The purpose of the Trusted Solaris networking templates is to specify the security attribute values to be applied to hosts within a security family. Not all of the security attributes are appropriate to each host type. The following table indicates how security attributes are applied to which host types. The term default means that the attribute is supplied by default. Optional means that is your choice whether to use this default. Not allowed means that any entry will be ignored. Required with or without conditions means the attribute is mandatory.
Table 3-1 Security Attributes by Host Type
Host Types --> Security Attributes |
Trusted Solaris |
TSIX |
Unlabeled |
CIPSO |
RIPSO |
---|---|---|---|---|---|
minimum label |
default |
default |
default |
default |
default |
maximum label |
default |
default |
default |
default |
default |
default label |
not allowed |
not allowed |
default |
not allowed |
default |
default clearance |
not allowed |
not allowed |
default |
default |
default |
DOI |
optional |
optional |
optional |
optional |
optional |
IP label |
optional |
optional |
optional |
optional |
optional |
forced privileges |
not allowed |
not allowed |
default |
default |
default |
allowed privileges |
default |
default |
not allowed |
not allowed |
not allowed |
RIPSO Send Class |
required if host or IP label is RIPSO |
not allowed |
required if host or IP label is RIPSO |
not allowed |
required |
RIPSO Send PAF |
required if host or IP label is RIPSO |
not allowed |
required if host or IP label is RIPSO |
not allowed |
required |
RIPSO Return PAF |
required if host or IP label is RIPSO |
not allowed |
required if host or IP label is RIPSO |
not allowed |
required |