Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX Reference > S

setrules(1M)

HP-UX 11i Version 3: February 2007
» 

Technical documentation

» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

NAME

setrules — set compartment rules

SYNOPSIS

setrules [-p]

DESCRIPTION

setrules takes the current rules files on the system and puts them into effect. Prior to using this command, changes in the rules files have no effect on the system. This command can only be used when compartmentalization is enabled (see cmpt_tune(1M)).

Options

setrules recognizes the following option:

-p

Preview the rules. This option parses the rules files, checking for syntax and semantic errors, but setrules makes no changes to the system.

Security Restrictions

The user invoking this command must have one of the following authorizations:

hpux.security.xsec.secrules.unrestricted hpux.security.xsec.secrules.restricted

A user with hpux.security.xsec.secrules.unrestricted authorization can invoke this command from any compartment, while a user with hpux.security.xsec.secrules.restricted authorization can invoke this command from only those compartments that have read and write access to the /etc/cmpt directory heirarchy.

See authadm(1M)).

Notes

If a compartment is tagged for automatic discovery of rules using the keyword discover, subsequent runs of setrules command does NOT clear the rules that are already discovered. This means the rules applied are inconsistent with the rules currently in the /etc/cmpt directory. To make them consistent, first run "getrules -m compartment_name>file.rules ", and then run setrules; where, compartment_name is the name of the compartment which is under for discovery mode and file.rules is the rules file containing the rules for this compartment.

RETURN VALUE

setrules returns the following values:

0

Successful completion. The rules are displayed.

>0

An error occurred. An error can be caused by the following:

  • An invalid option.

  • The user does not having permissions to perform the operation.

  • A syntax or semantic error in a rule file.

  • Other system errors (for example, insufficient system resources).

EXAMPLES

Example 1: Execute setrules to push the configured rules:

# setrules

Example 2: Execute setrules to push syntactically incorrectly configured rules:

# setrules

Sample Output:

Error: "/etc/cmpt/11.cmpt.1.rules", line 10 # Unexpected token 'web' \ or rule terminated prematurely setrules: Exiting due to parse errors

Example 3: Execute setrules to find any syntactically or semantically incorrectly configured rules:

# setrules -p

Sample Output:

Error: "/etc/cmpt/iface.rules", line 10 # Undefined compartment "ooutside". Error: "/etc/cmpt/iface.rules", line 14 # Undefined compartment "cgi".

SEE ALSO

authadm(1M), cmpt_tune(1M), getrules(1M), compartments(4), compartments(5).



setprivgrp
  		 


setuname  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1983-2007 Hewlett-Packard Development Company, L.P.