Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
121122123124125126127128129130
See Section 6.5.2.2 for more information about the implications of changing the name
of a compartment.
You can add new compartment rules, delete unneeded rules, and modify existing rules.
You can also change the names of existing compartments.
The application containment wizard, contain, can be used to simplify this configuration
process. See compartment_login(5) for more information.
To following sections describe how to modify compartment configuration.
6.5.2.1 Changing Compartment Rules
1. (Optional) Make temporary backup copies of the configuration files you plan to
modify. Either put these files outside the /etc/cmpt directory or omit the .rules
suffix. Doing this lets you easily revert to the starting point if an editing problem
occurs.
2. Use the following command to examine the current compartment rules:
# getrules
3. Create or modify compartment rules. See Section 6.4 for instructions on completing
this step and for a complete description of compartment rules syntax.
4. (Optional) Preview the compartment rules by entering the following command:
# setrules -p
The -p option parses the configured rules list and reports any discrepancies in syntax
and semantics. HP recommends that you follow this step before enabling compartment
rules on the system.
5. (Optional) Make backup copies of the compartment configuration files.
6. Run the setrules command to load the configured rules:
# setrules
6.5.2.2 Changing Compartment Names
You can change the names of compartments. However, changing the name of a
compartment can affect applications that are already configured with the existing
compartment names. If you change the name of a compartment, you must reconfigure
any applications configured in that compartment as well.
NOTE: If you rename a compartment, you have essentially created a new compartment
and removed the compartment with the old name. You must change all references to see
the new compartment. The old compartment continues to exist on the system until a reboot.
6.5.3 Running an Application in a Compartment
You can configure an application to run in a particular compartment by using one of the
following options:
6.5 Configuring Compartments 125