NAME | Synopsis | Description | Options | Errors | Attributes | See Also
/usr/sbin/add_allocatable [-f] [-s] [-d] -n name -t type -l device-list [-a authorization] [-c clean] [-o key=value]
add_allocatable creates new entries for user allocatable devices that are to be managed by the device allocation mechanism. add_allocatable can also be used to update existing entries of such devices.
add_allocatable can also create and update entries for non-allocatable devices, such as printers, whose label range is managed by the device allocation mechanism.
add_allocatable can be used in shell scripts, such as installation scripts for driver packages, to automate the administrative work of setting up a new device.
Use list_devices(1) to see the names and types of allocatable devices, their attributes, and device paths.
Force an update of an already-existing entry with the specified information. add_allocatable exits with an error if this option is not specified when an entry with the specified device name already exists.
Turn on silent mode. add_allocatable does not print any error or warning messages.
If this option is present, add_allocatable updates the system-supplied default attributes of the device type specified with -t.
Adds or updates an entry for device that is specified by name.
Adds or updates device entries that are of a type that are specified by type.
Adds or updates device paths to the device that is specified with -n. Multiple paths in device-list must be separated by white spaces and the list must be quoted.
Adds or updates the authorization that is associated with either the device that is specified with -n or with devices of the type that is specified with -t. When more than one authorization is specified, the list must be separated by commas and must be quoted. When the device is not allocatable, authorization is specified with an asterisk (*) and must be quoted. When the device is allocatable by any user, authorization is specified with the at sign (@) and must be quoted. Default authorization is '@'.
Specifies the device_clean(5) program clean to be used with the device that is specified with -n or with devices of the type that is specified with -t. The default clean program is /bin/true.
Accepts a string of colon-separated key=value pairs for a device that is specified with -n or with devices of the type that is specified with -t. The following keys are currently interpreted by the system:
The minimum label at which the device can be used.
The maximum label at which the device can be used.
Specifies a logical grouping of devices. For example, all Sun RayTM devices of all device types is a logical grouping. The class keyword has no default value.
Specifies the display name of the X session. This keyword is used to identify devices that are associated with the X session. The xdpy keyword has no default value.
When successful, add_allocate returns an exit status of 0 (true). add_allocate returns a nonzero exit status in the event of an error. The exit codes are as follows:
Invocation syntax error
Unknown system error
An entry already exists for the specified device. This error occurs only when the -f option is not specified.
Permission denied. User does not have DAC or MAC access record updates.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE |
ATTRIBUTE VALUE |
---|---|
Availability |
SUNWtsu |
Interface Stability |
See below. |
The invocation is Uncommitted. The options are Uncommitted. The output is Not-an-interface.
NAME | Synopsis | Description | Options | Errors | Attributes | See Also
NAME | Synopsis | Interface Level | Description | Options | Exit Status | Files | Attributes | See Also | Notes
/usr/sbin/atohexlabel [human-readable-sensitivity-label]
/usr/sbin/atohexlabel -c [human-readable-clearance]
This file is part of the Defense Intelligence Agency (DIA) Mandatory Access Control (MAC) policy. This file might not be applicable to other MAC policies that might be developed for future releases of Solaris Trusted Extensions software.
atohexlabel converts a human readable label into an internal text representation that is safe for storing in a public object. If no option is supplied, the label is assumed to be a sensitivity label.
Internal conversions can later be parsed to their same value. This internal form is often hexadecimal. The converted label is written to the standard output file. If no human readable label is specified, the label is read from the standard input file. The expected use of this command is emergency repair of labels that are stored in internal databases.
The following exit values are returned:
On success.
On failure, and writes diagnostics to the standard error file.
The label encodings file contains the classification names, words, constraints, and values for the defined labels of this system.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE |
ATTRIBUTE VALUE |
---|---|
Availability |
SUNWtsu |
Stability Level |
See NOTES below |
The stability of the command output is Stable for systems with the same label_encodings file. The stability of the command invocation is Stable for systems that implement the DIA MAC policy.
NAME | Synopsis | Interface Level | Description | Options | Exit Status | Files | Attributes | See Also | Notes
NAME | Synopsis | Interface Level | Description | Options | Errors | Attributes | Files | See Also | Notes
/usr/sbin/chk_encodings [-a] [-c maxclass] [pathname]
This file is part of the Defense Intelligence Agency (DIA) Mandatory Access Control (MAC) policy. This file might not be applicable to other MAC policies that might be developed for future releases of Solaris Trusted Extensions software.
chk_encodings checks the syntax of the label-encodings file that is specified by pathname. With the -a option, chk_encodings also prints a semantic analysis of the label-encodings file that is specified by pathname. If pathname is not specified, chk_encodings checks and analyzes the /etc/security/tsol/label_encodings file.
