A labeled zone can share its files with other systems at the label of the zone. Therefore, file systems from a labeled zone can be shared with zones at the same label on other Trusted Extensions systems, and with untrusted systems that are assigned the same label as the zone. For information about the ZFS property that mediates these mounts, see mlslabel Property and Mounting Single-Level File Systems.
LOFS mounts from the global zone in a labeled zone are read-only for single-level datasets. For multilevel datasets, MAC policy is enforced per file and directory label, as described in No Privilege Overrides for MAC Read-Write Policy.