HP-UX Containers (SRP) A.03.00 Administrator's Guide
107
• Scenario 7: Process respawn does not work in the container.
Symptom: Processes configured for respawn in the container's /etc/inittab file does
not respawn.
Solution: Verify and confirm that the srp_init daemon is up and running inside the
container by executing the following command in the container:
# ps -ef | grep srp_init
If the srp_init daemon is running, enter the following command to re-examine the
/etc/inittab file entries without changing the run level:
# /sbin/srp_init q
If the srp_init daemon is not running, restart srp_init within the container using the
/sbin/srp_init daemon.
18.3 Advanced verification procedures
This section includes advanced verification procedures to verify the subsystem data configured by
HP-UX Containers.
18.3.1 Verifying Security Containment compartment data
Use the following procedures to verify Security Containment compartment configuration data:
• Verify that the compartment rules are loaded into the kernel.
Enter the following command:
# getrules -m container_name
• Manually test the file access rules. This verification procedure applies to workload containers
only.
Login to the container and attempt file access operations that should succeed or fail, such as
cd and touch commands for files not available from the container. From the global view,
you can create a temporary file in a directory for which the container does not have ulink
(delete) access. Login to the container and attempt to delete the file.
• Verify that the processes configured for the container are running in the compartment. This
verification procedure applies to workload containers only.
Use the ps -ef command to find the PID for applications in your container. For example:
# ps -ef | grep sshd
root 968 1 0 Oct 14 ? 0:00 /usr/sbin/sshd
Use the getprocxsec -c pid command to get the compartment in which the process is
running. For example:
# getprocxsec -c 968
cmpt= SRP2
• For workload containers, if an application is failing in a compartment and you want to
determine if it is failing because of Security Containment rules, you can use the HP-UX audit
utility to configure and view audit to see if operations are failing because of permission
problems.