1device_allocate(4) File Formats device_allocate(4)
2
6 device_allocate - device_allocate file
7
9 /etc/security/device_allocate
10
13 The device_allocate file is an ASCII file that resides in the
14 /etc/security directory. It contains mandatory access control informa‐
15 tion about each physical device. Each device is represented by a one-
16 line entry of the form:
17 device-name;device-type;reserved1;reserved2;auths;device-exec
20 where:
23 device-name
25 Represents an arbitrary ASCII string naming the physical device.
27 This field contains no embedded white space or non-printable char‐
28 acters.
29 device-type
32 Represents an arbitrary ASCII string naming the generic device
34 type. This field identifies and groups together devices of like
35 type. This field contains no embedded white space or non-printable
36 characters. The following types of devices are currently managed by
37 the system: audio, sr (represents CDROM drives), fd (represents
38 floppy drives), st (represents tape drives), rmdisk (removable
39 media devices).
40 reserved1
43 On systems configured with Trusted Extensions, this field stores a
45 colon-separated (:) list of key-value pairs that describe device
46 allocation attributes used in Trusted Extensions. Zero or more keys
47 can be specified. The following keys are currently interpreted by
48 Trusted Extensions systems:
49 minlabel
51 Specifies the minimum label at which device can be allocated.
53 Default value is admin_low.
54 maxlabel
57 Specifies the maximum label at which device can be allocated.
59 Default value is admin_high.
60 zone
63 Specifies the name of the zone in which device is currently
65 allocated.
66 class
69 Specifies a logical grouping of devices. For example, all Sun
71 Ray devices of all device types. There is no default class.
72 xdpy
75 Specifies the X display name. This is used to identify devices
77 associated with that X session. There is no default xdpy value.
78 reserved2
82 Represents a field reserved for future use.
84 auths
87 Represents a field that contains a comma-separated list of autho‐
89 rizations required to allocate the device, an asterisk (*) to indi‐
90 cate that the device is not allocatable, or an '@' symbol to indi‐
91 cate that no explicit authorization is needed to allocate the
92 device. The default authorization is solaris.device.allocate. See
93 auths(1).
94 device-exec
97 The physical device's data clean program to be run any time the
99 device is acted on by allocate(1). This ensures that unmanaged data
100 does not remain in the physical device between uses. This field
101 contains the filename of a program in /etc/security/lib or the full
102 pathname of a cleanup script provided by the system administrator.
103 Notes on device_allocate
106 The device_allocate file is an ASCII file that resides in the
107 /etc/security directory.
108 Lines in device_allocate can end with a `\' to continue an entry on the
111 next line.
112 Comments can also be included. A `#' makes a comment of all further
115 text until the next NEWLINE not immediately preceded by a `\'.
116 White space is allowed in any field.
119 The device_allocate file must be created by the system administrator
122 before device allocation is enabled.
123 The device_allocate file is owned by root, with a group of sys, and a
126 mode of 0644.
127
129 Example 1 Declaring an Allocatable Device
130 Declare that physical device st0 is a type st. st is allocatable, and
133 the script used to clean the device after running deallocate(1) is
134 named /etc/security/lib/st_clean.
135 # scsi tape
138 st0;\
139 st;\
140 reserved;\
141 reserved;\
142 solaris.device.allocate;\
143 /etc/security/lib/st_clean
144 Example 2 Declaring an Allocatable Device with Authorizations
148 Declare that physical device fd0 is of type fd. fd is allocatable by
151 users with the solaris.device.allocate authorization, and the script
152 used to clean the device after running deallocate(1) is named
153 /etc/security/lib/fd_clean.
154 # floppy drive
157 fd0;\
158 fd;\
159 reserved;\
160 reserved;\
161 solaris.device.allocate;\
162 /etc/security/lib/fd_clean
163 Making a device allocatable means that you need to allocate and deallo‐
168 cate it to use it (with allocate(1) and deallocate(1)). If a device is
169 not allocatable, there is an asterisk (*) in the auths field, and no
170 one can use the device.
171
173 /etc/security/device_allocate
174 Contains list of allocatable devices
176
179 See attributes(5) for descriptions of the following attributes:
180 ┌─────────────────────────────┬─────────────────────────────┐
185 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
186 ├─────────────────────────────┼─────────────────────────────┤
187 │Interface Stability │Uncommitted │
188 └─────────────────────────────┴─────────────────────────────┘
189
191 auths(1), allocate(1), bsmconv(1M), deallocate(1), list_devices(1),
192 auth_attr(4), attributes(5)
193
195 The functionality described in this man page is available only if
196 Solaris Auditing has been enabled. See bsmconv(1M) for more informa‐
197 tion.
198 On systems configured with Trusted Extensions, the functionality is
201 enabled by default. On such systems, the device_allocate file is
202 updated automatically by the system.
203SunOS 5.11 12 May 2008 device_allocate(4)