1 Security features..............................................................................................................
9
1.1
File access policies.............................................................................................................................
1.1.1 File lock access controls.............................................................................................................
1.1.2 Identity-based access controls.................................................................................................
10
1.2
Capabilities......................................................................................................................................
1.2.1 mem...........................................................................................................................................
1.2.2 wmd...........................................................................................................................................
1.2.3 dlkm........................................................................................................................................
1.2.4 api...........................................................................................................................................
11
2 Product overview..........................................................................................................
13
2.1
WLI architecture..............................................................................................................................
2.1.1 Commands..............................................................................................................................
14
2.1.1.1 Application API...............................................................................................................
2.1.1.2 Applications....................................................................................................................
15
2.1.1.3 Stackable file system module..........................................................................................
2.1.1.4 Policy enforcement manager...........................................................................................
2.1.1.5 File systems.....................................................................................................................
16
2.2
WLI database...................................................................................................................................
2.3
WLI metadata files..........................................................................................................................
2.3.1 .$WLI_FSPARMS$..................................................................................................................
17
2.3.2 .$WLI_POLICY$.....................................................................................................................
2.3.3 .$WLI_SIGNATURE$..............................................................................................................
3 Key usage.....................................................................................................................
19
3.1 Generating keys...............................................................................................................................
3.2
User keys.........................................................................................................................................
20
3.3
Administrator keys..........................................................................................................................
4 Installing, removing, and upgrading..........................................................................
21
4.1
Installation requirements................................................................................................................
4.2
Installing WLI..................................................................................................................................
4.3
Removing WLI................................................................................................................................
22
4.4
Upgrading WLI...............................................................................................................................
23
5 Configuring...................................................................................................................
25
5.1
Authorizing the recovery key..........................................................................................................
5.2
Authorizing administrator keys......................................................................................................
5.3
Signing DLKMs...............................................................................................................................
26
5.4 Backing up the WLI database..........................................................................................................
5.5 Rebooting to restricted mode............................................................................................................
27
6 Enhancing security with WLI.......................................................................................
29
6.1 Signing an executable binary..........................................................................................................
6.2
Creating a FLAC policy...................................................................................................................
6.3
Creating an IBAC policy..................................................................................................................
30
6.4
Removing a file access policy..........................................................................................................
Table of Contents
3