~~~~austart event (for timestamp)~~~~----type=AVC msg=audit(05/03/2024 11:19

1. ~~~~austart event (for timestamp)~~~~
2. ----
3. type=AVC msg=audit(05/03/2024 11:19:26.143:472) : avc: denied { create } for pid=19040 comm=swtpm name=14-Eyre-swtpm.sock scontext=unconfined_u:unconfined_r:svirt_t:s0:c272,c290 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=sock_file permissive=0
4.  
5. ~~~~journal output~~~~
6. svc@alecto:~$ journalctl --since "2024-05-03 11:19:00" --until "2024-05-03 11:20:00"
7. May 03 11:19:02 alecto systemd[1]: fprintd.service: Deactivated successfully.
8. May 03 11:19:02 alecto audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fpr>
9. May 03 11:19:02 alecto audit: BPF prog-id=112 op=UNLOAD
10. May 03 11:19:05 alecto kernel: SELinux: Converting 692 SID table entries...
11. May 03 11:19:05 alecto kernel: SELinux: policy capability network_peer_controls=1
12. May 03 11:19:05 alecto kernel: SELinux: policy capability open_perms=1
13. May 03 11:19:05 alecto kernel: SELinux: policy capability extended_socket_class=1
14. May 03 11:19:05 alecto kernel: SELinux: policy capability always_check_network=0
15. May 03 11:19:05 alecto kernel: SELinux: policy capability cgroup_seclabel=1
16. May 03 11:19:05 alecto kernel: SELinux: policy capability nnp_nosuid_transition=1
17. May 03 11:19:05 alecto kernel: SELinux: policy capability genfs_seclabel_symlinks=1
18. May 03 11:19:05 alecto kernel: SELinux: policy capability ioctl_skip_cloexec=0
19. May 03 11:19:05 alecto kernel: SELinux: policy capability userspace_initial_context=0
20. May 03 11:19:05 alecto audit: MAC_POLICY_LOAD auid=1000 ses=3 lsm=selinux res=1
21. May 03 11:19:05 alecto dbus-broker-launch[2595]: avc: op=load_policy lsm=selinux seqno=4 res=1
22. May 03 11:19:05 alecto audit[1821]: USER_MAC_POLICY_LOAD pid=1821 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_d>
23. May 03 11:19:06 alecto systemd[1]: Started run-r90933b0c6d054c30999685588df0e9a9.service - /usr/bin/systemctl start man-db-cache-update.
24. May 03 11:19:06 alecto audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ru>
25. May 03 11:19:06 alecto systemd[1]: Starting man-db-cache-update.service...
26. May 03 11:19:06 alecto systemd[1]: Started run-r9685ff4f43eb408b94ff500612f6ae26.service - /usr/bin/systemctl start man-db-cache-update.
27. May 03 11:19:06 alecto audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ru>
28. May 03 11:19:06 alecto audit[18857]: SOFTWARE_UPDATE pid=18857 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:>
29. May 03 11:19:06 alecto audit[18857]: SOFTWARE_UPDATE pid=18857 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:>
30. May 03 11:19:06 alecto audit[18857]: SOFTWARE_UPDATE pid=18857 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:>
31. May 03 11:19:06 alecto audit[18857]: SOFTWARE_UPDATE pid=18857 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:>
32. May 03 11:19:07 alecto systemd[1]: Starting packagekit.service - PackageKit Daemon...
33. May 03 11:19:07 alecto PackageKit[18971]: daemon start
34. May 03 11:19:07 alecto systemd[1]: Started packagekit.service - PackageKit Daemon.
35. May 03 11:19:07 alecto audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=pa>
36. May 03 11:19:08 alecto sudo[18841]: pam_unix(sudo:session): session closed for user root
37. May 03 11:19:08 alecto audit[18841]: USER_END pid=18841 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c>
38. May 03 11:19:08 alecto audit[18841]: CRED_DISP pid=18841 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.>
39. May 03 11:19:08 alecto systemd[1]: man-db-cache-update.service: Deactivated successfully.
40. May 03 11:19:08 alecto systemd[1]: Finished man-db-cache-update.service.
41. May 03 11:19:08 alecto audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ma>
42. May 03 11:19:08 alecto audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man>
43. May 03 11:19:08 alecto systemd[1]: man-db-cache-update.service: Consumed 1.023s CPU time.
44. May 03 11:19:08 alecto systemd[1]: run-r90933b0c6d054c30999685588df0e9a9.service: Deactivated successfully.
45. May 03 11:19:08 alecto audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run>
46. May 03 11:19:08 alecto systemd[1]: run-r9685ff4f43eb408b94ff500612f6ae26.service: Deactivated successfully.
47. May 03 11:19:08 alecto audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run>
48. May 03 11:19:08 alecto PackageKit[18971]: get-updates transaction /3833_caddecda from uid 1000 finished with success after 883ms
49. May 03 11:19:10 alecto PackageKit[18971]: get-updates transaction /3834_bcaeceda from uid 1000 finished with success after 109ms
50. May 03 11:19:26 alecto audit[19040]: AVC avc: denied { create } for pid=19040 comm="swtpm" name="14-Eyre-swtpm.sock" scontext=unconf>
51. May 03 11:19:26 alecto virtqemud[3948]: operation failed: swtpm died and reported:
52. May 03 11:19:30 alecto tailscaled[2132]: open-conn-track: timeout opening (TCP 100.100.55.4:41422 => 38.145.60.21:80); no associated pe>
53. May 03 11:19:35 alecto tailscaled[2132]: open-conn-track: timeout opening (TCP 100.100.55.4:41422 => 38.145.60.21:80); no associated pe>
54. May 03 11:19:41 alecto tailscaled[2132]: open-conn-track: timeout opening (TCP 100.100.55.4:41422 => 38.145.60.21:80); no associated pe>
55. May 03 11:19:50 alecto tailscaled[2132]: open-conn-track: timeout opening (TCP 100.100.55.4:41422 => 38.145.60.21:80); no associated pe>
56. lines 20-49/49 (END)
57.