getrules.1m (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

getrules(1M) getrules(1M)

NAME

getrules - display compartment rules

SYNOPSIS

getrules [-c]

getrules [-f][-i

][-n][-T][-p|-P][

-m][compartment_name]...

getrules -l interface_name[...] ipaddr/mask[...]

getrules -L [interface_name...] [IPaddress...]

DESCRIPTION

getrules displays rules deﬁned for compartment(s) or network interface(s). This command can only be

used when compartmentalization is enabled (see cmpt_tune (1M)).

If no options are speciﬁed, all subsystem rules for the given compartment are displayed. If no

compartment_name is speciﬁed, information on all compartments is displayed.

Options

getrules recognizes the following options:

-c Displays all the compartments conﬁgured on the system.

-f Displays the ﬁle system rules for the compartment(s).

-i Displays the IPC system rules for the compartment(s).

-l Displays the compartment names associated with the interface(s) and the IP address/mask as

set by a previous invocation of setrules. Either the interface_name or the ipaddr/mask

must be speciﬁed. More than one interface_name and/or IPaddress can be speciﬁed.

-L Displays the compartment names associated with the logical interface(s) and the IP addresses

as applied by the kernel. When interface rules conﬂict with each other, this option can be used

to ﬁnd how the conﬂicts are resolved. If no arguments are speciﬁed, information about all

currently active interfaces is displayed.

-n Displays the network system rules for the compartment(s).

-T Displays all the interface rules being applied by the kernel on the speciﬁed compartment(s). If

no compartment name is speciﬁed all the interface rules being applied by the kernel on all the

existing compartments will be displayed.

-p Displays the disallowed privileges list in short form for compartment(s). The short form

includes compound privileges in the privilege list.

-P Displays the disallowed privileges list in literal form for compartment(s). The literal form

expands compound privileges in the privilege list.

-m Displays all the compartment rules of the speciﬁed compartment(s) in the machine parsable

format. Using the "getrules -m compartment_name>ﬁle"or"getrules -m> ﬁle" com-

mand is useful when used in combination with discover mode. See compartments (5).

Operands

getrules recognizes the following operands:

compartment_name Name of the compartment for which information is displayed.

interface_name Name of the network interface for which information is displayed.

IPaddress An IPv4 or IPv6 address

ipaddr/mask An IPv4 address or an IPv6 address and the corresponding mask.

Notes

The

getrules command is provided for diagnostic purposes, and as such the output of the command

may change.

Some rules can be expressed in multiple forms. For instance,

compartment A specifying that it can

send a signal to compartment B is the same as compartment B specifying that it can receive signals

from compartment A. As this command displays the rules only once, it can be misleading when inter-

preting the output.

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (2 pages)

PAGE 1
getrules(1M) getrules(1M) NAME getrules - display compartment rules SYNOPSIS getrules [-c] getrules [-f] [-i] [-n] [-T] [-p|-P] [-m] [compartment_name]... getrules -l interface_name[...] getrules -L [interface_name...] ipaddr/mask[...] [IPaddress...] DESCRIPTION getrules displays rules defined for compartment(s) or network interface(s). This command can only be used when compartmentalization is enabled (see cmpt_tune (1M)).
PAGE 2
getrules(1M) getrules(1M) Security Restrictions The user invoking this command must have one of the following authorizations: hpux.security.xsec.secrules.unrestricted hpux.security.xsec.secrules.restricted See authadm (1M)). RETURN VALUE getrules returns the following values: 0 >0 Successful completion. The rules are displayed. An error occurred. An error can be caused by an invalid option or because the user does not have permissions to perform the operation.