Go to main content

Trusted Extensions Configuration and Administration

Exit Print View

Updated: November 2020

How to Create a Default Trusted Extensions System

This procedure creates a working Trusted Extensions system with two labeled zones. Remote hosts have not been assigned to the system's security templates, so this system cannot communicate with any remote hosts.

Before You Begin

Either you are in the global zone on a system that does not have a desktop, or you have logged in remotely by using the ssh command. You have assumed the root role.

  1. Open a terminal window.
  2. (Optional)Review the txzonemgr man page.
    # man txzonemgr
  3. Create a default configuration.
    # /usr/sbin/txzonemgr -c

      This command copies the Oracle Solaris OS and Trusted Extensions software to a zone, creates a snapshot of the zone, labels the original zone, then uses the snapshot to create a second labeled zone. The zones are booted.

    • The first labeled zone is based on the value of Default User Sensitivity Label in the label_encodings file.

    • The second labeled zone is based on the value of Default User Clearance in the label_encodings file.

    This step can take about 20 minutes. To install the zones, the script uses the root password from the global zone for the labeled zones.