HP-UX Containers (SRP) A.03.01 Administrator's Guide
71
Property Workload
Container
System Container
(private FS)
System Container
(shared FS)
To mount a device within a container,you must
first provision the device to the container from the
global view.
SD software installation Installed once from
the global view.
Products with
targeted install
location may be
installed into
container.
Installed from the
global view and
pushed to each
container.
Installed from the
global view and
pushed to each
container. Containers
must be in the
stopped state.
SD Product Installation
restrictions
None Only products that are on the allowed list will be
pushed to the containers.
Import target system
software requirements
HP-UX Containers
product version
compatibility.
Full SD database equality test (source and target
system must match).
Cloning considerations Full container
directory tree may be
shared.
Container directory tree must be copied
(application data may be shared).
Networking
considerations
• Managed from the
global view
• Loopback
portspace shared
among all
workload
containers and the
global view
• Managed from the global view
• Fully private network portspace for each system
container
Default security
properties
• Cannot access
other container files
• Read-only access
to most system files
• Process view
restricted to the
container
• IPC restricted to the
container and the
global view
• No disallowed
kernel privileges
• Cannot access other
container files
• Read-only access
/stand
• Process view
restricted to the
container
• IPC restricted to the
container
• Disallowed kernel
privileges, for
sensitive operations
• Cannot access other
container files
• Read-only access to
system files
• Process view
restricted to the
container
• IPC restricted to the
container
• Disallowed kernel
privileges, for
sensitive operations
Security
hardening/softening
Security settings can
be altered (see 16.3
Security ).
Modifying security settings is not supported.