1security_getenforce(3)     SELinux API documentation    security_getenforce(3)
2
3
4

NAME

6       security_getenforce,  security_setenforce, security_deny_unknown, secu‐
7       rity_get_checkreqprot- get or set the enforcing state of SELinux
8

SYNOPSIS

10       #include <selinux/selinux.h>
11
12       int security_getenforce(void);
13
14       int security_setenforce(int value);
15
16       int security_deny_unknown(void);
17
18       int security_get_checkreqprot(void);
19

DESCRIPTION

21       security_getenforce() returns 0 if SELinux  is  running  in  permissive
22       mode, 1 if it is running in enforcing mode, and -1 on error.
23
24       security_setenforce()  sets SELinux to enforcing mode if the value 1 is
25       passed in, and sets it to permissive mode if 0 is passed in.   On  suc‐
26       cess 0 is returned, on error -1 is returned.
27
28       security_deny_unknown()  returns  0 if SELinux treats policy queries on
29       undefined object classes or permissions as being  allowed,  1  if  such
30       queries are denied, and -1 on error.
31
32       security_get_checkreqprot() can be used to determine whether SELinux is
33       configured to check the protection requested by the application or  the
34       actual  protection  that  will  be applied by the kernel (including the
35       effects of READ_IMPLIES_EXEC) on mmap and mprotect calls.  It returns 0
36       if  SELinux  checks the actual protection, 1 if it checks the requested
37       protection, and -1 on error.
38

SEE ALSO

40       selinux(8)
41
42
43
44russell@coker.com.au            1 January 2004          security_getenforce(3)