AVC Denials x2 - No Network Connection Long-Post
by Frank Murphy
Basically this is F9 on a USB-Stick, installed as "install to hd"
upgraded full to newkey status.
restorecon -v '/var/lib/dhclient/dhclient-eth0.leases' -:- No change to avc(s)
Summary:
SELinux is preventing consoletype (consoletype_t) "read" to
/var/lib/dhclient/dhclient-eth0.leases (dhcpc_state_t).
Detailed Description:
SELinux denied access requested by consoletype. It is not expected that this
access is required by consoletype and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for /var/lib/dhclient/dhclient-eth0.leases,
restorecon -v '/var/lib/dhclient/dhclient-eth0.leases'
If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context unconfined_u:system_r:consoletype_t:s0
Target Context unconfined_u:object_r:dhcpc_state_t:s0
Target Objects /var/lib/dhclient/dhclient-eth0.leases [ file ]
Source consoletype
Source Path /sbin/consoletype
Port <Unknown>
Host usbstick-01
Source RPM Packages initscripts-8.76-1
Target RPM Packages
Policy RPM selinux-policy-3.3.1-42.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name usbstick-01
Platform Linux usbstick-01 2.6.25-14.fc9.i686 #1 SMP Thu
May 1 06:28:41 EDT 2008 i686 i686
Alert Count 3
First Seen Sat 13 Sep 2008 17:54:44 IST
Last Seen Sun 14 Sep 2008 10:48:26 IST
Local ID d216653d-c0e7-4df0-81bd-c9ee3c1d542b
Line Numbers
Raw Audit Messages
host=usbstick-01 type=AVC msg=audit(1221385706.55:48): avc: denied {
read } for pid=4706 comm="consoletype"
path="/var/lib/dhclient/dhclient-eth0.leases" dev=dm-0 ino=47658
scontext=unconfined_u:system_r:consoletype_t:s0
tcontext=unconfined_u:object_r:dhcpc_state_t:s0 tclass=file
host=usbstick-01 type=SYSCALL msg=audit(1221385706.55:48):
arch=40000003 syscall=11 success=yes exit=0 a0=844fcb8 a1=844f738
a2=844f958 a3=0 items=0 ppid=4705 pid=4706 auid=500 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="consoletype"
exe="/sbin/consoletype" subj=unconfined_u:system_r:consoletype_t:s0
key=(null)
Summary:
SELinux is preventing ifconfig (ifconfig_t) "read" to
/var/lib/dhclient/dhclient-eth0.leases (dhcpc_state_t).
Detailed Description:
SELinux denied access requested by ifconfig. It is not expected that this access
is required by ifconfig and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for /var/lib/dhclient/dhclient-eth0.leases,
restorecon -v '/var/lib/dhclient/dhclient-eth0.leases'
If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context unconfined_u:system_r:ifconfig_t:s0
Target Context unconfined_u:object_r:dhcpc_state_t:s0
Target Objects /var/lib/dhclient/dhclient-eth0.leases [ file ]
Source ifconfig
Source Path /sbin/ifconfig
Port <Unknown>
Host usbstick-01
Source RPM Packages net-tools-1.60-87.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-42.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name usbstick-01
Platform Linux usbstick-01 2.6.25-14.fc9.i686 #1 SMP Thu
May 1 06:28:41 EDT 2008 i686 i686
Alert Count 4
First Seen Sat 13 Sep 2008 17:54:44 IST
Last Seen Sun 14 Sep 2008 10:48:26 IST
Local ID c7b6f250-55d9-4401-97db-6503d3d2db46
Line Numbers
Raw Audit Messages
host=usbstick-01 type=AVC msg=audit(1221385706.103:49): avc: denied
{ read } for pid=4726 comm="ifconfig"
path="/var/lib/dhclient/dhclient-eth0.leases" dev=dm-0 ino=47658
scontext=unconfined_u:system_r:ifconfig_t:s0
tcontext=unconfined_u:object_r:dhcpc_state_t:s0 tclass=file
host=usbstick-01 type=SYSCALL msg=audit(1221385706.103:49):
arch=40000003 syscall=11 success=yes exit=0 a0=8490b40 a1=8490960
a2=8477018 a3=0 items=0 ppid=4704 pid=4726 auid=500 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="ifconfig"
exe="/sbin/ifconfig" subj=unconfined_u:system_r:ifconfig_t:s0
key=(null)
audit2allow -M lease < /var/lib/dhclient/dhclient-eth0.leases
compilation failed:
lease.te:6:ERROR 'syntax error' at token '' on line 6:
/usr/bin/checkmodule: error(s) encountered while parsing configuration
/usr/bin/checkmodule: loading policy configuration from lease.te
[root@usbstick-01 ~]# audit2allow -M local <
'/var/lib/dhclient/dhclient-eth0.leases'
compilation failed:
local.te:6:ERROR 'syntax error' at token '' on line 6:
/usr/bin/checkmodule: error(s) encountered while parsing configuration
/usr/bin/checkmodule: loading policy configuration from local.te
Frank
--
aMSN: Frankly3D
15 years, 7 months
Puppet's use of tempfiles for capturing use of subprocess I/O
by Sean E. Millichamp
I know this is long, please be patient as I detail the situation. There
is a lot of Puppet-stuff initially to frame the question, but I promise
there is an SELinux question at the end :)
A common use-case in Puppet is for it to manage your system services,
restarting services as needed. I noticed that when Puppet did this I
got SELinux violations. Since we are trying to embrace SELinux (and
noisy logs don't help in that goal) I dug a bit deeper.
