Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
101102103104105106107108109110
parts of the system. The compartments on the system are configured so that the processes
can access the resources they need.
Figure 6-1 Compartment Architecture
process
process relationship
files and/or directories
file access
network
IPC
signals
Compartment
recorder
All
logs
spool
/
/var/opt/server
parent
Network
read
read, write
read, write
handler
handler
handler
server_parent
server_children
lan cmpt 1
In Figure 6-1, the parent process is configured in a compartment, compartment A. As
part of its functioning, the parent process spawns a number of handler processes in a
different compartment, compartment B. The handler processes inherit the compartment
configuration of the parent process. The network card that connects this system to the
LAN is configured in another compartment, compartment C. The file system is configured
to allow full access to compartment A, but only allow partial access to compartment B.
Communication between the system components in their separate compartments is
configured as follows:
All handler processes are configured to communicate with the network.
The recorder can access the file system.
The handler processes have read, and read/write access to parts of the file system.
110 Compartments