Manualshelf

HP-UX Workload Manager User's Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i Workload Management (gWLM/WLM) Software
171172173174175176177178179180
Configuring WLM
Defining the PRM components (optional)
Chapter 5 171
Assigning secure compartments to workload groups
(optional)
The HP-UX feature Security Containment, available starting with
HP-UX 11i v2, allows you to create secure compartments, which provide
file and process isolation. You can place one or more secure
compartments in a single workload group. After creating your secure
compartments, you can place them in workload groups using the scomp
keyword.
The scomp keyword can appear, at most, once in a configuration.
Assign secure compartments to workload groups using the following
syntax in the prm structure:
scomp = compartment : group [, ... ];
where
compartment
Is the name of a secure compartment you have already
created using Security Containment or the
/opt/prm/bin/srpgen utility.
group
Is the name of the workload group in which
compartment should be placed.
NOTE A process may start in a workload group other than its assigned group
because it inherits the group of the process that started it. However,
WLM will eventually move the process to the workload group specified in
its compartment record.
When determining the workload group assignment for a process
identified by multiple records, WLM gives highest precedence to
assignments defined in process maps (or to assignments made using the
prmmove or prmrun commands). The precedence given to the various
records that define workload group placement is described in “How the
application manager affects workload group assignments” on page 459.