1. Securing Files and Verifying File Integrity in Oracle Solaris 11.4
  2. Labeling Files for Data Loss Protection
  3. Protect Data With a Label Policy
  4. Displaying Label and Policy Information

Displaying Label and Policy Information

To view the policy details, use the labelcfg info command. For the steps that created this sample, see the labelcfg(8) man page. 

# labelcfg info
title=Sample Information Protection Policy
classification=Public
	level=1
classification=Confidential -
	level=2
compartment=Highly Restricted
	bit=0
	subcompartments="Restricted"
	minclass=Confidential -
compartment=Restricted
	bit=1
	subcompartments="Internal"
	minclass=Confidential -
compartment=Internal
	bit=2
	minclass=Confidential -
min_label=Public
clearance=ADMIN_HIGH

Note that each classification has a numeric equivalent indicated by a level number. A higher classification has a higher level number. The compartments are differentiated by bits, so bit numbers do not indicate higher or lower. Classifications plus their compartments comprise the list of valid labels. When you list the labels, they display from highest label to lowest without displaying the ADMIN_HIGH or ADMIN_LOW label. 

# labelcfg list
"Confidential - Highly Restricted"
"Confidential - Restricted"
"Confidential - Internal"
Public

The value of clearance in the encodings file applies to users or roles who do not have an explicit key-value setting for the clearance security attribute. The root role and the initial account that was created during the installation of Oracle Solaris have an explicit clearance, ADMIN_HIGH.

Caution:

Never change the explicit ADMIN_HIGH clearance of the root account.

User processes inherit the clearance of the user's primary login process. To view the clearance of your current process, type plabel in a terminal window. You have access to all labels from your clearance to ADMIN_LOW. 

$ plabel
ADMIN_HIGH