Home
QNX Software Development Platform
QNX SDP is a cross-compiling and debugging environment, including an IDE and command-line tools, for building binary images and programs for target boards running the QNX OS 8.0.
Utilities & Libraries
Utilities Reference
S
secpolpush
Push the security policy

QNX Momentics IDE User's Guide
This User's Guide describes version 8.0 of the Integrated Development Environment (IDE) that's part of the QNX Tool Suite.
QNX Software Development Platform
QNX SDP is a cross-compiling and debugging environment, including an IDE and command-line tools, for building binary images and programs for target boards running the QNX OS 8.0.
- Quickstart Guide
- System Architecture
  The System Architecture guide accompanies the QNX OS and is intended for both application developers and end-users.
- OS Components & Operations
- Graphics
- Programming
- System Security Guide
  The QNX System Security Guide is intended for both system integrators who are responsible for the security of a QNX OS system and developers who want to create a QNX OS resource manager free from vulnerabilities.
- Utilities & Libraries
  - C Library Reference
  - Devctl and Ioctl Commands
  - JSON Library Reference
  - PAM Reference
  - QNX Helpers Developer's Guide
    These libraries provide QNX helpers, including helpers that assist with logging, string conversion, and number and type sizes.
  - SPI Framework Technote
  - QNX Cryptography Library
    The QNX Cryptography Library (qcrypto) is a flexible cryptography framework that allows you to choose which cryptography provider responds to requests on a per-process basis.
  - QNX devcrypto Service
  - Utilities Reference
    - Utility Conventions
    - A
    - B
    - C
    - D
    - E
    - F
    - G
    - H
    - I
    - J
    - K
    - L
    - M
    - N
    - O
    - P
    - Q
    - R
    - S
      - scp
        Secure copy (remote file copy program)
      - script
        Create a typescript of a terminal session
      - secpol
        Manage the compiled security policy file
      - secpolcompile
        Compile the security policy
      - secpolgenerate
        Generate the security policy file
      - secpollaunch
        Launch a process with different privileges
      - secpolmonitor
        Realtime monitoring of security events.
      - secpolpush
        Push the security policy
      - sed (host)
        Stream editor (POSIX)
      - sed (target)
        Stream editor (POSIX, toybox)
      - sendnto
        Send an OS image to a target over a serial or parallel port (QNX OS)
      - seq
        Counts a sequence of numbers (POSIX, toybox)
      - server-monitor
        Watch designated servers and take action if they don't handle an unblock pulse
      - /etc/services
        Service name database (UNIX)
      - setconf
        Set a configuration string (QNX)
      - setfacl
        Set the access control list (ACL) for files or directories
      - setkey
        Manually manipulate the IPsec SA/SP database
      - sftp
        Secure file transfer program
      - sftp-server
        SFTP server subsystem
      - sh
        Public domain Korn shell command interpreter (UNIX)
      - sha1sum
        Calculate hash for each input file (POSIX, toybox)
      - showmount
        Show remote NFS mounts on host
      - shutdown
        Shut down and reboot the system (QNX OS)
      - size
        List section and total sizes for an archive or object file (POSIX)
      - slay
        Kill or modify a process by name or ID (QNX OS)
      - sleep (host)
        Suspend execution for an interval (POSIX)
      - sleep (target)
        Wait before exiting (POSIX, toybox)
      - slm
        System launch and monitor: launch complex applications consisting of many processes that must be started in a specific order
      - slmctl
        Control and query System Launch and Monitor (slm)
      - slogger2
        System logger
      - slog2info
        Display messages from the system log
      - sntp
        Simple Network Time Protocol client program
      - sockstat
        List the open sockets
      - sort
        Sort all lines of text from input files (or stdin) to stdout (POSIX, toybox)
      - spatch
        Fullscreen patch utility (QNX OS)
      - split
        Copy an input (or stdin) data to a series of outputs (POSIX, toybox)
      - ssh
        OpenSSH SSH client: remote login program
      - ssh-add
        Add private key identities to the OpenSSH authentication
      - ssh-agent
        Authentication agent
      - ~/.ssh/ssh_config, /etc/ssh/ssh_config
        OpenSSH SSH client configuration files
      - ssh-keygen
        Authentication key generation, management, and conversion
      - ssh-keyscan
        Gather SSH public keys
      - ssh-keysign
        SSH helper program for host-based authentication
      - sshd
        OpenSSH SSH daemon
      - /etc/ssh/sshd_config
        OpenSSH SSH daemon configuration file
      - startup-* options
        Generic options for startup programs (QNX OS)
      - startup-apic
        Startup for Intel Advanced Programmable Interrupt Controller (APIC) systems (QNX OS)
      - startup-x86
        Startup for x86 systems (QNX OS)
      - stat
        Display status of files or filesystems (POSIX, toybox)
      - strings (host)
        Find printable strings in files (POSIX)
      - strings (target)
        Display printable strings in a binary file (POSIX, toybox)
      - strip
        Remove unnecessary information from executable files (POSIX)
      - strongSwan
        Add IPsec encryption and authentication
      - stty
        Set tty attributes (POSIX)
      - su
        Switch user ID (UNIX)
      - sync
        Update filesystems to match cached data (UNIX)
      - sysctl
        Get or set the state of the socket manager
    - T
    - U
    - V
    - W
    - X
    - Y
    - Z
    - Commonly Used Environment Variables
    - Selecting the Target System
    - Glossary
  - WPA Control Interface Reference
    This document provides a reference for the Wi-Fi Protected Access (WPA) control interface, which provides a C API for the WPA/IEEE 802.11i protocols in Wi-Fi client stations. Application developers who want to control WPA operations and get associated status and event data should read this reference.
- Migrating to QNX OS 8.0
QNX Software in the Cloud
QNX Software in the Cloud enables developers to use the QNX OS in the Amazon cloud environment.
QNX Toolkit for Visual Studio Code
This User's Guide describes the QNX^® Toolkit for Visual Studio Code. The guide introduces you to the QNX Toolkit by explaining the QNX development environment and how to build, run, and debug your QNX^® Operating System (OS) applications and systems.
QNX Hypervisor User's Guide
This User's Guide explains the QNX hypervisor architecture and provides instructions for installing and running a QNX Hypervisor system, changing system components and configuration, and using hypervisor features such as virtual devices (vdevs).
Typographical Conventions, Support, and Licensing
This section describes the typographical conventions used throughout the documentation, explains how to obtain technical support, and provides some information about licensing.

secpolpush

QNX SDP8.0Utilities ReferenceUtilities

Push the security policy

Syntax:

secpolpush [-r range_file] [compiled_policy]

Runs on:

QNX OS

Options:

-r range_file: Get named range definitions from the specified file. See Named range file in the QNX OS System Security Guide.
compiled_policy: The full path to the compiled_policy file. Use this option to specify a non-default path for the security file.
Because the security policy file that secures a system may be referenced by multiple components even after it is pushed to procnto, it must be located at /proc/boot/secpol.bin (the default).

Description:

The secpolpush utility is a target-based utility. Use it to push the compiled policy into effect.

Note:

The PROCMGR_AID_MAC_POLICY ability is required to push the policy.

See the Security Developers Guide for more information about:

PROCMGR_AID_MAC_POLICY and other process-manager settings that govern which operations a particular process is permitted to do
how to design a security policy and automate its creation using secpolgenerate
the grammar that is used in the uncompiled, text version of the security policy file (generated or manual)
how to compile a security policy with the secpolcompile utility
best practices for security integration

Example:

This example shows how to push a compiled security policy from /proc/boot/secpol.bin to the microkernel:

secpolpush

Page updated: August 11, 2025