NAME | SYNOPSIS | DESCRIPTION | SEE ALSO | COLOPHON

security_getenforce(3)    SELinux API documentation   security_getenforce(3)

NAME         top

       security_getenforce,    security_setenforce,   security_deny_unknown,
       security_get_checkreqprot- get or set the enforcing state of SELinux

SYNOPSIS         top

       #include <selinux/selinux.h>

       int security_getenforce(void);

       int security_setenforce(int value);

       int security_deny_unknown(void);

       int security_get_checkreqprot(void);

DESCRIPTION         top

       security_getenforce() returns 0 if SELinux is running in permissive
       mode, 1 if it is running in enforcing mode, and -1 on error.

       security_setenforce() sets SELinux to enforcing mode if the value 1
       is passed in, and sets it to permissive mode if 0 is passed in.  On
       success 0 is returned, on error -1 is returned.

       security_deny_unknown() returns 0 if SELinux treats policy queries on
       undefined object classes or permissions as being allowed, 1 if such
       queries are denied, and -1 on error.

       security_get_checkreqprot() can be used to determine whether SELinux
       is configured to check the protection requested by the application or
       the actual protection that will be applied by the kernel (including
       the effects of READ_IMPLIES_EXEC) on mmap and mprotect calls.  It
       returns 0 if SELinux checks the actual protection, 1 if it checks the
       requested protection, and -1 on error.

SEE ALSO         top

       selinux(8)

COLOPHON         top

       This page is part of the selinux (Security-Enhanced Linux user-space
       libraries and tools) project.  Information about the project can be
       found at ⟨https://github.com/SELinuxProject/selinux/wiki⟩.  If you
       have a bug report for this manual page, see 
       ⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩.  This
       page was obtained from the project's upstream Git repository 
       ⟨https://github.com/SELinuxProject/selinux⟩ on 2017-09-15.  If you
       discover any rendering problems in this HTML version of the page, or
       you believe there is a better or more up-to-date source for the page,
       or you have corrections or improvements to the information in this
       COLOPHON (which is not part of the original manual page), send a mail
       to man-pages@man7.org

russell@coker.com.au           1 January 2004         security_getenforce(3)

Pages that refer to this page: security_disable(3)security_load_policy(3)selinux_status_open(3)