Solaris Trusted Extensions Transition Guide

Files and File System Mounting in Trusted Extensions

Trusted Extensions provides no explicit mount attributes for specifying labels. The label of a mounted filesystem is the same as the label that is associated with the owning host or owning zone. Writing up is not permitted. Writing up is prevented by disallowing mounts of higher-labeled or disjointly labeled filesystems. Reading down is permitted. Reading down is enforced by restricting mounts of lower-labeled filesystems to be read-only.

The Trusted Extensions implementation for specifying security attributes on file systems follows the Solaris implementation. Therefore, files do not have forced privileges or allowed privileges. This implementation enables Trusted Extensions to support any file system that is supported by Solaris zones.

File relabeling is implemented by moving a file from one mounted file system to another file system.