Administering Devices With the Device Allocation Manager

The Device Allocation Manager is accessed from the Tools subpanel on the Front Panel. The Device Allocation Manager is available to users with the Allocate Device authorization for allocation and deallocation only. Normal users cannot see if a device is currently allocated to another user and cannot perform maintenance through the Device Administration button. The Device Allocation Manager is shown in the following figure.

Figure 1-7 Device Allocation Manager

Device Administration Dialog Box

You display the Device Administration dialog box by clicking the Device Administration button in the Device Allocation Manager main window.

Figure 1-8 Device Administration Dialog Box

Buttons in the dialog box do the following:

• Revoke - Moves the selected device from a busy (allocated) state to an available (deallocated) state.

• Reclaim - Makes available a device currently in an error state.

You must have the revoke or reclaim device authorization for the above actions.

• Delete - Makes a device unavailable.

• New, configure - Displays the Device Allocation Configuration dialog box through which you can create or configure a device allocation.

Device Allocation Configuration Dialog Box

To use the Device Allocation Configuration dialog box requires the Configure Device Attributes authorization. You display the dialog box by clicking the Configuration button in the Device Allocation Maintenance dialog box.

Figure 1-9 Device Allocation Configuration Dialog Box

The Device Allocation Configuration dialog box is divided into three parts:

• Device security attributes - Includes device name and type, minimum and maximum labels, clean program, and device map.

• Allocation specifications - For specifying whether the device may be allocated from Trusted Path or non-Trusted Path (for command line users), whether the device may be allocated by authorized users (with the authorizations specified in the Authorizations field), no users (if device is not allocatable), or all users (if no authorizations required), and which authorizations to require for device allocation.

• Deallocation options - For deallocating any allocated devices on reboot and deallocate any allocated devices on logout.

Device Allocation Authorizations Dialog Box

By clicking the Authorizations button in the Device Allocation Configuration dialog box, you display the Device Allocation Authorizations dialog box. It lets you specify the authorizations required for using the device.

Figure 1-10 Device Allocation Authorizations Dialog Box

Device Allocation Databases and Commands

If you do not have access to the Device Allocation Manager, you can use the commands below to administer allocatable devices. The commands are effective whenever use of the Device Allocation Manager would be effective. The commands check for authorization. The commands use the device databases device_allocate(4), device_deallocate(4), and device_maps(4). Note that the 1M commands are not intended for non-administrative users.

• add_allocatable(1M) - Adds devices to the allocation databases.

• allocate(1) - Manages the ownership of devices through its allocation mechanism. It ensures that each device is used by only one qualified user at a time.

• deallocate(1) - Deallocates a device allocated to the evoking user.

• list_devices(1) - Lists the allocatable devices in the system according to specified qualifications.

• dminfo(1M) - Displays information about device entries in the device maps file.

Device Clean Scripts

Device clean scripts are special scripts that are run when a device is first allocated. Clean scripts address two security concerns:

• Object reuse - The requirement that a device is clean of previous data before being allocated or reallocated.

• Media labeling - The requirement that removable information storage media have a physical label indicating its label. While the ultimate responsibility for putting the labels on the removable media rests with the user, the device clean scripts can prompt the user to do so.

The name of a device clean script for a specific device is stored with that device's entry in the device_allocate(4) file. The operations of each device clean program are specific to each device. The following is a list of tasks that a device clean program performs:

• Eject media - Devices that store information on removable media must be forced to eject that media upon deallocation or reallocation of the device, to prevent passing information to the next user of the device who may be at a different label.

• Reset device state - Devices that keep state information can potentially be used as a covert channel by the users. Thus driver status information must be reset to default values during deallocation of the device.

• Remind user about media labeling - Removable information storage media be labeled with appropriate external media labels. The device user's label is passed to the device clean program when it is invoked (See the device_clean(1M) man page for interface detail.)

Not all allocatable devices require a device clean program. Devices that do not keep states and do not use removable media do not need a device clean program.

Device clean programs for tape, floppy disk, CD-ROM, and audio devices are provided by the Trusted Solaris environment. The configurable nature of the user device allocation mechanism enables an administrator to install new devices and configure device clean programs accordingly.

For more information on device allocation, see Chapter 15, "Managing Devices," in Trusted Solaris Administrator's Procedures.