Oracle Solaris Trusted Extensions Configuration Guide

Devising a Label Strategy

Planning labels requires setting up a hierarchy of sensitivity levels and a categorization of information on your system. The label encodings file contains this type of information for your site. You can use one of the label_encodings files that are supplied on the Trusted Extensions installation media. You could also modify one of the supplied files, or create a new label_encodings file that is specific to your site. The file must include the Sun-specific local extensions, at least the COLOR NAMES section.

Caution – Caution –

If you are supplying a label_encodings file, you must have the final version of the file ready before rebooting the system after you enable the Trusted Extensions service. The file should be on removable media.

Planning labels also involves planning the label configuration. After enabling the Trusted Extensions service, you need to decide if the system can run at a single label only, or if the system can run at multiple labels. If all of your non-administrative users can operate at the same security label, select a single-label system.

You can also configure whether labels display and which label name format is displayed. For more information, see Oracle Solaris Trusted Extensions Label Administration. You can also refer to Compartmented Mode Workstation Labeling: Encodings Format.

For International Customers of Trusted Extensions

When localizing a label_encodings file, international customers must localize the label names only. The administrative label names, ADMIN_HIGH and ADMIN_LOW, must not be localized. All labeled hosts that you contact, from any vendor, must have label names that match the label names in the label_encodings file.

Trusted Extensions supports fewer locales than does the Solaris OS. When you are working in a locale that Trusted Extensions does not support, text that is specific to Trusted Extensions, such as error messages about labels, is not translated into your locale. Solaris software continues to be translated into your locale.