This procedure is used when an application that runs in a labeled zone requires a multilevel port (MLP) to communicate with the zone. In this procedure, a web proxy communicates with the zone. The Solaris Management Console is used to add the MLP.
You must be in the Security Administrator role in the global zone. The labeled zone must exist. For details, see Creating Labeled Zones in Oracle Solaris Trusted Extensions Configuration Guide.
Start the Solaris Management Console.
For details, see How to Administer the Local System With the Solaris Management Console.
Choose the Files toolbox.
The title of the toolbox includes Scope=Files, Policy=TSOL.
Add the proxy host and the webservices host to the list of computers.
Configure the zone and the MLP.
For the zone, customize a template by completing the following steps:
Navigate to the Security Templates tool.
Click the Action menu and choose Add Template.
Use the host name for the template name.
Specify CIPSO for the Host Type.
Use the label of the zone for the Minimum Label and for the Maximum Label.
Assign the zone label to the Security Label Set.
Select the Hosts Explicitly Assigned tab.
In the Add an Entry section, add the IP address that is associated with the zone.
Save the changes.
Close the Solaris Management Console.
Start the zones.
# zoneadm -z zone-name boot
In the global zone, add routes for the new addresses.
For example, if the zones have a shared IP address, do the following:
# route add proxy labeled-zones-IP-address # route add webservice labeled-zones-IP-address