![[Go to CFHT Home Page]](/images/cfht-icon.gif){kind=icon}
Man Pages 
Back to Software Index 
Manpage Top Level
The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information.
The device_allocate file contains mandatory access control information about each physical device. Each device is represented by a one line entry of the form:
where
- device-name
- This is an arbitrary ASCII string naming the physical device. This field contains no embedded white space or non-printable characters.
- device-type
- This is an arbitrary ASCII string naming the generic device type. This field identifies and groups together devices of like type. This field contains no embedded white space or non-printable characters.
- reserved
- This field is reserved for future use.
- reserved
- This field is reserved for future use.
- alloc
- This field contains an arbitrary string which controls whether or not a device is allocatable. If the field contains only an asterisk (*), the device is not allocatable. Otherwise, the device may be allocated and deallocated in the normal fashion.
- device-exec
- This is the physical device’s data purge program to be run any time the device is acted on by allocate(1M) . This is to ensure that all usable data is purged from the physical device before it is reused. This field contains the filename of a program in /etc/security/lib or the full pathname of a cleanup script provided by the system administrator.
The device_allocate file is an ASCII file that resides in the /etc/security directory.
Lines in device_allocate can end with a ‘\’ to continue an entry on the next line.
Comments may also be included. A ‘#’ makes a comment of all further text until the next NEWLINE not immediately preceded by a ‘\’.
Leading and trailing blanks are allowed in any of the fields.
The device_allocate file must be created by the system administrator before device allocation is enabled.
The device_allocate file is owned by root, with a group of
sys, and a mode of 0644.
Declare that physical device st0 is a type st. st is allocatable, and the script used to clean the device after running deallocate(1M) is named /etc/security/lib/st_clean.
# scsi tape st0;\ st;\ reserved;\ reserved;\ alloc;\ /etc/security/lib/st_clean;\
Declare that physical device fd0 is of type fd. fd is allocatable, and the script used to clean the device after running deallocate(1M) is named /etc/security/lib/fd_clean.
# floppy drive fd0;\ fd;\ reserved;\ reserved;\ alloc;\ /etc/security/lib/fd_clean;\
Note that making a device allocatable means that you need to allocate and deallocate them to use them (with allocate(1M) and deallocate(1M) ). If a device is allocatable, there will be an asterisk (*) in the alloc field, and one can use the device without allocating and deallocating it.