JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Trusted Extensions Configuration Guide     Oracle Solaris 10 8/11 Information Library
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

1.  Security Planning for Trusted Extensions

2.  Configuration Roadmap for Trusted Extensions

3.  Adding Trusted Extensions Software to the Oracle Solaris OS (Tasks)

4.  Configuring Trusted Extensions (Tasks)

5.  Configuring LDAP for Trusted Extensions (Tasks)

6.  Configuring a Headless System With Trusted Extensions (Tasks)

A.  Site Security Policy

B.  Using CDE Actions to Install Zones in Trusted Extensions

Associating Network Interfaces With Zones by Using CDE Actions (Task Map)

Specify Two IP Addresses for the System by Using a CDE Action

Specify One IP Address for the System by Using a CDE Action

Preparing to Create Zones by Using CDE Actions (Task Map)

Specify Zone Names and Zone Labels by Using a CDE Action

Creating Labeled Zones by Using CDE Actions (Task Map)

Install, Initialize, and Boot a Labeled Zone by Using CDE Actions

Resolve Local Zone to Global Zone Routing in Trusted CDE

Customize a Booted Zone in Trusted Extensions

Use the Copy Zone Method in Trusted Extensions

Use the Clone Zone Method in Trusted Extensions

C.  Configuration Checklist for Trusted Extensions

Glossary

Index

Resolve Local Zone to Global Zone Routing in Trusted CDE

For every zone to access Trusted CDE, the DISPLAY variable must resolve. In Trusted CDE, to resolve the variable, the nodename of the labeled zone, the nodename of the global zone, and the nodename of an all-zones interface must resolve to the identical name.

Before You Begin

You are using Trusted CDE and are manually initializing a labeled zone.

  1. Enable Trusted CDE to display at the label of a zone by using one of the following methods.
    • Method 1: Enable X server traffic with other systems.

      In this configuration, the labeled zones can reach other systems through the X server in the global zone.

      1. Ensure that the /etc/nodename file specifies the name of the system.
        ## /etc/nodename
machine1
      2. Ensure that the /etc/hosts file specifies the name of the system.
        ## /etc/hosts
192.168.2.3  machine1 loghost

        For ToolTalk services to work, the name of the system must be on the same line as loghost.

      3. Ensure that the /etc/hostname.interface file specifies the name of the system.

        In this configuration, machine1 is the all-zones interface for Trusted CDE.

        ## /etc/hostname.bge0
machine1 all-zones
    • Method 2: Limit X server traffic to the local system.

      In this configuration, the labeled zones can communicate with the X server on the local system. However, no route exists from the local X server to other systems on the network. The route must use another interface.

      1. Ensure that the /etc/nodename file specifies the name of the system.
        ## /etc/nodename
machine1
      2. Ensure that the /etc/hosts file specifies the name of the system.

        Starting with the Solaris 10 10/08 release, lo0 is an all-zones interface. In this case, the file appears similar to the following:

        ## /etc/hosts
127.0.0.1  localhost  machine1 loghost

        You can also use the vni0 interface.

        For ToolTalk services to work, the name of the system must be on the same line as loghost.

    • Method 3: Resolve the DISPLAY variable in another way, such as routable addresses on per-zone logical interfaces.

      For that procedure, see Adding Network Interfaces and Routing to Labeled Zones.

  2. To boot the zone, return to Step 3 in Install, Initialize, and Boot a Labeled Zone by Using CDE Actions.
Copyright © 1994, 2012, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next