| Skip Navigation Links | |
| Exit Print View | |
|
Trusted Extensions Configuration and Administration Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Trusted Extensions Configuration and Administration Oracle Solaris 11.1 Information Library |
Part I Initial Configuration of Trusted Extensions
1. Security Planning for Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding the Trusted Extensions Feature to Oracle Solaris (Tasks)
4. Configuring Trusted Extensions (Tasks)
5. Configuring LDAP for Trusted Extensions (Tasks)
Part II Administration of Trusted Extensions
6. Trusted Extensions Administration Concepts
7. Trusted Extensions Administration Tools
8. Security Requirements on a Trusted Extensions System (Overview)
9. Performing Common Tasks in Trusted Extensions
10. Users, Rights, and Roles in Trusted Extensions (Overview)
11. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
12. Remote Administration in Trusted Extensions (Tasks)
13. Managing Zones in Trusted Extensions
14. Managing and Mounting Files in Trusted Extensions
Mount Possibilities in Trusted Extensions
Trusted Extensions Policies for Mounted File Systems
Trusted Extensions Policy for Single-Level Datasets
Results of Sharing and Mounting File Systems in Trusted Extensions
Sharing and Mounting Files in the Global Zone
Sharing and Mounting Files in a Labeled Zone
mlslabel Property and Mounting Single-Level File Systems
Multilevel Datasets for Relabeling Files
Mounting Multilevel Datasets From Another System
NFS Server and Client Configuration in Trusted Extensions
Home Directory Creation in Trusted Extensions
Changes to the Automounter in Trusted Extensions
Trusted Extensions Software and NFS Protocol Versions
Backing Up, Sharing, and Mounting Labeled Files (Task Map)
How to Back Up Files in Trusted Extensions
How to Restore Files in Trusted Extensions
How to Share File Systems From a Labeled Zone
How to NFS Mount Files in a Labeled Zone
How to Troubleshoot Mount Failures in Trusted Extensions
15. Trusted Networking (Overview)
16. Managing Networks in Trusted Extensions (Tasks)
17. Trusted Extensions and LDAP (Overview)
18. Multilevel Mail in Trusted Extensions (Overview)
19. Managing Labeled Printing (Tasks)
20. Devices in Trusted Extensions (Overview)
21. Managing Devices for Trusted Extensions (Tasks)
22. Trusted Extensions Auditing (Overview)
23. Software Management in Trusted Extensions
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Computer Security Recommendations
Physical Security Recommendations
Personnel Security Recommendations
Additional Security References
B. Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
C. Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Oracle Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
D. List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Oracle Solaris Man Pages That Are Modified by Trusted Extensions
While Trusted Extensions supports the same file systems and file system management commands as Oracle Solaris, mounted file systems in Trusted Extensions are subject to the mandatory access control (MAC) policies for viewing and modifying labeled data. The mount policies and the read and write policies enforce the MAC policies for labeling.
For single-level datasets, the mount policy prevents any NFS or LOFS mounts that would violate MAC. For example, a zone's label must dominate all of its mounted file system labels, and only equally labeled file systems can be mounted with read-write permissions. Any shared file systems that belong to other zones or to NFS servers are mounted at the label of the owner.
The following summarizes the behavior of NFS-mounted single-level datasets:
In the global zone, all mounted files can be viewed, but only files that are labeled ADMIN_HIGH can be modified.
In a labeled zone, all mounted files that are equal to or lower than the label of the zone can be viewed, but only files at the label of the zone can be modified.
On an untrusted system, only file systems from a labeled zone whose label is the same as the untrusted system's assigned label can be viewed and modified.
For LOFS-mounted single-level datasets, the mounted files can be viewed. They are at the label ADMIN_LOW, so cannot be modified.
For multilevel datasets, the MAC read and write policies are enforced at the granularity of files and directories rather than at the granularity of the file system.
Multilevel datasets can only be mounted in the global zone. Labeled zones can only access multilevel datasets by using LOFS mount points that you specify with the zonecfg command. For the procedure, see How to Create and Share a Multilevel Dataset. Appropriately privileged processes in the global zone or labeled zones can relabel files and directories. For relabeling examples, see Trusted Extensions User’s Guide.
In the global zone, all files in the multilevel dataset can be viewed. Mounted files that are labeled ADMIN_HIGH can be modified.
In a labeled zone, the multilevel dataset is mounted over LOFS. Mounted files at the same label or a lower level as the zone can be viewed. Mounted files at the same label as the zone can be modified.
Multilevel datasets can also be shared from the global zone over NFS. Remote clients can view files that are dominated by their network label, and modify files with equal labels. However, relabeling is not possible on an NFS-mounted multilevel dataset. For information on NFS mounts, see Mounting Multilevel Datasets From Another System.
For more information, see Multilevel Datasets for Relabeling Files and
The MAC policy for reading and writing files has no privilege overrides. Single-level datasets can only be mounted read-write if the label of the zone equals the label of the dataset. For read-only mounts, the zone label must dominate the dataset label. For multilevel datasets, all files and directories must be dominated by the mlslabel property, which defaults to ADMIN_HIGH. For multilevel datasets, MAC policy is enforced at the file and directory level. MAC policy enforcement is invisible to all users. Users cannot see an object unless they have MAC access to the object.
The following summarizes the share and mount policies in Trusted Extensions for single-level datasets:
For a Trusted Extensions system to mount a file system on another Trusted Extensions system, the server and the client must have compatible remote host templates of type cipso.
For a Trusted Extensions system to mount a file system from an untrusted system, the single label that is assigned to the untrusted system by the Trusted Extensions system must match the label of the global zone.
Similarly, for a labeled zone to mount a file system from an untrusted system, the single label that is assigned to the untrusted system by the Trusted Extensions system must match the label of the mounting zone.
Files whose labels differ from the mounting zone and are mounted with LOFS can be viewed, but cannot be modified. For details on NFS mounts, see NFS Server and Client Configuration in Trusted Extensions.
The following summarizes the share and mount policies in Trusted Extensions for multilevel datasets:
For a Trusted Extensions system to share a multilevel dataset with another system, the NFS server must be configured as a multilevel service.
For a Trusted Extensions system to share a multilevel dataset with labeled zones on it own system, the global zone must LOFS mount the dataset into the zones.
The labeled zone has write access to those LOFS-mounted files and directories whose label matches the zone's label, and has read access to the files and directories that it dominates. MAC policy is enforced at the individual file and directory level.
|