JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Trusted Extensions Configuration Guide
search filter icon
search icon

Document Information

Preface

1.  Security Planning for Trusted Extensions

2.  Configuration Roadmap for Trusted Extensions

3.  Adding Trusted Extensions Software to the Solaris OS (Tasks)

4.  Configuring Trusted Extensions (Tasks)

5.  Configuring LDAP for Trusted Extensions (Tasks)

6.  Configuring a Headless System With Trusted Extensions (Tasks)

A.  Site Security Policy

B.  Using CDE Actions to Install Zones in Trusted Extensions

Associating Network Interfaces With Zones by Using CDE Actions (Task Map)

Specify Two IP Addresses for the System by Using a CDE Action

Specify One IP Address for the System by Using a CDE Action

Preparing to Create Zones by Using CDE Actions (Task Map)

Specify Zone Names and Zone Labels by Using a CDE Action

Creating Labeled Zones by Using CDE Actions (Task Map)

Install, Initialize, and Boot a Labeled Zone by Using CDE Actions

Resolve Local Zone to Global Zone Routing in Trusted CDE

Customize a Booted Zone in Trusted Extensions

Use the Copy Zone Method in Trusted Extensions

Use the Clone Zone Method in Trusted Extensions

C.  Configuration Checklist for Trusted Extensions

Glossary

Index

Specify Zone Names and Zone Labels by Using a CDE Action

You do not have to create a zone for every label in your label_encodings file, but you can. The tnzonecfg database enumerates the labels that can have zones created for them on this system.

  1. Navigate to the Trusted_Extensions folder.
    1. Click mouse button 3 on the background.
    2. From the Workspace menu, choose Applications -> Application Manager.
    3. Double-click the Trusted_Extensions folder icon.
  2. For every zone, name the zone.
    1. Double-click the Configure Zone action.
    2. At the prompt, provide a name.

      Tip - Give the zone a similar name to the zone's label. For example, the name of a zone whose label is CONFIDENTIAL : INTERNAL USE ONLY would be internal.


  3. Repeat the Configure Zone action for every zone.

    For example, the default label_encodings file contains the following labels:

    PUBLIC
    CONFIDENTIAL: INTERNAL USE ONLY
    CONFIDENTIAL: NEED TO KNOW
    CONFIDENTIAL: RESTRICTED
    SANDBOX: PLAYGROUND
    MAX LABEL

    Although you could run the Configure Zone action six times to create one zone per label, consider creating the following zones:

    • On a system for all users, create one zone for the PUBLIC label and three zones for the CONFIDENTIAL labels.

    • On a system for developers, create a zone for the SANDBOX: PLAYGROUND label. Because SANDBOX: PLAYGROUND is defined as a disjoint label for developers, only systems that developers use need a zone for this label.

    • Do not create a zone for the MAX LABEL label, which is defined to be a clearance.

  4. Open the Trusted Network Zones tool.

    The tools in the Solaris Management Console are designed to prevent user error. These tools check for syntax errors and automatically run commands in the correct order to update databases.

    1. Start the Solaris Management Console.
      # /usr/sbin/smc &
    2. Open the Trusted Extensions toolbox for the local system.
      1. Choose Console -> Open Toolbox.
      2. Select the toolbox that is named This Computer (this-host: Scope=Files, Policy=TSOL).
      3. Click Open.
    3. Under System Configuration, navigate to Computers and Networks.

      Provide a password when prompted.

    4. Double-click the Trusted Network Zones tool.
  5. For each zone, associate the appropriate label with a zone name.
    1. Choose Action -> Add Zone Configuration.

      The dialog box displays the name of a zone that does not have an assigned label.

    2. Look at the zone name, then click Edit.
    3. In the Label Builder, click the appropriate label for the zone name.

      If you click the wrong label, click the label again to deselect it, then click the correct label.

    4. Save the assignment.

      Click OK in the Label Builder, then click OK in the Trusted Network Zones Properties dialog box.

    You are finished when every zone that you want is listed in the panel, or the Add Zone Configuration menu item opens a dialog box that does not have a value for Zone Name.

Troubleshooting

If the Trusted Network Zones Properties dialog box does not prompt for a zone that you want to create, either the zone network configuration file does not exist, or you have already created the file.