The following commands are for mounting file systems. Check the Trusted Solaris Summary section of each man page for differences from the Solaris operating environment.
mount(1M)--requires the sys_mount privilege. Both mandatory and discretionary read access (or overriding privileges) are required to the mount point and the device being mounted. Depending on the configuration of the vfstab_adjunct file, the process may need some combination of the proc_setsl and proc_setclr privileges. The mount command supports mounts to multilabel directories (MLDs). It has a special option, --S which lets you specify security attributes to be associated with the filesystem mount (this option requires that you have sufficient clearance for the label specified).
share_nfs(1M)--provides these options with -S:
dev|nodev - access to character and block devices is allowed or disallowed. The default is dev.
priv|nopriv - Forced privileges on execution are allowed or disallowed. The default is priv.
Running share_nfs requires the following:
sys_nfs privilege
effective uid 0
process label of [ADMIN_LOW]
share(1M)--makes a resource of a specified file system type available for mounting. It requires the sys_nfs privilege.
unshare(1M)--makes a resource unavailable for mounting. It requires the sys_nfs privilege.
nfsstat(1M)--lets you display statistics concerning the NFS and RPC (remote procedure call) interfaces to the kernel. The Trusted Solaris version of the nfsstat command requires that you have the net_config privilege when using the -z option, which reinitializes the statistics.
nfsd(1M)--handles client file system requests. The Trusted Solaris version of the nfsd command requires the sys_nfs and net_mac_read privileges to run.