Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.01 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP) Software
123456789
5
Defect number: QXCR1000994805
A Non-root SRP compartment administrator can now start and stop an SRP.
SRP compartment non root administrator can start and stop the SRP. In SRP A02.00.01 or
earlier, only the root user was allowed to start and stop the SRP.
Defect number: QXCR1000994867
User login to an SRP now succeeds when Trusted Computing is enabled.
Login with a valid user name and password will now succeed when Trusted Computing is
enabled. This problem has been corrected and the following error should no longer appear
in the syslog.d file:
sshd[2890]: error: PAM: pam_open_session(): General Commercial
Security error
Defect number: QXCR1000994868
SRP now supports the dash (-) character in the SRP compartment name.
SRP will now create an SRP if the SRP name supplied to the srp -add <srp name>
command contains a dash.
Defect number: QXCR1000994873
SRP now correctly updates the IPFilter configuration when an IPv4 address is
replaced with IPv6 or vice versa.
In SRP A.02.00.01 and earlier versions, SRP would not delete the IPv4 address from
/etc/opt/ipf/ipf.conf when it was replaced with an IPv6 network address in
/etc/opt/ipf/ipf6.conf (or vice-versa).
Defect number: QXCR1000994872
Custom template now correctly configures IP Filter UDP ports.
In SRP A.02.00.01 and earlier versions, the custom template was incorrectly causing SRP to
configure IPFilter rules for UDP ports as TCP ports.
Defect number: QXCR1000994874
1.7 Known Problems in HP-UX SRP A.02.01
HP-UX SRP A.02.01 contains the following known problems:
The getcwd function, which gets the pathname of the current working
directory, fails from within an SRP compartment’s home directory. For
example, Java fails with the error “Could not determine current working
directory”.
The getcwd function is unable to determine the current working directory when the current
working directory path contains /var/hpsrp.
Workaround:
Install the Security Containment patches and configure the SRP to use the nread compartment
rule in place of the nsearch rule for the /var/hpsrp directory, as follows:
1. Install patches PHCO_40507 and PHKL_40506
2. Edit the SRP compartment rules file /etc/cmpt/<srpName>.rules and replace