HPlogo HP-UX Reference > G

getrules(1M)

HP-UX 11i Version 2: December 2007 Update
» 

Technical documentation

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

NAME

getrules — display compartment rules

SYNOPSIS

getrules [-f] [-i] [-n] [-p|-P] [compartment_name]...

getrules -l network_interface_name[...]

DESCRIPTION

getrules displays rules defined for compartment(s) or network interface(s). This command can only be used when compartmentalization is enabled (see cmpt_tune(1M)).

If no options are specified, all subsystem rules for the given compartment are displayed. If no compartment_name is specified, information on all compartments is displayed.

Options

getrules recognizes the following options:

-f

Displays the file system rules for the compartment(s).

-i

Displays the IPC system rules for the compartment(s).

-l

Displays the compartment names associated with the network interface(s).

-n

Displays the network system rules for the compartment(s).

-p

Displays the disallowed privileges list in short form for compartment(s). The short form includes compound privileges in the privilege list.

-P

Displays the disallowed privileges list in literal form for compartment(s). The literal form expands compound privileges in the privilege list.

If the -l option is used, you must specify a network_interface_name.

Operands

getrules recognizes the following operands:

compartment_name

Name of the compartment for which information is displayed.

network_interface_name

Name of the network interface for which information is displayed.

For compartment_name or network_interface_name, you can specify multiple instances separated by spaces.

Notes

The getrules command is provided for diagnostic purposes, and as such the output of the command may change.

Some rules can be expressed in multiple forms. For instance, compartment A specifying that it can send a signal to compartment B is the same as compartment B specifying that it can receive signals from compartment A. As this command displays the rules only once, it can be misleading to interpret the output.

RETURN VALUE

getrules returns the following values:

0

Successful completion. The rules are displayed.

>0

An error occurred. An error can be caused by an invalid option or because the user does not have permissions to perform the operation.

EXAMPLES

Example: Display all file system rules for the compartment named web:

# getrules -f web

Sample output:

Compartment Name: web : sealed Disallowed Privileges: POLICY File System Rules: ------------------ PERMISSION PATHNAME read, write, create, unlink /

SEE ALSO

cmpt_tune(1M), setrules(1M), compartments(4), compartments(5), privileges(5).



getprpw
  		 


getty