Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
71727374757677787980
80
The specific tag format for each subsystem in described in the sections that follow.
14.3.1.4 Security Containment Compartment Tag Format
Data is stored in the /etc/cmpt/compartment_name.rules file by default. When SRP adds
data, it indicates the start of the data with the following tag:
//@tag-start 'compartment="compartment_name" template="template_name"
service="cmpt" id="instance";
SRP indicates the end of the data with the following tag:
//@tag-end;
14.3.1.5 RBAC and Compartment Login Tag Format
Data is stored in files under the /etc/rbac directory. HP recommends that you use RBAC commands
(roleadm, authadm, cmdprivadm) to modify RBAC data.
SRP identifies RBAC data for the admin service by using the following values:
Role name: SRPadmin-compartment_name for the compartment
Authorization: hpux.SRPadmin.compartment_name for the compartment
Command privilege: hpux.SRPadmin.compartment_name for the compartment
SRP identifies RBAC data for the login service by using the following values:
Role name: SRPlogin-compartment_name for the compartment
Authorization: hpux.security.compartment.login for the compartment
14.3.1.6 Network Configuration Tag Format
For IPv4 interfaces, SRP adds the following entry to the /etc/rc.config.d/netconf file:
IPV4_CMGR_TAG[index]='compartment="compartment_name" template="base"
service="network" id="instance"'
Where index is the first available index number for interface parameters in the netconf file. SRP
uses the index number to identify the following interface parameters:
INTERFACE_NAME
IP_ADDRESS
SUBNET_MASK
INTERFACE_STATE
BROADCAST_ADDRESS
DHCP_ENABLE
INTERFACE_MODULES
SRP uses the address configured for the IP_ADDRESS entry to identify the ROUTE_SOURCE entry for
the compartment, and uses that index number to identify the corresponding route entries.
IPv6 Interfaces
The data is similar for IPv6 interfaces, with the following differences:
The data is stored in the /etc/rc.config.d/netconf-ipv6 file.
The names of the interface parameters are correct for IPv6 interfaces, such as
IPV6_INTERFACE, IPV6_ADDRESS, IPV6_INTERFACE_STATE.