Trusted Extensions software recognizes labels on NFS Version 3 (NFSv3) and NFSv4. You can use one of the following sets of mount options:
vers=4 proto=tcp vers=3 proto=tcp vers=3 proto=udp
Trusted Extensions has no restrictions on mounts over the tcp protocol. In NFSv3 and NFSv4, the tcp protocol can be used for same-label mounts and for read-down mounts.
For NFSv3, Trusted Extensions behaves like Oracle Solaris. The udp protocol is the default for NFSv3, but udp is used only for the initial mount operation. For subsequent NFS operations, the system uses tcp. Therefore, read-down mounts work for NFSv3 in the default configuration.
In the rare case that you have restricted NFSv3 mounts to use the udp protocol for initial and subsequent NFS operations, you must create an MLP for NFS operations that use the udp protocol. For the procedure, see Example 49, Configuring a Private Multilevel Port for NFSv3 Over udp.
A Trusted Extensions system can also share its single-level datasets with unlabeled hosts. A file system that is exported to an unlabeled host is writable if its label equals the label that is assigned to the remote host by the exporting system. A file system that is exported to an unlabeled host is readable only if its label is dominated by the label that is assigned to the remote system.
For multilevel datasets that are shared by the global zone with clients that are running the NFSv4 service, the MAC policy is at the granularity of individual files and directories, not at the label of the entire dataset.
Communication with systems that are running a release of Trusted Solaris software is possible only at a single label. The assigned label of the Trusted Solaris system determines its access to single-level and multilevel datasets.
The NFS protocol that is used is independent of the local file system's type. Rather, the protocol depends on the type of the sharing computer's operating system. The file system type that is specified to the mount command for remote file systems is always NFS.