1164896 – RHEL7.1 IPA server httpd avc denials after upgrade

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1164896 - RHEL7.1 IPA server httpd avc denials after upgrade

Summary: RHEL7.1 IPA server httpd avc denials after upgrade

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	7.1
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	IPA Maintainers
QA Contact:	Scott Poore
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1268141 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-11-17 19:53 UTC by Scott Poore
Modified:	2015-10-08 09:20 UTC (History)
CC List:	17 users (show)
Fixed In Version:	ipa-4.1.0-13.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-03-05 10:14:47 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
ipaupgrade.log (3.06 MB, text/plain) 2014-11-25 19:39 UTC, Scott Poore	no flags	Details
/var/log/messages (664.23 KB, text/plain) 2014-11-25 19:39 UTC, Scott Poore	no flags	Details
auditallow domain domain policy AVCs (500.43 KB, text/plain) 2014-12-09 14:01 UTC, Scott Poore	no flags	Details
Patch to remove the operation causing issues (1.28 KB, patch) 2014-12-16 19:51 UTC, Simo Sorce	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:0442	0	normal	SHIPPED_LIVE	Moderate: ipa security, bug fix, and enhancement update	2015-03-05 14:50:39 UTC

Description Scott Poore 2014-11-17 19:53:47 UTC

Description of problem:

I setup an IPA server on RHEL7.0.  Then pointed to 7.1 test repos and upgraded.  After upgrade, ipa is not working and I'm seeing a lot of these AVC denials related to httpd:

time->Mon Nov 17 14:37:32 2014
type=SYSCALL msg=audit(1416253052.306:727): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=1fdc4acb a2=7f1f9d16bfc0 a3=b items=0 ppid=28546 pid=28551 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1416253052.306:727): avc:  denied  { read } for  pid=28551 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key

----

time->Mon Nov 17 14:37:32 2014
type=SYSCALL msg=audit(1416253052.306:728): arch=c000003e syscall=248 success=no exit=-13 a0=7f1f8e1c854c a1=7f1f9d16be9e a2=0 a3=0 items=0 ppid=28546 pid=28551 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1416253052.306:728): avc:  denied  { write } for  pid=28551 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key

----

time->Mon Nov 17 14:37:32 2014
type=SYSCALL msg=audit(1416253052.306:733): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=1fdc4acb a2=0 a3=0 items=0 ppid=28546 pid=28551 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1416253052.306:733): avc:  denied  { view } for  pid=28551 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key

----


Version-Release number of selected component (if applicable):

ipa-server-4.1.0-6.el7.x86_64
httpd-2.4.6-29.el7.x86_64
selinux-policy-3.13.1-9.el7.noarch


How reproducible:
Unknown.

Steps to Reproduce:
1.  setup IPA server on RHEL7.0
2.  add RHEL7.1 yum repo configs
3.  yum update
4.  kinit admin
5.  ipa user-find

Actual results:

[root@nu1 httpd]# kdestroy -A
[root@nu1 httpd]# kinit admin
Password for admin: 
[root@nu1 httpd]# ipa user-find
ipa: ERROR: cannot connect to 'https://nu1.testrelm.test/ipa/json': Internal Server Error

And an ausearch -m avc shows a lot of AVCs like the three listed above.  Most are reads but, a few are writes and views.

Expected results:

ipa commands work and no AVC denials seen.

Additional info:

httpd/access_log - 

10.8.60.1 - - [17/Nov/2014:14:37:32 -0500] "POST /ipa/json HTTP/1.1" 500 527

httpd/error_log - 

[Mon Nov 17 14:37:32.307301 2014] [auth_kerb:error] [pid 28551] [client 10.8.60.1:45676] Failed to initialize ccache for HTTP/nu1.testrelm.test: Permission denied (13), referer: https://nu1.testrelm.test/ipa/xml

[Mon Nov 17 14:37:32.311385 2014] [auth_kerb:error] [pid 28551] [client 10.8.60.1:45676] gss_acquire_cred() failed: Unspecified GSS failure.  Minor code may provide more information (, Can't find client principal HTTP/nu1.testrelm.test in cache collection), referer: https://nu1.testrelm.test/ipa/xml

krb5kdc.log - 

Nov 17 14:37:32 nu1.testrelm.test krb5kdc[28505](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 10.8.60.1: NEEDED_PREAUTH: HTTP/nu1.testrelm.test for krbtgt/TESTRELM.TEST, Additional pre-authentication required

Nov 17 14:37:32 nu1.testrelm.test krb5kdc[28506](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 10.8.60.1: ISSUE: authtime 1416253052, etypes {rep=18 tkt=18 ses=18}, HTTP/nu1.testrelm.test for krbtgt/TESTRELM.TEST

Comment 1 Scott Poore 2014-11-17 20:10:12 UTC

FYI, when I set SELinux to permissive mode, this works:

[root@nu1 log]# setenforce 0

[root@nu1 log]# kinit admin
Password for admin: 

[root@nu1 log]# ipa user-find
--------------
1 user matched
--------------
  User login: admin
  Last name: Administrator
  Home directory: /home/admin
  Login shell: /bin/bash
  UID: 1931400000
  GID: 1931400000
  Account disabled: False
  Password: True
  Kerberos keys available: True
----------------------------
Number of entries returned 1
----------------------------

Comment 3 Miroslav Grepl 2014-11-18 09:44:38 UTC

What is running as rpm_script_t if you re-test it?

ps -efZ |grep rpm_script

Comment 4 Scott Poore 2014-11-18 14:25:21 UTC

I don't see anything running as that.

In one window: 

[root@idm-qe-02 ~]# while true; do  ps -efZ |grep rpm_scr[i]pt; done 

In a different window:

[root@idm-qe-02 ~]# ipa user-find
ipa: ERROR: cannot connect to 'https://idm-qe-02.testrelm.test/ipa/json': Internal Server Error

In the first, I never see anything pop up as running rpm_script_t.

