| Skip Navigation Links | |
| Exit Print View | |
|
Trusted Extensions Configuration and Administration Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Trusted Extensions Configuration and Administration Oracle Solaris 11.1 Information Library |
Part I Initial Configuration of Trusted Extensions
1. Security Planning for Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding the Trusted Extensions Feature to Oracle Solaris (Tasks)
4. Configuring Trusted Extensions (Tasks)
5. Configuring LDAP for Trusted Extensions (Tasks)
Part II Administration of Trusted Extensions
6. Trusted Extensions Administration Concepts
7. Trusted Extensions Administration Tools
8. Security Requirements on a Trusted Extensions System (Overview)
9. Performing Common Tasks in Trusted Extensions
10. Users, Rights, and Roles in Trusted Extensions (Overview)
11. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
12. Remote Administration in Trusted Extensions (Tasks)
13. Managing Zones in Trusted Extensions
Zones and IP Addresses in Trusted Extensions
Zones and ICMP in Trusted Extensions
Global Zone Processes and Labeled Zones
Zone Administration Utilities in Trusted Extensions
How to Display Ready or Running Zones
How to Display the Labels of Mounted Files
How to Loopback Mount a File That Is Usually Not Visible in a Labeled Zone
How to Disable the Mounting of Lower-Level Files
How to Share a ZFS Dataset From a Labeled Zone
How to Enable Files to Be Relabeled From a Labeled Zone
14. Managing and Mounting Files in Trusted Extensions
15. Trusted Networking (Overview)
16. Managing Networks in Trusted Extensions (Tasks)
17. Trusted Extensions and LDAP (Overview)
18. Multilevel Mail in Trusted Extensions (Overview)
19. Managing Labeled Printing (Tasks)
20. Devices in Trusted Extensions (Overview)
21. Managing Devices for Trusted Extensions (Tasks)
22. Trusted Extensions Auditing (Overview)
23. Software Management in Trusted Extensions
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Computer Security Recommendations
Physical Security Recommendations
Personnel Security Recommendations
Additional Security References
B. Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
C. Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Oracle Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
D. List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Oracle Solaris Man Pages That Are Modified by Trusted Extensions
The first zone that you create at a specific label is a primary labeled zone. Its label is unique. You can create no other primary zone at that label.
A secondary zone is a zone at the label of a primary zone. With a secondary zone, you can isolate services in separate zones at the same label. Those services can share network resources such as name servers, printers, and databases without the use of privilege. You can have multiple secondary zones at the same label.
Specifically, secondary zones differ from primary zones in the following ways:
The label assignments of secondary zones do not need to be unique.
Secondary zones must use exclusive IP networking.
This restriction ensures that a labeled packet reaches the correct zone.
Secondary zones do not have GNOME packages installed.
Secondary zones are not visible on the GNOME Trusted Desktop.
Secondary zones cannot be the destination zone for the setlabel command.
If several zones are at the same label, the destination zone cannot be resolved by the command.
For any label, there can be at most one primary labeled zone and an arbitrary number of secondary labeled zones. The global zone remains an exception. It is the only zone that can be assigned the ADMIN_LOW label and therefore cannot have a secondary zone. To create a secondary zone, see How to Create a Secondary Labeled Zone and the zenity(1) man page.
|