:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Setup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 05:45:28 ] :: [ BEGIN ] :: Running 'rlImport 'selinux-policy/common'' :: [ 05:45:28 ] :: [ INFO ] :: rlImport: Found 'selinux-policy/common', version '43' during upwards traversal :: [ 05:45:28 ] :: [ INFO ] :: rlImport: Will try to import selinux-policy/common from /root/selinux-policy/Library/common/lib.sh :: [ 05:45:28 ] :: [ INFO ] :: found dependencies: 'distribution/epel ' :: [ 05:45:29 ] :: [ INFO ] :: rlImport: Found 'distribution/epel', version '2' during upwards traversal :: [ 05:45:29 ] :: [ INFO ] :: rlImport: Will try to import distribution/epel from /root/distribution/Library/epel/lib.sh :: [ 05:45:29 ] :: [ INFO ] :: found dependencies: ' distribution/LibrariesWrapper distribution/epel-internal' :: [ 05:45:29 ] :: [ INFO ] :: rlImport: Found 'distribution/LibrariesWrapper', version '9' during upwards traversal :: [ 05:45:29 ] :: [ INFO ] :: rlImport: Will try to import distribution/LibrariesWrapper from /root/distribution/Library/LibrariesWrapper/lib.sh :: [ 05:45:29 ] :: [ INFO ] :: found dependencies: '' :: [ 05:45:29 ] :: [ INFO ] :: rlImport: Found 'distribution/epel-internal', version '3' during upwards traversal :: [ 05:45:29 ] :: [ INFO ] :: rlImport: Will try to import distribution/epel-internal from /root/distribution/Library/epel-internal/lib.sh :: [ 05:45:29 ] :: [ INFO ] :: found dependencies: '' done. done. :: [ 05:45:29 ] :: [ BEGIN ] :: Running 'rlImport distribution/LibrariesWrapper' :: [ 05:45:29 ] :: [ PASS ] :: Command 'rlImport distribution/LibrariesWrapper' (Expected 0, got 0) :: [ 05:45:29 ] :: [ INFO ] :: LibrariesWrapperImport(): library fetched already :: [ 05:45:29 ] :: [ INFO ] :: the library was fetched at least 1h ago, checking for updates :: [ 05:45:30 ] :: [ BEGIN ] :: Running 'git config core.bare true' :: [ 05:45:30 ] :: [ PASS ] :: Command 'git config core.bare true' (Expected 0, got 0) :: [ 05:45:30 ] :: [ BEGIN ] :: Running 'env git remote update' :: [ 05:45:30 ] :: [ PASS ] :: Command 'env git remote update' (Expected 0, got 0) :: [ 05:45:30 ] :: [ BEGIN ] :: Running 'git config core.bare false' :: [ 05:45:30 ] :: [ PASS ] :: Command 'git config core.bare false' (Expected 0, got 0) :: [ 05:45:30 ] :: [ BEGIN ] :: Running 'git checkout "master" -- "epel"' :: [ 05:45:30 ] :: [ PASS ] :: Command 'git checkout "master" -- "epel"' (Expected 0, got 0) :: [ 05:45:30 ] :: [ INFO ] :: found epel v42 from https://github.com/beakerlib/epel.git?72a1d18b541fdbd775d87bb69b57c3e018e18552#epel in /root/distribution/Library/epel/lib/epel loading library distribution/epel v42... done. :: [ 05:45:30 ] :: [ LOG ] :: Determined distro is 'rhel' :: [ 05:45:30 ] :: [ LOG ] :: Determined rhel release is '10' :: [ 05:45:30 ] :: [ LOG ] :: epel repo is accessible :: [ 05:45:30 ] :: [ LOG ] :: epel repo already present :: [ 05:45:30 ] :: [ INFO ] :: SELinux: using 'semodule -lfull' to list modules :: [ 05:45:30 ] :: [ INFO ] :: Running with policy located in /etc/selinux/targeted/policy/policy.34 :: [ 05:45:30 ] :: [ BEGIN ] :: Running 'mkdir -p /etc/skel/.{cache,config,local}' :: [ 05:45:30 ] :: [ PASS ] :: Command 'mkdir -p /etc/skel/.{cache,config,local}' (Expected 0, got 0) :: [ 05:45:30 ] :: [ LOG ] :: enriched audit log format already enabled :: [ 05:45:30 ] :: [ INFO ] :: SELinux related packages listing: :: [ 05:45:31 ] :: [ INFO ] :: checkpolicy-3.8-1.el10.x86_64 libselinux-3.8-1.el10.x86_64 libselinux-utils-3.8-1.el10.x86_64 libsemanage-3.8.1-1.el10_0.x86_64 libsepol-3.8-1.el10.x86_64 mcstrans-3.8-1.el10.x86_64 policycoreutils-3.8-1.el10.x86_64 policycoreutils-devel-3.8-1.el10.x86_64 policycoreutils-newrole-3.8-1.el10.x86_64 policycoreutils-python-utils-3.8-1.el10.noarch selinux-policy-40.13.30-1.el10.noarch selinux-policy-devel-40.13.30-1.el10.noarch selinux-policy-mls-40.13.30-1.el10.noarch selinux-policy-targeted-40.13.30-1.el10.noarch setools-console-4.5.1-4.el10.x86_64 setroubleshoot-plugins-3.3.14-11.el10.noarch setroubleshoot-server-3.3.35-2.el10.x86_64 :: [ 05:45:31 ] :: [ INFO ] :: listing took 1 second(s) :: [ 05:45:31 ] :: [ INFO ] :: package 'setools-console-4.5.1-4.el10.x86_64' covers required package 'setools-console' :: [ 05:45:31 ] :: [ INFO ] :: package 'expect-5.45.4-25.el10.x86_64' covers required package 'expect' :: [ 05:45:31 ] :: [ INFO ] :: package 'policycoreutils-python-utils-3.8-1.el10.noarch' covers required package 'policycoreutils-python-utils' :: [ 05:45:31 ] :: [ INFO ] :: package 'selinux-policy-devel-40.13.30-1.el10.noarch' covers required package 'selinux-policy-devel' :: [ 05:45:31 ] :: [ INFO ] :: package 'audit-rules-4.0.3-4.el10.x86_64' covers required package 'audit-rules' :: [ 05:45:31 ] :: [ PASS ] :: Command 'rlImport 'selinux-policy/common'' (Expected 0, got 0) :: [ 05:45:32 ] :: [ BEGIN ] :: Running 'rlFileBackup --clean --namespace 'library(selinux-policy:common)' /etc/yum.repos.d/' :: [ 05:45:32 ] :: [ INFO ] :: using '/var/tmp/beakerlib-YnikLoF/backup-library(selinux-policy:common)' as backup destination :: [ 05:45:32 ] :: [ PASS ] :: Command 'rlFileBackup --clean --namespace 'library(selinux-policy:common)' /etc/yum.repos.d/' (Expected 0, got 0) :: [ 05:45:32 ] :: [ BEGIN ] :: Running 'epelyum -y --nobest --nogpgcheck install audit glib2 /usr/sbin/service libselinux libselinux-utils NetworkManager NetworkManager-bluetooth NetworkManager-cloud-setup policycoreutils selinux-policy selinux-policy-mls selinux-policy-targeted samba-winbind nscd setools-console chrony cloud-init dhcp-client iscsi-initiator-utils samba-winbind sendmail ' actually running 'yum --enablerepo epel --enablerepo epel-internal -y --nobest --nogpgcheck install audit glib2 /usr/sbin/service libselinux libselinux-utils NetworkManager NetworkManager-bluetooth NetworkManager-cloud-setup policycoreutils selinux-policy selinux-policy-mls selinux-policy-targeted samba-winbind nscd setools-console chrony cloud-init dhcp-client iscsi-initiator-utils samba-winbind sendmail' Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register. internal epel repository 12 kB/s | 2.9 kB 00:00 internal epel repository 90 kB/s | 80 kB 00:00 Last metadata expiration check: 0:00:01 ago on Tue 29 Apr 2025 05:45:33 AM EDT. Package audit-4.0.3-4.el10.x86_64 is already installed. Package glib2-2.80.4-4.el10.x86_64 is already installed. Package initscripts-service-10.26-2.el10.noarch is already installed. Package libselinux-3.8-1.el10.x86_64 is already installed. Package libselinux-utils-3.8-1.el10.x86_64 is already installed. Package NetworkManager-1:1.53.3-1.el10.x86_64 is already installed. Package NetworkManager-bluetooth-1:1.53.3-1.el10.x86_64 is already installed. Package NetworkManager-cloud-setup-1:1.53.3-1.el10.x86_64 is already installed. Package policycoreutils-3.8-1.el10.x86_64 is already installed. Package selinux-policy-40.13.30-1.el10.noarch is already installed. Package selinux-policy-mls-40.13.30-1.el10.noarch is already installed. Package selinux-policy-targeted-40.13.30-1.el10.noarch is already installed. Package samba-winbind-4.21.3-102.el10.x86_64 is already installed. No match for argument: nscd Package setools-console-4.5.1-4.el10.x86_64 is already installed. Package chrony-4.6.1-1.el10.x86_64 is already installed. Package cloud-init-24.4-4.el10.noarch is already installed. No match for argument: dhcp-client Package iscsi-initiator-utils-6.2.1.9-22.gita65a472.el10.x86_64 is already installed. Package sendmail-8.18.1-4.el10_0.x86_64 is already installed. Error: Unable to find a match: nscd dhcp-client :: [ 05:45:34 ] :: [ PASS ] :: Command 'epelyum -y --nobest --nogpgcheck install audit glib2 /usr/sbin/service libselinux libselinux-utils NetworkManager NetworkManager-bluetooth NetworkManager-cloud-setup policycoreutils selinux-policy