Trusted Extensions is a configuration of the Oracle Solaris OS. This appendix provides a description of the man pages that include Trusted Extensions information.
The following man pages are relevant only on a system that is configured with Trusted Extensions. The description includes links to examples or explanations of these features in the Trusted Extensions document set.
Purpose and Links to Additional Information
Enables a device to be allocated by adding the device to device allocation databases. By default, removable devices are allocatable.
See How to Configure a Device by Using the Device Manager in Trusted Extensions.
Converts a human-readable label to its internal text equivalent.
For an example, see How to Obtain the Hexadecimal Equivalent for a Label.
Compares binary labels.
Determines the bound of two labels.
Checks the label encodings file syntax.
For examples, see How to Debug a label_encodings File in Trusted Extensions Label Administration and Example 4–1.
Gets the file's label
Displays the label of the selected files or directories.
For an example, see How to Display the Labels of Mounted Files.
Gets the label of a file
Gets the zone pathname
Gets the label of a process
Gets the label range of a user
Gets zone ID from zone label
Gets zone label from zone ID
Gets zone label from zone name
Displays the root path of the zone that corresponds to the specified label.
Acquiring a Sensitivity Label in Trusted Extensions Developer’s Guide
Gets zone root pathname from zone root ID
Gets zone root pathname from zone label
Gets zone root pathname from zone name
Converts an internal text label to its human-readable equivalent
For an example, see How to Obtain a Readable Label From Its Hexadecimal Form.
Enables and disables the Trusted Extensions labeling service and can set the label_encodings file
Translates a binary label and clips the label to the specified width
Describes the label encodings file
Converts labels to human-readable strings
Describes Trusted Extensions label attributes
Is the Trusted Extensions network library
Is the Trusted Extensions library
Allocates and frees resources for a new label
Checks account limitations that are due to labels
For an example of its use, see How to Log In and Administer a Remote Trusted Extensions System.
Gets the label of a process
Prevents allocation of a device by removing its entry from device allocation databases
For an example, see How to Configure a Device by Using the Device Manager in Trusted Extensions.
Is the selection rules for copy, cut, paste, and drag-and-drop operations
Moves a file to a zone with the corresponding sensitivity label
Relabels the selected item. Requires the solaris.label.file.downgrade or solaris.label.file.upgrade authorization. These authorizations are in the Object Label Management rights profile.
Parses human-readable strings to a label
Manages the trusted network databases. An alternative to the txzonmgr GUI for managing the trusted network. The list subcommand displays the security characteristics of network interfaces. tncfg provides more complete information than the tninfo command.
For many examples, see Chapter 16, Managing Networks in Trusted Extensions.
Configures Trusted Extensions network parameters. You can also use the tncfg command.
For an example, see Example 12–1.
Executes the trusted network daemon when the LDAP naming service is enabled.
Displays kernel-level Trusted Extensions network information and statistics.
How to Debug the Trusted Extensions Network. You can also use the tncfg command and the txzonemgr GUI.
For a comparison with the tncfg command, see How to Troubleshoot Mount Failures in Trusted Extensions.
Introduces Trusted Extensions
Manages labeled zones and network interfaces. Command-line options enable automatic creation of two zones. This command accepts a configuration file as input and enables the deletion of zones. txzonemgr is a zenity (1) script.
See Creating Labeled Zones and Troubleshooting the Trusted Network.
Is the configuration file for Trusted Extensions X Server Extension
Gets the host type from Trusted Extensions network information
Enables you to create a label builder GUI
For more information, see tgnome-selectlabel Utility in Trusted Extensions Developer’s Guide .
Updates the home directory copy and link files for the current label
See How to Configure Startup Files for Users in Trusted Extensions.