If label-encodings file analysis was requested, whatever analysis can be provided is written to the standard output file even if errors were found.
Provide a semantic analysis of the label encodings file.
Accept a maximum classification value of maxclass (default 255) in the label encodings file CLASSIFICATIONS section.
When successful, chk_encodings returns an exit status of 0 (true) and writes to the standard output file a confirmation that no errors were found in pathname. Otherwise, chk_encodings returns an exit status of nonzero (false) and writes an error diagnostic to the standard output file.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE |
ATTRIBUTE VALUE |
---|---|
Availability |
SUNWtsu |
Stability Level |
Mixed. See NOTES below |
The label encodings file contains the classification names, words, constraints, and values for the defined labels of this system.
The stability of the syntactic checking is considered standard and controlled by DIA document DDS-2600-6216-93, Compartmented Mode Workstation Labeling: Encodings Format, September 1993. The stability of the command output is undefined. The stability of the command invocation is stable for systems that implement the DIA MAC policy.
NAME | Synopsis | Interface Level | Description | Options | Errors | Attributes | Files | See Also | Notes
NAME | Synopsis | Interface Level | Description | Options | Exit Status | Attributes | Files | See Also | Notes
/usr/sbin/hextoalabel [internal-text-sensitivity-label]
/usr/sbin/hextoalabel -c [internal-text-clearance]
This file is part of the Defense Intelligence Agency (DIA) Mandatory Access Control (MAC) policy. This file might not be applicable to other MAC policies that might be developed for future releases of Solaris Trusted Extensions software.
hextoalabel converts an internal text label into its human readable equivalent and writes the result to the standard output file. This internal form is often hexadecimal. If no option is supplied, the label is assumed to be a sensitivity label.
If no internal text label is specified, the label is read from the standard input file. The expected use of this command is emergency repair of labels that are stored in internal databases.
The following exit values are returned:
On success.
On failure, and writes diagnostics to the standard error file.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE |
ATTRIBUTE VALUE |
---|---|
Availability |
SUNWtsu |
Stability Level |
See NOTES below |
The label encodings file contains the classification names, words, constraints, and values for the defined labels of this system.
The stability of the command output is Stable for systems with the same label_encodings file. The stability of the command invocation is Stable for systems that implement the DIA MAC policy.
NAME | Synopsis | Interface Level | Description | Options | Exit Status | Attributes | Files | See Also | Notes
NAME | Synopsis | Description | Options | Errors | Attributes | See Also
/usr/sbin/remove_allocatable [-f] -n name
/usr/sbin/remove_allocatable [-f] [-d] -t dev-type
remove_allocatable removes entries of user allocatable devices from the device allocation mechanism. remove_allocatable also removes entries of some non-allocatable devices, such as printers, whose label range is managed by the mechanism.
Removes system-supplied default attributes of the device type that is specified with -t.
Force the removal of an entry. remove_allocatable exits with an error if this option is not specified when an entry with the specified device name no longer exists.
Removes the entry for the device name.
Removes devices of type dev-type.
When successful, remove_allocatable returns an exit status of 0 (true). remove_allocatable returns a nonzero exit status in the event of an error. The exit codes are as follows:
Invocation syntax error
Unknown system error
Device name or dev-type not found. This error occurs only when the -f option is not specified.
Permission denied. User does not have DAC or MAC access to database.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE |
ATTRIBUTE VALUE |
---|---|
Availability |
SUNWtsu |
Interface Stability |
See below. |
The invocation is Uncommitted. The options are Uncommitted. The output is Not-an-interface.
NAME | Synopsis | Description | Options | Errors | Attributes | See Also
NAME | Synopsis | Description | Options | Examples | Exit Status | Files | Attributes | See Also
/usr/sadm/bin/smtnrhdb subcommand [auth_args] -- subcommand_args]
The smtnrhdb command adds, modifies, deletes, and lists entries in the tnrhdb database.
smtnrhdb subcommands are:
Adds a new entry to the tnrhdb database. To add an entry, the administrator must have the solaris.network.host.write and solaris.network.security.write authorizations.
Deletes an entry from the tnrhdb database. To delete an entry, the administrator must have the solaris.network.host.write and solaris.network.security.write authorizations.
Lists all entries in the tnrhdb database. To list an entry, the administrator must have the solaris.network.host.read and solaris.network.security.read authorizations.
