HP-UX Secure Resource Partitions (SRP) A.02.01 Administrator's Guide
59
9.1.1 The cmpt Service
The cmpt service for the custom template applies additional compartment rules to your
compartment. You can specify a rules file to include and/or specify file system paths to configure for
different access types.
9.1.1.1 Input Data
SRP prompts for the following data. You can also specify a variable name and value in the command
line, as described in
13.1 Creating an SRP Compartment or Adding Data to a Compartment.
Compartment rule
files
Specifies compartment rule files to include in the compartment rules file for
this SRP compartment.
To specify multiple files, use commas to separate file names.
Variable Name: cmpt_rule_file.
Default: None.
Read access
paths
Specifies directories to configure with read access (nsearch and read) in
the compartment rules file for this SRP compartment.
To specify multiple directories, use commas to separate directory names.
Variable Name: read_access.
Default: None.
All access paths
Specifies directories to configure with all access in the compartment rules
file for this SRP compartment.
To specify multiple directories, use commas to separate directory names.
Variable Name: all_access.
Default: None.
no access paths
Specifies directories to configure with none access in the compartment rules
file for this SRP compartment.
To specify multiple directories, use commas to separate directory names.
Variable Name: no_access.
Default: None.
9.1.1.2 Configuration Data
SRP adds entries to the rules file for the SRP compartment to authorize access according to the
descriptions in the previous sections. SRP also adds an include statement to add the rules from the
files specified by cmpt_rule_file.
9.1.2 The ipfilter Service
The ipfilter service for the custom template enables you to allow inbound packets to specific TCP
or UDP port numbers.
9.1.2.1 Input Data
SRP prompts for the following data. You can also specify a variable name and value in the command
line, as described in 13.1 Creating an SRP Compartment or Adding Data to a Compartment.
IPFilter TCP port
numbers
Specifies the local TCP port numbers for IPFilter rules that allow inbound
packets.
Variable Name:
ipf_tcp_ports
.