Oracle Solaris Trusted Extensions Label Administration

Compartment Words

Compartments are optional words that can be defined to appear in labels. Compartments are called categories in some other trusted systems. Compartments are used to indicate the special handling procedures to be used for the information whose label contains the compartment and the general class of people who might have access to the information.

Compartment words are assigned to non-hierarchical bits. However, hierarchies can be established between compartment words. These hierarchies are based on rules for including bits from one compartment word in the bits that are defined for another compartment word.

Compartment words are optionally defined in the WORDS subsection for each label type. Each compartment word is assigned to one or more bits.

While all types of labels use the same classifications, the words that are used for each type of label can be different. The words can be different even when they are encoded with the same bits and literally refer to the same thing.

The following example shows the WEB COMPANY compartment word. The word is specified with a short name (sname) of WEBCO and compartment bits 40-50.

Example 3–5 Sample Compartment Definition for a Sensitivity Label


name= WEB COMPANY; sname= WEBCO; compartments= 40-50;

Along with its classification field, each label has a 256-bit compartment field, of which 239 are available for CIPSO labels. Each bit is assignable in zero or more compartment words. Each word can have one or more compartment bits assigned. Out of the 239 available bits, many compartment words can be created. For an example, see the compartments planner in Table 6–3.

The classification, compartments, and combination requirements affect the accreditation range. The ACCREDITATION RANGE for each classification setting should be one of the following strings: