Bug 1164896
Summary: | RHEL7.1 IPA server httpd avc denials after upgrade | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Scott Poore <spoore> | ||||||||||
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> | ||||||||||
Status: | CLOSED ERRATA | QA Contact: | Scott Poore <spoore> | ||||||||||
Severity: | unspecified | Docs Contact: | |||||||||||
Priority: | medium | ||||||||||||
Version: | 7.1 | CC: | abokovoy, dwalsh, ipa-maint, jcholast, jpazdziora, lvrabec, mgrepl, mkosek, mmalik, mscherer, nsoman, ovasik, plautrba, pvrabec, rcritten, spoore, ssorce | ||||||||||
Target Milestone: | rc | Keywords: | TestBlocker | ||||||||||
Target Release: | --- | ||||||||||||
Hardware: | x86_64 | ||||||||||||
OS: | Linux | ||||||||||||
Whiteboard: | |||||||||||||
Fixed In Version: | ipa-4.1.0-13.el7 | Doc Type: | Bug Fix | ||||||||||
Doc Text: | Story Points: | --- | |||||||||||
Clone Of: | Environment: | ||||||||||||
Last Closed: | 2015-03-05 10:14:47 UTC | Type: | Bug | ||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||
Documentation: | --- | CRM: | |||||||||||
Verified Versions: | Category: | --- | |||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
Embargoed: | |||||||||||||
Attachments: |
|
Description
Scott Poore
2014-11-17 19:53:47 UTC
FYI, when I set SELinux to permissive mode, this works: [root@nu1 log]# setenforce 0 [root@nu1 log]# kinit admin Password for admin: [root@nu1 log]# ipa user-find -------------- 1 user matched -------------- User login: admin Last name: Administrator Home directory: /home/admin Login shell: /bin/bash UID: 1931400000 GID: 1931400000 Account disabled: False Password: True Kerberos keys available: True ---------------------------- Number of entries returned 1 ---------------------------- What is running as rpm_script_t if you re-test it? ps -efZ |grep rpm_script I don't see anything running as that. In one window: [root@idm-qe-02 ~]# while true; do ps -efZ |grep rpm_scr[i]pt; done In a different window: [root@idm-qe-02 ~]# ipa user-find ipa: ERROR: cannot connect to 'https://idm-qe-02.testrelm.test/ipa/json': Internal Server Error In the first, I never see anything pop up as running rpm_script_t. Are we able to reproduce it? Yes, I'm able to reproduce it with the upgrade of an IPA server and running ipa commands. Since syscalls 248 and 250 are "add_key" and "keyctl" on x86_64 and the error happens in mod_auth_kerb, this must be related to Kerberos KEYRING ccache. I think this needs to be fixed in selinux-policy. I was hoping there errors were fixed in Bug 1073492... Moving back to selinux-policy given Comment 7. (In reply to Martin Kosek from comment #9) > I was hoping there errors were fixed in Bug 1073492... This is another case. We have rpm_script_t here instead of userdomain. So it happens in a rpm scriptlet? Not sure. It would be interesting to test when do the AVCs appear, if during RPM upgrade or *after* it when it ends and IPA is running again. Jan or any other IPA developer could investigate if machine with reproducer is available. The AVCs are appearing after the actual rpm upgrades when I run ipa commands. I will email details on a host that can be used for investigating this. The behavior on Scott's host is strange: # sudo -u apache klist klist: Credentials cache keyring 'persistent:48:48' not found # sudo -u apache kdestroy # sudo -u apache kinit -k /etc/httpd/conf/ipa.keytab # sudo -u apache klist Ticket cache: KEYRING:persistent:48:48 Default principal: HTTP/blade05.testrelm.test Valid starting Expires Service principal 11/21/2014 10:39:09 11/22/2014 10:39:09 krbtgt/TESTRELM.TEST # ipa user-show admin User login: admin # sudo -u apache kdestroy # sudo -u apache klist klist: Credentials cache keyring 'persistent:48:48' not found # ipa user-show admin User login: admin I am wondering why the kinit helped... It was probably the kdestroy that fixed it, not the kinit. Apache will attempt to get its own TGT if it doesn't have one or it is expired. Potentially yes, I think I did try running user-show after kdestroy, but I am now not sure. Scott, could you please run your test again, but run # sudo -u apache kdestroy -A Before trying running the IPA commands? Maybe *this* will be the workaround for this upgrade blocking issue. So is it a correct behaviour? The point is httpd_t attempts keyring created during a rpm transaction. type=AVC msg=audit(1416253052.306:727): avc: denied { read } for pid=28551 comm="httpd" scontext=system_u:system_r:httpd_t:s0 "tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key" (In reply to Miroslav Grepl from comment #17) > So is it a correct behaviour? > > The point is httpd_t attempts keyring created during a rpm transaction. It apparently does. Question what should be the proper fix then, given that httpd process is restarted during the upgrade to read the updated configuration. Just clearning the cache (kdestroy -A) at the end of the ipa upgrade may not be enough as the RPM upgrade is still running at this point AFAIU and wrong keyring may be thus again created. Martin, The kdestroy before ipa command didn't seem to be enough to resolve the issue: [root@rhel7-9 ~]# yum -y update 'ipa*' sssd Loaded plugins: product-id, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. ... tomcat-servlet-3.0-api.noarch 0:7.0.54-1.el7 tomcatjss.noarch 0:7.1.0-5.el7 Complete! [root@rhel7-9 ~]# sudo -u apache kdestroy -A [root@rhel7-9 ~]# kinit admin Password for admin: [root@rhel7-9 ~]# ipa user-find ipa: ERROR: cannot connect to 'https://rhel7-9.example.com/ipa/json': Internal Server Error [root@rhel7-9 ~]# FYI, I also can't get the apache credentials cache keyring to populate: [root@rhel7-9 ~]# ipa user-find ipa: ERROR: cannot connect to 'https://rhel7-9.example.com/ipa/json': Internal Server Error [root@rhel7-9 ~]# sudo -u apache klist klist: Credentials cache keyring 'persistent:48:48' not found [root@rhel7-9 ~]# sudo -u apache kdestroy [root@rhel7-9 ~]# sudo -u apache kinit -k /etc/httpd/conf/ipa.keytab kinit: Client '/etc/httpd/conf/ipa.keytab' not found in Kerberos database while getting initial credentials [root@rhel7-9 ~]# sudo -u apache kinit -kt /etc/httpd/conf/ipa.keytab kinit: Keytab contains no suitable keys for host/rhel7-9.example.com while getting initial credentials (In reply to Scott Poore from comment #20) ... > [root@rhel7-9 ~]# sudo -u apache kinit -kt /etc/httpd/conf/ipa.keytab > kinit: Keytab contains no suitable keys for > host/rhel7-9.example.com while getting initial credentials I see the example I gave was wrong, you