HP-UX Containers (SRP) A.03.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)

101

102

103

104

105

106

107

108

109

110

106

Service Variable Description

ipfilter

ipf_tcp_ports

Specifies the local TCP port numbers for IPFilter rules that allow

inbound packets.

Variable Name: ipf_tcp_ports.

Valid Input: One or more TCP port numbers each in the range

1-65535, separated by commas.

Default: 1521. This is the default port number for the Oracle Net

Listener process (commonly referred to as the listener).

provision

exec_path

Same as described in

cmpt

service.

data_path

Same as described in

cmpt

service.

16.8.6 Custom template

The custom template enables you to specify additional Security Containment file access rules and

IPFilter rules for a container. You can use the custom template to accommodate additional

applications in a container, or to add compartment or IPFilter rules to increase security controls for a

container.

Table 16.12 Services for the custom template

Service Description

cmpt

The cmpt service for the custom template applies additional compartment rules to

your container. You can specify a rules file to include and specify file system paths to

configure for different access types.

The srp (-add) command adds entries to the rules file for the container to authorize

access according to the descriptions in the previous sections. The srp command also

adds an include statement to add the rules from the files specified by

cmpt_rule_file.

ipfilter

The ipfilter service for the custom template enables you to allow inbound packets

to specific TCP or UDP port numbers.

provision

The provision service executes the customizable script

/opt/hpsrp/bin/util/custom_setup to provision (deploy) an additional application

in the container. Allows users to write their own functionality for each of the

operations such as add, delete, and replace.

Table 16.13 Variables for the custom template

Service Variable Description

cmpt

cmpt_rule_file

Specifies compartment rule files to include in the compartment rules

file for this container.

To specify multiple files, use commas to separate file names.

Default: None.

read_access

Specifies directories to configure with read access (nsearch and

read) in the compartment rules file for this container.

To specify multiple directories, use commas to separate directory

names.

Default: None