Comment 6 Miroslav Grepl 2014-11-20 12:28:52 UTC

Are we able to reproduce it?

Comment 7 Scott Poore 2014-11-20 19:20:56 UTC

Yes, I'm able to reproduce it with the upgrade of an IPA server and running ipa commands.

Comment 8 Jan Cholasta 2014-11-21 09:49:26 UTC

Since syscalls 248 and 250 are "add_key" and "keyctl" on x86_64 and the error happens in mod_auth_kerb, this must be related to Kerberos KEYRING ccache.

I think this needs to be fixed in selinux-policy.

Comment 9 Martin Kosek 2014-11-21 11:22:30 UTC

I was hoping there errors were fixed in Bug 1073492...

Comment 10 Martin Kosek 2014-11-21 12:59:19 UTC

Moving back to selinux-policy given Comment 7.

Comment 11 Miroslav Grepl 2014-11-21 13:35:12 UTC

(In reply to Martin Kosek from comment #9)
> I was hoping there errors were fixed in Bug 1073492...

This is another case.

We have rpm_script_t here instead of userdomain. So it happens in a rpm scriptlet?

Comment 12 Martin Kosek 2014-11-21 13:54:03 UTC

Not sure. It would be interesting to test when do the AVCs appear, if during RPM upgrade or *after* it when it ends and IPA is running again. Jan or any other IPA developer could investigate if machine with reproducer is available.

Comment 13 Scott Poore 2014-11-21 15:27:03 UTC

The AVCs are appearing after the actual rpm upgrades when I run ipa commands.  I will email details on a host that can be used for investigating this.

Comment 14 Martin Kosek 2014-11-21 15:42:42 UTC

The behavior on Scott's host is strange:

# sudo -u apache klist
klist: Credentials cache keyring 'persistent:48:48' not found

# sudo -u apache kdestroy

# sudo -u apache kinit -k /etc/httpd/conf/ipa.keytab

# sudo -u apache klist
Ticket cache: KEYRING:persistent:48:48
Default principal: HTTP/blade05.testrelm.test

Valid starting       Expires              Service principal
11/21/2014 10:39:09  11/22/2014 10:39:09  krbtgt/TESTRELM.TEST

# ipa user-show  admin
  User login: admin

# sudo -u apache kdestroy

# sudo -u apache klist
klist: Credentials cache keyring 'persistent:48:48' not found

# ipa user-show  admin
  User login: admin


I am wondering why the kinit helped...

Comment 15 Rob Crittenden 2014-11-21 16:37:34 UTC

It was probably the kdestroy that fixed it, not the kinit. Apache will attempt to get its own TGT if it doesn't have one or it is expired.

Comment 16 Martin Kosek 2014-11-24 08:25:05 UTC

Potentially yes, I think I did try running user-show after kdestroy, but I am now not sure.

Scott, could you please run your test again, but run

# sudo -u apache kdestroy -A

Before trying running the IPA commands? Maybe *this* will be the workaround for this upgrade blocking issue.

Comment 17 Miroslav Grepl 2014-11-24 09:15:33 UTC

So is it a correct behaviour?

The point is httpd_t attempts keyring created during a rpm transaction.

type=AVC msg=audit(1416253052.306:727): avc:  denied  { read } for  pid=28551 comm="httpd" scontext=system_u:system_r:httpd_t:s0 

"tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key"

Comment 18 Martin Kosek 2014-11-24 09:46:49 UTC

(In reply to Miroslav Grepl from comment #17)
> So is it a correct behaviour?
> 
> The point is httpd_t attempts keyring created during a rpm transaction.

It apparently does. Question what should be the proper fix then, given that httpd process is restarted during the upgrade to read the updated configuration. Just clearning the cache (kdestroy -A) at the end of the ipa upgrade may not be enough as the RPM upgrade is still running at this point AFAIU and wrong keyring may be thus again created.

Comment 19 Scott Poore 2014-11-24 17:24:42 UTC

Martin,

The kdestroy before ipa command didn't seem to be enough to resolve the issue:

[root@rhel7-9 ~]# yum -y update 'ipa*' sssd
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
...
  tomcat-servlet-3.0-api.noarch 0:7.0.54-1.el7                                                         
  tomcatjss.noarch 0:7.1.0-5.el7                                                                       

Complete!

[root@rhel7-9 ~]# sudo -u apache kdestroy -A

[root@rhel7-9 ~]# kinit admin
Password for admin: 

[root@rhel7-9 ~]# ipa user-find
ipa: ERROR: cannot connect to 'https://rhel7-9.example.com/ipa/json': Internal Server Error

[root@rhel7-9 ~]#

Comment 20 Scott Poore 2014-11-25 00:50:04 UTC

FYI, I also can't get the apache credentials cache keyring to populate:

[root@rhel7-9 ~]# ipa user-find
ipa: ERROR: cannot connect to 'https://rhel7-9.example.com/ipa/json': Internal Server Error

[root@rhel7-9 ~]# sudo -u apache klist
klist: Credentials cache keyring 'persistent:48:48' not found

[root@rhel7-9 ~]# sudo -u apache kdestroy

[root@rhel7-9 ~]# sudo -u apache kinit -k /etc/httpd/conf/ipa.keytab
kinit: Client '/etc/httpd/conf/ipa.keytab' not found in Kerberos database while getting initial credentials

[root@rhel7-9 ~]# sudo -u apache kinit -kt /etc/httpd/conf/ipa.keytab
kinit: Keytab contains no suitable keys for host/rhel7-9.example.com while getting initial credentials

Comment 21 Martin Kosek 2014-11-25 07:37:40 UTC

(In reply to Scott Poore from comment #20)
...
> [root@rhel7-9 ~]# sudo -u apache kinit -kt /etc/httpd/conf/ipa.keytab
> kinit: Keytab contains no suitable keys for
> host/rhel7-9.example.com while getting initial credentials

I see the example I gave was wrong, you would need to do the standard

# sudo -u apache kinit -kt /etc/httpd/conf/ipa.keytab HTTP/`hostname`

But I am still not convinced this fix does not belong in selinux-policy. It happens *after* RPM upgrade, httpd is running with the right scontext so this leads me to following possible fixes:

1) So if the httpd user default keyring is created by httpd during RPM transaction, it is somehow marked as rpm_script_t keyring? What can we do in the upgrade script to make it "normal" keyring then?

