secpolpush
QNX SDP8.0Utilities ReferenceUtilities
Push the security policy
Syntax:
secpolpush [-r range_file] [compiled_policy]
Runs on:
QNX OS
Options:
- -r range_file
- Get named range definitions from the specified file. See
Named range file
in the QNX OS System Security Guide. - compiled_policy
- The full path to the compiled_policy file. Use this
option to specify a non-default path for the security
file.
Because the security policy file that secures a system may be referenced by multiple components even after it is pushed to procnto, it must be located at /proc/boot/secpol.bin (the default).
Description:
The secpolpush utility is a target-based utility. Use it to push the compiled policy into effect.
Note:
The PROCMGR_AID_MAC_POLICY ability is required to push the policy.
See the Security Developers Guide for more information about:
- PROCMGR_AID_MAC_POLICY and other process-manager settings that govern which operations a particular process is permitted to do
- how to design a security policy and automate its creation using secpolgenerate
- the grammar that is used in the uncompiled, text version of the security policy file (generated or manual)
- how to compile a security policy with the secpolcompile utility
- best practices for security integration
Example:
This example shows how to push a compiled security policy
from /proc/boot/secpol.bin to the
microkernel:
secpolpush
Page updated: