Home
QNX Software Development Platform
QNX SDP is a cross-compiling and debugging environment, including an IDE and command-line tools, for building binary images and programs for target boards running the QNX OS 8.0.
System Security Guide
The QNX System Security Guide is intended for both system integrators who are responsible for the security of a QNX OS system and developers who want to create a QNX OS resource manager free from vulnerabilities.
Security Features for System Integrators
Privilege control
Process manager abilities
Within the kernel and process manager, control over a process's ability to perform many actions is governed not by the user ID (UID) of the process, but by a set of approximately 70 permissions called process manager (procmgr) abilities.

QNX Momentics IDE User's Guide
This User's Guide describes version 8.0 of the Integrated Development Environment (IDE) that's part of the QNX Tool Suite.
QNX Software Development Platform
QNX SDP is a cross-compiling and debugging environment, including an IDE and command-line tools, for building binary images and programs for target boards running the QNX OS 8.0.
- Quickstart Guide
- System Architecture
  The System Architecture guide accompanies the QNX OS and is intended for both application developers and end-users.
- OS Components & Operations
- Graphics
- Programming
- System Security Guide
  The QNX System Security Guide is intended for both system integrators who are responsible for the security of a QNX OS system and developers who want to create a QNX OS resource manager free from vulnerabilities.
  - Security Matrix
    The following table describes security problems and cyberattacks and the QNX OS security features that can mitigate them.
  - Security Features Overview
  - Security Features for Developers
  - Security Features for System Integrators
    - Privilege control
      - User IDs for system services
        For best security, after system startup, all services should be running with their own unique user and group IDs.
      - Process manager abilities
        Within the kernel and process manager, control over a process's ability to perform many actions is governed not by the user ID (UID) of the process, but by a set of approximately 70 permissions called process manager (procmgr) abilities.
      - Abilities
      - Security policies
        Security policies provide a central way to control the privileges that processes have, which simplifies an audit of a system’s security.
    - Systems without passwords
    - Secure boot
      Secure boot is a mechanism that ensures the integrity of the running system, by cryptographically verifying each stage of the boot process.
    - Cryptography for system integrators
      QNX OS supports multiple ways to access cryptography services.
    - Address space layout randomization (ASLR)
      Address space layout randomization varies the location of data and instructions each time an executable is loaded as long as it was compiled with Position-Independent Executable (PIE) support.
    - Fortified system functions
      QNX OS fortified system functions are designed to detect out-of-bounds memory accesses by performing lightweight parameter validation at compile-time, runtime, or both.
    - Access control
      Access control is the selective restriction of access to a resource. Access controls take many different forms and the sections below describe which ones can be used in QNX OS systems.
    - Filesystem security
    - Random number generation
    - Virtualization security features
      Virtual devices (vdevs) provided by QNX Hypervisor for Safety (QHS) and other QNX hypervisors.
    - The /proc filesystem
    - Application groups
      Application groups are used to group processes together so they can be controlled as a group.
    - chroot (change root)
      The QNX OS chroot() function allows you to set the root directory of a process to a path other than the system's root directory, a feature common to most UNIX-like operating systems.
    - Hypervisor security
      The QNX hypervisor is built as an extension of the QNX OS microkernel. As such, it inherits the security features of the microkernel itself as well as the secure execution environment created by the microkernel. In addition, the hypervisor has additional layers that are purpose-built for secure virtual machine operation.
  - Security Policies
  - Fortified System Functions
  - Pathtrust
    The pathtrust feature prevents processes from executing untrusted code. If a process is compromised, pathtrust mitigates the threat of the system being further compromised by an attacker using chained-together exploits.
  - Using mkqnximage to Display Security Features
- Utilities & Libraries
- Migrating to QNX OS 8.0
QNX Software in the Cloud
QNX Software in the Cloud enables developers to use the QNX OS in the Amazon cloud environment.
QNX Toolkit for Visual Studio Code
This User's Guide describes the QNX^® Toolkit for Visual Studio Code. The guide introduces you to the QNX Toolkit by explaining the QNX development environment and how to build, run, and debug your QNX^® Operating System (OS) applications and systems.
QNX Hypervisor User's Guide
This User's Guide explains the QNX hypervisor architecture and provides instructions for installing and running a QNX Hypervisor system, changing system components and configuration, and using hypervisor features such as virtual devices (vdevs).
Typographical Conventions, Support, and Licensing
This section describes the typographical conventions used throughout the documentation, explains how to obtain technical support, and provides some information about licensing.

Process manager abilities

QNX SDP8.0QNX OS System Security GuideAPIConfiguration

Within the kernel and process manager, control over a process's ability to perform many actions is governed not by the user ID (UID) of the process, but by a set of approximately 70 permissions called process manager (procmgr) abilities.

Because a process's abilities may also be tested by a server process that receives a message from it, abilities can control things outside the domain of the kernel and process manager. To make this capability more useful, the set of 70 or so static abilities may be augmented by additional custom abilities, allowing processes to use abilities to control access to whatever they see fit.

Use of abilities allows the privileges assigned to a process to be tailored to its needs rather than being all or nothing. QNX recommends that you configure abilities using security policies. For a full discussion of the advantages of this feature, go to the Security Policies chapter.

The pre-security-policies way to configure abilities is to start up a process as root with the full set of abilities. After completing initialization, the process reconfigures its non-root set of abilities, granting privileged abilities it will require and dropping others. It then calls setuid() to switch permanently to non-root and continues with just what it needs for its operation. For more information, go to the procmgr_ability() entry in the C Library Reference.

Go to Abilities for a list of abilities.

The pidin utility allows you to display abilities information about a process. See the pidin entry in the Utilities Reference.

Page updated: August 11, 2025