2) Alternatively, can we do fixes in selinux-policy as suggested in Comment 8 to allow this behavior?

CCing also Simo and Alexander to see if they have any idea.

Comment 22 Scott Poore 2014-11-25 13:43:34 UTC

Oh, yeah, that works:

[root@rhel7-9 ~]# sudo -u apache kinit -kt /etc/httpd/conf/ipa.keytab HTTP/`hostname`


[root@rhel7-9 ~]# ipa user-find
--------------
1 user matched
--------------
  User login: admin
  Last name: Administrator
  Home directory: /home/admin
  Login shell: /bin/bash
  UID: 651800000
  GID: 651800000
  Account disabled: False
  Password: True
  Kerberos keys available: True
----------------------------
Number of entries returned 1
----------------------------
[root@rhel7-9 ~]#

Comment 23 Miroslav Grepl 2014-11-25 15:21:11 UTC

(In reply to Martin Kosek from comment #21)
> (In reply to Scott Poore from comment #20)
> ...
> > [root@rhel7-9 ~]# sudo -u apache kinit -kt /etc/httpd/conf/ipa.keytab
> > kinit: Keytab contains no suitable keys for
> > host/rhel7-9.example.com while getting initial credentials
> 
> I see the example I gave was wrong, you would need to do the standard
> 
> # sudo -u apache kinit -kt /etc/httpd/conf/ipa.keytab HTTP/`hostname`
> 
> But I am still not convinced this fix does not belong in selinux-policy. It
> happens *after* RPM upgrade, httpd is running with the right scontext so
> this leads me to following possible fixes:
> 
> 1) So if the httpd user default keyring is created by httpd during RPM
> transaction, it is somehow marked as rpm_script_t keyring? What can we do in
> the upgrade script to make it "normal" keyring then?

So do we know when it is created in a rpm transaction?

> 
> 2) Alternatively, can we do fixes in selinux-policy as suggested in Comment
> 8 to allow this behavior?



> 
> CCing also Simo and Alexander to see if they have any idea.

Comment 24 Alexander Bokovoy 2014-11-25 15:31:51 UTC

This is probably coming out of an upgrade and restart of one of services touched in ipa-upgradeconfig. If so, then /var/log/ipaupgrade.log should have the actions performed and it would be good to see it, along with the journalctl output for the

   journalctl /usr/bin/yum

to see how they correlate on the timestamps

Comment 25 Scott Poore 2014-11-25 19:38:37 UTC

[root@rhel7-9 log]# journalctl -xn /usr/bin/yum
-- Logs begin at Tue 2014-11-25 10:11:32 CST, end at Tue 2014-11-25 12:01:01 CST. --

I'll attach /var/log/messages since I think it'll have what you're looking for.

Comment 26 Scott Poore 2014-11-25 19:39:06 UTC

Created attachment 961358 [details]
ipaupgrade.log

Comment 27 Scott Poore 2014-11-25 19:39:29 UTC

Created attachment 961359 [details]
/var/log/messages

Comment 28 Martin Kosek 2014-11-26 14:56:12 UTC

httpd is being stopped and started during the upgrade, we already know that:

2014-11-24T16:53:20Z DEBUG Starting external process
2014-11-24T16:53:20Z DEBUG args='/bin/systemctl' 'stop' 'httpd.service'
2014-11-24T16:53:22Z DEBUG Process finished, return code=0
2014-11-24T16:53:22Z DEBUG stdout=
2014-11-24T16:53:22Z DEBUG stderr=
2014-11-24T16:53:22Z INFO [Fixing trust flags in /etc/httpd/alias]
...
2014-11-24T16:53:22Z DEBUG Starting external process
2014-11-24T16:53:22Z DEBUG args='/bin/systemctl' 'start' 'httpd.service'

I am not sure how it can help us though.

AFAIK, httpd should still be running with it's own context after the restart and mod_auth_kerb plugin should thus initialize the keyring CCache with the right context. TLDR; I still do not understand how the rpm_script_t context gets in.

Comment 29 Martin Kosek 2014-12-01 12:23:55 UTC

Mirek, any hint for Comment 28 above? This bug is definitely a blocker for RHEL-7.1 and we still do not know how to fix it. Would it help you to get your hands on Scott's VM with reproducer? Or do you have other idea what should we change/do in our updater to prevent this error?

Comment 30 Martin Kosek 2014-12-04 08:27:38 UTC

Mirek, any advise?

Comment 31 Miroslav Grepl 2014-12-04 13:14:14 UTC

(In reply to Martin Kosek from comment #29)
> Mirek, any hint for Comment 28 above? This bug is definitely a blocker for
> RHEL-7.1 and we still do not know how to fix it. Would it help you to get
> your hands on Scott's VM with reproducer? Or do you have other idea what
> should we change/do in our updater to prevent this error?

httpd should definitely run with correct labeling. Yes, VM would be great.

Comment 32 Martin Kosek 2014-12-04 13:29:42 UTC

Scott, can you then please prepare the beaker VM with the reproducer for Miroslav? Me or anyone from IPA team can join Mirek in investigation too.