selinux-policy-mls selinux-policy-targeted samba-winbind nscd setools-console chrony cloud-init dhcp-client iscsi-initiator-utils samba-winbind sendmail ' (Expected 0,1, got 1) :: [ 05:45:34 ] :: [ BEGIN ] :: Running 'rlFileRestore --namespace 'library(selinux-policy:common)'' :: [ 05:45:34 ] :: [ PASS ] :: Command 'rlFileRestore --namespace 'library(selinux-policy:common)'' (Expected 0, got 0) :: [ 05:45:34 ] :: [ BEGIN ] :: Running 'rm -f /etc/yum.repos.d/rlSE-24482.repo' :: [ 05:45:34 ] :: [ PASS ] :: Command 'rm -f /etc/yum.repos.d/rlSE-24482.repo' (Expected 0, got 0) :: [ 05:45:34 ] :: [ BEGIN ] :: Running 'epelyum clean expire-cache' actually running 'yum --enablerepo epel --enablerepo epel-internal clean expire-cache' Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register. Cache was expired 0 files removed :: [ 05:45:35 ] :: [ PASS ] :: Command 'epelyum clean expire-cache' (Expected 0, got 0) selinux-policy-40.13.30-1.el10.noarch :: [ 05:45:35 ] :: [ PASS ] :: Checking for the presence of selinux-policy rpm :: [ 05:45:35 ] :: [ LOG ] :: Package versions: :: [ 05:45:35 ] :: [ LOG ] :: selinux-policy-40.13.30-1.el10.noarch selinux-policy-targeted-40.13.30-1.el10.noarch :: [ 05:45:35 ] :: [ PASS ] :: Checking for the presence of selinux-policy-targeted rpm :: [ 05:45:35 ] :: [ LOG ] :: Package versions: :: [ 05:45:35 ] :: [ LOG ] :: selinux-policy-targeted-40.13.30-1.el10.noarch NetworkManager-1.53.3-1.el10.x86_64 :: [ 05:45:35 ] :: [ PASS ] :: Checking for the presence of NetworkManager rpm :: [ 05:45:35 ] :: [ LOG ] :: Package versions: :: [ 05:45:35 ] :: [ LOG ] :: NetworkManager-1.53.3-1.el10.x86_64 :: [ 05:45:35 ] :: [ INFO ] :: using '/var/tmp/beakerlib-YnikLoF/backup' as backup destination :: [ 05:45:35 ] :: [ BEGIN ] :: Running 'echo redhat | passwd --stdin root' BAD PASSWORD: The password is shorter than 8 characters :: [ 05:45:35 ] :: [ PASS ] :: Command 'echo redhat | passwd --stdin root' (Expected 0, got 0) Redirecting to /bin/systemctl status nscd.service Unit nscd.service could not be found. :: [ 05:45:35 ] :: [ WARNING ] :: rlServiceStop: service nscd status returned 4 :: [ 05:45:35 ] :: [ WARNING ] :: rlServiceStop: Guessing that original state of nscd is stopped Redirecting to /bin/systemctl stop nscd.service Failed to stop nscd.service: Unit nscd.service not loaded. :: [ 05:45:35 ] :: [ ERROR ] :: rlServiceStop: Stopping service nscd failed :: [ 05:45:35 ] :: [ ERROR ] :: Status of the failed service: :: [ 05:45:35 ] :: [ LOG ] :: Redirecting to /bin/systemctl status nscd.service :: [ 05:45:35 ] :: [ LOG ] :: Unit nscd.service could not be found. :: [ 05:45:35 ] :: [ BEGIN ] :: Running 'setenforce 1' :: [ 05:45:35 ] :: [ PASS ] :: Command 'setenforce 1' (Expected 0, got 0) :: [ 05:45:35 ] :: [ BEGIN ] :: Running 'id -Z' unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 :: [ 05:45:35 ] :: [ PASS ] :: Command 'id -Z' (Expected 0, got 0) :: [ 05:45:35 ] :: [ BEGIN ] :: Running 'sestatus' SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33 :: [ 05:45:35 ] :: [ PASS ] :: Command 'sestatus' (Expected 0, got 0) :: [ 05:45:35 ] :: [ BEGIN ] :: Running 'semodule --list-modules=full | grep -i disabled' :: [ 05:45:35 ] :: [ PASS ] :: Command 'semodule --list-modules=full | grep -i disabled' (Expected 0,1, got 1) :: [ 05:45:35 ] :: [ LOG ] :: rlSESetTimestamp: Setting timestamp 'TIMESTAMP' [04/29/2025 05:45:35] :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 8s :: Assertions: 20 good, 0 bad :: RESULT: PASS (Setup) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#474342 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/sbin/NetworkManager system_u:object_r:NetworkManager_exec_t:s0 :: [ 05:45:37 ] :: [ PASS ] :: Result of matchpathcon /usr/sbin/NetworkManager should contain NetworkManager_exec_t (Assert: expected 0, got 0) /var/lib/dhclient system_u:object_r:dhcpc_state_t:s0 :: [ 05:45:38 ] :: [ PASS ] :: Result of matchpathcon /var/lib/dhclient should contain dhcpc_state_t (Assert: expected 0, got 0) :: [ 05:45:38 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t dhcpc_state_t : dir { getattr open search }' FILTERED RULES allow NetworkManager_t dhcpc_state_t:dir { add_name getattr ioctl lock open read remove_name search write }; :: [ 05:45:39 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 05:45:39 ] :: [ PASS ] :: check permission 'open' is present (Assert: '0' should equal '0') :: [ 05:45:39 ] :: [ PASS ] :: check permission 'search' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 3s :: Assertions: 5 good, 0 bad :: RESULT: PASS (bz#474342) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#696161 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 05:45:40 ] :: [ INFO ] :: rlSESearchRule: checking rule 'dontaudit NetworkManager_t NetworkManager_t : capability { sys_module }' FILTERED RULES dontaudit NetworkManager_t NetworkManager_t:capability net_bind_service; [ nis_enabled ]:True dontaudit NetworkManager_t NetworkManager_t:capability sys_nice; [ daemons_dontaudit_scheduling ]:True dontaudit NetworkManager_t NetworkManager_t:capability { net_admin sys_module sys_ptrace sys_resource sys_tty_config }; :: [ 05:45:41 ] :: [ PASS ] :: check permission 'sys_module' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 1s :: Assertions: 1 good, 0 bad :: RESULT: PASS (bz#696161) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#731760 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 05:45:42 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t NetworkManager_t : netlink_socket { create }' FILTERED RULES allow NetworkManager_t NetworkManager_t:netlink_socket { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write }; :: [ 05:45:43 ] :: [ PASS ] :: check permission 'create' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 2s :: Assertions: 1 good, 0 bad :: RESULT: PASS (bz#731760) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1071480 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/libexec/nm-libreswan-service system_u:object_r:ipsec_mgmt_exec_t:s0 :: [ 05:45:44 ] :: [ PASS ] :: Result of matchpathcon /usr/libexec/nm-libreswan-service should contain ipsec_mgmt_exec_t (Assert: expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 1s :: Assertions: 1 good, 0 bad :: RESULT: PASS (bz#1071480) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#920576 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /etc/hostname system_u:object_r:hostname_etc_t:s0 :: [ 05:45:45 ] :: [ PASS ] :: Result of matchpathcon /etc/hostname should contain hostname_etc_t (Assert: expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 1s :: Assertions: 1 good, 0 bad :: RESULT: PASS (bz#920576) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#693149 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 05:45:45 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t user_tmp_t : sock_file { write }' FILTERED RULES allow NetworkManager_t user_tmp_t:sock_file { append getattr open write }; :: [ 05:45:47 ] :: [ PASS ] :: check permission 'write' is present (Assert: '0' should equal '0') :: [ 05:45:47 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t unconfined_t : unix_dgram_socket { sendto }' FILTERED RULES allow NetworkManager_t unconfined_t:unix_dgram_socket sendto; :: [ 05:45:48 ] :: [ PASS ] :: check permission 'sendto' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 3s :: Assertions: 2 good, 0 bad :: RESULT: PASS (bz#693149) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1009661 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/sbin/NetworkManager system_u:object_r:NetworkManager_exec_t:s0 :: [ 05:45:49 ] :: [ PASS ] :: Result of matchpathcon /usr/sbin/NetworkManager should contain NetworkManager_exec_t (Assert: expected 0, got 0) /dev/rfkill system_u:object_r:wireless_device_t:s0 :: [ 05:45:50 ] :: [ PASS ] :: Result of matchpathcon /dev/rfkill should contain wireless_device_t (Assert: expected 0, got 0) :: [ 05:45:50 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t wireless_device_t : chr_file { read write }' FILTERED RULES allow NetworkManager_t device_node:chr_file getattr; allow NetworkManager_t wireless_device_t:chr_file { append ioctl lock open read write }; :: [ 05:45:51 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 05:45:51 ] :: [ PASS ] :: check permission 'write' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 3s :: Assertions: 4 good, 0 bad :: RESULT: PASS (bz#1009661) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1039879 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: NetworkManager_dispatcher_t is defined /usr/libexec/nm-dispatcher system_u:object_r:NetworkManager_dispatcher_exec_t:s0 :: [ 05:45:53 ] :: [ PASS ] :: Result of matchpathcon /usr/libexec/nm-dispatcher should contain NetworkManager_dispatcher_exec_t (Assert: expected 0, got 0) :: [ 05:45:53 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow init_t NetworkManager_exec_t : file { getattr open read execute }' FILTERED RULES allow domain file_type:file map; [ domain_can_mmap_files ]:True allow init_t direct_init_entry:file execute_no_trans; allow init_t file_type:file { getattr relabelfrom relabelto }; allow init_t non_security_file_type:file mounton; [ init_create_dirs ]:True allow init_t non_security_file_type:file watch; allow initrc_domain direct_init_entry:file { execute getattr map open read }; allow initrc_domain systemprocess_entry:file { execute getattr map open read }; :: [ 05:45:54 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 05:45:54 ] :: [ PASS ] :: check permission 'open' is present (Assert: '0' should equal '0') :: [ 05:45:54 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 05:45:54 ] :: [ PASS ] :: check permission 'execute' is present (Assert: '0' should equal '0') :: [ 05:45:54 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow init_t NetworkManager_t : process { transition }' FILTERED RULES allow init_t daemon:process siginh; allow init_t domain:process { getattr getpgid noatsecure rlimitinh setrlimit setsched sigchld sigkill signal signull sigstop }; allow init_t systemprocess:process { dyntransition siginh }; allow initrc_domain daemon:process transition; allow initrc_domain systemprocess:process transition; :: [ 05:45:56 ] :: [ PASS ] :: check permission 'transition' is present (Assert: '0' should equal '0') :: [ 05:45:56 ] :: [ INFO ] :: rlSESearchRule: checking rule 'type_transition init_t NetworkManager_exec_t : process NetworkManager_t' FILTERED RULES type_transition init_t NetworkManager_exec_t:process NetworkManager_t; :: [ 05:45:58 ] :: [ PASS ] :: check permission 'NetworkManager_t' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 6s :: Assertions: 7 good, 0 bad :: RESULT: PASS (bz#1039879) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: real scenario -- bz#1039879 + bz#1042838 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: NetworkManager_dispatcher_t is defined :: [ 05:45:58 ] :: [ BEGIN ] :: Running 'gdbus introspect --system --object-path / --dest org.freedesktop.nm_dispatcher >& /dev/null' :: [ 05:45:58 ] :: [ PASS ] :: Command 'gdbus introspect --system --object-path / --dest org.freedesktop.nm_dispatcher >& /dev/null' (Expected 0, got 0) :: [ 05:45:59 ] :: [ BEGIN ] :: Running 'ps -efZ | grep -v grep | grep nm-dispatcher' system_u:system_r:NetworkManager_dispatcher_t:s0 root 118935 1 0 05:45 ? 00:00:00 /usr/libexec/nm-dispatcher :: [ 05:45:59 ] :: [ PASS ] :: Command 'ps -efZ | grep -v grep | grep nm-dispatcher' (Expected 0, got 0) :: [ 05:45:59 ] :: [ BEGIN ] :: Running 'ps -efZ | grep -v grep | grep "NetworkManager_dispatcher_t.*nm-dispatcher"' system_u:system_r:NetworkManager_dispatcher_t:s0 root 118935 1 0 05:45 ? 00:00:00 /usr/libexec/nm-dispatcher :: [ 05:45:59 ] :: [ PASS ] :: Command 'ps -efZ | grep -v grep | grep "NetworkManager_dispatcher_t.*nm-dispatcher"' (Expected 0, got 0) NetworkManager_dispatcher_t is defined :: [ 05:46:02 ] :: [ BEGIN ] :: Running 'service NetworkManager-dispatcher start' Redirecting to /bin/systemctl start NetworkManager-dispatcher.service :: [ 05:46:02 ] :: [ PASS ] :: Command 'service NetworkManager-dispatcher start' (Expected 0, got 0) :: [ 05:46:04 ] :: [ BEGIN ] :: Running 'ps -efZ | grep -v " grep " | grep -E "nm-dispatcher"' system_u:system_r:NetworkManager_dispatcher_t:s0 root 118935 1 0 05:45 ? 00:00:00 /usr/libexec/nm-dispatcher :: [ 05:46:04 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "nm-dispatcher"' (Expected 0, got 0) :: [ 05:46:04 ] :: [ BEGIN ] :: Running 'ps -efZ | grep -v " grep " | grep -E "NetworkManager_dispatcher_t.*nm-dispatcher"' system_u:system_r:NetworkManager_dispatcher_t:s0 root 118935 1 0 05:45 ? 00:00:00 /usr/libexec/nm-dispatcher :: [ 05:46:04 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "NetworkManager_dispatcher_t.*nm-dispatcher"' (Expected 0, got 0) :: [ 05:46:05 ] :: [ BEGIN ] :: Running 'service NetworkManager-dispatcher status' Redirecting to /bin/systemctl status NetworkManager-dispatcher.service ● NetworkManager-dispatcher.service - Network Manager Script Dispatcher Service Loaded: loaded (/usr/lib/systemd/system/NetworkManager-dispatcher.service; enabled; preset: enabled) Active: active (running) since Tue 2025-04-29 05:45:58 EDT; 6s ago Invocation: 22b277ea0f4644acb29a23604bd37a31 Docs: man:NetworkManager-dispatcher.service(8) Main PID: 118935 (nm-dispatcher) Tasks: 5 (limit: 10692) Memory: 1.3M (peak: 1.5M) CPU: 10ms CGroup: /system.slice/NetworkManager-dispatcher.service └─118935 /usr/libexec/nm-dispatcher Apr 29 05:45:58 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 systemd[1]: Startin…. Apr 29 05:45:58 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 systemd[1]: Started…. Hint: Some lines were ellipsized, use -l to show in full. :: [ 05:46:05 ] :: [ PASS ] :: Command 'service NetworkManager-dispatcher status' (Expected 0,1,3, got 0) :: [ 05:46:06 ] :: [ INFO ] :: using '/var/tmp/beakerlib-YnikLoF/backup' as backup destination :: [ 05:46:06 ] :: [ BEGIN ] :: Running 'sed -i 's/^#Environment=/Environment=/' /usr/lib/systemd/system/nm-cloud-setup.service' :: [ 05:46:06 ] :: [ PASS ] :: Command 'sed -i 's/^#Environment=/Environment=/' /usr/lib/systemd/system/nm-cloud-setup.service' (Expected 0, got 0) :: [ 05:46:06 ] :: [ BEGIN ] :: Running 'systemctl daemon-reload' :: [ 05:46:07 ] :: [ PASS ] :: Command 'systemctl daemon-reload' (Expected 0, got 0) :: [ 05:46:07 ] :: [ BEGIN ] :: Running 'service nm-cloud-setup start' Redirecting to /bin/systemctl start nm-cloud-setup.service :: [ 05:46:14 ] :: [ PASS ] :: Command 'service nm-cloud-setup start' (Expected 0, got 0) :: [ 05:46:14 ] :: [ BEGIN ] :: Running 'service NetworkManager-dispatcher restart' Redirecting to /bin/systemctl restart NetworkManager-dispatcher.service :: [ 05:46:14 ] :: [ PASS ] :: Command 'service NetworkManager-dispatcher restart' (Expected 0, got 0) :: [ 05:46:16 ] :: [ BEGIN ] :: Running 'ps -efZ | grep -v " grep " | grep -E "nm-dispatcher"' system_u:system_r:NetworkManager_dispatcher_t:s0 root 119902 1 0 05:46 ? 00:00:00 /usr/libexec/nm-dispatcher :: [ 05:46:16 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "nm-dispatcher"' (Expected 0, got 0) :: [ 05:46:16 ] :: [ BEGIN ] :: Running 'ps -efZ | grep -v " grep " | grep -E "NetworkManager_dispatcher_t.*nm-dispatcher"' system_u:system_r:NetworkManager_dispatcher_t:s0 root 119902 1 0 05:46 ? 00:00:00 /usr/libexec/nm-dispatcher :: [ 05:46:16 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "NetworkManager_dispatcher_t.