Manualshelf

HP-UX Containers (SRP) A.03.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
21222324252627282930
30
The srp_sys enable option allows you to run the srp_sys command in the non-
interactive mode. If no subsystem is specified, a default set of required HP-UX subsystems is
enabled
(coreset, migrate, cmptlogin, prm, and sshd).
Using srp_sys with the setup option:
The srp_sys setup command ensures that the system is in an appropriate state to
successfully configure containers. If a subsystem is not enabled, srp_sys prompts you to
specify if you want to enable the service. It also prompts for subsystem startup data, such as
configuration directories and autostart parameters. The srp_sys -setup command
also prompts you for the HP-UX Containers services that you want to enable.
HP requires that you run srp_sys enable or srp_sys -setup after you install HP-UX
Containers. You can run srp_sys with either option at anytime that you want to change the default
parameters for the HP-UX Containers product.
The services you enabled using srp_sys become the default services for the templates (only valid
services will be applied for any given template). The srp_sys command also modifies the HP-UX
Containers default template with these subsystem startup data.
The srp_sys command manages the following subsystems:
Core container subsystem (coreset)
This subsystem is mandatory and sets all the core system properties required for the HP-UX
Containers product. The components that will be modified include:
o Security Containment compartments
The Security Containment compartments feature provides the base functionality that
HP-UX Containers utilizes to provide isolation and namespaces for containers.
o Container required kernel tunables
These tunables are required to enable HP-UX Containers functionality:
ip_strong_es_model
Required for the HP-UX Containers product when using networking. Enables
symmetric routing on the system which causes connection based protocols such
as TCP to use the same interface for both inbound and outbound traffic. Note
that enabling the strong ES model makes the system unable to function as an IP
router.
ip_ire_cmpt_route_lookup_policy/
ip6_ire_cmpt_route_lookup_policy
Required for the HP-UX Containers product when using networking. Controls
the route lookup logic in the compartment-enabled environment. Set this feature
to 0 to enable the strong security model which requires strict route lookup logic;
set this feature to 1 to disable the strong security model.
cmpt_allow_local
Allows containers on the same server to communicate via network protocols
without requiring additional security configuration. Sets the default rule for
inter-compartment loopback communications that are addressed to local
network interfaces or IP addresses. The default rule only applies if there is no