Comment 33 Scott Poore 2014-12-04 16:24:28 UTC

Provided host directly.

Comment 34 Miroslav Grepl 2014-12-05 10:00:37 UTC

Scott,
could you do the following steps from

http://pastebin.test.redhat.com/250618

and run the upgrade again?

Comment 35 Milos Malik 2014-12-05 10:40:51 UTC

Scott,

could you do following steps?

* http://pastebin.test.redhat.com/250626

And run the upgrade again?

Comment 36 Scott Poore 2014-12-05 17:10:55 UTC

Ok, what should I expect to happen there?

[root@vm-idm-018 ~]# yum install selinux-policy-devel
...
[root@vm-idm-018 ~]# vi mypol.te
[root@vm-idm-018 ~]# make -f /usr/share/selinux/devel/Makefile mypol.pp
Compiling targeted mypol module
/usr/bin/checkmodule:  loading policy configuration from tmp/mypol.tmp
/usr/bin/checkmodule:  policy configuration loaded
/usr/bin/checkmodule:  writing binary representation (version 17) to tmp/mypol.mod
Creating targeted mypol.pp policy package
rm tmp/mypol.mod.fc tmp/mypol.mod
[root@vm-idm-018 ~]# semodule -i mypol.pp
[root@vm-idm-018 ~]# echo "-w /etc/shadow -p w" >> /etc/audit/audit.rules
[root@vm-idm-018 ~]# systemctl reload auditd
[root@vm-idm-018 ~]# cat mypol.te
policy_module(mypol, 1.0)
 
require{
 type rpm_script_t;
}

auditallow rpm_script_t self:key manage_key_perms;
[root@vm-idm-018 ~]# 

...setup repo configs for yum rhel7.1 repos...

[root@vm-idm-018 ~]# yum update ipa-server sssd 
...
[root@vm-idm-018 ~]# kinit admin
Password for admin: 
[root@vm-idm-018 ~]# ipa user-find
ipa: ERROR: cannot connect to 'https://vm-idm-018.testrelm.test/ipa/json': Internal Server Error

Comment 37 Scott Poore 2014-12-05 17:11:22 UTC

[root@vm-idm-018 ~]# ausearch -m avc
----
time->Fri Dec  5 22:33:58 2014
type=SYSCALL msg=audit(1417799038.241:328): arch=c000003e syscall=250 success=no exit=-126 a0=a a1=b602914 a2=7f3106ad554c a3=7f3106ad5588 items=0 ppid=10675 pid=10950 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=2 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1417799038.241:328): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.241:328): avc:  granted  { write } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.241:328): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.241:328): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.241:328): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:33:58 2014
type=SYSCALL msg=audit(1417799038.241:327): arch=c000003e syscall=250 success=yes exit=190851348 a0=16 a1=30 a2=fffffffe a3=0 items=0 ppid=10675 pid=10950 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=2 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1417799038.241:327): avc:  granted  { link } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.241:327): avc:  granted  { write } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:33:58 2014
type=SYSCALL msg=audit(1417799038.242:329): arch=c000003e syscall=248 success=yes exit=738745065 a0=7f3106ad554c a1=7f3106ad5588 a2=0 a3=0 items=0 ppid=10675 pid=10950 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=2 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1417799038.242:329): avc:  granted  { write } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.242:329): avc:  granted  { write } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:33:58 2014
type=SYSCALL msg=audit(1417799038.242:330): arch=c000003e syscall=250 success=yes exit=0 a0=8 a1=2c085ae9 a2=b602914 a3=7f31058ebbb9 items=0 ppid=10675 pid=10950 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=2 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1417799038.242:330): avc:  granted  { link } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.242:330): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.242:330): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.242:330): avc:  granted  { write } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.242:330): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.242:330): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:33:58 2014
type=SYSCALL msg=audit(1417799038.242:331): arch=c000003e syscall=250 success=no exit=-126 a0=a a1=2c085ae9 a2=7f3106ad5576 a3=7f3106ad55cc items=0 ppid=10675 pid=10950 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=2 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1417799038.242:331): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.242:331): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.242:331): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.242:331): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:33:58 2014
type=SYSCALL msg=audit(1417799038.242:332): arch=c000003e syscall=248 success=yes exit=70534887 a0=7f3106ad5576 a1=7f3106ad55cc a2=7f3108e63670 a3=b items=0 ppid=10675 pid=10950 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=2 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1417799038.242:332): avc:  granted  { write } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.242:332): avc:  granted  { write } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.242:332): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.242:332): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:33:58 2014
type=SYSCALL msg=audit(1417799038.242:333): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=0 a3=0 items=0 ppid=10675 pid=10950 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=2 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1417799038.242:333): avc:  granted  { read } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.242:333): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.242:333): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:33:58 2014
type=SYSCALL msg=audit(1417799038.242:334): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=7f3108e63670 a3=4 items=0 ppid=10675 pid=10950 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=2 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1417799038.242:334): avc:  granted  { read } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.242:334): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.242:334): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:33:58 2014
type=SYSCALL msg=audit(1417799038.243:335): arch=c000003e syscall=250 success=no exit=-126 a0=a a1=2c085ae9 a2=7f3106ad554c a3=7f3108e63650 items=0 ppid=10675 pid=10950 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=2 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1417799038.243:335): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.243:335): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.243:335): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.243:335): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:33:58 2014
type=SYSCALL msg=audit(1417799038.243:336): arch=c000003e syscall=250 success=yes exit=39 a0=6 a1=43446e7 a2=0 a3=0 items=0 ppid=10675 pid=10950 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=2 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1417799038.243:336): avc:  granted  { view } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.243:336): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.243:336): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.243:336): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.243:336): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:33:58 2014
type=SYSCALL msg=audit(1417799038.243:337): arch=c000003e syscall=250 success=yes exit=39 a0=6 a1=43446e7 a2=7f3108e634e0 a3=27 items=0 ppid=10675 pid=10950 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=2 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1417799038.243:337): avc:  granted  { view } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.243:337): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.243:337): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.243:337): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1417799038.243:337): avc:  granted  { search } for  pid=10950 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.477:378): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.477:378): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.477:379): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=7ff41a5cd2d0 a3=b items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.477:379): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.557:380): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.557:380): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.557:381): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=7ff41a8b7750 a3=b items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.557:381): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.557:382): arch=c000003e syscall=248 success=no exit=-13 a0=7ff40cb4754c a1=7ff41a7e189e a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.557:382): avc:  denied  { write } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.558:383): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.558:383): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.558:384): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=7ff41a7316d0 a3=b items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.558:384): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.558:385): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.558:385): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.558:386): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=7ff41a7316d0 a3=4 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.558:386): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.558:387): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.558:387): avc:  denied  { view } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.558:388): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.558:388): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.559:389): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=7ff41a7316d0 a3=b items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.559:389): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.559:390): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.559:390): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.559:391): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=7ff41a7316d0 a3=4 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.559:391): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.559:392): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.559:392): avc:  denied  { view } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.559:393): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.559:393): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.559:394): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=7ff41a9e74e0 a3=b items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.559:394): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.559:395): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.559:395): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.559:396): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=7ff41a9e74e0 a3=4 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.559:396): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.559:397): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.559:397): avc:  denied  { view } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.560:398): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.560:398): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.560:399): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=7ff41a6836a0 a3=b items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.560:399): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.560:400): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.560:400): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.560:401): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=7ff41a6836a0 a3=4 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.560:401): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.560:402): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.560:402): avc:  denied  { view } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.560:403): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.560:403): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.560:404): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=7ff41a757bf0 a3=b items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.560:404): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.560:405): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.560:405): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.560:406): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=7ff41a757bf0 a3=4 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.560:406): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.560:407): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.560:407): avc:  denied  { view } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.561:408): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.561:408): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.561:409): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=7ff41a5deae0 a3=b items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.561:409): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.561:410): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.561:410): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.561:411): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=7ff41a5deae0 a3=4 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.561:411): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.561:412): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.561:412): avc:  denied  { view } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.561:413): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.561:413): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.561:414): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=7ff41aa2f7e0 a3=b items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.561:414): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.561:415): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.561:415): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.561:416): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=7ff41a8fb810 a3=4 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.561:416): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.561:417): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.561:417): avc:  denied  { view } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.562:418): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.562:418): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.562:419): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=43446e7 a2=7ff41a5c7860 a3=b items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.562:419): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.562:420): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.562:420): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.562:421): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=2c085ae9 a2=7ff41a5c7860 a3=4 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.562:421): avc:  denied  { read } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Fri Dec  5 22:36:22 2014
type=SYSCALL msg=audit(1417799182.562:422): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=43446e7 a2=0 a3=0 items=0 ppid=11614 pid=11618 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1417799182.562:422): avc:  denied  { view } for  pid=11618 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key

