compartments.4 (2011 09)
c
compartments(4) compartments(4)
(grant|access)(pty
|fifo|uxsock|ipc|tl) compartment_name
(
grant|access)[pty][
, fifo][, uxsock][, ipc][,tl] compartment_name
where the values are defined as follows:
grant Allows processes in the compartment_name compartment to access the specified IPC
mechanism in this compartment. This keyword specifies an object-centric rule.
access Allows processes in this compartment to access the specified IPC mechanism in
compartment_name compartment. This keyword specifies a subject-centric rule.
pty Applies to terminals (ptys and ttys) that are used to communicate between processes.
Note that these rules are applied in addition to any file system rules that control the
path name representing the terminal. Normally terminals do not have any compart-
ment until a process opens them. When a terminal without a compartment ID is
opened, its compartment ID is set to that of the process that opened it. When all open
file handles to the terminal are closed, the terminal’s compartment ID is unset.
fifo Applies to named pipes (FIFOs) that are used to communicate between processes.
These rules are applied in addition to any file system rules that control the path name
representing the named pipe. Initially a FIFO has no compartment. When a process
opens the FIFO for the first time, its compartment is set to that of the process. When
all processes close the FIFO, its compartment is unset.
uxsock Applies to UNIX domain sockets that are used to communicate between processes.
These rules are applied in addition to any file system rules that control the path name
representing the socket. As with FIFOs, initially a UNIX socket has no compartment.
When a process opens the UNIX domain socket for the first time, its compartment is
set to that of the process. When all processes close the UNIX domain socket, its com-
partment is unset.
ipc Applies to the following IPC mechanisms: System V shared memory (for example,
created using shmget()), System V and POSIX semaphores (for example, created
using semget() or sem_open()), and System V and POSIX message queues (for
example, created using msgget() or mq_get()). When an IPC object is created, its
compartment is set to that of the process that created it. POSIX shared memory is
implemented as standard files; hence, POSIX shared memory obeys file system rules,
but not ipc rules.
tl Applies to Streams Local Transport Drivers that are used to communicate between
processes. Streams Local Transport Drivers are also known as loopback drivers,
specifically, /dev/tlcots, /dev/tlcotsod
, and /dev/tlclts. The TLI/XTI
applications use these drivers to communicate between client and server processes.
The
tl keyword is valid only if the HP-UX ContainmentPlus product (version
B.11.31.02 or later) is installed on the system. The tl keyword only has effect when
the cmpt_restrict_tl tunable is set to 1. See t_open (3), t_connect (3), and
cmpt_restrict_tl(5).
compartment_name
Name of the other compartment with which a process in this compartment can com-
municate.
The second form of IPC rules governs process visibility and uses the following format:
(send|receive) signal compartment_name
where the values are defined as follows:
send Allows a process in this compartment to view or access processes in
compartment_name. This keyword specifies a subject-centric rule.
receive Allows a process in compartment_name to view or access processes in this compart-
ment. This keyword specified an object-centric rule.
signal Identifies this as a signal IPC rule. Even though the rule uses the keyword signal,
in reality, the signal IPC rule controls all aspects of process visibility. For example,
the output of the ps command reflects the process visibility restrictions set using this
rule.
4 Hewlett-Packard Company − 4 − HP-UX 11i Version 3: September 2011