HP-UX Containers (SRP) A.03.01 Administrator's Guide
93
16.3 Security features
HP-UX Containers provides a framework for managing container and networking security. This
framework is primarily enforced with Security Containment compartment access rules. The default set
of container access rules delivered with HP-UX Containers has been developed to favor functional
isolation, application compatibility, and user session functionality over strong security containment. To
meet the specific security requirements of your environment, you may need to replace these rules with
security configurations to meet your application usage and local security policy, as described in B.2.1
Securing containers with compartment rule Include files (Not supported for system containers).
16.4 Devices
By default, all devices in the /dev/ directory in the common global file system are available to
workload containers.
16.5 Installing software
There is no synchronization required between the global view and workload containers for installation
of SD based software. Therefore software installed on the system is not propagated to each workload
container.
Access to software installed via SD is achieved by installing the software in a directory accessible to
the container, or by modifying the container’s file access rules to include the software via the custom
template. For a visual representation of the file paths accessible to a workload container, see figure
16.1
Figure 16.1 Application installation map