test

Trusted Solaris Administrator's Procedures

Managing the Relabeling of Files

By default, normal users can perform cut and paste, copy and paste, and drag and drop operations on both files and selections as long as the source and destination have the same label and have the same user ID.

The /usr/dt/config/sel_config file is consulted to determine which actions will be taken when an operation would upgrade or downgrade a label. (The comments and keywords in the file use the terms sensitivity label and label interchangeably.)

Note -

The rules that apply when some operations are performed on file icons differ from the rules that apply when the same operations are performed on selections made in windows. Drag and drop of selections always requires equality of labels and ownership.

The sel_config file defines:

The Security Administrator role can change the defaults by using the Selection Configuration action. The new settings become effective the next time anyone logs in.

Users can copy and paste between file managers that they own and that are at the same label. The types of operations that may be performed on files with varying label and ownership relationships are summarized and shown with the authorizations needed, in the following table.

Table 2-1 Conditions for Moving Files Between File Managers

Transaction Description 

Label Relationship 

Owner Relationship 

Authorization(s) Required 

Copy/Cut and paste, or drag and drop of files between File Managers 

Same label 

Same UID 

None required 

Downgrade  

Same UID 

Downgrade file label 

Upgrade  

Same UID 

Upgrade file label 

Downgrade  

Different UIDs 

Downgrade file label 

Act as file owner 

Upgrade  

Different UIDs 

Upgrade file label 

Act as file owner 

Users can copy and paste between windows that they own and that are at the same label.The types of operations that may be performed on selections between windows with varying label and ownership relationships are summarized and shown with the authorizations needed in the following table.

Table 2-2 Conditions for Moving Selections Between Windows

Transaction Description 

Label Relationship 

Owner Relationship 

Authorization(s) Required 

Copy/Cut and paste of selections between windows 

Same label 

Same UID 

None required 

Downgrade  

Same UID 

Paste to a downgraded window 

Upgrade  

Same UID 

Paste to an upgraded window 

Downgrade  

Different UIDs 

Paste to a downgraded window 

Act as file owner 

Upgrade  

Different UIDs 

Paste to an upgraded window 

Act as file owner 

Drag and drop of selections between windows 

Same SL always required 

Same UID always required 

None applicable 

sel_config File Sections

The rules in the sel_config file apply to cut and paste, copy and paste, and drag and drop of files between file managers. (See dtfile(1) and the Trusted Solaris User's Guide for more about the File Manager application.) The rules in the sel_config file also apply to cut and paste and copy and paste between windows. Drag and drop between windows is mediated by the /usr/dt/bin/sel_mgr application, not by sel_config.

The sel_config file has two sections described below:

Automatic Confirmation Section

The format of each line in the automatic confirmation section of the sel_config file is shown in the following table. label-relation refers to the relationship between the label of the source and the label of the destination, and the value n means to display the selection confirmer to the user.

Transfer Type 

Automatically confirm?  

label-relation (upgrade|downgrade|equal|disjoint)

y | n 

Automatic Reply Section

The autoreply field defines the type of reply for all the named types of selections that follow it. This section provides a way to reply automatically to several types of selections at once instead of having to respond to each individually. See the sel_config(4) man page for more information.