On Tue, Mar 24, 2020 at 11:39 AM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > > On Tue, Mar 24, 2020 at 11:15 AM Ted Toth <txtoth@xxxxxxxxx> wrote: > > > > Is there a way to test whether semodule has be run with > > disable-dontaudit? Or better yet a netlink socket event? > > Something like this? > > $ make LDLIBS+=-lsemanage checkdisabledontaudit > $ sudo semodule -DB > $ sudo ./checkdisabledontaudit > dontaudits disabled > $ sudo semodule -B > $ sudo ./checkdisabledontaudit > dontaudits enabled > > There isn't a specific netlink notification, although you could > register for the selinux policyload > notifications and check at that time. Exactly, thank you. Ted
