NAME | DESCRIPTION | EXAMPLES | SEE ALSO | NOTES
tsolinfo describes security attributes used as overrides for file attributes of files contained in a package. This text file is created by the developer of a software package and is included in the package. If the file is not included in the package, a set of default filesystem security attributes will be used.
Each entry in the tsolinfo file describes a single file security attribute for a specific file. The entry consists of several fields of information, each field separated by a space. Lines that begin with # are comment lines and are ignored. Empty lines are not allowed. The fields are described below and must appear in the order shown.
A character field that defines the attribute type. Valid attribute types are:
A CMW label in text. The exact label name must be used. See EXAMPLES below.
A comma-separated list of acl entries terminated with a comma.
A list of comma-separated allowed privileges.
A list of comma-separated forced privileges.
Specifies a multilevel directory. Do not set an attribute value for this type.
Specifies that read operations on this file should not be audited. Do not set an attribute value for this type.
A character file that defines the name of the file for which the attribute is being defined.
A character string that defines the value of the attribute. This field is not valid for the mld or public attributes.
The tsolinfo file also provides a special set of entries to define a set of default security attributes associated with all of the files within a package. The default attribute is used to denote a default attribute entry. The pathname component of the entry is replaced with the name of the attribute for which the default is being set. Package defaults can be set for any of the attributes described above. The package defaults override the filesystem default security attributes.
The tsolinfo file should be created at the same time as the package prototype file is created, and should be located in the same directory. The tsolinfo file must be included in the package prototype file by using the package prototype include command.
When the pkgmk(1) command is used to create a package, the tsolinfo file is relocated to the install/ subdirectory of the newly created package directory.
default label [ADMIN_LOW] default allowed_privs all default forced_privs all label usr/sbin/myfile [ADMIN_HIGH] forced_privs usr/sbin/myfile file_mac_read allowed_privs usr/sbin/myfile file_mac_read,file_mac_write |
If an initial compartment is specified for the classification NEED TO KNOW and assigned to default word SSE in the SENSITIVITY LABELS: WORDS: section of the label_encodings file, as in:
--------------------------------------------------------------------------- CLASSIFICATIONS: name= NEED TO KNOW; sname=NTK; value= 5; initial compartments= 14; . . . SENSITIVITY LABELS: WORDS: name= SSE; compartments= 14; --------------------------------------------------------------------------- |
default label [ADMIN_LOW] default allowed_privs file_mac_read,file_mac_write default forced_privs file_mac_read label usr/sbin/myfile [NEED TO KNOW SSE] forced_privs usr/sbin/newfile file_mac_read allowed_privs usr/sbin/newfile file_mac_read,file_mac_write |
The tsolinfo file should only contain entries for pathnames that require special file security attributes, other than the default ones supplied by the UFS filesystem. If the package does not contain any files that require special file security attributes, the tsolinfo file should not be created.
If the tsolinfo file is not present during package installation, the files contained within a package are assigned default file security attributes provided by the UFS filesystem.
If the tsolinfo file contains only the default entries, all of the files within a package are installed with security attributes specified by the tsolinfo file entries, along with any non-conflicting default UFS attributes.
NAME | DESCRIPTION | EXAMPLES | SEE ALSO | NOTES