Fedora 12 and unconfined_u sshdfilter
Dominick Grift
domg472 at gmail.com
Mon Dec 14 21:35:39 UTC 2009
On Mon, Dec 14, 2009 at 10:25:08AM -0800, David Highley wrote:
> "Dominick Grift wrote:"
> >
> >
> > --===============0725889959==
> > Content-Type: multipart/signed; micalg=pgp-sha1;
> > protocol="application/pgp-signature"; boundary="uAKRQypu60I7Lcqm"
> > Content-Disposition: inline
> >
> >
> > --uAKRQypu60I7Lcqm
> > Content-Type: text/plain; charset=utf-8
> > Content-Disposition: inline
> > Content-Transfer-Encoding: quoted-printable
> >
> > On Mon, Dec 07, 2009 at 12:01:09PM +0000, Moray Henderson (ICT) wrote:
> > > James Carter wrote:
> > > >Dan's example used Refpolicy interfaces. Interfaces are very useful and
> > > >provide a better layer of abstraction, but they are just m4 macros,
> > > >which have always been used in SELinux policy.
> > > >
> > > >Interfaces should be used as much as possible, but it is not true that
> > > >you can't mix the old and new ways.
> > >=20
> > > Mixing the plain rules and the m4 macros didn't work when I tried it - bu=
> > t perhaps I just wasn=E2=80=99t writing it right. Is there a Refpolicy tut=
> > orial anywhere?
> >
> > I spend a little time today writing about the policy structure in Fedora. M=
> > aybe it can help you or others:
> >
> > http://82.197.205.60/~dgrift/stuff/Managing_a_SELinux_environment_with_Fedo=
> > ra_12.pdf
>
>
> Still have not mastered this one yet. Here is the policy file created by
> grep of /var/log/audit/audit.log file piped to audit2allow:
>
> module mysshdfilter 1.0;
>
> require {
> type var_run_t;
> type iptables_exec_t;
> type bin_t;
> type sshd_t;
> type iptables_t;
> class lnk_file read;
> class file { read getattr open execute execute_no_trans };
> class fifo_file { read write ioctl getattr };
> }
>
> #============= iptables_t ==============
> allow iptables_t bin_t:lnk_file read;
> allow iptables_t self:fifo_file { read write ioctl getattr };
>
> #============= sshd_t ==============
> allow sshd_t iptables_exec_t:file { read execute open execute_no_trans };
> allow sshd_t var_run_t:file getattr;
Actually i think sshdfilter init script may have created it? Does it even have an init script?
>
>
> The audit log entries are:
> type=AVC msg=audit(1259642932.902:7): avc: denied { execute } for pid=1411 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259642932.902:7): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1562e28 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=1411 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259644707.700:73): avc: denied { execute } for pid=1948 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259644707.700:73): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=15694c8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=1948 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259650605.247:84): avc: denied { execute } for pid=2248 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259650605.247:84): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1567828 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=2248 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259661894.420:113): avc: denied { execute } for pid=2815 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259661894.420:113): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1566e28 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=2815 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259667665.966:123): avc: denied { execute } for pid=3724 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259667665.966:123): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=15699d8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=3724 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259671660.048:131): avc: denied { execute } for pid=3920 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259671660.048:131): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1565778 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=3920 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259673411.553:758): avc: denied { execute } for pid=4558 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259673411.553:758): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1569af8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=4558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259679153.568:1267): avc: denied { execute } for pid=5170 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259679153.568:1267): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1566a68 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=5170 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259682588.736:1315): avc: denied { execute } for pid=5540 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259682588.736:1315): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1565778 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=5540 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259684861.197:1344): avc: denied { execute } for pid=5745 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259684861.197:1344): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a478 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=5745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259690558.951:1388): avc: denied { execute } for pid=6161 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259690558.951:1388): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=15667a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=6161 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259702647.573:1433): avc: denied { execute } for pid=6829 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259702647.573:1433): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156b4d8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=6829 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259708100.231:1441): avc: denied { execute } for pid=7085 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259708100.231:1441): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a0b8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=7085 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259708922.953:1450): avc: