Each allocatable device has a device clean program associated with it. Device clean programs are invoked by deallocate(1) to clean device states, registers, and any residual information in the device before the device is allocated to a user. Such cleaning is required by the object reuse policy.
Use list_devices(1) to obtain the names and types of allocatable devices as well as the cleaning program and the authorizations that are associated with each device.
On a system configured with Trusted Extensions, device clean programs are also invoked by allocate(1), in which case the program can optionally mount appropriate media for the caller.
The following device clean programs reside in /etc/security/lib.
On a system configured with Trusted Extensions, the following additional cleaning programs and wrappers are available.
Administrators can create device clean programs for their sites. These programs must adhere to the syntax described below.
/etc/security/lib/device-clean-program [-i | -f | -s | -I] \ -m mode -u user-name -z zone-name -p zone-path device-name
The following options are supported only when the system is configured with Trusted Extensions.
The following exit values are returned:
On a system configured with Trusted Extensions, the following additional exit values are returned:
See attributes(5) for descriptions of the following attributes:
The Invocation is Uncommitted. The Output is Not-an-interface.
allocate(1), deallocate(1), list_devices(1), attributes(5)