Modifying the label_encodings File
The default label_encodings file is updated to configure two new labels: WEB GUARD SERVICE and WEB GUARD CONTENT. The SANDBOX label, which is part of the default file, is modified to serve as the WEB GUARD CONTENT label. The WEB GUARD SERVICE label is added.
You must install the label_encodings file in the /etc/security/tsol directory. You can install this file on top of an existing Trusted Extensions installation.
After you install the updated file in the /etc/security/tsol directory, activate the new label_encodings file:
# svcadm restart svc:/system/labeld |
The following shows the label_encodings file used in this Web Guard prototype.
* ident "@(#)label_encodings.simple 5.15 05/08/09 SMI"
*
* Copyright 2005 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*
* This example shows how to specify labels that meet an actual
* site's legal information protection requirements for
* labeling email and printer output. These labels may also
* be used to enforce mandatory access control checks based on user
* clearance labels and sensitivity labels on files and directories.
VERSION= Sun Microsystems, Inc. Example Version - 6.0. 2/15/05
CLASSIFICATIONS:
name= PUBLIC; sname= PUB; value= 2; initial compartments= 4;
name= CONFIDENTIAL; sname= CNF; value= 4; initial compartments= 4;
name= WEB GUARD; sname= WEB; value= 5; initial compartments= 0;
name= MAX LABEL; sname= MAX; value= 10; initial compartments= 0 4 5;
INFORMATION LABELS:
WORDS:
name= :; prefix;
name= INTERNAL USE ONLY; sname= INTERNAL; compartments= 1 ~2; minclass= CNF;
name= NEED TO KNOW; sname= NEED TO KNOW; compartments= 1-2 ~3; minclass= CNF;
name= RESTRICTED; compartments= 1-3; minclass= CNF;
name= CONTENT; compartments= 0 ~1 ~2 ~3; minclass= WEB;
name= SERVICE; compartments= 5; minclass= WEB;
REQUIRED COMBINATIONS:
COMBINATION CONSTRAINTS:
SENSITIVITY LABELS:
WORDS:
name= :; prefix;
name= INTERNAL USE ONLY; sname= INTERNAL; compartments= 1 ~2; minclass= CNF;
prefix= :
name= NEED TO KNOW; sname= NEED TO KNOW; compartments= 1-2 ~3; minclass= CNF;
prefix= :
name= RESTRICTED; compartments= 1-3; minclass= CNF; prefix= :
name= CONTENT; compartments= 0 ~1 ~2 ~3; minclass= WEB;
name= SERVICE; compartments= 5; minclass= WEB;
REQUIRED COMBINATIONS:
COMBINATION CONSTRAINTS:
CLEARANCES:
WORDS:
name= INTERNAL USE ONLY; sname= INTERNAL; compartments= 1 ~2; minclass= CNF;
name= NEED TO KNOW; sname= NEED TO KNOW; compartments= 1-2 ~3; minclass= CNF;
name= RESTRICTED; sname= RESTRICTED; compartments= 1-3; minclass= CNF;
name= CONTENT; compartments= 0 ~1 ~2 ~3; minclass= WEB;
name= SERVICE; compartments= 5; minclass= WEB;
REQUIRED COMBINATIONS:
COMBINATION CONSTRAINTS:
CHANNELS:
WORDS:
PRINTER BANNERS:
WORDS:
ACCREDITATION RANGE:
classification= PUB; all compartment combinations valid;
classification= WEB; all compartment combinations valid;
classification= CNF; all compartment combinations valid except: CNF
minimum clearance= PUB;
minimum sensitivity label= PUB;
minimum protect as classification= PUB;
* Local site definitions and locally configurable options.
LOCAL DEFINITIONS:
default flags= 0x0;
forced flags= 0x0;
Default Label View is Internal;
Classification Name= Classification;
Compartments Name= Sensitivity;
Default User Sensitivity Label= PUB;
Default User Clearance= CNF NEED TO KNOW;
COLOR NAMES:
label= Admin_Low; color= #bdbdbd;
label= PUB; color= blue violet;
label= WEB SERVICE; color= yellow;
label= CNF; color= navy blue;
label= CNF : INTERNAL USE ONLY; color= blue;
label= CNF : NEED TO KNOW; color= #00bfff;
label= CNF : RESTRICTED; color= #87ceff;
label= Admin_High; color= #636363;
* End of local site definitions
For more information about the label_encodings file, see Oracle Solaris Trusted Extensions Label Administration.
- © 2010, Oracle Corporation and/or its affiliates