Administrator's Guide
Table 6-2 Compartment Commands
DescriptionCommand
Queries, enables, and disables the compartments feature.cmpt_tune
Sets security attributes of binary files, including the compartment attribute.setfilexsec
Displays security attributes associated with binary executable files,
including the compartment attribute.
getfilexsec
Displays security attributes of processes, including the compartment
attribute.
getprocxsec
Displays the compartment rules currently active in the kernel.getrules
Activates new or modified rules in the kernel.
With the -p option, displays the modified rules for review without
passing them to the kernel.
setrules
Checks the consistency of compartment rules for files that have multiple
hard links, to ensure that conflicting rules for access do not exist.
vhardlinks
6.3.3 Compartment Manpages
Table 6-3 contains the manpages associated with compartments.
Table 6-3 Compartment Manpages
DescriptionManpage
Describes the HP-UX compartment files and rule syntax.compartments(4)
Provides an overview of compartment functionality and describes the use
of compartment rules.
compartments(5)
A kernel tunable that defines the default rule for inter-compartment
local-to-local communications.
This kernel tunable is available only if the HP-UX ContainmentPlus (version
B.11.31.01 and later) product is installed on the system.
cmpt_allow_local(5)
Defines the restrictions for the inter-compartment communications through
Streams Local Transport Drivers.
These restrictions are available only if the HP-UX ContainmentPlus (version
B.11.31.02 and later) product is installed on the system.
cmpt_restrict_tl(5)
Describes cmpt_tune functionality and syntax.cmpt_tune(1M)
Describes setfilexsec functionality and syntax.setfilexsec(1M)
Describes getfilexsec functionality and syntax.getfilexsec(1M)
Describes getprocxsec functionality and syntax.getprocxsec(1M)
6.3 Compartment Components 113