1device_clean(5) Standards, Environments, and Macros device_clean(5)
2
3
4
6 device_clean - device clean programs
7
9 Each allocatable device has a device clean program associated with it.
10 Device clean programs are invoked by deallocate(1) to clean device
11 states, registers, and any residual information in the device before
12 the device is allocated to a user. Such cleaning is required by the
13 object reuse policy.
14
15
16 Use list_devices(1) to obtain the names and types of allocatable
17 devices as well as the cleaning program and the authorizations that are
18 associated with each device.
19
20
21 On a system configured with Trusted Extensions, device clean programs
22 are also invoked by allocate(1), in which case the program can option‐
23 ally mount appropriate media for the caller.
24
25
26 The following device clean programs reside in /etc/security/lib.
27
28 audio_clean audio devices
29
30
31 fd_clean floppy devices
32
33
34 st_clean tape devices
35
36
37 sr_clean CD-ROM devices
38
39
40
41 On a system configured with Trusted Extensions, the following addi‐
42 tional cleaning programs and wrappers are available.
43
44 disk_clean floppy, CD-ROM, and other removable media
45 devices. This program mounts the device during
46 the execution of allocate, if required.
47
48
49 audio_clean_wrapper wrapper to make audio_clean work with CDE
50
51
52 wdwwrapper wrapper to make other cleaning programs work
53 with CDE
54
55
56 wdwmsg CDE dialog boxes for cleaning programs
57
58
59
60 Administrators can create device clean programs for their sites. These
61 programs must adhere to the syntax described below.
62
63 /etc/security/lib/device-clean-program [−i | −f | −s | −I] \
64 −m mode −u user-name −z zone-name −p zone-path device-name
65
66
67
68
69 where:
70
71 device-name The name of the device that is to be cleaned. Use
72 list_devices to obtain the list of allocatable devices.
73
74
75 -i Invoke boot-time initialization.
76
77
78 -f Force cleanup by the administrator.
79
80
81 -s Invoke standard cleanup by the user.
82
83
84 -I Same as -i, with no error or warning.
85
86
87
88 The following options are supported only when the system is configured
89 with Trusted Extensions.
90
91 -m mode Specify the mode in which the clean program is invoked.
92 Valid values are allo- cate and deallocate. The default
93 mode is allocate.
94
95
96 -u user-name Specify the name of user who executes the device clean
97 program. The default user is the caller.
98
99
100 -z zone-name Specify the name of the zone in which the device is to
101 be allocated or deallocated. The default zone is the
102 global zone.
103
104
105 -p zone-path Establish the root path of the zone that is specified
106 by zone-name. Default is "/".
107
108
110 The following exit values are returned:
111
112 0
113
114 Successful completion.
115
116
117 1
118
119 An error. Caller can place device in error state.
120
121
122 2
123
124 A system error. Caller can place device in error state.
125
126
127
128 On a system configured with Trusted Extensions, the following addi‐
129 tional exit values are returned:
130
131 3
132
133 Mounting of device failed. Caller shall not place device in error
134 state.
135
136
137 4
138
139 Mounting of device succeeded.
140
141
143 /etc/security/lib/* device clean programs
144
145
147 See attributes(5) for descriptions of the following attributes:
148
149
150
151
152 ┌─────────────────────────────┬─────────────────────────────┐
153 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
154 ├─────────────────────────────┼─────────────────────────────┤
155 │Availability │SUNWcsu │
156 ├─────────────────────────────┼─────────────────────────────┤
157 │Interface Stability │See below. │
158 └─────────────────────────────┴─────────────────────────────┘
159
160
161 The Invocation is Uncommitted. The Output is Not-an-interface.
162
164 allocate(1), deallocate(1), list_devices(1), attributes(5)
165
166
167 System Administration Guide: Security Services
168
169
170
171SunOS 5.11 14 Jun 2007 device_clean(5)