You do not have to create a zone for every label in your label_encodings file, but you can. The administrative GUIs enumerate the labels that can have zones created for them on this system. In this procedure, you create two labeled zones. If you are using the Trusted Extensions label_encodings file, you create the default Trusted Extensions configuration.
Before You Begin
You have completed Log In to Trusted Extensions. You have assumed the root role.
You have not created a zone yet.
# txzonemgr &
The script opens the Labeled Zone Manager dialog box. This zenity dialog box prompts you for the appropriate tasks, depending on the current state of your configuration.
To perform a task, you select the menu item, then press the Return key or click OK. When you are prompted for text, type the text then press the Return key or click OK.
The first labeled zone is based on the value of Default User Sensitivity Label in the label_encodings file.
The second labeled zone is based on the value of Default User Clearance in the label_encodings file
If the public zone uses an exclusive IP stack, or if it has an IP address which is defined in DNS, use the hostname as defined in DNS. Otherwise, use the name of the system.
The root password was set at system installation. The input to this prompt will fail.
Then, verify that all services are configured by running the svcs -x command. If no messages display, all services are configured.
Type exit at the prompt, and choose Close window from the Zone Console.
In another window, the installation of the second zone completes. This zone is built from a snapshot, so it builds quickly.
# svcs -x #
If no messages display, all services are configured. The Labeled Zone Manager is visible.
Select Reboot, then click the Cancel button to return to the main screen. All zones are running. The unlabeled snapshot is not running.
Follow the prompts. The GUI steps you through zone creation.
After the zone is created and booted, you can return to the global zone to create more zones. These zones are created from a snapshot.
In this example, the administrator creates a restricted zone from the default label_encodings file.
First, the administrator opens the txzonemgr script in interactive mode.
# txzonemgr &
Then, the administrator navigates to the global zone and creates a zone with the name restricted.
Create a new zone:restricted
Then, the administrator applies the correct label.
Select label:CNF : RESTRICTED
From the list, the administrator selects the Clone option and then selects snapshot as the template for the new zone.
After the restricted zone is available, the administrator clicks Boot to boot the second zone.
To enable access to the restricted zone, the administrator changes the Default User Clearance value in the label_encodings file to CNF RESTRICTED.