What's New in Trusted Extensions

Solaris Express Community Edition – In this release, Trusted Extensions provides the following features:

• The Trusted Extensions shared IP stack allows default routes to isolate labeled zones from each other and from the global zone.

• The loopback interface, lo0, is an all-zones interface.

• Separation of duty can be enforced by role. The System Administrator role creates users, but cannot assign passwords. The Security Administrator role assigns passwords, but cannot create users. For details, see Create Rights Profiles That Enforce Separation of Duty.

• This guide includes a list of Trusted Extensions man pages in Appendix E, List of Trusted Extensions Man Pages.

Solaris Express Developer Edition 1/08 – In this release, Trusted Extensions provides the following features:

• The service management facility (SMF) manages Trusted Extensions as the svc:/system/labeld service. By default, the labeld service is disabled. When the service is enabled, the system must still be configured and rebooted to enforce Trusted Extensions security policies.

• The CIPSO Domain of Interpretation (DOI) number that your system uses is configurable.

  • For information about the DOI, see Network Security Attributes in Trusted Extensions.

  • To specify a DOI that differs from the default, see Configure the Domain of Interpretation.

• Trusted Extensions recognizes CIPSO labels in NFS Version 3 (NFSv3) mounted file systems, as well as in NFS Version 4 (NFSv4). Therefore, you can mount NFSv3 file systems on a Trusted Extensions system as a labeled file system. To use udp as an underlying protocol for multilevel mounts in NFSv3, see How to Configure a Multilevel Port for NFSv3 Over udp.

• The name service cache daemon, nscd, can be configured to run in every labeled zone at the label of the zone.