It turns out that Puppet creates a temp file in /tmp and sets the file
descriptor for that tempfile to the stdout/stderr of the process before
it exec()s (say) "/etc/init.d/setroubleshoot" (I've seen this happen
with a number of different services).
audit log messages:
type=AVC msg=audit(1220897810.383:141): avc: denied { read write } for pid=3452 comm="setroubleshootd" path="/tmp/puppet.3059.7" dev=md3 ino=6036 scontext=root:system_r:setroubleshootd_t:s0 tcontext=root:object_r:tmp_t:s0 tclass=file
type=AVC msg=audit(1220897810.383:141): avc: denied { read write } for pid=3452 comm="setroubleshootd" path="/tmp/puppet.3059.7" dev=md3 ino=6036 scontext=root:system_r:setroubleshootd_t:s0 tcontext=root:object_r:tmp_t:s0 tclass=file
type=AVC msg=audit(1220897810.383:141): avc: denied { read write } for pid=3452 comm="setroubleshootd" path="/tmp/puppet.3059.7" dev=md3 ino=6036 scontext=root:system_r:setroubleshootd_t:s0 tcontext=root:object_r:tmp_t:s0 tclass=file
Now, it seems that the domain that the init scripts transition to
(rightly) doesn't have access to the tmp_t domain of Puppet's temporary
file. It seems that the two results of this are a) audit log noise and
b) If Puppet were to want to use the output it captures then there
wouldn't be any for confined services.
I created and submitted a patch to use Unix pipes instead of a temporary
file for capturing the output - figuring that this was the only way sure
to be SELinux-safe. (See my bug report at
http://projects.reductivelabs.com/issues/show/1563 for a link to the
original bug, the patch, and more details.) They told me that Puppet
used to use pipes about a year ago but that there were occasionally
weird hanging problems where Puppet would block on IO reads forever so
the temporary file method was adopted and they didn't want to just go
back to a situation where Puppet might end up hanging forever on an IO
read. Fair enough, I can't object to that.
I downloaded Debian Etch and successfully reproduced the originally
reported problem with the pipes method. Bottom line is that during the
package install a process is started, daemonizes, but not correctly and
never detaches from/closes stdout/stderr, causing the pipe to not close
and flush, resulting in Puppet blocking forever on the IO read.
I have now worked out another patch to Puppet which uses non-blocking
I/O. This works but causes problems where the package doesn't finish
installing properly because Puppet can't know when to finish trying to
read from the pipe and if it closes the pipe before the package is
finished installing then the install doesn't complete. At this point I
would say this is squarely a problem with the package containing the
poorly written daemon BUT, before I make that case on the bug report
with my new patch I want to know:
Is there a clean way of doing this using temporary files that will be
safe for all SELinux domain transition possibilities? Perhaps a label I
could apply to the temporary file after creation but before the
fork()/exec() that would be permissible in any SELinux context current
or future? Or some other deep Unix magic I don't know about? I suspect
the answer is "no", but I figure I had to ask the experts before
declaring there was no other way in the Puppet bug report.
Thanks for sticking through reading all of this :)
Sean
15 years, 7 months
Need some help with a new policy module
by Fred Wittekind
I'm trying to write a new policy for PvPGN.
When I try to start the service via the init script I get:
Starting PvPGN game server: /usr/sbin/bnetd: error while loading shared
libraries: libm.so.6: cannot open shared object file: Permission denied
[FAILED]
And:
host=twister.dragon type=AVC msg=audit(1221090145.148:30403): avc:
denied { search } for pid=3526 comm="bnetd" name="usr" dev=dm-0
ino=3284993 scontext=unconfined_u:system_r:pvpgn_t:s0
tcontext=system_u:object_r:usr_t:s0 tclass=dir
host=twister.dragon type=SYSCALL msg=audit(1221090145.148:30403):
arch=40000003 syscall=195 success=no exit=-13 a0=bfaad190 a1=bfaad1f0
a2=ca3fc0 a3=8 items=0 ppid=3525 pid=3526 auid=500 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=151 comm="bnetd"
exe="/usr/sbin/bnetd" subj=unconfined_u:system_r:pvpgn_t:s0 key=(null)
Policy RPM selinux-policy-3.3.1-84.fc9
If I run the service from the command line without the init script, it
works. I'm sure I'm missing something stuipid, just can't figure out
what it is. Can't figure out why it works without the initscript, and
throws selinux errors when run from the init script.
Thanks in advance for any help.
