.TH "security_getenforce" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
.SH "NAME"
security_getenforce, security_setenforce, security_deny_unknown, security_get_checkreqprot\- get or set the enforcing state of SELinux
.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
.B int security_getenforce(void);
.sp
.BI "int security_setenforce(int "value );
.sp
.B int security_deny_unknown(void);
.sp
.B int security_get_checkreqprot(void);
.
.SH "DESCRIPTION"
.BR security_getenforce ()
returns 0 if SELinux is running in permissive mode, 1 if it is running in
enforcing mode, and \-1 on error.

.BR security_setenforce ()
sets SELinux to enforcing mode if the value 1 is passed in, and sets it to
permissive mode if 0 is passed in.  On success 0 is returned, on error \-1 is
returned.

.BR security_deny_unknown ()
returns 0 if SELinux treats policy queries on undefined object classes or
permissions as being allowed, 1 if such queries are denied, and \-1 on error.

.BR security_get_checkreqprot ()
can be used to determine whether SELinux is configured to check the
protection requested by the application or the actual protection that will
be applied by the kernel (including the effects of READ_IMPLIES_EXEC) on
mmap and mprotect calls.  It returns 0 if SELinux checks the actual
protection, 1 if it checks the requested protection, and \-1 on error.
.
.SH "SEE ALSO"
.BR selinux "(8)"