container.5 (2011 09)
CONTAINER(5) CONTAINER(5)
NAME
container - describes the HP-UX Containers
DESCRIPTION
HP-UX Containers is the next generation of the HP-UX Secure Resource Partitions (
SRP) product. HP-
UX Containers provide an isolated operating environment (containers) within a single instance of the
HP-UX operating system. Processes executing within a container have restrictions placed on viewing and
interacting with processes outside of the container, and have limited access to networking, device and cer-
tain kernel operations.
Containers can be individually started, stopped and cloned or migrated across systems.
Containers are managed via the srp_sys(1M) and srp(1M) commands. The srp_sys command is used to
manage system level settings required to deploy containers. The srp command is used to manage the
lifecycle of individual containers on the system. HP-UX Containers provide a graphical user interface,
Container Manager, integrated with the System Management Homepage (smh(1M)) command. The
srp_su(1M) and srp_ps(1M) commands are used to externally launch and view processes in the specified
container.
Container Types
HP-UX Containers supports multiple container types that provide different degrees of isolation. The fol-
lowing container types are supported with HP-UX Containers:
System Containers
System containers provide additional virtualization and private namespace capabilities over workload
containers that give users the look and feel of a private operating system instance.
System containers provide process view isolation,
IPC isolation, and a dedicated IP address interface. All
system containers have a private set of configuration files and service daemons. System containers pro-
vide a private namespace for file system view, hostname, nodename, domainname, System V IPC,and
Loopback IP address. They require system software installation synchronization with the system.
Workload Containers
Workload containers provide process view isolation, IPC isolation, and a dedicated
IP address interface.
All workload containers share a common set of configuration files and service daemons with the global
view. Each workload container can be configured to allow only a specified subset of users and groups to
login to the container. Workload containers do not require system software installation synchronization
with the system.
HP 9000 Containers
HP 9000 containers provide a binary emulation environment for HP-UX PA-RISC workloads. The
HP
9000 Containers product is installed separately from the SRP product. Once the SRP and HP 9000 Con-
tainers products are both installed, you may use the srp(1M) command to manage an HP 9000 container.
Refer to the HP 9000 Containers documentation for product version requirements, and details on how to
configure and manage an HP 9000 container. Note: HP 9000 Containers version A.01.0x requires SRP ver-
sion A.02.02.
Global View
When HP-UX Containers is enabled on the system with the srp_sys(1M) command, all processes not exe-
cuting within a container execute in the global view. The global view has no access restrictions, and
therefore can view and manage processes in the global view and all containers. The global view is recom-
mended to be used for system administration activities only. System administration activity that must be
performed in the global view includes device management, network interface management, setting kernel
tunables, and executing system management utilities such as smh(1M), and srp(1M). File backup and
recovery can be performed in the global view.
Networking
Containers are assigned private
IP addresses. By default, a process in a container can network to other
containers on the same server, but can only bind to its own container’s IP addresses. Processes in the glo-
bal view can bind to any IP address on the system, including those assigned to containers.
HP-UX 11i Version 3: September 2011 − 1 − Hewlett-Packard Company 1