*nm-dispatcher"' (Expected 0, got 0) :: [ 05:46:17 ] :: [ BEGIN ] :: Running 'service NetworkManager-dispatcher status' Redirecting to /bin/systemctl status NetworkManager-dispatcher.service ● NetworkManager-dispatcher.service - Network Manager Script Dispatcher Service Loaded: loaded (/usr/lib/systemd/system/NetworkManager-dispatcher.service; enabled; preset: enabled) Active: active (running) since Tue 2025-04-29 05:46:14 EDT; 2s ago Invocation: 7d8d4443c88f4045a1285f3d57e52702 Docs: man:NetworkManager-dispatcher.service(8) Main PID: 119902 (nm-dispatcher) Tasks: 5 (limit: 10692) Memory: 1.2M (peak: 1.4M) CPU: 9ms CGroup: /system.slice/NetworkManager-dispatcher.service └─119902 /usr/libexec/nm-dispatcher Apr 29 05:46:14 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 systemd[1]: Startin…. Apr 29 05:46:14 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 systemd[1]: Started…. Hint: Some lines were ellipsized, use -l to show in full. :: [ 05:46:17 ] :: [ PASS ] :: Command 'service NetworkManager-dispatcher status' (Expected 0,1,3, got 0) :: [ 05:46:19 ] :: [ BEGIN ] :: Running 'service NetworkManager-dispatcher stop' Redirecting to /bin/systemctl stop NetworkManager-dispatcher.service :: [ 05:46:19 ] :: [ PASS ] :: Command 'service NetworkManager-dispatcher stop' (Expected 0, got 0) :: [ 05:46:20 ] :: [ BEGIN ] :: Running 'service NetworkManager-dispatcher status' Redirecting to /bin/systemctl status NetworkManager-dispatcher.service ○ NetworkManager-dispatcher.service - Network Manager Script Dispatcher Service Loaded: loaded (/usr/lib/systemd/system/NetworkManager-dispatcher.service; enabled; preset: enabled) Active: inactive (dead) Docs: man:NetworkManager-dispatcher.service(8) Apr 29 03:55:34 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 systemd[1]: Network…. Apr 29 05:45:58 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 systemd[1]: Startin…. Apr 29 05:45:58 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 systemd[1]: Started…. Apr 29 05:46:08 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 systemd[1]: Network…. Apr 29 05:46:14 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 systemd[1]: Startin…. Apr 29 05:46:14 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 systemd[1]: Started…. Apr 29 05:46:19 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 systemd[1]: Stoppin…. Apr 29 05:46:19 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 nm-dispatcher[119902]: ... Apr 29 05:46:19 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 systemd[1]: Network…. Apr 29 05:46:19 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 systemd[1]: Stopped…. Hint: Some lines were ellipsized, use -l to show in full. :: [ 05:46:21 ] :: [ PASS ] :: Command 'service NetworkManager-dispatcher status' (Expected 0,1,3, got 3) :: [ 05:46:22 ] :: [ BEGIN ] :: Running 'service nm-cloud-setup stop' Redirecting to /bin/systemctl stop nm-cloud-setup.service :: [ 05:46:22 ] :: [ PASS ] :: Command 'service nm-cloud-setup stop' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 26s :: Assertions: 17 good, 0 bad :: RESULT: PASS (real scenario -- bz#1039879 + bz#1042838) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1040631 + bz#1041105 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: NetworkManager_dispatcher_t is defined /usr/libexec/nm-dispatcher system_u:object_r:NetworkManager_dispatcher_exec_t:s0 :: [ 05:46:25 ] :: [ PASS ] :: Result of matchpathcon /usr/libexec/nm-dispatcher should contain NetworkManager_dispatcher_exec_t (Assert: expected 0, got 0) /etc/NetworkManager/dispatcher.d system_u:object_r:NetworkManager_dispatcher_script_t:s0 :: [ 05:46:26 ] :: [ PASS ] :: Result of matchpathcon /etc/NetworkManager/dispatcher.d should contain NetworkManager_dispatcher_script_t (Assert: expected 0, got 0) :: [ 05:46:26 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t NetworkManager_initrc_exec_t : dir { getattr open read }' FILTERED RULES allow NetworkManager_t NetworkManager_initrc_exec_t:dir { getattr ioctl lock open read search }; :: [ 05:46:28 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 05:46:28 ] :: [ PASS ] :: check permission 'open' is present (Assert: '0' should equal '0') :: [ 05:46:28 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 4s :: Assertions: 5 good, 0 bad :: RESULT: PASS (bz#1040631 + bz#1041105) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1044723 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: NetworkManager_dispatcher_t is defined /usr/libexec/nm-dispatcher system_u:object_r:NetworkManager_dispatcher_exec_t:s0 :: [ 05:46:29 ] :: [ PASS ] :: Result of matchpathcon /usr/libexec/nm-dispatcher should contain NetworkManager_dispatcher_exec_t (Assert: expected 0, got 0) :: [ 05:46:29 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t initrc_t : process { signull }' FILTERED RULES allow NetworkManager_t initrc_t:process { sigkill signal signull transition }; allow daemon initrc_domain:process sigchld; allow systemprocess initrc_domain:process sigchld; :: [ 05:46:30 ] :: [ PASS ] :: check permission 'signull' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 2s :: Assertions: 2 good, 0 bad :: RESULT: PASS (bz#1044723) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1055734 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/sbin/NetworkManager system_u:object_r:NetworkManager_exec_t:s0 :: [ 05:46:31 ] :: [ PASS ] :: Result of matchpathcon /usr/sbin/NetworkManager should contain NetworkManager_exec_t (Assert: expected 0, got 0) /usr/sbin/iscsiadm system_u:object_r:iscsid_exec_t:s0 :: [ 05:46:32 ] :: [ PASS ] :: Result of matchpathcon /usr/sbin/iscsiadm should contain iscsid_exec_t (Assert: expected 0, got 0) :: [ 05:46:32 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t iscsid_exec_t : file { getattr open read execute }' FILTERED RULES allow NetworkManager_t iscsid_exec_t:file { execute getattr ioctl map open read }; allow domain file_type:file map; [ domain_can_mmap_files ]:True :: [ 05:46:33 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 05:46:33 ] :: [ PASS ] :: check permission 'open' is present (Assert: '0' should equal '0') :: [ 05:46:33 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 05:46:33 ] :: [ PASS ] :: check permission 'execute' is present (Assert: '0' should equal '0') :: [ 05:46:33 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t iscsid_t : process { transition }' FILTERED RULES allow NetworkManager_t iscsid_t:process transition; :: [ 05:46:35 ] :: [ PASS ] :: check permission 'transition' is present (Assert: '0' should equal '0') :: [ 05:46:35 ] :: [ INFO ] :: rlSESearchRule: checking rule 'type_transition NetworkManager_t iscsid_exec_t : process iscsid_t' FILTERED RULES type_transition NetworkManager_t iscsid_exec_t:process iscsid_t; :: [ 05:46:37 ] :: [ PASS ] :: check permission 'iscsid_t' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 7s :: Assertions: 8 good, 0 bad :: RESULT: PASS (bz#1055734) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: real scenario -- bz#1040631 + bz#1041105 + bz#1069241 + bz#1070829 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 05:46:37 ] :: [ BEGIN ] :: Running 'service NetworkManager start' Redirecting to /bin/systemctl start NetworkManager.service :: [ 05:46:37 ] :: [ PASS ] :: Command 'service NetworkManager start' (Expected 0, got 0) :: [ 05:46:38 ] :: [ BEGIN ] :: Running 'ps -efZ | grep -v " grep " | grep -E "NetworkManager"' system_u:system_r:NetworkManager_t:s0 root 703 1 0 03:52 ? 00:00:00 /usr/sbin/NetworkManager --no-daemon system_u:system_r:NetworkManager_t:s0 root 11540 1 0 04:15 ? 00:00:00 /usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -u -s :: [ 05:46:38 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "NetworkManager"' (Expected 0, got 0) :: [ 05:46:39 ] :: [ BEGIN ] :: Running 'ps -efZ | grep -v " grep " | grep -E "NetworkManager_t.*NetworkManager"' system_u:system_r:NetworkManager_t:s0 root 703 1 0 03:52 ? 