security_getenforce

Section: SELinux API documentation (3)
Updated: 1 January 2004
Index Return to Main Contents
 

NAME

security_getenforce, security_setenforce, security_deny_unknown, security_get_checkreqprot- get or set the enforcing state of SELinux  

SYNOPSIS

#include <selinux/selinux.h>

int security_getenforce(void);

int security_setenforce(int value);

int security_deny_unknown(void);

int security_get_checkreqprot(void);  

DESCRIPTION

security_getenforce() returns 0 if SELinux is running in permissive mode, 1 if it is running in enforcing mode, and -1 on error.

security_setenforce() sets SELinux to enforcing mode if the value 1 is passed in, and sets it to permissive mode if 0 is passed in. On success 0 is returned, on error -1 is returned.

security_deny_unknown() returns 0 if SELinux treats policy queries on undefined object classes or permissions as being allowed, 1 if such queries are denied, and -1 on error.

security_get_checkreqprot() can be used to determine whether SELinux is configured to check the protection requested by the application or the actual protection that will be applied by the kernel (including the effects of READ_IMPLIES_EXEC) on mmap and mprotect calls. It returns 0 if SELinux checks the actual protection, 1 if it checks the requested protection, and -1 on error.  

SEE ALSO

selinux(8)


 

Index

NAME
SYNOPSIS
DESCRIPTION
SEE ALSO

This document was created by man2html, using the manual pages.
Time: 16:45:35 GMT, September 25, 2018