denied { execute } for pid=7153 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259708922.953:1450): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a6a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=7153 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259713257.803:1545): avc: denied { execute } for pid=7492 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259713257.803:1545): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a4a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=7492 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259721513.893:1732): avc: denied { execute } for pid=8097 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259721513.893:1732): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a5d8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=8097 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259730724.196:1790): avc: denied { execute } for pid=8689 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259730724.196:1790): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1569718 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=8689 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259730728.123:1793): avc: denied { execute } for pid=8699 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259730728.123:1793): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1566778 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=8699 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259747840.157:1835): avc: denied { execute } for pid=9575 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259747840.157:1835): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156ba78 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=9575 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259760819.408:1863): avc: denied { execute } for pid=10840 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259760819.408:1863): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a4a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=10840 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259762576.442:1887): avc: denied { execute } for pid=11067 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259762576.442:1887): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d4d5a8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=11067 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259767362.673:1896): avc: denied { execute } for pid=11318 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259767362.673:1896): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d54088 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=11318 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259773905.214:1967): avc: denied { execute } for pid=11922 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259773905.214:1967): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d54868 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=11922 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259780362.196:1977): avc: denied { execute } for pid=12215 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259780362.196:1977): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d50af8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12215 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259780393.314:1979): avc: denied { execute } for pid=12219 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259780393.314:1979): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d50af8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12219 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259785085.323:2012): avc: denied { execute } for pid=12568 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259785085.323:2012): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d521b8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12568 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259786872.756:2015): avc: denied { execute } for pid=12645 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259786872.756:2015): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d53568 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12645 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259795695.936:2052): avc: denied { execute } for pid=13127 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259795695.936:2052): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d52e38 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=13127 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259802506.518:3031): avc: denied { getattr } for pid=11058 comm="sshdfilter" path="/var/run/sshdfilter.pid.SSHD" dev=dm-0 ino=12538 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file
> type=SYSCALL msg=audit(1259802506.518:3031): arch=c000003e syscall=6 success=no exit=-13 a0=d4a128 a1=a0d0a0 a2=a0d0a0 a3=7fffb9164bb0 items=0 ppid=1 pid=11058 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259802888.332:7): avc: denied { ioctl } for pid=1435 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.332:7): arch=c000003e syscall=16 success=yes exit=128 a0=3 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1431 pid=1435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.340:8): avc: denied { ioctl } for pid=1435 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.340:8): arch=c000003e syscall=16 success=yes exit=128 a0=4 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1431 pid=1435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.342:9): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11031]" dev=pipefs ino=11031 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=AVC msg=audit(1259802888.343:10): avc: denied { read } for pid=1435 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.343:10): arch=c000003e syscall=0 success=yes exit=128 a0=3 a1=eb06e8 a2=1000 a3=0 items=0 ppid=1431 pid=1435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=SYSCALL msg=audit(1259802888.342:9): arch=c000003e syscall=16 success=yes exit=128 a0=5 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.347:11): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11031]" dev=pipefs ino=11031 