00:00:00 /usr/sbin/NetworkManager --no-daemon :: [ 05:46:39 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "NetworkManager_t.*NetworkManager"' (Expected 0, got 0) :: [ 05:46:40 ] :: [ BEGIN ] :: Running 'service NetworkManager status' Redirecting to /bin/systemctl status NetworkManager.service ● NetworkManager.service - Network Manager Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; preset: enabled) Active: active (running) since Tue 2025-04-29 03:52:33 EDT; 1h 54min ago Invocation: 63de83a880a8449e9c3d9cd2e925fdf1 Docs: man:NetworkManager(8) Main PID: 703 (NetworkManager) Tasks: 4 (limit: 10692) Memory: 7.7M (peak: 9.4M) CPU: 920ms CGroup: /system.slice/NetworkManager.service └─703 /usr/sbin/NetworkManager --no-daemon Apr 29 03:52:34 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[703]: ... Apr 29 03:52:34 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[703]: ... Apr 29 03:52:34 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[703]: ... Apr 29 03:52:34 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[703]: ... Apr 29 03:52:34 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[703]: ... Apr 29 03:52:34 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[703]: ... Apr 29 03:52:34 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[703]: ... Apr 29 03:55:24 vm-10-0-187-212.hosted.upshift.rdu2.redhat.com NetworkManager[703]: [1…) Apr 29 04:11:33 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[703]: ... Apr 29 04:15:54 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[703]: ... Hint: Some lines were ellipsized, use -l to show in full. :: [ 05:46:40 ] :: [ PASS ] :: Command 'service NetworkManager status' (Expected 0,1,3, got 0) :: [ 05:46:41 ] :: [ BEGIN ] :: Running 'ls -Z /run/NetworkManager/no-stub-resolv.conf' system_u:object_r:net_conf_t:s0 /run/NetworkManager/no-stub-resolv.conf :: [ 05:46:41 ] :: [ PASS ] :: Command 'ls -Z /run/NetworkManager/no-stub-resolv.conf' (Expected 0, got 0) :: [ 05:46:41 ] :: [ BEGIN ] :: Running 'restorecon -Rv /run/NetworkManager' :: [ 05:46:41 ] :: [ PASS ] :: Command 'restorecon -Rv /run/NetworkManager' (Expected 0-255, got 0) :: [ 05:46:41 ] :: [ BEGIN ] :: Running 'service NetworkManager restart' Redirecting to /bin/systemctl restart NetworkManager.service :: [ 05:46:42 ] :: [ PASS ] :: Command 'service NetworkManager restart' (Expected 0, got 0) :: [ 05:46:44 ] :: [ BEGIN ] :: Running 'ps -efZ | grep -v " grep " | grep -E "NetworkManager"' system_u:system_r:NetworkManager_t:s0 root 11540 1 0 04:15 ? 00:00:00 /usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -u -s system_u:system_r:NetworkManager_dispatcher_t:s0 root 123987 1 0 05:46 ? 00:00:00 /usr/libexec/nm-dispatcher system_u:system_r:NetworkManager_t:s0 root 123994 1 2 05:46 ? 00:00:00 /usr/sbin/NetworkManager --no-daemon :: [ 05:46:44 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "NetworkManager"' (Expected 0, got 0) :: [ 05:46:44 ] :: [ BEGIN ] :: Running 'ps -efZ | grep -v " grep " | grep -E "NetworkManager_t.*NetworkManager"' system_u:system_r:NetworkManager_t:s0 root 123994 1 2 05:46 ? 00:00:00 /usr/sbin/NetworkManager --no-daemon :: [ 05:46:44 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "NetworkManager_t.*NetworkManager"' (Expected 0, got 0) :: [ 05:46:45 ] :: [ BEGIN ] :: Running 'service NetworkManager status' Redirecting to /bin/systemctl status NetworkManager.service ● NetworkManager.service - Network Manager Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; preset: enabled) Active: active (running) since Tue 2025-04-29 05:46:42 EDT; 3s ago Invocation: ac6a3c0ab2f04f93ae82e83dfe9149d5 Docs: man:NetworkManager(8) Main PID: 123994 (NetworkManager) Tasks: 5 (limit: 10692) Memory: 4.8M (peak: 5.1M) CPU: 67ms CGroup: /system.slice/NetworkManager.service └─123994 /usr/sbin/NetworkManager --no-daemon Apr 29 05:46:42 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[123994]: ... Apr 29 05:46:42 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[123994]: ... Apr 29 05:46:42 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[123994]: ... Apr 29 05:46:42 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[123994]: ... Apr 29 05:46:42 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[123994]: ... Apr 29 05:46:42 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[123994]: ... Apr 29 05:46:42 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[123994]: ... Apr 29 05:46:42 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[123994]: ... Apr 29 05:46:42 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[123994]: ... Apr 29 05:46:42 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[123994]: ... Hint: Some lines were ellipsized, use -l to show in full. :: [ 05:46:45 ] :: [ PASS ] :: Command 'service NetworkManager status' (Expected 0,1,3, got 0) :: [ 05:46:47 ] :: [ BEGIN ] :: Running 'nmcli gen hostname prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51' :: [ 05:46:47 ] :: [ PASS ] :: Command 'nmcli gen hostname prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51' (Expected 0, got 0) :: [ 05:46:47 ] :: [ BEGIN ] :: Running 'ls -Z /etc/hostname | grep :hostname_etc_t' system_u:object_r:hostname_etc_t:s0 /etc/hostname :: [ 05:46:47 ] :: [ PASS ] :: Command 'ls -Z /etc/hostname | grep :hostname_etc_t' (Expected 0, got 0) :: [ 05:46:47 ] :: [ BEGIN ] :: Running 'restorecon -v /etc/hostname' :: [ 05:46:47 ] :: [ PASS ] :: Command 'restorecon -v /etc/hostname' (Expected 0, got 0) :: [ 05:46:47 ] :: [ BEGIN ] :: Running 'service NetworkManager stop' Redirecting to /bin/systemctl stop NetworkManager.service :: [ 05:46:47 ] :: [ PASS ] :: Command 'service NetworkManager stop' (Expected 0, got 0) :: [ 05:46:49 ] :: [ BEGIN ] :: Running 'service NetworkManager status' Redirecting to /bin/systemctl status NetworkManager.service ○ NetworkManager.service - Network Manager Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; preset: enabled) Active: inactive (dead) since Tue 2025-04-29 05:46:47 EDT; 1s ago Duration: 5.166s Invocation: ac6a3c0ab2f04f93ae82e83dfe9149d5 Docs: man:NetworkManager(8) Process: 123994 ExecStart=/usr/sbin/NetworkManager --no-daemon (code=exited, status=0/SUCCESS) Main PID: 123994 (code=exited, status=0/SUCCESS) Mem peak: 5.1M CPU: 75ms Apr 29 05:46:47 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[123994]: ... Apr 29 05:46:47 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 systemd[1]: Stoppin…. Apr 29 05:46:47 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[123994]: ... Apr 29 05:46:47 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[123994]: ... Apr 29 05:46:47 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[123994]: ... Apr 29 05:46:47 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[123994]: ... Apr 29 05:46:47 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[123994]: ... Apr 29 05:46:47 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 NetworkManager[123994]: ... Apr 29 05:46:47 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 systemd[1]: Network…. Apr 29 05:46:47 prereserve-1mt-rhel-10.1-20250422.0-41071-2025-04-29-07-51 systemd[1]: Stopped…. Hint: Some lines were ellipsized, use -l to show in full. :: [ 05:46:49 ] :: [ PASS ] :: Command 'service NetworkManager status' (Expected 0,1,3, got 3) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 13s :: Assertions: 15 good, 0 bad :: RESULT: PASS (real scenario -- bz#1040631 + bz#1041105 + bz#1069241 + bz#1070829) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1069241 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/sbin/NetworkManager system_u:object_r:NetworkManager_exec_t:s0 :: [ 05:46:51 ] :: [ PASS ] :: Result of matchpathcon /usr/sbin/NetworkManager should contain NetworkManager_exec_t (Assert: expected 0, got 0) /etc/hostname system_u:object_r:hostname_etc_t:s0 :: [ 05:46:52 ] :: [ PASS ] :: Result of matchpathcon /etc/hostname should contain hostname_etc_t (Assert: expected 0, got 0) :: [ 05:46:52 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t hostname_etc_t : file { unlink }' FILTERED RULES allow NetworkManager_t hostname_etc_t:file { append create link rename setattr unlink watch watch_reads write }; allow domain file_type:file map; [ domain_can_mmap_files ]:True allow nsswitch_domain hostname_etc_t:file { getattr ioctl lock open read }; :: [ 05:46:53 ] :: [ PASS ] :: check permission 'unlink' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 2s :: Assertions: 3 good, 0 bad :: RESULT: PASS (bz#1069241) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1070829 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/sbin/NetworkManager system_u:object_r:NetworkManager_exec_t:s0 :: [ 05:46:54 ] :: [ PASS ] :: Result of matchpathcon /usr/sbin/NetworkManager should contain NetworkManager_exec_t (Assert: expected 0, got 0) /etc system_u:object_r:etc_t:s0 :: [ 05:46:55 ] :: [ PASS ] :: Result of matchpathcon /etc should contain etc_t (Assert: expected 0, got 0) /etc/hostname system_u:object_r:hostname_etc_t:s0 :: [ 05:46:56 ] :: [ PASS ] :: Result of matchpathcon /etc/hostname should contain hostname_etc_t (Assert: expected 0, got 0) :: [ 05:46:56 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t hostname_etc_t : file { create }' FILTERED RULES allow NetworkManager_t hostname_etc_t:file { append create link rename setattr unlink watch watch_reads write }; allow domain file_type:file map; [ domain_can_mmap_files ]:True allow nsswitch_domain hostname_etc_t:file { getattr ioctl lock open read }; :: [ 05:46:57 ] :: [ PASS ] :: check permission 'create' is present (Assert: '0' should equal '0') :: [ 05:46:57 ] :: [ BEGIN ] :: Running 'sesearch -T -s NetworkManager_t -t etc_t -c file | grep "hostname_etc_t.*hostname"' type_transition NetworkManager_t etc_t:file hostname_etc_t hostname; :: [ 05:46:59 ] :: [ PASS ] :: Command 'sesearch -T -s NetworkManager_t -t etc_t -c file | grep "hostname_etc_t.*hostname"' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 5s :: Assertions: 5 good, 0 bad :: RESULT: PASS (bz#1070829) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1234954 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 05:46:59 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t systemd_hostnamed_t : dbus { send_msg }' FILTERED RULES allow NetworkManager_t systemd_hostnamed_t:dbus send_msg; :: [ 05:47:01 ] :: [ PASS ] :: check permission 'send_msg' is present (Assert: '0' should equal '0') :: [ 05:47:01 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t sysfs_t : dir { write }' FILTERED RULES allow NetworkManager_t sysfs_t:dir { audit_access ioctl lock read write }; allow domain sysfs_t:dir { getattr open search }; allow system_bus_type filesystem_type:dir { getattr open search }; :: [ 05:47:02 ] :: [ PASS ] :: check permission 'write' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 3s :: Assertions: 2 good, 0 bad :: RESULT: PASS (bz#1234954) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1192810 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 05:47:03 ] :: [ BEGIN ] :: Running 'sesearch -c file -T | grep 'nm-dhclient\.'' :: [ 05:47:06 ] :: [ PASS ] :: Command 'sesearch -c file -T | grep 'nm-dhclient\.'' (Expected 1, got 1) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 3s :: Assertions: 1 good, 0 bad :: RESULT: PASS (bz#1192810) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1212498 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/sbin/NetworkManager system_u:object_r:NetworkManager_exec_t:s0 :: [ 05:47:07 ] :: [ PASS ] :: Result of matchpathcon /usr/sbin/NetworkManager should contain NetworkManager_exec_t (Assert: expected 0, got 0) /dev/rfcomm0 system_u:object_r:tty_device_t:s0 :: [ 05:47:08 ] :: [ PASS ] :: Result of matchpathcon /dev/rfcomm0 should contain tty_device_t (Assert: expected 0, got 0) :: [ 05:47:08 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t NetworkManager_initrc_exec_t : lnk_file { getattr read }' FILTERED RULES allow NetworkManager_t NetworkManager_initrc_exec_t:lnk_file { getattr read }; allow domain file_type:lnk_file map; [ domain_can_mmap_files ]:True :: [ 05:47:09 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 05:47:09 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 05:47:09 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t sysfs_t : dir { write }' FILTERED RULES allow NetworkManager_t sysfs_t:dir { audit_access ioctl lock read write }; allow domain sysfs_t:dir { getattr open search }; allow system_bus_type filesystem_type:dir { getattr open search }; :: [ 05:47:11 ] :: [ PASS ] :: check permission 'write' is present (Assert: '0' should equal '0') :: [ 05:47:11 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t tty_device_t : chr_file { getattr open read } [ ]' FILTERED RULES allow NetworkManager_t device_node:chr_file getattr; allow NetworkManager_t tty_device_t:chr_file { append ioctl lock open read write }; :: [ 05:47:13 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 05:47:13 ] :: [ PASS ] :: check permission 'open' is present (Assert: '0' should equal '0') :: [ 05:47:13 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 05:47:13 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t etc_t : dir { read write getattr open search add_name remove_name } [ ]' FILTERED RULES allow NetworkManager_t etc_t:dir { add_name remove_name watch write }; allow domain base_file_type:dir { getattr open search }; allow domain base_ro_file_type:dir { ioctl lock read }; :: [ 05:47:14 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 05:47:14 ] :: [ PASS ] :: check permission 'write' is present (Assert: '0' should equal '0') :: [ 05:47:14 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 05:47:14 ] :: [ PASS ] :: check permission 'open' is present (Assert: '0' should equal '0') :: [ 05:47:14 ] :: [ PASS ] :: check permission 'search' is present (Assert: '0' should equal '0') :: [ 05:47:14 ] :: [ PASS ] :: check permission 'add_name' is present (Assert: '0' should equal '0') :: [ 05:47:14 ] :: [ PASS ] :: check permission 'remove_name' is present (Assert: '0' should equal '0') :: [ 05:47:15 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t net_conf_t : lnk_file { create }' FILTERED RULES allow NetworkManager_t net_conf_t:lnk_file { append create ioctl link lock rename setattr unlink watch watch_reads write }; allow domain file_type:lnk_file map; [ domain_can_mmap_files ]:True allow nsswitch_domain net_conf_t:lnk_file { getattr read }; :: [ 05:47:16 ] :: [ PASS ] :: check permission 'create' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 9s :: Assertions: 16 good, 0 bad :: RESULT: PASS (bz#1212498) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1336722 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/sbin/NetworkManager system_u:object_r:NetworkManager_exec_t:s0 :: [ 05:47:17 ] :: [ PASS ] :: Result of matchpathcon /usr/sbin/NetworkManager should contain NetworkManager_exec_t (Assert: expected 0, got 0) :: [ 05:47:17 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t dnsmasq_t : dbus { send_msg } [ ]' FILTERED RULES allow NetworkManager_t dnsmasq_t:dbus send_msg; :: [ 05:47:19 ] :: [ PASS ] :: check permission 'send_msg' is present (Assert: '0' should equal '0') :: [ 05:47:19 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow dnsmasq_t NetworkManager_t : dbus { send_msg } [ ]' FILTERED RULES allow dnsmasq_t NetworkManager_t:dbus send_msg; :: [ 05:47:20 ] :: [ PASS ] :: check permission 'send_msg' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 4s :: Assertions: 3 good, 0 bad :: RESULT: PASS (bz#1336722) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1342401 + bz#1344505 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/sbin/NetworkManager