Manualshelf

HP-UX Containers (SRP) A.03.01.004 Release Notes (5992-5696, September 2012)

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP) Software
891011121314151617
13
UX Containers. Refer to cmpt_restrict_tl(5) and compartments(5) for more
information.
1.11 Restrictions on system containers
System containers provide the image of an individual system with its own root file system, system
services, hostname, private user/group management that enable similar or different workloads to
execute independently on the same physical system. Although each system container appears to be a
separate system to the local user, all system containers are executing within a single instance of the
operating system and share hardware resources for efficient use. To protect one system container from
affecting other containers or the system as a whole, certain restrictions are in place. These restrictions
may lead to behavioral differences in a system container when compared to an individual physical
system.
1.11.1 Disallowed operations in system containers
All users in a system container (including root) are prevented from performing the following list of
administrative tasks. These administrative tasks must be performed in the global view:
Kernel configuration management
Kernel tunable management
System boot configuration
Reading kernel memory
Make kernel
System crash configuration
Kernel Registry Services
DLKM management
Creating device files
Changing system time
Shutdown/reboot the physical system
Swap space management
Logical volume management
Physical devices management
Network interface card configuration
IP Address configuration
Network tunable configuration
Compartment rule configuration
Bypassing compartment rules using overriding privileges
Enable/disable auditing
Enable/disable accounting
IPFilter configuration
IPSec configuration
SRP configuration
SD software installation (swinstall/swremove/swconfig)
1.11.2 Disallowed privileges in system containers
A set of privileges is disallowed in each system container to prevent users from performing
administrative tasks that might have an impact on system wide resources or operations. Commands
and system calls performing the administrative tasks that are disallowed in a system container will