From: bigon@debian.org (Laurent Bigonville)
Date: Fri, 1 Dec 2017 17:03:47 +0100
Subject: [refpolicy] Policy for systemd inhibits
Message-ID: <7caaf07b-7d91-ab48-6b89-5c26eb440cda@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hello,

ATM it seems that the policy has no interface to allow applications 
(NetworkManager, upower,) or users to manage systemd inhibits. (see 
denials in attachment)

I was thinking of creating an extra type for /run/systemd/inhibit/ and 
allowing applications and users to interact with the files and pipes but 
Dominick seems to prefer a different approach.

I'm not sure what would be the preferred way here, what do you think?

Regards,

Laurent Bigonville

-------------- next part --------------
----
type=PROCTITLE msg=audit(01/12/17 09:53:19.669:170) : proctitle=/usr/sbin/ModemManager 
type=SYSCALL msg=audit(01/12/17 09:53:19.669:170) : arch=x86_64 syscall=recvmsg success=yes exit=16 a0=0x6 a1=0x7f974295bab0 a2=MSG_CMSG_CLOEXEC a3=0x7f974295b9d0 items=0 ppid=1 pid=766 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=gdbus exe=/usr/sbin/ModemManager subj=system_u:system_r:modemmanager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 09:53:19.669:170) : avc:  denied  { write } for  pid=766 comm=gdbus path=/run/systemd/inhibit/1.ref dev="tmpfs" ino=22520 scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=fifo_file permissive=1 
type=AVC msg=audit(01/12/17 09:53:19.669:170) : avc:  denied  { use } for  pid=766 comm=gdbus path=/run/systemd/inhibit/1.ref dev="tmpfs" ino=22520 scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=fd permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 09:53:19.855:177) : proctitle=/usr/sbin/NetworkManager --no-daemon 
type=SYSCALL msg=audit(01/12/17 09:53:19.855:177) : arch=x86_64 syscall=inotify_add_watch success=yes exit=3 a0=0xb a1=0x7f401f9d7703 a2=0x280 a3=0x10b items=0 ppid=1 pid=836 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=NetworkManager exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 09:53:19.855:177) : avc:  denied  { read } for  pid=836 comm=NetworkManager name=users dev="tmpfs" ino=19329 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=dir permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 09:53:20.294:261) : proctitle=/usr/sbin/libvirtd 
type=SYSCALL msg=audit(01/12/17 09:53:20.294:261) : arch=x86_64 syscall=recvmsg success=yes exit=76 a0=0xe a1=0x7fff7cd98980 a2=MSG_CMSG_CLOEXEC a3=0x7f96d28c1180 items=0 ppid=1 pid=985 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=libvirtd exe=/usr/sbin/libvirtd subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 key=(null) 
type=AVC msg=audit(01/12/17 09:53:20.294:261) : avc:  denied  { write } for  pid=985 comm=libvirtd path=/run/systemd/inhibit/2.ref dev="tmpfs" ino=26842 scontext=system_u:system_r:virtd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=fifo_file permissive=1 
type=AVC msg=audit(01/12/17 09:53:20.294:261) : avc:  denied  { use } for  pid=985 comm=libvirtd path=/run/systemd/inhibit/2.ref dev="tmpfs" ino=26842 scontext=system_u:system_r:virtd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=fd permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 09:53:20.961:312) : proctitle=/usr/sbin/NetworkManager --no-daemon 
type=SYSCALL msg=audit(01/12/17 09:53:20.961:312) : arch=x86_64 syscall=recvmsg success=yes exit=16 a0=0x8 a1=0x7f40137fda30 a2=MSG_CMSG_CLOEXEC a3=0x7f40137fd950 items=0 ppid=1 pid=836 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=gdbus exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 09:53:20.961:312) : avc:  denied  { write } for  pid=836 comm=gdbus path=/run/systemd/inhibit/3.ref dev="tmpfs" ino=25209 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=fifo_file permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 09:53:28.328:419) : proctitle=/usr/lib/upower/upowerd 