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.347:11): arch=c000003e syscall=16 success=yes exit=128 a0=6 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.350:12): avc: denied { read } for pid=1439 comm="sshdfilter" path="pipe:[11031]" dev=pipefs ino=11031 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.350:12): arch=c000003e syscall=0 success=yes exit=128 a0=5 a1=eb0f18 a2=1000 a3=0 items=0 ppid=1438 pid=1439 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.360:13): avc: denied { read } for pid=1440 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259802888.360:13): arch=c000003e syscall=59 success=no exit=-13 a0=7fd1ef909e0f a1=7fffa884e9b0 a2=7fffa88511c0 a3=7fffa88507d0 items=0 ppid=1438 pid=1440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.364:14): avc: denied { write } for pid=1440 comm="sshdfilter" path="pipe:[11043]" dev=pipefs ino=11043 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.364:14): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7fffa8850a0c a2=4 a3=7fffa8850790 items=0 ppid=1438 pid=1440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.367:15): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11043]" dev=pipefs ino=11043 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.367:15): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7fffa8850ccc a2=4 a3=b73830 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.367:16): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11042]" dev=pipefs ino=11042 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.367:16): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7fffa8850a20 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.367:17): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11042]" dev=pipefs ino=11042 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.367:17): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=eb1168 a2=1000 a3=0 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.375:18): avc: denied { read } for pid=1441 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259802888.375:18): arch=c000003e syscall=59 success=no exit=-13 a0=7fd1ef909e0f a1=7fffa884e9b0 a2=7fffa88511c0 a3=7fffa88507d0 items=0 ppid=1438 pid=1441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.375:19): avc: denied { write } for pid=1441 comm="sshdfilter" path="pipe:[11045]" dev=pipefs ino=11045 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.375:19): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7fffa8850a0c a2=4 a3=8 items=0 ppid=1438 pid=1441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.378:20): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11045]" dev=pipefs ino=11045 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.378:20): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7fffa8850ccc a2=4 a3=7fd1ef2e39d0 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.378:21): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11044]" dev=pipefs ino=11044 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.378:21): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7fffa8850a20 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.378:22): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11044]" dev=pipefs ino=11044 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.378:22): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=eb2878 a2=1000 a3=0 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.379:23): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.379:23): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.379:24): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.379:24): arch=c000003e syscall=16 success=yes exit=128 a0=8 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.384:25): avc: denied { ioctl } for pid=1442 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.384:25): arch=c000003e syscall=16 success=yes exit=128 a0=4 a1=5401 a2=7fffa8850ba0 a3=60 items=0 ppid=1438 pid=1442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.384:26): avc: denied { getattr } for pid=1442 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.384:26): arch=c000003e syscall=5 success=yes exit=128 a0=4 a1=b730a0 a2=b730a0 a3=0 items=0 ppid=1438 pid=1442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802889.381:27): avc: denied { read } for pid=1494 comm="sshdfilter" name="iptables" dev=dm-0 ino=11793 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259802889.381:27): arch=c000003e syscall=59 success=no exit=-13 a0=7fffa8850a88 a1=eb31c8 a2=7fffa88511c0 a3=7fffa88508d0 items=0 ppid=1438 pid=1494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802889.382:28): avc: denied { write } for pid=1494 comm="sshdfilter" path="pipe:[11397]" dev=pipefs ino=11397 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802889.382:28): arch=c000003e syscall=1 success=yes exit=128 a0=9 a1=7fffa8850b0c a2=4 a3=8 items=0 ppid=1438 pid=1494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802889.385:29): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11397]" dev=pipefs ino=11397 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802889.385:29): arch=c000003e syscall=0 success=yes exit=128 a0=8 a1=7fffa8850f18 a2=4 a3=8 items=0 ppid=1 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802889.388:30): avc: denied { write } for pid=1438 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802889.388:30): arch=c000003e syscall=1 success=yes exit=128 a0=4 a1=eb3248 a2=9 a3=0 items=0 ppid=1 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802889.390:31): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802889.390:31): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=eb3568 a2=400 a3=b73010 items=0 ppid=1 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.790:43): avc: denied { ioctl } for pid=2329 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.790:43): arch=c000003e syscall=16 success=yes exit=4294967424 a0=3 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2323 pid=2329 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.795:44): avc: denied { ioctl } for pid=2329 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.795:44): arch=c000003e syscall=16 success=yes