Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
31323334353637383940
5 Using the base Template
The base template manages SRP compartment data that is not application-specific. This chapter
describes how to use the base template to create a base SRP compartment. You can also use the
base template to add additional base services to a compartment or to delete or modify the base
services for a compartment.
This chapter addresses the following topics:
“Creating a Base SRP Compartment” (page 35)
“Starting the SRP Compartment” (page 45)
“Replacing or Deleting Base SRP Data” (page 45)
Creating a Base SRP Compartment
You can use the base template to create a base compartment that consists of a Security
Containment compartment and other configuration data. After you create a base SRP
compartment, you can use an application template to add application-specific configuration data
to the SRP compartment, such as compartment file access rules for application-specific directories
and IPFilter rules for application-specific port numbers.
Requirements for Running srp
You must have superuser capability to run the srp utility. In addition, most system configurations
require you to be in the INIT compartment so that srp can modify the system and subsystem
configuration files. For more information, see “Run Environment for the SRP Session” (page 29).
Syntax
To create a base SRP compartment, enter the following srp -add command. Specifying the
base template (-t base) is optional; the base template is the default template for the add
operation.
srp -a[dd] compartment_name [-t base] [-s service[,service]...]
Where:
compartment_name
Specifies the name of the SRP compartment to create.
service
Specifies the name of the service to configure. If you do not specify the
-s option, srp prompts you for a list of services to configure with a
list of default services. The factory-configured default services are as
follows (listed in the order that srp prompts for input):
cmpt - see “The cmpt Service” (page 36)
admin - see “The admin Service” (page 37)
prm - see “The prm Service” (page 38)
network - see “The network Service” (page 39)
init - “The init Service” (page 41)
You can modify the set of default services using the srp_setup utility.
as described in Chapter 3 (page 25).
The following services are also valid with the base template:
login - see “The login Service” (page 41)
ipfilter - see “The ipfilter Service” (page 42)
ipsec - see “The ipsec Service” (page 43)
Creating a Base SRP Compartment 35