Dominic Grift wrote (in RE: Fedora 12 and unconfined_u sshdfilter):

...

Mixing the plain rules and the m4 macros didn't work when I tried it - but perhaps I just wasn’t writing it right. Is there a Refpolicy tutorial anywhere?

I spend a little time today writing about the policy structure in Fedora. Maybe it can help you or others:

http://82.197.205.60/~dgrift/stuff/Managing_a_SELinux_environment_with_Fedor...

Thank you - that is helpful.

Moray. "To err is human. To purr, feline"

On Mon, Dec 14, 2009 at 10:25:08AM -0800, David Highley wrote:

"Dominick Grift wrote:"

...

--===============0725889959== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="uAKRQypu60I7Lcqm" Content-Disposition: inline

--uAKRQypu60I7Lcqm Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable

On Mon, Dec 07, 2009 at 12:01:09PM +0000, Moray Henderson (ICT) wrote:

...

James Carter wrote:

...

Dan's example used Refpolicy interfaces. Interfaces are very useful and provide a better layer of abstraction, but they are just m4 macros, which have always been used in SELinux policy.

Interfaces should be used as much as possible, but it is not true that you can't mix the old and new ways.

=20 Mixing the plain rules and the m4 macros didn't work when I tried it - bu=

t perhaps I just wasn=E2=80=99t writing it right. Is there a Refpolicy tut= orial anywhere?

I spend a little time today writing about the policy structure in Fedora. M= aybe it can help you or others:

http://82.197.205.60/~dgrift/stuff/Managing_a_SELinux_environment_with_Fedo= ra_12.pdf

Still have not mastered this one yet. Here is the policy file created by grep of /var/log/audit/audit.log file piped to audit2allow:

module mysshdfilter 1.0;

require { type var_run_t; type iptables_exec_t; type bin_t; type sshd_t; type iptables_t; class lnk_file read; class file { read getattr open execute execute_no_trans }; class fifo_file { read write ioctl getattr }; }

#============= iptables_t ============== allow iptables_t bin_t:lnk_file read; allow iptables_t self:fifo_file { read write ioctl getattr };

echo "policy_module(newiptables, 1.0.0)" > newuiptables.te echo "optional_policy(`" >> newiptables.te echo "gen_require('" >> newiptables.te echo "type iptables_t;" >> newiptables.te echo "')" >> newiptables.te echo "corecmd_read_bin_symlinks(iptables_t)" >> newiptables.te echo "allow iptables_t self:fifo_file rw_fifo_file_perms;" >> newiptables.te echo "')" >> newiptables.te

make -f /usr/share/selinux/devel/Makefile newiptables.pp sudo semodule -i newiptables.pp

#============= sshd_t ============== allow sshd_t iptables_exec_t:file { read execute open execute_no_trans };

echo "policy_module(newsshd, 1.0.0)" > newsshd.te echo "optional_policy(`" >> newsshd.te echo "gen_require(`" >> newsshd.te echo "type sshd_t;" >> newsshd.te echo "')" >> newsshd.te echo "iptables_domtrans(sshd_t)" >> newsshd.te echo "')" >> newsshd.te

make -f /usr/share/selinux/devel/Makefile newsshd.pp sudo semodule -i newsshd.pp

allow sshd_t var_run_t:file getattr;

This one is a bit more complicated because i dont know for sure what created it (in what context runs sshdfilter?)