Fred Wittekind IV
# config
/etc/pvpgn -d gen_context(system_u:object_r:pvpgn_etc_t,s0)
/etc/pvpgn/.* -- gen_context(system_u:object_r:pvpgn_etc_t,s0)
/usr/bin/bnbot -- gen_context(system_u:object_r:pvpgn_exec_t,s0)
/usr/bin/bncdb -- gen_context(system_u:object_r:pvpgn_exec_t,s0)
/usr/bin/bnchat -- gen_context(system_u:object_r:pvpgn_exec_t,s0)
/usr/bin/bnftp -- gen_context(system_u:object_r:pvpgn_exec_t,s0)
/usr/bin/bni2tga -- gen_context(system_u:object_r:pvpgn_exec_t,s0)
/usr/bin/bnibuild -- gen_context(system_u:object_r:pvpgn_exec_t,s0)
/usr/bin/bniextract -- gen_context(system_u:object_r:pvpgn_exec_t,s0)
/usr/bin/bnilist -- gen_context(system_u:object_r:pvpgn_exec_t,s0)
/usr/bin/bnpass -- gen_context(system_u:object_r:pvpgn_exec_t,s0)
/usr/bin/bnstat -- gen_context(system_u:object_r:pvpgn_exec_t,s0)
/usr/bin/tgainfo -- gen_context(system_u:object_r:pvpgn_exec_t,s0)
/usr/sbin/bnetd -- gen_context(system_u:object_r:pvpgn_exec_t,s0)
/usr/sbin/bntrackd -- gen_context(system_u:object_r:pvpgn_exec_t,s0)
/usr/sbin/d2cs -- gen_context(system_u:object_r:pvpgn_exec_t,s0)
/usr/sbin/d2dbs -- gen_context(system_u:object_r:pvpgn_exec_t,s0)
/var/lib/pvpgn -d gen_context(system_u:object_r:pvpgn_var_lib_t,s0)
/var/lib/pvpgn/.* gen_context(system_u:object_r:pvpgn_var_lib_t,s0)
/var/log/pvpgn -d gen_context(system_u:object_r:pvpgn_log_t,s0)
/var/log/pvpgn/.* -- gen_context(system_u:object_r:pvpgn_log_t,s0)
/var/run/pvpgn -d gen_context(system_u:object_r:pvpgn_var_run_t,s0)
/var/run/pvpgn/.* -- gen_context(system_u:object_r:pvpgn_var_run_t,s0)
module pvpgn 1.0.0;
require {
class fd use;
class process { fork signal_perms transition noatsecure siginh rlimitinh };
class fifo_file { read write getattr lock ioctl append };
class filesystem { getattr };
class dir { manage_dir_perms relabelfrom };
class file { manage_file_perms execute execute_no_trans entrypoint execmod };
class chr_file { manage_file_perms };
class lnk_file { read getattr lock ioctl };
class unix_stream_socket { create_stream_socket_perms connectto };
class sock_file { rw_file_perms };
class netif { packet_perms };
attribute port_type;
class tcp_socket { create_stream_socket_perms recv_msg send_msg node_bind name_bind name_connect recvfrom };
class udp_socket { create_stream_socket_perms recv_msg send_msg node_bind name_bind recvfrom };
class node { packet_perms };
class rawip_socket { recvfrom };
class association { sendto recvfrom };
class packet { send recv };
class capability { setgid setuid };
}
type pvpgn_t;
type pvpgn_exec_t;
domain_type(pvpgn_t)
init_daemon_domain(pvpgn_t, pvpgn_exec_t)
type pvpgn_etc_t;
files_type(pvpgn_etc_t)
type pvpgn_var_run_t;
files_type(pvpgn_var_run_t)
files_pid_file(pvpgn_var_run_t)
files_pid_filetrans(pvpgn_t,pvpgn_var_run_t,file)
type pvpgn_var_lib_t;
files_type(pvpgn_var_lib_t)
manage_dirs_pattern(pvpgn_t, pvpgn_var_lib_t, pvpgn_var_lib_t)
manage_files_pattern(pvpgn_t, pvpgn_var_lib_t, pvpgn_var_lib_t)
files_var_lib_filetrans(pvpgn_t,pvpgn_var_lib_t,file)
type pvpgn_log_t;
files_type(pvpgn_log_t)
logging_log_filetrans(pvpgn_t, pvpgn_log_t, { file dir })
# Database connections
mysql_stream_connect(pvpgn_t)
postgresql_stream_connect(pvpgn_t)
#
allow pvpgn_t self:capability { setgid setuid };
allow pvpgn_t self:process { fork signal_perms };
# Network
corenet_tcp_sendrecv_generic_if(pvpgn_t)
corenet_udp_sendrecv_generic_if(pvpgn_t)
corenet_udp_bind_generic_port(pvpgn_t)
corenet_tcp_bind_generic_port(pvpgn_t)
corenet_tcp_sendrecv_all_nodes(pvpgn_t)
corenet_udp_sendrecv_all_nodes(pvpgn_t)
corenet_all_recvfrom_unlabeled(pvpgn_t)
corenet_all_recvfrom_netlabel(pvpgn_t)
15 years, 7 months
Help with AVC messages
by Kristen R
Last night I had a users website hacked. The hacker then tried to use httpd to
access /etc files and directorys, as well as the root directory. SELinux
saved my system.
I need to make a complaint to the ISP who is providing for this offender. I
have http access logs and error logs but they don't show very much. Other
then access which was valid (well, not valid) and 2 entries in the error log.
