| Skip Navigation Links | |
| Exit Print View | |
|
Trusted Extensions Configuration and Administration Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Trusted Extensions Configuration and Administration Oracle Solaris 11.1 Information Library |
Part I Initial Configuration of Trusted Extensions
1. Security Planning for Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding the Trusted Extensions Feature to Oracle Solaris (Tasks)
4. Configuring Trusted Extensions (Tasks)
5. Configuring LDAP for Trusted Extensions (Tasks)
Part II Administration of Trusted Extensions
6. Trusted Extensions Administration Concepts
7. Trusted Extensions Administration Tools
8. Security Requirements on a Trusted Extensions System (Overview)
9. Performing Common Tasks in Trusted Extensions
10. Users, Rights, and Roles in Trusted Extensions (Overview)
11. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
12. Remote Administration in Trusted Extensions (Tasks)
13. Managing Zones in Trusted Extensions
14. Managing and Mounting Files in Trusted Extensions
Mount Possibilities in Trusted Extensions
Trusted Extensions Policies for Mounted File Systems
Trusted Extensions Policy for Single-Level Datasets
Trusted Extensions Policy for Multilevel Datasets
No Privilege Overrides for MAC Read-Write Policy
Results of Sharing and Mounting File Systems in Trusted Extensions
Sharing and Mounting Files in the Global Zone
Sharing and Mounting Files in a Labeled Zone
mlslabel Property and Mounting Single-Level File Systems
NFS Server and Client Configuration in Trusted Extensions
Home Directory Creation in Trusted Extensions
Changes to the Automounter in Trusted Extensions
Trusted Extensions Software and NFS Protocol Versions
Backing Up, Sharing, and Mounting Labeled Files (Task Map)
How to Back Up Files in Trusted Extensions
How to Restore Files in Trusted Extensions
How to Share File Systems From a Labeled Zone
How to NFS Mount Files in a Labeled Zone
How to Troubleshoot Mount Failures in Trusted Extensions
15. Trusted Networking (Overview)
16. Managing Networks in Trusted Extensions (Tasks)
17. Trusted Extensions and LDAP (Overview)
18. Multilevel Mail in Trusted Extensions (Overview)
19. Managing Labeled Printing (Tasks)
20. Devices in Trusted Extensions (Overview)
21. Managing Devices for Trusted Extensions (Tasks)
22. Trusted Extensions Auditing (Overview)
23. Software Management in Trusted Extensions
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Computer Security Recommendations
Physical Security Recommendations
Personnel Security Recommendations
Additional Security References
B. Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
C. Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Oracle Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
D. List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Oracle Solaris Man Pages That Are Modified by Trusted Extensions
A multilevel ZFS dataset is designed to contain files and directories at different labels. Each file and directory is individually labeled, and the labels can be changed without moving or copying the files. Files can be relabeled within the dataset's label range. To create and share multilevel datasets, see How to Create and Share a Multilevel Dataset.
Normally, all the files and directories in a dataset have the same label as the zone in which the dataset is mounted. This label is recorded automatically in a ZFS property called mlslabel when the dataset is first mounted into the zone. These datasets are single-level labeled datasets. The mlslabel property cannot be changed while the dataset is mounted, that is, the mounting zone cannot change the mlslabel property.
After the mlslabel property is set, the dataset cannot be mounted read-write into a zone unless the zone's label matches the mlslabel property of the dataset. Furthermore, a dataset cannot be mounted in any zone if it is currently mounted in any other zone, including the global zone. Because the label of files in a single-level labeled dataset are fixed, when you relabel a file with the setlabel command, the file is actually moved to the equivalent pathname in the primary zone that corresponds to the target label. This movement across zones can be inefficient and confusing. Multilevel datasets provide an efficient container for relabeling data.
For multilevel datasets that are mounted in the global zone, the default value of the mlslabel property is ADMIN_HIGH. This value specifies the upper bound of the label range of the dataset. If you specify a lower label, you can only write to the dataset from zones whose labels are dominated by the mlslabel property.
Users or roles with the Object Label Management rights profile have the appropriate privileges to upgrade or downgrade files or directories to which they have DAC access. For the procedure, How to Enable a User to Change the Security Level of Data.
For the user process, additional policy constraints apply.
By default, no process in a labeled zone can relabel file or directories. To enable relabeling, see How to Enable Files to Be Relabeled From a Labeled Zone. To specify more granular controls, for example, permitting downgrading but not upgrading files, see Example 13-5.
Directories cannot be relabeled unless they are empty.
Files and directories cannot be downgraded below the label of their containing directory.
To relabel, you first move the file to the lower-level directory, then relabel it.
Zones that mount the dataset cannot upgrade a file or directory above the zone label.
Files cannot be relabeled if they are currently open by a process in any zone.
File and directories cannot be upgraded above the mlslabel value of the dataset.
The global zone can share multilevel datasets over NFS with Trusted Extensions systems and unlabeled systems. The datasets can be mounted in the global zone and in labeled zones, and on unlabeled systems at their assigned label. The exception is an ADMIN_LOW unlabeled system. It cannot mount a multilevel dataset.
When a multilevel dataset is created with a label that is lower than ADMIN_HIGH, the dataset can be mounted in the global zone of another Trusted Extensions system, but files can only be viewed in the global zone, not modified. When a labeled zone NFS mounts the multilevel dataset from a different system's global zone, some restrictions apply.
Some restrictions apply to NFS-mounted multilevel datasets.
A Trusted Extensions NFS client can see the correct labels only for files that are writable. The getlabel command mis-reports the label of lower-level files as being the label of the client. MAC policy is in effect, so the files remain read-only and higher-level files are not visible.
The NFS server ignores any privileges the client might have.
Because of these restrictions, using LOFS is preferable for labeled zone clients who are being served from their own global zone. NFS will work for these clients, but they are subject to the restrictions. For the LOFS mounting procedure, see How to Create and Share a Multilevel Dataset.
|