Known Problems with the Software

This section identifies known problems in the Trusted Solaris 7 software, describes them, and suggests solutions to them. These bugs may or may not be fixed in a future release.

Allocating space for diskless clients during install time does not work (4280877)

When you install a system and allocate space for diskless clients, it does not create directories named /export/root or /export/Trusted_Solaris_7. It also does not create any file listing the OS services.

Workaround: Name the partitions and allocate the space by customizing disk partitions during the installation program.

Net install fails without privileges (4291218)

All executables under Tools/Boot need privileges before net install. Without the proper privileges on the executables, net install will fail.

Workaround: Run net install commands with all privileges.

Net Install Procedure

1. In the root role, at label admin_low, use the Device Allocation Manager to allocate the CDROM drive, but do not mount it.

   Do not try to use the Volume Manager; it is disabled in the Trusted Solaris environment.

   1. Click the triangle above the Style Manager on the Front Panel to display the Trusted Desktop subpanel. Click Device Allocation.

   2. Double-click the CDROM device to move it to the Allocated Devices list.

   3. Write down the device name for the CDROM drive as indicated in the "Insert disk into..." message in the Device Allocation window.

      For example, if the message reads:

      Insert disk into /dev/dsk/c0t2d0s0.
            Make sure disk is labeled ADMIN_LOW [ADMIN_LOW].
            Press RETURN when cdrom_0 is ready, or ^C to cancel.

      then write down the device name, /dev/dsk/c0t2d0s0, before continuing.

   4. Insert the Trusted Solaris Installation CD into the CDROM drive and press the Return key.

   5. Answer n to the Do you want cdrom_0 mounted: (y/n)? n question.

2. In the root role, at label admin_low, make sure that /cdrom/cdrom0 exists.

   If it does not, create it:

   # mkdir -p /cdrom/cdrom0

3. Mount the CDROM with all allowed and forced privileges.

   ---

   # mount -F hsfs -o ro -S "allowed=all;forced=all" cdrom_device
   

   ---

   For example, for the CDROM on device /dev/dsk/c0t2d0s0, type:

   # mount -F hsfs -o ro -S "allowed=all;forced=all" \ /dev/dsk/c0t2d0s0 /cdrom/cdrom0

4. Run the setup_install_server command, as described in the documentation.

5. Set up the .boot_attrs command to run with all privileges.

   1. Assume the role secadmin.

   2. Follow the procedure in "How to Update the Commands in a Role's Profile" in Trusted Solaris Installation and Configuration. Add the pathname of boot_attrs to the Custom Root Role profile, and give the command all privileges.

6. As root, run the .boot_attrs command with all privileges.

   1. Assume the root role, and open a new terminal.

   2. Check that the .boot_attrs command has all privileges.

      See "To Verify That a Command is in a Role's Profile" in Trusted Solaris Installation and Configuration.

   3. Change directory to OSdir/Trusted_Solaris_7/Tools/Boot.

      # cd OSdir/Trusted_Solaris_7/Tools/Boot

   4. As root, run the .boot_attrs command.

      # ../.boot_attrs

7. Remove the command from the Custom Root Role profile when you are done.

Sometimes root role cannot launch applications after install (4277688)

The user cannot start any application, either from the front panel or from the workspace menu. This happened on some machines, and not on others.

Workaround: Restart the Workspace Manager.

1. Right-button on the background window and choose Window > Restart Workspace Manager.

2. Confirm.

Some man commands fail with an error message (4290121)

Some /usr/man directories have permissions dr--r--r--.

Workaround: Add execute permission to the affected directories.

# chmod a+x /usr/man/sman1 /usr/man/sman3n /usr/man/sman3s
/usr/man/sman3t /usr/man/sman3x /usr/man/sman39f

Auditing of 64-bit programs does not work (4288647), (4287445), (4268980)

There are cases where preselection in libbsm does not properly occur. The 64-bit t6 library calls t6peek_attr(3N) and t6last_attr(3N) fail in libbsm. auditwrite(3) does not work in 64-bit programs.

Workaround: Do not audit 64-bit programs.