would need to do the standard # sudo -u apache kinit -kt /etc/httpd/conf/ipa.keytab HTTP/`hostname` But I am still not convinced this fix does not belong in selinux-policy. It happens *after* RPM upgrade, httpd is running with the right scontext so this leads me to following possible fixes: 1) So if the httpd user default keyring is created by httpd during RPM transaction, it is somehow marked as rpm_script_t keyring? What can we do in the upgrade script to make it "normal" keyring then? 2) Alternatively, can we do fixes in selinux-policy as suggested in Comment 8 to allow this behavior? CCing also Simo and Alexander to see if they have any idea. Oh, yeah, that works: [root@rhel7-9 ~]# sudo -u apache kinit -kt /etc/httpd/conf/ipa.keytab HTTP/`hostname` [root@rhel7-9 ~]# ipa user-find -------------- 1 user matched -------------- User login: admin Last name: Administrator Home directory: /home/admin Login shell: /bin/bash UID: 651800000 GID: 651800000 Account disabled: False Password: True Kerberos keys available: True ---------------------------- Number of entries returned 1 ---------------------------- [root@rhel7-9 ~]# (In reply to Martin Kosek from comment #21) > (In reply to Scott Poore from comment #20) > ... > > [root@rhel7-9 ~]# sudo -u apache kinit -kt /etc/httpd/conf/ipa.keytab > > kinit: Keytab contains no suitable keys for > > host/rhel7-9.example.com while getting initial credentials > > I see the example I gave was wrong, you would need to do the standard > > # sudo -u apache kinit -kt /etc/httpd/conf/ipa.keytab HTTP/`hostname` > > But I am still not convinced this fix does not belong in selinux-policy. It > happens *after* RPM upgrade, httpd is running with the right scontext so > this leads me to following possible fixes: > > 1) So if the httpd user default keyring is created by httpd during RPM > transaction, it is somehow marked as rpm_script_t keyring? What can we do in > the upgrade script to make it "normal" keyring then? So do we know when it is created in a rpm transaction? > > 2) Alternatively, can we do fixes in selinux-policy as suggested in Comment > 8 to allow this behavior? > > CCing also Simo and Alexander to see if they have any idea. This is probably coming out of an upgrade and restart of one of services touched in ipa-upgradeconfig. If so, then /var/log/ipaupgrade.log should have the actions performed and it would be good to see it, along with the journalctl output for the journalctl /usr/bin/yum to see how they correlate on the timestamps [root@rhel7-9 log]# journalctl -xn /usr/bin/yum -- Logs begin at Tue 2014-11-25 10:11:32 CST, end at Tue 2014-11-25 12:01:01 CST. -- I'll attach /var/log/messages since I think it'll have what you're looking for. Created attachment 961358 [details]
ipaupgrade.log
Created attachment 961359 [details]
/var/log/messages
httpd is being stopped and started during the upgrade, we already know that: 2014-11-24T16:53:20Z DEBUG Starting external process 2014-11-24T16:53:20Z DEBUG args='/bin/systemctl' 'stop' 'httpd.service' 2014-11-24T16:53:22Z DEBUG Process finished, return code=0 2014-11-24T16:53:22Z DEBUG stdout= 2014-11-24T16:53:22Z DEBUG stderr= 2014-11-24T16:53:22Z INFO [Fixing trust flags in /etc/httpd/alias] ... 2014-11-24T16:53:22Z DEBUG Starting external process 2014-11-24T16:53:22Z DEBUG args='/bin/systemctl' 'start' 'httpd.service' I am not sure how it can help us though. AFAIK, httpd should still be running with it's own context after the restart and mod_auth_kerb plugin should thus initialize the keyring CCache with the right context. TLDR; I still do not understand how the rpm_script_t context gets in. Mirek, any hint for Comment 28 above? This bug is definitely a blocker for RHEL-7.1 and we still do not know how to fix it. Would it help you to get your hands on Scott's VM with reproducer? Or do you have other idea what should we change/do in our updater to prevent this error? Mirek, any advise? (In reply to Martin Kosek from comment #29) > Mirek, any hint for Comment 28 above? This bug is definitely a blocker for > RHEL-7.1 and we still do not know how to fix it. Would it help you to get > your hands on Scott's VM with reproducer? Or do you have other idea what > should we change/do in our updater to prevent this error? httpd should definitely run with correct labeling. Yes, VM would be great. Scott, can you then please prepare the beaker VM with the reproducer for Miroslav? Me or anyone from IPA team can join Mirek in investigation too. Provided host directly. Scott, could you do the following steps from http://pastebin.test.redhat.com/250618 and run the upgrade again? Scott, could you do following steps? * http://pastebin.test.redhat.com/250626 And run the upgrade again? Ok, what should I expect to happen there? [root@vm-idm-018 ~]# yum install selinux-policy-devel ... [root@vm-idm-018 ~]# vi mypol.te [root@vm-idm-018 ~]# make -f /usr/share/selinux/devel/Makefile mypol.pp Compiling targeted mypol module /usr/bin/checkmodule: loading policy configuration from tmp/mypol.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 17) to tmp/mypol.mod Creating targeted mypol.pp policy package rm tmp/mypol.mod.fc tmp/mypol.mod [root@vm-idm-018 ~]# semodule -i mypol.pp [root@vm-idm-018 ~]# echo "-w /etc/shadow -p w" >> /etc/audit/audit.rules [root@vm-idm-018 ~]# systemctl reload auditd [root@vm-idm-018 ~]# cat mypol.te policy_module(mypol, 1.0) require{ type rpm_script_t; } auditallow rpm_script_t self:key manage_key_perms; [root@vm-idm-018 ~]# ...setup repo configs for yum rhel7.1 repos... [root@vm-idm-018 ~]# yum update ipa-server sssd ... [root@vm-idm-018 ~]# kinit admin Password for admin: [root@vm-idm-018 ~]# ipa user-find ipa: ERROR: cannot connect to 'https://vm-idm-018.testrelm.test/ipa/json': Internal Server Error [root@vm-idm-018 ~]# ausearch -m avc ---- time->Fri Dec 5 22:33:58 2014 type=SYSCALL msg=audit(1417799038.241:328): arch=c000003e syscall=250 success=no exit=-126 a0=a a1=b602914 a2=7f3106ad554c a3=7f3106ad5588 items=0 ppid=10675 pid=10950 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=2 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1417799038.241:328): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.241:328): avc: granted { write } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.241:328): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.241:328): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.241:328): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:33:58 2014 type=SYSCALL msg=audit(1417799038.241:327): arch=c000003e