On 12/18/2013 04:53 PM, Jay Corrales wrote: > On 12/18/13, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: >> On 12/18/2013 10:32 AM, Jay Corrales wrote: >>> Folks, >>> >>> We think we've run into a bug with rhel5. Could be that the policy >>> database contains corruption, or contains some data structures that lead >>> to buggy results (e.g. AVC execute_no_trans). Is there a way to see >>> additional debug info in the LSM during run time? I've tried adding >>> "debug" to the boot time kernel parameters, but does not add any new >>> logging or reporting info for selinux. >> >> More likely just a bug in your policy. I can't really tell though as >> you haven't shown an AVC that corresponds to the policy that you listed. > > We restored an image of our previous build and ran the policy. There > was no perm denied error. It ran perfectly. The difference in builds > represents an installer media and updated policies. leading me to > believe there is something fundamentally wrong with the installer > media producing a corrupted policy database. > > Is there a way to know why it is reporting an AVC for > execute_no_trans? The audit.log does not show enough info for this. We > were hoping for some way to look at the LSM, other than running an > embedded kernel and attaching gdb. nosuid mount would suppress the transition. Or maybe you don't have the type_transition rule in your policy at all? _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
