JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
man pages section 5: Standards, Environments, and Macros     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

Introduction

Standards, Environments, and Macros

acl(5)

ad(5)

advance(5)

adv_cap_1000fdx(5)

adv_cap_1000hdx(5)

adv_cap_100fdx(5)

adv_cap_100hdx(5)

adv_cap_10fdx(5)

adv_cap_10hdx(5)

adv_cap_asym_pause(5)

adv_cap_autoneg(5)

adv_cap_pause(5)

adv_rem_fault(5)

ANSI(5)

architecture(5)

ars(5)

ascii(5)

attributes(5)

audit_binfile(5)

audit_flags(5)

audit_remote(5)

audit_syslog(5)

availability(5)

brands(5)

C++(5)

C(5)

cancellation(5)

cap_1000fdx(5)

cap_1000hdx(5)

cap_100fdx(5)

cap_100hdx(5)

cap_10fdx(5)

cap_10hdx(5)

cap_asym_pause(5)

cap_autoneg(5)

cap_pause(5)

cap_rem_fault(5)

charmap(5)

compile(5)

condition(5)

crypt_bsdbf(5)

crypt_bsdmd5(5)

crypt_sha256(5)

crypt_sha512(5)

crypt_sunmd5(5)

crypt_unix(5)

CSI(5)

datasets(5)

device_clean(5)

dhcp(5)

dhcp_modules(5)

environ(5)

eqnchar(5)

extendedFILE(5)

extensions(5)

fedfs(5)

filesystem(5)

fmri(5)

fnmatch(5)

formats(5)

fsattr(5)

grub(5)

gss_auth_rules(5)

hal(5)

iconv_1250(5)

iconv_1251(5)

iconv(5)

iconv_646(5)

iconv_852(5)

iconv_8859-1(5)

iconv_8859-2(5)

iconv_8859-5(5)

iconv_dhn(5)

iconv_koi8-r(5)

iconv_mac_cyr(5)

iconv_maz(5)

iconv_pc_cyr(5)

iconv_unicode(5)

ieee802.11(5)

ieee802.3(5)

ipfilter(5)

ipkg(5)

isalist(5)

ISO(5)

kerberos(5)

krb5_auth_rules(5)

krb5envvar(5)

KSSL(5)

kssl(5)

labels(5)

largefile(5)

ldap(5)

lf64(5)

lfcompile(5)

lfcompile64(5)

link_duplex(5)

link_rx_pause(5)

link_tx_pause(5)

link_up(5)

locale(5)

locale_alias(5)

lp_cap_1000fdx(5)

lp_cap_1000hdx(5)

lp_cap_100fdx(5)

lp_cap_100hdx(5)

lp_cap_10fdx(5)

lp_cap_10hdx(5)

lp_cap_asym_pause(5)

lp_cap_autoneg(5)

lp_cap_pause(5)

lp_rem_fault(5)

man(5)

mansun(5)

me(5)

mech_spnego(5)

mm(5)

ms(5)

MT-Level(5)

mutex(5)

MWAC(5)

mwac(5)

nfssec(5)

NIS+(5)

NIS(5)

nis(5)

nwam(5)

openssl(5)

pam_allow(5)

pam_authtok_check(5)

pam_authtok_get(5)

pam_authtok_store(5)

pam_deny(5)

pam_dhkeys(5)

pam_dial_auth(5)

pam_krb5(5)

pam_krb5_migrate(5)

pam_ldap(5)

pam_list(5)

pam_passwd_auth(5)

pam_pkcs11(5)

pam_rhosts_auth(5)

pam_roles(5)

pam_sample(5)

pam_smbfs_login(5)

pam_smb_passwd(5)

pam_tsol_account(5)

pam_tty_tickets(5)

pam_unix_account(5)

pam_unix_auth(5)

pam_unix_cred(5)

pam_unix_session(5)

pam_user_policy(5)

pam_zfs_key(5)

pkcs11_kernel(5)

pkcs11_kms(5)

pkcs11_softtoken(5)

pkcs11_tpm(5)

pkg(5)

POSIX.1(5)

POSIX.2(5)

POSIX(5)

privileges(5)

prof(5)

pthreads(5)

RBAC(5)

rbac(5)

regex(5)

regexp(5)

resource_controls(5)

sgml(5)

smf(5)

smf_bootstrap(5)

smf_method(5)

smf_restarter(5)

smf_security(5)

smf_template(5)

solaris10(5)

solaris(5)

solbook(5)

stability(5)

standard(5)

standards(5)

step(5)

sticky(5)

suri(5)

SUS(5)

SUSv2(5)

SUSv3(5)

SVID3(5)

SVID(5)

tecla(5)

teclarc(5)

term(5)

threads(5)

trusted_extensions(5)

vgrindefs(5)

wbem(5)

xcvr_addr(5)

xcvr_id(5)

xcvr_inuse(5)

XNS4(5)

XNS(5)

XNS5(5)

XPG3(5)

XPG4(5)

XPG4v2(5)

XPG(5)

zones(5)

device_clean

- device clean programs

Description

Each allocatable device has a device clean program associated with it. Device clean programs are invoked by deallocate(1) to clean device states, registers, and any residual information in the device before the device is allocated to a user. Such cleaning is required by the object reuse policy.

Use list_devices(1) to obtain the names and types of allocatable devices as well as the cleaning program and the authorizations that are associated with each device.

On a system configured with Trusted Extensions, device clean programs are also invoked by allocate(1), in which case the program can optionally mount appropriate media for the caller.

The following device clean programs reside in /etc/security/lib.

audio_clean

audio devices

st_clean

tape devices

sr_clean

CD-ROM devices

On a system configured with Trusted Extensions, the following additional cleaning programs and wrappers are available.

disk_clean

CD-ROM and other removable media devices. This program mounts the device during the execution of allocate, if required.

audio_clean_wrapper

wrapper to make audio_clean work with CDE

wdwwrapper

wrapper to make other cleaning programs work with CDE

wdwmsg

CDE dialog boxes for cleaning programs

Administrators can create device clean programs for their sites. These programs must adhere to the syntax described below.

/etc/security/lib/device-clean-program [-i | -f | -s | -I] \
-m mode -u user-name -z zone-name -p zone-path device-name

where:

device-name

The name of the device that is to be cleaned. Use list_devices to obtain the list of allocatable devices.

-i

Invoke boot-time initialization.

-f

Force cleanup by the administrator.

-s

Invoke standard cleanup by the user.

-I

Same as -i, with no error or warning.

The following options are supported only when the system is configured with Trusted Extensions.

-m mode

Specify the mode in which the clean program is invoked. Valid values are allo- cate and deallocate. The default mode is allocate.

-u user-name

Specify the name of user who executes the device clean program. The default user is the caller.

-z zone-name

Specify the name of the zone in which the device is to be allocated or deallocated. The default zone is the global zone.

-p zone-path

Establish the root path of the zone that is specified by zone-name. Default is “/”.

Exit Status

The following exit values are returned:

0

Successful completion.

1

An error. Caller can place device in error state.

2

A system error. Caller can place device in error state.

On a system configured with Trusted Extensions, the following additional exit values are returned:

3

Mounting of device failed. Caller shall not place device in error state.

4

Mounting of device succeeded.

Files

/etc/security/lib/*

device clean programs

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Availability
system/core-os
Interface Stability
See below.

The Invocation is Uncommitted. The Output is Not-an-interface.

See Also

allocate(1), deallocate(1), list_devices(1), attributes(5)

Oracle Solaris 11.1 Administration: Security Services