Administrative Labels
Two default administrative labels are always defined: ADMIN_LOW and ADMIN_HIGH.
The two administrative labels are always automatically defined for all types of labels:
-
Sensitivity labels
-
Clearances
ADMIN_LOW is the lowest label in the system with a classification value of 0 and no compartments or markings. The ADMIN_LOW label is dominated by every other label.
ADMIN_HIGH is the highest label in the system with the classification value of 32767. As the highest label in the system, the ADMIN_HIGH sensitivity label and the ADMIN_HIGH clearance have all 256 compartment bits set to 1. The ADMIN_HIGH label dominates all other labels.
System files and commonly-available executables are assigned an ADMIN_LOW sensitivity label. Any files that contain data that should not be viewed by normal users, such as system log files, are maintained at ADMIN_HIGH. Besides being used in sensitivity labels to protect system files, administrative labels are used in information labels and in the clearances and minimum labels of the default administrative roles.
- © 2010, Oracle Corporation and/or its affiliates