exit=4294967424 a0=4 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2323 pid=2329 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.798:45): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24509]" dev=pipefs ino=24509 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=AVC msg=audit(1259803042.801:46): avc: denied { read } for pid=2329 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.801:46): arch=c000003e syscall=0 success=yes exit=128 a0=3 a1=104fb28 a2=1000 a3=0 items=0 ppid=2323 pid=2329 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=SYSCALL msg=audit(1259803042.798:45): arch=c000003e syscall=16 success=yes exit=4294967424 a0=5 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.804:47): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24509]" dev=pipefs ino=24509 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.804:47): arch=c000003e syscall=16 success=yes exit=4294967424 a0=6 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.806:48): avc: denied { read } for pid=2333 comm="sshdfilter" path="pipe:[24509]" dev=pipefs ino=24509 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=AVC msg=audit(1259803042.812:49): avc: denied { read } for pid=2334 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259803042.806:48): arch=c000003e syscall=0 success=yes exit=4294967424 a0=5 a1=1050268 a2=1000 a3=0 items=0 ppid=2332 pid=2333 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.816:50): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24516]" dev=pipefs ino=24516 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.812:49): arch=c000003e syscall=59 success=no exit=-13 a0=7fceba680e0f a1=7ffffc391b70 a2=7ffffc394380 a3=7ffffc393990 items=0 ppid=2332 pid=2334 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.816:51): avc: denied { write } for pid=2334 comm="sshdfilter" path="pipe:[24516]" dev=pipefs ino=24516 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.816:51): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7ffffc393bcc a2=4 a3=7ffffc393950 items=0 ppid=2332 pid=2334 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=SYSCALL msg=audit(1259803042.816:50): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7ffffc393e8c a2=4 a3=d13830 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.818:52): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24515]" dev=pipefs ino=24515 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.818:52): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7ffffc393be0 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.818:53): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24515]" dev=pipefs ino=24515 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.818:53): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=10504b8 a2=1000 a3=0 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.823:54): avc: denied { read } for pid=2335 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259803042.823:54): arch=c000003e syscall=59 success=no exit=-13 a0=7fceba680e0f a1=7ffffc391b70 a2=7ffffc394380 a3=7ffffc393990 items=0 ppid=2332 pid=2335 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.823:55): avc: denied { write } for pid=2335 comm="sshdfilter" path="pipe:[24518]" dev=pipefs ino=24518 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.823:55): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7ffffc393bcc a2=4 a3=8 items=0 ppid=2332 pid=2335 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.828:56): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24518]" dev=pipefs ino=24518 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.828:56): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7ffffc393e8c a2=4 a3=7fceba05a9d0 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.828:57): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24517]" dev=pipefs ino=24517 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.828:57): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7ffffc393be0 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.828:58): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24517]" dev=pipefs ino=24517 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.828:58): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=1051cc8 a2=1000 a3=0 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.833:59): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.833:59): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.833:60): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.833:60): arch=c000003e syscall=16 success=yes exit=128 a0=8 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.834:61): avc: denied { ioctl } for pid=2336 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.834:61): arch=c000003e syscall=16 success=yes exit=128 a0=4 a1=5401 a2=7ffffc393d60 a3=60 items=0 ppid=2332 pid=2336 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.836:62): avc: denied { getattr } for pid=2336 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.836:62): arch=c000003e syscall=5 success=yes exit=128 a0=4 a1=d130a0 a2=d130a0 a3=0 items=0 ppid=2332 pid=2336 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803043.839:63): avc: denied { read } for pid=2338 comm="sshdfilter" name="iptables" dev=dm-0 ino=11793 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259803043.839:63): arch=c000003e syscall=59 success=no exit=-13 a0=7ffffc393c48 a1=1052638 a2=7ffffc394380 a3=7ffffc393a90 items=0 ppid=2332 pid=2338 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803043.840:64): avc: denied { write } for pid=2338 comm="sshdfilter" path="pipe:[24549]" dev=pipefs ino=24549 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803043.840:64): arch=c000003e syscall=1 success=yes exit=128 a0=9 a1=7ffffc393ccc a2=4 a3=8 items=0 ppid=2332 pid=2338 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803043.844:65): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24549]" dev=pipefs ino=24549 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803043.844:65): arch=c000003e syscall=0 success=yes exit=128 a0=8 a1=7ffffc3940d8 a2=4 a3=8 items=0 ppid=1 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803043.845:66): avc: