Trusted Solaris 8 4/01 Release Notes

Known Problems With the Software

This section identifies known problems in the Trusted Solaris 8 4/01 software, describes them, and suggests solutions to them. These bugs may or may not be fixed in a future release.

Languages CD is not supported

This release supports only the C locale (U.S. English). Thus, no Languages CD is provided.

praudit and auditreduce do not work with RBAC profile entries (4508276)

The praudit and auditreduce commands are both listed in the Audit Review profile as requiring euid=0. This should work, but in fact uid=0 is required.

Workaround: Change the two entries in the exec_attr database to use uid=0 instead of euid=0.

Communication between TSIX host types with IPsec AH is broken (4471447)

Network packets using the TSIX protocol are not processed correctly when AH headers are present.

Workaround: None.

IKE does not work with the TSOL host type (4548783)

Network packets that are labeled with the TSOL protocol are not processed correctly by IKE in the SunScreenTM 3.2 product that is co-packaged with this release. The SunScreen log messages show IKE_INVALID_COOKIE.

SunScreen properly processes TSOL-labeled network traffic that is in clear text. SunScreen IKE also behaves correctly in the Trusted Solaris operating environment to protect traffic between unlabeled network connections.

Workaround: None.

nisaddent causes a SIGSEGV error when adding to tnrhdb (4491941)

A SIGSEGV error is produced when using the nisaddent -avf command to add an incorrectly formatted file to the tnrhdb NIS+ map. This produces a core dump.

Workaround: The nisaddent command works correctly with a valid input file. To ensure that the input file has fields separated by colons and not by spaces, use niscat -s : when dumping a NIS+ table that will be used later as input to NIS+.

Some suser() calls still exist in kernel (4493976)

The interfaces listed below have code paths which check for the sys_suser_compat privilege instead of the proper privilege.

Workaround: These interfaces may need to be invoked with the PRIV_SUSER_COMPAT privilege. This can be accomplished via profiles by using an exec_attr entry specifying this privilege.

File system label ranges are not enforced for unlabeled NFS file systems (4150441)

This bug occurs in a very unusual situation. The administrator must have consciously configured a NFS remote host to be at one label, and the label range to be another.

Workaround: To prevent the creation of files at the default label for the server, mount the file system as "read-only". Existing files are unaffected, but the read-only mount option prevents the creation of files at a label outside the label range.

Graphical Window Manager controls do not work (4462771)

The new utilities sdtgwm, sdtwsm, and sdtwinlst and their corresponding actions in the Desktop_Apps folder generate errors, such as Warning: Query Module Not Running.

Workaround: None. These tools are inappropriate for users in the Trusted Solaris environment. They are not supported.

niscat command hangs and spawns multiple nisd processes on a NIS+ server (4430740)

The bug is known to occur when SMC is running on a NIS+ client or master and has loaded its toolbox from a NIS+ replica. Next, the replica is shut down and SMC is used to update any NIS+ maps. Since the machine from which SMC loaded its toolbox is down, the SMC client has no way to communicate with the SMC server, which is the machine from which the toolbox has been loaded.

Workaround: Do not use SMC to update NIS+ databases when a NIS+ replica is down. Use the standard NIS+ command line interface instead.

Trusted Solaris label encodings file requires coding for ILs (4329208)

Although Trusted Solaris 8 4/01 software does not support information labels (ILs), the chk_encodings(1M) command fails with the following error if the label_encodings file omits information about ILs.

   # chk_encodings label_encodings
   Label encodings conversion error at line 37:
      Can't find INFORMATION LABELS specification.
      Found instead: "SENSITIVITY LABELS:".
   label_encodings: label encodings syntax check failed.

Workaround: Copy a valid SENSITIVITY LABELS: section in your label_encodings file, and rename it to INFORMATION LABELS:, as in:

INFORMATION LABELS: 
...
WORDS: 
...
REQUIRED COMBINATIONS: 
...
COMBINATION CONSTRAINTS:
...

The smosservice command fails to create OS server (4378498)

The SMC commands smosservice and smdiskless do not work correctly.

Workaround: Set up diskless service manually. On the OS server, name and allocate the client disk partitions during the installation program.

Device Allocation: Configuration dialog box does not configure the first device (4533649)

A device's configuration is unchanged the first time that you click OK in the Device Allocation: Configuration dialog box.

Workaround: Repeat the configuration procedure without closing the Device Allocation Manager. When you have repeated the procedure, you can then configure other devices without clicking OK a second time.

Drag and drop does not work for OpenLook applications (4095021)

Drag and drop operations do not work reliably for OpenLook applications.

Workaround: Use the copy and paste keys with OpenLook applications.

Nonexistent location ID: FileManagerLabelsHelp (4477399)

This bug is seen when you perform the following steps:

  1. Insert Floppy disk.

    floppy_0 is allocated by Device Allocation Manager.

  2. From File Manager, click the File menu and select Removable Media Manager.

  3. Select the floppy icon and click mouse button 3 to open the Labels menu item.

  4. In Removable Media Manager - File Labels (the Trusted Solaris Label Builder), click the Help button at bottom right of the dialog box.

Workaround: Perform the following steps:

  1. Click mouse button 3 on the Front Panel and select Help from the pop-up menu. The Workspace Manager - Help window appears.

  2. In the Workspace Manager - Help window, scroll down in the top pane to Trusted Solaris Applications and select it.

  3. In the bottom pane, click Create Labels.

SMC Mounts and Shares tools do not set or modify Trusted Solaris attributes (4496897)

The SMC Mounts tool and SMC Shares tool do not manipulate Trusted Solaris attributes.

Workaround: Use the Set Mount Points and Share Filesystems actions to handle Trusted Solaris attributes, or use the Admin Editor on the /etc/vfstab and the /etc/dfs/dfstab file.