Manualshelf

HP-UX Containers (SRP) A.03.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
121122123124125126127128129130
125
The specific tag format for each subsystem is described in the sections that follow.
B.2.2.2 Security Containment compartment tag format
NOTE: Customization of the Security Containment compartment rules file is not supported for system
containers.
Data is stored in the /etc/cmpt/container_name.rules file by default. When the srp
command adds data, it indicates the start of the data with the following tag:
//@tag-start 'compartment="container_name" template="template_name"
service="cmpt" id="instance";
The srp command indicates the end of the data with the following tag:
//@tag-end;
B.2.2.3 RBAC and compartment login tag format
Data is stored in files under the /etc/rbac directory. HP recommends that you use RBAC commands
(roleadm, authadm, cmdprivadm) to modify RBAC data.
HP-UX Containers identifies RBAC data for the admin service by using the following values:
Role name: SRPadmin-container_name for the container
Authorization: hpux.SRPadmin.container_name for the container
Command privilege: hpux.SRPadmin.container_name for the container
HP-UX Containers identifies RBAC data for the login service by using the following values:
Role name: SRPlogin-container_name for the container
Authorization: hpux.security.compartment.login for the container
B.2.2.4 Network configuration tag format
For IPv4 interfaces, the srp command adds the following entry to the
/etc/rc.config.d/netconf file:
IPV4_CMGR_TAG[index]='compartment="container_name" template="base"
service="network" id="instance"'
Where index is the first available index number for interface parameters in the netconf file. HP-UX
Containers uses the index number to identify the following interface parameters:
INTERFACE_NAME
INTERFACE_SKIP
IP_ADDRESS
SUBNET_MASK
INTERFACE_STATE
BROADCAST_ADDRESS
DHCP_ENABLE
INTERFACE_MODULES
HP-UX Containers uses the address configured for the IP_ADDRESS entry to identify the
ROUTE_SOURCE entry for the container, and uses that index number to identify the corresponding
route entries.