Re: [PATCH v2] libselinux/utils: introduce getpolicyload

James Carter <jwcart2@xxxxxxxxx> · Fri, 4 Aug 2023 14:39:10 -0400

On Fri, Jul 28, 2023 at 2:11 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Fri, Jul 14, 2023 at 2:56 PM Christian Göttsche
> <cgzones@xxxxxxxxxxxxxx> wrote:
> >
> > Introduce a helper binary to print the number of policy reloads on the
> > running system.
> > Print only a single number to ease the usage by scripts.
> >
> > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
>

Merged.
Thanks,
Jim

> > ---
> > v2:
> >   - use main() prototype with arguments
> >   - use argv[0] instead of hard coding program name
> >   - fix indentation and spacing issues
> >   - add binary to .gitignore file
> > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> > ---
> >  libselinux/utils/.gitignore      |  1 +
> >  libselinux/utils/getpolicyload.c | 30 ++++++++++++++++++++++++++++++
> >  2 files changed, 31 insertions(+)
> >  create mode 100644 libselinux/utils/getpolicyload.c
> >
> > diff --git a/libselinux/utils/.gitignore b/libselinux/utils/.gitignore
> > index b19b94a8..b3311360 100644
> > --- a/libselinux/utils/.gitignore
> > +++ b/libselinux/utils/.gitignore
> > @@ -10,6 +10,7 @@ getenforce
> >  getfilecon
> >  getpidcon
> >  getpidprevcon
> > +getpolicyload
> >  getsebool
> >  getseuser
> >  matchpathcon
> > diff --git a/libselinux/utils/getpolicyload.c b/libselinux/utils/getpolicyload.c
> > new file mode 100644
> > index 00000000..ce06bb78
> > --- /dev/null
> > +++ b/libselinux/utils/getpolicyload.c
> > @@ -0,0 +1,30 @@
> > +#include <stdio.h>
> > +#include <stdlib.h>
> > +
> > +#include <selinux/avc.h>
> > +
> > +
> > +int main(int argc __attribute__ ((unused)),
> > +         char* argv[] __attribute__ ((unused))) {
> > +       int rc;
> > +
> > +       /*
> > +       * Do not use netlink as fallback, since selinux_status_policyload(3)
> > +       * works only after a first message has been received.
> > +       */
> > +       rc = selinux_status_open(/*fallback=*/0);
> > +       if (rc < 0) {
> > +               fprintf(stderr, "%s:  failed to open SELinux status map:  %m\n", argv[0]);
> > +               return EXIT_FAILURE;
> > +       }
> > +
> > +       rc = selinux_status_policyload();
> > +       if (rc < 0)
> > +               fprintf(stderr, "%s:  failed to read policyload from SELinux status page:  %m\n", argv[0]);
> > +       else
> > +               printf("%d\n", rc);
> > +
> > +       selinux_status_close();
> > +
> > +       return (rc < 0) ? EXIT_FAILURE : EXIT_SUCCESS;
> > +}
> > --
> > 2.40.1
> >