On 12/18/13, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > On 12/18/2013 10:32 AM, Jay Corrales wrote: >> Folks, >> >> We think we've run into a bug with rhel5. Could be that the policy >> database contains corruption, or contains some data structures that lead >> to buggy results (e.g. AVC execute_no_trans). Is there a way to see >> additional debug info in the LSM during run time? I've tried adding >> "debug" to the boot time kernel parameters, but does not add any new >> logging or reporting info for selinux. > > More likely just a bug in your policy. I can't really tell though as > you haven't shown an AVC that corresponds to the policy that you listed. We restored an image of our previous build and ran the policy. There was no perm denied error. It ran perfectly. The difference in builds represents an installer media and updated policies. leading me to believe there is something fundamentally wrong with the installer media producing a corrupted policy database. Is there a way to know why it is reporting an AVC for execute_no_trans? The audit.log does not show enough info for this. We were hoping for some way to look at the LSM, other than running an embedded kernel and attaching gdb. Thanks _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
