SE alert

[jd1008]

On 07/20/2015 11:57 AM, Gordon Messmer wrote:
> On 07/20/2015 10:47 AM, jd1008 wrote:
>> So, how did it become permissive?? 
>
> We have no way to answer that.  Your audit log would record the time 
> at which the system entered permissive mode.
How incredibly mysterious is that?

here are a few of the lines from audit.log.
All of the output of the command below
showed  .......permissive=0

# grep -i permissive audit.log

type=AVC msg=audit(1437355414.517:526): avc:  denied  { write } for 
pid=2365 comm="blueman-mechani" name="/" dev="tmpfs" ino=13776 
scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1437355414.517:527): avc:  denied  { write } for 
pid=2365 comm="blueman-mechani" name="/" dev="debugfs" ino=1 
scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:debugfs_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1437355414.517:528): avc:  denied  { write } for 
pid=2365 comm="blueman-mechani" name="/" dev="nfsd" ino=1 
scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:nfsd_fs_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1437355414.517:529): avc:  denied  { write } for 
pid=2365 comm="blueman-mechani" name="/" dev="sdb3" ino=2 
scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:default_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1437355414.517:530): avc:  denied  { write } for 
pid=2365 comm="blueman-mechani" name="/" dev="fusectl" ino=1 
scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir permissive=0