Trusted CDE Actions
The following tables list the CDE actions that roles in Trusted Extensions
can run. These trusted CDE actions are available from the Trusted_Extensions folder. The Trusted_Extensions
folder is available from the Application Manager folder on the CDE desktop.
Table 8-2 Administrative Actions in Trusted CDE, Their Purpose, and Associated Rights Profiles
Action Name |
Purpose
of Action |
Default Rights Profile |
|---|
Add Allocatable Device |
Creates devices by adding entries to device databases. See add_allocatable(1M). |
Device
Security |
Admin Editor |
Edits the specified file. See How to Edit Administrative Files in Trusted Extensions. |
Object Access Management |
Audit Classes |
Edits the audit_class file. See
audit_class(4). |
Audit Control |
Audit Control |
Edits the audit_control file. See audit_control(4). |
Audit Control |
Audit Events |
Edits the audit_event file. See
audit_event(4). |
Audit Control |
Audit Startup |
Edits the audit_startup.sh script. See audit_startup(1M). |
Audit Control |
Check Encodings |
Runs the chk_encodings command on
specified encodings file. See chk_encodings(1M). |
Object Label Management |
Check TN Files |
Runs the tnchkdb command on tnrhdb,
tnrhtp, and tnzonecfg databases. See tnchkdb(1M). |
Network Management |
Configure Selection Confirmation |
Edits /usr/dt/config/sel_config file. See sel_config(4). |
Object
Label Management |
Create LDAP Client |
Makes the global zone an LDAP client of an existing LDAP directory
service. |
Information Security |
Edit Encodings |
Edits the specified label_encodings file and runs the chk_encodings command. See chk_encodings(1M). |
Object
Label Management |
Name Service Switch |
Edits the nsswitch.conf file. See nsswitch.conf(4). |
Network Management |
Set DNS Servers |
Edits the resolv.conf file. See
resolv.conf(4). |
Network Management |
Set Daily Message |
Edits the /etc/motd file. At login, the contents of this file display
in the Last Login dialog box. |
Network Management |
Set Default Routes |
Specifies default static routes. |
Network Management |
Share Filesystem |
Edits the
dfstab file. Does not run the share command. See dfstab(4). |
File System Management |
The following actions are used by the initial setup team during zone creation.
Some of these actions can be used for maintenance and troubleshooting.
Table 8-3 Installation Actions in Trusted CDE, Their Purpose, and Associated Rights Profiles
Action Name |
Purpose
of Action |
Default Rights Profile |
|---|
Clone Zone |
Creates a labeled zone from a ZFS snapshot of
an existing zone. |
Zone Management |
Copy Zone |
Creates a labeled zone from an existing zone. |
Zone Management |
Configure Zone |
Associates
a label with a zone name. |
Zone Management |
Initialize Zone for LDAP |
Initializes the zone for booting as
an LDAP client. |
Zone Management |
Install Zone |
Installs the system files that a labeled zone requires. |
Zone
Management |
Restart Zone |
Restarts a zone that has already been booted. |
Zone Management |
Share Logical Interface |
Sets up one interface
for the global zone and a separate interface for the labeled zones to
share. |
Network Management |
Share Physical Interface |
Sets up one interface that is shared by the global zone and
the labeled zones. |
Network Management |
Shut Down Zone |
Shuts down an installed zone. |
Zone Management |
Start Zone |
Boots an installed zone
and starts the services for that zone. |
Zone Management |
Zone Terminal Console |
Opens a console to view
processes in an installed zone. |
Zone Management |
