Preface

Labels, clearances, and handling caveats are used to protect information in the Trusted Solaris environment. The components of labels, clearances, and handling caveats are specified in the label_encodings(4) file. This guide provides needed background and describes how to edit, check, and install the label_encodings file.

Who Should Use This Book

This book is for security administrators, who are responsible for defining the organization's labels, and for those who assume the security administrator role to implement the labels in the site's label_encodings file on the Trusted Solaris system.

---

Note -

Even though the Trusted Solaris environment can be configured with no visible labels, labels are always being used, and mandatory access control checks are always being made. Therefore, the security administrator role must always configure a label_encodings file as described in this guide.

---

Related Books

Prerequisite knowledge is contained in the following books in the Trusted Solaris documentation set:

• Trusted Solaris User's Guide

• Trusted Solaris Administration Overview

• Trusted Solaris Installation and Configuration

• Trusted Solaris Administrator's Procedures

• Trusted Solaris Audit Administration

• Trusted Solaris 8 4/01 Transition Guide

• Compartmented Mode Workstation Labeling: Encodings Format

Before You Read This Book

The person who works in the security administrator role to configure labels should do the following things:

• Understand how to administer the Solaris or compatible operating environment, the Common Desktop Environment (CDE) window system, Solaris Management Console (SMC), and the NIS+ (or NIS) system for central administration of configuration files

• Know how to work in the Trusted Solaris environment as a normal (non-administrative) user (as described in the Trusted Solaris User's Guide)

• Understand the administrative concepts and know how to use the administrator's tools described in the Trusted Solaris Administration Overview and Trusted Solaris Administrator's Procedures guides

  Administrative tasks are divided among several administrative roles. The administrator's procedures guide describes how a user assumes the security administrator role and uses administrative actions to perform the work described in this guide.

• Understand how administrative tasks are divided among roles at your site

  Some sites may assign the label encodings tasks to a locally-created administrative role.

• Understand the security requirements of your agency or organization

The necessary level of knowledge may be acquired through the following methods:

• Training

  For information about the Trusted Solaris training class, see the course description or visit the Sun Education catalog.

• Documentation

  The Trusted Solaris guides are available in the following formats:

  • At Sun's documentation website at docs.sun.com

  • On the AnswerBook CD shipped with the product

    AnswerBooks are document collections you can install on your local computer or on a document server and view onscreen. AnswerBooks for the Trusted Solaris operating environment, for the bundled CDE window system, and for the Solaris operating environment are on the Trusted Solaris AnswerBook CD.

Ordering Sun Documents

Fatbrain.com stocks documentation from Sun Microsystems, Inc.

For a list of available documents and how to order them, visit http://www1.fatbrain.com/documentation/sun.

How This Book Is Organized

• Chapter 1, Introduction to Trusted Solaris Label Encodings provides labels-related concepts and planning steps for the security administrator who prepares the site's label_encodings file.

• Chapter 2, Creating or Modifying the Encodings File describes how to create and check the label_encodings file.

• Chapter 3, Specifying Labels and Handling Guidelines for Printer Output describes the labels and handling caveats on printer output and gives procedures for modifying them.

• Chapter 4, Modifying Sun's Extensions in the Local Definitions Section describes the optional LOCAL DEFINITIONS section. Describes how to use the keywords in this section to set a system-wide minimum label and clearance for users; change the names of administrative labels, specify whether administrative labels display, change the names of labels' components on label builders, and specify colors for labels.

• Chapter 5, Example: Planning an Organization's Labels models how a site analyzes its label requirements and creates a simple label_encodings file, which is shown in Appendix A, Example: Label Encodings File.

• Appendix A, Example: Label Encodings File contains an example of a simple label_encodings file that goes along with the chapter on planning.

• Appendix B, Differences Between Default Label Encodings Files describes the differences between the single-label and multilabel versions of the label_encodings file.

Type Styles Usage in Text and Examples

The following table shows and explains the type styles used in this guide.

Table P-1 Typographic Conventions

Type Face	Meaning	Example
Literal	The names of commands, files, and directories, on-screen computer output.	Edit your .login file. Use ls -a to list all files. hostname% You have mail.
UserType	What you type, contrasted with on-screen computer output.	hostname% su - janez Password:
Variable	Argument name in a command-line.	To delete a file, enter rm filename.
	You replace the argument with a real name or value.	hostname% rm myfile
Title or Emphasis	Book titles, new words or terms, or words to be emphasized.	Read Chapter 6 in User's Guide. These are called class options.
		You must be the owner to do this.

Shell Prompts

The following table shows the shell prompts.

Shell	Prompt
C shell prompt	hostname%
Bourne shell and Korn shell prompt	$
Profile Shell prompt	$
root prompt (with any shell)	#