Mounting File Systems in the Trusted Solaris Environment
The Trusted Solaris mount(1M) command can be used to mount the types of file systems shown in the following table.
The table includes cross-references to mount_* mount man pages, when they are available for the named filesystem type, such as mount_nfs(1M) and mount_ufs(1M). The mount man page describes security attributes that can be set for any file system type that supports using the -S option at mount time and describes the privileges, UID and GID that mount needs in order to succeed. The mount_* man pages give the subcommands that can be entered with the -o option for each filesystem type. See also "Security Attributes on File Systems" and following for more about security attributes.
Table 9-4 Mount Types, Examples, and Notes| Type | When Used | Notes |
|---|---|---|
|
FDFS |
A pseudo file system type that allows a program to access its own file descriptors through the file name space. |
MAC and DAC isolation are assured because each process can access only its own file descriptors. The mode (0666), group (root), and owner (root) are fabricated by the kernel and are not used in any DAC decisions. The label is of the backing file or directory. This is a fixed attribute file system. |
|
HSFS |
Mounts a file system from a CD device. |
See mount_hsfs(1M). In the Trusted Solaris environment, the file system can be given fixed attributes at mount time. |
|
LOFS |
A pseudo file system type that allows virtual file systems to be created that provide access to existing files using alternate pathnames. |
See lofs(7FS). In the Trusted Solaris environment, the security attributes are identical to those of the underlying file system. |
|
NFS |
Mounts a file system from a remote NFS server. |
See mount_nfs(1M). NFS mounts can be performed on fixed and variable attribute file systems. |
|
PCFS |
Mounts DOS file systems from a diskette. |
See mount_pcfs(1M) and pcfs(7FS). No extended attributes can be set on this file system type. |
|
PROCFS |
A pseudo file system provides access to the image of each process in the system. The name of each entry in the /proc directory is a decimal number corresponding to a process-ID. The owner of each ``file'' is determined by the process's real user-ID. |
In a Trusted Solaris environment, PROCFS is a variable attribute file system in which all the Trusted Solaris attributes are supported. Process access decisions are based on the DAC and MAC
attributes of the /proc file, which are imputed from the underlying process's DAC and MAC attributes. If the calling process has the |
|
TMPFS |
Mounts in memory a temporary file system that uses swap pages, either in primary memory or on swap storage. The contents disappear at reboot. | Often /tmp is mounted as a tmpfs. The advantage is a huge increase in speed of access to whatever the temporary file system contains, since the information is retrieved from memory instead of from a disk. See mount_tmpfs(1M). |
|
UFS |
Mounts a file system from a local disk. |
See mount_ufs(1M). UFS file systems can have fixed mount time attributes assigned or variable attributes assigned at creation or later. See "Specifying Security Attributes on Variable File Systems". |
|
AUTOFS |
Automounting mounts file systems with the AUTOFS type. |
See automount(1M). |
Note -
The CACHEFS file system type is not supported.
Mount Options Used for Protection
The mount(1M) command can be used with the -o option followed by one of four protection options. The options are also valid in the vfstab(4) file. Some options can be used to protect the data on the file system being mounted, while others prevent a Trojan Horse attack initiated from the mounted file system. The mount restrictions shown in the following table are supported on all file system types. The Default Values column shows the values used when no option is specified.
Table 9-5 Mount Restrictions, Default Values|
Description |
Default Value |
Alternate Value |
|---|---|---|
|
Disallow write operations |
rw |
ro |
|
Ignore set user id bits on executables |
suid |
nosuid |
|
Ignore forced privilege sets on executables |
priv |
nopriv |
|
Disallow opens on device special files, preventing the use of devices from non-standard directory locations |
devices |
nodevices |
Note -
The ro and suid options to disallow writes and ignore set user ID bits are available in the Solaris version of the mount command.
Summary of Attributes on Various File System Types
The following table indicates how different file systems support the various file system attributes. See the key in Table 9-7.
Table 9-6 Attributes Supported by the Supported File System Types| Attribute | TNFS | UFS/TMPFS/SLNFS | PCFS/HSFS |
|---|---|---|---|
| Allowed privileges | FS | MT | MT |
| Forced privileges | FS | MT | MT |
| CMW label | FS | MT ( label only) | MT (label only; from host's template) |
| MLD prefix | FS | MT | MT |
| Label range | FS | MT | MT |
| File system attribute flags | FS | none | none |
| Object attribute flags | FS | MT | MT |
| Mount flags | MT | MT | MT |
| Access ACL | OBJ | OBJ | none |
| File mode | OBJ | OBJ | * |
| File owner | OBJ | OBJ | * |
| File group | OBJ | OBJ | * |
|
Type |
Where Attribute Obtained |
|---|---|
|
FS |
From the file system |
|
MT |
From attributes specified at mount time |
|
* |
For HSFS with Rock Ridge extensions: same as the object |
Table 9-7 KEY to the File System Attributes Table
| UFS | A UFS file system on a Trusted Solaris host |
| TNFS | A TNFS file system from a Trusted Solaris or TSIX server |
| TMPFS | A TMPFS file system |
| SLNFS | A NFSv2 file system or a NFSv3 file system from a single-label/unlabeled server |
| PCFS | A PCFS file system |
| HSFS | A HSFS file system |
MLDs are supported only by the following file system types:
-
ufs (always variable)
-
nfs-variable
(NFS file systems mounted from Trusted Solaris servers)
-
lofs, and
-
tmpfs
- © 2010, Oracle Corporation and/or its affiliates