security_load_policy(3) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | RETURN VALUE | AUTHOR | SEE ALSO | COLOPHON

security_load_policy(3) SELinux API documentation security_load_policy(3)

NAME         top

       security_load_policy - load a new SELinux policy

SYNOPSIS         top

       #include <selinux/selinux.h>

       int security_load_policy(const void *data, size_t len);

       int selinux_mkload_policy(int preservebools);

       int selinux_init_load_policy(int *enforce);

DESCRIPTION         top

       security_load_policy() loads a new policy, returns 0 for success
       and -1 for error.

       selinux_mkload_policy() makes a policy image and loads it. This
       function provides a higher level interface for loading policy than
       security_load_policy(), internally determining the right policy
       version, locating and opening the policy file, mapping it into
       memory, manipulating it as needed for current boolean settings
       and/or local definitions, and then calling security_load_policy to
       load it.  preservebools is a boolean flag indicating whether
       current policy boolean values should be preserved into the new
       policy (if 1) or reset to the saved policy settings (if 0). The
       former case is the default for policy reloads, while the latter
       case is an option for policy reloads but is primarily used for the
       initial policy load.  selinux_init_load_policy() performs the
       initial policy load. This function determines the desired
       enforcing mode, sets the enforce argument accordingly for the
       caller to use, sets the SELinux kernel enforcing status to match
       it, and loads the policy. It also internally handles the initial
       selinuxfs mount required to perform these actions.

       It should also be noted that after the initial policy load, the
       SELinux kernel code cannot anymore be disabled and the selinuxfs
       cannot be unmounted using a call to security_disable(3).
       Therefore, after the initial policy load, the only operational
       changes are those permitted by security_setenforce(3) (i.e.
       eventually setting the framework in permissive mode rather than in
       enforcing one).

RETURN VALUE         top

       Returns zero on success or -1 on error.

AUTHOR         top

       This manual page has been written by Guido Trentalancia
       <guido@trentalancia.com>

SEE ALSO         top

       selinux(8), security_disable(3), setenforce(8)

COLOPHON         top

       This page is part of the selinux (Security-Enhanced Linux user-
       space libraries and tools) project.  Information about the project
       can be found at ⟨https://github.com/SELinuxProject/selinux/wiki⟩.
       If you have a bug report for this manual page, see
       ⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩.
       This page was obtained from the project's upstream Git repository
       ⟨https://github.com/SELinuxProject/selinux⟩ on 2025-02-02.  (At
       that time, the date of the most recent commit that was found in
       the repository was 2025-01-29.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there is
       a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to
       man-pages@man7.org

guido@trentalancia.com       3 November 2009      security_load_policy(3)

Pages that refer to this page: selinux_config(5)