Subscribers,
I'm a newbie. I hope that my question is appropriate for this
forum.
I'm using "libselinux-2.094-5.2.el6.i686" from CentOS 6.2 on a
system. In particular, I'm using a call to
"avc_has_perm_noaudit()". When SELinux is in Enforcing mode, all
is well and calls to the function return the correct value of zero
or -1. However, as the program runs, when I externally (i.e.,
outside of the program's code, using "setenforce") switch from
Enforcing to Permissive, the next call to "avc_has_perm_noaudit()"
crashes the program. I would expect the function to always
return a zero in Permissive mode and not crash.
I've also seen that the call crashes my program if the system is
in Enforcing, I switch it to Permissive (but avoid calling "avc_has_perm_noaudit()" by use of
"security_getenforce()") and then switch back to Enforcing and
call the function.
Is it appropriate to call "avc_has_perm_noaudit()" after
externally switching enforcing modes? Is this crashing a
known issue? Is it fixed in a later release? (I've haven't
tried any of the updated releases listed at
<http://userspace.selinuxproject.org/trac/wiki/Releases>.)
Thanks in advance for any help,
-- Steve Ross