Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

setrules(1m) [hpux man page]

setrules(1M)															      setrules(1M)

NAME
setrules - set compartment rules SYNOPSIS
DESCRIPTION
takes the current rules files on the system and puts them into effect. Prior to using this command, changes in the rules files have no effect on the system. This command can only be used when compartmentalization is enabled (see cmpt_tune(1M)). Options recognizes the following option: Preview the rules. This option parses the rules files, checking for syntax and semantic errors, but makes no changes to the system. Security Restrictions The user invoking this command must have one of the following authorizations: A user with authorization can invoke this command from any compartment, while a user with authorization can invoke this command from only those compartments that have read and write access to the directory heirarchy. See authadm(1M)). Notes If a compartment is tagged for automatic discovery of rules using the keyword subsequent runs of command does NOT clear the rules that are already discovered. This means the rules applied are inconsistent with the rules currently in the directory. To make them consistent, first run "", and then run where, compartment_name is the name of the compartment which is under for discovery mode and file.rules is the rules file containing the rules for this compartment. RETURN VALUE
returns the following values: Successful completion. The rules are displayed. An error occurred. An error can be caused by the following: o An invalid option. o The user does not having permissions to perform the operation. o A syntax or semantic error in a rule file. o Other system errors (for example, insufficient system resources). EXAMPLES
Example 1: Execute to push the configured rules: Example 2: Execute to push syntactically incorrectly configured rules: Sample Output: Error: "/etc/cmpt/11.cmpt.1.rules", line 10 # Unexpected token 'web' or rule terminated prematurely setrules: Exiting due to parse errors Example 3: Execute setrules to find any syntactically or semantically incorrectly configured rules: Sample Output: Error: "/etc/cmpt/iface.rules", line 10 # Undefined compartment "ooutside". Error: "/etc/cmpt/iface.rules", line 14 # Undefined compartment "cgi". SEE ALSO
authadm(1M), cmpt_tune(1M), getrules(1M), compartments(4), compartments(5). setrules(1M)

Check Out this Related Man Page

cmpt_change(3)						     Library Functions Manual						    cmpt_change(3)

NAME
cmpt_change(), cmpt_get() - set and get process' compartment SYNOPSIS
Parameters cid Compartment ID. pid Process ID of the target process or for the calling process. DESCRIPTION
The and functions query and manipulate the compartment of a process. The function returns the given process' compartment ID. If is passed as the pid parameter, the compartment ID of the calling process is returned. The function changes the calling process' compartment ID to be the value of cid. Security Restrictions In order for the function to be effective, the calling process must possess the privilege. See privileges(5) for more information about privileges. RETURN VALUE
returns the following values: Successful completion. The function returns a valid compartment ID. Function failed. is set to indicate the error. returns the following values: Successful completion. Function failed. is set to indicate the error. ERRORS
If any of the following conditions occur, the functions fail and set Invalid compartment ID specified. The function failed to allocate sufficient memory for its operation. The process does not have the privilege. pid is not valid. EXAMPLES
#include <errno.h> #include <sys/cmpt.h> main() { cmpt_t c = cmpt_getbyname("init"); if (cmpt_change(c) == -1 ) { perror("could not enter init compartment"); exit(1); } printf("The process is now running in compartment %d ", cmpt_get(0)); } DEPENDENCIES
These functions are a part of the library. SEE ALSO
cmpt_getbynum(3), cmpt_getbyname(3), compartments(4), compartments(5), privileges(5). cmpt_change(3)
Man Page

Featured Tech Videos