The audit log entries are: type=AVC msg=audit(1259642932.902:7): avc: denied { execute } for pid=1411 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259642932.902:7): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1562e28 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=1411 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259644707.700:73): avc: denied { execute } for pid=1948 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259644707.700:73): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=15694c8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=1948 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259650605.247:84): avc: denied { execute } for pid=2248 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259650605.247:84): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1567828 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=2248 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259661894.420:113): avc: denied { execute } for pid=2815 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259661894.420:113): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1566e28 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=2815 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259667665.966:123): avc: denied { execute } for pid=3724 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259667665.966:123): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=15699d8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=3724 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259671660.048:131): avc: denied { execute } for pid=3920 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259671660.048:131): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1565778 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=3920 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259673411.553:758): avc: denied { execute } for pid=4558 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259673411.553:758): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1569af8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=4558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259679153.568:1267): avc: denied { execute } for pid=5170 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259679153.568:1267): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1566a68 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=5170 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259682588.736:1315): avc: denied { execute } for pid=5540 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259682588.736:1315): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1565778 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=5540 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259684861.197:1344): avc: denied { execute } for pid=5745 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259684861.197:1344): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a478 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=5745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259690558.951:1388): avc: denied { execute } for pid=6161 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259690558.951:1388): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=15667a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=6161 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259702647.573:1433): avc: denied { execute } for pid=6829 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259702647.573:1433): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156b4d8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=6829 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259708100.231:1441): avc: denied { execute } for pid=7085 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259708100.231:1441): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a0b8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=7085 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259708922.953:1450): avc: denied { execute } for pid=7153 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259708922.953:1450): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a6a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=7153 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259713257.803:1545): avc: denied { execute } for pid=7492 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259713257.803:1545): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a4a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=7492 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259721513.893:1732): avc: denied { execute } for pid=8097 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259721513.893:1732): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a5d8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=8097 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259730724.196:1790): avc: denied { execute } for pid=8689 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259730724.196:1790): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1569718 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=8689 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259730728.123:1793): avc: denied { execute } for pid=8699 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259730728.123:1793): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1566778 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=8699 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259747840.157:1835): avc: denied { execute } for pid=9575 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259747840.157:1835): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156ba78 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=9575 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259760819.408:1863): avc: denied { execute } for pid=10840 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259760819.408:1863): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a4a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=10840 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259762576.442:1887): avc: denied { execute } for pid=11067 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259762576.442:1887): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d4d5a8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=11067 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259767362.673:1896): avc: denied { execute } for pid=11318 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259767362.673:1896): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d54088 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=11318 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259773905.214:1967): avc: denied { execute } for pid=11922 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259773905.214:1967): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d54868 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=11922 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259780362.196:1977): avc: denied { execute } for pid=12215 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259780362.196:1977): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d50af8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12215 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259780393.314:1979): avc: denied { execute } for pid=12219 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259780393.314:1979): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d50af8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12219 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259785085.323:2012): avc: denied { execute } for pid=12568 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259785085.323:2012): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d521b8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12568 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259786872.756:2015): avc: denied { execute } for pid=12645 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259786872.756:2015): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d53568 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12645 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259795695.936:2052): avc: denied { execute } for pid=13127 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259795695.936:2052): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d52e38 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=13127 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259802506.518:3031): avc: denied { getattr } for pid=11058 comm="sshdfilter" path="/var/run/sshdfilter.pid.SSHD" dev=dm-0 ino=12538 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file type=SYSCALL msg=audit(1259802506.518:3031): arch=c000003e syscall=6 success=no exit=-13 a0=d4a128 a1=a0d0a0 a2=a0d0a0 a3=7fffb9164bb0 items=0 ppid=1 pid=11058 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259802888.332:7): avc: denied { ioctl } for pid=1435 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259802888.332:7): arch=c000003e syscall=16 success=yes exit=128 a0=3 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1431 pid=1435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259802888.340:8): avc: denied { ioctl } for pid=1435 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259802888.340:8): arch=c000003e syscall=16 success=yes exit=128 a0=4 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1431 pid=1435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259802888.342:9): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11031]" dev=pipefs ino=11031 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file type=AVC msg=audit(1259802888.343:10): avc: denied { read } for pid=1435 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259802888.343:10): arch=c000003e syscall=0 success=yes exit=128 a0=3 a1=eb06e8 a2=1000 a3=0 items=0 ppid=1431 pid=1435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=SYSCALL msg=audit(1259802888.342:9): arch=c000003e syscall=16 success=yes exit=128 a0=5 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259802888.347:11): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11031]" dev=pipefs ino=11031 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259802888.347:11): arch=c000003e syscall=16 success=yes exit=128 a0=6 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259802888.350:12): avc: denied { read } for pid=1439 comm="sshdfilter" path="pipe:[11031]" dev=pipefs ino=11031 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259802888.350:12): arch=c000003e syscall=0 success=yes exit=128 a0=5 a1=eb0f18 a2=1000 a3=0 items=0 ppid=1438 pid=1439 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259802888.360:13): avc: denied { read } for pid=1440 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file type=SYSCALL msg=audit(1259802888.360:13): arch=c000003e syscall=59 success=no exit=-13 a0=7fd1ef909e0f a1=7fffa884e9b0 a2=7fffa88511c0 a3=7fffa88507d0 items=0 ppid=1438 pid=1440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259802888.364:14): avc: denied { write } for pid=1440 comm="sshdfilter" path="pipe:[11043]" dev=pipefs ino=11043 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259802888.364:14): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7fffa8850a0c a2=4 a3=7fffa8850790 items=0 ppid=1438 pid=1440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259802888.367:15): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11043]" dev=pipefs ino=11043 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259802888.367:15): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7fffa8850ccc a2=4 a3=b73830 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259802888.367:16): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11042]" dev=pipefs ino=11042 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259802888.367:16): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7fffa8850a20 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259802888.367:17): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11042]" dev=pipefs ino=11042 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259802888.367:17): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=eb1168 a2=1000 a3=0 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259802888.375:18): avc: denied { read } for pid=1441 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file type=SYSCALL msg=audit(1259802888.375:18): arch=c000003e syscall=59 success=no exit=-13 a0=7fd1ef909e0f a1=7fffa884e9b0 a2=7fffa88511c0 a3=7fffa88507d0 items=0 ppid=1438 pid=1441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259802888.375:19): avc: denied { write } for pid=1441 comm="sshdfilter" path="pipe:[11045]" dev=pipefs ino=11045 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259802888.375:19): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7fffa8850a0c a2=4 a3=8 items=0 ppid=1438 pid=1441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259802888.378:20): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11045]" dev=pipefs ino=11045 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259802888.378:20): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7fffa8850ccc a2=4 a3=7fd1ef2e39d0 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259802888.378:21): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11044]" dev=pipefs ino=11044 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259802888.378:21): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7fffa8850a20 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259802888.378:22): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11044]" dev=pipefs ino=11044 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259802888.378:22): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=eb2878 a2=1000 a3=0 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259802888.379:23): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259802888.379:23): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259802888.379:24): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259802888.379:24): arch=c000003e syscall=16 success=yes exit=128 a0=8 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259802888.384:25): avc: denied { ioctl } for pid=1442 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259802888.384:25): arch=c000003e syscall=16 success=yes exit=128 a0=4 a1=5401 a2=7fffa8850ba0 a3=60 items=0 ppid=1438 pid=1442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259802888.384:26): avc: denied { getattr } for pid=1442 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259802888.384:26): arch=c000003e syscall=5 success=yes exit=128 a0=4 a1=b730a0 a2=b730a0 a3=0 items=0 ppid=1438 pid=1442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259802889.381:27): avc: denied { read } for pid=1494 comm="sshdfilter" name="iptables" dev=dm-0 ino=11793 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file type=SYSCALL msg=audit(1259802889.381:27): arch=c000003e syscall=59 success=no exit=-13 a0=7fffa8850a88 a1=eb31c8 a2=7fffa88511c0 a3=7fffa88508d0 items=0 ppid=1438 pid=1494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259802889.382:28): avc: denied { write } for pid=1494 comm="sshdfilter" path="pipe:[11397]" dev=pipefs ino=11397 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259802889.382:28): arch=c000003e syscall=1 success=yes exit=128 a0=9 a1=7fffa8850b0c a2=4 a3=8 items=0 ppid=1438 pid=1494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259802889.385:29): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11397]" dev=pipefs ino=11397 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259802889.385:29): arch=c000003e syscall=0 success=yes exit=128 a0=8 a1=7fffa8850f18 a2=4 a3=8 items=0 ppid=1 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259802889.388:30): avc: denied { write } for pid=1438 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259802889.388:30): arch=c000003e syscall=1 success=yes exit=128 a0=4 a1=eb3248 a2=9 a3=0 items=0 ppid=1 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259802889.390:31): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259802889.390:31): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=eb3568 a2=400 a3=b73010 items=0 ppid=1 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803042.790:43): avc: denied { ioctl } for pid=2329 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259803042.790:43): arch=c000003e syscall=16 success=yes exit=4294967424 a0=3 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2323 pid=2329 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803042.795:44): avc: denied { ioctl } for pid=2329 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259803042.795:44): arch=c000003e syscall=16 success=yes exit=4294967424 a0=4 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2323 pid=2329 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803042.798:45): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24509]" dev=pipefs ino=24509 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file type=AVC msg=audit(1259803042.801:46): avc: denied { read } for pid=2329 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259803042.801:46): arch=c000003e syscall=0 success=yes exit=128 a0=3 a1=104fb28 a2=1000 a3=0 items=0 ppid=2323 pid=2329 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=SYSCALL msg=audit(1259803042.798:45): arch=c000003e syscall=16 success=yes exit=4294967424 a0=5 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803042.804:47): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24509]" dev=pipefs ino=24509 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259803042.804:47): arch=c000003e syscall=16 success=yes exit=4294967424 a0=6 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803042.806:48): avc: denied { read } for pid=2333 comm="sshdfilter" path="pipe:[24509]" dev=pipefs ino=24509 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file type=AVC msg=audit(1259803042.812:49): avc: denied { read } for pid=2334 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file type=SYSCALL msg=audit(1259803042.806:48): arch=c000003e syscall=0 success=yes exit=4294967424 a0=5 a1=1050268 a2=1000 a3=0 items=0 ppid=2332 pid=2333 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803042.816:50): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24516]" dev=pipefs ino=24516 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259803042.812:49): arch=c000003e syscall=59 success=no exit=-13 a0=7fceba680e0f a1=7ffffc391b70 a2=7ffffc394380 a3=7ffffc393990 items=0 ppid=2332 pid=2334 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803042.816:51): avc: denied { write } for pid=2334 comm="sshdfilter" path="pipe:[24516]" dev=pipefs ino=24516 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259803042.816:51): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7ffffc393bcc a2=4 a3=7ffffc393950 items=0 ppid=2332 pid=2334 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=SYSCALL msg=audit(1259803042.816:50): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7ffffc393e8c a2=4 a3=d13830 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803042.818:52): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24515]" dev=pipefs ino=24515 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259803042.818:52): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7ffffc393be0 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803042.818:53): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24515]" dev=pipefs ino=24515 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259803042.818:53): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=10504b8 a2=1000 a3=0 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803042.823:54): avc: denied { read } for pid=2335 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file type=SYSCALL msg=audit(1259803042.823:54): arch=c000003e syscall=59 success=no exit=-13 a0=7fceba680e0f a1=7ffffc391b70 a2=7ffffc394380 a3=7ffffc393990 items=0 ppid=2332 pid=2335 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803042.823:55): avc: denied { write } for pid=2335 comm="sshdfilter" path="pipe:[24518]" dev=pipefs ino=24518 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259803042.823:55): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7ffffc393bcc a2=4 a3=8 items=0 ppid=2332 pid=2335 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803042.828:56): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24518]" dev=pipefs ino=24518 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259803042.828:56): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7ffffc393e8c a2=4 a3=7fceba05a9d0 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803042.828:57): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24517]" dev=pipefs ino=24517 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259803042.828:57): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7ffffc393be0 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803042.828:58): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24517]" dev=pipefs ino=24517 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259803042.828:58): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=1051cc8 a2=1000 a3=0 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803042.833:59): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259803042.833:59): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803042.833:60): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259803042.833:60): arch=c000003e syscall=16 success=yes exit=128 a0=8 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803042.834:61): avc: denied { ioctl } for pid=2336 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259803042.834:61): arch=c000003e syscall=16 success=yes exit=128 a0=4 a1=5401 a2=7ffffc393d60 a3=60 items=0 ppid=2332 pid=2336 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803042.836:62): avc: denied { getattr } for pid=2336 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259803042.836:62): arch=c000003e syscall=5 success=yes exit=128 a0=4 a1=d130a0 a2=d130a0 a3=0 items=0 ppid=2332 pid=2336 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803043.839:63): avc: denied { read } for pid=2338 comm="sshdfilter" name="iptables" dev=dm-0 ino=11793 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file type=SYSCALL msg=audit(1259803043.839:63): arch=c000003e syscall=59 success=no exit=-13 a0=7ffffc393c48 a1=1052638 a2=7ffffc394380 a3=7ffffc393a90 items=0 ppid=2332 pid=2338 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803043.840:64): avc: denied { write } for pid=2338 comm="sshdfilter" path="pipe:[24549]" dev=pipefs ino=24549 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259803043.840:64): arch=c000003e syscall=1 success=yes exit=128 a0=9 a1=7ffffc393ccc a2=4 a3=8 items=0 ppid=2332 pid=2338 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803043.844:65): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24549]" dev=pipefs ino=24549 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259803043.844:65): arch=c000003e syscall=0 success=yes exit=128 a0=8 a1=7ffffc3940d8 a2=4 a3=8 items=0 ppid=1 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803043.845:66): avc: denied { write } for pid=2332 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259803043.845:66): arch=c000003e syscall=1 success=yes exit=128 a0=4 a1=10526b8 a2=9 a3=0 items=0 ppid=1 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803043.849:67): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1259803043.849:67): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=10529d8 a2=400 a3=d13010 items=0 ppid=1 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1259803128.077:69): avc: denied { execute } for pid=2422 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259803128.077:69): arch=c000003e syscall=59 success=no exit=-13 a0=7fff14469168 a1=1c20208 a2=7fff144698a0 a3=7fff14468fb0 items=0 ppid=2413 pid=2422 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259806154.170:82): avc: denied { execute } for pid=2653 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259806154.170:82): arch=c000003e syscall=59 success=no exit=-13 a0=7fff14469168 a1=1c267e8 a2=7fff144698a0 a3=7fff14468fb0 items=0 ppid=2413 pid=2653 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259812687.066:113): avc: denied { read open } for pid=3074 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259812687.066:113): arch=c000003e syscall=59 success=no exit=-13 a0=7fff14469168 a1=1c26a88 a2=7fff144698a0 a3=7fff14468fb0 items=0 ppid=2413 pid=3074 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259816690.197:196): avc: denied { read open } for pid=3631 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259816690.197:196): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=24095a8 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=3631 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259819529.773:214): avc: denied { read open } for pid=3827 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259819529.773:214): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=2410198 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=3827 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259899887.509:471): avc: denied { read open } for pid=11794 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259899887.509:471): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=2410198 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=11794 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259899890.409:475): avc: denied { read open } for pid=11799 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259899890.409:475): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=2410548 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=11799 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1259899950.600:483): avc: denied { read open } for pid=11860 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1259899950.600:483): arch=c000003e syscall=59 success=no exit=-13 a0=7fff9722f198 a1=f6e208 a2=7fff9722f8d0 a3=7fff9722efe0 items=0 ppid=11851 pid=11860 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=44 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1260146847.427:1066): avc: denied { read open } for pid=28420 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1260146847.427:1066): arch=c000003e syscall=59 success=no exit=-13 a0=7fff9722f198 a1=f71c88 a2=7fff9722f8d0 a3=7fff9722efe0 items=0 ppid=11851 pid=28420 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=44 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1260146850.722:1070): avc: denied { read open } for pid=28428 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1260146850.722:1070): arch=c000003e syscall=59 success=no exit=-13 a0=7fff9722f198 a1=f72a28 a2=7fff9722f8d0 a3=7fff9722efe0 items=0 ppid=11851 pid=28428 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=44 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1260500225.789:25455): avc: denied { read open } for pid=21350 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1260500225.789:25455): arch=c000003e syscall=59 success=no exit=-13 a0=7fff032b96b8 a1=bdbd18 a2=7fff032b9df0 a3=7fff032b9500 items=0 ppid=1441 pid=21350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1260500228.740:25459): avc: denied { read open } for pid=21355 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1260500228.740:25459): arch=c000003e syscall=59 success=no exit=-13 a0=7fff032b96b8 a1=bddc38 a2=7fff032b9df0 a3=7fff032b9500 items=0 ppid=1441 pid=21355 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1260500358.675:25470): avc: denied { getattr } for pid=1441 comm="sshdfilter" path="/var/run/sshdfilter.pid.SSHD" dev=dm-0 ino=10948 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file type=SYSCALL msg=audit(1260500358.675:25470): arch=c000003e syscall=6 success=no exit=-13 a0=bd5dd8 a1=8980a0 a2=8980a0 a3=7fff032b9880 items=0 ppid=1 pid=1441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1260809448.592:28614): avc: denied { execute_no_trans } for pid=23422 comm="sshdfilter" path="/sbin/iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file type=SYSCALL msg=audit(1260809448.592:28614): arch=c000003e syscall=59 success=no exit=-13 a0=7fffc0880288 a1=e0c508 a2=7fffc08809c0 a3=7fffc08800d0 items=0 ppid=1432 pid=23422 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)

