HP-UX Security Containment B.11.23.01 Release Notes
HP-UX Security Containment B.11.23.01 Release Notes
Known Problems and Workarounds
Chapter 1 7
Known Problems and Workarounds
The following are known problems and workarounds for HP-UX 11i Security Containment.
• Port and address blocking behavior not documented
Issue
You can configure the compartments feature so that a specific compartment (and all
processes in that compartment) cannot communicate on a specific port and address
combination. However, this type of compartment configuration does not prevent a process
in the compartment from binding to the specific port and address combination.
This issue is not documented in the HP-UX 11i Security Containment Administrator’s
Guide.
Workaround
Be sure your applications are started in the correct compartment and that your
applications are configured to use the correct interface addresses consistent with the
communications policy configured in your compartments. Also, be sure that no other
applications are configured to bind to the same ports and addresses that your applications
use.
• HP-UX SMSE interoperability with trusted mode HP-UX systems
Issue
HP-UX SMSE makes available in standard mode many account and password policies
currently available only by converting an HP-UX system to trusted mode. Policies
configured with HP-UX SMSE are not enforced on systems running in trusted mode.
Workaround
HP does not recommend that you use HP-UX SMSE on systems running in trusted mode.
To determine whether a system has been converted to trusted mode, check for the
following file:
/tcb/files/auth/system/default
If this file exists, the system is running in trusted mode. To convert the system back to
standard mode, use the sam(1M) command.
Refer to security (4) for more information on configurations supported with each of the
HP-UX SMSE security features.
• Serviceguard interface failover failure