此过程创建一个 shell 脚本,以显示当前区域的已挂载文件系统。从全局区域运行时,该脚本显示每个区域中所有已挂载文件系统的标签。
开始之前
您必须具有全局区域中的 "System Administrator"(系统管理员)角色。
提供脚本的路径名,例如 /usr/local/scripts/getmounts。
#!/bin/sh # for i in `/usr/sbin/mount -p | cut -d " " -f3` ; do /usr/bin/getlabel $i done
# /usr/local/scripts/getmounts /: ADMIN_HIGH /dev: ADMIN_HIGH /system/contract: ADMIN_HIGH /proc: ADMIN_HIGH /system/volatile: ADMIN_HIGH /system/object: ADMIN_HIGH /lib/libc.so.1: ADMIN_HIGH /dev/fd: ADMIN_HIGH /tmp: ADMIN_HIGH /etc/mnttab: ADMIN_HIGH /export: ADMIN_HIGH /export/home: ADMIN_HIGH /export/home/jdoe: ADMIN_HIGH /zone/public: ADMIN_HIGH /rpool: ADMIN_HIGH /zone: ADMIN_HIGH /home/jdoe: ADMIN_HIGH /zone/public: ADMIN_HIGH /zone/snapshot: ADMIN_HIGH /zone/internal: ADMIN_HIGH ...
一般用户从有标签区域运行时,getmounts 脚本显示该区域中所有已挂载文件系统的标签。在已经为缺省 label_encodings 文件中的每个标签创建了区域的系统中,以下是 restricted 区域的输出样例:
# /usr/local/scripts/getmounts /: CONFIDENTIAL : RESTRICTED /dev: CONFIDENTIAL : RESTRICTED /kernel: ADMIN_LOW /lib: ADMIN_LOW /opt: ADMIN_LOW /platform: ADMIN_LOW /sbin: ADMIN_LOW /usr: ADMIN_LOW /var/tsol/doors: ADMIN_LOW /zone/needtoknow/export/home: CONFIDENTIAL : NEED TO KNOW /zone/internal/export/home: CONFIDENTIAL : INTERNAL USE ONLY /proc: CONFIDENTIAL : RESTRICTED /system/contract: CONFIDENTIAL : RESTRICTED /etc/svc/volatile: CONFIDENTIAL : RESTRICTED /etc/mnttab: CONFIDENTIAL : RESTRICTED /dev/fd: CONFIDENTIAL : RESTRICTED /tmp: CONFIDENTIAL : RESTRICTED /var/run: CONFIDENTIAL : RESTRICTED /zone/public/export/home: PUBLIC /home/jdoe: CONFIDENTIAL : RESTRICTED