Modifies an entry in the tnrhdb database. To modify an entry, the administrator must have the solaris.network.host.write and solaris.network.security.write authorizations.
The smtnrhdb authentication arguments, auth_args, are derived from the smc arg set. These arguments are the same regardless of which subcommand you use. The smtnrhdb command requires the Solaris Management Console to be initialized for the command to succeed (see smc(1M)). After rebooting the Solaris Management Console server, the first smc connection can time out, so you might need to retry the command.
The subcommand-specific options, subcommand_args, must be preceded by the -- option.
The valid auth_args are -D, -H, -l, -p, -r, and -u; they are all optional. If no auth_args are specified, certain defaults will be assumed and the user might be prompted for additional information, such as a password for authentication purposes. These letter options can also be specified by their equivalent option words preceded by a double dash. For example, you can use either -D or --domain.
Specifies the default domain that you want to manage. The syntax of domain=type:/host_name/domain_name, where type is dns, ldap, or file; host_name is the name of the server; and domain_name is the name of the domain you want to manage.
If you do not specify this option, the Solaris Management Console assumes the file default domain on whatever server you choose to manage, meaning that changes are local to the server. Toolboxes can change the domain on a tool-by-tool basis; this option specifies the domain for all other tools.
Specifies the host_name and port to which you want to connect. If you do not specify a port, the system connects to the default port, 898. If you do not specify host_name:port, the Solaris Management Console connects to the local host on port 898.
Specifies the password for the role_name. If you specify a role_name but do not specify a role_password, the system prompts you to supply a role_password. Passwords specified on the command line can be seen by any user on the system, hence this option is considered insecure.
Specifies the password for the user_name. If you do not specify a password, the system prompts you for one. Passwords specified on the command line can be seen by any user on the system, hence this option is considered insecure.
Specifies a role name for authentication. If you do not specify this option, no role is assumed.
Specifies the user name for authentication. If you do not specify this option, the user identity running the console process is assumed.
This option is required and must always follow the preceding options. If you do not enter the preceding options, you must still enter the -- option.
Note: Descriptions and other arg options that contain white spaces must be enclosed in double quotes.
Displays the command's usage statement.
Specifies the name of the host. For the list subcommand, the hostname argument is not specified. This is not required if the ipaddress subcommand argument is specified.
Specifies the IP address of the host. This is not required if the hostname subcommand argument is specified.
Specifies the name of the template.
Specifies the prefix length (in bits) of a wildcard representation of the IP address. The prefix is the left-most portion of the IP address.
Specifies the IP address of the subnet using a wildcard.
One of the following sets of arguments must be specified for subcommand add:
-H hostname -n templatename | -i ipaddress -n templatename | -w ipaddress-wildcard -n templatename [ -p prefixlen ] | -h |
One of the following sets of arguments must be specified for subcommand modify:
-H hostname -n templatename | -i ipaddress -n templatename | -w ipaddress-wildcard -n templatename [ -p prefixlen ] | -h |
One of the following sets of arguments must be specified for subcommand delete:
-H hostname | -i ipaddress | -w ipaddress-wildcard [ -p prefixlen ] | -h |
The subcommand list takes the following argument:
-h |
The admin role specifies the template name, cipso_lan, for a series of hosts that use the IP address wildcard 192.168.113.0 on the local file system. Since no authorization arguments were specified, the administrator connects to port 898 of the local host on the local server with the file domain type, which are the defaults. The administrator is prompted for the admin password.
$ usr/sadm/bin/smtnrhdb add -- -w 192.168.113.0 -n cipso_lan |
The admin role connects to port 898 (which happens to be the default) of the LDAP server and deletes a host entry from the database by specifying its IP address, 192.168.113.8. Since the domain was not specified, the file domain type and local server are used by default. The administrator is prompted for the admin password.
/usr/sadm/bin/smtnrhdb delete \ -D ldap:/example.domain -i 192.168.113.8 |
The following exit values are returned:
Successful completion.
Invalid command syntax. A usage message displays.
An error occurred while executing the command. An error message displays.
The following files are used by the smtnrhdb command:
Trusted network remote-host database. See tnrhdb(4).
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE |
ATTRIBUTE VALUE |
---|---|
Availability |
SUNWmgts |
NAME | Synopsis | Description | Options | Examples | Exit Status | Files | Attributes | See Also
NAME | Synopsis | Description | Options | Examples | Exit Status | Files | Attributes | See Also
/usr/sadm/bin/smtnrhtp subcommand [auth_args] -- [subcommand_args]
The smtnrhtp command adds, modifies, deletes, and lists entries in the tnrhtp database.
smtnrhtp subcommands are:
Adds a new entry to the tnrhtp database. To add an entry, the administrator must have the solaris.network.security.read and solaris.network.security.write authorizations.
