libselinux/utils: introduce getpolicyload

Introduce a helper binary to print the number of policy reloads on the running system. Print only a single number to ease the usage by scripts. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com>
2023-07-14 20:50:33 +02:00 · 2023-07-14 20:50:33 +02:00 · ec35d1d802
parent 04613f6875
commit ec35d1d802
2 changed files with 31 additions and 0 deletions
--- a/libselinux/utils/.gitignore
+++ b/libselinux/utils/.gitignore
@ -10,6 +10,7 @@ getenforce
 getfilecon
 getpidcon
 getpidprevcon
+getpolicyload
 getsebool
 getseuser
 matchpathcon
--- a/libselinux/utils/getpolicyload.c
+++ b/libselinux/utils/getpolicyload.c
@ -0,0 +1,30 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <selinux/avc.h>
+
+
+int main(int argc __attribute__ ((unused)),
+         char* argv[] __attribute__ ((unused))) {
+	int rc;
+
+	/*
+	* Do not use netlink as fallback, since selinux_status_policyload(3)
+	* works only after a first message has been received.
+	*/
+	rc = selinux_status_open(/*fallback=*/0);
+	if (rc < 0) {
+		fprintf(stderr, "%s:  failed to open SELinux status map:  %m\n", argv[0]);
+		return EXIT_FAILURE;
+	}
+
+	rc = selinux_status_policyload();
+	if (rc < 0)
+		fprintf(stderr, "%s:  failed to read policyload from SELinux status page:  %m\n", argv[0]);
+	else
+		printf("%d\n", rc);
+
+	selinux_status_close();
+
+	return (rc < 0) ? EXIT_FAILURE : EXIT_SUCCESS;
+}