Skip Navigation Links | |
Exit Print View | |
Oracle Solaris Trusted Extensions Label Administration Oracle Solaris 11 Express 11/10 |
1. Labels in Trusted Extensions Software (Overview)
2. Planning Labels in Trusted Extensions(Tasks)
3. Creating a Label Encodings File (Tasks)
4. Labeling Printer Output (Tasks)
5. Customizing the LOCAL DEFINITIONS Section (Tasks)
Contents of LOCAL DEFINITIONS Section
Changing Column Headings on Label Builders
Modifying Oracle Extensions (Task Map)
How to Add Oracle Extensions to an Encodings File
How to Specify Default User Labels
6. Planning an Organization's Encodings File (Example)
The following task map describes how to modify Oracle extensions in the label_encodings file.
|
The LOCAL DEFINITIONS section of the label_encodings file enables you to specify default user labels and colors for labels.
You must be in the Security Administrator role in the global zone. You must have an encodings file that does not have a LOCAL DEFINITIONS section.
Append the section from an Oracle-supplied label_encodings file. Oracle-supplied files are in the /etc/security/tsol directory.
You must be in the Security Administrator role in the global zone. You must have an encodings file with a LOCAL DEFINITIONS section.
# cp label_encodings label_encodings.orig
# env | grep EDITOR /usr/bin/gedit # /usr/bin/gedit label_encodings
Default User Sensitivity Label= u; Default User Clearance= c;
The following example shows a new minimum label of c.
Default User Sensitivity Label= c;
The following example shows a new clearance of s.
Default User Clearance= s;
Continue with How to Analyze and Verify the label_encodings File.
To minimize color-flashing, use color names or hexadecimal color values that you know have been specified for other applications. The default color values have been chosen with memory limitations for color in mind.
You must be in the Security Administrator role in the global zone.
# cp label_encodings label_encodings.orig
# /usr/bin/gedit label_encodings
COLOR NAMES: label= Admin_Low; color= #bdbdbd; ... label= Admin_High; color= #636363;
In this example, the classification REGISTERED is assigned the color red. The NEED_TO_KNOW classification is assigned the color blue.
label= REGISTERED; color= red; label= NEED TO KNOW; color= blue;
To distinguish certain compartment words irrespective of the classification with which they are associated, assign a separate color to those words.
The names are defined in a local color database. For more information, see the X11(5) man page.
% grep Red /usr/X11/lib/X11/rgb.txt ... 255 69 0 OrangeRed 219 112 147 PaleVioletRed ... 139 0 0 DarkRed
For example, assign the color OrangeRed to the EMGT compartment:
word= EMGT; color= OrangeRed;
In this example, assign the color MediumPurple4 to the NEED TO KNOW label.
label= NEED TO KNOW; color= MediumPurple4;
Continue with How to Analyze and Verify the label_encodings File.
You must be in the Security Administrator role in the global zone.
# cp label_encodings label_encodings.orig
# /usr/bin/gedit label_encodings
This line and the following line define the column headings in the label builder.
Classification Name= Classification; Compartments Name= Sensitivity;
The following example shows the column headings from label_encodings.example.
Classification Name= Classification; Compartments Name= Departments;
Continue with How to Analyze and Verify the label_encodings File.