> Jarrett and Glenn already answered the privilege question. > > For the case where you are initiating a connection from > a Trusted Extensions system to an unlabeled node, the > application you run must also be using the SO_MAC_EXEMPT > socket option either explicitly in the code or implicitly > through the ppriv -M switch. See > > "MAC-Exempt Sockets" in > Solaris Trusted Extensions Developer's Guide > http://docs.sun.com/app/docs/doc/819-0869/api-intro-11?l=en&a=view >
Thanks. Your information really helped. > In this case, there is no MAC-Exempt equivalent on the > client side. You can however set up a server-side application > with a multilevel port that is capable of responding to clients > that function at different security labels. See > > "Zones and Multilevel Ports" in > Solaris Trusted Extensions Administrator's Procedures > http://docs.sun.com/app/docs/doc/819-0872/managezones-31?l=en&a=view > > and > > "Multilevel Ports" in > Solaris Trusted Extensions Developer's Guide > http://docs.sun.com/app/docs/doc/819-0869/api-intro-9?l=en&a=view > > Ken > I noticed that when binding a Multilevel *udp* Port, a EINVAL error is always returned. Do you have any idea about this? Thanks. YC Wang _______________________________________________ security-discuss mailing list [email protected]
