Updating EFS

Edit online

This section describes the procedure to set the security attributes of the EFS that was evaluated as a cryptographic file system.

The evaluation does not include the aspects of root guard mode against the full access to root. On enabling EFS, set the security attributes for the efsmgr and egskeymgr commands by running the command:

setsecattr -c accessauths=ALLOW_ALL
innateprivs=PV_DEV_QUERY,PV_DEV_CONFIG,PV_AU_ADD,PV_DAC_R,PV_DAC_W,PV_DAC_X /usr/sbin/efsmgr

setsecattr -c accessauths=ALLOW_ALL
innateprivs=PV_DEV_QUERY,PV_DEV_CONFIG,PV_AU_ADD,PV_DAC_R,PV_DAC_W,PV_DAC_X /usr/sbin/efskeymgr

setkst -t cmd