type=SYSCALL msg=audit(01/12/17 09:53:28.328:419) : arch=x86_64 syscall=recvmsg success=yes exit=16 a0=0x5 a1=0x7f1595da5a20 a2=MSG_CMSG_CLOEXEC a3=0x7f1595da5940 items=0 ppid=1 pid=1582 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=gdbus exe=/usr/lib/upower/upowerd subj=system_u:system_r:devicekit_power_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 09:53:28.328:419) : avc:  denied  { write } for  pid=1582 comm=gdbus path=/run/systemd/inhibit/4.ref dev="tmpfs" ino=30458 scontext=system_u:system_r:devicekit_power_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=fifo_file permissive=1 
type=AVC msg=audit(01/12/17 09:53:28.328:419) : avc:  denied  { use } for  pid=1582 comm=gdbus path=/run/systemd/inhibit/4.ref dev="tmpfs" ino=30458 scontext=system_u:system_r:devicekit_power_t:s0 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=fd permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 09:53:48.839:485) : proctitle=/usr/sbin/NetworkManager --no-daemon 
type=SYSCALL msg=audit(01/12/17 09:53:48.839:485) : arch=x86_64 syscall=open success=yes exit=20 a0=0x560a6afc95f0 a1=O_RDONLY|O_CLOEXEC a2=0x1b6 a3=0x80000 items=0 ppid=1 pid=836 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=NetworkManager exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 09:53:48.839:485) : avc:  denied  { open } for  pid=836 comm=NetworkManager path=/run/systemd/users/1000 dev="tmpfs" ino=33269 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
type=AVC msg=audit(01/12/17 09:53:48.839:485) : avc:  denied  { read } for  pid=836 comm=NetworkManager name=1000 dev="tmpfs" ino=33269 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 09:53:48.839:486) : proctitle=/usr/sbin/NetworkManager --no-daemon 
type=SYSCALL msg=audit(01/12/17 09:53:48.839:486) : arch=x86_64 syscall=fstat success=yes exit=0 a0=0x14 a1=0x7ffcf7106b70 a2=0x7ffcf7106b70 a3=0x80000 items=0 ppid=1 pid=836 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=NetworkManager exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 09:53:48.839:486) : avc:  denied  { getattr } for  pid=836 comm=NetworkManager path=/run/systemd/users/1000 dev="tmpfs" ino=33269 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 09:53:48.496:503) : proctitle=/usr/sbin/NetworkManager --no-daemon 
type=SYSCALL msg=audit(01/12/17 09:53:48.496:503) : arch=x86_64 syscall=open success=yes exit=20 a0=0x560a6afc95f0 a1=O_RDONLY|O_CLOEXEC a2=0x1b6 a3=0x80000 items=0 ppid=1 pid=836 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=NetworkManager exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 09:53:48.496:503) : avc:  denied  { open } for  pid=836 comm=NetworkManager path=/run/systemd/users/1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
type=AVC msg=audit(01/12/17 09:53:48.496:503) : avc:  denied  { read } for  pid=836 comm=NetworkManager name=1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 09:53:48.496:504) : proctitle=/usr/sbin/NetworkManager --no-daemon 
type=SYSCALL msg=audit(01/12/17 09:53:48.496:504) : arch=x86_64 syscall=fstat success=yes exit=0 a0=0x14 a1=0x7ffcf7106b70 a2=0x7ffcf7106b70 a3=0x80000 items=0 ppid=1 pid=836 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=NetworkManager exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 09:53:48.496:504) : avc:  denied  { getattr } for  pid=836 comm=NetworkManager path=/run/systemd/users/1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 10:44:21.116:1042) : proctitle=/usr/sbin/libvirtd 
type=SYSCALL msg=audit(01/12/17 10:44:21.116:1042) : arch=x86_64 syscall=recvmsg success=yes exit=76 a0=0xe a1=0x7fff7cd98980 a2=MSG_CMSG_CLOEXEC a3=0x7f96d28c1180 items=0 ppid=1 pid=985 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=libvirtd exe=/usr/sbin/libvirtd subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 key=(null) 
type=AVC msg=audit(01/12/17 10:44:21.116:1042) : avc:  denied  { write } for  pid=985 comm=libvirtd path=/run/systemd/inhibit/17.ref dev="tmpfs" ino=105825 scontext=system_u:system_r:virtd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=fifo_file permissive=1 
type=AVC msg=audit(01/12/17 10:44:21.116:1042) : avc:  denied  { use } for  pid=985 comm=libvirtd path=/run/systemd/inhibit/17.ref dev="tmpfs" ino=105825 scontext=system_u:system_r:virtd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=fd permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 10:44:21.159:1059) : proctitle=/usr/sbin/virtlogd 
