Your encodings file must be compatible with any Trusted Extensions host with which you are communicating.
If you are familiar with encodings files, you can use the following procedure.
If you are not familiar with encodings files, consult Trusted Extensions Label Administration for requirements, procedures, and examples.
Caution - You must successfully install labels before continuing, or the configuration will fail.
Before You Begin
You are the security administrator. The security administrator is responsible for editing, checking, and maintaining the label_encodings file. If you plan to edit the label_encodings file, make sure that the file itself is writable. For more information, see the label_encodings(5) man page.
To edit the label_encodings file, you must be in the root role.
# /usr/sbin/chk_encodings /full-pathname-of-label-encodings-file
If the command reports errors, the errors must be resolved before continuing. For assistance, see Chapter 3, Creating a Label Encodings File in Trusted Extensions Label Administration.
# labeladm encodings full-pathname-of-label-encodings-file
Caution - Your label_encodings file must pass the Check Encodings test before you continue.
In this example, the administrator tests several label_encodings files by using the command line.
# /usr/sbin/chk_encodings /tmp/encodings/label_encodings1 No errors found in /tmp/encodings/label_encodings1 # /usr/sbin/chk_encodings /tmp/encodings/label_encodings2 No errors found in /tmp/encodings/label_encodings2
When management decides to use the label_encodings2 file, the administrator runs a semantic analysis of the file.
# /usr/sbin/chk_encodings -a /tmp/encodings/label_encodings2 No errors found in /tmp/encodings/label_encodings2 ---> VERSION = MYCOMPANY LABEL ENCODINGS 3.0 10/10/2013 ---> CLASSIFICATIONS <--- Classification 1: PUBLIC Initial Compartment bits: 10 Initial Markings bits: NONE ---> COMPARTMENTS AND MARKINGS USAGE ANALYSIS <--- ... ---> SENSITIVITY LABEL to COLOR MAPPING <--- ...
The administrator prints a copy of the semantic analysis for the archive, then installs the file.
# labeladm encodings /tmp/encodings/label_encodings2
Finally, the administrator verifies that the label_encodings file is the company file.
# labeladm Labeling status: disabled Latest log: "" Label encodings file: /var/tsol/encodings/label-encodings-file # /usr/sbin/chk_encodings -a /var/tsol/encodings/label-encodings-file | head -4 No errors found in /var/tsol/encodings/label-encodings-file ---> VERSION = MYCOMPANY LABEL ENCODINGS 3.0 10/10/2013
You must reboot the system before configuring LDAP or creating labeled zones.