setrules(1M)setrules(1M)NAMEsetrules - set compartment rules
takes the current rules files on the system and puts them into effect.
Prior to using this command, changes in the rules files have no effect
on the system. This command can only be used when compartmentalization
is enabled (see cmpt_tune(1M)).
recognizes the following option:
Preview the rules.
This option parses the rules files, checking for syntax and
semantic errors, but makes no changes to the system.
The user invoking this command must have one of the following autho‐
A user with authorization can invoke this command from any compartment,
while a user with authorization can invoke this command from only those
compartments that have read and write access to the directory heirar‐
If a compartment is tagged for automatic discovery of rules using the
keyword subsequent runs of command does NOT clear the rules that are
already discovered. This means the rules applied are inconsistent with
the rules currently in the directory. To make them consistent, first
run "", and then run where, compartment_name is the name of the com‐
partment which is under for discovery mode and file.rules is the rules
file containing the rules for this compartment.
returns the following values:
The rules are displayed.
An error occurred.
An error can be caused by the following:
· An invalid option.
· The user does not having permissions to perform the
· A syntax or semantic error in a rule file.
· Other system errors (for example, insufficient system
Example 1: Execute to push the configured rules:
Example 2: Execute to push syntactically incorrectly configured rules:
Error: "/etc/cmpt/11.cmpt.1.rules", line 10 # Unexpected token 'web' \
or rule terminated prematurely setrules: Exiting due to parse errors
Example 3: Execute setrules to find any syntactically or semantically
incorrectly configured rules:
Error: "/etc/cmpt/iface.rules", line 10 # Undefined compartment "ooutside".
Error: "/etc/cmpt/iface.rules", line 14 # Undefined compartment "cgi".
SEE ALSOauthadm(1M), cmpt_tune(1M), getrules(1M), compartments(4), compart‐