Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
31323334353637383940
36
6 Using the base Template
The base template manages SRP compartment data that is not application-specific. This chapter
describes how to use the base template to create a base SRP compartment. You can also use the
base template to add additional base services to a compartment or to delete or modify the base
services for a compartment.
This chapter addresses the following topics:
6.1 Creating a Base SRP Compartment
6.2 Replacing or Deleting Base SRP Data
6.1 Creating a Base SRP Compartment
You can use the base template to create a base compartment consists of a Security Containment
compartment and other configuration data. After you create a base SRP compartment, you can use an
application template to add application-specific configuration data to the SRP compartment, such as
compartment file access rules for application-specific directories and IPFilter rules for application-
specific port numbers.
To create a base SRP compartment, enter the following srp -add command. Specifying the base
template (-t base) is optional; the base template is the default template for the add operation.
The srp add command has the following syntax:
srp -a[dd] compartment_name [-t base] [-s service[,service]...]
Where:
compartment_name
Specifies the name of the SRP compartment to create.
service
Specifies the name of the service to configure. If you do not specify the -s
option, srp prompts you for a list of services to configure with a list of
default services. The factory-configured default services are as follows
(listed in the order that srp prompts for input):
cmpt - see The cmpt Service
admin - see The admin Service
prm - see The prm Service
network - see The network Service
init - The init Service
You can modify the set of default services using the srp_setup utility as
described in 2 Setting Up an SRP.
The following services are also valid with the base template:
login - see The login Service
ipfilter - see The ipfilter Service
ipsec - see The ipsec Service
The input data for these services and the data configured are described in
the sections that follow. If SRP uses input data for multiple services, the
utility prompts you for the data once and reuses the value.