type=SYSCALL msg=audit(01/12/17 10:44:21.159:1059) : arch=x86_64 syscall=recvmsg success=yes exit=76 a0=0xa a1=0x7ffdfaed35a0 a2=MSG_CMSG_CLOEXEC a3=0x560b013fa500 items=0 ppid=1 pid=23556 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=virtlogd exe=/usr/sbin/virtlogd subj=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 key=(null) 
type=AVC msg=audit(01/12/17 10:44:21.159:1059) : avc:  denied  { write } for  pid=23556 comm=virtlogd path=/run/systemd/inhibit/18.ref dev="tmpfs" ino=106981 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=fifo_file permissive=1 
type=AVC msg=audit(01/12/17 10:44:21.159:1059) : avc:  denied  { use } for  pid=23556 comm=virtlogd path=/run/systemd/inhibit/18.ref dev="tmpfs" ino=106981 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=fd permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 10:44:21.197:1064) : proctitle=/usr/sbin/NetworkManager --no-daemon 
type=SYSCALL msg=audit(01/12/17 10:44:21.197:1064) : arch=x86_64 syscall=open success=yes exit=21 a0=0x560a6ae66c70 a1=O_RDONLY|O_CLOEXEC a2=0x1b6 a3=0x80000 items=0 ppid=1 pid=836 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=NetworkManager exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 10:44:21.197:1064) : avc:  denied  { open } for  pid=836 comm=NetworkManager path=/run/systemd/users/1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
type=AVC msg=audit(01/12/17 10:44:21.197:1064) : avc:  denied  { read } for  pid=836 comm=NetworkManager name=1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 10:44:21.197:1065) : proctitle=/usr/sbin/NetworkManager --no-daemon 
type=SYSCALL msg=audit(01/12/17 10:44:21.197:1065) : arch=x86_64 syscall=fstat success=yes exit=0 a0=0x15 a1=0x7ffcf7106b70 a2=0x7ffcf7106b70 a3=0x80000 items=0 ppid=1 pid=836 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=NetworkManager exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 10:44:21.197:1065) : avc:  denied  { getattr } for  pid=836 comm=NetworkManager path=/run/systemd/users/1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 10:51:42.796:1133) : proctitle=/usr/sbin/NetworkManager --no-daemon 
type=SYSCALL msg=audit(01/12/17 10:51:42.796:1133) : arch=x86_64 syscall=open success=yes exit=21 a0=0x560a6afb0d70 a1=O_RDONLY|O_CLOEXEC a2=0x1b6 a3=0x80000 items=0 ppid=1 pid=836 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=NetworkManager exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 10:51:42.796:1133) : avc:  denied  { open } for  pid=836 comm=NetworkManager path=/run/systemd/users/1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
type=AVC msg=audit(01/12/17 10:51:42.796:1133) : avc:  denied  { read } for  pid=836 comm=NetworkManager name=1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 10:51:42.796:1134) : proctitle=/usr/sbin/NetworkManager --no-daemon 
type=SYSCALL msg=audit(01/12/17 10:51:42.796:1134) : arch=x86_64 syscall=fstat success=yes exit=0 a0=0x15 a1=0x7ffcf7106b70 a2=0x7ffcf7106b70 a3=0x80000 items=0 ppid=1 pid=836 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=NetworkManager exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 10:51:42.796:1134) : avc:  denied  { getattr } for  pid=836 comm=NetworkManager path=/run/systemd/users/1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 12:35:46.779:1595) : proctitle=/usr/sbin/libvirtd 
type=SYSCALL msg=audit(01/12/17 12:35:46.779:1595) : arch=x86_64 syscall=recvmsg success=yes exit=76 a0=0xe a1=0x7fff7cd98980 a2=MSG_CMSG_CLOEXEC a3=0x7f96d28c1180 items=0 ppid=1 pid=985 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=libvirtd exe=/usr/sbin/libvirtd subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 key=(null) 
type=AVC msg=audit(01/12/17 12:35:46.779:1595) : avc:  denied  { write } for  pid=985 comm=libvirtd path=/run/systemd/inhibit/31.ref dev="tmpfs" ino=231239 scontext=system_u:system_r:virtd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=fifo_file permissive=1 
