Subscribers,

I'm a newbie.  I hope that my question is appropriate for this forum.

I'm using "libselinux-2.094-5.2.el6.i686" from CentOS 6.2 on a system.  In particular, I'm using a call to "avc_has_perm_noaudit()".  When SELinux is in Enforcing mode, all is well and calls to the function return the correct value of zero or -1.  However, as the program runs, when I externally (i.e., outside of the program's code, using "setenforce") switch from Enforcing to Permissive, the next call to "avc_has_perm_noaudit()" crashes the program.  I would expect the function to always return a zero in Permissive mode and not crash. 

I've also seen that the call crashes my program if the system is in Enforcing, I switch it to Permissive (but avoid calling "avc_has_perm_noaudit()" by use of "security_getenforce()") and then switch back to Enforcing and call the function.

Is it appropriate to call "avc_has_perm_noaudit()" after externally switching enforcing modes?  Is this crashing a known issue?  Is it fixed in a later release?  (I've haven't tried any of the updated releases listed at <http://userspace.selinuxproject.org/trac/wiki/Releases>.)

Thanks in advance for any help,
-- Steve Ross