HP-UX Secure Resource Partitions (SRP) A.02.00 Administrator's Guide
Troubleshooting Procedures
The following sections contain troubleshooting procedures.
Using the Security Containment Compartment Discover Feature
In a secure environment, you can use the Security Containment discover feature to remove
compartment restrictions and view the rules that are needed to allow access. (If you are not in a
secure environment, you can use IPFilter to allow access from only trusted systems before
removing compartment restrictions.)
You can use a procedure similar to the following to use the discover feature:
1. Stop the SRP compartment:
srp -stop compartment_name
2. Edit the compartment rules file (/etc/cmpt/compartment_name.rules), and tag the
compartment definition at the beginning of the file with the discover keyword. This opens
the compartment for all access. For example:
discover compartment myCmpt {
:
:
3. Start the SRP compartment:
srp -start compartment_name
4. Access and exercise the compartment applications. After you successfully exercise the
applications, enter the following command to generate a machine readable version of the
rules used to access the compartment:
getrules -m compartment_name
5. Compare the output from the getrules command with the compartment rules file and
make the necessary changes.
6. Stop the SRP compartment, remove the discover keyword from the compartment rules
file, and then restart the compartment.
Removing or Disabling IPFilter
If you are using IPFilter with SRP, you can see if IPFilter rules are blocking access to the
compartment applications. One way to do this is by removing the ipfilter service from the
compartment with the following command:
srp -d compartment_name [-t template] -s ipfilter
If you do not specify the -t argument, srp removes the IPFilter configuration for the base
template.
To add the ipfilter service back to the compartment after you have completed testing, enter
the following command:
srp -d compartment_name [-t template] -s ipfilter
Troubleshooting Procedures 79