NAME¶
security_getenforce, security_setenforce, security_deny_unknown - get or set the
enforcing state of SELinux
SYNOPSIS¶
#include <selinux/selinux.h>
int security_getenforce(void);
int security_setenforce(int value);
int security_deny_unknown(void);
DESCRIPTION¶
security_getenforce() returns 0 if SELinux is running in permissive mode,
1 if it is running in enforcing mode, and -1 on error.
security_setenforce() sets SELinux to enforcing mode if the value 1 is
passed in, and sets it to permissive mode if 0 is passed in. On success 0 is
returned, on error -1 is returned.
security_deny_unknown() returns 0 if SELinux treats policy queries on
undefined object classes or permissions as being allowed, 1 if such queries
are denied, and -1 on error.
SEE ALSO¶
selinux(8)