device_allocate(4) [opensolaris man page]

device_allocate(4)						   File Formats 						device_allocate(4)

NAME

       device_allocate - device_allocate file

SYNOPSIS

       /etc/security/device_allocate

DESCRIPTION

       The  device_allocate  file  is  an ASCII file that resides in the /etc/security directory. It contains mandatory access control information
       about each physical device. Each device is represented by a one- line entry of the form:

       device-name;device-type;reserved1;reserved2;auths;device-exec

       where:

       device-name

	   Represents an arbitrary ASCII string naming the physical device. This field contains no embedded white space or  non-printable  charac-
	   ters.

       device-type

	   Represents  an  arbitrary  ASCII string naming the generic device type. This field identifies and groups together devices of like type.
	   This field contains no embedded white space or non-printable characters. The following types of devices are currently  managed  by  the
	   system:  audio,  sr	(represents  CDROM  drives),  fd  (represents floppy drives), st (represents tape drives), rmdisk (removable media
	   devices).

       reserved1

	   On systems configured with Trusted Extensions, this field stores a colon-separated (:) list of key-value  pairs  that  describe  device
	   allocation  attributes  used in Trusted Extensions. Zero or more keys can be specified. The following keys are currently interpreted by
	   Trusted Extensions systems:

	   minlabel

	       Specifies the minimum label at which device can be allocated. Default value is admin_low.

	   maxlabel

	       Specifies the maximum label at which device can be allocated. Default value is admin_high.

	   zone

	       Specifies the name of the zone in which device is currently allocated.

	   class

	       Specifies  a  logical grouping of devices. For example, all Sun Ray devices of all device types. There is no default  class.

	   xdpy

	       Specifies the X display name. This is used to identify devices associated with that X session. There is no default xdpy value.

       reserved2

	   Represents a field reserved for future use.

       auths

	   Represents a field that contains a comma-separated list of authorizations required to allocate the device, an asterisk (*) to  indicate
	   that  the  device is not allocatable, or an '@' symbol to indicate that no explicit authorization is needed to allocate the device. The
	   default authorization is solaris.device.allocate. See auths(1).

       device-exec

	   The physical device's data clean program to be run any time the device is acted on by allocate(1). This  ensures  that  unmanaged  data
	   does  not  remain  in  the physical device between uses. This field contains the filename of a program in /etc/security/lib or the full
	   pathname of a cleanup script provided by the system administrator.

   Notes on device_allocate
       The device_allocate file is an ASCII file that resides in the /etc/security directory.

       Lines in device_allocate can end with a `' to continue an entry on the next line.

       Comments can also be included. A `#' makes a comment of all further text until the next NEWLINE not immediately preceded by a `'.

       White space is allowed in any field.

       The device_allocate file must be created by the system administrator before device allocation is enabled.

       The device_allocate file is owned by root, with a group of sys, and a mode of 0644.

EXAMPLES

       Example 1 Declaring an Allocatable Device

       Declare that physical device st0 is a type st. st is allocatable, and the script used to clean the device after	running  deallocate(1)	is
       named /etc/security/lib/st_clean.

	 # scsi tape
	 st0;
	      st;
	      reserved;
	      reserved;
	      solaris.device.allocate;
	      /etc/security/lib/st_clean

       Example 2 Declaring an Allocatable Device with Authorizations

       Declare	that  physical device fd0 is of type fd. fd is allocatable by users with the solaris.device.allocate authorization, and the script
       used to clean the device after running deallocate(1) is named /etc/security/lib/fd_clean.

	 # floppy drive
	 fd0;
	      fd;
	      reserved;
	      reserved;
	      solaris.device.allocate;
	      /etc/security/lib/fd_clean

       Making a device allocatable means that you need to allocate and deallocate it to use it (with allocate(1) and deallocate(1)). If  a  device
       is not allocatable, there is an asterisk (*) in the auths field, and no one can use the device.

FILES

       /etc/security/device_allocate

	   Contains list of allocatable devices

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Uncommitted		   |
       +-----------------------------+-----------------------------+

SEE ALSO

       auths(1), allocate(1), bsmconv(1M), deallocate(1), list_devices(1), auth_attr(4), attributes(5)

NOTES

       The functionality described in this man page is available only if  Solaris Auditing has been enabled. See bsmconv(1M) for more information.

       On  systems  configured	with  Trusted  Extensions,  the  functionality is enabled by default. On such systems, the device_allocate file is
       updated automatically by the system.

SunOS 5.11							    12 May 2008 						device_allocate(4)