|Skip Navigation Links|
|Exit Print View|
|Compartmented Mode Workstation Labeling: Encodings Format Oracle Solaris 11 Information Library|
The initial compartments= keyword is optional, and is used to specify the initial, or default, values of compartment bits in an information label, sensitivity label, or clearance containing the associated classification. The initial compartments specification consists of a list of those compartment bits that should be 1 in such a label, with unspecified bits being 0. If no initial compartments= keyword is specified for a particular classification, all initial compartment bits for that classification are taken to be 0.
There are two reasons why the initial compartments associated with a classification would need to be non-zero. The first is the case where it is desired that all labels on the system containing that classification must have some normal word present, in which case the 1 compartment bits associated with the word would be specified as 1 in the initial compartment bits. Such a word is called a default word, and the compartment bits associated with the word are called default bits. (The association between words and their compartment bits is made by the compartments= keyword in the INFORMATION LABELS:, SENSITIVITY LABELS:, and CLEARANCES: sections of the encodings.)
The second is the case where the initial compartments specify which compartment bits are used inversely. (A prefix can also be used to specify compartment bits to be used inversely. Inverse bits specified by prefix words are called special inverse bits. See Defining Prefixes And Suffixes in Chapter 4, Information Label Encodings, and Using Prefixes to Specify Special Inverse Compartment and Marking Bits in Chapter 7, General Considerations for Specifying Encodings.) An inverse compartment bit is a bit whose 0 value is associated with the presence of a word and whose value is 1 unless the word is present in the label. Inverse compartment bits are associated with inverse words, whose addition to a label does not increase the sensitivity of the label, but instead either decreases or otherwise changes the sensitivity of the label (i.e., changes at least one bit in the internal form of the label from 1 to 0). Normal (non-inverse) compartment bits are associated with words whose addition to a label increases the sensitivity of the label by changing one or more bits from 0 to 1.
All initial compartment bits that are not inverse bits are considered default bits. All default bits must have default words associated. All words that have associated default bits can have only default bits associated.
The specification of compartment bits starts with the first non-blank character following the blank after the initial compartments= keyword, and continues up to the next semicolon or the end of the line. The specification consists of one or more blank-separated subspecifications that consist of either 1) a decimal integer specification of a bit position, numbering bits from the left starting at 0, or 2) a range of such bit positions specified as two decimal integers with a “-” in between. The start of a range must be lower than the end of a range. The maximum bit position allowed is 127, for a total of 128 bits. Table 3-1 contains examples of initial compartments specifications.
Table 3-1 Initial Compartments Specifications
If initial compartments= is specified more than once for the same classification, the compartment bits indicated in each specification are taken together to form one composite initial compartments specification. Thus, the two specifications:
initial compartments= 4; initial compartments= 5;
are equivalent to the single specification:
initial compartments= 4-5;