Are system extensions queryable like kexts , I hav...
# macosg
Gavin
08/24/2020, 6:33 PMAre system extensions queryable like kexts , I have not had a chance to dig deep into it but can’t see a table or relevant issue / pr on GitHub mainly due to the overloading of the name and currently on Linux
s
sundsta
08/24/2020, 6:36 PMkexts are in the kernel_extensions table https://osquery.io/schema/4.4.0#kernel_extensions
g
Gavin
08/24/2020, 6:38 PMTo be clear this is system extensions being query able like the kext table enables not the actual looking up of kexts
s
sundsta
08/24/2020, 6:40 PM@Gavin Sorry, I misunderstood. I don’t think there’s any built in table for querying those at the moment, but if the configuration is stored in a plist somewhere you could parse that using the plist table.
f
fritz
08/24/2020, 6:55 PMSystemExtensions.h
fritz
08/24/2020, 6:55 PMSome enterprising individual should write a table 😉
g
Gavin
08/24/2020, 7:04 PM#goodfirst issue ?
m
Mike Myers
08/25/2020, 5:47 PMIt's possible to run
systemextensionsctl list2 Views