HP-UX 11i Security Containment Administrator's Guide for HP-UX 11i v2
Table 5-1 Compartment Configuration Files
DescriptionConfiguration File
The directory in which compartment rules files reside.
/etc/cmpt
The file containing the compartment rules configured for the
system.
/etc/cmpt/*.rules
The file containing valid mount points to be scanned to check the
consistency of compartment rules for files with multiple hardlinks
pointing to them.
/etc/cmpt/hardlinks/hardlinks.config
Compartment Commands
Table 5-2 “Compartment Commands” contains the commands you use to manage compartments.
Table 5-2 Compartment Commands
DescriptionCommand
Queries, enables, and disables the compartments feature.
cmpt_tune
Sets security attributes of binary files, including the compartment attribute.
setfilexsec
Displays security attributes associated with binary executable files, including
the compartment attribute.
getfilexsec
Displays security attributes of processes, including the compartment attribute.
getprocxsec
Displays the compartment rules currently active in the kernel.
getrules
Activates new or modified rules in the kernel.
With the -p option, displays the modified rules for review without passing
them to the kernel.
setrules
Checks the consistency of compartment rules for files that have multiple hard
links, to ensure that conflicting rules for access do not exist.
vhardlinks
Compartment Manpages
Table 5-3 “Compartment Manpages” contains the manpages associated with compartments.
Table 5-3 Compartment Manpages
DescriptionManpage
Describes compartment rule syntax.compartments(4)
Provides an overview of compartment functionality and describes the use of
compartment rules.
compartments(5)
Describes cmpt_tune functionality and syntax.
cmpt_tune(1M)
Describes setfilexsec functionality and syntax.
setfilexsec(1M)
Describes getfilexsec functionality and syntax.
getfilexsec(1M)
Describes getprocxsec functionality and syntax.
getprocxsec(1M)
Describes getrules functionality and syntax.
getrules(1M)
Describes setrules functionality and syntax.
setrules(1M)
Describes vhardlinks functionality and syntax.
vhardlinks(1M)
62 Compartments