Modifies an entry in the tnrhtp database. To modify an entry, the administrator must have the solaris.network.security.read and solaris.network.security.write authorizations.
Deletes an entry from tnrhtp database. To delete an entry, the administrator must have the solaris.network.security.read and solaris.network.security.write authorizations.
Lists entries in the tnrhtp database. To list an entry, the administrator must have the solaris.network.security.read authorizations.
The smtnrhtp authentication arguments, auth_args, are derived from the smc arg set and are the same regardless of which subcommand you use. The smtnrhtp command requires the Solaris Management Console to be initialized for the command to succeed (see smc(1M)). After rebooting the Solaris Management Console server, the first smc connection can time out, so you might need to retry the command.
The subcommand-specific options, subcommand_args, must be preceded by the -- option.
The valid auth_args are -D, -H, -l, -p, -r, and -u; they are all optional. If no auth_args are specified, certain defaults will be assumed and the user might be prompted for additional information, such as a password for authentication purposes. These letter options can also be specified by their equivalent option words preceded by a double dash. For example, you can use either -D or --domain.
Specifies the default domain that you want to manage. The syntax of domain=type:/host_name/domain_name, where type is dns, ldap, or file; host_name is the name of the server; and domain_name is the name of the domain you want to manage.
If you do not specify this option, the Solaris Management Console assumes the file default domain on whatever server you choose to manage, meaning that changes are local to the server. Toolboxes can change the domain on a tool-by-tool basis; this option specifies the domain for all other tools.
Specifies the host_name and port to which you want to connect. If you do not specify a port, the system connects to the default port, 898. If you do not specify host_name:port, the Solaris Management Console connects to the local host on port 898.
Specifies the password for the role_name. If you specify a role_name but do not specify a role_password, the system prompts you to supply a role_password. Passwords specified on the command line can be seen by any user on the system, hence this option is considered insecure.
Specifies the password for the user_name. If you do not specify a password, the system prompts you for one. Passwords specified on the command line can be seen by any user on the system, hence this option is considered insecure.
Specifies a role name for authentication. If you do not specify this option, no role is assumed.
Specifies the user name for authentication. If you do not specify this option, the user identity running the console process is assumed.
This option is required and must always follow the preceding options. If you do not enter the preceding options, you must still enter the -- option.
Note: Descriptions and other arg options that contain white spaces must be enclosed in double quotes.
Displays the command's usage statement.
Specifies the name of the template.
Specifies the hosttype of the new host. Valid values are unlabeled and cipso.
Specifies the DOI value.
Specifies the maximum label. Values can be a hex value or string (such as admin_high).
Specifies the minimum label. Values can be a hex value or string (such as admin_low).
Specifies the default label when the host type is unlabeled. This option does not apply if hosttype is CIPSO. Values can be a hex value or string (such as admin_low).
Specifies a set of sensitivity labels. You can specify up to four label values, separated by commas. Values can be a hex value or string (such as admin_low).
One of the following sets of arguments must be specified for subcommand add:
-n template name ( |
-t cipso [ -x doi=doi-value -x min=minimum-label -x max=maximum-label -x slset=l1,l2,l3,l4 ] |
-t unlabeled [ -x doi=doi-value -x min=minimum-label -x max=maximum-label -x label=default-label -x slset=l1,l2,l3,l4 ] |
-h
) |
One of the following sets of arguments must be specified for subcommand modify:
-n template name ( |
-t cipso [ -x doi=doi-value -x min=minimum-label -x max=maximum-label -x slset=l1,l2,l3,l4 ] |
-t unlabeled [ -x doi=doi-value -x min=minimum-label -x max=maximum-label -x label=default-label-x slset=l1,l2,l3,l4 ] |
-h
) |
Note: If the host type is changed, all options for the new host type must be specified.
One of the following sets of arguments must be specified for subcommand delete:
-n templatename | -h |
The following argument can be specified for subcommand list:
-n templatename | -h |
The admin role connects to port 898 of the LDAP server and creates the unlabeled_ntk entry in the tnrhtp database. The new template is assigned a host type of unlabeled, a domain of interpretation of 1, minimum label of public, maximum label of restricted, and a default label of needtoknow. The administrator is prompted for the admin password.
