Mounting filesystems in the Trusted Solaris environment is similar to mounting in the regular Solaris system. You can enter the standard mounting information in the vfstab file on the client and the sharing information in the dfstab file on the server or you can set up mounting dynamically by using the mount(1M) command.
The major differences for setting up mounts in the Trusted Solaris environment are:
The vfstab(4) file is supplemented by a special file called vfstab_adjunct(4), whose purpose is to hold security attributes to be applied to the file system.
The server needs to have a template assigned in its tnrhdb file that it can apply to the client. If you are setting up a mount between two Trusted Solaris hosts, use a template for Trusted Solaris hosts. If you are setting up a mount between a Trusted Solaris host and an unlabeled host, all data is transmitted by default at the single label specified for the unlabeled host in the tnrhdb file; however, you can specify different non-label security attributes at mount time using the vfstab_adjunct(4) file or the mount(1M) command with the -S or -o option.
The physical connection between the server and the client must be capable of passing the accreditation checks discussed in "Routing Example".
The mount(1M) command requires that UID is 0. Thus you can only run mount from a role or user account with an execution profile that includes mount, specifies an effective UID of 0, and runs at ADMIN_LOW. The mount command may need these privileges: sys_mount, file_dac_read, file_dac_write, file_dac_search, file_mac_read, file_mac_write, file_mac_search, net_privaddr, proc_setsl, proc_setclr, and sys_trans_label. See priv_desc(4) for more information on these privileges. See also"Managing Files and File Systems" in Trusted Solaris Administrator's Procedures
The vfstab_adjunct file and mount command with -S option let you specify the security attributes for mounts.
The available security attributes are:
label--the label of the files
forced privileges--the set of forced privileges to be applied to executable files in the mounted filesystem
allowed privileges--the set of allowed privileges to be applied to executable files in the mounted filesystem
label range--the range of labels that can be applied to directories and files in the mounted filesystem
MLD prefix--a substitute for .MLD. as a prefix for multilevel directories