Trusted Solaris Installation and Configuration

Trusted Solaris Modifications to Custom JumpStart

In the Trusted Solaris environment, Custom JumpStart procedures are handled by administrative roles. For an explanation of Custom JumpStart, see "Preparing Custom JumpStart Installations" in Solaris 8 Advanced Installation Guide. Prepare to modify Custom JumpStart procedures with Trusted Solaris security requirements, such as device allocation and task allocation by role.

Note -

Factory-installed JumpStart may not be supported by Trusted Solaris software.

Modifications to Custom JumpStart Procedures

The following procedures are slightly different in the Trusted Solaris environment.

Note -

The Trusted Solaris environment does not support mounting remote file systems during installation.

Table 9-4 Modified Custom JumpStart Procedures Setup


Custom JumpStart Procedure	Trusted Solaris Modification
Create a Custom JumpStart diskette	Users who can assume the roles admin and secadmin should be present.
Allocate diskette drive	As admin, at label `ADMIN_LOW`, allocate the floppy drive. See "To Allocate a Device" if you are unsure of the steps.
Deallocate diskette drive	As admin, at label `ADMIN_LOW`, deallocate the drive and remove the diskette. See "To Deallocate a Device" if you are unsure of the steps.
Format a diskette	As admin, at label `ADMIN_LOW`, run the `fdformat` command.
Create a filesystem on a diskette	As admin, at label `ADMIN_LOW`, run the `newfs` command.
Create a mount point on a diskette	As admin, at label `ADMIN_LOW`, run the `mkdir` command.
Mount the directory	As admin, at label `ADMIN_LOW`, run the `mount` command. See Example 9-2 at the end of this table for a sample `mount` command.
Populate the directory	As admin, at label `ADMIN_LOW`, run the `cp` command to copy the JumpStart sample directory to the diskette.
Create a JumpStart directory on a server	As admin, at label `ADMIN_LOW`, run the `mkdir` command.
Share the directory	For details of the procedure, see "How to Share a File System".
Share the file system	For details of the procedure, see "How to Share a File System".
Enable access to JumpStart directory	As admin, at label `ADMIN_LOW`, use the `-c` option to the `add_install_client` command to add JumpStart details to the local `bootparams` database.
Check access to JumpStart directory	On the install server, as role admin at label `ADMIN_LOW`, view the `bootparams` database. For details, see "To Locate a Solaris Management Console Tool".

Example 9-2 Mount a UFS Filesystem on a Diskette

To create a UFS file system on a diskette to be used for Custom JumpStart, as admin at ADMIN_LOW:

$ mkdir /ts8_jumpstart
$ mount -F ufs /dev/diskette /ts8_jumpstart

Modifications to Custom JumpStart Profiles

Use the Trusted Solaris information in the following table to modify the procedures in "Creating a Profile" in Solaris 8 Advanced Installation Guide.

Table 9-5 Modified JumpStart Profile Procedures


Solaris Procedure	Trusted Solaris Modification
Edit a profile file.	As admin role at label `ADMIN_LOW`, use the Admin Editor action. For how to use the Admin Editor, see "To Create or Open a File from the Trusted Editor". The upgrade keyword is not supported in Trusted Solaris 8.

Use the Trusted Solaris information that follows to modify the procedures in "Testing a Profile" in Solaris 8 Advanced Installation Guide and "pfinstall" in Solaris 8 Advanced Installation Guide.

In the Trusted Solaris environment, testing profiles is handled by the admin role.

How to Use pfinstall to Test a Profile

On an installed and configured Trusted Solaris host, log in as a user who can assume the admin role.

As admin at label ADMIN_LOW, launch a terminal and see that the pfinstall(1M) command is available in the role's profile shell.
$ profiles -l | grep pfinstall
Note -
The name profile shell refers to a shell that recognizes Trusted Solaris execution profiles. It does not refer to the machine profiles being tested here.

If the command is not in the profile, the secadmin role must add it to the admin role's rights, and then the admin role launches a new terminal in which to run the command.

See "How to Modify a Role's Rights" for how to add the pfinstall command to the admin role's rights profile.

Modifications to Custom JumpStart Rules

Use the Trusted Solaris information in the following table to modify the procedures in "Creating the rules File" in Solaris 8 Advanced Installation Guide.

Table 9-6 Modified JumpStart Rule Procedures


Solaris Procedure	Trusted Solaris Modification
Edit a rules file	As role admin at label `ADMIN_LOW`, use the Admin Editor action. For how to use the Admin Editor, see "To Create or Open a File from the Trusted Editor".
Use a Trusted Solaris-specific value for a keyword	For the `installed` option, the `version` keyword. `version` - A version name, such as `Trusted_Solaris_8`, or the special word `any`. If `any` is used, any Trusted Solaris or SunOS release is matched.
	For the `osname` option, the `version` keyword. `version` -- A version of Trusted Solaris the Trusted Solaris environment installed on the workstation: for example, Trusted Solaris 7.
Validate a rules file	Run the `check` script as role admin at label `ADMIN_LOW`.
Copy a rules file	As admin at label `ADMIN_LOW`, copy the file.