suzanne.soy/man-pages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
gh-pages
man-pages/man3/security_load_policy.3.html
Suzanne Soy 4c89183f2b Added man pages from my system
2021-03-31 01:06:50 +01:00

104 lines
3.5 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of security_load_policy</TITLE>
</HEAD><BODY>
<H1>security_load_policy</H1>
Section: SELinux API documentation (3)<BR>Updated: 3 November 2009<BR><A HREF="#index">Index</A>
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
security_load_policy - load a new SELinux policy
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
<B>#include &lt;<A HREF="file:///usr/include/selinux/selinux.h">selinux/selinux.h</A>&gt;</B>
<P>
<B>int security_load_policy(void *</B><I>data</I><B>, size_t len</B><I>);</I>
<P>
<B>int selinux_mkload_policy(int </B><I>preservebools</I><B>);</B>
<P>
<B>int selinux_init_load_policy(int *</B><I>enforce</I><B>);</B>
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
<B>security_load_policy</B>()
loads a new policy, returns 0 for success and -1 for error.
<P>
<B>selinux_mkload_policy</B>()
makes a policy image and loads it. This function provides a higher level
interface for loading policy than
<B>security_load_policy</B>(),
internally determining the right policy version, locating and opening
the policy file, mapping it into memory, manipulating it as needed for
current boolean settings and/or local definitions, and then calling
security_load_policy to load it.
<I>preservebools</I>
is a boolean flag indicating whether current policy boolean values should
be preserved into the new policy (if 1) or reset to the saved policy
settings (if 0). The former case is the default for policy reloads, while
the latter case is an option for policy reloads but is primarily used for
the initial policy load.
<B>selinux_init_load_policy</B>()
performs the initial policy load. This function determines the desired
enforcing mode, sets the
<I>enforce</I>
argument accordingly for the caller to use, sets the SELinux kernel
enforcing status to match it, and loads the policy. It also internally
handles the initial selinuxfs mount required to perform these actions.
<P>
It should also be noted that after the initial policy load, the SELinux
kernel code cannot anymore be disabled and the selinuxfs cannot be
unmounted using a call to
<B><A HREF="/cgi-bin/man/man2html?3+security_disable">security_disable</A></B>(3).
Therefore, after the initial policy load, the only operational changes
are those permitted by
<B><A HREF="/cgi-bin/man/man2html?3+security_setenforce">security_setenforce</A></B>(3)
(i.e. eventually setting the framework in permissive mode rather than
in enforcing one).
<A NAME="lbAE">&nbsp;</A>
<H2>RETURN VALUE</H2>
Returns zero on success or -1 on error.
<A NAME="lbAF">&nbsp;</A>
<H2>AUTHOR</H2>
This manual page has been written by Guido Trentalancia &lt;<A HREF="mailto:guido@trentalancia.com">guido@trentalancia.com</A>&gt;
<A NAME="lbAG">&nbsp;</A>
<H2>SEE ALSO</H2>
<B><A HREF="/cgi-bin/man/man2html?8+selinux">selinux</A></B>(8), <B><A HREF="/cgi-bin/man/man2html?3+security_disable">security_disable</A></B>(3), <B><A HREF="/cgi-bin/man/man2html?8+setenforce">setenforce</A></B>(8)
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT id="1"><A HREF="#lbAB">NAME</A><DD>
<DT id="2"><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT id="3"><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT id="4"><A HREF="#lbAE">RETURN VALUE</A><DD>
<DT id="5"><A HREF="#lbAF">AUTHOR</A><DD>
<DT id="6"><A HREF="#lbAG">SEE ALSO</A><DD>
</DL>
<HR>
This document was created by
<A HREF="/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 00:05:56 GMT, March 31, 2021
</BODY>
</HTML>
Reference in New Issue View Git Blame Copy Permalink