Using mkqnximage to Display Security Features

Updated: April 19, 2023

This section will help you understand how security features are configured in a system and what they do. By using mkqnximage to build an image, it is easy to get a system that is properly configured with a feature. By comparing two images configured in different ways, you can see the configuration changes that are needed.

Where the examples show commands being executed on the image, they assume that you’re logged in as root.

Seeing how an option changes configuration

When mkqnximage builds an image, it generates files in the virtual machine’s output/build directory. These are the build files used to generate the image and the startup scripts that run on it. The simplest way to see the effect of an option is to build a virtual machine with and without the option and compare the resulting files in output/build.

The example below showcases an image built with pathtrust enabled.

Starting in some empty directory:

mkdir baseline

mkdir pathtrust
 
cd baseline
 
mkqnximage
 
cd pathtrust
 
mkqnximage --pathtrust=yes
 
diff -u -r ../baseline/output/build output/build

The last command provides the delta between the two image configuration files, displaying what has changed when enabling the feature.

For more information, use mkqnximage --help to display all options.