HP-UX Reference (11i v2 07/12) - 1M System Administration Commands A-M (vol 3)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

331

332

333

334

335

336

337

338

339

340

getrules(1M) getrules(1M)

NAME

getrules - display compartment rules

SYNOPSIS

getrules [-f][-i

][-n][-p|-P][compartment_name]...

getrules -l network_interface_name[...]

DESCRIPTION

getrules displays rules deﬁned for compartment(s) or network interface(s). This command can only be

used when compartmentalization is enabled (see cmpt_tune(1M)).

If no options are speciﬁed, all subsystem rules for the given compartment are displayed. If no

compartment_name is speciﬁed, information on all compartments is displayed.

Options

getrules recognizes the following options:

-f Displays the ﬁle system rules for the compartment(s).

-i Displays the IPC system rules for the compartment(s).

-l Displays the compartment names associated with the network interface(s).

-n Displays the network system rules for the compartment(s).

-p Displays the disallowed privileges list in short form for compartment(s). The short form includes

compound privileges in the privilege list.

-P Displays the disallowed privileges list in literal form for compartment(s). The literal form

expands compound privileges in the privilege list.

If the -l option is used, you must specify a network_interface_name.

Operands

getrules recognizes the following operands:

compartment_name Name of the compartment for which information is displayed.

network_interface_name Name of the network interface for which information is displayed.

For compartment_name or network_interface_name, you can specify multiple instances separated by spaces.

Notes

The

getrules command is provided for diagnostic purposes, and as such the output of the command may

change.

Some rules can be expressed in multiple forms. For instance, compartment A specifying that it can

send a signal to compartment B is the same as compartment B specifying that it can receive signals

from compartment A. As this command displays the rules only once, it can be misleading to interpret

the output.

RETURN VALUE

getrules returns the following values:

0 Successful completion. The rules are displayed.

>0 An error occurred. An error can be caused by an invalid option or because the user does not

have permissions to perform the operation.

EXAMPLES

Example: Display all ﬁle system rules for the compartment named web:

# getrules -f web

HP-UX 11i Version 2: December 2007 Update − 1 − Hewlett-Packard Company 335