How to Assign Labels to Two Zone Workspaces - Trusted Extensions Configuration and Administration

Trusted Extensions Configuration and Administration

Exit Print View

» ...Documentation Home » Oracle Solaris 11.2 Information Library » Trusted Extensions Configuration and ... » Initial Configuration of Trusted Extensions » Configuring Trusted Extensions » Creating Labeled Zones » How to Assign Labels to Two Zone Workspaces

Updated: July 2014

Trusted Extensions Configuration and Administration

Document Information

Using This Documentation

Part I Initial Configuration of Trusted Extensions

Chapter 1 Security Planning for Trusted Extensions

What's New in Trusted Extensions in Oracle Solaris 11.2

Planning for Security in Trusted Extensions

Results of Enabling Trusted Extensions From an Administrator's Perspective

Chapter 2 Configuration Roadmap for Trusted Extensions

Task Map: Preparing for and Enabling Trusted Extensions

Task Map: Choosing a Trusted Extensions Configuration

Task Map: Configuring Trusted Extensions With the Provided Defaults

Task Map: Configuring Trusted Extensions to Meet Your Site's Requirements

Chapter 3 Adding the Trusted Extensions Feature to Oracle Solaris

Initial Setup Team Responsibilities

Resolving Security Issues Before Installing Trusted Extensions

Installing and Enabling Trusted Extensions

Chapter 4 Configuring Trusted Extensions

Setting Up the Global Zone in Trusted Extensions

How to Check and Install Your Label Encodings File

How to Configure an IPv6 CIPSO Network in Trusted Extensions

How to Configure a Different Domain of Interpretation

Creating Labeled Zones

How to Create a Default Trusted Extensions System

How to Create Labeled Zones Interactively

How to Assign Labels to Two Zone Workspaces

How to Create Labeled Zones by Using the zonecfg Command

Configuring the Network Interfaces in Trusted Extensions

How to Share a Single IP Address With All Zones

How to Add an IP Instance to a Labeled Zone

How to Add a Virtual Network Interface to a Labeled Zone

How to Connect a Trusted Extensions System to Other Trusted Extensions Systems

How to Configure a Separate Name Service for Each Labeled Zone

Creating Roles and Users in Trusted Extensions

How to Create the Security Administrator Role in Trusted Extensions

How to Create a System Administrator Role

How to Create Users Who Can Assume Roles in Trusted Extensions

How to Verify That the Trusted Extensions Roles Work

How to Enable Users to Log In to a Labeled Zone

Creating Centralized Home Directories in Trusted Extensions

How to Create the Home Directory Server in Trusted Extensions

How to Enable Users to Access Their Remote Home Directories at Every Label by Logging In to Each NFS Server

How to Enable Users to Access Their Remote Home Directories by Configuring the Automounter on Each Server

Troubleshooting Your Trusted Extensions Configuration

How to Move Desktop Panels to the Bottom of the Screen

Additional Trusted Extensions Configuration Tasks

How to Create a Secondary Labeled Zone

How to Create and Share a Multilevel Dataset

How to Copy Files to Portable Media in Trusted Extensions

How to Copy Files From Portable Media in Trusted Extensions

How to Remove Trusted Extensions From the System

Chapter 5 Configuring LDAP for Trusted Extensions

Configuring LDAP on a Trusted Extensions Network

Configuring an LDAP Proxy Server on a Trusted Extensions System

Configuring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System

Creating a Trusted Extensions Proxy for an Existing Oracle Directory Server Enterprise Edition

Creating a Trusted Extensions LDAP Client

Part II Administration of Trusted Extensions

Appendix A Site Security Policy

Appendix B Configuration Checklist for Trusted Extensions

Appendix C Quick Reference to Trusted Extensions Administration

Appendix D List of Trusted Extensions Man Pages

Language:

How to Assign Labels to Two Zone Workspaces

This procedure creates two labeled workspaces and opens a labeled window in each labeled workspace. When this task is completed, you have a working, non-networked Trusted Extensions system.

Before You Begin

You have completed either How to Create a Default Trusted Extensions System or How to Create Labeled Zones Interactively.

You are the initial user.

Create a PUBLIC workspace.
The label of the PUBLIC workspace corresponds to the Default User Sensitivity Label.
1. Switch to the second workspace.
2. Right-click and select Change Workspace Label.
3. Select PUBLIC and click OK.
Provide your password at the prompt.
You are in a PUBLIC workspace.
Open a terminal window.
The window is labeled PUBLIC.
Create an INTERNAL USE ONLY workspace.
If you are using a site-specific label_encodings file, you are creating a workspace from the value of Default User Clearance.
1. Switch to the third workspace.
2. Right-click and select Change Workspace Label.
3. Select INTERNAL USE ONLY and click OK.
Provide your password at the prompt.
You are in an INTERNAL workspace.
Open a terminal window.
The window is labeled CONFIDENTIAL : INTERNAL USE ONLY.

Your system is ready to use. You have two user workspaces and a role workspace. In this configuration, the labeled zones use the same IP address as the global zone to communicate with other systems. They can do so because, by default, they share the IP address as an all-zones interface.

Next Steps

If you plan to have your Trusted Extensions system communicate with other systems, go to Configuring the Network Interfaces in Trusted Extensions.

Copyright © 1992, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices