Example of a minimum security configuration

Below is a basic "everything allowed" security configuration for a solution consisting of client and server entities.

This configuration allows the following:

• All interactions between entities (sending any requests and responses)
• Startup of all entities
• Queries of the kernel via the security interface

A more complex security configuration is shown in the ping example.

security.cfg

/* Define execute interface. */

execute = execute.execute;

/* Import file with declaration of basic security policies. */

#include <kss/server/base.cfg>

/* Sending and receiving requests and responses, as well as startup of entities is allowed. */

request { grant; }

response { grant; }

execute { grant; }

/* Declaration of the "services.core" and "einit" entities. */

entity services.core;

entity einit;

/* Declaration of all other entities included in the solution. */

entity client;

entity server;

/* To start a basic solution, you only need to allow the kernel to send all queries via the security interface.

In more complex solutions, you may need to control individual methods of the kernel security interface. */

security src=services.core { grant; }

Page top