Contained Within
Find More Documentation
Featured Support Resources
|  Download this book in PDF
NAME
- device_allocate - device_allocate file
SYNOPSIS
-
/etc/security/device_allocate
AVAILABILITY
- The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information.
DESCRIPTION
- The device_allocate file contains mandatory access control information about each physical device. Each device is represented by a one line entry of the form:
-
device-name; device-type;reserved;reserved;alloc; device-exec
- where
-
-
device-name
- This is an arbitrary ASCII string naming the physical dev-
- ice. This field contains no embedded white space or non-
- printable characters.
-
-
device-type
- This is an arbitrary ASCII string naming the generic device
- type. This field identifies and groups together devices of
- like type. This field contains no embedded white space or
- non-printable characters.
-
- reserved
- This field is reserved for future use.
-
- reserved
- This field is reserved for future use.
-
-
alloc
- This field contains an arbitrary string which controls
- whether or not a device is allocatable. If the field contains
- only an asterisk (* ),the device is not allocatable. Other-
- wise, the device may be allocated and deallocated in the
- normal fashion.
-
-
device-exec
- This is the physical device's data purge program to be run
- any time the device is acted on by allocate(1M). This is to
- ensure that all usable data is purged from the physical
- device before it is reused. This field contains the filename
- of a program in /etc/security/lib or the full pathname of a
- cleanup script provided by the system administrator.
- The device_allocate file is an ASCII file that resides in the /etc/security directory.
- Lines in device_allocate can end with a `\' to continue an entry on the next line.
- Comments may also be included. A `# 'makes a comment of all further text until the next NEWLINE not immediately preceded by a `\'.
- Leading and trailing blanks are allowed in any of the fields.
- The device_allocate file must be created by the system administrator before device allocation is enabled.
- The device_allocate file is owned by root, with a group of sys, and a mode of 0644.
EXAMPLES
- Declare that physical device st0 is a type st. st is allocatable, and the script used to clean the device after running deallocate(1M) is named /etc/security/lib/st_clean.
-
-
# scsi tape
st0;\
st;\
reserved;\
reserved;\
alloc;\
/etc/security/lib/st_clean;\
- Declare that physical device fd0 is of type fd . fd is allocatable, and the script used to clean the device after running deallocate(1M) is named /etc/security/lib/fd_clean.
-
-
# floppy drive
fd0;\
fd;\
reserved;\
reserved;\
alloc;\
/etc/security/lib/fd_clean;\
- Note that making a device allocatable means that you need to allocate and deallocate them to use them (with allocate(1M) and deallocate(1M)). If a device is allocatable, there will be an asterisk (* )in the alloc field, and one can use the device without allocating and deallocating it.
FILES
-
-
/etc/security/device_allocate
- Contains list of allocatable devices
SEE ALSO
-
allocate(1M), bsmconv(1M), deallocate(1M), list_devices(1M)
|
|
