NAME | SYNOPSIS | DESCRIPTION | EXTENDED DESCRIPTION | OPTIONS | RETURN VALUES | ATTRIBUTES | USAGE | EXAMPLES | NOTES | SEE ALSO
setlabel sets the CMW label associated with each filename. Unless newlabel and filename have been specified, no labels will be set. Incremental changes to labels are supported.
Refer to setcmwlabel(2) for a complete description of the conditions required to satisfy, and the privileges needed to execute this command.
Users may enter a label in plain text in the following form:
{ + } { classification } { { + | - } word } ... |
Items in curly brackets are optional. A vertical bar (|) represents a choice between two items. Items followed by an ellipsis may be repeated zero or more times. Leading and trailing whitespace is ignored. Items may be separated by blanks, tabs, commas or slashes (/).
The system always displays labels in uppercase. Users may enter labels in any combination of uppercase and lowercase.
The classification part of the label must be a valid classification name as defined in label_encodings(4). Classification names may contain embedded blanks or punctuation, if they are so defined in the label_encodings file. Short and long forms of classification names may be used interchangeably.
The words compartments and markings used in labels must be valid words as defined in label_encodings. Words may contain embedded blanks or punctuation if they are so defined in label_encodings.
Short and long forms of words may be used interchangeably. Words may be specified in any order; however, they are processed left to right, so that where words conflict with each other, the word furthest to the right takes precedence.
Plus and minus signs may be used when modifying an existing label. They turn on or off the compartments and markings associated with the words.
A CMW label is represented in characters in the form:
{ information label } { [sensitivity label] } |
* |
Items in curly brackets are optional. Leading and trailing white space is ignored. Items may be separated by blanks, tabs, commas, or slashes (/).
The special case where the CMW label is an asterisk (*) represents a CMW label whose SL is to be set equal to its IL.
Set the information label portion and the sensitivity label portion of the CMW label. Information Labels (ILs) are obsolete. See NOTES.
Set the label of the symbolic link.
Set the sensitivity label portion of the CMW label.
setlabel exits with one of the following values:
Successful completion.
Usage error.
Error in getting, setting or translating the label.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
Availability | SUNWtsu |
On the command line, enclose the label in double quotes unless the label you are entering is only one word. Without quotes, a second word or letter separated by a space is interpreted as a second argument. Labels containing the characters [ and ] should be in quotes to suppress the shell's use of those characters in filename substitution.
% setlabel -s SECRET somefile % setlabel "[SECRET]" somefile |
Use any combination of upper and lowercase letters. You may separate items in a label with blanks, tabs, commas or slashes (/). Do not use any other punctuation.
% setlabel "ADMIN_LOW[ts a b]" somefile % setlabel "admin_low[ts,a,b]" somefile % setlabel "admin_low[ts/a b]" somefile |
When entering a full CMW label, enter the IL first, followed by the SL in brackets.
information label[sensitivity label] |
Information Labels (ILs) are obsolete. See NOTES.
When entering an SL with a command option that sets the SL, you do not need to use brackets around the SL.
% setlabel -s " TOP SECRET A B" somefile |
To set somefile's SL to SECRET A
:
example% setlabel "[Secret a]" somefile |
To turn on compartment B in somefile's SL:
example% setlabel -s +b somefile |
To turn off compartment A in somefile's SL:
example% setlabel -s -- -A somefile |
If an incremental change is being made to an existing label and the first character of the label is a hyphen (-), a preceding double-hyphen (--) is required; the double-hyphen must follow any of the -i, -s, and -h options. (See the examples.)
Information labels (ILs) are not supported in Trusted Solaris 7 and later releases. Trusted Solaris software interprets any ILs on communications and files from systems running earlier releases as ADMIN_LOW
.
Objects still have CMW labels, and CMW labels still include the IL component: IL[SL]; however, the IL component is fixed at ADMIN_LOW
.
As a result, Trusted Solaris 7 has the following characteristics:
ILs do not display in window labels; SLs (Sensitivity Labels) display alone within brackets.
ILs do not float.
Setting an IL on an object has no effect, and getting an object's IL will always return ADMIN_LOW
.
Although certain utilities, library functions, and system calls can manipulate IL strings, the resulting ILs are always ADMIN_LOW
, and cannot be set on any objects.
Options related to information labels in the label_encodings(4) file can be ignored:
Markings Name= Marks; Float Process Information Label;
NAME | SYNOPSIS | DESCRIPTION | EXTENDED DESCRIPTION | OPTIONS | RETURN VALUES | ATTRIBUTES | USAGE | EXAMPLES | NOTES | SEE ALSO