Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
81828384858687888990
RBAC and Compartment Login Tag Format
Data is stored in files under the /etc/rbac directory. HP recommends that you use RBAC
commands (roleadm, authadm, cmdprivadm) to modify RBAC data.
SRP identifies RBAC data for the admin service by using the following values:
Role name: SRPadmin-compartment_name for the compartment
Authorization: hpux.SRPadmin.compartment_name for the compartment
Command privilege: hpux.SRPadmin.compartment_name for the compartment
SRP identifies RBAC data for the login service by using the following values:
Role name: SRPlogin-compartment_name for the compartment
Authorization: hpux.security.compartment.login for the compartment
Network Configuration Tag Format
For IPv4 interfaces, SRP adds the following entry to the /etc/rc.config.d/netconf file:
IPV4_CMGR_TAG[index]='compartment="compartment_name" template="base"
service="network" id="instance"'
Where index is the first available index number for interface parameters in the netconf file.
SRP uses the index number to identify the following interface parameters:
INTERFACE_NAME
IP_ADDRESS
SUBNET_MASK
INTERFACE_STATE
BROADCAST_ADDRESS
DHCP_ENABLE
INTERFACE_MODULES
SRP uses the address configured for the IP_ADDRESS entry to identify the ROUTE_SOURCE entry
for the compartment, and uses that index number to identify the corresponding route entries.
IPv6 Interfaces
The data is similar for IPv6 interfaces, with the following differences:
The data is stored in the /etc/rc.config.d/netconf-ipv6 file.
The names of the interface parameters are correct for IPv6 interfaces, such as
IPV6_INTERFACE, IPV6_ADDRESS, IPV6_INTERFACE_STATE.
SRP does not add or manage IPv6 route entries.
PRM Tag Format
Data is stored in the /etc/prmconf file by default. When SRP adds data, it indicates the start
of the data with the following tag:
#@tag-start compartment="compartment_name" template="base" service="prm"
id="instance";
SRP indicates the end of the data with the following tag:
#@tag-end;
IPFilter Tag Format
Data is stored in the /etc/opt/ipf/ipf.conf file for IPv4 addresses and in /etc/opt/ipf/
ipf6.conf for IPv6 addresses. When SRP adds data, it indicates the start of the data with the
following tag:
#@tag-start compartment="compartment_name" template="template_name"
service="ipfilter" id="instance";
Manually Editing SRP Configuration Data 85