Is there a way I can correlate the AVC denials with the malious attacker? The
AVC messages do not have time stamps or IP addresses attached to them.
Thank you for your assistance, and for SELinux!
Kristen
15 years, 7 months
Re: udp bind() fails with EACCESS when selinux enforcing, but no audit messages
by David P. Quigley
I'm pretty sure this doesn't have anything to do with the kernel end but
is probably some sort of policy issue instead. I've CCed the
fedora-selinux list for an answer. The CC to linux-kernel should
probably be dropped from the reply there.
Dave
On Thu, 2008-09-11 at 17:34 +0200, Enrique Perez-Terron wrote:
> Fedora core 9 stock kernel 2.6.25.108 i586
>
> Udp bind() fails with EACCESS when selinux enforcing, but no audit
> messages.
>
> How to reproduce:
>
> In startup scripts, configure rpc.statd to use the fixed port 34.
> This port does not occur in /etc/services
> (In /etc/sysconfig/nfs, STATD_PORT=34)
>
> Write the following script, run it with bash -x.
>
> #!/bin/bash
>
> TESTDIR=/var/tmp/se-bind-test-$$
> mkdir $TESTDIR # to hold about 50 files
> cd $TESTDIR
>
> # Stop NFS:
> service nfs stop
> service nfslock stop
>
> # Gather some baseline data for easy comparison
> echo 1 /selinux/enforce # just in case
> dmesg > dmesg-enforc-before
> wc /var/log/audit/audit.log > audit-enforc-before
>
> # This fails
> strace -o enforc -ff service nfslock start
>
> # But no new messages in logs
> dmesg > dmesg-enforc-after
> wc /var/log/audit/audit.log > audit-enforc-after
>
> # Try again in permissive mode
> echo 0 /selinux/enforce
> dmesg > dmesg-nonenf-before
> wc /var/log/audit/audit.log > audit-nonenf-before
>
> # Since this works, daemon starts, and strace hangs on
> # Need sigkill; sigint does not work. Why?
> (sleep 5; killall -9 strace) &
> strace -o nonenf -ff service nfslock start
>
> # Just for symmetry
> dmesg > dmesg-nonenf-after
> wc /var/log/audit/audit.log > audit-nonenf-after
>
> # Check that there are no audits.
> diff dmesg-enforc-before dmesg-enforc-after
> diff audit-enforc-before audit-enforc-after
>
> # There are several other calls to bind() that are not prevented
> grep -E '^bind|^socket' enforc.*
> grep -E '^bind|^socket' nonenf.*
>
> Regards
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo(a)vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
15 years, 7 months
SELinux kerneloops and dhclient issues
by Stephen Croll
Note: Originally posted to fedora-list.
The "setroubleshoot browser" is reporting the following issues on Fedora 9:
SELinux is preventing kerneloops (kerneloops_t) "signal" to <Unknown>
(kerneloops_t).
SELinux is preventing dhclient (dhcpc_t) "read write" to socket
(unconfined_t).
The first issue occurred on boot, but no longer seems to be happening.
The second
issue occurs when I bring up eth0.
Should I file a bug report, or might there be something more sinister
going on?
For reference, the complete reports are as follows:
Summary:
SELinux is preventing kerneloops (kerneloops_t) "signal" to <Unknown>
(kerneloops_t).
Detailed Description:
SELinux denied access requested by kerneloops. It is not expected that this
access is required by kerneloops and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration
of the
application is causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended.
Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context system_u:system_r:kerneloops_t:s0
Target Context system_u:system_r:kerneloops_t:s0
Target Objects None [ process ]
Source kerneloops
Source Path /usr/sbin/kerneloops
Port <Unknown>
Host gerbil
Source RPM Packages kerneloops-0.11-1.fc9
Target RPM Packages Policy RPM
selinux-policy-3.3.1-84.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name gerbil
Platform Linux gerbil 2.6.25.14-108.fc9.x86_64 #1
SMP Mon
Aug 4 13:46:35 EDT 2008 x86_64 x86_64
Alert Count 2
First Seen Sun 07 Sep 2008 03:21:55 AM CDT
Last Seen Sun 07 Sep 2008 03:21:55 AM CDT
Local ID fa4c1bd0-faf1-48ba-ba55-74285538ef90
Line Numbers Raw Audit Messages
host=gerbil type=AVC msg=audit(1220775715.59:8): avc: denied { signal
} for pid=2363 comm="kerneloops"
scontext=system_u:system_r:kerneloops_t:s0
tcontext=system_u:system_r:kerneloops_t:s0 tclass=process
host=gerbil type=SYSCALL msg=audit(1220775715.59:8): arch=c000003e
syscall=234 success=no exit=-13 a0=93b a1=93b a2=6 a3=8 items=0 ppid=1
pid=2363 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) ses=4294967295 comm="kerneloops"
exe="/usr/sbin/kerneloops" subj=system_u:system_r:kerneloops_t:s0
key=(null)
-and-
Summary:
SELinux is preventing dhclient (dhcpc_t) "read write" to socket
(unconfined_t).