...

...

=20 =20 Moray. "To err is human. To purr, feline" =20 =20 -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list

--uAKRQypu60I7Lcqm Content-Type: application/pgp-signature Content-Disposition: inline

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAksdZWwACgkQMlxVo39jgT/olgCgwo9wvxeAyJG/gm4dEYHBIpGf TNEAn2bFoQZeg8+gaYPIDuB0wxuu6N8F =tNuu -----END PGP SIGNATURE-----

--uAKRQypu60I7Lcqm--

--===============0725889959== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline

-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list --===============0725889959==--

-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list

"David Highley wrote:"

"Dominick Grift wrote:"

...

--===============1862406356== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="AhhlLboLdkugWU4S" Content-Disposition: inline

--AhhlLboLdkugWU4S Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable

On Mon, Dec 14, 2009 at 10:25:08AM -0800, David Highley wrote:

...

"Dominick Grift wrote:"

...

=20 =20 --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D Content-Type: multipart/signed; micalg=3Dpgp-sha1; protocol=3D"application/pgp-signature"; boundary=3D"uAKRQypu60I7Lcqm" Content-Disposition: inline =20 =20 --uAKRQypu60I7Lcqm Content-Type: text/plain; charset=3Dutf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable =20 On Mon, Dec 07, 2009 at 12:01:09PM +0000, Moray Henderson (ICT) wrote:

...

James Carter wrote:

...

Dan's example used Refpolicy interfaces. Interfaces are very useful=

and

...

...

...

...

provide a better layer of abstraction, but they are just m4 macros, which have always been used in SELinux policy.

Interfaces should be used as much as possible, but it is not true th=

at

...

...

...

...

you can't mix the old and new ways.

=3D20 Mixing the plain rules and the m4 macros didn't work when I tried it =

• bu=3D

...

...

t perhaps I just wasn=3DE2=3D80=3D99t writing it right. Is there a Ref=

policy tut=3D

...

...

orial anywhere? =20 I spend a little time today writing about the policy structure in Fedor=

a. M=3D

...

...

aybe it can help you or others: =20 http://82.197.205.60/~dgrift/stuff/Managing_a_SELinux_environment_with_=

Fedo=3D

...

...

ra_12.pdf

=20 =20 Still have not mastered this one yet. Here is the policy file created by grep of /var/log/audit/audit.log file piped to audit2allow: =20 module mysshdfilter 1.0; =20 require { type var_run_t; type iptables_exec_t; type bin_t; type sshd_t; type iptables_t; class lnk_file read; class file { read getattr open execute execute_no_trans }; class fifo_file { read write ioctl getattr }; } =20 #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D iptables_t =3D=3D=3D=3D=3D=3D=3D=

=3D=3D=3D=3D=3D=3D=3D

...

allow iptables_t bin_t:lnk_file read; allow iptables_t self:fifo_file { read write ioctl getattr };

echo "policy_module(newiptables, 1.0.0)" > newuiptables.te echo "optional_policy(`" >> newiptables.te echo "gen_require('" >> newiptables.te echo "type iptables_t;" >> newiptables.te echo "')" >> newiptables.te echo "corecmd_read_bin_symlinks(iptables_t)" >> newiptables.te echo "allow iptables_t self:fifo_file rw_fifo_file_perms;" >> newiptables.te echo "')" >> newiptables.te

make -f /usr/share/selinux/devel/Makefile newiptables.pp

Running the make for the above file ended up in an infinit loop outputing: myiptables.te:2: Warning: deprecated use of module name () as first parameter of optional_policy() block.

...

sudo semodule -i newiptables.pp

...

=20 #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D sshd_t =3D=3D=3D=3D=3D=3D=3D=3D=

=3D=3D=3D=3D=3D=3D

...

allow sshd_t iptables_exec_t:file { read execute open execute_no_trans };

echo "policy_module(newsshd, 1.0.0)" > newsshd.te echo "optional_policy(`" >> newsshd.te echo "gen_require(`" >> newsshd.te echo "type sshd_t;" >> newsshd.te echo "')" >> newsshd.te echo "iptables_domtrans(sshd_t)" >> newsshd.te echo "')" >> newsshd.te

make -f /usr/share/selinux/devel/Makefile newsshd.pp sudo semodule -i newsshd.pp

...

allow sshd_t var_run_t:file getattr;

This one is a bit more complicated because i dont know for sure what create= d it (in what context runs sshdfilter?)

...

=20

I also ment to ask if all three policy; mysshdfilter.pp, newiptables.pp, and newsshd.pp; changes are needed?

<trimmed audit log entries>

...

...

=20

...

...

=3D20 =3D20 Moray. "To err is human. To purr, feline" =3D20 =3D20 -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list

=20 --uAKRQypu60I7Lcqm Content-Type: application/pgp-signature Content-Disposition: inline =20 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) =20 iEYEARECAAYFAksdZWwACgkQMlxVo39jgT/olgCgwo9wvxeAyJG/gm4dEYHBIpGf TNEAn2bFoQZeg8+gaYPIDuB0wxuu6N8F =3DtNuu -----END PGP SIGNATURE----- =20 --uAKRQypu60I7Lcqm-- =20 =20 --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D Content-Type: text/plain; charset=3D"us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline =20 -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D-- =20

=20

fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list

--AhhlLboLdkugWU4S Content-Type: application/pgp-signature Content-Disposition: inline

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAksmrEAACgkQMlxVo39jgT/UPwCfexQ3gHxMcD3IFrFCeLSmqrQK 1wQAn1TK0UM7xl0MqMFwQbeBb6qr+cst =b5GU -----END PGP SIGNATURE-----

--AhhlLboLdkugWU4S--

--===============1862406356== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline

-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list --===============1862406356==--

-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list

On Mon, Dec 14, 2009 at 04:21:41PM -0800, David Highley wrote:

"Dominick Grift wrote:"

...

--===============1862406356== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="AhhlLboLdkugWU4S" Content-Disposition: inline

--AhhlLboLdkugWU4S Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable

On Mon, Dec 14, 2009 at 10:25:08AM -0800, David Highley wrote:

...

"Dominick Grift wrote:"

...

=20 =20 --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D Content-Type: multipart/signed; micalg=3Dpgp-sha1; protocol=3D"application/pgp-signature"; boundary=3D"uAKRQypu60I7Lcqm" Content-Disposition: inline =20 =20 --uAKRQypu60I7Lcqm Content-Type: text/plain; charset=3Dutf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable =20 On Mon, Dec 07, 2009 at 12:01:09PM +0000, Moray Henderson (ICT) wrote:

...

James Carter wrote:

...

Dan's example used Refpolicy interfaces. Interfaces are very useful=

and

...

...

...

...

provide a better layer of abstraction, but they are just m4 macros, which have always been used in SELinux policy.

Interfaces should be used as much as possible, but it is not true th=

at

...

...

...

...

you can't mix the old and new ways.

=3D20 Mixing the plain rules and the m4 macros didn't work when I tried it =

• bu=3D

...

...

t perhaps I just wasn=3DE2=3D80=3D99t writing it right. Is there a Ref=

policy tut=3D

...

...

orial anywhere? =20 I spend a little time today writing about the policy structure in Fedor=

a. M=3D

...

...

aybe it can help you or others: =20 http://82.197.205.60/~dgrift/stuff/Managing_a_SELinux_environment_with_=

Fedo=3D

...

