Go to main content

Trusted Extensions Configuration and Administration

Exit Print View

Updated: March 2019
 
 

How to Display the Labels of Mounted Files

This procedure creates a shell script that displays the mounted file systems of the current zone. When run from the global zone, the script displays the labels of all mounted file systems in every zone.

Before You Begin

You must be in the System Administrator role in the global zone.

  1. In an editor, create the getmounts script.

    Provide the pathname to the script, such as /usr/local/scripts/getmounts.

  2. Add the following content and save the file:
    #!/bin/sh
    #
    for i in `/usr/sbin/mount -p | cut -d " " -f3` ; do
    /usr/bin/getlabel $i
    done
  3. Test the script in the global zone.
    # /usr/local/scripts/getmounts
    /:      ADMIN_HIGH
    /dev:   ADMIN_HIGH
    /system/contract:        ADMIN_HIGH
    /proc:                   ADMIN_HIGH
    /system/volatile:        ADMIN_HIGH
    /system/object:          ADMIN_HIGH
    /lib/libc.so.1:          ADMIN_HIGH
    /dev/fd:        ADMIN_HIGH
    /tmp:           ADMIN_HIGH
    /etc/mnttab:    ADMIN_HIGH
    /export:        ADMIN_HIGH
    /export/home:   ADMIN_HIGH
    /export/home/jdoe:   ADMIN_HIGH
    /zone/public:        ADMIN_HIGH
    /rpool:              ADMIN_HIGH
    /zone:               ADMIN_HIGH
    /home/jdoe:          ADMIN_HIGH
    /zone/public:        ADMIN_HIGH
    /zone/snapshot:      ADMIN_HIGH
    /zone/internal:      ADMIN_HIGH
    ...
Example 17  Displaying the Labels of File Systems in the restricted Zone

When run from a labeled zone by a regular user, the getmounts script displays the labels of all the mounted file systems in that zone. On a system where zones are created for every label in the default label_encodings file, the following is sample output from the restricted zone:

# /usr/local/scripts/getmounts
/:      CONFIDENTIAL : RESTRICTED
/dev:   CONFIDENTIAL : RESTRICTED
/kernel:        ADMIN_LOW
/lib:   ADMIN_LOW
/opt:   ADMIN_LOW
/platform:      ADMIN_LOW
/sbin:  ADMIN_LOW
/usr:   ADMIN_LOW
/var/tsol/doors:        ADMIN_LOW
/zone/needtoknow/export/home:   CONFIDENTIAL : NEED TO KNOW
/zone/internal/export/home:     CONFIDENTIAL : INTERNAL USE ONLY
/proc:  CONFIDENTIAL : RESTRICTED
/system/contract:       CONFIDENTIAL : RESTRICTED
/etc/svc/volatile:      CONFIDENTIAL : RESTRICTED
/etc/mnttab:    CONFIDENTIAL : RESTRICTED
/dev/fd:        CONFIDENTIAL : RESTRICTED
/tmp:   CONFIDENTIAL : RESTRICTED
/var/run:       CONFIDENTIAL : RESTRICTED
/zone/public/export/home:       PUBLIC
/home/jdoe:   CONFIDENTIAL : RESTRICTED