pathtrust

Designate a file or filesystem as trusted, or see if it is

Syntax:

Mark a file or filesystem as trusted:

pathtrust [!]file... [lockdown]

Test to see if a file is trusted:

pathtrust [-q] -t file... 

Runs on:

QNX Neutrino

Options:

-q
Be quiet; use only the return code to indicate whether or not the file is trusted.
-t
Test to see if the file is trusted. If you haven't also specified the -q option, pathtrust reports the results on standard output.
[!]file
The item to test or mark as trusted.

If you're marking an item (i.e., you haven't specified the -t option):

  • If you specify a leading exclamation mark, the given file is designated as trusted.
  • If you don't specify the exclamation mark, the underlying filesystem is designated as trusted.
lockdown
Prevent any other files or filesystems from being marked as trusted. To unlock this, reboot your system.

If you want to mark or test a file that's called lockdown, specify it as a path (e.g., ./lockdown).

Description:

The pathtrust utility sends messages to procnto to mark the given files and filesystems as trusted. If you don't mark any files or filesystems as trusted, all are trusted.

If a process with any privileged abilities enabled attempts to mark a region of memory as PROT_EXEC, any memory-mapped files in the region must be trusted or be from a trusted filesystem. For more information about abilities, see procmgr_ability() in the QNX Neutrino C Library Reference.

Note: The trusted designations—like the effects of the lockdown command—disappear when you reboot your system. In order to make the designations persist, you can run pathtrust in a boot script, a universal profile, or such.

Exit status:

0
Successful completion; the file or filesystem is trusted.
1
The file or filesystem isn't trusted.
2
An error occurred.