...

ra_12.pdf

=20 =20 Still have not mastered this one yet. Here is the policy file created by grep of /var/log/audit/audit.log file piped to audit2allow: =20 module mysshdfilter 1.0; =20 require { type var_run_t; type iptables_exec_t; type bin_t; type sshd_t; type iptables_t; class lnk_file read; class file { read getattr open execute execute_no_trans }; class fifo_file { read write ioctl getattr }; } =20 #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D iptables_t =3D=3D=3D=3D=3D=3D=3D=

=3D=3D=3D=3D=3D=3D=3D

...

allow iptables_t bin_t:lnk_file read; allow iptables_t self:fifo_file { read write ioctl getattr };

echo "policy_module(newiptables, 1.0.0)" > newuiptables.te echo "optional_policy(`" >> newiptables.te echo "gen_require('" >> newiptables.te echo "type iptables_t;" >> newiptables.te echo "')" >> newiptables.te echo "corecmd_read_bin_symlinks(iptables_t)" >> newiptables.te echo "allow iptables_t self:fifo_file rw_fifo_file_perms;" >> newiptables.te echo "')" >> newiptables.te

make -f /usr/share/selinux/devel/Makefile newiptables.pp sudo semodule -i newiptables.pp

...

=20 #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D sshd_t =3D=3D=3D=3D=3D=3D=3D=3D=

=3D=3D=3D=3D=3D=3D

...

allow sshd_t iptables_exec_t:file { read execute open execute_no_trans };

echo "policy_module(newsshd, 1.0.0)" > newsshd.te echo "optional_policy(`" >> newsshd.te echo "gen_require(`" >> newsshd.te echo "type sshd_t;" >> newsshd.te echo "')" >> newsshd.te echo "iptables_domtrans(sshd_t)" >> newsshd.te echo "')" >> newsshd.te

make -f /usr/share/selinux/devel/Makefile newsshd.pp sudo semodule -i newsshd.pp

...

allow sshd_t var_run_t:file getattr;

This one is a bit more complicated because i dont know for sure what create= d it (in what context runs sshdfilter?)

...

=20

The two policy modules above try to fix the avc denials above. if you do not have mysshdfilter.pp installed then there is no need to install it now. But we do need to find a solution for the remaining avc denial that either of the two enclosed policy modules above do not fix.

I also ment to ask if all three policy; mysshdfilter.pp, newiptables.pp, and newsshd.pp; changes are needed?

<trimmed audit log entries>

...

...

=20

...

...

=3D20 =3D20 Moray. "To err is human. To purr, feline" =3D20 =3D20 -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list

=20 --uAKRQypu60I7Lcqm Content-Type: application/pgp-signature Content-Disposition: inline =20 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) =20 iEYEARECAAYFAksdZWwACgkQMlxVo39jgT/olgCgwo9wvxeAyJG/gm4dEYHBIpGf TNEAn2bFoQZeg8+gaYPIDuB0wxuu6N8F =3DtNuu -----END PGP SIGNATURE----- =20 --uAKRQypu60I7Lcqm-- =20 =20 --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D Content-Type: text/plain; charset=3D"us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline =20 -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D-- =20

=20

fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list

--AhhlLboLdkugWU4S Content-Type: application/pgp-signature Content-Disposition: inline

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAksmrEAACgkQMlxVo39jgT/UPwCfexQ3gHxMcD3IFrFCeLSmqrQK 1wQAn1TK0UM7xl0MqMFwQbeBb6qr+cst =b5GU -----END PGP SIGNATURE-----

--AhhlLboLdkugWU4S--

--===============1862406356== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline

-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list --===============1862406356==--

-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list

"Dominick Grift wrote:"

--===============1736741946== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="2B/JsCI69OhZNC5r" Content-Disposition: inline

--2B/JsCI69OhZNC5r Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable

On Mon, Dec 14, 2009 at 10:25:08AM -0800, David Highley wrote:

...

"Dominick Grift wrote:"

...

=20 =20 --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D Content-Type: multipart/signed; micalg=3Dpgp-sha1; protocol=3D"application/pgp-signature"; boundary=3D"uAKRQypu60I7Lcqm" Content-Disposition: inline =20 =20 --uAKRQypu60I7Lcqm Content-Type: text/plain; charset=3Dutf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable =20 On Mon, Dec 07, 2009 at 12:01:09PM +0000, Moray Henderson (ICT) wrote:

...

James Carter wrote:

...

Dan's example used Refpolicy interfaces. Interfaces are very useful=

and

...

...

...

...

provide a better layer of abstraction, but they are just m4 macros, which have always been used in SELinux policy.

Interfaces should be used as much as possible, but it is not true th=

at

...

...

...

...

you can't mix the old and new ways.

=3D20 Mixing the plain rules and the m4 macros didn't work when I tried it =

• bu=3D

...

...

t perhaps I just wasn=3DE2=3D80=3D99t writing it right. Is there a Ref=

policy tut=3D

...

...

orial anywhere? =20 I spend a little time today writing about the policy structure in Fedor=

a. M=3D

...

...

aybe it can help you or others: =20 http://82.197.205.60/~dgrift/stuff/Managing_a_SELinux_environment_with_=

Fedo=3D

...

...

ra_12.pdf

=20 =20 Still have not mastered this one yet. Here is the policy file created by grep of /var/log/audit/audit.log file piped to audit2allow: =20 module mysshdfilter 1.0; =20 require { type var_run_t; type iptables_exec_t; type bin_t; type sshd_t; type iptables_t; class lnk_file read; class file { read getattr open execute execute_no_trans }; class fifo_file { read write ioctl getattr }; } =20 #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D iptables_t =3D=3D=3D=3D=3D=3D=3D=

=3D=3D=3D=3D=3D=3D=3D

...

allow iptables_t bin_t:lnk_file read; allow iptables_t self:fifo_file { read write ioctl getattr }; =20 #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D sshd_t =3D=3D=3D=3D=3D=3D=3D=3D=

=3D=3D=3D=3D=3D=3D

...

allow sshd_t iptables_exec_t:file { read execute open execute_no_trans };

...

allow sshd_t var_run_t:file getattr;

Actually i think sshdfilter init script may have created it? Does it even h= ave an init script?

Sorry, I think I confused the issue a little. I dumped in all the audit log entries related to the sshd filter wrapper script starting with no policy changes. I thought it might help to find the right policy changes.

The wrapper filter script does not have its own init script, we modify the sshd init script to invoke the wrapper script instead of sshd. This is some what bad in that package maintainers assume they can freely over write the init scripts and not break a site.

...

=20 =20 The audit log entries are: type=3DAVC msg=3Daudit(1259642932.902:7): avc: denied { execute } for =

pid=3D1411 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D117= 98 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_u:o= bject_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259642932.902:7): arch=3Dc000003e syscall=3D5=

9 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1562e28 a2=3D7fff837b3df0 = a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D1411 auid=3D4294967295 uid=3D= 0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(no= ne) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsyste= m_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259644707.700:73): avc: denied { execute } for =

pid=3D1948 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D11= 798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_u:= object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259644707.700:73): arch=3Dc000003e syscall=3D=

59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D15694c8 a2=3D7fff837b3df0= a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D1948 auid=3D4294967295 uid= =3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D= (none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsy= stem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259650605.247:84): avc: denied { execute } for =

pid=3D2248 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D11= 798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_u:= object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259650605.247:84): arch=3Dc000003e syscall=3D=

59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1567828 a2=3D7fff837b3df0= a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D2248 auid=3D4294967295 uid= =3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D= (none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsy= stem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259661894.420:113): avc: denied { execute } for=

pid=3D2815 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D1= 1798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_u= :object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259661894.420:113): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1566e28 a2=3D7fff837b3= df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D2815 auid=3D4294967295 ui= d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty= =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj= =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259667665.966:123): avc: denied { execute } for=

pid=3D3724 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D1= 1798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_u= :object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259667665.966:123): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D15699d8 a2=3D7fff837b3= df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D3724 auid=3D4294967295 ui= d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty= =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj= =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259671660.048:131): avc: denied { execute } for=

pid=3D3920 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D1= 1798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_u= :object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259671660.048:131): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1565778 a2=3D7fff837b3= df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D3920 auid=3D4294967295 ui= d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty= =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj= =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259673411.553:758): avc: denied { execute } for=

pid=3D4558 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D1= 1798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_u= :object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259673411.553:758): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1569af8 a2=3D7fff837b3= df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D4558 auid=3D4294967295 ui= d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty= =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj= =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259679153.568:1267): avc: denied { execute } fo=

r pid=3D5170 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D= 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_= u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259679153.568:1267): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1566a68 a2=3D7fff837b3= df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D5170 auid=3D4294967295 ui= d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty= =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj= =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259682588.736:1315): avc: denied { execute } fo=

r pid=3D5540 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D= 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_= u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259682588.736:1315): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1565778 a2=3D7fff837b3= df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D5540 auid=3D4294967295 ui= d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty= =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj= =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259684861.197:1344): avc: denied { execute } fo=

r pid=3D5745 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D= 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_= u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259684861.197:1344): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156a478 a2=3D7fff837b3= df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D5745 auid=3D4294967295 ui= d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty= =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj= =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259690558.951:1388): avc: denied { execute } fo=

r pid=3D6161 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D= 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_= u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259690558.951:1388): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D15667a8 a2=3D7fff837b3= df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D6161 auid=3D4294967295 ui= d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty= =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj= =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259702647.573:1433): avc: denied { execute } fo=

