Trusted Extensions extends Oracle Solaris security by enforcing a label-based mandatory access control (MAC) policy. Sensitivity labels are automatically applied to all sources of data (networks, file systems, and windows) and consumers of data (user and processes). Access to all data is restricted based on the relationship between the label of the data (object) and the consumer (subject). The layered functionality consists of a set of label-aware services.
A partial list of Trusted Extensions services includes:
Labeled networking
Label-aware file system mounting and sharing
Labeled desktop
Label configuration and translation
Label-aware system management tools
Label-aware device allocation
The system/trusted and system/trusted/trusted-global-zone packages are sufficient for a headless system or a server that does not require a multilevel desktop. The system/trusted/trusted-extensions package provides the Oracle Solaris multilevel, trusted desktop environment.
You must install the Trusted Extensions packages, then configure the system. When you install the trusted-extensions package, the system can run a desktop with a directly connected bitmapped display, such as a laptop or workstation. Network configuration is required to communicate with other systems.
For information and procedures see the following:
Part 2, Administration of Trusted Extensions, in Trusted Extensions Configuration and Administration
You can protect your labeled packets with IPsec.
For information and procedures see the following:
Chapter 8, About IP Security Architecture in Securing the Network in Oracle Solaris 11.3
Administration of Labeled IPsec in Trusted Extensions Configuration and Administration
Configuring Labeled IPsec in Trusted Extensions Configuration and Administration