Go to main content

Trusted Extensions Configuration and Administration

Exit Print View

Updated: March 2019
 
 

Oracle Solaris Man Pages That Are Modified by Trusted Extensions

Trusted Extensions adds information to the following Oracle Solaris man pages.

Oracle Solaris Man Page

Trusted Extensions Modification and Links to Additional Information

allocate(8)

Adds options to support allocating a device in a zone and cleaning the device in a windowed environment. In Trusted Extensions, regular users do not use this command.

auth_attr(5)

Adds label authorizations

automount(8)

Adds the capability to mount, and therefore view, lower-level home directories. Modifies the names and contents of auto_home maps to account for zone names and zone visibility from higher labels.

For more information, see Changes to the Automounter in Trusted Extensions.

deallocate(8)

Adds options to support deallocating a device in a zone device and specifying the type of device to deallocate.

device_clean(7)

Is invoked by default in Trusted Extensions

getpflags(2)

Recognizes the NET_MAC_AWARE and NET_MAC_AWARE_INHERIT process flags

getsockopt(3C)

Gets the mandatory access control status, SO_MAC_EXEMPT, of the socket

getsockopt(3C)

Gets the mandatory access control status, SO_MAC_EXEMPT, of the socket

ikeadm(8)

Adds a debug flag, 0x0400, for labeled IKE processes.

ike.config(5)

Adds the label_aware global parameter and three Phase 1 transform keywords, single_label, multi_label, and wire_label

in.iked(8)

Supports the negotiation of labeled security associations through multilevel UDP ports 500 and 4500 in the global zone.

Also, see the ike.config(5) man page.

ipadm(8)

Adds the all-zones interface as a permanent property value.

For an example, see How to Verify That a System's Interfaces Are Up.

ipseckey(8)

Adds the label, outer-label, and implicit-label extensions. These extensions associate Trusted Extensions labels with the traffic that is carried inside a security association.

is_system_labeled(3C)

Determines whether the system is configured with Trusted Extensions

ldaplist(1)

Adds Trusted Extensions network databases in LDAP

list_devices(1)

Adds attributes, such as labels, that are associated with a device. Adds the –a option to display device attributes, such as authorizations and labels. Adds the –d option to display the default attributes of an allocated device type. Adds the –z option to display available devices that can be allocated to a labeled zone.

netstat(8)

Adds the –R option to display extended security attributes for sockets and routing table entries..

For an example, see How to Troubleshoot Mount Failures in Trusted Extensions.

pf_key(4P)

Adds labels to IPsec security associations (SAs)

privileges(7)

Adds Trusted Extensions privileges, such as PRIV_NET_MAC_AWARE

route(8)

Adds the –secattr option to add extended security attributes to a route. Adds the –secattr option to display the security attributes of the route: cipso, doi, max_sl, and min_sl.

For an example, see How to Troubleshoot Mount Failures in Trusted Extensions.

setpflags(2)

Sets the NET_MAC_AWARE per-process flag

setsockopt(3C)

Sets the SO_MAC_EXEMPT option

setsockopt(3C)

Sets the mandatory access control, SO_MAC_EXEMPT, on the socket

socket.h(3HEAD)

Supports the SO_MAC_EXEMPT option for unlabeled peers

tar.h(3HEAD)

Adds attribute types that are used in labeled tar files