This procedure is a prerequisite for a user to be able to relabel files.
Before You Begin
The zone you plan to configure must be halted. You must be in the Security Administrator role in the global zone.
# /usr/sbin/txzonemgr &
For the user and process requirements that permit relabeling, see the setflabel(3TSOL) man page. To authorize a user to relabel files, see How to Enable a User to Change the Security Level of Data.
In this example, the security administrator uses the zonecfg command to enable the downgrading of information but not the upgrading of information from the CNF: INTERNAL USE ONLY zone.
# zonecfg -z internal set limitpriv=default,file_downgrade_slExample 26 Preventing Downgrades From the internal Zone
In this example, the security administrator prevents the downgrade of CNF: INTERNAL USE ONLY files on a system that previously was used to downgrade files.
The administrator uses the Labeled Zone Manager to halt the internal zone, then selects Deny Relabeling from the internal zone menu.