HP-UX Secure Resource Partitions (SRP) A.02.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)

11.1.1 The cmpt Service

The cmpt service for the custom template applies additional compartment rules to your

compartment. You can specify a rules file to include and/or specify file system paths to configure for

different access types.

11.1.1.1 Input Data

SRP prompts for the following data. You can also specify a variable name and value in the command

line, as described in

15.1 Creating an SRP Compartment or Adding Data to an SRP.

Compartment

rule files

Specifies compartment rule files to include in the compartment rules file for this

SRP compartment.

To specify multiple files, use commas to separate file names.

Variable Name: cmpt_rule_file.

Default: None.

Read access

paths

Specifies directories to configure with read access (nsearch and read) in the

compartment rules file for this SRP compartment.

To specify multiple directories, use commas to separate directory names.

Variable Name: read_access.

Default: None.

All access

paths

Specifies directories to configure with all

access in the compartment rules file for

this SRP compartment.

To specify multiple directories, use commas to separate directory names.

Variable Name: all_access.

Default: None.

no access

paths

Specifies directories to configure with none access in the compartment rules file

for this SRP compartment. This will disallow access to the specified directories

unless an additional access rule has been specified for this path from this SRP.

To specify multiple directories, use commas to separate directory names.

Variable Name: no_access.

Default: None.

11.1.1.2 Configuration Data

SRP adds entries to the rules file for the SRP compartment to authorize access according to the

descriptions in the previous sections. SRP also adds an include statement to add the rules from the

files specified by cmpt_rule_file.

11.1.2 The ipfilter Service

The ipfilter service for the custom template enables you to allow inbound packets to specific TCP

or UDP port numbers.

11.1.2.1 Input Data

SRP prompts for the following data. You can also specify a variable name and value in the command

line, as described in 15.1 Creating an SRP Compartment or Adding Data to an SRP.

IPFilter TCP port

numbers

Specifies the local TCP port numbers for IPFilter rules that allow inbound

packets.