tnctl provides an interface to send control and configuration messages either to the kernel directly or to tnd(1M).
If a local trusted-networking database file is modified, the administrator should issue tnchkdb(1M) to check the syntax, and must also issue tnctl to reload the kernel caches.
tnctl must be started from the trusted path; and for the -i, -t, -h, -b, -B, -I, -T, and -H options, it must have the
sys_net_config privilege. tnctl can be run at any sensitivity label, except the -h and -H options, which need to run at
file_mac_read privilege can be used
to override this policy.
See attributes(5) for descriptions of the following attributes:
|ATTRIBUTE TYPE||ATTRIBUTE VALUE|
Turn on verbose mode.
Turn on debugging for tnd to the level specified by debug_level. debug_level may be 1 or 2; however, currently no distinction is made between the two values. The debug output goes to the log file specified on the tnd command line, or by default to /var/tsol/tndlog.
Set poll interval to poll-interval seconds. The valid range is 0 to 2147483647; a zero value causes tnd to poll the name service databases immediately and then revert to the original poll-interval. This may be useful when changes to tnrhdb(4) or tnrhtp(4) databases are to be made effective immediately.
Update the kernel-interface cache on the specified interface_name. If the entry does not exist in the database, return an error message.
Update the kernel remote-host cache on the specified hostname. If the entry does not exist in the database, delete the entry from the cache.
Update the kernel template cache on the specified template_name. If the entry does not exist in the database, return an error message. See WARNINGS about the risks of changing a template when the network is up.
Load all entries in the tnidb_path file into the kernel cache. tnidb_path is the full pathname plus filename of the file.
Load all entries in the file tnrhtp_path into the kernel cache. tnrhtp_path is the full pathname plus filename of the file.
Load all entries in the tnrhdb_path file into the kernel cache. tnrhdb_path is the full pathname plus filename of the file.
Add a remote broadcast address.
Delete a remote broadcast address.
Trusted network interface-control database
Trusted network remote-host database
Trusted network remote-host templates
Configuration file for the name service switch
Currently, only level-1 debugging is supported.
Changing a template while the network is up can change the security view of an undetermined number of hosts.