1. Securing Files and Verifying File Integrity in Oracle Solaris 11.4
  2. Labeling Files for Data Loss Protection
  3. About Labeling in Oracle Solaris
  4. Labeled Files and Multilevel File Systems
  5. Sharing and Mounting Labeled File Systems

Sharing and Mounting Labeled File Systems

Labeled file systems can be shared and mounted. Without an explicit labeled=on option, only the ADMIN_LOW file systems are shared. With the explicit labeled=on keyword, users who are cleared at particular labels can access files at those labels.

Access to files on a remotely mounted labeled file system is enforced by the file server's policy. Access is based on the user's clearance as interpreted by the server. Access policy can either be stored locally on the file server or retrieved from a central LDAP repository. Users must have a clearance on the server that is equal to or higher than the files that they want to access. If the file system is not shared as a labeled file system, remote access is limited to ADMIN_LOW files, even by privileged users.

Only Oracle Solaris systems that support labeling can mount multilevel file systems. To prevent mount failures, set canmount=off for labeled file systems before booting into a non Oracle Solaris 11.4 system.