prm2scomp(1)prm2scomp(1)NAMEprm2scomp - generate a minimal configuration for Security Containment
based on a PRM configuration
SYNOPSIS
prmpath scomppath
DESCRIPTION
The HP-UX Security Containment, available for HP-UX 11i v2 (B.11.23)
and later, provides secure compartments.
reads in an existing PRM configuration and generates a minimal Security
Containment configuration that includes one secure compartment for each
PRM group--except the OTHERS and PRM_SYS groups.
also alters the PRM configuration file, adding SCOMP records to map
each generated secure compartment to the PRM group from which it was
generated.
Placing secure compartments inside PRM groups produces Secure Resource
Partitions.
COMMAND AVAILABILITY
Only a superuser can run
OPTIONS
Use the PRM configuration file specified by
prmpath to generate the Security Containment configuration.
adds SCOMP records to this file to assign the generated compart‐
ments to the PRM groups from which they were generated.
prmpath cannot specify the currently running configuration.
Save the generated Security Containment configuration to the file given
by scomppath.
This file must not already exist and cannot be in a directory
that is owned by a user other than root or is writable by a user
other than owner.
Run interactively and assign network interfaces to the secure com‐
partments. (Network interfaces are defined in the file
/etc/rc.config.d/netconf.)
USAGE
generates secure compartments based on the PRM groups defined in the
PRM configuration.
If you specify interactive mode you will be prompted to assign the
network interfaces present on the system to the secure compartments. A
secure compartment must have an interface to access the network.
An interface not assigned to a secure compartment is not usable by the
system, even from the init secure compartment. If any interfaces are
left unassigned when completes, a warning message is printed.
The process of assigning interfaces has two parts:
1. Choosing a secure compartment needing an interface assigned
2. Choosing the interface to assign
(You can unassign previously assigned interfaces in this process as
well.)
will automatically prompt you to assign an interface for each secure
compartment.
Once you have assigned all interfaces, writes the PRM configuration
file and the Security Containment file. You are encouraged to manually
edit and fine-tune your configuration files, possibly taking advantage
of other features of PRM and Security Containment.
You will need to load/activate the configuration files. For information
on loading the Security Containment configuration, see the setrules(1M)
man page. For information on loading the PRM configuration, see the
prmconfig(1) manpage.
The prompts from the interactive mode are given below with explanations
of the options.
Prompt:
Compartment to modify assignments for [ -DONE- ] :
Compartment to modify assignments for [ <name> ] :
While modifying interface assignments, the available options are:
-DONE- Select your ENTER key to exit modification and stop assigning
network interfaces to secure compartments
<name> Select your ENTER key to assign a network interface to the next
compartment for which there is no network interface assigned
Prompt:
Add interface: [ -DONE- ], NAME, ? for list, - to delete:
While assigning interfaces to a secure compartment, the available
options are:
-DONE- Select your ENTER key to stop assigning interfaces for the cur‐
rent compartment
NAME Specify the name of an interface to assign to the current com‐
partment
? List the defined compartments and their assigned interfaces.
Also list unassigned interfaces
- Switch to deleting interfaces from the current compartment
Prompt:
Delete interface: [ -ALL- ], NAME, ? for list, + to add:
While unassigning interfaces, the available options are:
-ALL- Select your ENTER key to remove all interfaces for all the
secure compartments and return to adding interfaces
NAME Specify the name of an interface to remove from the current
compartment
? List defined compartments and interfaces
+ Return to adding interfaces (assigning interfaces) to the cur‐
rent secure compartment
RETURN VALUE
Zero is returned if the command is completed successfully.
Nonzero is returned if errors are detected.
SEE ALSOprm(1), srpgen(1), scomp2prm(1), prmconfig(1), setrules(1M)
HP Process Resource Manager User's Guide (/opt/prm/doc/PRM.ug.pdf)
HP Process Resource Manager homepage (http://www.hp.com/go/prm)
prm2scomp(1)