$ /usr/sadm/bin/smtnrhtp \ add -D ldap:directoryname -H servername:898 -- \ -n unlabeled_ntk -t unlabeled -x DOI=1 \ -x min=public -x max=restricted -x label="need to know" |
The following exit values are returned:
Successful completion.
Invalid command syntax. A usage message displays.
An error occurred while executing the command. An error message displays.
The following files are used by the smtnrhtp command:
Trusted network remote-host templates. See tnrhtp(4).
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE |
ATTRIBUTE VALUE |
---|---|
Availability |
SUNWmgts |
NAME | Synopsis | Description | Options | Examples | Exit Status | Files | Attributes | See Also
NAME | Synopsis | Description | Options | Examples | Exit Status | Files | Attributes | See Also
/usr/sadm/bin/smtnzonecfg subcommand [auth_args] -- [subcommand_args]
The smtnzonecfg command adds, modifies, deletes, and lists entries in the tnzonecfg database.
smtnzonecfg subcommands are:
Adds a new entry to the tnzonecfg database. To add an entry, the administrator must have the solaris.network.host.write and solaris.network.security.write authorizations.
Modifies an entry in the tnzonecfg database. To modify an entry, the administrator must have the solaris.network.host.write and solaris.network.security.write authorizations.
Deletes an entry from the tnzonecfg database. To delete an entry, the administrator must have the solaris.network.host.write and solaris.network.security.write authorizations.
Lists entries in the tnzonecfg database. To list an entry, the administrator must have the solaris.network.host.read and solaris.network.security.read authorizations.
The smtnzonecfg authentication arguments, auth_args, are derived from the smc arg set and are the same regardless of which subcommand you use. The smtnzonecfg command requires the Solaris Management Console to be initialized for the command to succeed (see smc(1M)). After rebooting the Solaris Management Console server, the first smc connection can time out, so you might need to retry the command.
The subcommand-specific options, subcommand_args, must be preceded by the -- option.
The valid auth_args are -D, -H, -l, -p, -r, and -u; they are all optional. If no auth_args are specified, certain defaults will be assumed and the user can be prompted for additional information, such as a password for authentication purposes. These letter options can also be specified by their equivalent option words preceded by a double dash. For example, you can use either -D or --domain.
Specifies the default domain that you want to manage. The syntax of domain=type:/host_name/domain_name, where type is dns, ldap, or file; host_name is the name of the server; and domain_name is the name of the domain you want to manage.
If you do not specify this option, the Solaris Management Console assumes the file default domain on whatever server you choose to manage, meaning that changes are local to the server. Toolboxes can change the domain on a tool-by-tool basis. This option specifies the domain for all other tools.
Specifies the host_name and port to which you want to connect. If you do not specify a port, the system connects to the default port, 898. If you do not specify host_name:port, the Solaris Management Console connects to the local host on port 898.
Specifies the password for the role_name. If you specify a role_name but do not specify a role_password, the system prompts you to supply a role_password. Passwords specified on the command line can be seen by any user on the system, hence this option is considered insecure.
Specifies the password for the user_name. If you do not specify a password, the system prompts you for one. Passwords specified on the command line can be seen by any user on the system, hence this option is considered insecure.
Specifies a role name for authentication. If you do not specify this option, no role is assumed.
Specifies the user name for authentication. If you do not specify this option, the user identity running the console process is assumed.
This option is required and must always follow the preceding options. If you do not enter the preceding options, you must still enter the -- option.
Note: Descriptions and other arg options that contain white spaces must be enclosed in double quotes.
Displays the command's usage statement.
Specifies the zone name for the entry. This name is used when the zone is configured. zonename is case-sensitive. The specified zone name must be one of the configured zones on the system. The following command returns a list of configured zones:
/usr/sbin/zoneadm list -c |
Specifies the label for the zone. This field is used to label the zone when the zone is booted.
Specifies the policy match level for non-transport traffic. Only values of 0 (match the label) or 1 (be within the label range of the zone) are accepted. See tnzonecfg(4) for more detail. This subcommand argument is optional. If not specified, it will have a default value of 0.
Specifies the multilevel port configuration entry for zone-specific IP addresses. Multiple port/protocol combinations are separated by a semi-colon. The empty string can be specified to remove all existing MLP zone values. This subcommand argument is optional.
Specifies the multilevel port configuration entry for shared IP addresses. Multiple port/protocol combinations are separated by a semi-colon. The empty string can be specified to remove all existing MLP shared values. This subcommand argument is optional.
