Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
61626364656667686970
63
the system.
Variable Name: exec_path.
Default: /opt/var/hpsrp/compartment_name/opt/u01/home/oracle.
Oracle DB
data path
The root directory for Oracle data. The cmpt service adds rules to allow the
compartment all access to this directory. Users and processes in the SRP compartment
can read, write, traverse (nsearch), and delete (ulink) the contents of these
directories. In most cases, you would set up the Oracle configuration and schema
under this path, and set the value of the ORACLE_HOME environment variable to this
path.
Variable Name: data_path.
Default: /var/hpsrp/compartment_name/opt/u01/home/oracle.
10.1.1.2 Configuration Data
SRP adds entries to the SRP compartment rules file (/etc/cmpt/compartment_name.rules) that
authorize access to the exec_path and data_path directories. SRP also adds an include
statement to add the rules from the /opt/hpsrp/etc/cmpt/oracledb.srp_incl file. As
delivered by HP, this file is empty. You can edit this file to contain compartment rules to be applied
when configuring the cmpt service with the oracledb template.
10.1.2 The ipfilter Service
The ipfilter service for the oracledb template adds rules to allow inbound requests to the
specified ports used by the Oracle database server to pass. You can also specify additional inbound
destination TCP port numbers for IPFilter pass rules.
10.1.2.1 Input Data
SRP prompts for the following data. You can also specify a variable name and value in the command
line, as described in
13.1 Creating an SRP Compartment or Adding Data to a Compartment.
IPFilter Port
Numbers
Specifies the local TCP port numbers for IPFilter rules that allow inbound
packets.
Variable Name: ipf_ports.
Valid Input: One or more TCP port numbers each in the range 1- 65535,
separated by commas.
Default: 1521. This is the default port number for the Oracle Net Listener
process (commonly referred to as the listener).
10.1.2.2 Configuration Data
If the compartment address is an IPv4 address, SRP adds IPFilter rules to the
/etc/opt/ipf/ipf.conf file. If the compartment address is an IPv6 address, SRP adds IPFilter
rules to the /etc/opt/ipf/ipf6.conf file.
SRP configures rules that allow inbound packets from any remote IP address to the compartment IP
address with the specified destination TCP port numbers.
SRP inserts these rules at the top of the IPFilter rules file and uses the quick keyword.
The IPFilter configuration file already contains rules from the base template to allow all outbound
TCP, UDP, and ICMP packets from the compartment IP address, as described in
Configuration Data.