* testing for disable-dontaudit in C code
@ 2020-03-24 15:14 Ted Toth
2020-03-24 16:40 ` Stephen Smalley
0 siblings, 1 reply; 3+ messages in thread
From: Ted Toth @ 2020-03-24 15:14 UTC (permalink / raw)
To: SELinux
Is there a way to test whether semodule has be run with
disable-dontaudit? Or better yet a netlink socket event?
Ted
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: testing for disable-dontaudit in C code
2020-03-24 15:14 testing for disable-dontaudit in C code Ted Toth
@ 2020-03-24 16:40 ` Stephen Smalley
2020-03-24 18:33 ` Ted Toth
0 siblings, 1 reply; 3+ messages in thread
From: Stephen Smalley @ 2020-03-24 16:40 UTC (permalink / raw)
To: Ted Toth; +Cc: SELinux
[-- Attachment #1: Type: text/plain, Size: 537 bytes --]
On Tue, Mar 24, 2020 at 11:15 AM Ted Toth <txtoth@gmail.com> wrote:
>
> Is there a way to test whether semodule has be run with
> disable-dontaudit? Or better yet a netlink socket event?
Something like this?
$ make LDLIBS+=-lsemanage checkdisabledontaudit
$ sudo semodule -DB
$ sudo ./checkdisabledontaudit
dontaudits disabled
$ sudo semodule -B
$ sudo ./checkdisabledontaudit
dontaudits enabled
There isn't a specific netlink notification, although you could
register for the selinux policyload
notifications and check at that time.
[-- Attachment #2: checkdisabledontaudit.c --]
[-- Type: text/x-csrc, Size: 541 bytes --]
#include <stdio.h>
#include <stdlib.h>
#include <semanage/handle.h>
int main(int argc, char **argv)
{
semanage_handle_t *sh;
int rc;
sh = semanage_handle_create();
if (!sh) {
fprintf(stderr, "%s: Could not create semanage handle\n",
argv[0]);
exit(1);
}
rc = semanage_connect(sh);
if (rc < 0) {
fprintf(stderr, "%s: Could not connect to policy handler\n",
argv[0]);
exit(1);
}
rc = semanage_get_disable_dontaudit(sh);
if (rc)
printf("dontaudits disabled\n");
else
printf("dontaudits enabled\n");
exit(0);
}
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: testing for disable-dontaudit in C code
2020-03-24 16:40 ` Stephen Smalley
@ 2020-03-24 18:33 ` Ted Toth
0 siblings, 0 replies; 3+ messages in thread
From: Ted Toth @ 2020-03-24 18:33 UTC (permalink / raw)
To: Stephen Smalley; +Cc: SELinux
On Tue, Mar 24, 2020 at 11:39 AM Stephen Smalley
<stephen.smalley.work@gmail.com> wrote:
>
> On Tue, Mar 24, 2020 at 11:15 AM Ted Toth <txtoth@gmail.com> wrote:
> >
> > Is there a way to test whether semodule has be run with
> > disable-dontaudit? Or better yet a netlink socket event?
>
> Something like this?
>
> $ make LDLIBS+=-lsemanage checkdisabledontaudit
> $ sudo semodule -DB
> $ sudo ./checkdisabledontaudit
> dontaudits disabled
> $ sudo semodule -B
> $ sudo ./checkdisabledontaudit
> dontaudits enabled
>
> There isn't a specific netlink notification, although you could
> register for the selinux policyload
> notifications and check at that time.
Exactly, thank you.
Ted
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-03-24 18:34 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-24 15:14 testing for disable-dontaudit in C code Ted Toth
2020-03-24 16:40 ` Stephen Smalley
2020-03-24 18:33 ` Ted Toth
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.