r pid=3D6829 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D= 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_= u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259702647.573:1433): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156b4d8 a2=3D7fff837b3= df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D6829 auid=3D4294967295 ui= d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty= =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj= =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259708100.231:1441): avc: denied { execute } fo=

r pid=3D7085 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D= 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_= u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259708100.231:1441): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156a0b8 a2=3D7fff837b3= df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D7085 auid=3D4294967295 ui= d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty= =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj= =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259708922.953:1450): avc: denied { execute } fo=

r pid=3D7153 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D= 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_= u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259708922.953:1450): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156a6a8 a2=3D7fff837b3= df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D7153 auid=3D4294967295 ui= d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty= =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj= =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259713257.803:1545): avc: denied { execute } fo=

r pid=3D7492 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D= 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_= u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259713257.803:1545): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156a4a8 a2=3D7fff837b3= df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D7492 auid=3D4294967295 ui= d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty= =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj= =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259721513.893:1732): avc: denied { execute } fo=

r pid=3D8097 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D= 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_= u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259721513.893:1732): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156a5d8 a2=3D7fff837b3= df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D8097 auid=3D4294967295 ui= d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty= =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj= =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259730724.196:1790): avc: denied { execute } fo=

r pid=3D8689 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D= 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_= u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259730724.196:1790): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1569718 a2=3D7fff837b3= df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D8689 auid=3D4294967295 ui= d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty= =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj= =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259730728.123:1793): avc: denied { execute } fo=

r pid=3D8699 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D= 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_= u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259730728.123:1793): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1566778 a2=3D7fff837b3= df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D8699 auid=3D4294967295 ui= d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty= =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj= =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259747840.157:1835): avc: denied { execute } fo=

r pid=3D9575 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D= 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_= u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259747840.157:1835): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156ba78 a2=3D7fff837b3= df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D9575 auid=3D4294967295 ui= d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty= =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj= =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259760819.408:1863): avc: denied { execute } fo=

r pid=3D10840 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino= =3D11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsyst= em_u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259760819.408:1863): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156a4a8 a2=3D7fff837b3= df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D10840 auid=3D4294967295 u= id=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty= =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj= =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259762576.442:1887): avc: denied { execute } fo=

r pid=3D11067 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino= =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D= system_u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259762576.442:1887): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd4d5a8 a2=3D7fffb91651= 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D11067 auid=3D1000 uid=3D0= gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non= e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s= ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259767362.673:1896): avc: denied { execute } fo=

r pid=3D11318 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino= =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D= system_u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259767362.673:1896): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd54088 a2=3D7fffb91651= 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D11318 auid=3D1000 uid=3D0= gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non= e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s= ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259773905.214:1967): avc: denied { execute } fo=

r pid=3D11922 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino= =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D= system_u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259773905.214:1967): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd54868 a2=3D7fffb91651= 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D11922 auid=3D1000 uid=3D0= gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non= e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s= ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259780362.196:1977): avc: denied { execute } fo=

r pid=3D12215 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino= =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D= system_u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259780362.196:1977): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd50af8 a2=3D7fffb91651= 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D12215 auid=3D1000 uid=3D0= gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non= e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s= ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259780393.314:1979): avc: denied { execute } fo=

r pid=3D12219 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino= =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D= system_u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259780393.314:1979): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd50af8 a2=3D7fffb91651= 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D12219 auid=3D1000 uid=3D0= gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non= e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s= ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259785085.323:2012): avc: denied { execute } fo=

r pid=3D12568 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino= =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D= system_u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259785085.323:2012): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd521b8 a2=3D7fffb91651= 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D12568 auid=3D1000 uid=3D0= gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non= e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s= ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259786872.756:2015): avc: denied { execute } fo=

r pid=3D12645 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino= =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D= system_u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259786872.756:2015): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd53568 a2=3D7fffb91651= 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D12645 auid=3D1000 uid=3D0= gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non= e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s= ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259795695.936:2052): avc: denied { execute } fo=

r pid=3D13127 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino= =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D= system_u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259795695.936:2052): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd52e38 a2=3D7fffb91651= 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D13127 auid=3D1000 uid=3D0= gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non= e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s= ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259802506.518:3031): avc: denied { getattr } fo=

r pid=3D11058 comm=3D"sshdfilter" path=3D"/var/run/sshdfilter.pid.SSHD" de= v=3Ddm-0 ino=3D12538 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023= tcontext=3Dsystem_u:object_r:var_run_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259802506.518:3031): arch=3Dc000003e syscall=

=3D6 success=3Dno exit=3D-13 a0=3Dd4a128 a1=3Da0d0a0 a2=3Da0d0a0 a3=3D7fffb= 9164bb0 items=3D0 ppid=3D1 pid=3D11058 auid=3D1000 uid=3D0 gid=3D0 euid=3D0= suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D47 comm= =3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:sshd_t:s= 0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259802888.332:7): avc: denied { ioctl } for pi=

d=3D1435 comm=3D"sshdfilter" path=3D"pipe:[11021]" dev=3Dpipefs ino=3D11021= scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip= tables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259802888.332:7): arch=3Dc000003e syscall=3D1=

6 success=3Dyes exit=3D128 a0=3D3 a1=3D5401 a2=3D7fffa8850c80 a3=3D60 items= =3D0 ppid=3D1431 pid=3D1435 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid= =3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 co= mm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t= :s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259802888.340:8): avc: denied { ioctl } for pi=

d=3D1435 comm=3D"sshdfilter" path=3D"pipe:[11021]" dev=3Dpipefs ino=3D11021= scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip= tables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259802888.340:8): arch=3Dc000003e syscall=3D1=

6 success=3Dyes exit=3D128 a0=3D4 a1=3D5401 a2=3D7fffa8850c80 a3=3D60 items= =3D0 ppid=3D1431 pid=3D1435 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid= =3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 co= mm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t= :s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259802888.342:9): avc: denied { ioctl } for pi=

d=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11031]" dev=3Dpipefs ino=3D11031= scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip= tables_t:s0 tclass=3Dfifo_file

...

type=3DAVC msg=3Daudit(1259802888.343:10): avc: denied { read } for pi=

d=3D1435 comm=3D"sshdfilter" path=3D"pipe:[11021]" dev=3Dpipefs ino=3D11021= scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip= tables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259802888.343:10): arch=3Dc000003e syscall=3D=

0 success=3Dyes exit=3D128 a0=3D3 a1=3Deb06e8 a2=3D1000 a3=3D0 items=3D0 pp= id=3D1431 pid=3D1435 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fs= uid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D"s= shdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 key= =3D(null)

...

type=3DSYSCALL msg=3Daudit(1259802888.342:9): arch=3Dc000003e syscall=3D1=

6 success=3Dyes exit=3D128 a0=3D5 a1=3D5401 a2=3D7fffa8850c80 a3=3D60 items= =3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid= =3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 co= mm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t= :s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259802888.347:11): avc: denied { ioctl } for p=

id=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11031]" dev=3Dpipefs ino=3D1103= 1 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i= ptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259802888.347:11): arch=3Dc000003e syscall=3D=

16 success=3Dyes exit=3D128 a0=3D6 a1=3D5401 a2=3D7fffa8850c80 a3=3D60 item= s=3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 sui= d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 c= omm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_= t:s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259802888.350:12): avc: denied { read } for pi=

d=3D1439 comm=3D"sshdfilter" path=3D"pipe:[11031]" dev=3Dpipefs ino=3D11031= scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip= tables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259802888.350:12): arch=3Dc000003e syscall=3D=

0 success=3Dyes exit=3D128 a0=3D5 a1=3Deb0f18 a2=3D1000 a3=3D0 items=3D0 pp= id=3D1438 pid=3D1439 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fs= uid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D"s= shdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 key= =3D(null)

...

type=3DAVC msg=3Daudit(1259802888.360:13): avc: denied { read } for pi=

d=3D1440 comm=3D"sshdfilter" name=3D"sh" dev=3Ddm-0 ino=3D10258 scontext=3D= system_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:object_r:bin_t:s0 tclas= s=3Dlnk_file

...

type=3DSYSCALL msg=3Daudit(1259802888.360:13): arch=3Dc000003e syscall=3D=

59 success=3Dno exit=3D-13 a0=3D7fd1ef909e0f a1=3D7fffa884e9b0 a2=3D7fffa88= 511c0 a3=3D7fffa88507d0 items=3D0 ppid=3D1438 pid=3D1440 auid=3D4294967295 = uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty= =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj= =3Dsystem_u:system_r:iptables_t:s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259802888.364:14): avc: denied { write } for p=

id=3D1440 comm=3D"sshdfilter" path=3D"pipe:[11043]" dev=3Dpipefs ino=3D1104= 3 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i= ptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259802888.364:14): arch=3Dc000003e syscall=3D=

1 success=3Dyes exit=3D128 a0=3Da a1=3D7fffa8850a0c a2=3D4 a3=3D7fffa885079= 0 items=3D0 ppid=3D1438 pid=3D1440 auid=3D4294967295 uid=3D0 gid=3D0 euid= =3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294= 967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:i= ptables_t:s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259802888.367:15): avc: denied { read } for pi=

d=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11043]" dev=3Dpipefs ino=3D11043= scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip= tables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259802888.367:15): arch=3Dc000003e syscall=3D=

0 success=3Dyes exit=3D128 a0=3D9 a1=3D7fffa8850ccc a2=3D4 a3=3Db73830 item= s=3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 sui= d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 c= omm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_= t:s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259802888.367:16): avc: denied { ioctl } for p=

id=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11042]" dev=3Dpipefs ino=3D1104= 2 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i= ptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259802888.367:16): arch=3Dc000003e syscall=3D=

