An application needs to be able to run some commands with root access. Some of the commands lines are somewhat complicated such as:
"sh -c sh /tmp/installer/GetOSVersion.sh; EC=$?; rm -rf /tmp/installer; exit $EC"
After adding these commands to the allowed commands list in the MCU (pf_authcmds) the commands are not being allowed to run.
The issue can be worked around by replacing each space character in the string passed to the first command with the single character wildcard ('?'). For example the above command could be added to the policy as: