| Skip Navigation Links | |
| Exit Print View | |
|
Trusted Extensions Configuration and Administration Oracle Solaris 11 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Trusted Extensions Configuration and Administration Oracle Solaris 11 Information Library |
Part I Initial Configuration of Trusted Extensions
1. Security Planning for Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding the Trusted Extensions Feature to Oracle Solaris (Tasks)
4. Configuring Trusted Extensions (Tasks)
5. Configuring LDAP for Trusted Extensions (Tasks)
Part II Administration of Trusted Extensions
6. Trusted Extensions Administration Concepts
7. Trusted Extensions Administration Tools
8. Security Requirements on a Trusted Extensions System (Overview)
9. Performing Common Tasks in Trusted Extensions (Tasks)
10. Users, Rights, and Roles in Trusted Extensions (Overview)
11. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
12. Remote Administration in Trusted Extensions (Tasks)
13. Managing Zones in Trusted Extensions (Tasks)
14. Managing and Mounting Files in Trusted Extensions (Tasks)
Sharing and Mounting Files in Trusted Extensions
NFS Mounts in Trusted Extensions
Sharing Files From a Labeled Zone
Access to NFS Mounted File Systems in Trusted Extensions
Home Directory Creation in Trusted Extensions
Changes to the Automounter in Trusted Extensions
Backing Up, Sharing, and Mounting Labeled Files (Task Map)
How to Back Up Files in Trusted Extensions
How to Restore Files in Trusted Extensions
How to Share File Systems From a Labeled Zone
How to NFS Mount Files in a Labeled Zone
How to Troubleshoot Mount Failures in Trusted Extensions
15. Trusted Networking (Overview)
16. Managing Networks in Trusted Extensions (Tasks)
17. Trusted Extensions and LDAP (Overview)
18. Multilevel Mail in Trusted Extensions (Overview)
19. Managing Labeled Printing (Tasks)
20. Devices in Trusted Extensions (Overview)
21. Managing Devices for Trusted Extensions (Tasks)
22. Trusted Extensions Auditing (Overview)
23. Software Management in Trusted Extensions (Reference)
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Computer Security Recommendations
Physical Security Recommendations
Personnel Security Recommendations
Additional Security References
B. Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
C. Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Oracle Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
D. List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Oracle Solaris Man Pages That Are Modified by Trusted Extensions
Trusted Extensions software recognizes labels on NFS Version 3 (NFSv3) and NFSv4. You can use one of the following sets of mount options:
vers=4 proto=tcp vers=3 proto=tcp vers=3 proto=udp
Trusted Extensions has no restrictions on mounts over the tcp protocol. In NFSv3 and NFSv4, the tcp protocol can be used for same-label mounts and for read-down mounts. Read-down mounts require a multilevel port (MLP).
For NFSv3, Trusted Extensions behaves like Oracle Solaris. The udp protocol is the default for NFSv3, but udp is used only for the initial mount operation. For subsequent NFS operations, the system uses tcp. Therefore, read-down mounts work for NFSv3 in the default configuration.
In the rare case that you have restricted NFSv3 mounts to use the udp protocol for initial and subsequent NFS operations, you must create an MLP for NFS operations that use the udp protocol. For the procedure, see Example 16-19.
A Trusted Extensions system can also share its file systems with unlabeled hosts. A file system that is exported to an unlabeled host is writable if its label equals the label that is assigned to the remote host by the exporting zone. A file system that is exported to an unlabeled host is readable only if its label is dominated by the label that is assigned to the remote system.
Communication with systems that are running a release of Trusted Solaris software is possible only at a single label. The Trusted Extensions system and the Trusted Solaris system must assign to their peer a template with the unlabeled host type. The unlabeled host types must specify the same single label. As an unlabeled NFS client of a Trusted Solaris server, the label of the client cannot be ADMIN_LOW.
The NFS protocol that is used is independent of the local file system's type. Rather, the protocol depends on the type of the sharing computer's operating system. The file system type that is specified to the mount command for remote file systems is always NFS.
|