Detailed Description:
SELinux denied access requested by dhclient. It is not expected that
this access
is required by dhclient and this access may signal an intrusion attempt.
It is
also possible that the specific version or configuration of the
application is
causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended.
Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023
Target Context
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
023
Target Objects socket [ unix_stream_socket ]
Source dhclient
Source Path /sbin/dhclient
Port <Unknown>
Host gerbil
Source RPM Packages dhclient-4.0.0-14.fc9
Target RPM Packages Policy RPM
selinux-policy-3.3.1-84.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name gerbil
Platform Linux gerbil 2.6.25.14-108.fc9.x86_64 #1
SMP Mon
Aug 4 13:46:35 EDT 2008 x86_64 x86_64
Alert Count 16
First Seen Sun 07 Sep 2008 12:56:48 AM CDT
Last Seen Sun 07 Sep 2008 03:23:07 AM CDT
Local ID a3b5492a-0ef2-4cc3-bdd0-4c06696bae70
Line Numbers Raw Audit Messages
host=gerbil type=AVC msg=audit(1220775787.407:21): avc: denied { read
write } for pid=3069 comm="dhclient" path="socket:[68728]" dev=sockfs
ino=68728 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tclass=unix_stream_socket
host=gerbil type=SYSCALL msg=audit(1220775787.407:21): arch=c000003e
syscall=59 success=yes exit=0 a0=948530 a1=94ad90 a2=8f0d70
a3=3f48f67a70 items=0 ppid=2970 pid=3069 auid=500 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="dhclient"
exe="/sbin/dhclient" subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023
key=(null)
--
Steve Croll
15 years, 7 months
Naive Qs about selinux modules
by Johnson, Richard
Q: Can any SELinux directive be put into a policy smodule, or are there
restrictions?
For example: suppose I wanted to:
allow snmpd_t apmd_t:process ptrace;
allow snmpd_t auditd_t:process ptrace;
allow snmpd_t automount_t:process ptrace;
[ ...and so on ]
so that snmpd could access mib .1.3.6.1.2.1.6. (advisability
notwithstanding) Could these directives be put into a policy module even
though the base policy already has an snmpd i/f?
Q. Can a module define new booleans? If so are they persistent if the
module is unloaded and reloaded?
For example; an snmpd policy module with an snmpd_can_ptrace boolean.
Are there namespace conventions?
Q. What happens if the base policy (or another policy modules) is
updated with overlapping statements.
Am I correct in believing that the set of allows is the union of the
base allows + all module allows?
--rich
15 years, 7 months
rsync, xattrs, ntfs-3g and "selinux.selinux"
by Tom London
Running rawhide.
I use "rsync" to backup my system to a USB hard drive.
I also ntfs-3g mount a WinXP partition to '/mnt/windows' on boot, and
I use the above rsync to back that up as well.
Adding '-xattrs' to the argument list for rsync seems to produce scads
of the following (I'm guessing one for each file in the ntfs-3g file
system ):
rsync: rsync_xal_clear:
lremovexattr("mnt/windows/WINDOWS/twain_32/wiatwain.ds","security.selinux")
failed: Permission denied (13)
rsync: rsync_xal_clear:
lremovexattr("mnt/windows/temp","security.selinux") failed: Permission
denied (13)
rsync: rsync_xal_clear:
lremovexattr("mnt/windows/temp/setup.log","security.selinux") failed:
Permission denied (13)
Destination fs i ext4dev.
When mounted, all the files in /mnt/windows have type: fusefs_t. When
rsych'ed, the type on the ext4 fs is file_t.
Running 'getfatttr -d' on the source files produces, for example:
[root@localhost temp]# getfattr -d *
getfattr: setup.log: Operation not supported
[root@localhost temp]#
On the destination fs, result is
[root@localhost temp]# getfattr -d *
[root@localhost temp]#
This something due to the way I mounted the ntfs-3g fs? The way I run
rsync? Other?
thanks,
tom
--
Tom London
15 years, 7 months
changes from fedora 7 to 9
by Robert J. Carr
Hopefully this is a quick question to those that know SELinux more
than I do, which wouldn't be very hard to accomplish.
I'm migrating a (working) environment from one server running Fedora 7
to another running Fedora 9. After pulling my hair out for most of
the day I've found out the problem is with SELinux because when I
turned it off temporarily everything worked fine.
Not to get into too much detail, but my problem came from apache not
being able to access a file (although the error isn't quite that
clear). Between the working environment and the non-working
environment I can only see a couple differences in the selinux config
files in /etc, but these have never been touched in either instance.
The context labels are a bit different too. The working environment
has these selinux context labels:
user_u:object_r:httpd_sys_content_t
But the non-working environment has these context labels:
unconfined_u:object_r:httpd_sys_content_t:s0
It seems to get an extra field and the user changes to unconfined. Is
this relevant?
There is nothing else that I can find different, is there anything
else that could be the problem?
Any advice would be greatly appreciated.
15 years, 7 months
problems with sound, cont'd - selinux is in the way
by Antonio Olivares
Dear fellow testers and selinux experts,
In the other thread, I sent error messages like
Audio file file format detected.