syscall=250 success=yes exit=190851348 a0=16 a1=30 a2=fffffffe a3=0 items=0 ppid=10675 pid=10950 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=2 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1417799038.241:327): avc: granted { link } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.241:327): avc: granted { write } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:33:58 2014 type=SYSCALL msg=audit(1417799038.242:329): arch=c000003e syscall=248 success=yes exit=738745065 a0=7f3106ad554c a1=7f3106ad5588 a2=0 a3=0 items=0 ppid=10675 pid=10950 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=2 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1417799038.242:329): avc: granted { write } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.242:329): avc: granted { write } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:33:58 2014 type=SYSCALL msg=audit(1417799038.242:330): arch=c000003e syscall=250 success=yes exit=0 a0=8 a1=2c085ae9 a2=b602914 a3=7f31058ebbb9 items=0 ppid=10675 pid=10950 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=2 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1417799038.242:330): avc: granted { link } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.242:330): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.242:330): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.242:330): avc: granted { write } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.242:330): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.242:330): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:33:58 2014 type=SYSCALL msg=audit(1417799038.242:331): arch=c000003e syscall=250 success=no exit=-126 a0=a a1=2c085ae9 a2=7f3106ad5576 a3=7f3106ad55cc items=0 ppid=10675 pid=10950 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=2 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1417799038.242:331): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.242:331): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.242:331): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.242:331): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:33:58 2014 type=SYSCALL msg=audit(1417799038.242:332): arch=c000003e syscall=248 success=yes exit=70534887 a0=7f3106ad5576 a1=7f3106ad55cc a2=7f3108e63670 a3=b items=0 ppid=10675 pid=10950 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=2 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1417799038.242:332): avc: granted { write } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.242:332): avc: granted { write } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.242:332): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.242:332): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:33:58 2014 type=SYSCALL msg=audit(1417799038.242:333): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=0 a3=0 items=0 ppid=10675 pid=10950 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=2 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1417799038.242:333): avc: granted { read } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.242:333): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.242:333): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:33:58 2014 type=SYSCALL msg=audit(1417799038.242:334): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=7f3108e63670 a3=4 items=0 ppid=10675 pid=10950 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=2 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1417799038.242:334): avc: granted { read } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.242:334): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.242:334): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:33:58 2014 type=SYSCALL msg=audit(1417799038.243:335): arch=c000003e syscall=250 success=no exit=-126 a0=a a1=2c085ae9 a2=7f3106ad554c a3=7f3108e63650 items=0 ppid=10675 pid=10950 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=2 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1417799038.243:335): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.243:335): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.243:335): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.243:335): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:33:58 2014 type=SYSCALL msg=audit(1417799038.243:336): arch=c000003e syscall=250 success=yes exit=39 a0=6 a1=43446e7 a2=0 a3=0 items=0 ppid=10675 pid=10950 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=2 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1417799038.243:336): avc: granted { view } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.243:336): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.243:336): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.243:336): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.243:336): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:33:58 2014 type=SYSCALL msg=audit(1417799038.243:337): arch=c000003e syscall=250 success=yes exit=39 a0=6 a1=43446e7 a2=7f3108e634e0 a3=27 items=0 ppid=10675 pid=10950 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=2 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1417799038.243:337): avc: granted { view } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.243:337): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.243:337): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.243:337): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1417799038.243:337): avc: granted { search } for pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.477:378): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.477:378): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.477:379): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=7ff41a5cd2d0 a3=b items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.477:379): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.557:380): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.557:380): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.557:381): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=7ff41a8b7750 a3=b items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.557:381): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.557:382): arch=c000003e syscall=248 success=no exit=-13 a0=7ff40cb4754c a1=7ff41a7e189e a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.557:382): avc: denied { write } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.558:383): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.558:383): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.558:384): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=7ff41a7316d0 