JavaScript is required to for searching.
跳过导航链接
退出打印视图
手册页第 5 部分:标准、环境和宏     Oracle Solaris 11.1 Information Library (简体中文)
为本文档评分
search filter icon
search icon

文档信息

前言

简介

Standards, Environments, and Macros

acl(5)

ad(5)

advance(5)

adv_cap_1000fdx(5)

adv_cap_1000hdx(5)

adv_cap_100fdx(5)

adv_cap_100hdx(5)

adv_cap_10fdx(5)

adv_cap_10hdx(5)

adv_cap_asym_pause(5)

adv_cap_autoneg(5)

adv_cap_pause(5)

adv_rem_fault(5)

ANSI(5)

architecture(5)

ars(5)

ascii(5)

attributes(5)

audit_binfile(5)

audit_flags(5)

audit_remote(5)

audit_syslog(5)

availability(5)

brands(5)

C++(5)

C(5)

cancellation(5)

cap_1000fdx(5)

cap_1000hdx(5)

cap_100fdx(5)

cap_100hdx(5)

cap_10fdx(5)

cap_10hdx(5)

cap_asym_pause(5)

cap_autoneg(5)

cap_pause(5)

cap_rem_fault(5)

charmap(5)

compile(5)

condition(5)

crypt_bsdbf(5)

crypt_bsdmd5(5)

crypt_sha256(5)

crypt_sha512(5)

crypt_sunmd5(5)

crypt_unix(5)

CSI(5)

datasets(5)

device_clean(5)

dhcp(5)

dhcp_modules(5)

environ(5)

eqnchar(5)

extendedFILE(5)

extensions(5)

fedfs(5)

filesystem(5)

fmri(5)

fnmatch(5)

formats(5)

fsattr(5)

grub(5)

gss_auth_rules(5)

hal(5)

iconv_1250(5)

iconv_1251(5)

iconv(5)

iconv_646(5)

iconv_852(5)

iconv_8859-1(5)

iconv_8859-2(5)

iconv_8859-5(5)

iconv_dhn(5)

iconv_koi8-r(5)

iconv_mac_cyr(5)

iconv_maz(5)

iconv_pc_cyr(5)

iconv_unicode(5)

ieee802.11(5)

ieee802.3(5)

ipfilter(5)

ipkg(5)

isalist(5)

ISO(5)

kerberos(5)

krb5_auth_rules(5)

krb5envvar(5)

KSSL(5)

kssl(5)

labels(5)

largefile(5)

ldap(5)

lf64(5)

lfcompile(5)

lfcompile64(5)

link_duplex(5)

link_rx_pause(5)

link_tx_pause(5)

link_up(5)

locale(5)

locale_alias(5)

lp_cap_1000fdx(5)

lp_cap_1000hdx(5)

lp_cap_100fdx(5)

lp_cap_100hdx(5)

lp_cap_10fdx(5)

lp_cap_10hdx(5)

lp_cap_asym_pause(5)

lp_cap_autoneg(5)

lp_cap_pause(5)

lp_rem_fault(5)

man(5)

mansun(5)

me(5)

mech_spnego(5)

mm(5)

ms(5)

MT-Level(5)

mutex(5)

MWAC(5)

mwac(5)

nfssec(5)

NIS+(5)

NIS(5)

nis(5)

nwam(5)

openssl(5)

pam_allow(5)

pam_authtok_check(5)

pam_authtok_get(5)

pam_authtok_store(5)

pam_deny(5)

pam_dhkeys(5)

pam_dial_auth(5)

pam_krb5(5)

pam_krb5_migrate(5)

pam_ldap(5)

pam_list(5)

pam_passwd_auth(5)

pam_pkcs11(5)

pam_rhosts_auth(5)

pam_roles(5)

pam_sample(5)

pam_smbfs_login(5)

pam_smb_passwd(5)

pam_tsol_account(5)

pam_tty_tickets(5)

pam_unix_account(5)

pam_unix_auth(5)

pam_unix_cred(5)

pam_unix_session(5)

pam_user_policy(5)

pam_zfs_key(5)

pkcs11_kernel(5)

pkcs11_kms(5)

pkcs11_softtoken(5)

pkcs11_tpm(5)

pkg(5)

POSIX.1(5)

POSIX.2(5)

POSIX(5)

privileges(5)

prof(5)

pthreads(5)

RBAC(5)

rbac(5)

regex(5)

regexp(5)

resource_controls(5)

sgml(5)

smf(5)

smf_bootstrap(5)

smf_method(5)

smf_restarter(5)

smf_security(5)

smf_template(5)

solaris10(5)

solaris(5)

solbook(5)

stability(5)

standard(5)

standards(5)

step(5)

sticky(5)

suri(5)

