Overview

The following information specifically applies when SunScreen 3.2 is used on a system running the Trusted Solaris 8 operating environment (for more information regarding installing and configuring Trusted Solaris, see Trusted Solaris Installation and Configuration.)

Do not use the command line interface to install SunScreen 3.2 on Trusted Solaris 8 as it does not work. Use the File Manager with the admin role as described in "Installing SunScreen on Trusted Solaris" in the SunScreen 3.2 Installation Guide.

• SunScreen 3.2 is supported on Trusted Solaris 8, but not on the previous versions, Trusted Solaris 7 or Trusted Solaris 2.5.1.

• Use only the File Manager (see "To Install the Software on the Screen") to install the software on your system.

• Packets with TSOL, CIPSO, and UNLABELED templates work. While other templates may work, no others were verified.

• When two Trusted Solaris systems using the TSOL protocol talk to each other using the TSOL networking protocol, they typically use rpc program 110002 to exchange process attributes for peer processes. The entry in /etc/rpc is: tsolpeerinfo 110002 rpc.getpeerinfo peerinfod.

  Services between two Trusted Solaris systems do not work if this service is blocked. You must allow the tsolpeerinfo service through your firewall, and the rule base must allow this service to be initiated from both ends of a connection.

  This service works with STATIC NAT when tsolpeerinfo is allowed through in the rule base, however, it does not work with DYNAMIC NAT.

Every process in Trusted Solaris has privileges associated with it (called effective privileges). These effective privileges fall into the following categories:

• Some privileges

• All privileges

• No privileges

A Trusted Solaris file also has a set of privileges called the allowed privileges. When you execute a Trusted Solaris file (to create a process), the resulting processes' effective privileges are the intersection of the file's allowed privileges and your privileges as defined in your users rights.

Therefore, all SunScreen executable files must have their allowed privileges set to all. This action is performed during installation of the SunScreen software through pkgadd.

This action is performed by the /usr/lib/sunscreen/lib/pkgadd shell script. When you use the installer, this script is automatically invoked.

A Trusted Solaris system needs the latest revision of the following patches installed from: http://sunsolve.Sun.COM/pub-cgi/show.pl.

• 110739

• 110337

• 110771

Refer to the README file included with the download for instructions.