This procedure creates a shell script that displays the labels of the current zone and all zones that the current zone dominates.
You must be in the System Administrator role in the global zone.
Use the trusted editor to create the getzonelabels script.
For details, see How to Edit Administrative Files in Trusted Extensions.
Provide the pathname to the script, such as /usr/local/scripts/getzonelabels.
Add the following content, and save the file:
#!/bin/sh # echo "NAME\t\tSTATUS\t\tLABEL" echo "====\t\t======\t\t=====" myzone=`zonename` for i in `/usr/sbin/zoneadm list -p` ; do zone=`echo $i | cut -d ":" -f2` status=`echo $i | cut -d ":" -f3` path=`echo $i | cut -d ":" -f4` if [ $zone != global ]; then if [ $myzone = global ]; then path=$path/root/tmp else path=$path/export/home fi fi label=`/usr/bin/getlabel -s $path |cut -d ":" -f2-9` if [ `echo $zone|wc -m` -lt 8 ]; then echo "$zone\t\t$status\t$label" else echo "$zone\t$status\t$label" fi done |
Test the script in the global zone.
# getzonelabels NAME STATUS LABEL ==== ====== ===== global running ADMIN_HIGH needtoknow running CONFIDENTIAL : NEED TO KNOW restricted ready CONFIDENTIAL : RESTRICTED internal running CONFIDENTIAL : INTERNAL public running PUBLIC |
When run from the global zone, the script displays the labels of all ready or running zones. Here is the global zone output for the zones that were created from the default label_encodings file:
In the following example, a user runs the getzonelabels script in the internal zone.
# getzonelabels NAME STATUS LABEL ==== ====== ===== internal running CONFIDENTIAL : INTERNAL public running PUBLIC |