==========================================================================
Opening audio decoder: [mp3lib] MPEG layer-2, layer-3
AUDIO: 44100 Hz, 2 ch, s16le, 128.0 kbit/9.07% (ratio: 16000->176400)
Selected audio codec: [mp3] afm: mp3lib (mp3lib MPEG layer-2, layer-3)
==========================================================================
[AO_ALSA] alsa-lib: confmisc.c:768:(parse_card) cannot find card '0'
[AO_ALSA] alsa-lib: conf.c:3513:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
[AO_ALSA] alsa-lib: confmisc.c:392:(snd_func_concat) error evaluating strings
[AO_ALSA] alsa-lib: conf.c:3513:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
[AO_ALSA] alsa-lib: confmisc.c:1251:(snd_func_refer) error evaluating name
[AO_ALSA] alsa-lib: conf.c:3513:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
[AO_ALSA] alsa-lib: conf.c:3985:(snd_config_expand) Evaluate error: No such file or directory
[AO_ALSA] alsa-lib: pcm.c:2184:(snd_pcm_open_noupdate) Unknown PCM default
[AO_ALSA] Playback open error: No such file or directory
Could not open/initialize audio device -> no sound.
Audio: no sound
Video: no video
without avcs, selinux is denying pulse:
SELinux: initialized (dev fuse, type fuse), uses genfs_contexts
type=1400 audit(1220529397.477:16): avc: denied { execstack } for pid=2945 comm="operapluginwrap" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process
type=1400 audit(1220529397.482:17): avc: denied { execstack } for pid=2945 comm="operapluginwrap" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process
type=1400 audit(1220529634.634:18): avc: denied { execstack } for pid=3088 comm="operapluginwrap" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process
type=1400 audit(1220529634.643:19): avc: denied { execstack } for pid=3088 comm="operapluginwrap" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process
type=1400 audit(1220529745.350:20): avc: denied { sys_tty_config } for pid=3224 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529745.389:21): avc: denied { sys_tty_config } for pid=3226 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529745.571:22): avc: denied { sys_tty_config } for pid=3228 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529745.611:23): avc: denied { sys_tty_config } for pid=3230 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529756.030:24): avc: denied { sys_tty_config } for pid=3233 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529756.095:25): avc: denied { sys_tty_config } for pid=3235 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529756.244:26): avc: denied { sys_tty_config } for pid=3237 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529756.283:27): avc: denied { sys_tty_config } for pid=3239 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529756.402:28): avc: denied { sys_tty_config } for pid=3241 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529756.442:29): avc: denied { sys_tty_config } for pid=3243 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529756.643:30): avc: denied { sys_tty_config } for pid=3245 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529756.683:31): avc: denied { sys_tty_config } for pid=3247 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529759.722:32): avc: denied { sys_tty_config } for pid=3249 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529759.763:33): avc: denied { sys_tty_config } for pid=3251 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
__ratelimit: 24 callbacks suppressed
type=1400 audit(1220529767.214:42): avc: denied { sys_tty_config } for pid=3271 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529767.317:43): avc: denied { sys_tty_config } for pid=3273 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529767.714:44): avc: denied { sys_tty_config } for pid=3275 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529767.757:45): avc: denied { sys_tty_config } for pid=3277 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529768.485:46): avc: denied { sys_tty_config } for pid=3281 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529768.525:47): avc: denied { sys_tty_config } for pid=3283 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529770.778:48): avc: denied { sys_tty_config } for pid=3285 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529770.859:49): avc: denied { sys_tty_config } for pid=3287 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529772.510:50): avc: denied { sys_tty_config } for pid=3297 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529772.550:51): avc: denied { sys_tty_config } for pid=3299 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529775.226:52): avc: denied { sys_tty_config } for pid=3301 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529775.279:53): avc: denied { sys_tty_config } for pid=3303 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529775.453:54): avc: denied { sys_tty_config } for pid=3305 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529775.492:55): avc: denied { sys_tty_config } for pid=3307 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529777.577:56): avc: denied { sys_tty_config } for pid=3309 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529777.634:57): avc: denied { sys_tty_config } for pid=3311 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529777.769:58): avc: denied { sys_tty_config } for pid=3313 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529777.810:59): avc: denied { sys_tty_config } for pid=3315 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529780.434:60): avc: denied { sys_tty_config } for pid=3317 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529780.632:61): avc: denied { sys_tty_config } for pid=3319 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529781.084:62): avc: denied { sys_tty_config } for pid=3329 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529781.126:63): avc: denied { sys_tty_config } for pid=3331 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529784.000:64): avc: denied { sys_tty_config } for pid=3333 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529784.110:65): avc: denied { sys_tty_config } for pid=3335 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529784.430:66): avc: denied { sys_tty_config } for pid=3337 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529784.477:67): avc: denied { sys_tty_config } for pid=3339 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529784.823:68): avc: denied { sys_tty_config } for pid=3341 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529784.865:69): avc: denied { sys_tty_config } for pid=3343 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529788.255:70): avc: denied { sys_tty_config } for pid=3345 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529788.529:71): avc: denied { sys_tty_config } for pid=3347 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529788.655:72): avc: denied { sys_tty_config } for pid=3349 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529788.700:73): avc: denied { sys_tty_config } for pid=3351 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
