Booting securely
To boot the system securely, remove the lines that run secpolgenerate from the startup script, rebuild the OS image, and reboot.
Make sure the compiled security policy is in the IFS in /proc/boot. To avoid having to specify the location wherever it is needed, QNX recommends that you use the default policy filepath /proc/boot/secpol.bin.
In the startup script, remove the lines that run secpolgenerate (described
in Booting the system for the first time
). In the
following example, the lines are commented out:
# secpolgenerate -u -t 50
# procmgr_symlink /proc/boot/libsecpol-gen.so.1 /proc/boot/libsecpol.so.1
secpolpush
After you rebuild your OS image with these changes, you reboot the system. After the reboot, system activity is restricted to what's in the policy—behavior that secpolgenerate observed when you exercised the system.