https://github.com/osquery/osquery logo
Powered by
g

Gilad Reich

02/02/2023, 5:42 PM
Hello! Curious question regarding this: https://github.com/osquery/osquery/blob/5.7.0/osquery/extensions/extensions.cpp#L49-L55 What was the rational behind enforcing Osquery extensions to end with 
.ext
extension?
To answer my own question: https://osquery.readthedocs.io/en/stable/installation/cli-flags/#daemon-control-flags
Copy code
Force osqueryd to kill previously-running daemons. The daemon will check for an existing "pidfile". If found, and if it contains a pid of a process named "osqueryd", the process will be killed.
If that’s the main reason, then perhaps it could be done differently by just relying on the pid.
s

seph

02/03/2023, 2:10 PM
I’m not sure how your quote here relates to the extension naming requirement.
Honestly? I have no idea. Digging through git, I can trace it at least as far back as https://github.com/osquery/osquery/pull/848
Powered by