:: RootR ::  Hosting Order Map Login   Secure Inter-Network Operations  
 
security_load_policy(3) - phpMan

Command: man perldoc info search(apropos)  

security_load_policy(3)             SELinux API documentation             security_load_policy(3)



NAME
       security_load_policy - load a new SELinux policy

SYNOPSIS
       #include <selinux/selinux.h>

       int security_load_policy(void *data, size_t len);

       int selinux_mkload_policy(int preservebools);

       int selinux_init_load_policy(int *enforce);

DESCRIPTION
       security_load_policy() loads a new policy, returns 0 for success and -1 for error.

       selinux_mkload_policy() makes a policy image and loads it. This function provides a higher
       level interface for loading policy than security_load_policy(), internally determining the
       right policy version, locating and opening the policy file, mapping it into memory, manip‐
       ulating it as needed for current boolean settings and/or local definitions, and then call‐
       ing  security_load_policy  to load it.  preservebools is a boolean flag indicating whether
       current policy boolean values should be preserved into the new policy (if 1) or  reset  to
       the saved policy settings (if 0). The former case is the default for policy reloads, while
       the latter case is an option for policy reloads but is primarily used for the initial pol‐
       icy  load.   selinux_init_load_policy()  performs  the  initial policy load. This function
       determines the desired enforcing mode, sets the enforce argument accordingly for the call‐
       er  to use, sets the SELinux kernel enforcing status to match it, and loads the policy. It
       also internally handles the initial selinuxfs mount required to perform these actions.

       It should also be noted that after the initial policy load, the SELinux kernel code cannot
       anymore  be  disabled  and the selinuxfs cannot be unmounted using a call to security_dis‐
       able(3).  Therefore, after the initial policy load, the only operational changes are those
       permitted  by  security_setenforce(3) (i.e. eventually setting the framework in permissive
       mode rather than in enforcing one).

RETURN VALUE
       Returns zero on success or -1 on error.

AUTHOR
       This manual page has been written by Guido Trentalancia <guido AT trentalancia.com>

SEE ALSO
       selinux(8), security_disable(3), setenforce(8)



guido AT trentalancia.com                   3 November 2009                  security_load_policy(3)

/man
rootr.net - man pages