security_mkload_policy(3) — Linux manual page


security_load_policy(3)   SELinux API documentation  security_load_policy(3)

NAME         top

       security_load_policy - load a new SELinux policy

SYNOPSIS         top

       #include <selinux/selinux.h>

       int security_load_policy(void *data, size_t len);

       int selinux_mkload_policy(int preservebools);

       int selinux_init_load_policy(int *enforce);

DESCRIPTION         top

       security_load_policy() loads a new policy, returns 0 for success and
       -1 for error.

       selinux_mkload_policy() makes a policy image and loads it. This
       function provides a higher level interface for loading policy than
       security_load_policy(), internally determining the right policy
       version, locating and opening the policy file, mapping it into
       memory, manipulating it as needed for current boolean settings and/or
       local definitions, and then calling security_load_policy to load it.
       preservebools is a boolean flag indicating whether current policy
       boolean values should be preserved into the new policy (if 1) or
       reset to the saved policy settings (if 0). The former case is the
       default for policy reloads, while the latter case is an option for
       policy reloads but is primarily used for the initial policy load.
       selinux_init_load_policy() performs the initial policy load. This
       function determines the desired enforcing mode, sets the enforce
       argument accordingly for the caller to use, sets the SELinux kernel
       enforcing status to match it, and loads the policy. It also
       internally handles the initial selinuxfs mount required to perform
       these actions.

       It should also be noted that after the initial policy load, the
       SELinux kernel code cannot anymore be disabled and the selinuxfs
       cannot be unmounted using a call to security_disable(3).  Therefore,
       after the initial policy load, the only operational changes are those
       permitted by security_setenforce(3) (i.e. eventually setting the
       framework in permissive mode rather than in enforcing one).

RETURN VALUE         top

       Returns zero on success or -1 on error.

AUTHOR         top

       This manual page has been written by Guido Trentalancia

SEE ALSO         top

       selinux(8), security_disable(3), setenforce(8)

COLOPHON         top

       This page is part of the selinux (Security-Enhanced Linux user-space
       libraries and tools) project.  Information about the project can be
       found at ⟨⟩.  If you
       have a bug report for this manual page, see
       ⟨⟩.  This
       page was obtained from the project's upstream Git repository
       ⟨⟩ on 2020-09-18.  (At that
       time, the date of the most recent commit that was found in the repos‐
       itory was 2020-09-17.)  If you discover any rendering problems in
       this HTML version of the page, or you believe there is a better or
       more up-to-date source for the page, or you have corrections or
       improvements to the information in this COLOPHON (which is not part
       of the original manual page), send a mail to         3 November 2009       security_load_policy(3)