system_u:object_r:NetworkManager_exec_t:s0 :: [ 05:47:21 ] :: [ PASS ] :: Result of matchpathcon /usr/sbin/NetworkManager should contain NetworkManager_exec_t (Assert: expected 0, got 0) /etc/resolv.conf system_u:object_r:net_conf_t:s0 :: [ 05:47:22 ] :: [ PASS ] :: Result of matchpathcon /etc/resolv.conf should contain net_conf_t (Assert: expected 0, got 0) /etc/resolv.conf.GWNQIY system_u:object_r:net_conf_t:s0 :: [ 05:47:22 ] :: [ PASS ] :: Result of matchpathcon /etc/resolv.conf.GWNQIY should contain net_conf_t (Assert: expected 0, got 0) :: [ 05:47:22 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t net_conf_t : file { create rename }' FILTERED RULES allow NetworkManager_t net_conf_t:file { append create link rename setattr unlink watch watch_reads write }; allow domain file_type:file map; [ domain_can_mmap_files ]:True allow nsswitch_domain net_conf_t:file { getattr ioctl lock open read }; :: [ 05:47:24 ] :: [ PASS ] :: check permission 'create' is present (Assert: '0' should equal '0') :: [ 05:47:24 ] :: [ PASS ] :: check permission 'rename' is present (Assert: '0' should equal '0') :: [ 05:47:24 ] :: [ BEGIN ] :: Running 'sesearch -s NetworkManager_t -t etc_t -c file -T | grep "type_transition .* net_conf_t;"' type_transition NetworkManager_t etc_t:file net_conf_t; :: [ 05:47:26 ] :: [ PASS ] :: Command 'sesearch -s NetworkManager_t -t etc_t -c file -T | grep "type_transition .* net_conf_t;"' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 6s :: Assertions: 6 good, 0 bad :: RESULT: PASS (bz#1342401 + bz#1344505) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1517247 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/sbin/NetworkManager system_u:object_r:NetworkManager_exec_t:s0 :: [ 05:47:26 ] :: [ PASS ] :: Result of matchpathcon /usr/sbin/NetworkManager should contain NetworkManager_exec_t (Assert: expected 0, got 0) :: [ 05:47:27 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t openvswitch_t : unix_stream_socket { connectto } [ ]' FILTERED RULES allow NetworkManager_t openvswitch_t:unix_stream_socket connectto; :: [ 05:47:28 ] :: [ PASS ] :: check permission 'connectto' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 2s :: Assertions: 2 good, 0 bad :: RESULT: PASS (bz#1517247) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1517895 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 05:47:28 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t unlabeled_t : infiniband_pkey { access }' FILTERED RULES allow NetworkManager_t unlabeled_t:infiniband_pkey access; :: [ 05:47:30 ] :: [ PASS ] :: check permission 'access' is present (Assert: '0' should equal '0') :: [ 05:47:30 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t unlabeled_t : infiniband_endport { manage_subnet }' FILTERED RULES allow NetworkManager_t unlabeled_t:infiniband_endport manage_subnet; :: [ 05:47:31 ] :: [ PASS ] :: check permission 'manage_subnet' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 3s :: Assertions: 2 good, 0 bad :: RESULT: PASS (bz#1517895) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1078900 + bz#1209854 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/sbin/NetworkManager system_u:object_r:NetworkManager_exec_t:s0 :: [ 05:47:32 ] :: [ PASS ] :: Result of matchpathcon /usr/sbin/NetworkManager should contain NetworkManager_exec_t (Assert: expected 0, got 0) /sbin/arping system_u:object_r:bin_t:s0 /usr/bin/arping system_u:object_r:netutils_exec_t:s0 :: [ 05:47:33 ] :: [ PASS ] :: Results of matchpathcon /sbin/arping /usr/bin/arping should contain netutils_exec_t (Assert: expected 0, got 0) :: [ 05:47:33 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t netutils_exec_t : file { getattr open read execute_no_trans }' FILTERED RULES allow NetworkManager_t netutils_exec_t:file { execute execute_no_trans getattr ioctl lock map open read }; allow domain file_type:file map; [ domain_can_mmap_files ]:True :: [ 05:47:35 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 05:47:35 ] :: [ PASS ] :: check permission 'open' is present (Assert: '0' should equal '0') :: [ 05:47:35 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 05:47:35 ] :: [ PASS ] :: check permission 'execute_no_trans' is present (Assert: '0' should equal '0') :: [ 05:47:35 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t netutils_t : process { transition }' FILTERED RULES :: [ 05:47:36 ] :: [ PASS ] :: check permission 'transition' is present (Assert: '1' should equal '1') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 4s :: Assertions: 7 good, 0 bad :: RESULT: PASS (bz#1078900 + bz#1209854) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1214747 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/libexec/nm-vpnc-service system_u:object_r:bin_t:s0 :: [ 05:47:37 ] :: [ PASS ] :: Result of matchpathcon /usr/libexec/nm-vpnc-service should contain bin_t (Assert: expected 0, got 0) :: [ 05:47:37 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t kernel_t : process { signull }' FILTERED RULES allow NetworkManager_t kernel_t:process signull; :: [ 05:47:39 ] :: [ PASS ] :: check permission 'signull' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 2s :: Assertions: 2 good, 0 bad :: RESULT: PASS (bz#1214747) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1530297 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /run/systemd/resolve system_u:object_r:systemd_resolved_var_run_t:s0 :: [ 05:47:40 ] :: [ PASS ] :: Result of matchpathcon /run/systemd/resolve should contain systemd_resolved_var_run_t (Assert: expected 0, got 0) /run/systemd/resolve/resolv.conf system_u:object_r:net_conf_t:s0 :: [ 05:47:41 ] :: [ PASS ] :: Result of matchpathcon /run/systemd/resolve/resolv.conf should contain net_conf_t (Assert: expected 0, got 0) :: [ 05:47:41 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t net_conf_t : file { getattr } [ ]' FILTERED RULES allow NetworkManager_t net_conf_t:file { append create link rename setattr unlink watch watch_reads write }; allow nsswitch_domain net_conf_t:file { getattr ioctl lock open read }; :: [ 05:47:42 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 3s :: Assertions: 3 good, 0 bad :: RESULT: PASS (bz#1530297) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1747768 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/sbin/NetworkManager system_u:object_r:NetworkManager_exec_t:s0 :: [ 05:47:43 ] :: [ PASS ] :: Result of matchpathcon /usr/sbin/NetworkManager should contain NetworkManager_exec_t (Assert: expected 0, got 0) :: [ 05:47:43 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t NetworkManager_t : bluetooth_socket { create } [ deny_bluetooth ]' FILTERED RULES allow NetworkManager_t NetworkManager_t:bluetooth_socket { accept append bind connect create getattr getopt ioctl listen lock read setattr setopt shutdown write }; [ deny_bluetooth ]:False :: [ 05:47:45 ] :: [ PASS ] :: check permission 'create' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 3s :: Assertions: 2 good, 0 bad :: RESULT: PASS (bz#1747768) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1777506 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: NetworkManager_dispatcher_t is defined /usr/libexec/nm-dispatcher system_u:object_r:NetworkManager_dispatcher_exec_t:s0 :: [ 05:47:46 ] :: [ PASS ] :: Result of matchpathcon /usr/libexec/nm-dispatcher should contain NetworkManager_dispatcher_exec_t (Assert: expected 0, got 0) /usr/lib/NetworkManager/dispatcher.d system_u:object_r:NetworkManager_dispatcher_script_t:s0 :: [ 05:47:47 ] :: [ PASS ] :: Result of matchpathcon /usr/lib/NetworkManager/dispatcher.d should contain NetworkManager_dispatcher_script_t (Assert: expected 0, got 0) /usr/lib/NetworkManager/dispatcher.d/30-winbind system_u:object_r:NetworkManager_dispatcher_winbind_script_t:s0 :: [ 