Gets the label attributes of an X client
Gets the label attributes of a window property
Gets the label of a window property
Gets the UID of a window property
Gets all label attributes of a window or a pixmap
Gets the label of a window, a pixmap, or a colormap
Gets the UID of a window or a pixmap
Gets the height of the screen stripe
Gets the ownership of the workstation
Determines if a window is created by a trusted client
Make this window a Trusted Path window
Sets polyinstantiation information
Sets the label of a window property
Sets the UID of a window property
Sets the label of a window or a pixmap
Sets the UID of a window, a pixmap, or a colormap
Sets the session high sensitivity label to the window server
Sets the session low sensitivity label to the window server
Sets the height of the screen stripe
Sets the ownership of the workstation
Trusted Extensions adds information to the following Oracle Solaris man pages.
Trusted Extensions Modification and Links to Additional Information
Adds options to support allocating a device in a zone and cleaning the device in a windowed environment. In Trusted Extensions, regular users do not use this command.
For the user procedure, see How to Allocate a Device in Trusted Extensions in Trusted Extensions User’s Guide .
Adds the window policy, audit classes, audit events, and audit tokens for labeled information.
Adds the –l option to select audit records by label.
For examples, see Selecting Audit Events to Be Displayed in Managing Auditing in Oracle Solaris 11.2 .
Adds label authorizations
Adds the capability to mount, and therefore view, lower-level home directories. Modifies the names and contents of auto_home maps to account for zone names and zone visibility from higher labels.
For more information, see Changes to the Automounter in Trusted Extensions.
Adds options to support deallocating a device in a zone, cleaning the device in a windowed environment, and specifying the type of device to deallocate. In Trusted Extensions, regular users do not use this command.
For the user procedure, see How to Allocate a Device in Trusted Extensions in Trusted Extensions User’s Guide .
Is invoked by default in Trusted Extensions
Recognizes the NET_MAC_AWARE and NET_MAC_AWARE_INHERIT process flags
Gets the mandatory access control status, SO_MAC_EXEMPT, of the socket
Gets the mandatory access control status, SO_MAC_EXEMPT, of the socket
Adds a debug flag, 0x0400, for labeled IKE processes.
Adds the label_aware global parameter and three Phase 1 transform keywords, single_label, multi_label, and wire_label
Supports the negotiation of labeled security associations through multilevel UDP ports 500 and 4500 in the global zone.
Also, see the ike.config(4) man page.
Adds the all-zones interface as a permanent property value.
For an example, see How to Verify That a System's Interfaces Are Up.
Adds the label, outer-label, and implicit-label extensions. These extensions associate Trusted Extensions labels with the traffic that is carried inside a security association.
Determines whether the system is configured with Trusted Extensions
Adds Trusted Extensions network databases in LDAP
Adds attributes, such as labels, that are associated with a device. Adds the –a option to display device attributes, such as authorizations and labels. Adds the –d option to display the default attributes of an allocated device type. Adds the –z option to display available devices that can be allocated to a labeled zone.
Adds the –R option to display extended security attributes for sockets and routing table entries..
For an example, see How to Troubleshoot Mount Failures in Trusted Extensions.
Adds labels to IPsec security associations (SAs)
Adds Trusted Extensions privileges, such as PRIV_FILE_DOWNGRADE_SL
Adds rights profiles, such as Object Label Management
Adds the –secattr option to add extended security attributes to a route. Adds the –secattr option to display the security attributes of the route: cipso, doi, max_sl, and min_sl.
For an example, see How to Troubleshoot Mount Failures in Trusted Extensions.
Sets the NET_MAC_AWARE per-process flag
Sets the SO_MAC_EXEMPT option
Sets the mandatory access control, SO_MAC_EXEMPT, on the socket
Supports the SO_MAC_EXEMPT option for unlabeled peers
Adds the –T option to archive and extract files and directories that are labeled.
See How to Back Up Files in Trusted Extensions and How to Restore Files in Trusted Extensions.
Adds attribute types that are used in labeled tar files
Adds getting the label value on a user credential
Adds the clearance and min_label user security attributes that are specific to Trusted Extensions