HP-UX Reference (11i v2 07/12) - 1M System Administration Commands A-M (vol 3)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

131

132

133

134

135

136

137

138

139

140

cmpt_tune(1M) cmpt_tune(1M)

NAME

cmpt_tune - query, enable, or disable compartmentalization feature

SYNOPSIS

cmpt_tune -h

cmpt_tune

[-q][-s

]

cmpt_tune -Q [-s][-n

boot_image]

cmpt_tune [-Q][-s

] -n boot_image

cmpt_tune {-d|-e}[-r

][-s][-n boot_image]

DESCRIPTION

cmpt_tune queries, enables, or disables the compartmentalization feature. Compartmentalization is not

a dynamic feature; enabling or disabling the feature requires a reboot. If you make a change and do not

specify the -r ﬂag, cmpt_tune

reports a reboot reminder message. If no options are speciﬁed, the -q

option is assumed.

If no compartments have been deﬁned when compartmentalization is enabled, the network interfaces

currently installed on the system are assigned to a new compartment ifaces, and the administrator is

given the opportunity to reassign these interfaces (see getrules(1M)).

The system initially boots into a predeﬁned compartment, INIT. A process in the INIT

compartment can

access all objects (that is, all processes, ﬁles, IPC objects, etc., are accessible from the

INIT compartment).

See compartments(5) for more information. Using the

setfilexsec command (see setﬁlexsec(1M)), an

administrator can set speciﬁc binaries to start automatically in other compartments; that is, when a process

executes the binary, it may ﬁnd its compartment modiﬁed as a side-effect. This concept is similar to a

setuid binary changing a process’s euid.

When the

-e or -d option is speciﬁed without the -n

option, the current running conﬁguration is modiﬁed.

-e or -d is speciﬁed with the -n option and boot_image does not exist, it is created as though the

administrator ran the following command:

kconfig -s boot_image

In any case, boot_image is marked for use on the next boot.

Options

The cmpt_tune command recognizes the following options:

-d Disables compartments.

-e Enables compartments.

-h Prints a help message.

-n boot_image

Makes changes to or queries the speciﬁed boot_image. If this option is not speciﬁed,

boot_image defaults to nextboot. If no other options are speciﬁed, the -Q option is

assumed.

-q Queries the current state of compartments.

-Q Queries the state of compartments after the next reboot.

-r Reboots after making changes. You can only use this option with the -d or -e options.

-s Sets silent mode. Only the exit status is set.

RETURN VALUE

cmpt_tune returns the following values:

0 When querying, the compartmentalization feature is enabled. When making changes, the

changes are successfully applied.

1 An option processing error occurred. When querying, the compartmentalization feature is dis-

abled. When making changes, and -r is speciﬁed, the reboot option is ignored (for example, to

allow for editing of compartment conﬁguration ﬁles).

HP-UX 11i Version 2: December 2007 Update − 1 − Hewlett-Packard Company 139