a3=b items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.558:384): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.558:385): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.558:385): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.558:386): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=7ff41a7316d0 a3=4 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.558:386): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.558:387): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.558:387): avc: denied { view } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.558:388): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.558:388): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.559:389): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=7ff41a7316d0 a3=b items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.559:389): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.559:390): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.559:390): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.559:391): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=7ff41a7316d0 a3=4 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.559:391): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.559:392): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.559:392): avc: denied { view } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.559:393): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.559:393): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.559:394): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=7ff41a9e74e0 a3=b items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.559:394): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.559:395): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.559:395): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.559:396): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=7ff41a9e74e0 a3=4 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.559:396): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.559:397): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.559:397): avc: denied { view } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.560:398): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.560:398): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.560:399): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=7ff41a6836a0 a3=b items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.560:399): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.560:400): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.560:400): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.560:401): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=7ff41a6836a0 a3=4 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.560:401): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.560:402): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.560:402): avc: denied { view } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.560:403): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.560:403): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.560:404): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=7ff41a757bf0 a3=b items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.560:404): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.560:405): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.560:405): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.560:406): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=7ff41a757bf0 a3=4 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.560:406): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.560:407): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.560:407): avc: denied { view } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.561:408): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.561:408): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.561:409): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=7ff41a5deae0 a3=b items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.561:409): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.561:410): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.561:410): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.561:411): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=7ff41a5deae0 a3=4 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.561:411): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.561:412): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.561:412): avc: denied { view } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.561:413): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.561:413): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.561:414): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=7ff41aa2f7e0 a3=b items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.561:414): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.561:415): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.561:415): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.561:416): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=7ff41a8fb810 a3=4 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.561:416): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.561:417): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.561:417): avc: denied { view } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.562:418): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.562:418): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.562:419): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=7ff41a5c7860 a3=b items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.562:419): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.562:420): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.562:420): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.562:421): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=7ff41a5c7860 a3=4 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.562:421): avc: denied { read } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Dec 5 22:36:22 2014 type=SYSCALL msg=audit(1417799182.562:422): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1417799182.562:422): avc: denied { view } for pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key Ok it's better. We see rules which are allowed. Unfortunately it was not tested with updated module from http://pastebin.test.redhat.com/250626 [root@vm-idm-030 ~]# yum -y install selinux-policy-devel ... [root@vm-idm-030 ~]# cat > mypol.te <<EOF > policy_module(mypol, 1.0) > > require{ > attribute domain; > type rpm_script_t; > } > > auditallow rpm_script_t domain : key manage_key_perms; > EOF [root@vm-idm-030 ~]# make -f /usr/share/selinux/devel/Makefile mypol.pp Compiling targeted mypol module /usr/bin/checkmodule: loading policy configuration from tmp/mypol.