101 lines
2.9 KiB
HTML
101 lines
2.9 KiB
HTML
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<HTML><HEAD><TITLE>Man page of security_getenforce</TITLE>
|
|
</HEAD><BODY>
|
|
<H1>security_getenforce</H1>
|
|
Section: SELinux API documentation (3)<BR>Updated: 1 January 2004<BR><A HREF="#index">Index</A>
|
|
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
|
|
|
|
<A NAME="lbAB"> </A>
|
|
<H2>NAME</H2>
|
|
|
|
security_getenforce, security_setenforce, security_deny_unknown, security_reject_unknown,
|
|
security_get_checkreqprot - get or set the enforcing state of SELinux
|
|
<A NAME="lbAC"> </A>
|
|
<H2>SYNOPSIS</H2>
|
|
|
|
<B>#include <<A HREF="file:///usr/include/selinux/selinux.h">selinux/selinux.h</A>></B>
|
|
|
|
<P>
|
|
<B>int security_getenforce(void);</B>
|
|
|
|
<P>
|
|
<B>int security_setenforce(int value</B><I>);</I>
|
|
|
|
<P>
|
|
<B>int security_deny_unknown(void);</B>
|
|
|
|
<P>
|
|
<B>int security_reject_unknown(void);</B>
|
|
|
|
<P>
|
|
<B>int security_get_checkreqprot(void);</B>
|
|
|
|
<A NAME="lbAD"> </A>
|
|
<H2>DESCRIPTION</H2>
|
|
|
|
<B>security_getenforce</B>()
|
|
|
|
returns 0 if SELinux is running in permissive mode, 1 if it is running in
|
|
enforcing mode, and -1 on error.
|
|
<P>
|
|
<B>security_setenforce</B>()
|
|
|
|
sets SELinux to enforcing mode if the value 1 is passed in, and sets it to
|
|
permissive mode if 0 is passed in. On success 0 is returned, on error -1 is
|
|
returned.
|
|
<P>
|
|
<B>security_deny_unknown</B>()
|
|
|
|
returns 0 if SELinux treats policy queries on undefined object classes or
|
|
permissions as being allowed, 1 if such queries are denied, and -1 on error.
|
|
<P>
|
|
<B>security_reject_unknown</B>()
|
|
|
|
returns 1 if the current policy was built with handle-unknown=reject and SELinux
|
|
would reject loading it, if it did not define all kernel object classes and
|
|
permissions. In this state, when
|
|
<B>selinux_set_mapping()</B>
|
|
|
|
and
|
|
<B>selinux_check_access()</B>
|
|
|
|
are used with an undefined userspace class or permission, an error is returned
|
|
and errno is set to EINVAL.
|
|
<P>
|
|
It returns 0 if the current policy was built with handle-unknown=allow or
|
|
handle-unknown=deny. In this state, policy queries are treated according to
|
|
<B>security_deny_unknown().</B>
|
|
|
|
-1 is returned on error.
|
|
<P>
|
|
<B>security_get_checkreqprot</B>()
|
|
|
|
can be used to determine whether SELinux is configured to check the
|
|
protection requested by the application or the actual protection that will
|
|
be applied by the kernel (including the effects of READ_IMPLIES_EXEC) on
|
|
mmap and mprotect calls. It returns 0 if SELinux checks the actual
|
|
protection, 1 if it checks the requested protection, and -1 on error.
|
|
<A NAME="lbAE"> </A>
|
|
<H2>SEE ALSO</H2>
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?8+selinux">selinux</A></B>(8)
|
|
|
|
<P>
|
|
|
|
<HR>
|
|
<A NAME="index"> </A><H2>Index</H2>
|
|
<DL>
|
|
<DT id="1"><A HREF="#lbAB">NAME</A><DD>
|
|
<DT id="2"><A HREF="#lbAC">SYNOPSIS</A><DD>
|
|
<DT id="3"><A HREF="#lbAD">DESCRIPTION</A><DD>
|
|
<DT id="4"><A HREF="#lbAE">SEE ALSO</A><DD>
|
|
</DL>
|
|
<HR>
|
|
This document was created by
|
|
<A HREF="/cgi-bin/man/man2html">man2html</A>,
|
|
using the manual pages.<BR>
|
|
Time: 00:05:56 GMT, March 31, 2021
|
|
</BODY>
|
|
</HTML>
|