McDewey

utils os secure dynamic-policies show This command displays the rules to be introduced by loading the generated selinux policy module of the dynamic policy. Run this command after the successful compilation to verify that the rules to be loaded are secure. utils os secure dynamic-policies show policy name Syntax Description Description Parameters Type the dynamic policy name for which you want to view the rules. policy name Command Modes Administrator (admin:) Usage Guidelines Requirements Command privilege level: 1 Allowed during upgrade: Yes Applies to: Unified Communications Manager and IM and Presence Service on Unified Communications Manager utils os secure dynamic-policies start-recording This command starts recording the selinux denials and organizes them under the new dynamic policy. • This command sets the system into the permissive mode. • The dynamic-policies are generated on a per-node basis. As a restriction, these policies cannot be exported or imported. This restriction has the following advantages: • Prevent loading external and unsigned policy modules into selinux that may create security vulnerabilities. • Prevent the transfer of policy modules between Unified Communications Manager clusters with different configurations. Note utils os secure dynamic-policies start-recording policy name Syntax Description Description Parameters Type the dynamic policy name where the selinux denials and future policy data is to be organized. policy name Command Modes Administrator (admin:) Command Line Interface Reference Guide for Cisco Unified Communications Solutions, Release 15 and SUs 337 Utils Commands utils os secure dynamic-policies show