In the User Manager
The label view setting in a process can override the system-wide setting. A process' label view is set to be either internal, external, or sys. If sys, the process' label view is set to the setting in the label_encodings file. A process's label view gets set indirectly:
-
Each account has its own label view set to be either internal, external, or sys by the
User Managerand those settings stored in the tsoluser(4) file. -
The initial process created at login sets the label view process attribute flag based on the setting for the account logging in.
Specifically, when each user and role account is being configured, the security administrator role specifies a label view using the
User Managermenu, either internal, external, or sys. See the following figure.
Figure 1-2 User Manager: Labels Dialog Box
The label view is the first value stored in the labelview field in the account's entry in the /etc/security/tsol/tsoluser file, followed by either showsl or hidesl. In the example entry below, the first setting in the labelview field is internal, and therefore the label view is set to INTERNAL for the locally-created auditadmin administrative role account.
Example 1-4 Example tsoluser Entry for an Audit Administration Role Account
auditadmin:fixed:automatic:Audit Control,Audit Review,Media Restore,:none:5: lock:internal,showsl:0x000000000000000000000000000000000000000 00000000000000000000000000000:0x7fffffffffffffffffffffffffffffffffffffffffff ffffffffffffff:utadm:res1:res2:res3 |
Note -
Do not edit the tsoluser(4) file directly. Change any account's label view through the Labels dialog box in the User Manager.
- © 2010, Oracle Corporation and/or its affiliates