CXFS has been qualified in an SGI Trusted IRIX cluster with the Data Migration Facility (DMF) and Tape Management Facility (TMF).
If you want to run CXFS and Trusted IRIX, SGI recommends that all nodes in the cluster run Trusted IRIX; all nodes must be IRIX nodes or Trusted IRIX nodes (you cannot run Trusted IRIX in a multiOS cluster).
SGI recommends that you install all of the software products you intend to run (Trusted IRIX, CXFS, DMF, TMF, and so on) at the same time.
After installing these products, you must do the following:
From the system console, go to the system maintenance menu. For example:
# init 0 |
(If your system is set to automatically reboot to multiuser mode, you will need to press Esc to reach the menu.)
Choose 5 from the menu in order to enter the command monitor:
System Maintenance Menu 1) Start System 2) Install System Software 3) Run Diagnostics 4) Recover System 5) Enter Command Monitor Option? 5 |
Enter single user mode by using the single command:
>> single |
Enter the root password when prompted.
Ensure that you are in the root directory:
# cd / |
Set the following attributes for Trusted IRIX and CXFS:
# suattr -C all+eip |
Execute the Trusted IRIX configuration command, which sets the appropriate extended attributes on files:
# /etc/trix.config |
For more information, see:
Trusted IRIX Read Me First Notice
Trusted IRIX/CMW Security Features User's Guide
In a mixed Trusted IRIX and IRIX cluster, an IRIX CXFS client will require but not have a mandatory access control (MAC) label associated with its credentials when it attempts to access a Trusted IRIX server. In order to address this, a MAC label is provided in one of the following ways:
The filesystem can be mounted with the eag:mac-ip=label option to specify the label used for IRIX CXFS clients.
If the mount option is not used, the default label in the rhost database entry for the IRIX original node is used.
If the rhost database entry is unavailable or invalid, the following label is used: msenlow, minthigh.