NAME | SYNOPSIS | DESCRIPTION | OPTIONS | USAGE | EXAMPLES | EXIT STATUS | ATTRIBUTES | SEE ALSO
setfsattr changes the security attributes of a file system. The file system may be specified either as a filesystem or as special , the device on which the file system resides. filesystem must be in /etc/vfstab , and it must be unmounted before setfsattr is invoked on it. setfsattr requires at least one option be specified; if not, an error is returned.
newsecfs
works similarly to
setfsattr
except that it runs
newfs(1M)
on the file system prior to setting the security
attributes, then sets the label on the
lost+found
directory to
[ADMIN_HIGH]
.
Set the filesystem sensitivity level range, a semicolon-separated pair of sensitivity labels. The labels must be valid sensitivity labels for the system. The
first in the pair is the minimum sensitivity label, and it must be dominated by the second label, the maximum sensitivity label. The default is
ADMIN_LOW;ADMIN_HIGH
.
Create the root directory of the file system as a multilevel directory ( MLD ). This option is available only with the newsecfs command.
Set the file system MLD prefix. The default is " .MLD. ". The MLD prefix is the string that disables multilevel directory translation in pathname lookup.
Set the file system newfs options. The options must be exactly the same as those expected by the newfs(1M) command. This option is available only with newsecfs .
Set the file system allowed-privilege set, specified as a text-string of comma-separated privilege names. The privileges in the allowed set must include all privileges in the forced set, or the operation fails.
Set the filesystem forced-privilege set, specified as a text string of comma-separated privilege names. All privileges in the forced set must also be in the allowed set, or the operation fails.
Set the filesystem CMW label.
To specify arguments that include semicolons or embedded spaces (such as for the -l and -o options), use quotes to enclose the arguments.
To create a new file system with an allowable label range of Confidential to Secret, use this command:
$ newsecfs -l 'confidential;secret' raw_device |
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
Availability | SUNWtsu |
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | USAGE | EXAMPLES | EXIT STATUS | ATTRIBUTES | SEE ALSO