16 success=3Dyes exit=3D128 a0=3D7 a1=3D5401 a2=3D7fffa8850a20 a3=3D60 item= s=3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 sui= d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 c= omm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_= t:s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259802888.367:17): avc: denied { read } for pi=

d=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11042]" dev=3Dpipefs ino=3D11042= scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip= tables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259802888.367:17): arch=3Dc000003e syscall=3D=

0 success=3Dyes exit=3D128 a0=3D7 a1=3Deb1168 a2=3D1000 a3=3D0 items=3D0 pp= id=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fs= uid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D"s= shdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 key= =3D(null)

...

type=3DAVC msg=3Daudit(1259802888.375:18): avc: denied { read } for pi=

d=3D1441 comm=3D"sshdfilter" name=3D"sh" dev=3Ddm-0 ino=3D10258 scontext=3D= system_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:object_r:bin_t:s0 tclas= s=3Dlnk_file

...

type=3DSYSCALL msg=3Daudit(1259802888.375:18): arch=3Dc000003e syscall=3D=

59 success=3Dno exit=3D-13 a0=3D7fd1ef909e0f a1=3D7fffa884e9b0 a2=3D7fffa88= 511c0 a3=3D7fffa88507d0 items=3D0 ppid=3D1438 pid=3D1441 auid=3D4294967295 = uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty= =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj= =3Dsystem_u:system_r:iptables_t:s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259802888.375:19): avc: denied { write } for p=

id=3D1441 comm=3D"sshdfilter" path=3D"pipe:[11045]" dev=3Dpipefs ino=3D1104= 5 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i= ptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259802888.375:19): arch=3Dc000003e syscall=3D=

1 success=3Dyes exit=3D128 a0=3Da a1=3D7fffa8850a0c a2=3D4 a3=3D8 items=3D0= ppid=3D1438 pid=3D1441 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0= fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm= =3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s= 0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259802888.378:20): avc: denied { read } for pi=

d=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11045]" dev=3Dpipefs ino=3D11045= scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip= tables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259802888.378:20): arch=3Dc000003e syscall=3D=

0 success=3Dyes exit=3D128 a0=3D9 a1=3D7fffa8850ccc a2=3D4 a3=3D7fd1ef2e39d= 0 items=3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid= =3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294= 967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:i= ptables_t:s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259802888.378:21): avc: denied { ioctl } for p=

id=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11044]" dev=3Dpipefs ino=3D1104= 4 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i= ptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259802888.378:21): arch=3Dc000003e syscall=3D=

16 success=3Dyes exit=3D128 a0=3D7 a1=3D5401 a2=3D7fffa8850a20 a3=3D60 item= s=3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 sui= d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 c= omm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_= t:s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259802888.378:22): avc: denied { read } for pi=

d=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11044]" dev=3Dpipefs ino=3D11044= scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip= tables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259802888.378:22): arch=3Dc000003e syscall=3D=

0 success=3Dyes exit=3D128 a0=3D7 a1=3Deb2878 a2=3D1000 a3=3D0 items=3D0 pp= id=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fs= uid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D"s= shdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 key= =3D(null)

...

type=3DAVC msg=3Daudit(1259802888.379:23): avc: denied { ioctl } for p=

id=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11046]" dev=3Dpipefs ino=3D1104= 6 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i= ptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259802888.379:23): arch=3Dc000003e syscall=3D=

16 success=3Dyes exit=3D128 a0=3D7 a1=3D5401 a2=3D7fffa8850c80 a3=3D60 item= s=3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 sui= d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 c= omm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_= t:s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259802888.379:24): avc: denied { ioctl } for p=

id=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11046]" dev=3Dpipefs ino=3D1104= 6 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i= ptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259802888.379:24): arch=3Dc000003e syscall=3D=

16 success=3Dyes exit=3D128 a0=3D8 a1=3D5401 a2=3D7fffa8850c80 a3=3D60 item= s=3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 sui= d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 c= omm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_= t:s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259802888.384:25): avc: denied { ioctl } for p=

id=3D1442 comm=3D"sshdfilter" path=3D"pipe:[11046]" dev=3Dpipefs ino=3D1104= 6 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i= ptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259802888.384:25): arch=3Dc000003e syscall=3D=

16 success=3Dyes exit=3D128 a0=3D4 a1=3D5401 a2=3D7fffa8850ba0 a3=3D60 item= s=3D0 ppid=3D1438 pid=3D1442 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 sui= d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 c= omm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_= t:s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259802888.384:26): avc: denied { getattr } for =

pid=3D1442 comm=3D"sshdfilter" path=3D"pipe:[11046]" dev=3Dpipefs ino=3D11= 046 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r= :iptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259802888.384:26): arch=3Dc000003e syscall=3D=

5 success=3Dyes exit=3D128 a0=3D4 a1=3Db730a0 a2=3Db730a0 a3=3D0 items=3D0 = ppid=3D1438 pid=3D1442 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 = fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D= "sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 k= ey=3D(null)

...

type=3DAVC msg=3Daudit(1259802889.381:27): avc: denied { read } for pi=

d=3D1494 comm=3D"sshdfilter" name=3D"iptables" dev=3Ddm-0 ino=3D11793 scont= ext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:object_r:bin_t:s0= tclass=3Dlnk_file

...

type=3DSYSCALL msg=3Daudit(1259802889.381:27): arch=3Dc000003e syscall=3D=

59 success=3Dno exit=3D-13 a0=3D7fffa8850a88 a1=3Deb31c8 a2=3D7fffa88511c0 = a3=3D7fffa88508d0 items=3D0 ppid=3D1438 pid=3D1494 auid=3D4294967295 uid=3D= 0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(no= ne) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsyste= m_u:system_r:iptables_t:s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259802889.382:28): avc: denied { write } for p=

id=3D1494 comm=3D"sshdfilter" path=3D"pipe:[11397]" dev=3Dpipefs ino=3D1139= 7 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i= ptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259802889.382:28): arch=3Dc000003e syscall=3D=

1 success=3Dyes exit=3D128 a0=3D9 a1=3D7fffa8850b0c a2=3D4 a3=3D8 items=3D0= ppid=3D1438 pid=3D1494 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0= fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm= =3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s= 0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259802889.385:29): avc: denied { read } for pi=

d=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11397]" dev=3Dpipefs ino=3D11397= scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip= tables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259802889.385:29): arch=3Dc000003e syscall=3D=

0 success=3Dyes exit=3D128 a0=3D8 a1=3D7fffa8850f18 a2=3D4 a3=3D8 items=3D0= ppid=3D1 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fs= uid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D"s= shdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 key= =3D(null)

...

type=3DAVC msg=3Daudit(1259802889.388:30): avc: denied { write } for p=

id=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11021]" dev=3Dpipefs ino=3D1102= 1 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i= ptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259802889.388:30): arch=3Dc000003e syscall=3D=

1 success=3Dyes exit=3D128 a0=3D4 a1=3Deb3248 a2=3D9 a3=3D0 items=3D0 ppid= =3D1 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid= =3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D"sshd= filter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 key=3D= (null)

...

type=3DAVC msg=3Daudit(1259802889.390:31): avc: denied { read } for pi=

d=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11046]" dev=3Dpipefs ino=3D11046= scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip= tables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259802889.390:31): arch=3Dc000003e syscall=3D=

0 success=3Dyes exit=3D128 a0=3D7 a1=3Deb3568 a2=3D400 a3=3Db73010 items=3D= 0 ppid=3D1 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 f= suid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D"= sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 ke= y=3D(null)

...

type=3DAVC msg=3Daudit(1259803042.790:43): avc: denied { ioctl } for p=

id=3D2329 comm=3D"sshdfilter" path=3D"pipe:[24498]" dev=3Dpipefs ino=3D2449= 8 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy= stem_r:iptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259803042.790:43): arch=3Dc000003e syscall=3D=

16 success=3Dyes exit=3D4294967424 a0=3D3 a1=3D5401 a2=3D7ffffc393e40 a3=3D= 60 items=3D0 ppid=3D2323 pid=3D2329 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 su= id=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3Dpts0 ses=3D1 comm=3D"ssh= dfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 k= ey=3D(null)

...

type=3DAVC msg=3Daudit(1259803042.795:44): avc: denied { ioctl } for p=

id=3D2329 comm=3D"sshdfilter" path=3D"pipe:[24498]" dev=3Dpipefs ino=3D2449= 8 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy= stem_r:iptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259803042.795:44): arch=3Dc000003e syscall=3D=

16 success=3Dyes exit=3D4294967424 a0=3D4 a1=3D5401 a2=3D7ffffc393e40 a3=3D= 60 items=3D0 ppid=3D2323 pid=3D2329 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 su= id=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3Dpts0 ses=3D1 comm=3D"ssh= dfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 k= ey=3D(null)

...

type=3DAVC msg=3Daudit(1259803042.798:45): avc: denied { ioctl } for p=

id=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24509]" dev=3Dpipefs ino=3D2450= 9 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy= stem_r:iptables_t:s0 tclass=3Dfifo_file

...

type=3DAVC msg=3Daudit(1259803042.801:46): avc: denied { read } for pi=

d=3D2329 comm=3D"sshdfilter" path=3D"pipe:[24498]" dev=3Dpipefs ino=3D24498= scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys= tem_r:iptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259803042.801:46): arch=3Dc000003e syscall=3D=

