| Updated: April 19, 2023 |
The io-pkt manager uses process manager abilities to protect the privileged operations required by networking components.
For a list of these abilities, see “Abilities” in the “Privilege control” section of the System Security Guide.
The following abilities govern which process operations io-pkt can do. Once io-pkt is up and running, you can use the qnx.kern.droproot sysctl command to tell it to stop running as root and run instead as the user that you specified with the -U option. At this point, io-pkt keeps the abilities that it needs and relinquishes the rest, but you can specify some additional abilities to retain if your networking driver needs them. On the command line, you can issue the sysctl command like this:
sysctl -w qnx.kern.droproot=value
The value is a hexadecimal number whose bits indicate which abilities io-pkt should keep, or 0 if you want io-pkt to continue to run as root. The QNX_DROPROOT_* flags are defined in <sys/iopkt_ability.h>:
| Constant | Value | Keep this ability |
|---|---|---|
| QNX_DROPROOT_STD | 0x0001 | Drop root without keeping any additional abilities (keep the “standard” ones listed below) |
| QNX_DROPROOT_INTERRUPT | 0x0002 | PROCMGR_AID_INTERRUPT |
| QNX_DROPROOT_CONNECTION | 0x0004 | PROCMGR_AID_CONNECTION |
| QNX_DROPROOT_TIMER | 0x0008 | PROCMGR_AID_TIMER |
| QNX_DROPROOT_PROT_EXEC | 0x0010 | PROCMGR_AID_PROT_EXEC |
| QNX_DROPROOT_PATHSPACE | 0x0020 | Not used; io-pkt keeps PROCMGR_AID_PATHSPACE by default |
| QNX_DROPROOT_QNET | 0x0040 | PROCMGR_AID_QNET |
| QNX_DROPROOT_PUBLIC_CHANNEL | 0x0080 | PROCMGR_AID_PUBLIC_CHANNEL |
By default, io-pkt retains the following abilities: