trusted_extensions(5) [opensolaris man page]
trusted_extensions(5) Standards, Environments, and Macros trusted_extensions(5) NAME
trusted_extensions - Solaris Trusted Extensions DESCRIPTION
SolarisTM Trusted Extensions software is a specific configuration of the Solaris Operating System (Solaris OS). Solaris Trusted Extensions (Trusted Extensions) provides labels for local objects and processes, for the desktop and windowing system, for zones and file systems, and for network communications. These labels are used to implement a Multilevel Security (MLS) policy that restricts the flow of information based on label relationships. In contrast to Discretionary Access Control (DAC) based on ownership, the MLS policy enforced by Trusted Extensions is an example of Mandatory Access Control (MAC). By default, Trusted Extensions software is disabled. It is enabled and disabled (but not configured) by the labeld(1M) service, identified by the FMRI: svc:/system/labeld:default Refer to the Administrator's Guide listed below for the required configuration of Trusted Extensions software necessary before use. The system must be rebooted after enabling or disabling labeld to activate or deactivate Trusted Extensions software. SEE ALSO
labeld(1M), label_encodings(4), labels(5) Solaris Trusted Extensions Administrator's Procedures Solaris Trusted Extensions User's Guide SunOS 5.11 12 Nov 2007 trusted_extensions(5)
Check Out this Related Man Page
atohexlabel(1M) System Administration Commands atohexlabel(1M) NAME
atohexlabel - convert a human readable label to its internal text equivalent SYNOPSIS
/usr/sbin/atohexlabel [human-readable-sensitivity-label] /usr/sbin/atohexlabel -c [human-readable-clearance] DESCRIPTION
atohexlabel converts a human readable label into an internal text representation that is safe for storing in a public object. If no option is supplied, the label is assumed to be a sensitivity label. Internal conversions can later be parsed to their same value. This internal form is often hexadecimal. The converted label is written to the standard output file. If no human readable label is specified, the label is read from the standard input file. The expected use of this command is emergency repair of labels that are stored in internal databases. OPTIONS
-c Identifies the human readable label as a clearance. EXIT STATUS
The following exit values are returned: 0 On success. 1 On failure, and writes diagnostics to the standard error file. FILES
/etc/security/tsol/label_encodings The label encodings file contains the classification names, words, constraints, and values for the defined labels of this system. ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWtsu | +-----------------------------+-----------------------------+ |Interface Stability |See below. | +-----------------------------+-----------------------------+ The command output is Committed for systems with the same label_encodings file. The command invocation is Committed for systems that imple- ment the DIA MAC policy. SEE ALSO
hextoalabel(1M), label_to_str(3TSOL), str_to_label(3TSOL), label_encodings(4), attributes(5) How to Get the Hexadecimal Equivalent for a Label in Solaris Trusted Extensions Administrator's Procedures NOTES
The functionality described on this manual page is available only if the system is configured with Trusted Extensions. This file is part of the Defense Intelligence Agency (DIA) Mandatory Access Control (MAC) policy. This file might not be applicable to other MAC policies that might be developed for future releases of Solaris Trusted Extensions software. SunOS 5.11 20 Jul 2007 atohexlabel(1M)