SUS(5)

SUSv2(5)

SUSv3(5)

SVID3(5)

SVID(5)

tecla(5)

teclarc(5)

term(5)

threads(5)

trusted_extensions(5)

vgrindefs(5)

wbem(5)

xcvr_addr(5)

xcvr_id(5)

xcvr_inuse(5)

XNS4(5)

XNS(5)

XNS5(5)

XPG3(5)

XPG4(5)

XPG4v2(5)

XPG(5)

zones(5)

请告诉我们如何提高我们的文档:
过于简略
不易阅读或难以理解
重要信息缺失
错误的内容
需要翻译的版本
其他
Your rating has been updated
感谢您的反馈!

您的反馈将非常有助于我们提供更好的文档。 您是否愿意参与我们的内容改进并提供进一步的意见?

labels

- Solaris Trusted Extensions label attributes

描述

Labels are attributes that are used in mandatory policy decisions. Labels are associated, either explicitly or implicitly, with all subjects (generally processes) and objects (generally things with data such as files) that are accessible to subjects. The default Trusted Extensions mandatory policy labels are defined by a site's security administrator in label_encodings(4).

Mandatory Policy

Various mandatory policies might be delivered in the lifetime of Solaris Trusted Extensions.

The default mandatory policy of Trusted Extensions is a Mandatory Access Control (MAC) policy that is equivalent to that of the Bell-LaPadula Model of the Lattice, the Simple Security Property, and the *-Property (Star Property), with restricted write up. The default mandatory policy is also equivalent to the Goguen and Mesegeur model of Non-Inteference.

For this MAC policy, two labels are always defined: admin_low and admin_high. The site's security administrator defines all other labels in label_encodings(4). admin_low is associated with all normal user readable (viewable) Trusted Extensions objects. admin_high is associated with all other Trusted Extensions objects. Only administrative users have MAC read (view) access to admin_high objects and only administrative users have MAC write (modify) access to admin_low objects or admin_high objects.

Human Readable Labels

Users interact with labels as strings. Graphical user interfaces and command line interfaces present the strings as defined in label_encodings(4). Human readable labels are classified at the label that they represent. Thus the string for a label A is only readable (viewable, translatable to or from human readable to opaque m_label_t) by a subject whose label allows read (view) access to that label.

Internal Text Labels

In order to store labels in publicly accessible (admin_low) name service databases, an unclassified internal text form is used. This textual form is not intended to be used in any interfaces other than those that are provided with the Trusted Extensions software release that created this textual form of the label.

Labels and Applications

Applications interact with labels as opaque (m_label_t) structures. The semantics of these opaque structures are defined by a string to m_label_t translation. This translation is defined in label_encodings(4). Various Application Programming Interfaces (API) translate between strings and m_label_t structures. Various APIs test access of subject-related labels to object-related labels.

属性

See attributes(5) for description of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Interface Stability
See below.

The labels implementation is Committed for systems that implement the Defense Intelligence Agency (DIA) MAC policy of label_encodings(4). Other policies might exist in a future release of Trusted Extensions that might make obsolete or supplement label_encodings.

Internal text labels are Not-an-Interface and might change with any release of Trusted Extensions. They are intended only for input and generation on the same release of Trusted Extensions software.

As a potential porting aid for Trusted Solaris 8 applications, the opaque structure names bslabel_t, blevel_t, and bclear_t are defined to be equivalent to m_label_t. Like m_label_t, these types must be ported as opaque pointers. The same must be done with the various Trusted Solaris 8 label interfaces. These Trusted Solaris 8 structures and interfaces are Obsolete and might be removed from a future release of Trusted Extensions.

另请参见

chk_encodings(1M), blcompare(3TSOL), label_to_str(3TSOL), m_label_alloc(3TSOL), m_label_dup(3TSOL), m_label_free(3TSOL), str_to_label(3TSOL), label_encodings(4), attributes(5)

Bell, D. E., and LaPadula, L. J. Secure Computer Systems: Unified Exposition and Multics Interpretation, MTR-2997 Rev. 2, MITRE Corp., Bedford Mass., March 1976. NTIS AD-A023 588/7.

Goguen, J. A., and Mesegeur, J.: Security Policies and Security Models, Proceedings 1982 Symposium on Security and Privacy, IEEE Computer Society Press, 1982, p 11-20.

Goguen, J. A., and Mesegeur, J.: Unwinding and Interference Control, Proceedings 1984 Symposium on Security and Privacy, IEEE Computer Society Press, 1984, p 75-86.

《Compartmented Mode Workstation Labeling: Encodings Format》

附注

The functionality described on this manual page is available only if the system is configured with Trusted Extensions.