Trusted Extensions uses the same security features that Oracle Solaris provides, and adds labeling to the network and zones.
Trusted Extensions differs from Oracle Solaris in that you typically administer systems by assuming a limited role.
In Trusted Extensions, roles are the conventional way to administer the system. Superuser is the root role, and is required for few tasks, such as setting audit flags, changing an account's password, and editing system files. Roles are created just as they are in Oracle Solaris.
The following roles are typical of a Trusted Extensions site:
root role – Created at Oracle Solaris installation
Security Administrator role – Created during or after initial configuration by the initial setup team
System Administrator role – Created during or after initial configuration by the initial setup team
To administer Trusted Extensions, you create roles that divide system and security functions.
The process of creating a role in Trusted Extensions is identical to the Oracle Solaris process. By default, roles are assigned the administrative label range of ADMIN_HIGH to ADMIN_LOW.
For an overview of role creation, see Assigning Rights to Users in Securing Users and Processes in Oracle Solaris 11.4.
To create roles, see Creating Roles and Users in Trusted Extensions.
In Trusted Extensions, you can extend existing security features. Also, Trusted Extensions provides unique security features.
The following security mechanisms that Oracle Solaris provides are extensible in Trusted Extensions as they are in Oracle Solaris:
Audit classes – Adding audit classes is described in Chapter 3, Managing the Audit Service in Managing Auditing in Oracle Solaris 11.4ed
Roles and rights profiles – Adding roles and rights profiles is described in Chapter 3, Assigning Rights in Oracle Solaris in Securing Users and Processes in Oracle Solaris 11.4.
As in Oracle Solaris, privileges cannot be extended.
Trusted Extensions is unique in labeling the network and zones. Oracle Solaris labels subjects, objects, and processes.