Because the ’.*b’ record is first (based on ASCII dictionary order), the application abb would be assigned to the PRM group GroupB.
Knowing the names of all the processes spawned and renamed by the applications can help in creating pattern matching that is only as general as it needs to be. Eliminate redundant name resolutions whenever possible, and make sure pattern matching does not cause unwarranted moves.
For information on how alternate name pattern matching affects precedence, see the next section, ““Precedence of PRM group assignments” (page 34).”
Precedence of PRM group assignments
The PRM application manager checks that applications are running in the correct PRM groups every interval seconds. The default interval is 30 seconds; however, you can change it as explained in the section “Setting the application manager’s polling interval” (page 92).
The precedence of PRM record
1.Compartment record
2.Application record
3.User record
4.Unix group record
The PRM application manager goes through the following steps to determine in which PRM group to place a process.
1.Manually moved processes
Leave manually moved processes (processes moved using prmrun or prmmove) in their current PRM groups.
2.Compartment records
Move a process running in a secure compartment that is mapped to a PRM group using a compartment record to the assigned PRM group.
3.Application records
If the file ID of the process matches the file ID for the full pathname of any application listed in an application record in the current configuration, make the following checks:
a.If the process name is an exact match of an alternate name given in the application record, move the application to the PRM group assigned in the record.
b.If the process name matches any of the alternate names specified by pattern (regular expression) in application records, then:
•If it matches only one alternate name, move it to the PRM group specified in that record.
•If it matches multiple alternate names specified by pattern, move the process to the PRM group specified in the “first” matching record.
The “first” matching record is determined by sorting the alternate names specified by pattern in lexicographical (ASCII dictionary) order.
c.Move the process to the PRM group specified in the application record that has no alternate name.
4.Root processes
Move any process running as root to the PRM_SYS group (or to root’s initial group if explicitly given in a user record).
5.User records
Move any process run by a nonroot user to the initial group assigned to the user in a user record, assuming the initial group is other than (NONE).
34 Understanding how PRM manages resources