type=AVC msg=audit(01/12/17 12:35:46.779:1595) : avc:  denied  { use } for  pid=985 comm=libvirtd path=/run/systemd/inhibit/31.ref dev="tmpfs" ino=231239 scontext=system_u:system_r:virtd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=fd permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 12:35:46.794:1597) : proctitle=/usr/sbin/virtlogd 
type=SYSCALL msg=audit(01/12/17 12:35:46.794:1597) : arch=x86_64 syscall=recvmsg success=yes exit=76 a0=0xa a1=0x7ffdfaed35a0 a2=MSG_CMSG_CLOEXEC a3=0x560b013fa500 items=0 ppid=1 pid=23556 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=virtlogd exe=/usr/sbin/virtlogd subj=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 key=(null) 
type=AVC msg=audit(01/12/17 12:35:46.794:1597) : avc:  denied  { write } for  pid=23556 comm=virtlogd path=/run/systemd/inhibit/32.ref dev="tmpfs" ino=230262 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=fifo_file permissive=1 
type=AVC msg=audit(01/12/17 12:35:46.794:1597) : avc:  denied  { use } for  pid=23556 comm=virtlogd path=/run/systemd/inhibit/32.ref dev="tmpfs" ino=230262 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=fd permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 12:35:46.866:1617) : proctitle=/usr/sbin/NetworkManager --no-daemon 
type=SYSCALL msg=audit(01/12/17 12:35:46.866:1617) : arch=x86_64 syscall=open success=yes exit=21 a0=0x560a6afb65e0 a1=O_RDONLY|O_CLOEXEC a2=0x1b6 a3=0x80000 items=0 ppid=1 pid=836 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=NetworkManager exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 12:35:46.866:1617) : avc:  denied  { open } for  pid=836 comm=NetworkManager path=/run/systemd/users/1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
type=AVC msg=audit(01/12/17 12:35:46.866:1617) : avc:  denied  { read } for  pid=836 comm=NetworkManager name=1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 12:35:46.866:1618) : proctitle=/usr/sbin/NetworkManager --no-daemon 
type=SYSCALL msg=audit(01/12/17 12:35:46.866:1618) : arch=x86_64 syscall=fstat success=yes exit=0 a0=0x15 a1=0x7ffcf7106b70 a2=0x7ffcf7106b70 a3=0x80000 items=0 ppid=1 pid=836 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=NetworkManager exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 12:35:46.866:1618) : avc:  denied  { getattr } for  pid=836 comm=NetworkManager path=/run/systemd/users/1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 13:23:23.920:1825) : proctitle=/usr/sbin/NetworkManager --no-daemon 
type=SYSCALL msg=audit(01/12/17 13:23:23.920:1825) : arch=x86_64 syscall=open success=yes exit=21 a0=0x560a6ae7ffa0 a1=O_RDONLY|O_CLOEXEC a2=0x1b6 a3=0x80000 items=0 ppid=1 pid=836 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=NetworkManager exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 13:23:23.920:1825) : avc:  denied  { open } for  pid=836 comm=NetworkManager path=/run/systemd/users/1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
type=AVC msg=audit(01/12/17 13:23:23.920:1825) : avc:  denied  { read } for  pid=836 comm=NetworkManager name=1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 13:23:23.921:1826) : proctitle=/usr/sbin/NetworkManager --no-daemon 
type=SYSCALL msg=audit(01/12/17 13:23:23.921:1826) : arch=x86_64 syscall=fstat success=yes exit=0 a0=0x15 a1=0x7ffcf7106b70 a2=0x7ffcf7106b70 a3=0x80000 items=0 ppid=1 pid=836 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=NetworkManager exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 13:23:23.921:1826) : avc:  denied  { getattr } for  pid=836 comm=NetworkManager path=/run/systemd/users/1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 14:33:36.351:1843) : proctitle=/usr/sbin/NetworkManager --no-daemon 
type=SYSCALL msg=audit(01/12/17 14:33:36.351:1843) : arch=x86_64 syscall=open success=yes exit=17 a0=0x560a6af01b00 a1=O_RDONLY|O_CLOEXEC a2=0x1b6 a3=0x80000 items=0 ppid=1 pid=836 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=NetworkManager exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 14:33:36.351:1843) : avc:  denied  { open } for  pid=836 comm=NetworkManager path=/run/systemd/users/1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
