Push the security policy
Syntax:
secpolpush [-r range_file] [compiled_policy]
Options:
- -r
range_file
- Get named range definitions from the specified file. See
“Named range file”
in the QNX Neutrino
System Security Guide.
- compiled_policy
- The full path to the compiled_policy file. Use this
option to specify a non-default path for the security
file.
Because the security policy file that secures a system may be
referenced by multiple components even after it is pushed to
procnto, it must be located at
/proc/boot/secpol.bin (the default).
Description:
The secpolpush utility is a target-based utility. Use it to push the compiled policy into effect.
Note: The PROCMGR_AID_MAC_POLICY ability is required to push the policy.
See the
Security Developers Guide for more information about:
- PROCMGR_AID_MAC_POLICY and other process-manager settings that govern which operations a particular process is permitted to do
- how to design a security policy and automate its creation using
secpolgenerate
- the grammar that is used in the uncompiled, text version of the security policy file
(generated or manual)
- how to compile a security policy with the secpolcompile utility
- best practices for security integration
Example:
This example shows how to push a compiled security policy
from
/proc/boot/secpol.bin to the
microkernel:
secpolpush