Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1‎ > ‎


     setlabel - move files to zone with corresponding sensitivity

     /usr/bin/setlabel newlabel filename...

     setlabel moves files into the zone whose  label  corresponds
     to newlabel. The old file pathname is adjusted so that it is
     relative to the root pathname of the new zone.  If  the  old
     pathname  for  a file's parent directory does not exist as a
     directory in the new zone,  the  file  is  not  moved.  Once
     moved, the file might no longer be accessible in the current

     Unless newlabel and filename have been specified, no  labels
     are set.

     Labels are defined by the  security  administrator  at  your
     site.  The system always displays labels in uppercase. Users
     can enter labels in any combination of uppercase and  lower-
     case. Incremental changes to labels are supported.

     Refer to setflabel(3TSOL) for a complete description of  the
     conditions  that  are  required to satisfy this command, and
     the privileges that are needed to execute this command.

     setlabel exits with one of the following values:

     0    Successful completion.

     1    Usage error.

     2    Error in getting, setting or translating the label.

     On the command line, enclose  the  label  in  double  quotes
     unless  the label is only one word. Without quotes, a second
     word or letter separated by a  space  is  interpreted  as  a
     second argument.

       % setlabel SECRET somefile
       % setlabel "TOP SECRET" somefile

     Use any combination of upper and lowercase letters. You  can
     separate  items  in  a  label  with  blanks, tabs, commas or
     slashes (/). Do not use any other punctuation.

       % setlabel "ts a b" somefile
       % setlabel "ts,a,b" somefile
       % setlabel "ts/a b" somefile
       % setlabel " TOP SECRET A B   " somefile

     Example 1 Set a Label.

     To set somefile's label to SECRET A:

       example% setlabel "Secret a" somefile

     Example 2 Turn On a Compartment.

     Plus and minus signs can  be  used  to  modify  an  existing
     label.  A  plus  sign turns on the specified compartment for
     somefile's label.

       example% setlabel +b somefile

     Example 3 Turn Off a Compartment.

     A minus sign turns off the compartments that are  associated
     with   a  classification.  To  turn  off  compartment  A  in
     somefile's label:

       example% setlabel -A somefile

     If an incremental change is being made to an existing  label
     and  the  first  character  of  the label is a hyphen (-), a
     preceding double-hyphen (--) is required.

     To turn off compartment -A in somefile's label:

       example% setlabel -- -A somefile

     See attributes(5) for descriptions of the  following  attri-

    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Availability                | SUNWtsu                     |
    | Interface Stability         | Committed                   |

     setflabel(3TSOL), label_encodings(4), attributes(5)

     The functionality described on this manual page is available
     only if the system is configured with Trusted Extensions.

     This implementation of setting a label is meaningful for the
     Defense  Intelligence  Agency (DIA) Mandatory Access Control
     (MAC) policy. For more information, see label_encodings(4).

Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.