type=AVC msg=audit(01/12/17 14:33:36.351:1843) : avc:  denied  { read } for  pid=836 comm=NetworkManager name=1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 14:33:36.351:1844) : proctitle=/usr/sbin/NetworkManager --no-daemon 
type=SYSCALL msg=audit(01/12/17 14:33:36.351:1844) : arch=x86_64 syscall=fstat success=yes exit=0 a0=0x11 a1=0x7ffcf7106b70 a2=0x7ffcf7106b70 a3=0x80000 items=0 ppid=1 pid=836 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=NetworkManager exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 14:33:36.351:1844) : avc:  denied  { getattr } for  pid=836 comm=NetworkManager path=/run/systemd/users/1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 14:33:36.503:1852) : proctitle=/usr/lib/upower/upowerd 
type=SYSCALL msg=audit(01/12/17 14:33:36.503:1852) : arch=x86_64 syscall=recvmsg success=yes exit=16 a0=0x5 a1=0x7f1595da5b30 a2=MSG_CMSG_CLOEXEC a3=0x7f1595da5a50 items=0 ppid=1 pid=1582 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=gdbus exe=/usr/lib/upower/upowerd subj=system_u:system_r:devicekit_power_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 14:33:36.503:1852) : avc:  denied  { write } for  pid=1582 comm=gdbus path=/run/systemd/inhibit/43.ref dev="tmpfs" ino=284164 scontext=system_u:system_r:devicekit_power_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=fifo_file permissive=1 
type=AVC msg=audit(01/12/17 14:33:36.503:1852) : avc:  denied  { use } for  pid=1582 comm=gdbus path=/run/systemd/inhibit/43.ref dev="tmpfs" ino=284164 scontext=system_u:system_r:devicekit_power_t:s0 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=fd permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 14:33:36.535:1853) : proctitle=/usr/sbin/ModemManager 
type=SYSCALL msg=audit(01/12/17 14:33:36.535:1853) : arch=x86_64 syscall=recvmsg success=yes exit=16 a0=0x6 a1=0x7f974295bab0 a2=MSG_CMSG_CLOEXEC a3=0x7f974295b9d0 items=0 ppid=1 pid=766 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=gdbus exe=/usr/sbin/ModemManager subj=system_u:system_r:modemmanager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 14:33:36.535:1853) : avc:  denied  { write } for  pid=766 comm=gdbus path=/run/systemd/inhibit/44.ref dev="tmpfs" ino=284168 scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=fifo_file permissive=1 
type=AVC msg=audit(01/12/17 14:33:36.535:1853) : avc:  denied  { use } for  pid=766 comm=gdbus path=/run/systemd/inhibit/44.ref dev="tmpfs" ino=284168 scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=fd permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 14:33:36.549:1854) : proctitle=/usr/sbin/NetworkManager --no-daemon 
type=SYSCALL msg=audit(01/12/17 14:33:36.549:1854) : arch=x86_64 syscall=recvmsg success=yes exit=16 a0=0x8 a1=0x7f40137fda30 a2=MSG_CMSG_CLOEXEC a3=0x7f40137fd950 items=0 ppid=1 pid=836 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=gdbus exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 14:33:36.549:1854) : avc:  denied  { write } for  pid=836 comm=gdbus path=/run/systemd/inhibit/45.ref dev="tmpfs" ino=284172 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=fifo_file permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 14:37:39.132:1932) : proctitle=/usr/sbin/NetworkManager --no-daemon 
type=SYSCALL msg=audit(01/12/17 14:37:39.132:1932) : arch=x86_64 syscall=open success=yes exit=21 a0=0x560a6aefe300 a1=O_RDONLY|O_CLOEXEC a2=0x1b6 a3=0x80000 items=0 ppid=1 pid=836 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=NetworkManager exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 14:37:39.132:1932) : avc:  denied  { open } for  pid=836 comm=NetworkManager path=/run/systemd/users/1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
type=AVC msg=audit(01/12/17 14:37:39.132:1932) : avc:  denied  { read } for  pid=836 comm=NetworkManager name=1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 14:37:39.134:1933) : proctitle=/usr/sbin/NetworkManager --no-daemon 
