security_load_booleans - Man Page

routines for manipulating SELinux boolean values

Synopsis

#include <selinux/selinux.h>

int security_get_boolean_names(char ***names, int *len);

int security_get_boolean_pending(const char *name);

int security_get_boolean_active(const char *name);

int security_set_boolean(const char *name, int value);

int security_set_boolean_list(size_t boolcnt, SELboolean *boollist, int permanent);

int security_commit_booleans(void);

Description

The SELinux policy can include conditional rules that are enabled or disabled based on the current values of a set of policy booleans. These policy booleans allow runtime modification of the security policy without having to load a new policy.  

The SELinux API allows for a transaction based update. So you can set several boolean values and then commit them all at once.

security_get_boolean_names() provides a list of boolean names, currently supported by the loaded policy.

security_get_boolean_pending() returns the pending value for boolean or -1 on failure.

security_get_boolean_active() returns the active value for boolean or -1 on failure.

security_set_boolean() sets the pending value for boolean

security_set_boolean_list() saves a list of booleans in a single transaction. Note that the int permanent flag is deprecated and should be set to zero.

security_commit_booleans() commits all pending values for the booleans.

Return Value

Where not otherwise stated, functions described in this manual page return zero on success or -1 on error.

Author

This manual page was written by Dan Walsh <dwalsh@redhat.com>.

See Also

selinux(8), getsebool(8), booleans(8), togglesebool(8)

Referenced By

selinux_boolean_sub(3).

The man pages security_commit_booleans(3), security_get_boolean_active(3), security_get_boolean_names(3), security_get_boolean_pending(3), security_set_boolean(3) and security_set_boolean_list(3) are aliases of security_load_booleans(3).

15 November 2004 dwalsh@redhat.com SELinux API Documentation