Managing software in Trusted Extensions is similar to managing software on a Solaris system that has installed non-global zones. For details about zones, see Part II, Zones, in System Administration Guide: Virtualization Using the Solaris Operating System.
You must be in a role that can allocate a device.
Start from the appropriate workspace.
To install a software package in the global zone, stay in the global zone.
To install a software package in a labeled zone, create a workspace at that label.
Allocate the CD-ROM drive.
Install the software.
Deallocate the device when you are finished.
This procedure downloads a JavaTM archive (JAR) file to the global zone. From the global zone, the administrator can make it available to regular users.
The security administrator has verified that the source of the Java program is trustworthy, that the method of delivery is secure, and that the program can run in a trustworthy manner.
You are in the System Administrator role in the global zone.
Download the JAR file to the /tmp directory.
For example, if you are selecting software from http://www.sunfreeware.com, use the site's “Solaris pkg-get tool” instructions.
Open the File Browser and navigate to the /tmp directory.
Double-click the downloaded file.
To install the software, answer the questions in the dialog boxes.
Read the installation log.
To limit the security risk, the system administrator downloads the software to a single label within a regular user's accreditation range. Then, the security administrator tests the JAR file at that label. When the software passes the test, the security administrator then downgrades the label to ADMIN_LOW. The system administrator installs the software on an NFS server to make it available to all users.
First, the system administrator creates a workspace at a user label.
In that workspace, he downloads the JAR file.
At that label, the security administrator tests the file.
Then, the security administrator changes the label of the file to ADMIN_LOW.
Finally, the system administrator copies the file to an NFS server whose label is ADMIN_LOW.