type=SYSCALL msg=audit(01/12/17 14:37:39.134:1933) : arch=x86_64 syscall=fstat success=yes exit=0 a0=0x15 a1=0x7ffcf7106b70 a2=0x7ffcf7106b70 a3=0x80000 items=0 ppid=1 pid=836 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=NetworkManager exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 14:37:39.134:1933) : avc:  denied  { getattr } for  pid=836 comm=NetworkManager path=/run/systemd/users/1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 14:38:36.567:1962) : proctitle=/usr/lib/upower/upowerd 
type=SYSCALL msg=audit(01/12/17 14:38:36.567:1962) : arch=x86_64 syscall=recvmsg success=yes exit=16 a0=0x5 a1=0x7f1595da5b30 a2=MSG_CMSG_CLOEXEC a3=0x7f1595da5a50 items=0 ppid=1 pid=1582 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=gdbus exe=/usr/lib/upower/upowerd subj=system_u:system_r:devicekit_power_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 14:38:36.567:1962) : avc:  denied  { write } for  pid=1582 comm=gdbus path=/run/systemd/inhibit/54.ref dev="tmpfs" ino=292411 scontext=system_u:system_r:devicekit_power_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=fifo_file permissive=1 
type=AVC msg=audit(01/12/17 14:38:36.567:1962) : avc:  denied  { use } for  pid=1582 comm=gdbus path=/run/systemd/inhibit/54.ref dev="tmpfs" ino=292411 scontext=system_u:system_r:devicekit_power_t:s0 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=fd permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 14:38:36.578:1963) : proctitle=/usr/sbin/ModemManager 
type=SYSCALL msg=audit(01/12/17 14:38:36.578:1963) : arch=x86_64 syscall=recvmsg success=yes exit=16 a0=0x6 a1=0x7f974295bab0 a2=MSG_CMSG_CLOEXEC a3=0x7f974295b9d0 items=0 ppid=1 pid=766 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=gdbus exe=/usr/sbin/ModemManager subj=system_u:system_r:modemmanager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 14:38:36.578:1963) : avc:  denied  { write } for  pid=766 comm=gdbus path=/run/systemd/inhibit/55.ref dev="tmpfs" ino=292413 scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=fifo_file permissive=1 
type=AVC msg=audit(01/12/17 14:38:36.578:1963) : avc:  denied  { use } for  pid=766 comm=gdbus path=/run/systemd/inhibit/55.ref dev="tmpfs" ino=292413 scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=fd permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 14:38:36.584:1964) : proctitle=/usr/sbin/NetworkManager --no-daemon 
type=SYSCALL msg=audit(01/12/17 14:38:36.584:1964) : arch=x86_64 syscall=recvmsg success=yes exit=16 a0=0x8 a1=0x7f40137fda30 a2=MSG_CMSG_CLOEXEC a3=0x7f40137fd950 items=0 ppid=1 pid=836 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=gdbus exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 14:38:36.584:1964) : avc:  denied  { write } for  pid=836 comm=gdbus path=/run/systemd/inhibit/56.ref dev="tmpfs" ino=293012 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=fifo_file permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 15:30:16.835:2181) : proctitle=/usr/sbin/NetworkManager --no-daemon 
type=SYSCALL msg=audit(01/12/17 15:30:16.835:2181) : arch=x86_64 syscall=open success=yes exit=21 a0=0x560a6b003910 a1=O_RDONLY|O_CLOEXEC a2=0x1b6 a3=0x80000 items=0 ppid=1 pid=836 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=NetworkManager exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 15:30:16.835:2181) : avc:  denied  { open } for  pid=836 comm=NetworkManager path=/run/systemd/users/1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
type=AVC msg=audit(01/12/17 15:30:16.835:2181) : avc:  denied  { read } for  pid=836 comm=NetworkManager name=1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1 
----
type=PROCTITLE msg=audit(01/12/17 15:30:16.835:2182) : proctitle=/usr/sbin/NetworkManager --no-daemon 
type=SYSCALL msg=audit(01/12/17 15:30:16.835:2182) : arch=x86_64 syscall=fstat success=yes exit=0 a0=0x15 a1=0x7ffcf7106b70 a2=0x7ffcf7106b70 a3=0x80000 items=0 ppid=1 pid=836 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=NetworkManager exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null) 
type=AVC msg=audit(01/12/17 15:30:16.835:2182) : avc:  denied  { getattr } for  pid=836 comm=NetworkManager path=/run/systemd/users/1000 dev="tmpfs" ino=33310 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1