security_getenforce man page

security_getenforce, security_setenforce, security_deny_unknown — get or set the enforcing state of SELinux


#include <selinux/selinux.h>

int security_getenforce(void);

int security_setenforce(int value);

int security_deny_unknown(void);


security_getenforce() returns 0 if SELinux is running in permissive mode, 1 if it is running in enforcing mode, and -1 on error.

security_setenforce() sets SELinux to enforcing mode if the value 1 is passed in, and sets it to permissive mode if 0 is passed in.  On success 0 is returned, on error -1 is returned.

security_deny_unknown() returns 0 if SELinux treats policy queries on undefined object classes or permissions as being allowed, 1 if such queries are denied, and -1 on error.

See Also


Referenced By

security_disable(3), security_load_policy(3), selinux_status_open(3).

The man pages security_deny_unknown(3) and security_setenforce(3) are aliases of security_getenforce(3).

1 January 2004 SELinux API documentation