This section lists other commands available for administering elements in the Trusted Solaris operating environment.
File privileges and labels can be administered either through the File Manager or the following commands:
getfattrflag(1)--for getting a file's security attributes.
setfattrflag(1)--for setting a file's security attributes.
getfpriv(1)--for getting an executable file's forced and allowed privileges.
setfpriv(1)--for setting an executable file's forced and allowed privileges.
testfpriv(1)--for checking an executable file's forced and allowed privilege sets.
The following commands are for administering attributes on file systems.
getfsattr(1M)--for displaying the security attributes of a file system.
getfsattr_ufs(1M)--for displaying the security attributes of a UFS file system.
setfsattr(1M)--for setting the security attributes on a file system. The file system should be unmounted first.
newsecfs(1M)--for setting security attributes on a new file system.
The following commands are for mounting file systems. Check the Trusted Solaris Summary section of each man page for differences from the Solaris operating environment.
mount(1M)--requires the sys_mount privilege. Both mandatory and discretionary read access (or overriding privileges) are required to the mount point and the device being mounted. Depending on the configuration of the vfstab_adjunct file, the process may need some combination of the proc_setsl and proc_setclr privileges. The mount command supports mounts to multilabel directories (MLDs). It has a special option, --S which lets you specify security attributes to be associated with the filesystem mount (this option requires that you have sufficient clearance for the label specified).
share_nfs(1M)--provides these options with -S:
dev|nodev - access to character and block devices is allowed or disallowed. The default is dev.
priv|nopriv - Forced privileges on execution are allowed or disallowed. The default is priv.
Running share_nfs requires the following:
sys_nfs privilege
effective uid 0
process label of [ADMIN_LOW]
share(1M)--makes a resource of a specified file system type available for mounting. It requires the sys_nfs privilege.
unshare(1M)--makes a resource unavailable for mounting. It requires the sys_nfs privilege.
nfsstat(1M)--lets you display statistics concerning the NFS and RPC (remote procedure call) interfaces to the kernel. The Trusted Solaris version of the nfsstat command requires that you have the net_config privilege when using the -z option, which reinitializes the statistics.
nfsd(1M)--handles client file system requests. The Trusted Solaris version of the nfsd command requires the sys_nfs and net_mac_read privileges to run.
The following commands are for managing processes:
pattr(1)--lets you display the viewable Process Attribute Flags of the current process or a process specified by pid. Those flags that cannot be viewed normally can be viewed with privilege.
pclear(1)--lets you display the clearance at which the selected process is running.
plabel(1)--gets the CMW label (that is, combined sensitivity label and information label) for the process.
ppriv(1)--gets the effective privileges of a process.
pprivtest(1)--tests if the specified privileges are currently in effect.