NAME
setrules — set compartment rules
DESCRIPTION
setrules
takes the current rules files on the system and puts them into effect.
Prior to using this command, changes in the rules files have no effect
on the system.
This command can only be used when compartmentalization
is enabled (see
cmpt_tune(1M)).
Options
setrules
recognizes the following option:
- -p
Preview the rules.
This option parses the rules files, checking for syntax
and semantic errors, but
setrules
makes no changes to the system.
Security Restrictions
The user invoking this command must have one of the following
authorizations:
hpux.security.xsec.secrules.unrestricted
hpux.security.xsec.secrules.restricted
See
authadm(1M)).
RETURN VALUE
setrules
returns the following values:
- 0
Successful completion.
The rules are displayed.
- >0
An error occurred.
An error can be caused by the following:
The user does not having permissions to perform the operation.
A syntax or semantic error in a rule file.
Other system errors (for example, insufficient system resources).
EXAMPLES
Example 1
Execute
setrules
to push the configured rules:
Example 2
Execute
setrules
to push syntactically incorrectly configured rules:
Sample Output:
Error: "/etc/cmpt/11.cmpt.1.rules", line 10 # Unexpected token 'web' \
or rule terminated prematurely setrules: Exiting due to parse errors
Example 3
Execute setrules to find any syntactically or semantically incorrectly
configured rules:
Sample Output:
Error: "/etc/cmpt/iface.rules", line 10 # Undefined compartment "ooutside".
Error: "/etc/cmpt/iface.rules", line 14 # Undefined compartment "cgi".