Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
21222324252627282930
3 Setting Up SRP
This chapter describes how to use srp_setup to set up the SRP environment. This chapter
addresses the following topics:
“Using srp_setup” (page 25)
“System Changes” (page 25)
“Example” (page 26)
Using srp_setup
The /opt/hpsrp/bin/srp_setup utility ensures that the system is an appropriate state for
successful configuration of SRP compartments. The srp_setup utility checks the status of the
subsystems that SRP can configure. If a subsystem is not enabled, srp_setup prompts if you
want to enable the service. It also prompts for subsystem startup data, such as configuration
directories and autostart parameters.
The srp_setup utility also prompts you for the SRP services you want to enable. The services
you enable also become the default services for the templates (SRP will not apply a service if the
service is not valid for a given template).
HP recommends that you run srp_setup after you install SRP, but you can run it anytime that
you want to change the default parameters for SRP or verify the status of the subsystems
configured by SRP.
System Changes
Depending on user input, the srp_setup utility can make the following system changes:
If the Security Containment compartments feature is not enabled, srp_setup configures
the system to enable this feature (this feature is required for the SRP product). Enabling
Security Containment compartments requires a system reboot; srp_setup prompts if you
want to reboot the system at the end of the user dialog if compartments were not already
enabled.
When the Security Containment compartments feature is initially enabled, it creates the
INIT and ifaces compartments. For more information about the INIT and ifaces
compartments, see “Coexistence with the INIT Compartment” (page 18).
If the compartment login feature is not enabled, srp_setup enables this feature if you
specify that you want to enable the login service. Enabling this feature configures the
system so that only users assigned to the RBAC Administrator role user can log in to any
compartment, including the INIT compartment. By default, only the root user is assigned
to the Administrator role.
For more information about compartment login, see “Compartment Login and Access for
Non-root Users” (page 20).
If the strong ES model is not enabled for the system, srp_setup prompts if you want to
enable it. Enabling the strong ES model enables default routes added for compartment-specific
IP addresses to properly function. However, enabling the strong ES model makes the system
unable to function as an IP router. For more information about the strong ES model, see “IP
Routers and Strong End System (ES) Model” (page 20).
The srp_setup utility enables the strong ES model using the ndd utility and the /etc/
rc.config.d/nddconf file. For more information, see ndd(1m).
Using srp_setup 25