Audit characteristics of msix and tsol (4048995)

Audit values for the msix (Trusted Solaris 2.5.1 and Trusted Solaris 7) host type in the tnrhtp do not correspond well with their Trusted Solaris 1.2 definitions.

Workaround: None.

Audit affects TCP between TSIX hosts (4291482)

Audit attributes prevent TCP from working properly between TSIX hosts.

Workaround: None.

Label encodings file is visible (4029612)

The label_encodings file is not protected from reading.

Workaround: None.

Label encodings file has locale-sensitive information

The label_encodings(4) file contains locale-sensitive information. However, not all system programs that use the file are guaranteed to be locale-aware.

Workaround: In multi-byte locales or non-C locales where upper/lower case are not a direct mapping of the C locale, the classification and word names, short names, alternate names in the label_encodings file and all string labels in all databases must be in upper case only. Also, all labels must be entered in upper case only:

• On the command line where the locale has not been set, or

• To commands which do not call the library function setlocale(3C) with the correct locale.

Patch 106748-03/106749-03 does not install completely (4290168)

The SUNWxcu4t package is not patched when the patch 106748-03 (SPARC)/106749-03 (Intel) is installed.

Workaround: In the root role, copy the patch files from the CD to the machine.

Copy Patch Files

1. Mount the install CD.

   1. On a SPARC machine:

      cd cd-mount-point/Trusted_Solaris_7/Patches/106748-03/SUNWxcu4t/reloc/usr/xpg4/bin

      On an Intel machine:

      cd cd-mount-point/Trusted_Solaris_7/Patches/106749-03/SUNWxcu4t/reloc/usr/xpg4/bin

2. Copy the original files on the machine to *.orig.

   # cp -p /usr/xpg4/bin/make /usr/xpg4/bin/make.orig # cp -p /usr/xpg4/bin/get /usr/xpg4/bin/get.orig # cp -p /usr/xpg4/bin/sccs /usr/xpg4/bin/sccs.orig # cp -p /usr/xpg4/bin/delta /usr/xpg4/bin/delta.orig

3. Copy all files in the usr/xpg4/bin/ directory from the CD to the machine.

   # cp * /usr/xpg4/bin

Some commands and library routines are not fully functional

The following commands and library routines are not fully functional.

rpcinfo(1M) (4040593)

Requires privilege to contact a Trusted Solaris 1.2 workstation.

snoop(1M) (4024442)

When used with the -v option to display an output file, dumps core if it encountered the TSIX SATMP protocol in the file.

bltos(3) label function (4029584)

Binary to string-coded and string-coded to binary label translation is not MT-safe.

libtsol() label functions (4055191)

libtsol() label functions change logging behavior of programs that use the label functions, that is, they change syslog parameters.

t6recvfrom(3N) (1249220)

The mask argument of t6recvfrom() should contain the bits for the new attributes if t6new_attr(3N) is called. Instead, it contains the full set of attributes.

t6get_endpt_default(3N) (1239143)

Should require sys_audit privilege. Currently network interfaces succeed in setting audit attributes without sys_audit privilege. For TSOL connections, the audit attributes are ignored. For TSIX connections, the audit attributes are transmitted to the remote peer.

Swmtool does not work (4284167)

The swmtool(1M) utility does not work in the Trusted Solaris 7 operating environment.

Workaround: Use the pkgadd(1M) utility.

Tnrhtp template window is too large on Intel architecture (4290621)

The bottom field, CIPSO Domain, is not shown in the window. The window cannot be resized to see the field.

Workaround: Make the font smaller.

Make Small Display Font on Intel

1. Launch the Style Manager from the front panel.

2. Click on Font.

3. From the size list on the right of the window, select Small(3).

4. Click OK.

5. To get the new font, right-button on the background window, choose Window > Restart Workspace Manager. Confirm. Or, log out and log back in.

Trusted Solaris 7 does not update the Solaris SUNWrdm package

Read the files in SUNWrdm for information on the basic Solaris 7 environment.

Workaround: For late-breaking news, use this book, Trusted Solaris 7 Release Notes.