Running Without Labels
An organization may not want non-administrative users to see labels or be aware of mandatory access controls. By following the steps in "To Set Up No Labels Operation", the security administrator role can configure what appears to be a no labels operation, so that all normal users work in an environment that is visually almost the same as working in the Solaris environment with the CDE window system.
Even if non-administrative users do not see labels, certain labels must always be present:
-
ADMIN_LOWandADMIN_HIGHclearances and sensitivity labels are always included and do not need to be defined -
One sensitivity label in the user accreditation range must be defined
-
One clearance in the user accreditation range must be defined
-
One information label in the user accreditation range must be defined (even though information labels are not used in Trusted Solaris 7 and later releases)
Note -
Even though Trusted Solaris 7 does not use information labels, the label_encodings file cannot pass chk_encodings(1M) unless it has information labels defined. To fulfill this software requirement, copy the words defined in the SENSITIVITY LABELS WORDS to the INFORMATION LABELS WORDS section.
- © 2010, Oracle Corporation and/or its affiliates