HP-UX Security Containment Extensions B.11.31.
© Copyright 2001–2011 Hewlett-Packard Development Company L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Preface Documentation NOTE: This document was updated to include a known issue that was fixed in this release. See QXCR1001124696 in “Known issues fixed” (page 7) . Use the following documents in conjunction with each other when using HP-UX Security Containment Extensions B.11.31.03: • HP-UX Compartment Login using Secure Shell (SSH) • HP-UX System Administrator's Guide: Security Management These documents are located at: www.hp.
1 HP-UX Security Containment Extensions HP-UX 11i Security Containment includes three core technologies: compartments, fine-grained privileges, and role-based access control. Together, these three components provide a highly secure operating environment without requiring applications to be modified.
• • Some of the fine-grained privileges are divided into more granularity. If the HP-UX ContainmentPlus product (version B.11.31.02 or later) is installed on the system, the PRIV_SYSATTR , PRIV_MOUNT, and PRIV_DEVOPS privileges are each divided into two privileges. By using the new privileges, a process can now allow a subset of the operations while disallowing the other. See privileges(5) Fixes for known issues to the HP-UX 11i Security Containment product. See “Known issues fixed” (page 7). 1.
• • • • HP 9000 computers HP Integrity servers 207.1 MB of disk space for HP Integrity servers 125.5 MB of disk space for HP 9000 servers HP-UX Security Containment Extensions B.11.31.03 has the following software requirements: • HP-UX 11i version 3 • No additional patches are required to install HP-UX Security Containment Extensions.
Defect number: QXCR1001073788 • The setrules command sometimes reports the following warning incorrectly: File system rule conflict(s) between parent and child objects.. The command incorrectly returns an error status (1) when this warning is reported. In HP-UX Security Containment Extensions B.11.31.02 and earlier, the setrules command does not recognize parent and child file system objects correctly. Therefore, it reports file system rule conflicts when there is no conflict.
Defect number: QXCR1001039158 • When ContainmentExt version B.11.31.02 (or ContainmentPlus version B.11.31.01) is installed and the compartment feature is enabled, unexpected source address can be used for communication within the system that has been configured with multiple LAN interfaces, where the destination address is expected to be used as the source address. This issue has been fixed in ContainmentExt version B.11.31.03 (or ContainmentPlus version B.11.31.02).