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 17) to tmp/mypol.mod Creating targeted mypol.pp policy package rm tmp/mypol.mod.fc tmp/mypol.mod [root@vm-idm-030 ~]# semodule -i mypol.pp [root@vm-idm-030 ~]# echo "-w /etc/shadow -p w" >> /etc/audit/rules.d/audit.rules [root@vm-idm-030 ~]# systemctl restart auditd Failed to issue method call: Operation refused, unit auditd.service may be requested by dependency only. ... Not sure why I didn't hit that problem the first time but, I found this: https://bugzilla.redhat.com/show_bug.cgi?id=1026648 So, I commented out RefuseManualStop=yes and tried again: [root@vm-idm-030 ~]# vi /usr/lib/systemd/system/auditd.service [root@vm-idm-030 ~]# systemctl restart auditd Failed to issue method call: Operation refused, unit auditd.service may be requested by dependency only. [root@vm-idm-030 ~]# service auditd restart Stopping logging: [ OK ] Redirecting start to /bin/systemctl start auditd.service Warning: Unit file of auditd.service changed on disk, 'systemctl daemon-reload' recommended. [root@vm-idm-030 ~]# systemctl daemon-reload [root@vm-idm-030 ~]# systemctl restart auditd Now, I setup RHEL7.1 repos and upgraded: [root@vm-idm-030 ~]# yum -y update ipa-server sssd [root@vm-idm-030 ~]# kinit admin Password for admin: [root@vm-idm-030 ~]# ipa user-find ipa: ERROR: cannot connect to 'https://vm-idm-030.testrelm.test/ipa/json': Internal Server Error [root@vm-idm-030 ~]# ausearch -m avc ---- time->Mon Dec 8 20:55:42 2014 type=SYSCALL msg=audit(1418052342.917:386): arch=c000003e syscall=250 success=yes exit=241932293 a0=16 a1=30 a2=fffffffe a3=0 items=0 ppid=24927 pid=25200 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=1 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1418052342.917:386): avc: granted { link } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.917:386): avc: granted { write } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:55:42 2014 type=SYSCALL msg=audit(1418052342.918:387): arch=c000003e syscall=250 success=no exit=-126 a0=a a1=e6b9805 a2=7fb985e9354c a3=7fb985e93588 items=0 ppid=24927 pid=25200 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=1 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1418052342.918:387): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.918:387): avc: granted { write } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.918:387): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.918:387): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.918:387): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:55:42 2014 type=SYSCALL msg=audit(1418052342.918:388): arch=c000003e syscall=248 success=yes exit=544218471 a0=7fb985e9354c a1=7fb985e93588 a2=0 a3=0 items=0 ppid=24927 pid=25200 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=1 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1418052342.918:388): avc: granted { write } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.918:388): avc: granted { write } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:55:42 2014 type=SYSCALL msg=audit(1418052342.918:389): arch=c000003e syscall=250 success=yes exit=0 a0=8 a1=20701d67 a2=e6b9805 a3=7fb984ca9bb9 items=0 ppid=24927 pid=25200 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=1 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1418052342.918:389): avc: granted { link } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.918:389): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.918:389): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.918:389): avc: granted { write } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.918:389): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.918:389): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:55:42 2014 type=SYSCALL msg=audit(1418052342.918:390): arch=c000003e syscall=250 success=no exit=-126 a0=a a1=20701d67 a2=7fb985e93576 a3=7fb985e935cc items=0 ppid=24927 pid=25200 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=1 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1418052342.918:390): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.918:390): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.918:390): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.918:390): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:55:42 2014 type=SYSCALL msg=audit(1418052342.919:391): arch=c000003e syscall=248 success=yes exit=250041160 a0=7fb985e93576 a1=7fb985e935cc a2=7fb986c3e670 a3=b items=0 ppid=24927 pid=25200 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=1 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1418052342.919:391): avc: granted { write } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.919:391): avc: granted { write } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.919:391): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.919:391): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:55:42 2014 type=SYSCALL msg=audit(1418052342.919:392): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=0 a3=0 items=0 ppid=24927 pid=25200 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=1 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1418052342.919:392): avc: granted { read } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.919:392): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.919:392): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:55:42 2014 type=SYSCALL msg=audit(1418052342.919:393): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=7fb986c3e670 a3=4 items=0 ppid=24927 pid=25200 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=1 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1418052342.919:393): avc: granted { read } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.919:393): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.919:393): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:55:42 2014 type=SYSCALL msg=audit(1418052342.919:394): arch=c000003e syscall=250 success=no exit=-126 a0=a a1=20701d67 a2=7fb985e9354c a3=7fb986c3e650 items=0 ppid=24927 pid=25200 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=1 