Comment 38 Miroslav Grepl 2014-12-08 09:19:40 UTC

Ok it's better. We see rules which are allowed. Unfortunately it was not tested with updated module from

http://pastebin.test.redhat.com/250626

Comment 39 Scott Poore 2014-12-08 15:33:08 UTC

[root@vm-idm-030 ~]# yum -y install selinux-policy-devel
...
[root@vm-idm-030 ~]# cat > mypol.te <<EOF
> policy_module(mypol, 1.0)
> 
> require{
>  attribute domain;
>  type rpm_script_t;
> }
> 
> auditallow rpm_script_t domain : key manage_key_perms;
> EOF

[root@vm-idm-030 ~]# make -f /usr/share/selinux/devel/Makefile mypol.pp
Compiling targeted mypol module
/usr/bin/checkmodule:  loading policy configuration from tmp/mypol.tmp
/usr/bin/checkmodule:  policy configuration loaded
/usr/bin/checkmodule:  writing binary representation (version 17) to tmp/mypol.mod
Creating targeted mypol.pp policy package
rm tmp/mypol.mod.fc tmp/mypol.mod

[root@vm-idm-030 ~]# semodule -i mypol.pp

[root@vm-idm-030 ~]# echo "-w /etc/shadow -p w" >> /etc/audit/rules.d/audit.rules

[root@vm-idm-030 ~]# systemctl restart auditd
Failed to issue method call: Operation refused, unit auditd.service may be requested by dependency only.
...
Not sure why I didn't hit that problem the first time but, I found this:
https://bugzilla.redhat.com/show_bug.cgi?id=1026648

So, I commented out RefuseManualStop=yes and tried again:

[root@vm-idm-030 ~]# vi /usr/lib/systemd/system/auditd.service 

[root@vm-idm-030 ~]# systemctl restart auditd
Failed to issue method call: Operation refused, unit auditd.service may be requested by dependency only.

[root@vm-idm-030 ~]# service auditd restart
Stopping logging: [  OK  ]
Redirecting start to /bin/systemctl start auditd.service
Warning: Unit file of auditd.service changed on disk, 'systemctl daemon-reload' recommended.

