- #OPER SOURCE DATABASE PROGRAM FOR MAC INSTALL#
- #OPER SOURCE DATABASE PROGRAM FOR MAC UPDATE#
- #OPER SOURCE DATABASE PROGRAM FOR MAC MANUAL#
- #OPER SOURCE DATABASE PROGRAM FOR MAC CODE#
The means of specifying subjects does not affect the remaining processing.
#OPER SOURCE DATABASE PROGRAM FOR MAC CODE#
hash option generates a code requirement that denotes only and exactly one program whose CodeDirec- tory CodeDirectory Path of a certificate file on disk, containing the DER form of an anchor certificate. Ment matching any signature based on that anchor certificate. The -anchor option takes the hash of a (full) certificate and turns it into a require- ment requirement Individual programs on disk can be addressed with the -path option (which uses their Designated Spctl allows you to specify these requirements directly using the -requirement option. The system assessement rule database contains entries that match candidates based on Code Requirements. Repeat the option or give it a higher numeric value to increase
#OPER SOURCE DATABASE PROGRAM FOR MAC INSTALL#
Specify which type of assessment is desired: execute to assess code execution, install toĪssess installation of an installer package, and open to assess the opening of documents.
#OPER SOURCE DATABASE PROGRAM FOR MAC UPDATE#
rule In rule update operations, indicates that the argument(s) are the index numbers of existing In rule update operations, indicates that the argument(s) are code requirement source. Invented assessment aspects that spctl does not yet know about. This is useful when used in scripts, or to access newly raw When displaying the outcome of an assessment, write it as a "raw" XML plist instead of parsing Higher numeric values indicate higher priority. In rule update operations, specifies the priority of the rule(s) created or changed. path In rule update operations, indicates that the argument(s) denote paths to files on disk. This option not prohibit the use of existing cache No otherĪssessment may reuse this outcome. Rule labels are optional.ĭo not place the outcome of any assessments into the assessment object cache. Trary strings that are assigned by convention. Specifies a string label to attach to new rules, or find in existing rules. Newly generated assessments may still be stored in the cache. This may significantly slow down operation.
hash In rule update operations, indicates that the arguments are code directory hashes.ĭo not query or use the assessment object cache. Option, the first failed assessment terminates operation. If the assessment of a file fails, continue assessing additional file arguments. In rule update operations, indicates that the arguments are hashes of anchor certificates.
In addition, the following options are recognized: Query whether the assessment subsystem is enabled or disabled.
Remove rule(s) from the assessment rule database. Operations that are denied by system policy will fail Īssessment APIs report the truth. Requires root access.Įnable the assessment subsystem. Will be allowed to proceed assessment APIs always report success. Operations that would be denied by system policy When performing assessment, but remain in the database and can be re-enabled later.Įnable rule(s) in the assessment rule database, counteracting earlier disabling.ĭisable the assessment subsystem altogether. Requests that spctl perform an assessment on the files given.ĭisable one or more rules in the assessment rule database. add Add rule(s) to the system-wide assessment rule database. Spctl requires one command option that determines its principal operation: This subsystem maintains and evaluates rules that determine whether the system allows the installation,Įxecution, and other operations on files on the system. Spctl -status DESCRIPTION spctl manages the security assessment policy subsystem.
spctl -master-enable | -master-disable spctl -enable | -disable | -remove NAME spctl - SecAssessment system policy security
#OPER SOURCE DATABASE PROGRAM FOR MAC MANUAL#
SPCTL(8) BSD System Manager's Manual SPCTL(8)
0 kommentar(er)
