The security attributes that can be specified in networking templates are:
Minimum label - Defines the bottom of the label range for this security family. Outgoing packets to hosts in this security family cannot be below the minimum label.
Maximum label - Defines the top of the label range for this security family. Outgoing packets to hosts in this security family cannot be higher than the maximum label.
Default label - Sets the label to be applied by default to incoming packets from hosts in this security family.
Default clearance - Sets the clearance to be applied by default to incoming packets from hosts in this security family.
DOI - An integer that identifies the domain of interpretation, that is, the labelling scheme used by the default label and clearance for the particular host type.
IP label - Identifies type of IP label: RIPSO, CIPSO, or none. If CIPSO, the /etc/system and label_encodings files must be modified to accommodate the ADMIN_HIGH
label (see the "About Security Families"
help card). If RIPSO, you must specify a RIPSO label for the RIPSO Send Class.
Allowed privileges - Can be used to restrict privileges available to remote Trusted Solaris hosts. If these hosts can use any privileges, set All. If there is a limit, specify only those privileges that can be applied.
Forced privileges - Sets privileges to enable a remote host, typically an unlabeled host, to perform specific functions that may override security policy.
RIPSO Send Class - Used by RIPSO hosts and with RIPSO IP labels only, the classification level at which datagrams sent to a host of that template are protected. The predefined Classes are Top Secret, Secret, Confidential and Classified.
RIPSO Send PAF (protection authority flag) - Used by RIPSO hosts and with RIPSO IP labels only, the bit mask identifying the protection authorities on datagrams sent to a host of that template. The predefined authorities are: GENSER, SIOP-ESIm SCI, NSA, and DOE.
RIPSO Return PAF (protection authority flag) - Used by RIPSO hosts and with RIPSO IP labels only, specifies the PAF portion of the RIPSO label on ICMP error messages sent back from hosts using this template.