[root@vm-idm-030 ~]# systemctl daemon-reload

[root@vm-idm-030 ~]# systemctl restart auditd

Now, I setup RHEL7.1 repos and upgraded:

[root@vm-idm-030 ~]# yum -y update ipa-server sssd

[root@vm-idm-030 ~]# kinit admin
Password for admin: 

[root@vm-idm-030 ~]# ipa user-find
ipa: ERROR: cannot connect to 'https://vm-idm-030.testrelm.test/ipa/json': Internal Server Error

[root@vm-idm-030 ~]# ausearch -m avc
----
time->Mon Dec  8 20:55:42 2014
type=SYSCALL msg=audit(1418052342.917:386): arch=c000003e syscall=250 success=yes exit=241932293 a0=16 a1=30 a2=fffffffe a3=0 items=0 ppid=24927 pid=25200 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=1 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1418052342.917:386): avc:  granted  { link } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.917:386): avc:  granted  { write } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:55:42 2014
type=SYSCALL msg=audit(1418052342.918:387): arch=c000003e syscall=250 success=no exit=-126 a0=a a1=e6b9805 a2=7fb985e9354c a3=7fb985e93588 items=0 ppid=24927 pid=25200 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=1 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1418052342.918:387): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.918:387): avc:  granted  { write } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.918:387): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.918:387): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.918:387): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:55:42 2014
type=SYSCALL msg=audit(1418052342.918:388): arch=c000003e syscall=248 success=yes exit=544218471 a0=7fb985e9354c a1=7fb985e93588 a2=0 a3=0 items=0 ppid=24927 pid=25200 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=1 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1418052342.918:388): avc:  granted  { write } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.918:388): avc:  granted  { write } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:55:42 2014
type=SYSCALL msg=audit(1418052342.918:389): arch=c000003e syscall=250 success=yes exit=0 a0=8 a1=20701d67 a2=e6b9805 a3=7fb984ca9bb9 items=0 ppid=24927 pid=25200 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=1 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1418052342.918:389): avc:  granted  { link } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.918:389): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.918:389): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.918:389): avc:  granted  { write } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.918:389): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.918:389): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:55:42 2014
type=SYSCALL msg=audit(1418052342.918:390): arch=c000003e syscall=250 success=no exit=-126 a0=a a1=20701d67 a2=7fb985e93576 a3=7fb985e935cc items=0 ppid=24927 pid=25200 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=1 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1418052342.918:390): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.918:390): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.918:390): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.918:390): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:55:42 2014
type=SYSCALL msg=audit(1418052342.919:391): arch=c000003e syscall=248 success=yes exit=250041160 a0=7fb985e93576 a1=7fb985e935cc a2=7fb986c3e670 a3=b items=0 ppid=24927 pid=25200 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=1 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1418052342.919:391): avc:  granted  { write } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.919:391): avc:  granted  { write } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.919:391): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.919:391): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:55:42 2014
type=SYSCALL msg=audit(1418052342.919:392): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=0 a3=0 items=0 ppid=24927 pid=25200 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=1 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1418052342.919:392): avc:  granted  { read } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.919:392): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.919:392): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:55:42 2014
type=SYSCALL msg=audit(1418052342.919:393): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=7fb986c3e670 a3=4 items=0 ppid=24927 pid=25200 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=1 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1418052342.919:393): avc:  granted  { read } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.919:393): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.919:393): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:55:42 2014
type=SYSCALL msg=audit(1418052342.919:394): arch=c000003e syscall=250 success=no exit=-126 a0=a a1=20701d67 a2=7fb985e9354c a3=7fb986c3e650 items=0 ppid=24927 pid=25200 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=1 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1418052342.919:394): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.919:394): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.919:394): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.919:394): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:55:42 2014
type=SYSCALL msg=audit(1418052342.919:395): arch=c000003e syscall=250 success=yes exit=39 a0=6 a1=ee75348 a2=0 a3=0 items=0 ppid=24927 pid=25200 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=1 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1418052342.919:395): avc:  granted  { view } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.919:395): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.919:395): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.919:395): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.919:395): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:55:42 2014
type=SYSCALL msg=audit(1418052342.919:396): arch=c000003e syscall=250 success=yes exit=39 a0=6 a1=ee75348 a2=7fb986c3e4e0 a3=27 items=0 ppid=24927 pid=25200 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=pts0 ses=1 comm="kdestroy" exe="/usr/bin/kdestroy" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1418052342.919:396): avc:  granted  { view } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.919:396): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.919:396): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.919:396): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
type=AVC msg=audit(1418052342.919:396): avc:  granted  { search } for  pid=25200 comm="kdestroy" scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.418:441): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.418:441): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.418:442): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=7fd2263425a0 a3=b items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.418:442): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.595:443): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.595:443): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.595:444): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=7fd226ec0c50 a3=b items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.595:444): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.595:445): arch=c000003e syscall=248 success=no exit=-13 a0=7fd21702b54c a1=7fd2267bfb2e a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.595:445): avc:  denied  { write } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.595:446): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.595:446): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.595:447): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=7fd2268bbdd0 a3=b items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.595:447): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.595:448): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.595:448): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.595:449): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=7fd2268bbdd0 a3=4 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.595:449): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.595:450): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.595:450): avc:  denied  { view } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.596:451): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.596:451): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.596:452): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=7fd2265fa570 a3=b items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.596:452): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.596:453): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.596:453): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.596:454): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=7fd2265fa570 a3=4 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.596:454): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.596:455): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.596:455): avc:  denied  { view } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.596:456): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.596:456): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.596:457): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=7fd2262f4e40 a3=b items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.596:457): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.596:458): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.596:458): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.596:459): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=7fd2262f4e40 a3=4 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.596:459): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.596:460): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.596:460): avc:  denied  { view } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.597:461): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.597:461): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.597:462): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=7fd2262f4e20 a3=b items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.597:462): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.597:463): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.597:463): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.597:464): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=7fd2262f4e20 a3=4 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.597:464): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.597:465): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.597:465): avc:  denied  { view } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.597:466): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.597:466): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.597:467): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=7fd2265f5810 a3=b items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.597:467): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.597:468): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.597:468): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.598:469): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=7fd2265dfd30 a3=4 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.598:469): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.598:470): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.598:470): avc:  denied  { view } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.598:471): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.598:471): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.598:472): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=7fd22669e1b0 a3=b items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.598:472): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.598:473): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.598:473): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.598:474): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=7fd2262fe2e0 a3=4 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.598:474): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.598:475): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.598:475): avc:  denied  { view } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.598:476): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.598:476): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.598:477): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=7fd22632bb60 a3=b items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.598:477): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.599:478): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.599:478): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.599:479): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=7fd22632bb60 a3=4 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.599:479): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.599:480): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.599:480): avc:  denied  { view } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.599:481): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.599:481): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.599:482): arch=c000003e syscall=250 success=yes exit=11 a0=b a1=ee75348 a2=7fd2262bec90 a3=b items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.599:482): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.599:483): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.599:483): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.599:484): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=20701d67 a2=7fd2262bec90 a3=4 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.599:484): avc:  denied  { read } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
----
time->Mon Dec  8 20:57:41 2014
type=SYSCALL msg=audit(1418052461.599:485): arch=c000003e syscall=250 success=no exit=-13 a0=6 a1=ee75348 a2=0 a3=0 items=0 ppid=25866 pid=25874 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1418052461.599:485): avc:  denied  { view } for  pid=25874 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=key
[root@vm-idm-030 ~]#

