|
HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|
|
NAME | SYNOPSIS | DESCRIPTION | RETURN VALUE | AUTHOR | SEE ALSO | COLOPHON |
|
|
|
security_load_policy(3) SELinux API documentation security_load_policy(3)
security_load_policy - load a new SELinux policy
#include <selinux/selinux.h>
int security_load_policy(const void *data, size_t len);
int selinux_mkload_policy(int preservebools);
int selinux_init_load_policy(int *enforce);
security_load_policy() loads a new policy, returns 0 for success
and -1 for error.
selinux_mkload_policy() makes a policy image and loads it. This
function provides a higher level interface for loading policy than
security_load_policy(), internally determining the right policy
version, locating and opening the policy file, mapping it into
memory, manipulating it as needed for current boolean settings
and/or local definitions, and then calling security_load_policy to
load it. preservebools is a boolean flag indicating whether
current policy boolean values should be preserved into the new
policy (if 1) or reset to the saved policy settings (if 0). The
former case is the default for policy reloads, while the latter
case is an option for policy reloads but is primarily used for the
initial policy load. selinux_init_load_policy() performs the
initial policy load. This function determines the desired
enforcing mode, sets the enforce argument accordingly for the
caller to use, sets the SELinux kernel enforcing status to match
it, and loads the policy. It also internally handles the initial
selinuxfs mount required to perform these actions.
It should also be noted that after the initial policy load, the
SELinux kernel code cannot anymore be disabled and the selinuxfs
cannot be unmounted using a call to security_disable(3).
Therefore, after the initial policy load, the only operational
changes are those permitted by security_setenforce(3) (i.e.
eventually setting the framework in permissive mode rather than in
enforcing one).
Returns zero on success or -1 on error.
This manual page has been written by Guido Trentalancia
<guido@trentalancia.com>
selinux(8), security_disable(3), setenforce(8)
This page is part of the selinux (Security-Enhanced Linux user-
space libraries and tools) project. Information about the project
can be found at ⟨https://github.com/SELinuxProject/selinux/wiki⟩.
If you have a bug report for this manual page, see
⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩.
This page was obtained from the project's upstream Git repository
⟨https://github.com/SELinuxProject/selinux⟩ on 2025-08-11. (At
that time, the date of the most recent commit that was found in
the repository was 2025-08-04.) If you discover any rendering
problems in this HTML version of the page, or you believe there is
a better or more up-to-date source for the page, or you have
corrections or improvements to the information in this COLOPHON
(which is not part of the original manual page), send a mail to
man-pages@man7.org
guido@trentalancia.com 3 November 2009 security_load_policy(3)
Pages that refer to this page: selinux_config(5)
|
HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|