JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Trusted Extensions Administrator's Procedures     Oracle Solaris 10 8/11 Information Library
search filter icon
search icon

Document Information


1.  Trusted Extensions Administration Concepts

2.  Trusted Extensions Administration Tools

Administration Tools for Trusted Extensions

txzonemgr Script

Trusted CDE Actions

Device Allocation Manager

Solaris Management Console Tools

Trusted Extensions Tools in the Solaris Management Console

Security Templates Tool

Trusted Network Zones Tool

Client-Server Communication With the Solaris Management Console

Solaris Management Console Documentation

Label Builder in Trusted Extensions

Command Line Tools in Trusted Extensions

Remote Administration in Trusted Extensions

3.  Getting Started as a Trusted Extensions Administrator (Tasks)

4.  Security Requirements on a Trusted Extensions System (Overview)

5.  Administering Security Requirements in Trusted Extensions (Tasks)

6.  Users, Rights, and Roles in Trusted Extensions (Overview)

7.  Managing Users, Rights, and Roles in Trusted Extensions (Tasks)

8.  Remote Administration in Trusted Extensions (Tasks)

9.  Trusted Extensions and LDAP (Overview)

10.  Managing Zones in Trusted Extensions (Tasks)

11.  Managing and Mounting Files in Trusted Extensions (Tasks)

12.  Trusted Networking (Overview)

13.  Managing Networks in Trusted Extensions (Tasks)

14.  Multilevel Mail in Trusted Extensions (Overview)

15.  Managing Labeled Printing (Tasks)

16.  Devices in Trusted Extensions (Overview)

17.  Managing Devices for Trusted Extensions (Tasks)

18.  Trusted Extensions Auditing (Overview)

19.  Software Management in Trusted Extensions (Tasks)

A.  Quick Reference to Trusted Extensions Administration

B.  List of Trusted Extensions Man Pages


Trusted CDE Actions

The following tables list the CDE actions that roles in Trusted Extensions can run. These trusted CDE actions are available from the Trusted_Extensions folder. The Trusted_Extensions folder is available from the Application Manager folder on the CDE desktop.

Table 2-2 Administrative Actions in Trusted CDE, Their Purpose, and Associated Rights Profiles

Action Name
Purpose of Action
Default Rights Profile
Add Allocatable Device
Creates devices by adding entries to device databases. See add_allocatable(1M).
Device Security
Admin Editor
Object Access Management
Audit Classes
Edits the audit_class file. See audit_class(4).
Audit Control
Audit Control
Edits the audit_control file. See audit_control(4).
Audit Control
Audit Events
Edits the audit_event file. See audit_event(4).
Audit Control
Audit Startup
Edits the script. See audit_startup(1M).
Audit Control
Check Encodings
Runs the chk_encodings command on specified encodings file. See chk_encodings(1M).
Object Label Management
Check TN Files
Runs the tnchkdb command on tnrhdb, tnrhtp, and tnzonecfg databases. See tnchkdb(1M).
Network Management
Configure Selection Confirmation
Edits /usr/dt/config/sel_config file. See sel_config(4).
Object Label Management
Create LDAP Client
Makes the global zone an LDAP client of an existing LDAP directory service.
Information Security
Edit Encodings
Edits the specified label_encodings file and runs the chk_encodings command. See chk_encodings(1M).
Object Label Management
Name Service Switch
Edits the nsswitch.conf file. See nsswitch.conf(4).
Network Management
Set DNS Servers
Edits the resolv.conf file. See resolv.conf(4).
Network Management
Set Daily Message
Edits the /etc/motd file. At login, the contents of this file display in the Last Login dialog box.
Network Management
Set Default Routes
Specifies default static routes.
Network Management
Share Filesystem
Edits the dfstab file. Does not run the share command. See dfstab(4).
File System Management

The following actions are used by the initial setup team during zone creation. Some of these actions can be used for maintenance and troubleshooting.

Table 2-3 Installation Actions in Trusted CDE, Their Purpose, and Associated Rights Profiles

Action Name
Purpose of Action
Default Rights Profile
Clone Zone
Creates a labeled zone from a ZFS snapshot of an existing zone.
Zone Management
Copy Zone
Creates a labeled zone from an existing zone.
Zone Management
Configure Zone
Associates a label with a zone name.
Zone Management
Initialize Zone for LDAP
Initializes the zone for booting as an LDAP client.
Zone Management
Install Zone
Installs the system files that a labeled zone requires.
Zone Management
Restart Zone
Restarts a zone that has already been booted.
Zone Management
Share Logical Interface
Sets up one interface for the global zone and a separate interface for the labeled zones to share.
Network Management
Share Physical Interface
Sets up one interface that is shared by the global zone and the labeled zones.
Network Management
Shut Down Zone
Shuts down an installed zone.
Zone Management
Start Zone
Boots an installed zone and starts the services for that zone.
Zone Management
Zone Terminal Console
Opens a console to view processes in an installed zone.
Zone Management