Comment 40 Milos Malik 2014-12-09 10:48:16 UTC

Could you list all kernel keyrings for us?

# keyctl show

Comment 41 Miroslav Grepl 2014-12-09 11:17:13 UTC

Also do you install RHEL7.1 directly or do you do an upgrade from RHEL7.0?

Also I would re-test it with the following module


policy_module(mypol, 1.0)

require{
  attribute domain;
  type rpm_script_t;
 }
 
auditallow domain domain : key manage_key_perms;

Comment 42 Alexander Bokovoy 2014-12-09 12:07:26 UTC

(In reply to Miroslav Grepl from comment #41)
> Also do you install RHEL7.1 directly or do you do an upgrade from RHEL7.0?
> 
> Also I would re-test it with the following module
> 
> 
> policy_module(mypol, 1.0)
> 
> require{
>   attribute domain;
>   type rpm_script_t;
>  }
>  
> auditallow domain domain : key manage_key_perms;

I should point out that the same issue happens on Fedora 21. All you need to reproduce it is to install FreeIPA rpm packages as update while running FreeIPA server -- 'rpm -Uhv freeipa-*.rpm' is enough to get things broken.

Comment 43 Scott Poore 2014-12-09 13:47:26 UTC

[root@vm-idm-030 ~]# keyctl show
Session Keyring
 348425122 --alswrv      0     0  keyring: _ses
1022720223 --alswrv      0 65534   \_ keyring: _uid.0

And I'm only seeing this on upgrade.  Not on new install on 7.1.

Comment 44 Scott Poore 2014-12-09 14:01:39 UTC

Created attachment 966255 [details]
auditallow domain domain policy AVCs

adding output as attachment here as this is getting kind of long.  This is from the last policy setting requested:

[root@vm9 ~]# cat mypol.te 
policy_module(mypol, 1.0)

require{
  attribute domain;
  type rpm_script_t;
 }
 
auditallow domain domain : key manage_key_perms;

Comment 47 Lukas Vrabec 2014-12-16 15:58:30 UTC

Hi, 

Could anybody tell me which AVCs are actual and if there is any reproducer?

Comment 48 Daniel Walsh 2014-12-16 18:26:40 UTC

Why is a key ring being created in a post install of an rpm script, this is the key problem.

If we are creating a key ring it should be destroyed before starting any services.

We don't want apache using a keyring created in a post install script so allowing

allow domain domain:key manage_key_perms;  Breaks the separation totally.

This is really not an SELinux issue.  When rpm is done there should be no trace of anything labeled rpm_t or rpm_script_t left.  Allowing random domains to access this content can just lead to information leak,especially with something as critical as a kernel keyring.

If you are running as rpm_script_t and you do a kinit you will end up with a kernel keyring labeled rpm_script_t. If you then domtrans to httpd it will continue to access the keyring as rpm_script_t.  If they are running with the same UID I would guess.

If your scripts do a kdestroy when they are complete, does this destroy the kernel keyring?

Comment 49 Simo Sorce 2014-12-16 18:49:41 UTC

(In reply to Daniel Walsh from comment #48)
> This is really not an SELinux issue.  When rpm is done there should be no
> trace of anything labeled rpm_t or rpm_script_t left.  Allowing random
> domains to access this content can just lead to information leak,especially
> with something as critical as a kernel keyring.
> 
> If you are running as rpm_script_t and you do a kinit you will end up with a
> kernel keyring labeled rpm_script_t. If you then domtrans to httpd it will
> continue to access the keyring as rpm_script_t.  If they are running with
> the same UID I would guess.
> 
> If your scripts do a kdestroy when they are complete, does this destroy the
> kernel keyring?

Our script actually does a kdestroy, and I suspect that is the issue. I am taking a few hours to investigate this. Let's see if my hunch is correct.

Comment 50 Simo Sorce 2014-12-16 19:47:23 UTC

Ok my hunch was correct, thanks to Scott for testing this.

In ipa-upgradeconfig we call http.remove_httpd_ccache()

This was introduced around ipa 2.2 in order to clean up the ccache and prepare us to do s4u2proxy. Fast forward a few revisions and this bytes us because I think that keydestroy -A removes the keyring but also creates anew empty keyring.

This new empty keyring is created with the rpm_script_t label as the upgrade is run as part of the rpm upgrade.

For the short term I would suggest simply removing that operation, as it is not necessary on a modern ipa server.

We might invesitgate at a later time whether we need to preserve it at all and in what cases.

