secpolpush

Push the security policy

Syntax:

secpolpush [compiled_policy]

Runs on:

QNX Neutrino

Options:

compiled_policy
The full path to the compiled_policy file. Use this option to specify a non-default path to an additional security file.

Because the security policy file that secures a system may be referenced by multiple components even after it is pushed to procnto, it must be located at /proc/boot/secpol.bin (the default).

Description:

The secpolpush utility is a target-based utility. Use it to push the compiled policy into effect.

Note: The PROCMGR_AID_MAC_POLICY ability is required to push the policy.

To learn more about this ability and other process-manager settings that govern which operations a particular process is permitted to do, see procmgr abilities in the QNX Neutrino C Library Reference.

See the Security Developers Guide for more information about:
  • how to design a security policy
  • the grammar that you can use in the text version of the security policy file (uncompiled)
  • how to compile a security policy with the secpolcompile utility
  • best practices for security integration
  • mandatory access control

Example:

This example shows how to push a compiled security policy from /proc/boot/secpol.bin to the microkernel:
secpolpush