avc_has_perm_noaudit crashes process after switching enforcing modes
Daniel J Walsh
dwalsh at redhat.com
Tue May 21 16:17:24 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/21/2013 11:53 AM, Steve Ross wrote:
> Subscribers,
>
> I'm a newbie. I hope that my question is appropriate for this forum.
>
> I'm using "libselinux-2.094-5.2.el6.i686" from CentOS 6.2 on a system. In
> particular, I'm using a call to "avc_has_perm_noaudit()". When SELinux is
> in Enforcing mode, all is well and calls to the function return the correct
> value of zero or -1. However, as the program runs, when I externally
> (i.e., outside of the program's code, using "setenforce") switch from
> Enforcing to Permissive, the next call to "avc_has_perm_noaudit()" crashes
> the program. I would expect the function to always return a zero in
> Permissive mode and not crash.
>
> I've also seen that the call crashes my program if the system is in
> Enforcing, I switch it to Permissive (but avoid calling
> "avc_has_perm_noaudit()" by use of "security_getenforce()") and then switch
> back to Enforcing and call the function.
>
> Is it appropriate to call "avc_has_perm_noaudit()" after externally
> switching enforcing modes? Is this crashing a known issue? Is it fixed in
> a later release? (I've haven't tried any of the updated releases listed
> at <http://userspace.selinuxproject.org/trac/wiki/Releases>.)
>
> Thanks in advance for any help, -- Steve Ross
>
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
Sounds like a bug, can you write a reproducer and the send in the code, or
open a bugzilla/service request.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlGbnhQACgkQrlYvE4MpobPfzwCgw9f4mxQWHvbS4Zi0Km/i1jki
JkIAmwQ6KbKxNM8iAU3dg2/arF3CIkjD
=Nx1y
-----END PGP SIGNATURE-----
More information about the selinux
mailing list