avc_has_perm_noaudit crashes process after switching enforcing modes

[Steve Ross]

Subscribers,

I'm a newbie.  I hope that my question is appropriate for this forum.

I'm using "libselinux-2.094-5.2.el6.i686" from CentOS 6.2 on a system.  
In particular, I'm using a call to "avc_has_perm_noaudit()".  When 
SELinux is in Enforcing mode, all is well and calls to the function 
return the correct value of zero or -1.  However, as the program runs, 
when I externally (i.e., outside of the program's code, using 
"setenforce") switch from Enforcing to Permissive, the next call to 
"avc_has_perm_noaudit()" crashes the program.  I would expect the 
function to always return a zero in Permissive mode and not crash.

I've also seen that the call crashes my program if the system is in 
Enforcing, I switch it to Permissive (but avoid calling 
"avc_has_perm_noaudit()" by use of "security_getenforce()") and then 
switch back to Enforcing and call the function.

Is it appropriate to call "avc_has_perm_noaudit()" after externally 
switching enforcing modes?  Is this crashing a known issue?  Is it fixed 
in a later release?  (I've haven't tried any of the updated releases 
listed at <http://userspace.selinuxproject.org/trac/wiki/Releases>.)

Thanks in advance for any help,
-- Steve Ross
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20130521/a27091f1/attachment.html>