denied { write } for pid=2332 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803043.845:66): arch=c000003e syscall=1 success=yes exit=128 a0=4 a1=10526b8 a2=9 a3=0 items=0 ppid=1 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803043.849:67): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803043.849:67): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=10529d8 a2=400 a3=d13010 items=0 ppid=1 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803128.077:69): avc: denied { execute } for pid=2422 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259803128.077:69): arch=c000003e syscall=59 success=no exit=-13 a0=7fff14469168 a1=1c20208 a2=7fff144698a0 a3=7fff14468fb0 items=0 ppid=2413 pid=2422 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259806154.170:82): avc: denied { execute } for pid=2653 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259806154.170:82): arch=c000003e syscall=59 success=no exit=-13 a0=7fff14469168 a1=1c267e8 a2=7fff144698a0 a3=7fff14468fb0 items=0 ppid=2413 pid=2653 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259812687.066:113): avc: denied { read open } for pid=3074 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259812687.066:113): arch=c000003e syscall=59 success=no exit=-13 a0=7fff14469168 a1=1c26a88 a2=7fff144698a0 a3=7fff14468fb0 items=0 ppid=2413 pid=3074 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259816690.197:196): avc: denied { read open } for pid=3631 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259816690.197:196): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=24095a8 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=3631 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259819529.773:214): avc: denied { read open } for pid=3827 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259819529.773:214): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=2410198 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=3827 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259899887.509:471): avc: denied { read open } for pid=11794 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259899887.509:471): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=2410198 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=11794 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259899890.409:475): avc: denied { read open } for pid=11799 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259899890.409:475): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=2410548 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=11799 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259899950.600:483): avc: denied { read open } for pid=11860 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259899950.600:483): arch=c000003e syscall=59 success=no exit=-13 a0=7fff9722f198 a1=f6e208 a2=7fff9722f8d0 a3=7fff9722efe0 items=0 ppid=11851 pid=11860 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=44 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260146847.427:1066): avc: denied { read open } for pid=28420 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1260146847.427:1066): arch=c000003e syscall=59 success=no exit=-13 a0=7fff9722f198 a1=f71c88 a2=7fff9722f8d0 a3=7fff9722efe0 items=0 ppid=11851 pid=28420 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=44 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260146850.722:1070): avc: denied { read open } for pid=28428 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1260146850.722:1070): arch=c000003e syscall=59 success=no exit=-13 a0=7fff9722f198 a1=f72a28 a2=7fff9722f8d0 a3=7fff9722efe0 items=0 ppid=11851 pid=28428 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=44 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260500225.789:25455): avc: denied { read open } for pid=21350 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1260500225.789:25455): arch=c000003e syscall=59 success=no exit=-13 a0=7fff032b96b8 a1=bdbd18 a2=7fff032b9df0 a3=7fff032b9500 items=0 ppid=1441 pid=21350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260500228.740:25459): avc: denied { read open } for pid=21355 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1260500228.740:25459): arch=c000003e syscall=59 success=no exit=-13 a0=7fff032b96b8 a1=bddc38 a2=7fff032b9df0 a3=7fff032b9500 items=0 ppid=1441 pid=21355 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260500358.675:25470): avc: denied { getattr } for pid=1441 comm="sshdfilter" path="/var/run/sshdfilter.pid.SSHD" dev=dm-0 ino=10948 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file
> type=SYSCALL msg=audit(1260500358.675:25470): arch=c000003e syscall=6 success=no exit=-13 a0=bd5dd8 a1=8980a0 a2=8980a0 a3=7fff032b9880 items=0 ppid=1 pid=1441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260809448.592:28614): avc: denied { execute_no_trans } for pid=23422 comm="sshdfilter" path="/sbin/iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1260809448.592:28614): arch=c000003e syscall=59 success=no exit=-13 a0=7fffc0880288 a1=e0c508 a2=7fffc08809c0 a3=7fffc08800d0 items=0 ppid=1432 pid=23422 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
>
> > >=20
> > >=20
> > > Moray.
> > > "To err is human. To purr, feline"
> > >=20
> > >=20
> > > --
> > > fedora-selinux-list mailing list
> > > fedora-selinux-list at redhat.com
> > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >
> > --uAKRQypu60I7Lcqm
> > Content-Type: application/pgp-signature
> > Content-Disposition: inline
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.10 (GNU/Linux)
> >
> > iEYEARECAAYFAksdZWwACgkQMlxVo39jgT/olgCgwo9wvxeAyJG/gm4dEYHBIpGf
> > TNEAn2bFoQZeg8+gaYPIDuB0wxuu6N8F
> > =tNuu
> > -----END PGP SIGNATURE-----
> >
> > --uAKRQypu60I7Lcqm--
> >
> >
> > --===============0725889959==
> > Content-Type: text/plain; charset="us-ascii"
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 7bit
> > Content-Disposition: inline
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > --===============0725889959==--
> >
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20091214/774d3919/attachment.sig>
More information about the fedora-selinux-list
mailing list