DEVICE_CLEAN(7) Standards, Environments, and Macros DEVICE_CLEAN(7)
NAME
device_clean - device clean programs
DESCRIPTION
Each allocatable device has a device clean program associated with
it. Device clean programs are invoked by
deallocate(1) to clean
device states, registers, and any residual information in the device
before the device is allocated to a user. Such cleaning is required
by the object reuse policy.
Use
list_devices(1) to obtain the names and types of allocatable
devices as well as the cleaning program and the authorizations that
are associated with each device.
On a system configured with Trusted Extensions, device clean programs
are also invoked by
allocate(1), in which case the program can
optionally mount appropriate media for the caller.
The following device clean programs reside in
/etc/security/lib.
audio_clean audio devices
fd_clean floppy devices
st_clean tape devices
sr_clean CD-ROM devices
On a system configured with Trusted Extensions, the following
additional cleaning programs and wrappers are available.
disk_clean floppy, CD-ROM, and other removable media
devices. This program mounts the device during
the execution of
allocate, if required.
audio_clean_wrapper wrapper to make audio_clean work with CDE
wdwwrapper wrapper to make other cleaning programs work
with CDE
wdwmsg CDE dialog boxes for cleaning programs
Administrators can create device clean programs for their sites.
These programs must adhere to the syntax described below.
/etc/security/lib/
device-clean-program [-i | -f | -s | -I] \
-m
mode -u
user-name -z
zone-name -p
zone-path device-name where:
device-name The name of the device that is to be cleaned. Use
list_devices to obtain the list of allocatable
devices.
-i Invoke boot-time initialization.
-f Force cleanup by the administrator.
-s Invoke standard cleanup by the user.
-I Same as
-i, with no error or warning.
The following options are supported only when the system is
configured with Trusted Extensions.
-m mode Specify the mode in which the clean program is
invoked. Valid values are allo- cate and deallocate.
The default mode is allocate.
-u user-name Specify the name of user who executes the device
clean program. The default user is the caller.
-z zone-name Specify the name of the zone in which the device is
to be allocated or deallocated. The default zone is
the global zone.
-p zone-path Establish the root path of the zone that is specified
by
zone-name. Default is "/".
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 An error. Caller can place device in error state.
2 A system error. Caller can place device in error state.
On a system configured with Trusted Extensions, the following
additional exit values are returned:
3 Mounting of device failed. Caller shall not place device in error
state.
4 Mounting of device succeeded.
FILES
/etc/security/lib/* device clean programs
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | See below. |
+--------------------+-----------------+
The Invocation is Uncommitted. The Output is Not-an-interface.
SEE ALSO
allocate(1),
deallocate(1),
list_devices(1),
attributes(7) System Administration Guide: Security Services June 14, 2007 DEVICE_CLEAN(7)