One of the following sets of arguments must be specified for subcommand add:
-n zonename -l label [-x policymatch=policy-match-level \ -x mlpzone=port/protocol;.... | -x mlpshared=port/protocol;.... ] -h |
One of the following sets of arguments must be specified for subcommand modify:
-n zonename [-l label] [-x policymatch=policy-match-level \ -x mlpzone=port/protocol;.... | -x mlpshared=port/protocol;.... ] -h |
One of the following arguments must be specified for subcommand delete:
-n zonename | -h |
The following argument can be specified for subcommand list:
-n zonename | -h |
The admin role creates a new zone entry, public, with a label of public, a policy match level of 1, and a shared MLP port and protocol of 666 and TCP. The administrator is prompted for the admin password.
$ /usr/sadm/bin/smtnzonecfg add -- -n public -l public \ -x policymatch=1 -x mlpshared=666/tcp |
The admin role changes the public entry in the tnzonecfg database to needtoknow. The administrator is prompted for the admin password.
$ /usr/sadm/bin/smtnzonecfg modify -- -n public -l needtoknow |
The admin role lists the entries in the tnzonecfg database. The administrator is prompted for the admin password.
$ /usr/sadm/bin/smtnzonecfg list -- |
The following exit values are returned:
Successful completion.
Invalid command syntax. A usage message displays.
An error occurred while executing the command. An error message displays.
The following files are used by the smtnzonecfg command:
Trusted zone configuration database. See tnzonecfg(4).
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE |
ATTRIBUTE VALUE |
---|---|
Availability |
SUNWmgts |
NAME | Synopsis | Description | Options | Examples | Exit Status | Files | Attributes | See Also
NAME | Synopsis | Description | Options | Examples | Attributes | Files | See Also | Notes
/usr/sbin/tnchkdb [-h path] [-t path] [-z path]
tnchkdb checks the syntax of the tnrhtp(4), tnrhdb(4), and tnzonecfg(4) databases. By default, the path for each file is:
/etc/security/tsol/tnrhtp
/etc/security/tsol/tnrhdb
/etc/security/tsol/tnzonecfg
You can specify an alternate path for any or all of the files by specifying that path on the command line by using the -h (tnrhdb), -t (tnrhtp) and -z (tnzonecfg) options. The options are useful when testing a set of modified files before installing the files as new system databases.
All three database files are checked for integrity. tnchkdb returns an exit status of 0 if all of the files are syntactically and, to the extent possible, semantically correct. If one or more files have errors, then an exit status of 1 is returned. If there are command line problems, such as an unreadable file, an exit status of 2 is returned. Errors are written to standard error.
To avoid cascading errors, when there are errors in tnrhtp, the template names in tnrhdb are not validated.
tnchkdb can be run at any label, but the standard /etc/security/tsol files are visible only in the global zone.
Check path for proper tnrhdb syntax. If path is not specified, then check /etc/security/tsol/tnrhdb.
Check path for proper tnrhtp syntax. If path is not specified, then check /etc/security/tsol/tnrhtp.
Check path for proper tnzonecfg syntax. If path is not specified, then check /etc/security/tsol/tnzonecfg.
The tnchkdb command checks for CIPSO errors. In this example, the admin_low template has an incorrect value of ADMIN_HIGH for its default label.
# tnchkdb checking /etc/security/tsol/tnrhtp ... tnchkdb: def_label classification 7fff is invalid for cipso labels: line 14 entry admin_low tnchkdb: def_label compartments 241-256 must be zero for cipso labels: line 14 entry admin_low checking /etc/security/tsol/tnrhdb ... checking /etc/security/tsol/tnzonecfg ... |
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE |
ATTRIBUTE VALUE |
---|---|
Availability |
SUNWtsu |
Stability (Command Line) |
Evolving |
Stability (Output) |
Unstable |
Trusted network remote-host database
Trusted network remote-host templates
Trusted zone configuration database
It is possible to have inconsistent but valid configurations of tnrhtp and tnrhdb when LDAP is used to supply missing templates.
NAME | Synopsis | Description | Options | Examples | Attributes | Files | See Also | Notes
NAME | Synopsis | Description | Options | Attributes | Files | See Also | Notes | Warnings
/usr/sbin/tnctl [-dfv] [-h host [/prefix] [:template]] [-m zone:mlp:shared-mlp] [-t template [:key=val [;key=val]]] [-HTz] file]
tnctl provides an interface to manipulate trusted network parameters in the Solaris kernel.