0 success=3Dyes exit=3D128 a0=3D3 a1=3D104fb28 a2=3D1000 a3=3D0 items=3D0 p= pid=3D2323 pid=3D2329 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid= =3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3Dpts0 ses=3D1 comm=3D"sshdfilter" exe= =3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)

...

type=3DSYSCALL msg=3Daudit(1259803042.798:45): arch=3Dc000003e syscall=3D=

16 success=3Dyes exit=3D4294967424 a0=3D5 a1=3D5401 a2=3D7ffffc393e40 a3=3D= 60 items=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 su= id=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"s= shdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0= key=3D(null)

...

type=3DAVC msg=3Daudit(1259803042.804:47): avc: denied { ioctl } for p=

id=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24509]" dev=3Dpipefs ino=3D2450= 9 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy= stem_r:iptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259803042.804:47): arch=3Dc000003e syscall=3D=

16 success=3Dyes exit=3D4294967424 a0=3D6 a1=3D5401 a2=3D7ffffc393e40 a3=3D= 60 items=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 su= id=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"s= shdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0= key=3D(null)

...

type=3DAVC msg=3Daudit(1259803042.806:48): avc: denied { read } for pi=

d=3D2333 comm=3D"sshdfilter" path=3D"pipe:[24509]" dev=3Dpipefs ino=3D24509= scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys= tem_r:iptables_t:s0 tclass=3Dfifo_file

...

type=3DAVC msg=3Daudit(1259803042.812:49): avc: denied { read } for pi=

d=3D2334 comm=3D"sshdfilter" name=3D"sh" dev=3Ddm-0 ino=3D10258 scontext=3D= unconfined_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:object_r:bin_t:s0 t= class=3Dlnk_file

...

type=3DSYSCALL msg=3Daudit(1259803042.806:48): arch=3Dc000003e syscall=3D=

0 success=3Dyes exit=3D4294967424 a0=3D5 a1=3D1050268 a2=3D1000 a3=3D0 item= s=3D0 ppid=3D2332 pid=3D2333 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 = fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilt= er" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D= (null)

...

type=3DAVC msg=3Daudit(1259803042.816:50): avc: denied { read } for pi=

d=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24516]" dev=3Dpipefs ino=3D24516= scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys= tem_r:iptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259803042.812:49): arch=3Dc000003e syscall=3D=

59 success=3Dno exit=3D-13 a0=3D7fceba680e0f a1=3D7ffffc391b70 a2=3D7ffffc3= 94380 a3=3D7ffffc393990 items=3D0 ppid=3D2332 pid=3D2334 auid=3D1000 uid=3D= 0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(no= ne) ses=3D1 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s= ystem_r:iptables_t:s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259803042.816:51): avc: denied { write } for p=

id=3D2334 comm=3D"sshdfilter" path=3D"pipe:[24516]" dev=3Dpipefs ino=3D2451= 6 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy= stem_r:iptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259803042.816:51): arch=3Dc000003e syscall=3D=

1 success=3Dyes exit=3D128 a0=3Da a1=3D7ffffc393bcc a2=3D4 a3=3D7ffffc39395= 0 items=3D0 ppid=3D2332 pid=3D2334 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 sui= d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"ss= hdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 = key=3D(null)

...

type=3DSYSCALL msg=3Daudit(1259803042.816:50): arch=3Dc000003e syscall=3D=

0 success=3Dyes exit=3D128 a0=3D9 a1=3D7ffffc393e8c a2=3D4 a3=3Dd13830 item= s=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 = fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilt= er" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D= (null)

...

type=3DAVC msg=3Daudit(1259803042.818:52): avc: denied { ioctl } for p=

id=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24515]" dev=3Dpipefs ino=3D2451= 5 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy= stem_r:iptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259803042.818:52): arch=3Dc000003e syscall=3D=

16 success=3Dyes exit=3D128 a0=3D7 a1=3D5401 a2=3D7ffffc393be0 a3=3D60 item= s=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 = fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilt= er" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D= (null)

...

type=3DAVC msg=3Daudit(1259803042.818:53): avc: denied { read } for pi=

d=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24515]" dev=3Dpipefs ino=3D24515= scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys= tem_r:iptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259803042.818:53): arch=3Dc000003e syscall=3D=

0 success=3Dyes exit=3D128 a0=3D7 a1=3D10504b8 a2=3D1000 a3=3D0 items=3D0 p= pid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid= =3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" e= xe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259803042.823:54): avc: denied { read } for pi=

d=3D2335 comm=3D"sshdfilter" name=3D"sh" dev=3Ddm-0 ino=3D10258 scontext=3D= unconfined_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:object_r:bin_t:s0 t= class=3Dlnk_file

...

type=3DSYSCALL msg=3Daudit(1259803042.823:54): arch=3Dc000003e syscall=3D=

59 success=3Dno exit=3D-13 a0=3D7fceba680e0f a1=3D7ffffc391b70 a2=3D7ffffc3= 94380 a3=3D7ffffc393990 items=3D0 ppid=3D2332 pid=3D2335 auid=3D1000 uid=3D= 0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(no= ne) ses=3D1 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s= ystem_r:iptables_t:s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259803042.823:55): avc: denied { write } for p=

id=3D2335 comm=3D"sshdfilter" path=3D"pipe:[24518]" dev=3Dpipefs ino=3D2451= 8 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy= stem_r:iptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259803042.823:55): arch=3Dc000003e syscall=3D=

1 success=3Dyes exit=3D128 a0=3Da a1=3D7ffffc393bcc a2=3D4 a3=3D8 items=3D0= ppid=3D2332 pid=3D2335 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid= =3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" e= xe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259803042.828:56): avc: denied { read } for pi=

d=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24518]" dev=3Dpipefs ino=3D24518= scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys= tem_r:iptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259803042.828:56): arch=3Dc000003e syscall=3D=

0 success=3Dyes exit=3D128 a0=3D9 a1=3D7ffffc393e8c a2=3D4 a3=3D7fceba05a9d= 0 items=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 sui= d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"ss= hdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 = key=3D(null)

...

type=3DAVC msg=3Daudit(1259803042.828:57): avc: denied { ioctl } for p=

id=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24517]" dev=3Dpipefs ino=3D2451= 7 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy= stem_r:iptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259803042.828:57): arch=3Dc000003e syscall=3D=

16 success=3Dyes exit=3D128 a0=3D7 a1=3D5401 a2=3D7ffffc393be0 a3=3D60 item= s=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 = fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilt= er" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D= (null)

...

type=3DAVC msg=3Daudit(1259803042.828:58): avc: denied { read } for pi=

d=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24517]" dev=3Dpipefs ino=3D24517= scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys= tem_r:iptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259803042.828:58): arch=3Dc000003e syscall=3D=

0 success=3Dyes exit=3D128 a0=3D7 a1=3D1051cc8 a2=3D1000 a3=3D0 items=3D0 p= pid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid= =3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" e= xe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259803042.833:59): avc: denied { ioctl } for p=

id=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24519]" dev=3Dpipefs ino=3D2451= 9 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy= stem_r:iptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259803042.833:59): arch=3Dc000003e syscall=3D=

16 success=3Dyes exit=3D128 a0=3D7 a1=3D5401 a2=3D7ffffc393e40 a3=3D60 item= s=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 = fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilt= er" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D= (null)

...

type=3DAVC msg=3Daudit(1259803042.833:60): avc: denied { ioctl } for p=

id=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24519]" dev=3Dpipefs ino=3D2451= 9 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy= stem_r:iptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259803042.833:60): arch=3Dc000003e syscall=3D=

16 success=3Dyes exit=3D128 a0=3D8 a1=3D5401 a2=3D7ffffc393e40 a3=3D60 item= s=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 = fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilt= er" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D= (null)

...

type=3DAVC msg=3Daudit(1259803042.834:61): avc: denied { ioctl } for p=

id=3D2336 comm=3D"sshdfilter" path=3D"pipe:[24519]" dev=3Dpipefs ino=3D2451= 9 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy= stem_r:iptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259803042.834:61): arch=3Dc000003e syscall=3D=

16 success=3Dyes exit=3D128 a0=3D4 a1=3D5401 a2=3D7ffffc393d60 a3=3D60 item= s=3D0 ppid=3D2332 pid=3D2336 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 = fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilt= er" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D= (null)

...

type=3DAVC msg=3Daudit(1259803042.836:62): avc: denied { getattr } for =

pid=3D2336 comm=3D"sshdfilter" path=3D"pipe:[24519]" dev=3Dpipefs ino=3D24= 519 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:= system_r:iptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259803042.836:62): arch=3Dc000003e syscall=3D=

5 success=3Dyes exit=3D128 a0=3D4 a1=3Dd130a0 a2=3Dd130a0 a3=3D0 items=3D0 = ppid=3D2332 pid=3D2336 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid= =3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" e= xe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259803043.839:63): avc: denied { read } for pi=

d=3D2338 comm=3D"sshdfilter" name=3D"iptables" dev=3Ddm-0 ino=3D11793 scont= ext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:object_r:bin_= t:s0 tclass=3Dlnk_file

...

type=3DSYSCALL msg=3Daudit(1259803043.839:63): arch=3Dc000003e syscall=3D=

59 success=3Dno exit=3D-13 a0=3D7ffffc393c48 a1=3D1052638 a2=3D7ffffc394380= a3=3D7ffffc393a90 items=3D0 ppid=3D2332 pid=3D2338 auid=3D1000 uid=3D0 gid= =3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) s= es=3D1 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system= _r:iptables_t:s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259803043.840:64): avc: denied { write } for p=

id=3D2338 comm=3D"sshdfilter" path=3D"pipe:[24549]" dev=3Dpipefs ino=3D2454= 9 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy= stem_r:iptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259803043.840:64): arch=3Dc000003e syscall=3D=

