In this example you label the FTP service for your organization. The FTP server contains labeled datasets that contain company-internal files that are labeled Confidential - Internal. Users who are cleared for Confidential - Internal files can use ftp to transfer those files. Users who are not cleared cannot get the files nor can they see them.
On the FTP server, the administrator determines the hexadecimal number of the label at which the FTP service will run and installs the network/ftp package.
# atohexlabel "Confidential - Internal" 0x0002-08-20 # pkg install network/ftp
The administrator assigns the hexadecimal number of the "Confidential - Internal" clearance to the start method of the svc:/network/ftp service and restarts the service.
# svccfg -s ftp svc:/network/ftp> set start/clearance = astring: 0x0002-08-20 svc:/network/ftp> refresh svc:/network/ftp> exit # svcadm restart ftp
The administrator creates a multilevel dataset and mounts it.
# zfs -o multilevel=on rpool/ftp-files # zfs set mountpoint=/ftpsource rpool/ftp-files
The administrator transfers datasets that are labeled Confidential - Internal to the new server.
rs-sys # zfs send -r rpool/research-intern | ssh ftp1 zfs receive -d rpool/ftp-files hr-sys # zfs send -r rpool/hr-intern | ssh ftp1 zfs receive -d rpool/ftp-files tr-sys # zfs send -r rpool/training-intern | ssh ftp1 zfs receive -d rpool/ftp-files
Before deployment, the administrator tests that users with the Confidential - Internal clearance can get files from the server.