About Installing a Customized Labels Package

After you create and test the label policy for your site, you can install it as an Image Packaging System (IPS) package on your systems. The package you create must contain the encodings file. Also, the encodings file name must be the value of the labeld/encodings_file property of the labeld:clearance service in the service manifest.

Use the labelcfg -e command to place the active encodings file as the value of the labeld/encodings_file property in the service manifest.

# labelcfg -e /etc/security/tsol/site-enc
# svccfg -s labeld:clearance listprop labeld/encodings_file
labeld/encodings_file astring     /etc/security/tsol/site-enc

File labels and user clearances are stored as hexadecimal strings that encode the classifications and compartments. After installing the package, assigning new names to existing classifications does not affect the internal label representations, although renaming might be confusing for users. Adding additional classifications and compartments does not invalidate existing settings, either. However, do not remove classifications or compartments that are assigned to users or files because existing labels that used those classifications and compartments would then display as hexadecimal strings.

For information about package creation and testing, see Chapter 2, Packaging Software With IPS in Packaging and Delivering Software With the Image Packaging System in Oracle Solaris 11.4. For more information about package delivery and installation, see Updating Systems and Adding Software in Oracle Solaris 11.4 and Creating a Custom Oracle Solaris 11.4 Image.