DEVICE_ALLOCATE(5) File Formats and Configurations DEVICE_ALLOCATE(5)
NAME
device_allocate - device_allocate file
SYNOPSIS
/etc/security/device_allocateDESCRIPTION
The
device_allocate file is an
ASCII file that resides in the
/etc/security directory. It contains mandatory access control
information about each physical device. Each device is represented by
a one- line entry of the form:
device-name;
device-type;reserved1;reserved2;
auths;
device-e xec where:
device-name Represents an arbitrary
ASCII string naming the physical device.
This field contains no embedded white space or non-printable
characters.
device-type Represents an arbitrary
ASCII string naming the generic device
type. This field identifies and groups together devices of like
type. This field contains no embedded white space or non-
printable characters. The following types of devices are
currently managed by the system: audio,
sr (represents CDROM
drives),
fd (represents floppy drives),
st (represents tape
drives),
rmdisk (removable media devices).
reserved1 On systems configured with Trusted Extensions, this field stores
a colon-separated (
:) list of key-value pairs that describe
device allocation attributes used in Trusted Extensions. Zero or
more keys can be specified. The following keys are currently
interpreted by Trusted Extensions systems:
minlabel Specifies the minimum label at which device can be allocated.
Default value is
admin_low.
maxlabel Specifies the maximum label at which device can be allocated.
Default value is
admin_high.
zone Specifies the name of the zone in which device is currently
allocated.
class Specifies a logical grouping of devices. For example, all
Sun Ray devices of all device types. There is no default
class.
xdpy Specifies the X display name. This is used to identify
devices associated with that X session. There is no default
xdpy value.
reserved2 Represents a field reserved for future use.
auths Represents a field that contains a comma-separated list of
authorizations required to allocate the device, an asterisk (
*)
to indicate that the device is
not allocatable, or an '
@' symbol
to indicate that no explicit authorization is needed to allocate
the device. The default authorization is
solaris.device.allocate.
See
auths(1).
device-exec The physical device's data clean program to be run any time the
device is acted on by
allocate(1). This ensures that unmanaged
data does not remain in the physical device between uses. This
field contains the filename of a program in
/etc/security/lib or
the full pathname of a cleanup script provided by the system
administrator.
Notes on device_allocate The
device_allocate file is an ASCII file that resides in the
/etc/security directory.
Lines in
device_allocate can end with a `
\' to continue an entry on
the next line.
Comments can also be included. A `
#' makes a comment of all further
text until the next NEWLINE not immediately preceded by a `
\'.
White space is allowed in any field.
The
device_allocate file must be created by the system administrator
before device allocation is enabled.
The
device_allocate file is owned by root, with a group of
sys, and a
mode of 0644.
EXAMPLES
Example 1: Declaring an Allocatable Device
Declare that physical device
st0 is a type
st.
st is allocatable, and
the script used to clean the device after running
deallocate(1) is
named
/etc/security/lib/st_clean.
# scsi tape
st0;\
st;\
reserved;\
reserved;\
solaris.device.allocate;\
/etc/security/lib/st_clean
Example 2: Declaring an Allocatable Device with Authorizations
Declare that physical device
fd0 is of type
fd.
fd is allocatable by
users with the
solaris.device.allocate authorization, and the script
used to clean the device after running
deallocate(1) is named
/etc/security/lib/fd_clean.
# floppy drive
fd0;\
fd;\
reserved;\
reserved;\
solaris.device.allocate;\
/etc/security/lib/fd_clean
Making a device allocatable means that you need to allocate and
deallocate it to use it (with
allocate(1) and
deallocate(1)). If a
device is not allocatable, there is an asterisk (
*) in the
auths field, and no one can use the device.
FILES
/etc/security/device_allocate Contains list of allocatable devices
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Uncommitted |
+--------------------+-----------------+
SEE ALSO
allocate(1),
auths(1),
deallocate(1),
list_devices(1),
auth_attr(5),
attributes(7)NOTES
On systems configured with Trusted Extensions, the functionality is
enabled by default. On such systems, the
device_allocate file is
updated automatically by the system.
March 6, 2017 DEVICE_ALLOCATE(5)
