Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX System Administrator's Guide: Security Management: HP-UX 11i Version 3 > Chapter 7 Compartments

Troubleshooting Compartments


Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

If something is not working on the system and you suspect the problem is occurring because of the compartment structure, you can check the compartment rules as follows.

Problem 1: Access is not being controlled according to the compartment rules I configured. Solution: the rules may not be set in the kernel. To check whether the rules are set in the kernel, follow these steps:

  1. Use the following command to list the valid compartment rules in the kernel.

    # getrules
  2. Use the following command to list all rules configured on the system, including rules that have not been loaded into the kernel.

    # setrules -p
  3. Compare the output of the two commands. If they are the same, all rules are loaded into the kernel. If the output differs, you need to load rules into the kernel.

  4. Use the following command to load rules into the kernel. :

    # setrules

Problem 3: Access to a file is not functioning properly. Solution: If multiple hard links point to this file, the compartment rules configuration may contain inconsistent rules for accessing the file. To check for inconsistencies, follow these steps:

  1. Execute the following command:

    # vhardlinks

    If the output shows an inconsistency, go on to step 2.

  2. Modify the rules to remove the inconsistency. Follow the procedure described in Section .

Problem 4: Network server rules do not appear in getrules output. Solution: Because of the way rules are managed internally, network server rules for a given compartment can be listed in the target compartment output of the getrules command.

For example:

/* telnet compartment rule to allow incoming telnet requests through compartment labeled ifacelan0 */ grant server tcp port 23 ifacelan0

If this rule is specified, it appears listed under the ifacelan0 compartment output of getrules.

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2008 Hewlett-Packard Development Company, L.P.