Hello team, I need to write an extension for osquery, and I will be using kolide/osquery-go to register tables and config plugins, Is there a way to get access to the flags that was passed to the osqueryd daemon via osquery.flags ?

Query the osquery_flags table. But if you're trying to add options, I thjnk there's a config section for it

I will be writing a custom config plugin, would it be possible to query the

osquery_flags

before the config is loaded .. ? Let me give it a try anyways

I don't think so. The config will be loaded by then, I'm. It sure you can get at the flags without config parsing. (Well, you could use the process table)

I was able to get one of the flags that was passed to the daemon from the extension..

[map[default_value:false description:Allow unsafe executable permissions name:allow_unsafe shell_only:0 type:bool value:true]]

output in the logs from osqueryd when running like:

./osqueryd --config_path /tmp/config.json --allow_unsafe --disable_extensions=false --extensions_autoload=/tmp/extensions.load --verbose

with

client, err := osquery.NewClient("/var/osquery/osquery.em", 10*time.Second)
defer client.Close()

resp, err := client.Query("select * from osquery_flags where name=\"allow_unsafe\";")
fmt.Println(resp.GetResponse())