As part of Solaris Trusted Extensions initialization, tnctl is run in the global zone by an smf(5) script during system boot. The tnctl command is not intended to be used during normal system administration. Instead, if a local trusted networking database file is modified without using the Solaris Management Console, the administrator first issues tnchkdb(1M) to check the syntax, and then refreshes the kernel copy with this command:
# svcadm restart svc:/network/tnctl |
See WARNINGS about the risks of changing remote host and template information on a running system.
Delete matching entries from the kernel. The default is to add new entries.
When deleting MLPs, the MLP range must match exactly. MLPs are specified in the form:
port[-port]/protocol |
Where port can be a number in the range 1 to 65535. or any known service (see services(4)), and protocol can be a number in the range 1 to 255, or any known protocol (see protocols(4)).
Flush all kernel entries before loading the entries that are specified on the command line. The flush does not take place unless at least one entry parsed successfully.
Turn on verbose mode.
Update the kernel remote-host cache on the specified host or, if a template name is given, change the kernel's cache to use the specified template. If prefix is not specified, then an implied prefix length is determined according to the rules used for interpreting the tnrhdb(4). If -d is specified, then a template name cannot be specified.
Modify the kernel's multilevel port (MLP) configuration cache for the specified zone. zone specifies the zone to be updated. mlp and shared-mlp specify the MLPs for the zone-specific and shared IP addresses. The shared-mlp field is effective in the global zone only.
Update the kernel template cache for template or, if a list of key=val pairs is given, change the kernel's cache to use the specified entry. If -d is specified, then key=val pairs cannot be specified. See tnrhtp(4) for the format of the entries.
Load all template entries in file into the kernel cache.
Load all remote host entries in file into the kernel cache.
Load just the global zone's MLPs from file into the kernel cache. To reload MLPs for a non-global zone, reboot the zone:
# zoneadm -z non-global zone reboot |
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE |
ATTRIBUTE VALUE |
---|---|
Availability |
SUNWtsu |
Stability Level |
Unstable |
Trusted network remote-host database
Trusted network remote-host templates
Trusted zone configuration database
Configuration file for the name service switch
svcs(1), svcadm(1M), tninfo(1M), tnd(1M), tnchkdb(1M), zoneadm(1M), nsswitch.conf(4), protocols(4), services(4), tnrhdb(4), tnrhtp(4), tnzonecfg(4), attributes(5), smf(5)
The tnctl service is managed by the service management facility, smf(5), under the service identifier:
svc:/network/tnctl |
The service's status can be queried by using svcs(1). Administrative actions on this service, such as refreshing the kernel cache, can be performed using svcadm(1M), as in:
svcadm refresh svc:/network/tnctl |
Changing a template while the network is up can change the security view of an undetermined number of hosts.
NAME | Synopsis | Description | Options | Attributes | Files | See Also | Notes | Warnings
NAME | Synopsis | Description | Options | Examples | Attributes | Files | See Also | Notes
/usr/sbin/tnd [-p poll-interval]
The tnd (trusted network daemon) initializes the kernel with trusted network databases and also reloads the databases on demand from an LDAP server and local files. tnd follows the order specified in the nsswitch.conf(4) file when loading configuration databases. tnd is started at the beginning of the boot process.
tnd loads two databases into the kernel: the remote host database, tnrhdb(4) and the remote-host template database, tnrhtp(4). These databases and their effect on the trusted network are described in their respective man pages. When the associated LDAP database or local databases are changed, tnd also updates the local kernel cache at the predetermined interval.
If a local trusted networking database file is modified, the administrator should run tnchkdb(1M) to check the syntax, and should also run svcadm refresh svc:/network/tnd to initiate an immediate database scan by tnd.
tnd is intended to be started from an smf(5) script and to run in the global zone. The following signals cause specific svcadm actions:
SIGHUP
Causes svcadm refresh svc:/network/tnd to be run.
Initiates a rescan of the local and LDAP tnrhdb and tnrhtp databases. tnd updates the kernel database with any changes found.
SIGTERM
Causes svcadm disable svc:/network/tnd to be run.
Terminates the tnd daemon. No changes are made to the kernel database.
Set poll interval to poll-interval seconds. The default poll-interval is 1800 seconds (30 minutes).
The following command changes the polling interval to one hour, and puts this interval in the SMF repository. At the next boot, the tnd poll interval will be one hour.
# svccfg -s network/tnd setprop tnd/poll_interval=3600 |
The following command changes the polling interval, but does not update the repository. At the next boot, the tnd poll interval remains the default, 30 minutes.
