When MLS is active, CA Top Secret assigns a security label to a file or directory in an HFS or zFS file system at the time it is created based on the security label of the parent directory or user. In addition, a security administrator can issue the UNIX chlabel command to assign security labels to files and directories in a zFS file system that do not have security labels because they were created before MLS was activated on the system.
To access a classified file or directory, the user must be signed on with a security label that will allow the access according to MAC label dominance checking rules and other USS permissions.
|
Copyright © 2010 CA Technologies.
All rights reserved.
|
|