__ratelimit: 6 callbacks suppressed
type=1400 audit(1220529811.625:76): avc: denied { sys_tty_config } for pid=3357 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529811.686:77): avc: denied { sys_tty_config } for pid=3359 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529811.827:78): avc: denied { sys_tty_config } for pid=3361 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529811.869:79): avc: denied { sys_tty_config } for pid=3363 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529812.004:80): avc: denied { sys_tty_config } for pid=3365 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529812.072:81): avc: denied { sys_tty_config } for pid=3367 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529812.310:82): avc: denied { sys_tty_config } for pid=3369 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529812.352:83): avc: denied { sys_tty_config } for pid=3371 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529814.439:84): avc: denied { sys_tty_config } for pid=3373 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529814.487:85): avc: denied { sys_tty_config } for pid=3375 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
__ratelimit: 12 callbacks suppressed
type=1400 audit(1220529818.528:90): avc: denied { sys_tty_config } for pid=3393 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529818.568:91): avc: denied { sys_tty_config } for pid=3395 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529820.169:92): avc: denied { sys_tty_config } for pid=3405 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529820.212:93): avc: denied { sys_tty_config } for pid=3407 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529820.505:94): avc: denied { sys_tty_config } for pid=3409 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529820.547:95): avc: denied { sys_tty_config } for pid=3411 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529822.767:96): avc: denied { sys_tty_config } for pid=3413 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529822.842:97): avc: denied { sys_tty_config } for pid=3415 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529822.960:98): avc: denied { sys_tty_config } for pid=3417 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529823.033:99): avc: denied { sys_tty_config } for pid=3419 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
__ratelimit: 12 callbacks suppressed
type=1400 audit(1220529825.678:104): avc: denied { sys_tty_config } for pid=3429 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529825.724:105): avc: denied { sys_tty_config } for pid=3431 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529825.856:106): avc: denied { sys_tty_config } for pid=3433 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529825.897:107): avc: denied { sys_tty_config } for pid=3435 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529826.000:108): avc: denied { sys_tty_config } for pid=3437 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529826.041:109): avc: denied { sys_tty_config } for pid=3439 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529826.231:110): avc: denied { sys_tty_config } for pid=3441 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529826.271:111): avc: denied { sys_tty_config } for pid=3443 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529826.437:112): avc: denied { sys_tty_config } for pid=3445 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529826.478:113): avc: denied { sys_tty_config } for pid=3447 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529835.583:114): avc: denied { sys_tty_config } for pid=3451 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529835.634:115): avc: denied { sys_tty_config } for pid=3453 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529835.820:116): avc: denied { sys_tty_config } for pid=3455 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529835.861:117): avc: denied { sys_tty_config } for pid=3457 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529838.320:118): avc: denied { sys_tty_config } for pid=3459 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529838.360:119): avc: denied { sys_tty_config } for pid=3461 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529838.516:120): avc: denied { sys_tty_config } for pid=3463 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529838.561:121): avc: denied { sys_tty_config } for pid=3465 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529839.201:122): avc: denied { sys_tty_config } for pid=3467 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529839.242:123): avc: denied { sys_tty_config } for pid=3469 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529841.192:124): avc: denied { sys_tty_config } for pid=3471 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529841.321:125): avc: denied { sys_tty_config } for pid=3473 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529841.520:126): avc: denied { sys_tty_config } for pid=3476 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529841.637:127): avc: denied { sys_tty_config } for pid=3478 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529841.822:128): avc: denied { sys_tty_config } for pid=3480 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529841.862:129): avc: denied { sys_tty_config } for pid=3482 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529842.166:130): avc: denied { sys_tty_config } for pid=3484 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529842.210:131): avc: denied { sys_tty_config } for pid=3486 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529844.442:132): avc: denied { sys_tty_config } for pid=3488 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529844.506:133): avc: denied { sys_tty_config } for pid=3490 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
__ratelimit: 24 callbacks suppressed
type=1400 audit(1220529848.095:142): avc: denied { sys_tty_config } for pid=3508 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529848.185:143): avc: denied { sys_tty_config } for pid=3510 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529848.859:144): avc: denied { sys_tty_config } for pid=3520 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529848.898:145): avc: denied { sys_tty_config } for pid=3522 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529849.137:146): avc: denied { sys_tty_config } for pid=3524 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529849.177:147): avc: denied { sys_tty_config } for pid=3526 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529852.584:148): avc: denied { sys_tty_config } for pid=3528 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529852.634:149): avc: denied { sys_tty_config } for pid=3530 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529852.754:150): avc: denied { sys_tty_config } for pid=3532 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529852.821:151): avc: denied { sys_tty_config } for pid=3534 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
