Manualshelf

HP-UX Containers (SRP) A.03.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
81828384858687888990
88
Disallowed
Privilege
Description
Example
REBOOT
Allows a process to perform system reboot.
reboot(1M)
RULESCONFIG
Allows a process to add and modify
compartment rules.
setrules(1M)
SPUCTL
Allows a process to perform certain
administrative operations in the Instant
Capacity product.
SWAPCTL
Allows a process to manage and configure
swap space.
swapctl(2), swapon(1M)
SYSNFS
Allows a process to export a file system.
TRIALMODE
Allows a process to log privileges required
to execute in the syslog file.
15.7.1 Disallowed commands
The commands and system calls that fall into the category of disallowed administrative tasks will fail
in a system container. The disallowed tasks can be part of a command (certain options) or can be the
command itself. Some examples of the disallowed commands are: accton(1M); acctsh(1M);
date(1) u, -a; getprivgrp(1M); ied(1); mknod(1M); mpsched(1); privgrp(4);
psrset(1M); ptydaemon; reboot(1M); sar(1M), setboot(1M); setprivgrp(1M);
setuname(1M) –s; shl(1); timex(1) o, -p; umodem(1); uupath(1); who(1) A, -t
15.8 System templates
The following table describes the templates that can be included for a system container:
Template Description
system (required) The system template is the primary template for system containers.
The base configuration includes the following services: cmpt, admin,
init, network, prm, ipfilter, ipsec, and provision.
custom (optional) The custom template enables you to customize the IPFilter
configuration. See 16.8.6 Custom template.
The following table describes the services and variables included in the system template that can be
used to update system container configuration:
Service Variable Description
admin*
admin_user
Comma separated list of existing user names to be
granted the role of container administrators.
Default: root
cmpt*
ok_export_dirs
Specify if the container root directories must be saved
in exchange file for export operation (srp export).
See 6.9 Copying containers by exporting and
importing.
Default: No
export_copy_dirs
Comma seperated list of fully qualified directory names