DEVICE_CLEAN(7) Device and Network Interfaces DEVICE_CLEAN(7)
NAME
device_clean - device clean programs
DESCRIPTION
Each allocatable device has a device clean program associated with it.
Device clean programs are invoked by
deallocate(1) to clean device
states, registers, and any residual information in the device before the
device is allocated to a user. Such cleaning is required by the object
reuse policy.
Use
list_devices(1) to obtain the names and types of allocatable devices
as well as the cleaning program and the authorizations that are
associated with each device.
On a system configured with Trusted Extensions, device clean programs are
also invoked by
allocate(1), in which case the program can optionally
mount appropriate media for the caller.
The following device clean programs reside in
/etc/security/lib.
audio_clean audio devices
fd_clean floppy devices
st_clean tape devices
sr_clean CD-ROM devices
On a system configured with Trusted Extensions, the following additional
cleaning programs and wrappers are available.
disk_clean floppy, CD-ROM, and other removable media devices.
This program mounts the device during the
execution of
allocate, if required.
audio_clean_wrapper wrapper to make audio_clean work with CDE
wdwwrapper wrapper to make other cleaning programs work with
CDE
wdwmsg CDE dialog boxes for cleaning programs
Administrators can create device clean programs for their sites. These
programs must adhere to the syntax described below.
/etc/security/lib/
device-clean-program [-i | -f | -s | -I] \
-m
mode -u
user-name -z
zone-name -p
zone-path device-name where:
device-name The name of the device that is to be cleaned. Use
list_devices to obtain the list of allocatable devices.
-i Invoke boot-time initialization.
-f Force cleanup by the administrator.
-s Invoke standard cleanup by the user.
-I Same as
-i, with no error or warning.
The following options are supported only when the system is configured
with Trusted Extensions.
-m mode Specify the mode in which the clean program is invoked.
Valid values are allo- cate and deallocate. The default
mode is allocate.
-u user-name Specify the name of user who executes the device clean
program. The default user is the caller.
-z zone-name Specify the name of the zone in which the device is to be
allocated or deallocated. The default zone is the global
zone.
-p zone-path Establish the root path of the zone that is specified by
zone-name. Default is "/".
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 An error. Caller can place device in error state.
2 A system error. Caller can place device in error state.
On a system configured with Trusted Extensions, the following additional
exit values are returned:
3 Mounting of device failed. Caller shall not place device in error
state.
4 Mounting of device succeeded.
FILES
/etc/security/lib/* device clean programs
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | See below. |
+--------------------+-----------------+
The Invocation is Uncommitted. The Output is Not-an-interface.
SEE ALSO
allocate(1),
deallocate(1),
list_devices(1),
attributes(7) System Administration Guide: Security Services June 14, 2007
DEVICE_CLEAN(7)