Go to main content

Trusted Extensions Configuration and Administration

Exit Print View

Updated: March 2019
 
 

What's New in Trusted Extensions in Oracle Solaris 11.4

    This section highlights information for existing customers about important new Trusted Extensions features in this release.

  • Trusted Extensions no longer supports a multilevel desktop.

  • Oracle Solaris now supports file and process labeling using the same labeling APIs and CLIs as Trusted Extensions. The label syntax described in Compartmented Mode Workstation Labeling: Encodings Format applies to both environments. Similarly, the new labelcfg command can configure labels in both environments.

    However, the labeling policy enforcement is different. For example, the Trusted Extensions policy does not permit writing down to lower-labeled objects, which the standard Oracle Solaris policy permits. The application of labels is also different. Only Trusted Extensions applies labels to zones and network endpoints, while only standard Oracle Solaris applies labels to System V IPC objects. Both environments support the labeling of individual files in ZFS file systems, but the labeling policy differences prevent the sharing of such file systems between the two environments.

    For more information about labeling in Oracle Solaris, see Chapter 3, Labeling Files for Data Loss Protection in Securing Files and Verifying File Integrity in Oracle Solaris 11.4 and the labelcfg(8) man page.