Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
21222324252627282930
4 Getting Started with SRP
This chapter shows the commands used to manage the lifecycle of a sample SRP compartment.
This chapter addresses the following topics:
“Sample SRP Lifecycle” (page 29)
“Step 1: Setting Up SRP ” (page 29)
“Step 2: Displaying Input Parameters for the base Template” (page 30)
“Step 3: Creating a Base SRP Compartment” (page 30)
“Step 4: Listing the Configuration Data ” (page 31)
“Step 5: Adding the sshd Template” (page 31)
“Step 6: Listing the Configuration Data for the sshd Template” (page 32)
“Step 7: Starting the SRP Compartment” (page 33)
“Step 8: Replacing the prm Configuration Data” (page 33)
“Step 9: Stopping the SRP Compartment” (page 34)
“Step 10: Deleting the SRP Compartment” (page 34)
Sample SRP Lifecycle
The following user session shows the SRP commands used to set up the SRP environment and
then create, administer, and delete an example SRP compartment. Each command is numbered
and described in the sections that follow.
# srp_setup #1 Set up SRP
# srp -help -template base #2 Show base template parameters
# srp -add mySRP #3 Create a base SRP compartment
# srp -list mySRP -v #4 List the configuration data
# srp -add mySRP -t sshd -s cmpt,provision #5 Add the sshd template with
# the cmpt and provision services
# srp -list mySRP -v -t sshd #6 List the configuration data for sshd
# srp -start mySRP #7 Start the SRP compartment
# srp -replace mySRP -s prm #8 Replace the PRM configuration values
# srp -stop mySRP #9 Stop the SRP compartment
# srp -delete mySRP -batch #10 Delete the SRP compartment
Run Environment for the SRP Session
By default, you must have superuser capability to run the srp utility. In addition, you must have
the authorization to modify the system and subsystem configuration files managed by srp. In
most cases, you must run the srp utility from the INIT compartment. By default, processes and
users running in the INIT compartment have authorization to access most system files.
The user in this example does not log in to the compartment to modify the SRP compartment.
The purpose of an SRP compartment is to create an isolated execution environment. Creating or
modifying SRP compartment configuration data requires access to files in the /etc/cmpt
directory, which is not accessible from SRP compartments.
For more information about using the INIT compartment, see “Using the INIT Compartment”
(page 19).
Directory for SRP Utilities
All SRP utilities are located in the directory /opt/hpsrp/bin.
Step 1: Setting Up SRP
In this example, the product has just been installed so the user starts by running srp_setup to
enable the subsystems managed by SRP.
Sample SRP Lifecycle 29