Trusted Extensions Configuration and Administration

Updated: July 2014

Labeled Printer Output

Trusted Extensions prints security information on body pages and banner and trailer pages. The information comes from the /etc/security/tsol/label_encodings file and from the /usr/lib/cups/filter/ file. Labels that are longer than 80 characters are printed truncated at the top and bottom of all pages. The truncation is indicated by an arrow (->). The header and footer labels are printed in portrait orientation even when the body pages are printed in landscape. For an example, see Figure 19–4.

    The text, labels, and warnings that appear on print jobs are configurable. The text can also be replaced with text in another language for localization. The security administrator can configure the following:

  • Localize or customize the text on the banner and trailer pages

  • Specify alternate labels to be printed on body pages or in the various fields of the banner and trailer pages

  • Change or omit any of the text or labels

Users who are directed to an unlabeled printer can print output with no labels. Users in a labeled zone with its own print server can print output with no labels if they are assigned the solaris.print.unlabeled authorization. Roles can be configured to print output with no labels to a local printer that is controlled by a Trusted Extensions print server. For assistance, see Reducing Printing Restrictions in Trusted Extensions.

Labeled Banner and Trailer Pages

The following figures show a default banner page and how the default trailer page differs. Callouts identify the various sections. For an explanation of the source of the text in these sections, see Chapter 4, Labeling Printer Output, in Trusted Extensions Label Administration . Note that the trailer page uses a different outer line.

Figure 19-1  Typical Banner Page of a Labeled Print Job

image:Illustration shows a banner page with job number, classifications, and handling instructions.

Figure 19-2  Differences on a Trailer Page

image:Illustration shows that the trailer page reads JOB END, while the banner page reads JOB START at the bottom of the page.

Labeled Body Pages

By default, the “Protect as” classification is printed at the top and bottom of every body page. The “Protect as” classification is the dominant classification when the classification from the job's label is compared to the minimum protect as classification. The minimum protect as classification is defined in the label_encodings file.

For example, if the user is logged in to an Internal Use Only session, then the user's print jobs are at that label. If the minimum protect as classification in the label_encodings file is Public, then the Internal Use Only label is printed on the body pages.

Figure 19-3  Job's Label Printed at the Top and Bottom of a Body Page

image:Illustration shows a sample body page with the label printed at the top and bottom of the page.

When the body pages are printed in landscape mode, the label prints in portrait mode. The following figure illustrates a body page, printed in landscape mode, whose Protect As label extends past the page boundaries. The label is truncated to 80 characters.

Figure 19-4  Job's Label Prints in Portrait Mode When the Body Page Is Printed in Landscape Mode

image:Illustration shows a sample body page printed in landscape mode with the label printed in portrait mode. Configuration File

The following table shows aspects of trusted printing that the security administrator can change by modifying the /usr/lib/cups/filter/ file.

Table 19-2  Configurable Values in the File
Default Value
How Defined
To Change
/Caveats Job_Caveats
/Caveats Job_Caveats
/Channels Job_Channels
/Channels Job_Channels
Label at the top of banner and trailer pages
/HeadLabel Job_Protect def
See /PageLabel description.
The same as changing /PageLabel.
Label at the top and bottom of body pages
/PageLabel Job_Protect def
Compares the label of the job to the minimum protect as classification in the label_encodings file. Prints the more dominant classification.
Contains compartments if the print job's label has compartments.
Change the /PageLabel definition to specify another value.
Or, type a string of your choosing.
Or, print nothing at all.
Text and label in the “Protect as” classification statement
/Protect Job_Protect def
/Protect_Text1 () def
/Protect_Text2 () def
See /PageLabel description.
Text to appear above label.
Text to appear below label.
The same as changing /PageLabel.
Replace () in Protect_Text1 and Protect_Text2 with text string.