Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
51525354555657585960
7 Using the custom Template
The custom template enables you to specify additional Security Containment file access rules
and IPFilter rules for an SRP compartment. You can also use the custom template to accommodate
additional applications in a SRP compartment, or to add compartment or IPFilter rules to increase
security controls for an SRP compartment. You can use the custom template to add data to an
SRP compartment multiple times without removing or replacing previously configured data.
You can also use the custom template to delete or modify the custom template data for a
compartment.
This chapter addresses the following topics:
Adding the custom Template to an SRP Compartment” (page 53)
“Replacing or Deleting Custom SRP Data” (page 55)
“Replacing or Deleting Custom SRP Data” (page 55)
Adding the custom Template to an SRP Compartment
To use the custom template, you must create a base SRP compartment first, then use the srp
-add command to add the apache template to the compartment.
For example:
# srp -add myCmpt # create a base SRP compartment
# srp -add myCmpt -template custom -id myID
Requirements for Running srp
You must have superuser capability to run the srp utility. In addition, most system configurations
require you to be in the INIT compartment so that srp can modify the system and subsystem
configuration files. For more information, see “Run Environment for the SRP Session” (page 29).
Syntax
The syntax for adding the custom template to an SRP compartment is as follows:
srp -a[dd] compartment_name -t[emplate] custom [-i[d] instance]
[-s[ervice] service[,service]...]
Where:
compartment_name
Specifies the name of an existing SRP compartment.
instance
Unique string identifier used to identify an instance of an application
of the custom template (the custom template can be added multiple
times to the same SRP compartment without removing or replacing
previously configured data).
If you do not specify the -id argument, srp prompts you for an
instance identifier.
Valid Input: A text string with alphanumeric, dash (-) , or underscore
(_) characters. The maximum length is 20 characters.
Default: None.
service
Specifies the name of the service to configure. The following services
are valid with the custom template:
cmpt
ipfilter
If you do not specify any services in the command line, srp prompts
you for the services you want to apply and displays a list of the default
Adding the custom Template to an SRP Compartment 53