Solaris Trusted Extensions Administration Tools Display Incorrect Labels (6478436) (Solaris 10 7/07 HW Release Notes)

Solaris 10 7/07 HW Release Notes

Previous: Possible Error With 32-bit Applications Getting File System State on Large File Systems (6468905)
Next: Using patchadd With the -R Option To Specify an Alternative Root Path From Systems That Are Not Zones Aware Should Be Restricted (6464969)

Solaris Trusted Extensions Administration Tools Display Incorrect Labels (6478436)

Solaris Trusted Extensions administration tools such as the Solaris Management Console (SMC) and tninfo might not display the ADMIN_LOW or ADMIN_HIGH labels. Instead the administration tools might incorrectly display labels like PUBLIC and CNF : RESTRICTED.

This incorrect display of labels can result in misconfigured systems. For example, the SMC might incorrectly display PUBLIC for a zone when the actual default label is ADMIN_LOW. Because of incorrect label display the zone fails to boot.

The error is because the default label view is EXTERNAL when it should be INTERNAL. This causes ADMIN_LOW to be promoted to the minimum user label and ADMIN_HIGH to be demoted. As a result, the administration tools incorrectly display the lowest and highest labels defined instead of correctly displaying ADMIN_LOW and ADMIN_HIGH.

Workaround: Perform the following steps:

Install Solaris Trusted Extensions but do not reboot the system.
Edit your label encodings file. The default label_encodings file is /etc/security/tsol/label_encodings. Add the following line in the LOCAL DEFINITIONS section:
Default Label View is Internal;