Table 5-1 Compartment Configuration Files
Configuration File | Description |
/etc/cmpt | The directory in which compartment rules files reside. |
/etc/cmpt/*.rules | The file containing the compartment rules configured for the |
| system. |
/etc/cmpt/hardlinks/hardlinks.config The file containing valid mount points to be scanned to check the consistency of compartment rules for files with multiple hardlinks pointing to them.
Compartment Commands
Table
Table 5-2 Compartment Commands
Command | Description |
cmpt_tune | Queries, enables, and disables the compartments feature. |
setfilexsec | Sets security attributes of binary files, including the compartment attribute. |
getfilexsec | Displays security attributes associated with binary executable files, including |
| the compartment attribute. |
getprocxsec | Displays security attributes of processes, including the compartment attribute. |
getrules | Displays the compartment rules currently active in the kernel. |
setrules | Activates new or modified rules in the kernel. |
| With the |
| them to the kernel. |
vhardlinks | Checks the consistency of compartment rules for files that have multiple hard |
| links, to ensure that conflicting rules for access do not exist. |
Compartment Manpages
Table
Table 5-3 Compartment Manpages
Manpage | Description |
compartments(4) | Describes compartment rule syntax. |
compartments(5) | Provides an overview of compartment functionality and describes the use of |
| compartment rules. |
cmpt_tune(1M) | Describes cmpt_tune functionality and syntax. |
setfilexsec(1M) | Describes setfilexsec functionality and syntax. |
getfilexsec(1M) | Describes getfilexsec functionality and syntax. |
getprocxsec(1M) | Describes getprocxsec functionality and syntax. |
getrules(1M) | Describes getrules functionality and syntax. |
setrules(1M) | Describes setrules functionality and syntax. |
vhardlinks(1M) | Describes vhardlinks functionality and syntax. |
62 Compartments
