labels man page on SunOS

Man page or keyword search:  
man Server   20652 pages
apropos Keyword Search (all sections)
Output format
SunOS logo
[printable version]

labels(5)	      Standards, Environments, and Macros	     labels(5)

NAME
       labels - Solaris Trusted Extensions label attributes

DESCRIPTION
       Labels  are  attributes	that  are  used in mandatory policy decisions.
       Labels are associated, either explicitly or implicitly, with  all  sub‐
       jects  (generally  processes)  and  objects (generally things with data
       such as files) that are accessible to  subjects.	 The  default  Trusted
       Extensions  mandatory  policy  labels  are defined by a site's security
       administrator in label_encodings(4).

   Mandatory Policy
       Various mandatory policies  might  be  delivered	 in  the  lifetime  of
       Solaris Trusted Extensions.

       The  default  mandatory	policy	of  Trusted  Extensions is a Mandatory
       Access Control (MAC) policy that is equivalent to  that	of  the	 Bell-
       LaPadula	 Model	of  the Lattice, the Simple Security Property, and the
       *-Property (Star Property),  with  restricted  write  up.  The  default
       mandatory policy is also equivalent to the Goguen and Mesegeur model of
       Non-Inteference.

       For this MAC policy, two	 labels	 are  always  defined:	admin_low  and
       admin_high.  The site's security administrator defines all other labels
       in label_encodings(4). admin_low is associated  with  all  normal  user
       readable	 (viewable)  Trusted Extensions objects. admin_high is associ‐
       ated with all other Trusted  Extensions	objects.  Only	administrative
       users have MAC read (view) access to admin_high objects and only admin‐
       istrative users have MAC write (modify) access to admin_low objects  or
       admin_high objects.

   Human Readable Labels
       Users  interact	with  labels as strings. Graphical user interfaces and
       command line interfaces present the strings as defined in  label_encod‐
       ings(4).	 Human	readable  labels are classified at the label that they
       represent. Thus the string for a label A is  only  readable  (viewable,
       translatable  to	 or from human readable to opaque m_label_t) by a sub‐
       ject whose label allows read (view) access to that label.

   Internal Text Labels
       In order to store labels in publicly accessible (admin_low)  name  ser‐
       vice  databases,	 an unclassified internal text form is used. This tex‐
       tual form is not intended to be used in any interfaces other than those
       that  are  provided  with  the Trusted Extensions software release that
       created this textual form of the label.

   Labels and Applications
       Applications interact with labels as opaque (m_label_t) structures. The
       semantics  of  these  opaque  structures	 are  defined  by  a string to
       m_label_t translation. This  translation	 is  defined  in  label_encod‐
       ings(4).	 Various  Application  Programming  Interfaces (API) translate
       between strings and m_label_t structures. Various APIs test  access  of
       subject-related labels to object-related labels.

ATTRIBUTES
       See attributes(5) for description of the following attributes:

       ┌─────────────────────────────┬─────────────────────────────┐
       │      ATTRIBUTE TYPE	     │	    ATTRIBUTE VALUE	   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Interface Stability	     │See below.		   │
       └─────────────────────────────┴─────────────────────────────┘

       The  labels  implementation is Committed for systems that implement the
       Defense Intelligence Agency (DIA)  MAC  policy  of  label_encodings(4).
       Other  policies	might  exist in a future release of Trusted Extensions
       that might make obsolete or supplement label_encodings.

       Internal text labels are Not-an-Interface and  might  change  with  any
       release	of  Trusted  Extensions.  They are intended only for input and
       generation on the same release of Trusted Extensions software.

       As a potential porting aid for  Trusted	Solaris	 8  applications,  the
       opaque structure names bslabel_t, blevel_t, and bclear_t are defined to
       be equivalent to m_label_t. Like m_label_t, these types must be	ported
       as  opaque  pointers.  The  same	 must be done with the various Trusted
       Solaris 8 label interfaces. These  Trusted  Solaris  8  structures  and
       interfaces  are	Obsolete and might be removed from a future release of
       Trusted Extensions.

SEE ALSO
       chk_encodings(1M),	 blcompare(3TSOL),	  label_to_str(3TSOL),
       m_label_alloc(3TSOL),	  m_label_dup(3TSOL),	  m_label_free(3TSOL),
       str_to_label(3TSOL), label_encodings(4), attributes(5)

       Bell, D. E., and LaPadula, L. J. Secure Computer Systems: Unified Expo‐
       sition  and  Multics Interpretation, MTR-2997 Rev. 2, MITRE Corp., Bed‐
       ford Mass., March 1976. NTIS AD-A023 588/7.

       Goguen, J. A., and Mesegeur, J.: Security Policies and Security Models,
       Proceedings 1982 Symposium on Security and Privacy, IEEE Computer Soci‐
       ety Press, 1982, p 11-20.

       Goguen, J. A., and Mesegeur, J.: Unwinding  and	Interference  Control,
       Proceedings 1984 Symposium on Security and Privacy, IEEE Computer Soci‐
       ety Press, 1984, p 75-86.

       Compartmented Mode Workstation Labeling: Encodings Format

NOTES
       The functionality described on this manual page is  available  only  if
       the system is configured with Trusted Extensions.

SunOS 5.10			  20 Jul 2007			     labels(5)
[top]

List of man pages available for SunOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net