When MLS is active, do not mount an HFS file system in read-write mode. Instead, copy or move it to a zFS file system; otherwise, MLS will not be fully supported. The following MLS features can only be used in a zFS file system and cannot be used in an HFS file system:
Since the chlabel command cannot be used in HFS file system to label files and directories that were created before MLS was activated, if the option to require security labels for files and directories is set (MLFSOBJ), all attempts to access these unlabeled files and directories will fail (if the MLS mode option is set to MLS), and may prevent users from doing their work. Therefore, it is recommended that for full MLS support in a USS environment, you migrate all HFS file systems that require protection from data disclosure and declassification to zFS file systems.
For more information on how to migrate an HFS file system to a zFS file system, see the section, Migrating your HFS version root to a zFS version root with security labels, in the IBM z/OS V1R5 Planning for Multilevel Security manual.
|
Copyright © 2010 CA Technologies.
All rights reserved.
|
|