__ratelimit: 6 callbacks suppressed
type=1400 audit(1220529853.255:154): avc: denied { sys_tty_config } for pid=3540 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529853.299:155): avc: denied { sys_tty_config } for pid=3542 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529881.330:156): avc: denied { sys_tty_config } for pid=3545 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529881.399:157): avc: denied { sys_tty_config } for pid=3547 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529881.503:158): avc: denied { sys_tty_config } for pid=3549 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529881.544:159): avc: denied { sys_tty_config } for pid=3551 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529883.136:160): avc: denied { sys_tty_config } for pid=3561 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529883.175:161): avc: denied { sys_tty_config } for pid=3563 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529883.488:162): avc: denied { sys_tty_config } for pid=3565 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529883.527:163): avc: denied { sys_tty_config } for pid=3567 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529886.317:164): avc: denied { sys_tty_config } for pid=3569 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529886.358:165): avc: denied { sys_tty_config } for pid=3571 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529886.488:166): avc: denied { sys_tty_config } for pid=3573 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529886.526:167): avc: denied { sys_tty_config } for pid=3575 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529886.608:168): avc: denied { sys_tty_config } for pid=3577 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529886.648:169): avc: denied { sys_tty_config } for pid=3579 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529886.941:170): avc: denied { sys_tty_config } for pid=3581 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529886.980:171): avc: denied { sys_tty_config } for pid=3583 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529889.535:172): avc: denied { sys_tty_config } for pid=3585 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529889.595:173): avc: denied { sys_tty_config } for pid=3587 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529889.722:174): avc: denied { sys_tty_config } for pid=3589 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529889.769:175): avc: denied { sys_tty_config } for pid=3591 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
__ratelimit: 18 callbacks suppressed
type=1400 audit(1220529892.600:182): avc: denied { sys_tty_config } for pid=3605 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529892.639:183): avc: denied { sys_tty_config } for pid=3607 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529892.801:184): avc: denied { sys_tty_config } for pid=3609 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529892.841:185): avc: denied { sys_tty_config } for pid=3611 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529893.125:186): avc: denied { sys_tty_config } for pid=3613 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529893.165:187): avc: denied { sys_tty_config } for pid=3615 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529895.584:188): avc: denied { sys_tty_config } for pid=3618 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529895.658:189): avc: denied { sys_tty_config } for pid=3620 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529895.814:190): avc: denied { sys_tty_config } for pid=3622 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529895.853:191): avc: denied { sys_tty_config } for pid=3624 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
__ratelimit: 6 callbacks suppressed
type=1400 audit(1220529898.643:194): avc: denied { sys_tty_config } for pid=3630 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529898.686:195): avc: denied { sys_tty_config } for pid=3632 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529898.852:196): avc: denied { sys_tty_config } for pid=3634 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529898.892:197): avc: denied { sys_tty_config } for pid=3636 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529899.200:198): avc: denied { sys_tty_config } for pid=3638 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529899.242:199): avc: denied { sys_tty_config } for pid=3640 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529901.667:200): avc: denied { sys_tty_config } for pid=3642 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529901.756:201): avc: denied { sys_tty_config } for pid=3644 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529901.876:202): avc: denied { sys_tty_config } for pid=3646 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529901.926:203): avc: denied { sys_tty_config } for pid=3648 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
__ratelimit: 18 callbacks suppressed
type=1400 audit(1220529904.636:210): avc: denied { sys_tty_config } for pid=3663 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529904.690:211): avc: denied { sys_tty_config } for pid=3665 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529904.850:212): avc: denied { sys_tty_config } for pid=3667 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529904.891:213): avc: denied { sys_tty_config } for pid=3669 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529907.399:214): avc: denied { sys_tty_config } for pid=3671 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529907.498:215): avc: denied { sys_tty_config } for pid=3673 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529907.794:216): avc: denied { sys_tty_config } for pid=3675 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529907.834:217): avc: denied { sys_tty_config } for pid=3677 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529908.700:218): avc: denied { sys_tty_config } for pid=3679 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529908.740:219): avc: denied { sys_tty_config } for pid=3681 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529913.685:220): avc: denied { sys_tty_config } for pid=3684 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529913.742:221): avc: denied { sys_tty_config } for pid=3686 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529913.879:222): avc: denied { sys_tty_config } for pid=3688 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529913.949:223): avc: denied { sys_tty_config } for pid=3690 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529914.276:224): avc: denied { sys_tty_config } for pid=3692 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529914.320:225): avc: denied { sys_tty_config } for pid=3694 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529914.738:226): avc: denied { sys_tty_config } for pid=3696 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529914.896:227): avc: denied { sys_tty_config } for pid=3698 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529935.547:228): avc: denied { sys_tty_config } for pid=3702 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529935.589:229): avc: denied { sys_tty_config } for pid=3704 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529936.070:230): avc: denied { sys_tty_config } for pid=3706 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529936.112:231): avc: denied { sys_tty_config } for pid=3708 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529939.916:232): avc: denied { sys_tty_config } for pid=3710 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529939.978:233): avc: denied { sys_tty_config } for pid=3712 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529940.548:234): avc: denied { sys_tty_config } for pid=3714 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220529940.610:235): avc: denied { sys_tty_config } for pid=3716 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220530068.807:236): avc: denied { sys_tty_config } for pid=3736 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
type=1400 audit(1220530068.856:237): avc: denied { sys_tty_config } for pid=3739 comm="pulseaudio" capability=26 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability
(TIA) Thanks in Advance,
Antonio
15 years, 7 months