This section identifies known problems in the Trusted Solaris 8 2/04 software, describes the problems, and suggests solutions. These bugs might or might not be fixed in a future release.
On both SPARC® and x86 platforms, communication is broken between hosts with tsol and tsol_cipso labels. The ping and rup commands work between the hosts. The commands telnet, rsh, and ftp do not work for local users within the range CONFIDENTIAL to TOP_SECRET. The commands telnet, rsh, and ftp work for ADMIN_LOW, UNCLASSIFIED and ADMIN_HIGH labels. The problem is consistent on V490, V890, SB1000, and V440R platforms, but is not observed on SB1500 and some x86 servers.
Workaround: None.
When patch 16336-07 or patch 119038-01 is installed, the Front and Open keys on the Sun keyboard fail to work once a role has been assumed.
Workaround: Do not use the Front or Open key.
On a Trusted Solaris 8 HW 12/02 system, do not install patch 116336-07. On a Trusted Solaris 8 HW 7/03 system, do not install patch 119038-01.
Trusted Solaris Installation and Configuration instructs the customer to remove the boot diskette.
Workaround: When the installation program informs you to remove the boot diskette, do so. The CD-ROM is still inserted. During the BIOS/system self-tests, you can remove the CD.
If you have installed the software from a CD-ROM, leave the CD-ROM in the drive. If you are doing an upgrade install, the system does not automatically reboot after the installation of the first CD.
On most systems, if you fail to remove the CD during the self-tests, the device configuration screen appears. You can then navigate the menus in the Device Configuration Assistant (DCA) and select the hard drive to boot from. You then remove the CD when the installation program prompts you to do so.
If you are installing a Sun Fire V60x or a Sun Fire V65x system, you must remove the CD during the BIOS/system self-tests. You are not prompted to remove the CD. You then boot directly from the disk.
A network install server that is running the Trusted Solaris operating system is unable to communicate with Trusted Solaris clients that the install server has installed until the server is rebooted.
Workaround: If the client will need to be in contact with the network install server, reboot the server. If there are multiple clients to install, reboot the server after the client installations are complete.
Alternatively, you can install Trusted Solaris clients from a network install server that is running the Solaris operating system.
A black line appears at the bottom of a small number of Solaris Management Console dialog boxes. The line obscures some buttons.
Workaround:
Resize the dialog box to see the buttons.
Install the Java fix (version 1.2.2_17b or higher) for this bug when the fix is available.
When an unlabeled machine sends a full packet, an intervening labeled gateway adds the CIPSO header. The addition of the CIPSO header makes the packet larger than 1500 bytes, and therefore the packet is dropped due to size.
Workaround: By setting the MTU on the system to be smaller, the problem is solved. Then, when the CIPSO label is added, the packet is still a legal size.
Cutting and pasting between xterm windows when using xinerama causes the following problems:
The xterm application that the data is copied from terminates. Termination happens at the instant that the data is pasted.
Running the mozilla application results in a BadWindow error, with mozilla failing to run.
The title bar and label bar of exposed windows is not properly redrawn.
Workaround: None.
This release supports only the C locale (U.S. English). Thus, no Languages CD is provided.
Network packets that use the TSIX protocol are not processed correctly when AH headers are present.
Workaround: None.
Network packets that are labeled with the TSOL protocol are not processed correctly by IKE in the SunScreenTM 3.2 product. The SunScreen product is co-packaged with this release. The SunScreen log messages show IKE_INVALID_COOKIE.
The SunScreen software properly processes TSOL-labeled network traffic that is in clear text. The SunScreen IKE software also behaves correctly in the Trusted Solaris operating environment to protect traffic between unlabeled network connections.
Workaround: None.
A SIGSEGV error is produced when using the nisaddent -avf command to add an incorrectly formatted file to the tnrhdb NIS+ map. The incorrectly formatted file produces a core dump.
Workaround: The nisaddent command works correctly with a valid input file. To ensure that the input file has fields separated by colons and not by spaces, use niscat -s : when dumping an NIS+ table that will be used later as input to NIS+.
This bug occurs in a very unusual situation. The administrator must have consciously configured an NFS remote host to be at one label, and the label range to be another label.
Workaround: To prevent the creation of files at the default label for the server, mount the file system as “read-only”. Existing files are unaffected, but the read-only mount option prevents the creation of files at a label outside the label range.
The new utilities sdtgwm, sdtwsm, and sdtwinlst and their corresponding actions in the Desktop_Apps folder generate errors, such as Warning: Query Module Not Running.
Workaround: None. These tools are inappropriate for users in the Trusted Solaris environment. Thus, the tools are not supported.
The bug is known to occur when the Solaris Management Console is running on an NIS+ client or master and has loaded its toolbox from an NIS+ replica. Next, the replica is shut down and the Solaris Management Console is used to update any NIS+ maps. Since the machine from which the Solaris Management Console loaded its toolbox is down, the Solaris Management Console client has no way to communicate with the Solaris Management Console server, which is the machine from which the toolbox has been loaded.
Workaround: Do not use the Solaris Management Console to update NIS+ databases when an NIS+ replica is down. Use the standard NIS+ command-line interface instead.
Although Trusted Solaris 8 software does not support information labels (ILs), the chk_encodings command fails with the following error if the label_encodings file omits information about ILs.
# chk_encodings label_encodings Label encodings conversion error at line 37: Can't find INFORMATION LABELS specification. Found instead: "SENSITIVITY LABELS:". label_encodings: label encodings syntax check failed. |
Workaround: Copy a valid SENSITIVITY LABELS: section in your label_encodings file, and rename the section to INFORMATION LABELS:, as in:
INFORMATION LABELS: ... WORDS: ... REQUIRED COMBINATIONS: ... COMBINATION CONSTRAINTS: ... |
See the label_encodings(4) man page for more information.
The Solaris Management Console commands smosservice and smdiskless do not work correctly.
Workaround: Set up diskless service manually. On the OS server, name and allocate the client disk partitions during the installation process.
Drag-and-drop operations do not work reliably for OPEN LOOK applications.
Workaround: Use the copy and paste keys with OPEN LOOK applications.
This bug is seen when you perform the following steps:
Insert diskette.
floppy_0 is allocated by Device Allocation Manager.
From File Manager, click the File menu and select Removable Media Manager.
Select the diskette icon. Click mouse button 3 to open the Labels menu item.
In Removable Media Manager - File Labels (the Trusted Solaris Label Builder), click the Help button at bottom right of the dialog box.
Workaround: Perform the following steps:
Click mouse button 3 on the Front Panel and select Help from the menu. The Workspace Manager – Help window appears.
In the Workspace Manager – Help window, scroll down in the top pane to Trusted Solaris Applications and select that text.
In the bottom pane, click Create Labels.
The Solaris Management Console Mounts tool and Solaris Management Console Shares tool do not manipulate Trusted Solaris attributes.
Workaround: Use the Set Mount Points action and the Share Filesystems action to handle Trusted Solaris attributes. You can also use the Admin Editor on the /etc/vfstab file and the /etc/dfs/dfstab file.