Manualshelf

HP-UX Containers (SRP) A.03.01.004 Release Notes (5992-5696, September 2012)

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP) Software
891011121314151617
15
formatting.
REBOOT
Allows a process to perform system reboot. Example: reboot(1M)
RULESCONFIG
Allows a process to add and modify compartment rules. Example: setrules(1M)
SPUCTL
Allows a process to perform certain administrative operations in the Instant Capacity product.
SWAPCTL
Allows a process to manage and configure system swap space. Example: swapctl(2),
swapon(1m)
SYSNFS
Allows a process to export a file system.
TRIALMODE
Allows a process to log privileges required to execute in the syslog file.
1.11.3 Disallowed commands in system containers
The commands and system calls that fall into the category of disallowed operations covered in
Disallowed operations in system containers will fail in a system container. The disallowed operations
can be part of a command (certain options) or can be the command itself. Some examples of the
disallowed commands are: accton(1M); acctsh(1M); date(1)u, -a; getprivgrp(1M);
ied(1); mknod(1M); mpsched(1); privgrp(4); psrset(1M); ptydaemon; reboot(1M);
sar(1M), setboot(1M); setprivgrp(1M); setuname(1M)s; shl(1); timex(1)o, -p;
umodem(1); uupath(1); who(1)A, -t
1.11.4 Write restrictions on shared files in system containers
System containers support two filesystem types: private and shared. System containers configured with
the private filesystem subtype share the /stand directory with the global view. System containers
configured with the shared filesystem subtype share the /stand, /usr, and /sbin directories with
the global view. The /stand directory is primarily used for kernel configuration files, whereas /usr
and /sbin directories are primarily used for system commands and libraries. These shared
directories are read-only protected from access by processes running in system containers to prevent
modifications to shared files that reside in the global view.
1.11.5 Restricted HP products in system containers
There are some HP products that cannot be installed in system containers because they can lead to
incorrect or inconsistent behavior in a system container. These products are part of a list of HP
products that will not work in a system container. The HP-UX Containers A.03.00 product (or later)
consults this list during the SD software installation and disallows the installation of any products on
this list.
1.11.6 Features not supported in system containers
The following features are not supported in system containers:
POSIX IPC objects namespace is not supported.
HP-UX Boot authentication feature is not supported in system containers. Setting the
BOOT_AUTH or the BOOT_USERS parameter in the container’s local
/etc/default/security file has no effect.