Push the security policy
Syntax:
secpolpush [compiled_policy]
Options:
- compiled_policy
- The full path to the compiled_policy file. Use this
option to specify a non-default path to an additional security
file.
Because the security policy file that secures a system may be
referenced by multiple components even after it is pushed to
procnto, it must be located at
/proc/boot/secpol.bin (the default).
Description:
The secpolpush utility is a target-based utility. Use it to push
the compiled policy into effect.
Note: The PROCMGR_AID_MAC_POLICY
ability is required to push the policy.
To learn more about this ability
and other process-manager settings that govern which operations a particular process
is permitted to do, see procmgr abilities in the QNX Neutrino C Library Reference.
See the
Security Developers Guide for more information about:
- how to design a security policy
- the grammar that you can use in the text version of the security policy file
(uncompiled)
- how to compile a security policy with the secpolcompile
utility
- best practices for security integration
- mandatory access control
Example:
This example shows how to push a compiled security policy
from
/proc/boot/secpol.bin to the
microkernel:
secpolpush