Oracle® Solaris 11 Security Guidelines

Exit Print View

Updated: August 2014

Adding Labeled Multilevel Security

Trusted Extensions extends Oracle Solaris security by enforcing a label-based mandatory access control (MAC) policy. Sensitivity labels are automatically applied to all sources of data (networks, file systems, and windows) and consumers of data (user and processes). Access to all data is restricted based on the relationship between the label of the data (object) and the consumer (subject). The layered functionality consists of a set of label-aware services.

    A partial list of Trusted Extensions services includes:

  • Labeled networking

  • Label-aware file system mounting and sharing

  • Labeled desktop

  • Label configuration and translation

  • Label-aware system management tools

  • Label-aware device allocation

The system/trusted and system/trusted/trusted-global-zone packages are sufficient for a headless system or a server that does not require a multilevel desktop. The system/trusted/trusted-extensions package provides the Oracle Solaris multilevel, trusted desktop environment.