On Tue, Mar 24, 2020 at 11:15 AM Ted Toth <txtoth@xxxxxxxxx> wrote:
>
> Is there a way to test whether semodule has be run with
> disable-dontaudit? Or better yet a netlink socket event?
Something like this?
$ make LDLIBS+=-lsemanage checkdisabledontaudit
$ sudo semodule -DB
$ sudo ./checkdisabledontaudit
dontaudits disabled
$ sudo semodule -B
$ sudo ./checkdisabledontaudit
dontaudits enabled
There isn't a specific netlink notification, although you could
register for the selinux policyload
notifications and check at that time.
#include <stdio.h>
#include <stdlib.h>
#include <semanage/handle.h>
int main(int argc, char **argv)
{
semanage_handle_t *sh;
int rc;
sh = semanage_handle_create();
if (!sh) {
fprintf(stderr, "%s: Could not create semanage handle\n",
argv[0]);
exit(1);
}
rc = semanage_connect(sh);
if (rc < 0) {
fprintf(stderr, "%s: Could not connect to policy handler\n",
argv[0]);
exit(1);
}
rc = semanage_get_disable_dontaudit(sh);
if (rc)
printf("dontaudits disabled\n");
else
printf("dontaudits enabled\n");
exit(0);
}
