Managing labels

Edit online

An ISSO user can add, modify, or delete label encodings by modifying the /etc/security/enc/LabelEncodings file. The /etc/security/enc/LabelEncodings file defines how human-readable names are mapped to the binary representation of system sensitivity labels.

Note: Modifying the sensitivity label encodings file on a running system can result in invalid labels unless extreme care is taken. Since objects can be labeled with single words or constrained combinations of words, carelessly changing, adding, or deleting word combination constraints can result in invalid labels.

The /etc/security/enc/LabelEncodings file is translated into binary form by the l_init library routine and stored in tables. These tables are used to convert SLs, printer banners, and clearances to and from their internal binary encodings.

Trusted AIX® uses the MITRE Compartmented Mode Workstation Labeling software as the basis for labeling implementation. The document Compartmented Mode Workstation Labeling: Encodings Format, DDS-2600-6216-93 (MTR 10649 revision 1), September 1993 explains the standard label encodings format.

The standard label encoding format treats the integrity labels and sensitivity labels the same as given in the Sensitivity Labels section of the /etc/security/enc/LabelEncodings file.

Trusted AIX optionally supports an Integrity Labels section which allows the integrity labels to be different from the sensitivity labels.