Sun and OracleChannel SunHow to BuyLog InDeutsch

Solaris Trusted Extensions Reference Manual
  Suchtext Nur in diesem Buch
Suche Hilfe
Nach weiteren Dokumenten suchen
Support-Ressourcen
 Dieses Buch im PDF-Format herunterladen (937 KB)

User Commands

dtappsession(1)

NAME | Synopsis | Description | Examples | Attributes | Files | Bugs | See Also

NAME

    dtappsession – start a new Application Manager session

Synopsis

    /usr/dt/bin/dtappsession  [hostname]

Description

    dtappsession is a specialized version of the Xsession shell script. It is an alternative to using the CDE remote login that allows you to access a remote host without logging out of your current CDE session. dtappsession starts a new instance of the CDE Application Manager in its own ToolTalkTM session. It can be used to remotely display the Application Manager back to your local display after logging in to a remote host with the rlogin(1) command.

    A new, independent instance of ttsession(1) starts a simple session management window. This window displays the title 

    remote_hostname: Remote Administration

    where remote_hostname is the system that is being accessed. The window also displays an Exit button. Clicking Exit terminates the ToolTalk session and all windows that are part of the session.

    The Application Manager that is displayed can be used to start remote CDE actions to run in this session. Exiting the Application Manager does not terminate the session, and it is not recommended. Clicking Exit is the recommended way to end the session. To avoid confusing the remote CDE applications with local ones, it is recommended that a new CDE workspace be created for clients in the remote session.

    The hostname is not needed when the DISPLAY environment variable is set to the local hostname on the remote host.

    On a system that is configured with Trusted Extensions, dtappsession can be used for remote administration by administrative roles that have the ability to log in to the remote host.

    dtappsession does not require any privilege, and it does not need to run on a system that is configured with Trusted Extensions. When installed in /usr/dt/bin on a Solaris system, along with the startApp.ds file, dtappsession can be used to administer the remote Solaris system from a local system that is configured with Trusted Extensions. However, in this case, the CDE workspace that is used for remote display must be a normal workspace, rather than a role workspace.

Examples

    Example 1 Remote Login and dtappsession

    After creating a new CDE workspace, type the following in a terminal window: 


    # rlogin remote_hostname
password: /*type the remote password*/

# dtappsession local_hostname /* on the remote host */

Attributes

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPE 

    ATTRIBUTE VALUE 

    Availability 

    SUNWdttsu 

Files

    /usr/dt/bin/startApp.ds

    dt Korn shell script for session manager window

Bugs

    X11/CDE applications that do not register with the ToolTalk session manager will not exit automatically when the session is terminated. Such applications must be explicitly terminated.

See Also

SunOS 5.10  Last Revised 15 Aug 2005

NAME | Synopsis | Description | Examples | Attributes | Files | Bugs | See Also

getlabel(1)

NAME | Synopsis | Description | Options | Return Values | Attributes | See Also

NAME

    getlabel – display the label of files

Synopsis

    /usr/bin/getlabel  [-sS] filename...

Description

    getlabel displays the label that is associated with each filename. When options are not specified, the output format of the label is displayed in default format.

Options

    -s

    Display the label that is associated with filename in short form.

    -S

    Display the label that is associated with filename in long form.

Return Values

    getlabel exits with one of the following values:

    0

    Successful completion.

    1

    Unsuccessful completion due to usage error.

    2

    Unable to translate label.

Attributes

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPE  

    ATTRIBUTE VALUE 

    Availability 

    SUNWtsu 

    Stability (Command Line) 

    Stable 

    Stability (Output) 

    Not an interface 

See Also

SunOS 5.10  Last Revised 31 May 2006

NAME | Synopsis | Description | Options | Return Values | Attributes | See Also

getzonepath(1)

NAME | Synopsis | Description | Attributes | Diagnostics | See Also

NAME

    getzonepath – display root path of the zone corresponding to the specified label

Synopsis

    /usr/bin/getzonepath  {sensitivity-label}

Description

    getzonepath displays the root pathname of the running labeled zone that corresponds to the specified sensitivity label. The returned pathname is relative to the caller's root pathname, and has the specified sensitivity label.

    If the caller is in the global zone, the returned pathname is not traversable unless the caller's processes have the file_dac_search privilege.

