Modifying Oracle Extensions (Task Map)

The following task map describes how to modify Oracle extensions in the label_encodings file.

How to Add Oracle Extensions to an Encodings File

The LOCAL DEFINITIONS section of the label_encodings file enables you to specify default user labels and colors for labels.

Before You Begin

You must be in the Security Administrator role in the global zone. You must have an encodings file that does not have a LOCAL DEFINITIONS section.

• Add the LOCAL DEFINITIONS section to your label_encodings file.

  Append the section from an Oracle-supplied label_encodings file. Oracle-supplied files are in the /etc/security/tsol directory.

How to Specify Default User Labels

Before You Begin

You must be in the Security Administrator role in the global zone. You must have an encodings file with a LOCAL DEFINITIONS section.

1. Back up the label_encodings file.

   # cp label_encodings label_encodings.orig

2. Edit the label_encodings file.

   # pfedit label_encodings

3. Find the line in the LOCAL DEFINITIONS section that begins with Default User Sensitivity Label.

   Default User Sensitivity Label= u;
   Default User Clearance= c;

4. Replace the sensitivity label with your desired minimum user label.

   The following example shows a new minimum label of c.

   Default User Sensitivity Label= c;

5. Replace the clearance with your desired user clearance.

   The following example shows a new clearance of s.

   Default User Clearance= s;

6. Save your changes.

Next Steps

Continue with How to Analyze and Verify the label_encodings File.

How to Assign a Color to a Label or Word

To minimize color-flashing, use color names or hexadecimal color values that you know have been specified for other applications. The default color values have been chosen with memory limitations for color in mind.

Before You Begin

You must be in the Security Administrator role in the global zone.

1. Back up the label_encodings file.

   # cp label_encodings label_encodings.orig

2. Edit the label_encodings file.

   # pfedit label_encodings

3. Find the COLOR NAMES section.

   COLOR NAMES:
             label= Admin_Low;       color= #bdbdbd;
             ...
             label= Admin_High;      color= #636363;

4. Define a color for each classification.

   In this example, the classification REGISTERED is assigned the color red. The NEED_TO_KNOW classification is assigned the color blue.

   label= REGISTERED;  color= red;
   label= NEED TO KNOW; color= blue;

5. (Optional) Define colors for individual compartment words.

   To distinguish certain compartment words irrespective of the classification with which they are associated, assign a separate color to those words.

   1. Determine the possible color names on your system.

      The names are defined in a local color database. For more information, see the X11(5) man page.

      % grep Red /usr/share/X11/rgb.txt
      ...
      255  69   0             OrangeRed
      219 112 147             PaleVioletRed
      ...
      139   0   0             DarkRed

   2. Assign the color names.

      For example, assign the color OrangeRed to the EMGT compartment:

      word= EMGT; color= OrangeRed;

6. (Optional) Define colors for labels.

   In this example, assign the color MediumPurple4 to the NEED TO KNOW label.

   label= NEED TO KNOW; color= MediumPurple4;

7. Save your changes.

Next Steps

Continue with How to Analyze and Verify the label_encodings File.