Kernel security flags
Kernel security flags are used to enable/disable certain security features such as label check enforcement, checking for integrity labels during read operations, and other purposes.
The kernel checks for kernel security flags before enforcing security checks. These flags are supported only when Trusted AIX® is enabled. In the user space, these flags are stored in the ODM database. Depending upon the run mode of the system, the kernel checks for the corresponding kernel security flags.
| Kernel security flag | Enabled | Disabled | Operational mode default | Configuration mode default |
|---|---|---|---|---|
| tnet_enabled | Trusted network functionality available | Trusted network functionality cannot be configured or used | Disabled | Disabled |
| tl_write_enforced | MIC enforced on write, delete and rename operations | Configuration set so that TLs are not used for write checks | Enabled | Enabled |
| tl_read_enforced | MIC enforced on read operations | Configuration set so that TLs are not used for read checks | Disabled | Disabled |
| sl_enforced | MAC enforced | Configuration set so that SLs are not used for access control | Enabled | Disabled |
| trustedlib_enabled | FSF_TLIB flag on file system objects is honored | FSF_TLIB flags are not honored | Disabled | Disabled |