On 12/18/2013 10:32 AM, Jay Corrales wrote: > Folks, > > We think we've run into a bug with rhel5. Could be that the policy > database contains corruption, or contains some data structures that lead > to buggy results (e.g. AVC execute_no_trans). Is there a way to see > additional debug info in the LSM during run time? I've tried adding > "debug" to the boot time kernel parameters, but does not add any new > logging or reporting info for selinux. More likely just a bug in your policy. I can't really tell though as you haven't shown an AVC that corresponds to the policy that you listed. You can easily check whether you did or did not allow something by using sesearch from setools. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.