HP-UX Reference (11i v3 07/02) - 1M System Administration Commands A-M (vol 3)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

281

282

283

284

285

286

287

288

289

290

getrules(1M) getrules(1M)

NAME

getrules - display compartment rules

SYNOPSIS

getrules [-c]

getrules [-f][-i

][-n][-T][-p|-P][-m

][compartment_name]...

getrules -l interface_name[...] ipaddr/mask[...]

getrules -L [interface_name...] [IPaddress...]

DESCRIPTION

getrules displays rules deﬁned for compartment(s) or network interface(s). This command can only be

used when compartmentalization is enabled (see cmpt_tune(1M)).

If no options are speciﬁed, all subsystem rules for the given compartment are displayed. If no

compartment_name is speciﬁed, information on all compartments is displayed.

Options

getrules recognizes the following options:

-c Displays all the compartments conﬁgured on the system.

-f Displays the ﬁle system rules for the compartment(s).

-i Displays the IPC system rules for the compartment(s).

-l Displays the compartment names associated with the interface(s) and the IP address/mask as set

by a previous invocation of setrules. Either the interface_name or the ipaddr/mask must be

speciﬁed. More than one interface_name and/or IPaddress can be speciﬁed.

-L Displays the compartment names associated with the logical interface(s) and the IP addresses as

applied by the kernel. When interface rules conﬂict with each other, this option can be used to

ﬁnd how the conﬂicts are resolved. If no arguments are speciﬁed, information about all currently

active interfaces is displayed.

-n Displays the network system rules for the compartment(s).

-T Displays all the interface rules being applied by the kernel on the speciﬁed compartment(s). If

no compartment name is speciﬁed all the interface rules being applied by the kernel on all the

existing compartments will be displayed.

-p Displays the disallowed privileges list in short form for compartment(s). The short form includes

compound privileges in the privilege list.

-P Displays the disallowed privileges list in literal form for compartment(s). The literal form

expands compound privileges in the privilege list.

-m Displays all the compartment rules of the speciﬁed compartment(s) in the machine parsable for-

mat. Using the "getrules -m compartment_name

>ﬁle"or"getrules -m> ﬁle" command

is useful when used in combination with discover mode. See compartments(5).

Operands

getrules recognizes the following operands:

compartment_name Name of the compartment for which information is displayed.

interface_name Name of the network interface for which information is displayed.

IPaddress An IPv4 or IPv6 address

ipaddr/mask An IPv4 address or an IPv6 address and the corresponding mask.

Notes

The getrules command is provided for diagnostic purposes, and as such the output of the command may

change.

Some rules can be expressed in multiple forms. For instance, compartment A specifying that it can

send a signal to compartment B is the same as compartment B specifying that it can receive signals

from compartment A. As this command displays the rules only once, it can be misleading when inter-

preting the output.

284 Hewlett-Packard Company − 1 − HP-UX 11i Version 3: February 2007