Oracle Solaris Trusted Extensions Label Administration


Labels, clearances, and handling instructions are used to protect information on a system that is configured with the Oracle Solaris' Trusted Extensions feature. The components of labels, clearances, and handling instructions are specified in the label_encodings file. This guide provides background for creating or modifying the file. The guide provides examples, and helps you to create and install a label_encodings file that is appropriate for your site.

Who Should Use This Book

This book is for security administrators. Security administrators are responsible for defining the organization's labels. Some security administrators are also responsible for implementing the labels. This book is for definers and implementers.

Note –

Labels are always being used. Labels provide mandatory access control (MAC), and MAC is always enforced. Therefore, the site's label_encodings file must be in place before any users or roles are created.

Trusted Extensions installs a default label_encodings file. The security administrator must provide a file that is appropriate for the site.

The security administrator who implements the labels should be familiar with Solaris administration. The necessary level of knowledge can be acquired through training and documentation. For details, see Documentation, Support, and Training.

How the Solaris Trusted Extensions Books Are Organized

The Solaris Trusted Extensions documentation set supplements the documentation for the Solaris release. Review both sets of documentation for a more complete understanding of Solaris Trusted Extensions. The following table lists the topics that are covered in the Solaris Trusted Extensions guides and the audience for each guide.

Book Title 



Oracle Solaris Trusted Extensions User’s Guide

Describes the basic features of Solaris Trusted Extensions. This book contains a glossary. 

End users, administrators, developers 

Oracle Solaris Trusted Extensions Administrator’s Procedures

Shows how to perform specific administration tasks. 

Part I describes how to prepare for, enable, and initially configure Trusted Extensions. 

Part II describes how to administer a Trusted Extensions system. This book contains a glossary. 

Administrators, developers 

Oracle Solaris Trusted Extensions Developer’s Guide

Describes how to develop applications with Solaris Trusted Extensions. 

Developers, administrators 

Oracle Solaris Trusted Extensions Label Administration

Provides information about how to specify label components in the label encodings file. 


Compartmented Mode Workstation Labeling: Encodings Format

Describes the syntax used in the label encodings file. The syntax enforces the various rules for well-formed labels for a system. 


How This Book Is Organized

Documentation, Support, and Training

See the following web sites for additional resources:

Oracle Welcomes Your Comments

Oracle welcomes your comments and suggestions on the quality and usefulness of its documentation. If you find any errors or have any other suggestions for improvement, go to and click Feedback. Indicate the title and part number of the documentation along with the chapter, section, and page number, if available. Please let us know if you want a reply.

Oracle Technology Network offers a range of resources related to Oracle software:

Typographic Conventions

The following table describes the typographic conventions that are used in this book.

Table P–1 Typographic Conventions





The names of commands, files, and directories, and onscreen computer output 

Edit your .login file.

Use ls -a to list all files.

machine_name% you have mail.


What you type, contrasted with onscreen computer output 

machine_name% su



Placeholder: replace with a real name or value 

The command to remove a file is rm filename.


Book titles, new terms, and terms to be emphasized 

Read Chapter 6 in the User's Guide.

A cache is a copy that is stored locally.

Do not save the file.

Note: Some emphasized items appear bold online.

Shell Prompts in Command Examples

The following table shows the default UNIX® system prompt and superuser prompt for shells that are included in the Oracle Solaris OS. Note that the default system prompt that is displayed in command examples varies, depending on the Oracle Solaris release.

Table P–2 Shell Prompts



Bash shell, Korn shell, and Bourne shell 


Bash shell, Korn shell, and Bourne shell for superuser 


C shell 


C shell for superuser