    If the caller is in a labeled zone, the caller's label must dominate the specified label. Access to files under the returned pathname is restricted to read-only operations.

Attributes

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPE 

    ATTRIBUTE VALUE 

    Availability 

    SUNWtsu 

    Stability 

    Stable 

Diagnostics

    getzonepath exits with one of the following values:

    0

    Success

    1

    Usage error

    2

    Failure; error message is the system error number from getzonerootbylabel(3TSOL)

See Also

SunOS 5.10  Last Revised 31 May 2006

NAME | Synopsis | Description | Attributes | Diagnostics | See Also

plabel(1)

NAME | Synopsis | Description | Options | Return Values | Attributes | See Also

NAME

    plabel – get the label of a process

Synopsis

    /usr/bin/plabel [-sS] [pid...]

Description

    plabel, a proc tools command, gets the label of a process. If the pid is not specified, the label displayed is that of the plabel command. When options are not specified, the output format of the label is displayed in default format.

Options

    -s

    Display the label that is associated with pid in short form.

    -S

    Display the label that is associated with pid in long form.

Return Values

    plabel exits with one of the following values:

    0

    Successful completion.

    1

    Unsuccessful completion because of a usage error.

    2

    Inability to translate label.

    3

    Inability to allocate memory.

Attributes

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPE 

    ATTRIBUTE VALUE 

    Availability 

    SUNWtsu 

    Stability 

    Stable 

    Stability (Output) 

    Not an interface 

See Also

SunOS 5.10  Last Revised 16 Mar 2006

NAME | Synopsis | Description | Options | Return Values | Attributes | See Also

setlabel(1)

NAME | Synopsis | Description | Return Values | Attributes | Usage | Examples | Notes | See Also

NAME

    setlabel – move files to zone with corresponding sensitivity label

Synopsis

    /usr/bin/setlabel newlabel filename...

Description

    setlabel moves files into the zone whose label corresponds to newlabel. The old file pathname is adjusted so that it is relative to the root pathname of the new zone. If the old pathname for a file's parent directory does not exist as a directory in the new zone, the file is not moved. Once moved, the file might no longer be accessible in the current zone.

    Unless newlabel and filename have been specified, no labels are set.

    Labels are defined by the security administrator at your site. The system always displays labels in uppercase. Users can enter labels in any combination of uppercase and lowercase. Incremental changes to labels are supported.

    Refer to setflabel(3TSOL) for a complete description of the conditions that are required to satisfy this command, and the privileges that are needed to execute this command.

Return Values

    setlabel exits with one of the following values:

    0

    Successful completion.

    1

    Usage error.

    2

    Error in getting, setting or translating the label.

Attributes

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPE 

    ATTRIBUTE VALUE 

    Availability 

    SUNWtsu 

    Stability 

    Stable 

Usage

    On the command line, enclose the label in double quotes unless the label is only one word. Without quotes, a second word or letter separated by a space is interpreted as a second argument.


    % setlabel SECRET somefile
% setlabel "TOP SECRET" somefile

    Use any combination of upper and lowercase letters. You can separate items in a label with blanks, tabs, commas or slashes (/). Do not use any other punctuation.


    % setlabel "ts a b" somefile
% setlabel "ts,a,b" somefile
% setlabel "ts/a b" somefile
% setlabel " TOP SECRET A B   " somefile

Examples

    Example 1 To Set a Label

    To set somefile's label to SECRET A:


    example% setlabel "Secret a" somefile
    Example 2 To Turn On a Compartment

    Plus and minus signs can be used to modify an existing label. A plus sign turns on the specified compartment for somefile's label.


    example% setlabel +b somefile
    Example 3 To Turn Off a Compartment

    A minus sign turns off the compartments that are associated with a classification. To turn off compartment A in somefile's label:


    example% setlabel -A somefile

    If an incremental change is being made to an existing label and the first character of the label is a hyphen (-), a preceding double-hyphen (–-) is required.

    To turn off compartment -A in somefile's label:


    example% setlabel -- -A somefile

Notes

    This implementation of setting a label is meaningful for the Defense Intelligence Agency (DIA) Mandatory Access Control (MAC) policy. For more information, see label_encodings(4).

See Also

SunOS 5.10  Last Revised 31 May 2006

NAME | Synopsis | Description | Return Values | Attributes | Usage | Examples | Notes | See Also