Provided by: libselinux1-dev_2.7-2build2_amd64 bug

NAME
       security_getenforce,  security_setenforce,  security_deny_unknown,  security_get_checkreqprot- get or set
       the enforcing state of SELinux


SYNOPSIS
       #include <selinux/selinux.h>

       int security_getenforce(void);

       int security_setenforce(int value);

       int security_deny_unknown(void);

       int security_get_checkreqprot(void);


DESCRIPTION
       security_getenforce() returns 0 if SELinux is running in permissive mode, 1 if it is running in enforcing
       mode, and -1 on error.

       security_setenforce() sets SELinux to enforcing mode if the  value  1  is  passed  in,  and  sets  it  to
       permissive mode if 0 is passed in.  On success 0 is returned, on error -1 is returned.

       security_deny_unknown()  returns  0  if  SELinux  treats  policy  queries  on undefined object classes or
       permissions as being allowed, 1 if such queries are denied, and -1 on error.

       security_get_checkreqprot() can be  used  to  determine  whether  SELinux  is  configured  to  check  the
       protection  requested  by  the  application  or  the actual protection that will be applied by the kernel
       (including the effects of READ_IMPLIES_EXEC) on mmap and mprotect calls.  It returns 0 if SELinux  checks
       the actual protection, 1 if it checks the requested protection, and -1 on error.


SEE ALSO
       selinux(8)

russell@coker.com.au                             1 January 2004                           security_getenforce(3)