If something is not working on the system and you suspect the problem
is occurring because of the compartment structure, you can check the
compartment rules as follows.
Problem 1: Access is not being controlled according to the
compartment rules I configured. Solution: the rules may not be set in the kernel.
To check whether the rules are set in the kernel, follow these steps:
Use the
following command to list the valid compartment rules in the kernel.
Use the
following command to list all rules configured on the system, including
rules that have not been loaded into the kernel.
Compare
the output of the two commands. If they are the same, all rules are
loaded into the kernel. If the output differs, you need to load rules
into the kernel.
Use the
following command to load rules into the kernel. :
Problem 3: Access to a file is not functioning properly. Solution: If multiple hard links point to this
file, the compartment rules configuration may contain inconsistent
rules for accessing the file. To check for inconsistencies, follow
these steps:
Execute
the following command:
If the output shows an inconsistency, go on to
step 2.
Modify
the rules to remove the inconsistency. Follow the procedure described
in Section .
Problem 4: Network server rules do not appear in getrules output. Solution: Because of the way rules are managed
internally, network server rules for a given compartment can be listed
in the target compartment output of the getrules command.
For example:
/* telnet compartment rule to allow incoming telnet requests through compartment labeled ifacelan0 */
grant server tcp port 23 ifacelan0 |
If this rule is specified, it appears listed under
the ifacelan0 compartment output of getrules.
ACCESS PROTOCOL SRCPORT DESPORT DESCMPT
Grant client tcp 0 23 telnet |
Printable version