# tnd -p 3600 |
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE |
ATTRIBUTE VALUE |
---|---|
Availability |
SUNWtsu |
Stability Level (Command) |
Stable |
Stability Level (Service) |
Project Private |
Trusted network remote-host database
Trusted network remote-host templates
Trusted zone configuration database
Configuration file for the name service switch
svcs(1), svcadm(1M), tninfo(1M), tnctl(1M), tnchkdb(1M), tnrhdb(4), tnrhtp(4), tnzonecfg(4), nsswitch.conf(4), attributes(5), smf(5)
The tnd service is managed by the service management facility, smf(5), under the service identifier:
svc:/network/tnd |
The service's status can be queried by using svcs(1). Administrative actions on this service, such as requests to restart the daemon, can be performed using svcadm(1M), as in:
svcadm restart svc:/network/tnd |
NAME | Synopsis | Description | Options | Examples | Attributes | Files | See Also | Notes
NAME | Synopsis | Description | Options | Examples | Attributes | Files | See Also
/usr/sbin/tninfo [-h hostname] [-m zone-name] [-t template]
tninfo provides an interface to retrieve and display kernel-level network information and statistics.
Display the security structure for the specified host in the remote-host cache. The output should reflect what is specified in the tnrhdb database.
Display the MLP configuration associated with the specified zone. The output should reflect what is specified in the tnzonecfg database.
Display the structure associated with the specified template. The output should reflect what is specified in the tnrhtp database.
This example shows the remote host structures cached in the kernel. The output reflects the definition in the tnrhdb database.
# tninfo -h machine1 IP address= 192.168.8.61 Template = cipso |
This example shows the kernel-cached MLPs for the global zone. The output reflects the definition in the tnzonecfg database, plus any dynamically allocated MLPs. private indicates zone-specific MLPs.
# tninfo -m global private:23/tcp;111/tcp;111/udp;515/tcp;2049/tcp;6000-6003/tcp; 32812/tcp;36698/ip;38634/tcp;64365/ip shared: 6000-6003/tcp |
This example shows the kernel-cached cipso template definition. The output reflects the definition in the tnrhtp database.
# tninfo -t cipso ===================================== Remote Host Template Table Entries: __________________________ template: cipso host_type: CIPSO doi: 1 min_sl: ADMIN_LOW hex: ADMIN_LOW max_sl: ADMIN_HIGH hex: ADMIN_HIGH |
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE |
ATTRIBUTE VALUE |
---|---|
Availability |
SUNWtsu |
Stability (Command Line) |
Evolving |
Stability (Output) |
Unstable |
Trusted network remote-host database
Trusted network remote-host templates
Trusted zone configuration database
NAME | Synopsis | Description | Options | Examples | Attributes | Files | See Also
NAME | Synopsis | Description | Options | Return Values | Examples | Attributes | Files | See Also
/usr/bin/updatehome [-cirs]
updatehome reads the user's minimum-label copy and link-control files (.copy_files and .link_files). These files contain a list of files to be copied and symbolically linked from the user's minimum-label home directory to the user's home directory at the current label.
The Solaris Trusted Extensions dtsession program performs an updatehome whenever a newly labeled workspace is created so that the user's favorite files are available for use. For example, the user probably wants a symlink to such files as .profile, .login, .cshrc, .exrc, .mailrc, and ~/bin. The updatehome command provides a convenient mechanism for accomplishing this symlink. The user can add files to those to be copied (.copy_files) and to those to be symbolically linked (.link_files).
Replace existing home-directory copies at the current label. The default is to skip over existing copies.
Ignore errors encountered. The default aborts on error.
Replace existing home-directory copies or symbolic links at the current label. This option implies options -c and -s. The default is to skip over existing copies or symbolic links.
Replace existing home-directory symbolic links at the current label. The default is to skip over existing symbolic links.
Upon success, updatehome returns 0. Upon failure, updatehome returns 1 and writes diagnostic messages to standard error.
The files that are listed in .copy_files can be modified at every user's label.
.cshrc .mailrc .mozilla/bookmarks.html |
The files that are listed in .link_files can be modified at the lowest label. The changes propagate to the other labels that are available to the user.
~/bin .mozilla/preferences .xrc .rhosts |
The .copy_files and .link_files were updated by the user at the minimum label. At a higher label, the user refreshes the copies and the links. No privileges are required to run the command.
% updatehome -r |
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE |
ATTRIBUTE VALUE |
---|---|
Availability |
SUNWtsu |
Stability |
Stable |
List of files to be copied
List of files to be symbolically linked
NAME | Synopsis | Description | Options | Return Values | Examples | Attributes | Files | See Also