Before You Begin
You must be in the Security Administrator role in the global zone. To be able to add classifications, you left gaps in the classification numbers in the label_encodings file.
# cp label_encodings label_encodings.orig
# pfedit encodings-file
In the VERSION= section update the version number and the date.
VERSION= Trusted Extensions Example Version - 5.11 09/05/28
SCCS keywords are used for the version number and the date. For details, see the sccs(1) man page.
VERSION= MyCo Example Version - %I% %E%
Specify a long name, short name, and numeric value.
name= REGISTERED; sname= R; value= 15;
* name= INTERNAL_USE_ONLY; sname= IUO; value= 12; name= INTERNAL; sname= I; value= 12;
The following example shows three new classifications that are added to the ACCREDITATION RANGE section. Each classification is specified with all compartment combinations valid.
ACCREDITATION RANGE: classification= UNCLASSIFIED; all compartment combinations valid; * i is new in this file classification= INTERNAL_USE_ONLY; all compartment combinations valid; * n is new in this file classification= NEED_TO_KNOW; all compartment combinations valid; classification= CONFIDENTIAL; all compartment combinations valid except: c c a c b classification= SECRET; only valid compartment combinations: . . . * r is new in this file classification= REGISTERED; all compartment combinations valid;
You might need to make the new classification a minimum classification.
minimum clearance= u; minimum sensitivity label= u; minimum protect as classification= u;
Next Steps
Verify the file by performing How to Analyze and Verify the label_encodings File.
Distribute the file by following How to Distribute the label_encodings File.