Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
111112113114115116117118119120
Table 6-3 Compartment Manpages (continued)
DescriptionManpage
Describes getrules functionality and syntax.getrules(1M)
Describes setrules functionality and syntax.setrules(1M)
Describes vhardlinks functionality and syntax.vhardlinks(1M)
Describes the compartment login feature.compartment_login(5)
Extended authentication, account, password, and session service module
for HP-UX.
pam_hpsec(5)
6.4 Compartment Rules and Syntax
A compartment consists of a name and a set of rules. This section describes the four types
of compartment rules:
File system rules
IPC rules
Network rules
Miscellaneous rules
Add rules to a rules file you create in the /etc/cmpt directory. You can edit this file
using vi or a similar text editor. The rules file must have a .rules extension.
See compartments(5) for additional information.
6.4.1 Compartment Definition
Define compartments by configuring a name for each compartment, and associating one
or more compartment rules with the compartment name. You can specify rules in any
order.
The syntax for a compartment definition is as follows:
[sealed] [discover] compartment new_compartment_name { rules }
If the HP-UX ContainmentPlus product (version B.11.31.02 or later) is installed on the
system, compartment definitions use the following format:
[sealed] [discover] [system] [blocked] compartment new_compartment_name { rules }
where:
sealed (Optional) A process in this compartment cannot gain
privileges or change compartments by calling execve.
discover (Optional) Discover and automatically add rules so that
compartment violations are overridden. This is a
development feature to determine the rules necessary,
and should not be used on a production system. See
Section 6.7 for more information on this keyword.
114 Compartments