1. Securing Files and Verifying File Integrity in Oracle Solaris 11.4
  2. Labeling Files for Data Loss Protection
  3. Maintaining Labeled File Systems

Maintaining Labeled File Systems

After configuring labeled file systems and their users, you maintain the systems by monitoring audit logs and archiving the file systems. Periodically, you need to update the users who can access sensitive files. You can also store an export of the label policy.

Note:

To transfer or archive a labeled file system, your clearance must dominate the value of the mlslabel property of the file system.

  • Transfer files to a new labeled file system by running the tar command with the -T option.

    In the following example, fromdir is the root of the existing file system and todir is the root of the new file system. 

    $ pfbash
$ cd fromdir; tar -cTf - . | (cd todir; tar xTp -)

    For more information, see the tar(l) man page.

  • Archive the file systems by using the zfs send and archiveadm commands.

    These commands preserve the labels of the files. For more information, see the zfs(8) and archiveadm(8) man pages. 

    $ pfexec zfs send -r labeled-filesystem
    $ pfexec archiveadm labeled-filesystem

  • Export and store the commands that re-create your encodings file.

    This file can be imported to create your encodings file on a test system, for example.

    # labelcfg -f enc-file-commands

    For example, to save the committed encodings file to an administrative directory:

    # labelcfg -f /opt/adminfiles/site-enc-commands