srp.1m (2011 09)
SRP(1M) SRP(1M)
no
root_password=password
The container’s root user password. Default: value must be provided by user.
subtype=shared private
Indicate the container subtype. With shared the directories /sbin, /usr, and /stand are
mounted read-only and shared with the other containers on the system. With private the direc-
tories /sbin and /usr are private to the container. Default: private.
Ipfilter Service:
The optional ipfilter service manages the ipf(1M) rules that filter network traffic into a container.
Rules are only applied to the network interface with instance id=1, which is configured when the
container is created.
ip_address=ip_address
IP address to limit IPFilter ingress. Use dotted-decimal notation for IPv4 and colon-hexadecimal
notation for IPv6. Default: First
IP address allocated for this container.
ipf_for_ipsec=yes no
Specify whether IPFilter should allow ingress for IPSec ports and protocols. Default: no
IPSec Service:
The optional ipsec service configures IPSec for a container. Changes are only applied to the network
interface with instance id=1, which is configured when the container is created.
ip_address=ip_address
Container
IP address to protect via IPSec at the IP layer. Use dotted-decimal notation for an IPv4
address and colon-hexadecimal notation for an IPv6 address. Default: First
IP address allocated
for this container.
ipsec_peer_addr=ip_address
IP address of peer node allowed to communicate with the container via IPSec. Use dotted-
decimal notation for an IPv4 address and colon-hexadecimal notation for an IPv6 address
Default: none, must be provided.
ipsec_psk=key
IPSec pre-shared key string. Must match key on peer node. Default: none, must be supplied.
ipsec_transform=transform
IPSec encryption/authentication algorithm. Valid values:
ESP_AES128_HMAC_SHA1, ESP_AES128_HMAC_MD5
ESP_3DES_HMAC_SHA1, ESP_3DES_HMAC_MD5
ESP_NULL_HMAC_SHA1, ESP_NULL_HMAC_MD5
Operations: add, replace Default:
ESP_AES128_HMAC_SHA1
Login Service:
The login service manages which HP-UX login users and groups may login to a container.
login_group=groupname[,groupname]...
Comma separated list of existing HP-UX group names allowed to login to the container. Default:
none
login_user=username[,username]...
Comma separated list of existing HP-UX user names allowed to login to the container. Default:
none (root is implicitly permitted login access).
Network Service:
The network service manages the container’s network interface configuration. The service is
required when initially provisioning a container with srp(1M). Multiple instances of the network ser-
vice may be added for a container by specifying a different -id variable to the srp(1M) command.
Instance
ID ‘‘1’’ is automatically specified when a container is created. Note that the ipfilter and ipsec
services only work with -id instance ‘‘1’’ of the network service.
Note: During an import operation the new container’s network service will be changed.
• If the new container’s name is different from the source container’s name in the exchange file
then the source container’s network configuration will not be imported. Instead, the user will be
HP-UX 11i Version 3: September 2011 − 5 − Hewlett-Packard Company 5