avc_has_perm_noaudit crashes process after switching enforcing modes
Steve Ross
sross at trustedcs.com
Tue May 28 15:00:28 UTC 2013
I'm unable to reproduce my problem on a stock CentOS 6.2 distribution.
Where should I file the bug? For the bug, what are the settings that I
should use? (Or what bug can I follow as an example?)
Thanks,
-- Steve Ross
On 05/21/2013 11:17 AM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 05/21/2013 11:53 AM, Steve Ross wrote:
>> Subscribers,
>>
>> I'm a newbie. I hope that my question is appropriate for this forum.
>>
>> I'm using "libselinux-2.094-5.2.el6.i686" from CentOS 6.2 on a system. In
>> particular, I'm using a call to "avc_has_perm_noaudit()". When SELinux is
>> in Enforcing mode, all is well and calls to the function return the correct
>> value of zero or -1. However, as the program runs, when I externally
>> (i.e., outside of the program's code, using "setenforce") switch from
>> Enforcing to Permissive, the next call to "avc_has_perm_noaudit()" crashes
>> the program. I would expect the function to always return a zero in
>> Permissive mode and not crash.
>>
>> I've also seen that the call crashes my program if the system is in
>> Enforcing, I switch it to Permissive (but avoid calling
>> "avc_has_perm_noaudit()" by use of "security_getenforce()") and then switch
>> back to Enforcing and call the function.
>>
>> Is it appropriate to call "avc_has_perm_noaudit()" after externally
>> switching enforcing modes? Is this crashing a known issue? Is it fixed in
>> a later release? (I've haven't tried any of the updated releases listed
>> at <http://userspace.selinuxproject.org/trac/wiki/Releases>.)
>>
>> Thanks in advance for any help, -- Steve Ross
>>
>>
>> -- selinux mailing list selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>
> Sounds like a bug, can you write a reproducer and the send in the code, or
> open a bugzilla/service request.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.13 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlGbnhQACgkQrlYvE4MpobPfzwCgw9f4mxQWHvbS4Zi0Km/i1jki
> JkIAmwQ6KbKxNM8iAU3dg2/arF3CIkjD
> =Nx1y
> -----END PGP SIGNATURE-----
More information about the selinux
mailing list