Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
121122123124125126127128129130
6.5 Configuring Compartments
This section discusses the following topics:
Activating compartments (Section 6.5.1)
Defining a compartment configuration (Section 6.5.2)
Running an application in a compartment (Section 6.5.3)
Login directly in a compartment (Section 6.5.4)
6.5.1 Activating Compartments
To activate compartment rules on the system, follow these steps:
1. Plan the compartment rules. See Section 6.2 for more information.
TIP: HP recommends you plan the compartment rules configuration carefully. After
you have edited the configuration and implemented it on a production system, it
becomes difficult to change. When you change a compartment configuration, you
must make changes to user procedures, scripts, and tools.
2. Create compartment rules. See Section 6.4 for instructions on completing this step
and for a complete description of compartment rules syntax.
3. (Optional) Preview the compartment rules by entering the following command:
# setrules -p
The -p option parses the configured rules list and reports any discrepancies in syntax
and semantics. HP recommends that you follow this step before enabling compartment
rules on the system.
4. (Optional) Make backup copies of the compartment configuration files. Either put
these files outside the /etc/cmpt directory or omit the .rules suffix. Doing this
lets you easily revert to the starting point if an editing problem occurs.
5. Enable the compartments feature by entering the following command:
# cmpt_tune -e
6. Reboot the system. This step is mandatory.
TIP: Keep the backup files; this makes it easier to revert to a prior configuration.
6.5.2 Defining a Compartment Configuration
You can create new compartments and modify existing compartments without rebooting
the system. If you enable or disable the compartment feature, or completely remove a
compartment, you must reboot the system. However, if you remove all rules associated
with a compartment and all references to that compartment, you can leave the
compartment on the system until the next reboot.
124 Compartments