How to Enable a Trusted Extensions Client to Access a Printer

Initially, only the zone in which a print server was configured can print to the printers of that print server. The system administrator must explicitly add access to those printers for other zones and systems. The possibilities are as follows:

• For a global zone, add access to the printers that are connected to a global zone on a different system.

• For a labeled zone, add access to the printers that are connected to the global zone of its system.

• For a labeled zone, add access to a printer that a remote zone at the same label is configured for.

• For a labeled zone, add access to the printers that are connected to a global zone on a different system.

Before You Begin

A print server has been configured with a label range or a single label, and the printers that are connected to it have been configured. For details, see the following:

• How to Configure a Multilevel Print Server and Its Printers

• How to Configure a Zone for Single-Label Printing

• How to Assign a Label to an Unlabeled Print Server

You must be in the System Administrator role in the global zone, or be able to assume the role.

1. Complete the procedures that enable your systems to access a printer.

   • Configure the global zone on a system that is not a print server to use another system's global zone for printer access.

     1. On the system that does not have printer access, assume the System Administrator role.

     2. Add access to the printer that is connected to the Trusted Extensions print server.

        $ lpadmin -s printer

   • Configure a labeled zone to use its global zone for printer access.

     1. Change the label of the role workspace to the label of the labeled zone.

        For details, see How to Change the Label of a Workspace in Oracle Solaris Trusted Extensions User’s Guide.

     2. Add access to the printer.

        $ lpadmin -s printer

   • Configure a labeled zone to use another system's labeled zone for printer access.

     The labels of the zones must be identical.

     1. On the system that does not have printer access, assume the System Administrator role.

     2. Change the label of the role workspace to the label of the labeled zone.

        For details, see How to Change the Label of a Workspace in Oracle Solaris Trusted Extensions User’s Guide.

     3. Add access to the printer that is connected to the print server of the remote labeled zone.

        $ lpadmin -s printer

   • Configure a labeled zone to use an unlabeled print server for printer access.

     The label of the zone must be identical to the label of the print server.

     1. On the system that does not have printer access, assume the System Administrator role.

     2. Change the label of the role workspace to the label of the labeled zone.

        For details, see How to Change the Label of a Workspace in Oracle Solaris Trusted Extensions User’s Guide.

     3. Add access to the printer that is connected to the arbitrarily labeled print server.

        $ lpadmin -s printer

2. Test the printers.

   Starting in the Solaris 10 7/10 release, files with an administrative label, either ADMIN_HIGH or ADMIN_LOW, print ADMIN_HIGH on the body of the printout. The banner and trailer pages are labeled with the highest label and compartments in the label_encodings file.

   On every client, test that printing works for root and roles in the global zone and for root, roles, and regular users in labeled zones.

   1. Print plain files from the command line.

   2. Print files from your applications, such as StarOffice, your browser, and your editor.

   3. Verify that banner pages, trailer pages, and security banners print correctly.