Solaris Trusted Extensions Administrator's Procedures
Previous Next

Trusted CDE Actions

The following tables list the CDE actions that roles in Trusted Extensions can run. These trusted CDE actions are available from the Trusted_Extensions folder. The Trusted_Extensions folder is available from the Application Manager folder on the CDE desktop.

Table 8-2 Administrative Actions in Trusted CDE, Their Purpose, and Associated Rights Profiles

Action Name

Purpose of Action

Default Rights Profile

Add Allocatable Device

Creates devices by adding entries to device databases. See add_allocatable(1M).

Device Security

Admin Editor

Edits the specified file. See How to Edit Administrative Files in Trusted Extensions.

Object Access Management

Audit Classes

Edits the audit_class file. See audit_class(4).

Audit Control

Audit Control

Edits the audit_control file. See audit_control(4).

Audit Control

Audit Events

Edits the audit_event file. See audit_event(4).

Audit Control

Audit Startup

Edits the audit_startup.sh script. See audit_startup(1M).

Audit Control

Check Encodings

Runs the chk_encodings command on specified encodings file. See chk_encodings(1M).

Object Label Management

Check TN Files

Runs the tnchkdb command on tnrhdb, tnrhtp, and tnzonecfg databases. See tnchkdb(1M).

Network Management

Configure Selection Confirmation

Edits /usr/dt/config/sel_config file. See sel_config(4).

Object Label Management

Create LDAP Client

Makes the global zone an LDAP client of an existing LDAP directory service.

Information Security

Edit Encodings

Edits the specified label_encodings file and runs the chk_encodings command. See chk_encodings(1M).

Object Label Management

Name Service Switch

Edits the nsswitch.conf file. See nsswitch.conf(4).

Network Management

Set DNS Servers

Edits the resolv.conf file. See resolv.conf(4).

Network Management

Set Daily Message

Edits the /etc/motd file. At login, the contents of this file display in the Last Login dialog box.

Network Management

Set Default Routes

Specifies default static routes.

Network Management

Share Filesystem

Edits the dfstab file. Does not run the share command. See dfstab(4).

File System Management

The following actions are used by the initial setup team during zone creation. Some of these actions can be used for maintenance and troubleshooting.

Table 8-3 Installation Actions in Trusted CDE, Their Purpose, and Associated Rights Profiles

Action Name

Purpose of Action

Default Rights Profile

Clone Zone

Creates a labeled zone from a ZFS snapshot of an existing zone.

Zone Management

Copy Zone

Creates a labeled zone from an existing zone.

Zone Management

Configure Zone

Associates a label with a zone name.

Zone Management

Initialize Zone for LDAP

Initializes the zone for booting as an LDAP client.

Zone Management

Install Zone

Installs the system files that a labeled zone requires.

Zone Management

Restart Zone

Restarts a zone that has already been booted.

Zone Management

Share Logical Interface

Sets up one interface for the global zone and a separate interface for the labeled zones to share.

Network Management

Share Physical Interface

Sets up one interface that is shared by the global zone and the labeled zones.

Network Management

Shut Down Zone

Shuts down an installed zone.

Zone Management

Start Zone

Boots an installed zone and starts the services for that zone.

Zone Management

Zone Terminal Console

Opens a console to view processes in an installed zone.

Zone Management

Previous Next