Skip Navigation Links | |
Exit Print View | |
Trusted Extensions Configuration and Administration Oracle Solaris 11.1 Information Library |
Part I Initial Configuration of Trusted Extensions
1. Security Planning for Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding the Trusted Extensions Feature to Oracle Solaris (Tasks)
4. Configuring Trusted Extensions (Tasks)
5. Configuring LDAP for Trusted Extensions (Tasks)
Part II Administration of Trusted Extensions
6. Trusted Extensions Administration Concepts
7. Trusted Extensions Administration Tools
8. Security Requirements on a Trusted Extensions System (Overview)
9. Performing Common Tasks in Trusted Extensions
10. Users, Rights, and Roles in Trusted Extensions (Overview)
11. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
12. Remote Administration in Trusted Extensions (Tasks)
13. Managing Zones in Trusted Extensions
14. Managing and Mounting Files in Trusted Extensions
Mount Possibilities in Trusted Extensions
Trusted Extensions Policies for Mounted File Systems
Trusted Extensions Policy for Single-Level Datasets
Trusted Extensions Policy for Multilevel Datasets
No Privilege Overrides for MAC Read-Write Policy
Results of Sharing and Mounting File Systems in Trusted Extensions
Sharing and Mounting Files in the Global Zone
Multilevel Datasets for Relabeling Files
Mounting Multilevel Datasets From Another System
NFS Server and Client Configuration in Trusted Extensions
Home Directory Creation in Trusted Extensions
Changes to the Automounter in Trusted Extensions
Trusted Extensions Software and NFS Protocol Versions
Backing Up, Sharing, and Mounting Labeled Files (Task Map)
How to Back Up Files in Trusted Extensions
How to Restore Files in Trusted Extensions
How to Share File Systems From a Labeled Zone
How to NFS Mount Files in a Labeled Zone
How to Troubleshoot Mount Failures in Trusted Extensions
15. Trusted Networking (Overview)
16. Managing Networks in Trusted Extensions (Tasks)
17. Trusted Extensions and LDAP (Overview)
18. Multilevel Mail in Trusted Extensions (Overview)
19. Managing Labeled Printing (Tasks)
20. Devices in Trusted Extensions (Overview)
21. Managing Devices for Trusted Extensions (Tasks)
22. Trusted Extensions Auditing (Overview)
23. Software Management in Trusted Extensions
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Computer Security Recommendations
Physical Security Recommendations
Personnel Security Recommendations
Additional Security References
B. Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
C. Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Oracle Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
D. List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Oracle Solaris Man Pages That Are Modified by Trusted Extensions
In Trusted Extensions, shared files can ease administration, and provide efficiency and speed. MAC is always in force.
Share single-level datasets from a labeled zone, over NFS – As in Oracle Solaris, shared directories ease administration. For example, you can install the man pages for Oracle Solaris on one system, and share the man page directory with other systems.
Share multilevel datasets from the global zone, over LOFS – LOFS-mounted datasets provide efficiency and speed when moving files from one label to another. Files are moved within the dataset, so no i/o operations are used.
Share multilevel datasets from the global zone, over NFS – An NFS server can share a multilevel dataset that contains files at many labels to many clients. Such a configuration eases administration and provides a single location for file distribution. You do not require a server at a particular label to serve clients at that label.
Mounting files in the global zone is identical to mounting files in Oracle Solaris, subject to MAC policy. Files that are shared from the global zone are shared at the label of the file. Therefore, file systems from a global zone are not usefully shared with the global zones of other Trusted Extensions systems, because all files are shared at the label ADMIN_LOW. The files that the global zone usefully shares with other systems are multilevel datasets.
Files and directories in a single-level dataset that are shared over LOFS from the global zone are shared at ADMIN_LOW. For example, the /etc/passwd and /etc/shadow files from the global zone can be LOFS mounted into the labeled zones on the system. Because the files are ADMIN_LOW, they are visible and read-only in the labeled zones. Files and directories in multilevel datasets are shared at the label of the object.
The global zone can also share multilevel datasets over NFS. A client can request to mount the dataset when the NFS service is configured to use multilevel ports. The request succeeds when the client label is within the label range that is specified in the cipso template for the network interface that handles the client's NFS mount request.
Specifically, the behavior of global zones and mounted files is the following:
In the global zone on Trusted Extensions clients, everything in the share is readable, and the clients can write at ADMIN_HIGH, just as the local global zone processes can.
When the client is a labeled zone, the mounted files are read-write when the label of the zone matches the label of the shared file.
When the client is an unlabeled system, the mounted files are read-write when the assigned label of the client matches the label of the shared file.
To share multilevel datasets with labeled zones on the same system, the global zone can use LOFS.
For more information on the viewing and relabeling of files on an NFS mount, see Mounting Multilevel Datasets From Another System.
A labeled zone can share its files with other systems at the label of the zone. Therefore, file systems from a labeled zone can be shared with zones at the same label on other Trusted Extensions systems, and with untrusted systems that are assigned the same label as the zone. For information about the ZFS property that mediates these mounts, see mlslabel Property and Mounting Single-Level File Systems.
LOFS mounts from the global zone in a labeled zone are read-only for single-level datasets. For multilevel datasets, MAC policy is enforced per file and directory label, as described in No Privilege Overrides for MAC Read-Write Policy.
ZFS provides a security label attribute, mlslabel, that contains the label of the data in the dataset. The mlslabel property is inheritable. When a ZFS dataset has an explicit label, the dataset cannot be mounted on an Oracle Solaris system that is not configured with Trusted Extensions.
If the mlslabel property is undefined, it defaults to the string none, which indicates no label.
When you mount a ZFS dataset in a labeled zone, the following occurs:
If the dataset is not labeled, that is, the mlslabel property is undefined, the value of the mlslabel property is changed to the label of the mounting zone.
For the global zone, the mlslabel property is not set automatically. If you explicitly label the dataset admin_low, the dataset must be mounted read-only.
If the dataset is labeled, the kernel verifies that the dataset label matches the label of the mounting zone. If the labels do not match, the mount fails, unless the zone allows read-down mounts. If the zone allows read-down mounts, a lower-level file system mounts read-only.
To set the mlslabel property from the command line, type something similar to the following:
# zfs set mlslabel=public export/publicinfo
The file_upgrade_sl privilege is required to set an initial label or to change a non-default label to a higher-level label. The file_downgrade_sl privilege is required to remove a label, that is, to set the label to none. This privilege is also required to change a non-default label to a lower-level label.