Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.00.001 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
12345678910
This problem no longer exists since the patch PHNE_39203 is now installed with
SRP A.02.00.001.
1.6 Known Problems in HP-UX SRP A.02.00.001
HP-UX SRP A.02.00.001 contains the following known problems:
The getcwd function, which gets the pathname of the current working directory,
fails from within an SRP compartment's home directory. For example, Java fails
with the error “Could not determine current working directory”.
To isolate SRP specific files, SRP compartments use the nsearch compartment
rule for the directory /var/hpsrp. However, this prevents applications from
within an SRP from successfully executing the getcwd function to determine the
current working directory when the current working directory path contains
/var/hpsrp.
Workaround
To avoid this problem, you can use one of the following workarounds:
Before running the application, change directory to a directory path that does
not include /var/hpsrp. For example, change directory to /tmp/.
Add read access to the SRP compartment rule list for /var/hpsrp. This
removes the compartment restriction preventing access to files belonging to
another SRP. However, the file system access rules will still be enforced. See
HP-UX System Administrator's Guide: Security Management, available at http://
docs.fc.hp.com/en/oshpux11iv3.html#System%20Administration for more
information on compartment rules.
Networking connections to SRP compartments that are on the same system may
not be correctly routed to processes listening on the IP Address 0.0.0.0
(INADDR_ANY).
Local network messages may be routed to an unintended SRP when multiple
processes are listening on the same network port with IP address 0.0.0.0
(INADDR_ANY), as follows:
1. From the init compartment, the connection can be accepted by any process
on the system listening on the target port with IP address 0.0.0.0.
2. From an SRP, if there is a process within the SRP listening on the target port
with IP address 0.0.0.0, the connection will be accepted locally.
Workaround
To avoid this problem, you can use one of the following workarounds:
Place the client and server applications in the same SRP or on separate servers.
Configure all applications on the system that use a common port to listen on
a specific IP address instead of the IP address 0.0.0.0. Configure compartment
rules to allow networking between SRPs whose applications are configured as
10 HP-UX SRP