HP-UX Secure Resource Partitions (SRP) A.02.01 Administrator's Guide
95
Appendix A Configuration Example
This appendix includes a sample SRP compartment configuration.
A.1 Sample Base Configuration
This example shows the system configuration created for a sample compartment.
# /opt/hpsrp/bin/srp -list mySRP -verbose
Compartment: mySRP Template: base Service: cmpt
----------------------------------------------------------------------
Compartment Configuration (/etc/cmpt/mySRP.rules):
@tag-start compartment="mySRP" template="base" service="cmpt" id="1" ;
#include "/opt/hpsrp/etc/cmpt/base.srp_incl"
// lock out access to the other compartment's root directory
perm nsearch /var/hpsrp
// open access to compartment root
perm all /var/hpsrp/mySRP
// to DNS
grant bidir udp peer port 53 init
Compartment: mySRP Template: base Service: admin
----------------------------------------------------------------------
RBAC Admin Service Configuration:
Role(s):
SRPadmin-mySRP
Authorization(s):
SRPadmin-mySRP: (hpux.SRPadmin.mySRP, mySRP)
Command privilege(s):
/opt/hpsrp/bin/util/srp_rc:dflt:(hpux.SRPadmin.mySRP,*):0/0//:mySRP:dflt:
dflt:
Compartment: mySRP Template: base Service: login
----------------------------------------------------------------------
RBAC Login Service Configuration:
Role(s):
&adm:SRPlogin-mySRP
Authorization(s):
SRPlogin-mySRP: (hpux.security.compartment.login, mySRP)
Compartment: mySRP Template: base Service: init
----------------------------------------------------------------------