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1418052342.919:394): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.919:394): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.919:394): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.919:394): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:55:42 2014 type=SYSCALL msg=audit(1418052342.919:395): arch=c000003e syscall=250 success=yes exit=39 a0=6 a1=ee75348 a2=0 a3=0 items=0 ppid=24927 pid=25200 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=1 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1418052342.919:395): avc: granted { view } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.919:395): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.919:395): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.919:395): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.919:395): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:55:42 2014 type=SYSCALL msg=audit(1418052342.919:396): arch=c000003e syscall=250 success=yes exit=39 a0=6 a1=ee75348 a2=7fb986c3e4e0 a3=27 items=0 ppid=24927 pid=25200 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=1 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1418052342.919:396): avc: granted { view } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.919:396): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.919:396): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.919:396): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key type=AVC msg=audit(1418052342.919:396): avc: granted { search } for pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.418:441): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.418:441): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.418:442): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=7fd2263425a0 a3=b items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.418:442): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.595:443): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.595:443): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.595:444): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=7fd226ec0c50 a3=b items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.595:444): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.595:445): arch=c000003e syscall=248 success=no exit=-13 a0=7fd21702b54c a1=7fd2267bfb2e a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.595:445): avc: denied { write } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.595:446): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.595:446): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.595:447): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=7fd2268bbdd0 a3=b items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.595:447): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.595:448): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.595:448): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.595:449): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=7fd2268bbdd0 a3=4 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.595:449): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.595:450): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.595:450): avc: denied { view } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.596:451): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.596:451): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.596:452): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=7fd2265fa570 a3=b items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.596:452): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.596:453): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.596:453): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.596:454): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=7fd2265fa570 a3=4 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.596:454): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.596:455): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.596:455): avc: denied { view } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.596:456): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.596:456): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.596:457): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=7fd2262f4e40 a3=b items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.596:457): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.596:458): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.596:458): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.596:459): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=7fd2262f4e40 a3=4 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.596:459): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.596:460): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.596:460): avc: denied { view } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.597:461): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.597:461): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.597:462): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=7fd2262f4e20 a3=b items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.597:462): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.597:463): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.597:463): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.597:464): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=7fd2262f4e20 a3=4 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.597:464): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.597:465): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.597:465): avc: denied { view } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.597:466): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.597:466): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.597:467): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=7fd2265f5810 a3=b items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.597:467): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.597:468): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.597:468): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.598:469): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=7fd2265dfd30 a3=4 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.598:469): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.598:470): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.598:470): avc: denied { view } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.598:471): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.598:471): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.598:472): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=7fd22669e1b0 a3=b items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.598:472): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.598:473): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.598:473): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.598:474): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=7fd2262fe2e0 a3=4 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.598:474): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.598:475): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.598:475): avc: denied { view } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.598:476): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.598:476): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.598:477): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=7fd22632bb60 a3=b items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.598:477): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.599:478): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.599:478): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.599:479): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=7fd22632bb60 a3=4 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.599:479): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.599:480): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.599:480): avc: denied { view } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.599:481): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.599:481): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.599:482): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=7fd2262bec90 a3=b items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.599:482): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.599:483): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.599:483): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.599:484): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=7fd2262bec90 a3=4 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.599:484): avc: denied { read } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key ---- time->Mon Dec 8 20:57:41 2014 type=SYSCALL msg=audit(1418052461.599:485): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1418052461.599:485): avc: denied { view } for pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key [root@vm-idm-030 ~]# Could you list all kernel keyrings for us? # keyctl show Also do you install RHEL7.1 directly or do you do an upgrade from RHEL7.0? Also I would re-test it with the following module policy_module(mypol, 1.0) require{ attribute domain; type rpm_script_t; } auditallow domain domain : key manage_key_perms; (In reply to Miroslav Grepl from comment #41) > Also do you install RHEL7.1 directly or do you do an upgrade from RHEL7.0? > > Also I would re-test it with the following module > > > policy_module(mypol, 1.0) > > require{ > attribute domain; > type rpm_script_t; > } > > auditallow domain domain : key manage_key_perms; I should point out that the same issue happens on Fedora 21. All you need to reproduce it is to install FreeIPA rpm packages as update while running FreeIPA server -- 'rpm -Uhv freeipa-*.rpm' is enough to get things broken. [root@vm-idm-030 ~]# keyctl show Session Keyring 348425122 --alswrv 0 0 keyring: _ses 1022720223 --alswrv 0 65534 \_ keyring: _uid.0 And I'm only seeing this on upgrade. Not on new install on 7.1. Created attachment 966255 [details]
auditallow domain domain policy AVCs
adding output as attachment here as this is getting kind of long. This is from the last policy setting requested:
[root@vm9 ~]# cat mypol.te
policy_module(mypol, 1.0)
require{
attribute domain;
type rpm_script_t;
}
auditallow domain domain : key manage_key_perms;
Hi, Could anybody tell me which AVCs are actual and if there is any reproducer? Why is a key ring being created in a post install of an rpm script, this is the key problem. If we are creating a key ring it should be destroyed before starting any services. We don't want apache using a keyring created in a post install script so allowing allow domain domain:key manage_key_perms; Breaks the separation totally. This is really not an SELinux issue. When rpm is done there should be no trace of anything labeled rpm_t or rpm_script_t left. Allowing random domains to access this content can just lead to information leak,especially with something as critical as a kernel keyring. If you are running as rpm_script_t and you do a kinit you will end up with a kernel keyring labeled rpm_script_t. If you then domtrans to httpd it will continue to access the keyring as rpm_script_t. If they are running with the same UID I would guess. If your scripts do a kdestroy when they are complete, does this destroy the kernel keyring? (In reply to Daniel Walsh from comment #48) > This is really not an SELinux issue. When rpm is done there should be no > trace of anything labeled rpm_t or rpm_script_t left. Allowing random > domains to access this content can just lead to information leak,especially > with something as critical as a kernel keyring. > > If you are running as rpm_script_t and you do a kinit you will end up with a > kernel keyring labeled rpm_script_t. If you then domtrans to httpd it will > continue to access the keyring as rpm_script_t. If they are running with > the same UID I would guess. > > If your scripts do a kdestroy when they are complete, does this destroy the > kernel keyring? Our script actually does a kdestroy, and I suspect that is the issue. I am taking a few hours to investigate this. Let's see if my hunch is correct. Ok my hunch was correct, thanks to Scott for testing this. In ipa-upgradeconfig we call http.remove_httpd_ccache() This was introduced around ipa 2.2 in order to clean up the ccache and prepare us to do s4u2proxy. Fast forward a few revisions and this bytes us because I think that keydestroy -A removes the keyring but also creates anew empty keyring. This new empty keyring is created with the rpm_script_t label as the upgrade is run as part of the rpm upgrade. For the short term I would suggest simply removing that operation, as it is not necessary on a modern ipa server. We might invesitgate at a later time whether we need to preserve it at all and in what cases. Created attachment 969731 [details]
Patch to remove the operation causing issues
This patchg should fix the issue w/o requiring any change in SELinux policy.
