The security administrator evaluates software additions for adherence to security policy. When the software requires privileges or authorizations to succeed, the Security Administrator role assigns an appropriate rights profile to the users of that software.
To import software from removable media requires authorization. An account with the Allocate Device authorization can import or export data from removable media. Data can include executable code. A regular user can only import data at a label within that user's clearance.
The System Administrator role is responsible for adding the programs that the security administrator approves.