HP-UX Containers (SRP) A.03.01 Administrator's Guide

15 System container

With a system container, you can perform various management tasks only from the global view (see

15.7 Limitations and disallowed ), and others from within the container. The management tasks

performed within the container are:

• Hostname, nodename and domain name configuration

• User/group management

• Startup and shutdown of service daemons

• Name service configuration

• Scheduling cron jobs

• RBAC

• File system mount (including NFS and dedicated partitions)

• Extended security attributes

• User auditing

• Application installation using methods other than SD

15.1 Managing file system

When you create a container, the srp command creates a new container root directory

(/var/hpsrp/container_name). Access restrictions are set such that only the processes within

the container (or the global view) can access files under that directory. All processes running in a

system container are chrooted to the container root directory, thus providing a unique file system view

for the container.

15.1.1 Choosing a file system subtype

You can create a system container with either a private or a shared file system view. If you create a

system container with a private file system, it will be populated with its own read/write copy of

the system directories, excluding the /stand directory. The /stand directory will be made

available with a loopback mount from the global view /stand directory. If you create a system

container with a shared file system, it will be populated with its own read/write copies of the

system directories, excluding the /stand, /usr, and /sbin directories; these directories will be

read-only loopback mounted from the corresponding global view directories.

The following diagram shows the file system layout for Container 1, a system container with a

shared file system and Container 2, a system container with a private file system.