Trusted Extensions adds information to the following Oracle Solaris man pages.
Trusted Extensions Modification and Links to Additional Information
Adds options to support allocating a device in a zone and cleaning the device in a windowed environment. In Trusted Extensions, regular users do not use this command.
Adds label authorizations
Adds the capability to mount, and therefore view, lower-level home directories. Modifies the names and contents of auto_home maps to account for zone names and zone visibility from higher labels.
For more information, see Changes to the Automounter in Trusted Extensions.
Adds options to support deallocating a device in a zone device and specifying the type of device to deallocate.
Is invoked by default in Trusted Extensions
Recognizes the NET_MAC_AWARE and NET_MAC_AWARE_INHERIT process flags
Gets the mandatory access control status, SO_MAC_EXEMPT, of the socket
Gets the mandatory access control status, SO_MAC_EXEMPT, of the socket
Adds a debug flag, 0x0400, for labeled IKE processes.
Adds the label_aware global parameter and three Phase 1 transform keywords, single_label, multi_label, and wire_label
Supports the negotiation of labeled security associations through multilevel UDP ports 500 and 4500 in the global zone.
Also, see the ike.config(5) man page.
Adds the all-zones interface as a permanent property value.
For an example, see How to Verify That a System's Interfaces Are Up.
Adds the label, outer-label, and implicit-label extensions. These extensions associate Trusted Extensions labels with the traffic that is carried inside a security association.
Determines whether the system is configured with Trusted Extensions
Adds Trusted Extensions network databases in LDAP
Adds attributes, such as labels, that are associated with a device. Adds the –a option to display device attributes, such as authorizations and labels. Adds the –d option to display the default attributes of an allocated device type. Adds the –z option to display available devices that can be allocated to a labeled zone.
Adds the –R option to display extended security attributes for sockets and routing table entries..
For an example, see How to Troubleshoot Mount Failures in Trusted Extensions.
Adds labels to IPsec security associations (SAs)
Adds Trusted Extensions privileges, such as PRIV_NET_MAC_AWARE
Adds the –secattr option to add extended security attributes to a route. Adds the –secattr option to display the security attributes of the route: cipso, doi, max_sl, and min_sl.
For an example, see How to Troubleshoot Mount Failures in Trusted Extensions.
Sets the NET_MAC_AWARE per-process flag
Sets the SO_MAC_EXEMPT option
Sets the mandatory access control, SO_MAC_EXEMPT, on the socket
Supports the SO_MAC_EXEMPT option for unlabeled peers
Adds attribute types that are used in labeled tar files