test

Trusted Solaris User's Guide

Storing Files in Separate Directories by Sensitivity Labels

The Trusted Solaris environment provides two special types of directories for storing files and subdirectories with different sensitivity labels and keeping them separate:

When you attempt to view or access files in a multilevel directory, (either through an application such as the File Manager or through a shell using standard commands), only those files that are at your current sensitivity label are visible and accessible. If you keep files at different sensitivity labels in your home directory, for example, you cannot normally view files at sensitivity labels other than your current sensitivity label.

The following figure illustrates the concept of hidden single-level directories within a multilevel directory. The top part of the figure shows the contents of a multilevel home directory called /myHomeDir from the user's view while working at Confidential A B; the lower part of the figure shows the user at Secret A B. Hidden directories and files are indicated with dashed lines and unbolded text; the solid lines and bolded text indicate visible ones. (Note that the sensitivity labels associated with the single-level directories are shown in their short form inside parentheses; the sensitivity labels do not actually appear in the directory names.)

Figure 1-4 Visible and Hidden Files and Directories

Graphic

While working at Confidential A B, the user has the following results when trying to list the contents of the /myHomeDir directory:

% pwd
/myhomedir
% ls
file1

At Secret A B, the user sees these results:

% pwd
/myhomedir
% ls
file2    file3