Dan, You need to specify the network labels (via tnrhdb and tnrhtp) of any hosts or networks that you want your zones to connect to. By default labeled zones can't talk to anybody. If you have two TX systems, you can assign the cipso template to the IP address of each peer in tnrhdb. Then each zone can connect to the corresponding zone on the peer.
If the peers are unlabeled, then you will need to create and assign an appropriate unlabeled (single level) template to each peer, matching the label of the specific zone it should communicate with. If this doesn't make sense, read previous questions about this on the forum. Or read the Chapter 12 of the TX admin guide: Chapter 12 Trusted Networking (Overview) http://docs.sun.com/app/docs/doc/819-0872/txnet-1?a=view --Glenn Dan wrote: > Hi all, > > I've got TX on b105 and one physical interface and IP address shared between > the global zone and the labeled zones. > > With ifconfig -a i can see that the interface is all-zones, 192.168.1.1 > all-zones in /etc/hostname* and 192.168.1.1:cipso in > /etc/security/tsol/tnrhdb - however, no network connection in labeled zones. > > What else do I need to get network connection from labeled zones? > > Many thanks, > Dan >
