To Specify Mount-time Security Attributes in the vfstab_adjunct File

1. Assume the administrator role and go to an ADMIN_HIGH workspace.

   See "To Log In and Assume a Role", if needed.

2. Use the Set Mount Points action to open the vfstab(4) file for editing.

3. Specify the mount point as described in the vfstab man page and add filesystem-specific security options in the mount options column as desired.

   See the filesystem-specific options in the mount_* man page for the file system type.

   The example below shows a filesystem type of ufs, mounted with the Trusted Solaris nodevices and nopriv mount options and the Solaris nosuid mount option.

   /dev/dsk/c0t3d0s4 /dev/rdsk/c0t3d0s4 /spublic ufs 2 yes nodevices,nopriv,nosuid

4. Save and close the file.

   :wq

5. Assume the Security Administrator role and go to an ADMIN_HIGH workspace.

6. Use the Set Mount Attributes action to open the vfstab_adjunct(4) file for editing.

7. Copy and paste the template entry at the top of the file, and modify the copy.

   #<mount point>; \ #slabel=; \ #forced=; allowed=; \ #low_range=; hi_range=; \ #mld_prefix=;

   The example below gives the following security attributes to /spublic: all files in the file system get an slabel (label) of SECRET A, all allowed privileges, and all the file-related privileges.

   # Assigns the Secret A label and label range, all file-related # forced privileges and all allowed privileges to an unlabeled file system # /spublic;\ slabel="Secret A";\ forced=file_audit,file_chown,file_dac_execute,file_dac_read,\ file_dac_search,file_dac_write,file_downgrade_sl,file_lock,\ file_mac_read,file_mac_search,file_mac_write,file_owner,file_setdac,\ file_setid,file_setpriv,file_upgrade_sl;\ allowed=all;\ low_range="Secret A";\ hi_range="Secret A";

8. Save and close the file.

   :wq