You can create new compartments and modify existing
compartments without rebooting the system. If you enable or disable
the compartment feature, or completely remove a compartment, you must
reboot the system. However, if you remove all rules associated with
a compartment and all references to that compartment, you can leave
the compartment on the system until the next reboot.
See Section for more information about the implications of changing the name
of a compartment.
You can add new compartment rules, delete unneeded
rules, and modify existing rules. You can also change the names of
existing compartments.
To following sections describe how to modify compartment
configuration.
Changing Compartment Rules |
 |
(Optional)
Make temporary backup copies of the configuration files you plan to
modify. Either put these files outside the /etc/cmpt directory or omit the .rules suffix. Doing
this lets you easily revert to the starting point if an editing problem
occurs.
Use the
following command to examine the current compartment rules:
Create
or modify compartment rules. See Section for instructions on completing this step and
for a complete description of compartment rules syntax.
(Optional)
Preview the compartment rules by entering the following command:
The -p option
parses the configured rules list and reports any discrepancies in
syntax and semantics. HP recommends that you follow this step before
enabling compartment rules on the system.
(Optional)
Make backup copies of the compartment configuration files.
Run the setrules command to load the configured rules:
Printable version
