.de Sc
\\s-1\\$1\\s0\\$2
..
.ds cA 2002/762
.ds aR \s-1PSARC\s0
.ds lR \s-1LSARC\s0
.LP
.so ../../amac
.Co
.ds LF \fI\*(aR/\*(cA\fP
.ds RF \fICopyright 2006 Sun Microsystems\fP
.if n .ds CF
.IP \fBSubject:\fP 15
Layered Trusted Solaris
.IP "\fBSubmitted by:\fP" 15
Glenn Faden
.IP \fBFile:\fP 15
\*(aR/\*(cA/opinion.ms
.IP \fBDate:\fP 15
March 22nd 2006
.IP "\fBCommittee:\fP" 15
Gary Winiger,
James Carlson,
Ed Gould,
Glenn Skinner,
Bill Sommerfeld.
.IP "\fBProduct Approval Committee:\fP" 15
Solaris PAC
.br
solaris-pac-opinion@sun.com
.pn 2
.NH
Summary
.LP
This project is the Umbrella for adding Multi-Level Security to Solaris
in a layered manner.
It is a follow on to the previous releases of Trusted Solaris which
were complete independent redeliveries of the underlying Solaris base
with multi-level security integrated into them.
The layered component is a set of packages which when added to Solaris
convert it into a multi-level system.
The combination of Solaris and the layered packages is intended to
meet the Common Criteria Labeled Security Protection Profile.
.NH
Decision & Precedence Information
.LP
This project is approved as specified in references [1] and [2].
.LP
This project may be delivered in a patch release of Solaris.
.LP
This project depends on the following projects and
may not be delivered before them.
.RS
.IP \*(lR/2004/109 16n
Trusted Solaris X Server Extension
.IP \*(aR/2005/060 16n
TSNET: Trusted Networking with Security Labels
.IP \*(lR/2005/075 16n
Trusted Solaris CDE
.IP \*(aR/2005/259 16n
Layered Trusted Solaris Label Interfaces
.IP \*(aR/2005/573 16n
Solaris Trusted Extensions for Printing
.IP \*(aR/2005/691 16n
Trusted Extensions for Device Allocation
.IP \*(aR/2005/723 16n
Solaris Trusted Extensions Filesystem Labeling
.IP UIRB/2006/006 16n
Trusted Extensions for Solaris Management Console
.IP \*(lR/2006/007 16n
Trusted Extensions for Solaris Management Console
.IP \*(aR/2006/009 16n
Labeled Auditing
.IP \*(aR/2006/155 16n
Trusted Extensions RBAC Changes
.IP \*(aR/2006/191 16n
is_system_labeled
.RE
.NH
Interfaces
.LP
The project exports the following interfaces.
.if n .ne 6
.if t .ne 8
.TS H
box;
c s s
l | l | l.
Interfaces Exported
_
Interface	Classification	Comments
_
.TH
	T{
Trusted Extensions Privileges
T}
_
\fInet_bindmlp\fP	Stable	T{
TNET kernel interpreted privileges \*(aR/2005/060
T}
\fInet_mac_aware\fP	Stable

\fIsys_trans_label\fP	Stable	T{
svc:/system/labeld interpreted privilege \*(aR/2005/259
T}

\fIwin_colormap\fP	Stable	T{
X Server interpreted privileges \*(lR/2004/109
T}
\fIwin_config\fP	Stable
\fIwin_dac_read\fP	Stable
\fIwin_dac_write\fP	Stable
\fIwin_devices\fP	Stable
\fIwin_dga\fP	Stable
\fIwin_downgrade_sl\fP	Stable
\fIwin_fontpath\fP	Stable
\fIwin_mac_read\fP	Stable
\fIwin_mac_write\fP	Stable
\fIwin_selection\fP	Stable
\fIwin_upgrade_sl\fP	Stable
_
	T{
Trusted Extensions Package Names
T}
_
\fBSUNWtsr\fP	Stable	Core consolidation
\fBSUNWtsu\fP	Stable
\fBSUNWtsc\fP	Stable
\fBSUNWtsmc\fP	Stable
\fBSUNWtsman\fP	Stable

\fBSUNWwxwts\fP	Stable	X Windows consolidation
\fBSUNWxw-tsol-module\fP	Stable

\fBSUNWdttsu\fP	Stable	CDE consolidation
\fBSUNWdttsr\fP	Stable
\fBSUNWdttshelp\fP	Stable

\fBSUNWmgts\fP	Stable	Admin (SMC) consolidation
.TE
.NH
Opinion
.LP
The \*QLayered Trusted Solaris\*U project started out as an Umbrella
for what was to be an unbundleded separately priced layer on top of Solaris.
During the life of the project, it was decided to bundle it with
Solaris and to rename the product to Solaris Trusted Extensions.
The subprojects define a number of privileges.
.LP
\*QLeast Privilege for Solaris\*U (\*(aR/2002/118) defines a mechanism
for adding unbundled privileges to the default privilege set.
The project team asserted not only that there were bugs in the unbundled
privileges support which were not being addressed by the responsible engineer,
but also that by the nature of the project it was de facto bundled and
it was only prior marketing requirements which had lead to the perspective
of an unbundled delivery.
Upon review of the various points [2], the committee, agreed with
the project team and approved bundling the privileges within Solaris.
.NH
Minority Opinion(s)
.LP
None.
.NH
Advisory Information
.LP
None.
.NH
Appendices
.NH 2
Appendix A: Technical Changes Required
.LP
None.
.NH 2
Appendix B: Technical Changes Advised
.LP
None.
.NH 2
Appendix C: Reference Material
.LP
Unless stated otherwise, path names are relative to the case
directory \*(aR/\*(cA.
.IP 1.
Umbrella Materials
.br
File:
inception.materials/*
.IP 2.
Email discussion
.br
File:
mail
.br