Use the comp_init_policy command to generate and load, or to remove, the Initial Policy.
This command generates the Initial Policy. It ensures that it will be loaded when the computer is booted, or any other time that a Policy is fetched, for example, at cpstart, or with the fw fetch localhost command. After running this command, cpconfig adds an Initial Policy if there is no previous Policy installed.
$FWDIR/bin/comp_init_policy [-u | -g] |
Options |
Description |
---|---|
-u |
Removes the Initial Policy, and makes sure that it will not be generated in the future when cpconfig is run. |
-g |
Generates the Initial Policy and makes sure that it is loaded the next time a policy is fetched ( |
The comp_init_policy -g command will only work if there is no previous policy. If there is a policy, make sure that after removing the policy, you delete the folder $FWDIR/state/local/FW1/. The $FWDIR/state/local/FW1/ folder contains the policy that will be fetched when fw fetch localhost is run.
The fw fetch localhost command is the command that installs the local policy. cpstart. comp_init_policy creates the initial policy, but has a safeguard so that the initial policy will not overwrite a regular user policy (since initial policy is only used for fresh installations or upgrade). For this reason, you must delete the $FWDIR/state/local/FW1/ directory if there is a previous policy, otherwise comp_init_policy will detect that the existing user policy and will not overwrite it.
If you do not delete the previous policy, the original policy will be loaded.