Comment 51 Simo Sorce 2014-12-16 19:51:18 UTC

Created attachment 969731 [details]
Patch to remove the operation causing issues

This patchg should fix the issue w/o requiring any change in SELinux policy.

Comment 52 Martin Kosek 2014-12-16 21:08:53 UTC

Ok, I agree with the change as well, let's follow this route.

Comment 53 Martin Kosek 2014-12-16 21:28:04 UTC

Upstream ticket:

https://fedorahosted.org/freeipa/ticket/4815

Comment 55 Alexander Bokovoy 2014-12-16 22:36:24 UTC

The problem with Simo's patch is that it does not solve the issue once it has happened. Any contaminated environment will stay as such with the wrong SELinux context until the reboot.

Cleaning with keyctl doesn't help either -- at least for me it didn't work when I updated Fedora 21 to the version of FreeIPA in updates-testing right now. No matter what I did (sudo -u apache kdestroy, keyctl clear, ...) everything didn't work -- IPA httpd process was unable to write to the persistent:48:48 keyring until I rebooted.

Now, instead of removal of the cleanup code we may simply change the context we run the code with, using 'runcon'.

Dan, will that work from the rpm scriptlet?

Comment 56 Martin Kosek 2014-12-17 11:20:50 UTC

(In reply to Alexander Bokovoy from comment #55)
...
> Cleaning with keyctl doesn't help either -- at least for me it didn't work
> when I updated Fedora 21 to the version of FreeIPA in updates-testing right
> now. No matter what I did (sudo -u apache kdestroy, keyctl clear, ...)
> everything didn't work -- IPA httpd process was unable to write to the
> persistent:48:48 keyring until I rebooted.

In my case, a workaround was to run

# sudo -u apache kinit -kt /etc/krb5.keytab HTTP/`hostname`

or

# sudo -u apache keyctl show @u
# sudo -u apache keyctl unlink KEY_ID

> 
> Now, instead of removal of the cleanup code we may simply change the context
> we run the code with, using 'runcon'.
> 
> Dan, will that work from the rpm scriptlet?

That looks hairy - that rpm_script_t process could run something with unconfined_t. I will let Mirek or Dan advise.

Comment 59 Daniel Walsh 2014-12-17 19:13:22 UTC

You can reboot the system or call some keyctl code to destroy the keyring, I guess.

Comment 60 Scott Poore 2014-12-17 20:53:17 UTC

Verified.

Version ::
ipa-server-4.1.0-13.el7.x86_64

Results ::

First, installed RHEL7.0 server.
Then, setup RHEL7.1 latest repo configs.
Then, 

[root@rhel7-8 ~]# yum -y update ipa-server sssd
Loaded plugins: product-id, subscription-manager
...
Updated:
  bind-dyndb-ldap.x86_64 0:6.0-2.el7   ipa-server.x86_64 0:4.1.0-13.el7   sssd.x86_64 0:1.12.2-32.el7  
...

Now check with pending automated test:

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa_upgrade_bz1164896: IPA server httpd avc denials after upgrade
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [  BEGIN   ] :: Running 'echo Secret123|kinit admin'
Password for admin: 
:: [   PASS   ] :: Command 'echo Secret123|kinit admin' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'ipa user-find > /tmp/tmpout.ipa_upgrade_bz1164896 2>&1'
:: [   PASS   ] :: Command 'ipa user-find > /tmp/tmpout.ipa_upgrade_bz1164896 2>&1' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'cat /tmp/tmpout.ipa_upgrade_bz1164896'
--------------
1 user matched
--------------
  User login: admin
  Last name: Administrator
  Home directory: /home/admin
  Login shell: /bin/bash
  UID: 1430600000
  GID: 1430600000
  Account disabled: False
  Password: True
  Kerberos keys available: True
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Command 'cat /tmp/tmpout.ipa_upgrade_bz1164896' (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmpout.ipa_upgrade_bz1164896' should not contain 'ipa: ERROR: cannot connect to...Internal Server Error' 
:: [  BEGIN   ] :: Running 'ausearch -m avc -ts 14:50 > /tmp/tmpout.ipa_upgrade_bz1164896 2>&1'
:: [   PASS   ] :: Command 'ausearch -m avc -ts 14:50 > /tmp/tmpout.ipa_upgrade_bz1164896 2>&1' (Expected 0,1, got 1)
:: [  BEGIN   ] :: Running 'cat /tmp/tmpout.ipa_upgrade_bz1164896'
<no matches>
:: [   PASS   ] :: Command 'cat /tmp/tmpout.ipa_upgrade_bz1164896' (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmpout.ipa_upgrade_bz1164896' should not contain 'httpd_t.*rpm_script_t' 
:: [   PASS   ] :: BZ 1164896 not found

Comment 61 Martin Kosek 2014-12-18 09:03:22 UTC

(In reply to Daniel Walsh from comment #59)
> You can reboot the system or call some keyctl code to destroy the keyring, I
> guess.


Right, this works for mitigation of the situation. What Alexander was asking for is if we can do other, better way of clearing the keyring CCache during RPM upgrade. Obviously, destroying the keyring during upgrade cannot be used as it would still get the wrong context.

Comment 62 Martin Kosek 2015-01-08 14:55:49 UTC

Simo's patch was accepted upstream:

Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/4f1fdc8f70c1efdb6c6074181d3ecbcb45df001e
ipa-4-1:
https://fedorahosted.org/freeipa/changeset/2d2230e56bff1ca8f863aa07bff2c891fca6dab4
ipa-4-0:
https://fedorahosted.org/freeipa/changeset/30a0203442f3ebbb638fab19820dc3274f82ae7d

Comment 64 errata-xmlrpc 2015-03-05 10:14:47 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0442.html

Comment 65 Tomas Babej 2015-10-08 09:20:02 UTC

*** Bug 1268141 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.