getrules(1m) [hpux man page]
getrules(1M) getrules(1M) NAME
getrules - display compartment rules SYNOPSIS
[compartment_name]... interface_name[...] ipaddr/mask[...] [interface_name...] [IPaddress...] DESCRIPTION
displays rules defined for compartment(s) or network interface(s). This command can only be used when compartmentalization is enabled (see cmpt_tune(1M)). If no options are specified, all subsystem rules for the given compartment are displayed. If no compartment_name is specified, information on all compartments is displayed. Options recognizes the following options: Displays all the compartments configured on the system. Displays the file system rules for the compartment(s). Displays the IPC system rules for the compartment(s). Displays the compartment names associated with the interface(s) and the IP address/mask as set by a previous invocation of Either the interface_name or the ipaddr/mask must be specified. More than one interface_name and/or IPaddress can be specified. Displays the compartment names associated with the logical interface(s) and the IP addresses as applied by the kernel. When interface rules conflict with each other, this option can be used to find how the conflicts are resolved. If no arguments are specified, information about all currently active interfaces is displayed. Displays the network system rules for the compartment(s). Displays all the interface rules being applied by the kernel on the specified compartment(s). If no compartment name is specified all the interface rules being applied by the kernel on all the existing compartments will be displayed. Displays the disallowed privileges list in short form for compartment(s). The short form includes compound privileges in the privilege list. Displays the disallowed privileges list in literal form for compartment(s). The literal form expands compound privileges in the privilege list. Displays all the compartment rules of the specified compartment(s) in the machine parsable format. Using the "" or "" command is useful when used in combination with discover mode. See compart- ments(5). Operands recognizes the following operands: compartment_name Name of the compartment for which information is displayed. interface_name Name of the network interface for which information is displayed. IPaddress An IPv4 or IPv6 address ipaddr/mask An IPv4 address or an IPv6 address and the corresponding mask. Notes The command is provided for diagnostic purposes, and as such the output of the command may change. Some rules can be expressed in multiple forms. For instance, specifying that it can send a signal to is the same as specifying that it can receive signals from As this command displays the rules only once, it can be misleading when interpreting the output. Security Restrictions The user invoking this command must have one of the following authorizations: See authadm(1M)). RETURN VALUE
returns the following values: Successful completion. The rules are displayed. An error occurred. An error can be caused by an invalid option or because the user does not have permissions to perform the operation. EXAMPLES
Example: Display all file system rules for the compartment named web: Sample output: Compartment Name: web : sealed Disallowed Privileges: POLICY File System Rules: ------------------ PERMISSION PATHNAME read, write, create, unlink / SEE ALSO
cmpt_tune(1M), setrules(1M), compartments(4), compartments(5), privileges(5). getrules(1M)
Check Out this Related Man Page
cmpt_getbynum(3) Library Functions Manual cmpt_getbynum(3) NAME
cmpt_getbynum(), cmpt_endent(), cmpt_getbyname(), cmpt_getent(), cmpt_setent() - map compartment name to number or number to name SYNOPSIS
Parameters cmpt_name Pointer to a string containing a compartment name. cmpt_num Compartment number. state Pointer to internal state. Structure Members The structure is defined in It contains at least the following fields: DESCRIPTION
Compartments are referenced by strings in configuration files under but are maintained as numbers internally. The functions and query and iterate over this database. Returns the compartment number corresponding to the string specified by cmpt_name. Returns the compartment name corresponding to cmpt_num. If the return value is not NULL, it is the responsibility of the caller to free the returned value using See free(3C). Opens the database connection to allow an iterative search. Returns a pointer to the next compartment name/number pair from the database. The user must not call to release the memory pointed to by the return value. Closes the database connection. Notes Every call to must be matched with a corresponding call to RETURN VALUE
returns the following values: Successful completion. The function returns a valid compartment number. Function failed. is set to indicate the error. returns the following values: pointer Successful completions. Returns a non-null pointer to a string containing the compartment name. NULL pointer Function failed. Returns a null pointer and sets to indicate the error . The caller is responsible for freeing the result. returns the following values: Successful completion. Function failed. is set to indicate the error. returns the following values: pointer Succesaful completions. Returns a non-null pointer to a structure. NULL pointer Function failed or entries are exhausted. In case of an error, is set to indicate the error. sets to and returns a null pointer when all entries have been exhausted. ERRORS
If any of the following conditions occur, the functions fail and set Compartment name or number does not exist. Compartmentalization is not enabled on this system. The function failed to allocate sufficient memory for its operation. EXAMPLES
Example 1 Get the compartment number associated with a name. #include <sys/cmpt.h> void main(int argc, char **argv) { cmpt_t cmptid; cmptid = cmpt_getbyname("INIT"); if (cmptid != -1) { printf(" Compartment id : %d ", cmptid); } else { printf(" Error getting compartment number "); } } Example 2 Get the compartment name associated with a number. #include <sys/cmpt.h> void main(int argc, char **argv) { char *name; name = cmpt_getbynum((cmpt_t)2); if (name) { printf(" Compartment name : %s ", name); free(name); } else { printf(" Error getting compartment name "); } } Example 3 Iterate through compartment mapping entries. #include <errno.h> #include <sys/cmpt.h> void main(int argc, char **argv) { struct cmpt_pair *pair; struct cmpt_state *state if (cmpt_setent(&state) != 0) { perror("cmpt_setent failed"); exit(1); } /* get entries until a NULL returned */ while ( pair = cmpt_getent(&state) ) { printf(" Compartment Nnumber : %d Name : %s ", pair->cmpt_num, pair->cmpt_name); } if (errno == 0) { printf(" All Entries printed "); } else { printf(" Error getting compartment entry "); } cmpt_endent(); } DEPENDENCIES
These functions are a part of the library, which can be linked with your executable with the option. SEE ALSO
compartments(4), compartments(5). cmpt_getbynum(3)