1. Securing Files and Verifying File Integrity in Oracle Solaris 11.4
  2. Labeling Files for Data Loss Protection
  3. About Labeling in Oracle Solaris
  4. Labels and Clearances

Labels and Clearances

Oracle Solaris labels files and processes. Labels are assigned to files to indicate the sensitivity of the information. When assigned to processes, labels are called clearances. Processes such as user processes can access files equal to or lower than the process label. Typical labels are Public and Confidential - Restricted.

Oracle Solaris provides the highest and lowest labels, ADMIN_HIGH and ADMIN_LOW. These labels cannot be changed or internationalized. The ADMIN_HIGH label is number 255 and dominates all classifications and includes all compartments. The ADMIN_LOW label, number 0, is the lowest classification and contains no compartments. All labels dominate ADMIN_LOW. On an unlabeled system, the ADMIN_LOW label cannot be changed. Processes with a clearance can access files that the clearance dominates. For example, a process that runs at Confidential - Restricted can access files at that label and at the Public label.