Introduce a helper binary to print the number of policy reloads on the
running system.
Print only a single number to ease the usage by scripts.
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
v2:
- use main() prototype with arguments
- use argv[0] instead of hard coding program name
- fix indentation and spacing issues
- add binary to .gitignore file
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
libselinux/utils/.gitignore | 1 +
libselinux/utils/getpolicyload.c | 30 ++++++++++++++++++++++++++++++
2 files changed, 31 insertions(+)
create mode 100644 libselinux/utils/getpolicyload.c
diff --git a/libselinux/utils/.gitignore b/libselinux/utils/.gitignore
index b19b94a8..b3311360 100644
--- a/libselinux/utils/.gitignore
+++ b/libselinux/utils/.gitignore
@@ -10,6 +10,7 @@ getenforce
getfilecon
getpidcon
getpidprevcon
+getpolicyload
getsebool
getseuser
matchpathcon
diff --git a/libselinux/utils/getpolicyload.c b/libselinux/utils/getpolicyload.c
new file mode 100644
index 00000000..ce06bb78
--- /dev/null
+++ b/libselinux/utils/getpolicyload.c
@@ -0,0 +1,30 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <selinux/avc.h>
+
+
+int main(int argc __attribute__ ((unused)),
+ char* argv[] __attribute__ ((unused))) {
+ int rc;
+
+ /*
+ * Do not use netlink as fallback, since selinux_status_policyload(3)
+ * works only after a first message has been received.
+ */
+ rc = selinux_status_open(/*fallback=*/0);
+ if (rc < 0) {
+ fprintf(stderr, "%s: failed to open SELinux status map: %m\n", argv[0]);
+ return EXIT_FAILURE;
+ }
+
+ rc = selinux_status_policyload();
+ if (rc < 0)
+ fprintf(stderr, "%s: failed to read policyload from SELinux status page: %m\n", argv[0]);
+ else
+ printf("%d\n", rc);
+
+ selinux_status_close();
+
+ return (rc < 0) ? EXIT_FAILURE : EXIT_SUCCESS;
+}
--
2.40.1