1 success=3Dyes exit=3D128 a0=3D9 a1=3D7ffffc393ccc a2=3D4 a3=3D8 items=3D0= ppid=3D2332 pid=3D2338 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid= =3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" e= xe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259803043.844:65): avc: denied { read } for pi=

d=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24549]" dev=3Dpipefs ino=3D24549= scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys= tem_r:iptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259803043.844:65): arch=3Dc000003e syscall=3D=

0 success=3Dyes exit=3D128 a0=3D8 a1=3D7ffffc3940d8 a2=3D4 a3=3D8 items=3D0= ppid=3D1 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D= 0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" exe= =3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259803043.845:66): avc: denied { write } for p=

id=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24498]" dev=3Dpipefs ino=3D2449= 8 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy= stem_r:iptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259803043.845:66): arch=3Dc000003e syscall=3D=

1 success=3Dyes exit=3D128 a0=3D4 a1=3D10526b8 a2=3D9 a3=3D0 items=3D0 ppid= =3D1 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egi= d=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" exe=3D"/u= sr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)

...

type=3DAVC msg=3Daudit(1259803043.849:67): avc: denied { read } for pi=

d=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24519]" dev=3Dpipefs ino=3D24519= scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys= tem_r:iptables_t:s0 tclass=3Dfifo_file

...

type=3DSYSCALL msg=3Daudit(1259803043.849:67): arch=3Dc000003e syscall=3D=

0 success=3Dyes exit=3D128 a0=3D7 a1=3D10529d8 a2=3D400 a3=3Dd13010 items= =3D0 ppid=3D1 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsui= d=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" = exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(nul= l)

...

type=3DAVC msg=3Daudit(1259803128.077:69): avc: denied { execute } for =

pid=3D2422 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D11= 798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsyste= m_u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259803128.077:69): arch=3Dc000003e syscall=3D=

59 success=3Dno exit=3D-13 a0=3D7fff14469168 a1=3D1c20208 a2=3D7fff144698a0= a3=3D7fff14468fb0 items=3D0 ppid=3D2413 pid=3D2422 auid=3D1000 uid=3D0 gid= =3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) s= es=3D1 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system= _r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259806154.170:82): avc: denied { execute } for =

pid=3D2653 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D11= 798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsyste= m_u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259806154.170:82): arch=3Dc000003e syscall=3D=

59 success=3Dno exit=3D-13 a0=3D7fff14469168 a1=3D1c267e8 a2=3D7fff144698a0= a3=3D7fff14468fb0 items=3D0 ppid=3D2413 pid=3D2653 auid=3D1000 uid=3D0 gid= =3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) s= es=3D1 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system= _r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259812687.066:113): avc: denied { read open } f=

or pid=3D3074 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino= =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D= system_u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259812687.066:113): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff14469168 a1=3D1c26a88 a2=3D7fff14469= 8a0 a3=3D7fff14468fb0 items=3D0 ppid=3D2413 pid=3D3074 auid=3D1000 uid=3D0 = gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none= ) ses=3D1 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:sys= tem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259816690.197:196): avc: denied { read open } f=

or pid=3D3631 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino= =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D= system_u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259816690.197:196): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff15c5a888 a1=3D24095a8 a2=3D7fff15c5a= fc0 a3=3D7fff15c5a6d0 items=3D0 ppid=3D3622 pid=3D3631 auid=3D0 uid=3D0 gid= =3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) s= es=3D9 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system= _r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259819529.773:214): avc: denied { read open } f=

or pid=3D3827 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino= =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D= system_u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259819529.773:214): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff15c5a888 a1=3D2410198 a2=3D7fff15c5a= fc0 a3=3D7fff15c5a6d0 items=3D0 ppid=3D3622 pid=3D3827 auid=3D0 uid=3D0 gid= =3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) s= es=3D9 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system= _r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259899887.509:471): avc: denied { read open } f=

or pid=3D11794 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino= =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D= system_u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259899887.509:471): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff15c5a888 a1=3D2410198 a2=3D7fff15c5a= fc0 a3=3D7fff15c5a6d0 items=3D0 ppid=3D3622 pid=3D11794 auid=3D0 uid=3D0 gi= d=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) = ses=3D9 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:syste= m_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259899890.409:475): avc: denied { read open } f=

or pid=3D11799 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino= =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D= system_u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259899890.409:475): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff15c5a888 a1=3D2410548 a2=3D7fff15c5a= fc0 a3=3D7fff15c5a6d0 items=3D0 ppid=3D3622 pid=3D11799 auid=3D0 uid=3D0 gi= d=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) = ses=3D9 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:syste= m_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1259899950.600:483): avc: denied { read open } f=

or pid=3D11860 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino= =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D= system_u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1259899950.600:483): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff9722f198 a1=3Df6e208 a2=3D7fff9722f8= d0 a3=3D7fff9722efe0 items=3D0 ppid=3D11851 pid=3D11860 auid=3D0 uid=3D0 gi= d=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) = ses=3D44 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:syst= em_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1260146847.427:1066): avc: denied { read open } =

for pid=3D28420 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino= =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D= system_u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1260146847.427:1066): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff9722f198 a1=3Df71c88 a2=3D7fff9722f8= d0 a3=3D7fff9722efe0 items=3D0 ppid=3D11851 pid=3D28420 auid=3D0 uid=3D0 gi= d=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) = ses=3D44 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:syst= em_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1260146850.722:1070): avc: denied { read open } =

for pid=3D28428 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino= =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D= system_u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1260146850.722:1070): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff9722f198 a1=3Df72a28 a2=3D7fff9722f8= d0 a3=3D7fff9722efe0 items=3D0 ppid=3D11851 pid=3D28428 auid=3D0 uid=3D0 gi= d=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) = ses=3D44 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:syst= em_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1260500225.789:25455): avc: denied { read open }=

for pid=3D21350 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 in= o=3D11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsys= tem_u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1260500225.789:25455): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff032b96b8 a1=3Dbdbd18 a2=3D7fff032b9d= f0 a3=3D7fff032b9500 items=3D0 ppid=3D1441 pid=3D21350 auid=3D4294967295 ui= d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty= =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj= =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1260500228.740:25459): avc: denied { read open }=

for pid=3D21355 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 in= o=3D11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsys= tem_u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1260500228.740:25459): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fff032b96b8 a1=3Dbddc38 a2=3D7fff032b9d= f0 a3=3D7fff032b9500 items=3D0 ppid=3D1441 pid=3D21355 auid=3D4294967295 ui= d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty= =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj= =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1260500358.675:25470): avc: denied { getattr } f=

or pid=3D1441 comm=3D"sshdfilter" path=3D"/var/run/sshdfilter.pid.SSHD" de= v=3Ddm-0 ino=3D10948 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tco= ntext=3Dsystem_u:object_r:var_run_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1260500358.675:25470): arch=3Dc000003e syscall=

=3D6 success=3Dno exit=3D-13 a0=3Dbd5dd8 a1=3D8980a0 a2=3D8980a0 a3=3D7fff0= 32b9880 items=3D0 ppid=3D1 pid=3D1441 auid=3D4294967295 uid=3D0 gid=3D0 eui= d=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D429= 4967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:= sshd_t:s0-s0:c0.c1023 key=3D(null)

...

type=3DAVC msg=3Daudit(1260809448.592:28614): avc: denied { execute_no_=

trans } for pid=3D23422 comm=3D"sshdfilter" path=3D"/sbin/iptables-multi" = dev=3Ddm-0 ino=3D11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 t= context=3Dsystem_u:object_r:iptables_exec_t:s0 tclass=3Dfile

...

type=3DSYSCALL msg=3Daudit(1260809448.592:28614): arch=3Dc000003e syscall=

=3D59 success=3Dno exit=3D-13 a0=3D7fffc0880288 a1=3De0c508 a2=3D7fffc08809= c0 a3=3D7fffc08800d0 items=3D0 ppid=3D1432 pid=3D23422 auid=3D4294967295 ui= d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty= =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj= =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)

...

=20

...

...

=3D20 =3D20 Moray. "To err is human. To purr, feline" =3D20 =3D20 -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list

=20 --uAKRQypu60I7Lcqm Content-Type: application/pgp-signature Content-Disposition: inline =20 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) =20 iEYEARECAAYFAksdZWwACgkQMlxVo39jgT/olgCgwo9wvxeAyJG/gm4dEYHBIpGf TNEAn2bFoQZeg8+gaYPIDuB0wxuu6N8F =3DtNuu -----END PGP SIGNATURE----- =20 --uAKRQypu60I7Lcqm-- =20 =20 --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D Content-Type: text/plain; charset=3D"us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline =20 -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D-- =20

=20

fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list

--2B/JsCI69OhZNC5r Content-Type: application/pgp-signature Content-Disposition: inline

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAksmr6kACgkQMlxVo39jgT9jLQCghHyybd+FAVhKuaco96Y0PkNV VlcAnjcN8KmKKFlL5jFAWI5/US7VJmoB =HL4+ -----END PGP SIGNATURE-----

--2B/JsCI69OhZNC5r--

--===============1736741946== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline

-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list --===============1736741946==--