container_system.5 (2011 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

CONTAINER_SYSTEM(5) CONTAINER_SYSTEM(5)

FSS, FSSTHREAD

Allows a process or thread to conﬁgure fair share scheduler.

MKNOD

Allows a process to create character or block special ﬁles. Example: mknod(1M)

MPCTL

Allows a process to change processor binding, locality domain binding, or launch policy of a process.

NETADMIN

Allows a process to perform network administrative operations such as conﬁguring

IP address and routing

tables. Example: Add, delete, update options of ifconﬁg(1M), netstat (1M), route(1M)

NETPROMISCUOUS

Allows a process to conﬁgure an interface to listen in promiscuous mode. Example: tcpdump

PSET

Allows change to the system pset conﬁguration.

RDEVOPS

Allows a process to do device speciﬁc administrative operations such as tape or disk formatting.

REBOOT

Allows a process to perform system reboot. Example: reboot(1M)

RULESCONFIG

Allows a process to add and modify compartment rules. Example: setrules(1M)

SPUCTL

Allows a process to perform certain administrative operations in the Instant Capacity product.

SWAPCTL

Allows a process to manage and conﬁgure system swap space. Example: swapctl(2), swapon(1M)

SYSNFS

Allows a process to export a ﬁle system.

TRIALMODE

Allows a process to log privileges required to execute in the syslog ﬁle.

MANAGING SYSTEM CONTAINERS

System containers can be created, modiﬁed, deleted, and migrated or cloned across systems via the

srp(1M) command. System containers can be started and stopped in a similar manner to starting and

stopping an individual system, including startup and shutdown processing. See sys_sys(1M), srp(1M),

srp_init(1M) and srp_allowed_product(1M).

RESTRICTIONS

All users in a system container (including root) are prevented from performing the following list of admin-

istrative tasks. These administrative tasks must be performed in the global view. Performing these

administrative tasks in a system container will return an error (e.g. permission denied).

• Kernel conﬁguration management

• Kernel tunable management

• System boot conﬁguration

• Reading kernel memory

• Make kernel

• System crash conﬁguration

• Kernel Registry Services (

KRS)

•

DLKM management

• Creating device ﬁles

• Changing system time

• Shutdown/reboot the physical system

• Swap space management

HP-UX 11i Version 3: September 2011 − 3 − Hewlett-Packard Company 3