How to Create Labeled Zones Interactively

Language:

You do not have to create a zone for every label in your label_encodings file, but you can. The administrative GUIs enumerate the labels that can have zones created for them on this system. In this procedure, you create two labeled zones. If you are using the Trusted Extensions label_encodings file, you create the default Trusted Extensions configuration.

Before You Begin

You have completed Log In to Trusted Extensions. You have assumed the root role.

You have not created a zone yet.

Run the txzonemgr command without any options.
Note - To use the txzonemgr script interactively, you must either be running in a desktop session in the global zone or in a remote desktop session after using the –X option of ssh.
```
# txzonemgr &
```
The script opens the Labeled Zone Manager dialog box. This zenity dialog box prompts you for the appropriate tasks, depending on the current state of your configuration.
To perform a task, you select the menu item, then press the Return key or click OK. When you are prompted for text, type the text then press the Return key or click OK.

Tip - To view the current state of zone completion, click Return to Main Menu in the Labeled Zone Manager. Or, you can click the Cancel button.
Install the zones by choosing one of the following methods:
- To create two labeled zones, select public and internal zones from the dialog box.
  - The first labeled zone is based on the value of Default User Sensitivity Label in the label_encodings file.
  - The second labeled zone is based on the value of Default User Clearance in the label_encodings file
  1. Answer the prompt to identify the system.
    If the public zone uses an exclusive IP stack, or if it has an IP address which is defined in DNS, use the hostname as defined in DNS. Otherwise, use the name of the system.
  2. Do not answer the prompt for a root password.
    The root password was set at system installation. The input to this prompt will fail.
  3. At the zone login prompt, type your user login and password.
    Then, verify that all services are configured by running the svcs -x command. If no messages display, all services are configured.
  4. Log out of the zone and close the window.
    Type exit at the prompt, and choose Close window from the Zone Console.
    In another window, the installation of the second zone completes. This zone is built from a snapshot, so it builds quickly.
  5. Log in to the second zone console and verify that all services are running.
```
# svcs -x
#
```
    If no messages display, all services are configured. The Labeled Zone Manager is visible.
  6. Double-click the internal zone in the Labeled Zone Manager.
    Select Reboot, then click the Cancel button to return to the main screen. All zones are running. The unlabeled snapshot is not running.
- To manually create zones, select Main Menu, and then, Create a Zone.
  Follow the prompts. The GUI steps you through zone creation.
  After the zone is created and booted, you can return to the global zone to create more zones. These zones are created from a snapshot.

Example 5 Creating Another Labeled Zone

In this example, the administrator creates a restricted zone from the default label_encodings file.

First, the administrator opens the txzonemgr dialog box in interactive mode.

# txzonemgr &

Then, the administrator navigates to the global zone and creates a zone with the name restricted.

Create a new zone:restricted

Then, the administrator applies the correct label.

Select label:CNF : RESTRICTED

From the list, the administrator selects the Clone option and then selects snapshot as the template for the new zone.

After the restricted zone is available, the administrator clicks Boot to boot the second zone.

To enable access to the restricted zone, the administrator changes the Default User Clearance value in the label_encodings file to CNF RESTRICTED.