Ok, I agree with the change as well, let's follow this route. Upstream ticket: https://fedorahosted.org/freeipa/ticket/4815 The problem with Simo's patch is that it does not solve the issue once it has happened. Any contaminated environment will stay as such with the wrong SELinux context until the reboot. Cleaning with keyctl doesn't help either -- at least for me it didn't work when I updated Fedora 21 to the version of FreeIPA in updates-testing right now. No matter what I did (sudo -u apache kdestroy, keyctl clear, ...) everything didn't work -- IPA httpd process was unable to write to the persistent:48:48 keyring until I rebooted. Now, instead of removal of the cleanup code we may simply change the context we run the code with, using 'runcon'. Dan, will that work from the rpm scriptlet? (In reply to Alexander Bokovoy from comment #55) ... > Cleaning with keyctl doesn't help either -- at least for me it didn't work > when I updated Fedora 21 to the version of FreeIPA in updates-testing right > now. No matter what I did (sudo -u apache kdestroy, keyctl clear, ...) > everything didn't work -- IPA httpd process was unable to write to the > persistent:48:48 keyring until I rebooted. In my case, a workaround was to run # sudo -u apache kinit -kt /etc/krb5.keytab HTTP/`hostname` or # sudo -u apache keyctl show @u # sudo -u apache keyctl unlink KEY_ID > > Now, instead of removal of the cleanup code we may simply change the context > we run the code with, using 'runcon'. > > Dan, will that work from the rpm scriptlet? That looks hairy - that rpm_script_t process could run something with unconfined_t. I will let Mirek or Dan advise. You can reboot the system or call some keyctl code to destroy the keyring, I guess. Verified. Version :: ipa-server-4.1.0-13.el7.x86_64 Results :: First, installed RHEL7.0 server. Then, setup RHEL7.1 latest repo configs. Then, [root@rhel7-8 ~]# yum -y update ipa-server sssd Loaded plugins: product-id, subscription-manager ... Updated: bind-dyndb-ldap.x86_64 0:6.0-2.el7 ipa-server.x86_64 0:4.1.0-13.el7 sssd.x86_64 0:1.12.2-32.el7 ... Now check with pending automated test: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ipa_upgrade_bz1164896: IPA server httpd avc denials after upgrade :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ BEGIN ] :: Running 'echo Secret123|kinit admin' Password for admin: :: [ PASS ] :: Command 'echo Secret123|kinit admin' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ipa user-find > /tmp/tmpout.ipa_upgrade_bz1164896 2>&1' :: [ PASS ] :: Command 'ipa user-find > /tmp/tmpout.ipa_upgrade_bz1164896 2>&1' (Expected 0, got 0) :: [ BEGIN ] :: Running 'cat /tmp/tmpout.ipa_upgrade_bz1164896' -------------- 1 user matched -------------- User login: admin Last name: Administrator Home directory: /home/admin Login shell: /bin/bash UID: 1430600000 GID: 1430600000 Account disabled: False Password: True Kerberos keys available: True ---------------------------- Number of entries returned 1 ---------------------------- :: [ PASS ] :: Command 'cat /tmp/tmpout.ipa_upgrade_bz1164896' (Expected 0, got 0) :: [ PASS ] :: File '/tmp/tmpout.ipa_upgrade_bz1164896' should not contain 'ipa: ERROR: cannot connect to...Internal Server Error' :: [ BEGIN ] :: Running 'ausearch -m avc -ts 14:50 > /tmp/tmpout.ipa_upgrade_bz1164896 2>&1' :: [ PASS ] :: Command 'ausearch -m avc -ts 14:50 > /tmp/tmpout.ipa_upgrade_bz1164896 2>&1' (Expected 0,1, got 1) :: [ BEGIN ] :: Running 'cat /tmp/tmpout.ipa_upgrade_bz1164896' <no matches> :: [ PASS ] :: Command 'cat /tmp/tmpout.ipa_upgrade_bz1164896' (Expected 0, got 0) :: [ PASS ] :: File '/tmp/tmpout.ipa_upgrade_bz1164896' should not contain 'httpd_t.*rpm_script_t' :: [ PASS ] :: BZ 1164896 not found (In reply to Daniel Walsh from comment #59) > You can reboot the system or call some keyctl code to destroy the keyring, I > guess. Right, this works for mitigation of the situation. What Alexander was asking for is if we can do other, better way of clearing the keyring CCache during RPM upgrade. Obviously, destroying the keyring during upgrade cannot be used as it would still get the wrong context. Simo's patch was accepted upstream: Fixed upstream master: https://fedorahosted.org/freeipa/changeset/4f1fdc8f70c1efdb6c6074181d3ecbcb45df001e ipa-4-1: https://fedorahosted.org/freeipa/changeset/2d2230e56bff1ca8f863aa07bff2c891fca6dab4 ipa-4-0: https://fedorahosted.org/freeipa/changeset/30a0203442f3ebbb638fab19820dc3274f82ae7d Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0442.html *** Bug 1268141 has been marked as a duplicate of this bug. *** |