05:47:47 ] :: [ PASS ] :: Result of matchpathcon /usr/lib/NetworkManager/dispatcher.d/30-winbind should contain NetworkManager_dispatcher_winbind_script_t (Assert: expected 0, got 0) :: [ 05:47:47 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t NetworkManager_initrc_exec_t : file { getattr open read execute map } [ ]' FILTERED RULES allow NetworkManager_t NetworkManager_initrc_exec_t:file lock; allow NetworkManager_t init_script_file_type:file { execute getattr ioctl map open read }; :: [ 05:47:49 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 05:47:49 ] :: [ PASS ] :: check permission 'open' is present (Assert: '0' should equal '0') :: [ 05:47:49 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 05:47:49 ] :: [ PASS ] :: check permission 'execute' is present (Assert: '0' should equal '0') :: [ 05:47:49 ] :: [ PASS ] :: check permission 'map' is present (Assert: '0' should equal '0') :: [ 05:47:49 ] :: [ INFO ] :: rlSESearchRule: checking rule 'type_transition NetworkManager_t NetworkManager_initrc_exec_t : process initrc_t' FILTERED RULES type_transition NetworkManager_t NetworkManager_initrc_exec_t:process initrc_t; :: [ 05:47:51 ] :: [ PASS ] :: check permission 'initrc_t' is present (Assert: '0' should equal '0') :: [ 05:47:51 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t initrc_t : process { transition } [ ]' FILTERED RULES allow NetworkManager_t initrc_t:process { sigkill signal signull transition }; allow daemon initrc_domain:process sigchld; allow systemprocess initrc_domain:process sigchld; :: [ 05:47:52 ] :: [ PASS ] :: check permission 'transition' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 7s :: Assertions: 10 good, 0 bad :: RESULT: PASS (bz#1777506) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1781806 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/lib/systemd/system/winbind.service system_u:object_r:samba_unit_file_t:s0 :: [ 05:47:53 ] :: [ PASS ] :: Result of matchpathcon /usr/lib/systemd/system/winbind.service should contain samba_unit_file_t (Assert: expected 0, got 0) :: [ 05:47:53 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t samba_unit_file_t : service { status } [ ]' FILTERED RULES allow NetworkManager_t samba_unit_file_t:service status; :: [ 05:47:55 ] :: [ PASS ] :: check permission 'status' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 2s :: Assertions: 2 good, 0 bad :: RESULT: PASS (bz#1781806) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1806894 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/lib/systemd/system/nm-cloud-setup.service system_u:object_r:NetworkManager_unit_file_t:s0 :: [ 05:47:56 ] :: [ PASS ] :: Result of matchpathcon /usr/lib/systemd/system/nm-cloud-setup.service should contain NetworkManager_unit_file_t (Assert: expected 0, got 0) :: [ 05:47:56 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t NetworkManager_unit_file_t : file { getattr } [ ]' FILTERED RULES allow NetworkManager_t NetworkManager_unit_file_t:file { getattr ioctl lock open read }; :: [ 05:47:57 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 2s :: Assertions: 2 good, 0 bad :: RESULT: PASS (bz#1806894) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1831630 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/sbin/rfkill system_u:object_r:bin_t:s0 :: [ 05:47:58 ] :: [ PASS ] :: Result of matchpathcon /usr/sbin/rfkill should contain bin_t (Assert: expected 0, got 0) /dev/rfkill system_u:object_r:wireless_device_t:s0 :: [ 05:47:59 ] :: [ PASS ] :: Result of matchpathcon /dev/rfkill should contain wireless_device_t (Assert: expected 0, got 0) :: [ 05:47:59 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow staff_t wireless_device_t : chr_file { read write } [ ]' FILTERED RULES allow staff_usertype wireless_device_t:chr_file { append getattr ioctl lock open read write }; :: [ 05:48:01 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 05:48:01 ] :: [ PASS ] :: check permission 'write' is present (Assert: '0' should equal '0') :: [ 05:48:01 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow user_t wireless_device_t : chr_file { read write } [ ]' FILTERED RULES allow user_usertype wireless_device_t:chr_file { append getattr ioctl lock open read write }; :: [ 05:48:03 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 05:48:03 ] :: [ PASS ] :: check permission 'write' is present (Assert: '0' should equal '0') :: [ 05:48:03 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow sysadm_t wireless_device_t : chr_file { read write } [ ]' FILTERED RULES allow sysadm_t device_node:chr_file { create getattr relabelfrom relabelto rename setattr unlink }; allow sysadm_t wireless_device_t:chr_file { append ioctl lock open read write }; :: [ 05:48:04 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 05:48:04 ] :: [ PASS ] :: check permission 'write' is present (Assert: '0' should equal '0') :: [ 05:48:04 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow xguest_t wireless_device_t : chr_file { read write } [ ]' FILTERED RULES allow xguest_usertype wireless_device_t:chr_file { append getattr ioctl lock open read write }; :: [ 05:48:06 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 05:48:06 ] :: [ PASS ] :: check permission 'write' is present (Assert: '0' should equal '0') :: [ 05:48:06 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow unconfined_t wireless_device_t : chr_file { read write } [ ]' FILTERED RULES allow devices_unconfined_type device_node:chr_file { append audit_access create execute execute_no_trans getattr ioctl link lock map mounton open quotaon read relabelfrom relabelto rename setattr swapon unlink watch watch_mount watch_reads watch_sb watch_with_perm write }; :: [ 05:48:08 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 05:48:08 ] :: [ PASS ] :: check permission 'write' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 10s :: Assertions: 12 good, 0 bad :: RESULT: PASS (bz#1831630) openvpn_exec_t is NOT defined :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1598506 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/sbin/dnsmasq system_u:object_r:dnsmasq_exec_t:s0 :: [ 05:48:09 ] :: [ PASS ] :: Result of matchpathcon /usr/sbin/dnsmasq should contain dnsmasq_exec_t (Assert: expected 0, got 0) :: [ 05:48:09 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t dnsmasq_exec_t : file { map }' FILTERED RULES allow NetworkManager_t dnsmasq_exec_t:file { execute getattr ioctl map open read }; allow domain file_type:file map; [ domain_can_mmap_files ]:True :: [ 05:48:11 ] :: [ PASS ] :: check permission 'map' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 3s :: Assertions: 2 good, 0 bad :: RESULT: PASS (bz#1598506) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1723877 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 05:48:11 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t systemd_resolved_t : dbus { send_msg } [ ]' FILTERED RULES allow domain systemd_resolved_t:dbus send_msg; :: [ 05:48:12 ] :: [ PASS ] :: check permission 'send_msg' is present (Assert: '0' should equal '0') :: [ 05:48:12 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow systemd_resolved_t NetworkManager_t : dbus { send_msg } [ ]' FILTERED RULES allow systemd_resolved_t domain:dbus send_msg; :: [ 05:48:14 ] :: [ PASS ] :: check permission 'send_msg' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 3s :: Assertions: 2 good, 0 bad :: RESULT: PASS (bz#1723877) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1980000 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /etc system_u:object_r:etc_t:s0 :: [ 05:48:15 ] :: [ PASS ] :: Result of matchpathcon /etc should contain etc_t (Assert: expected 0, got 0) :: [ 05:48:15 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t etc_t : dir { watch } [ ]' FILTERED RULES allow NetworkManager_t etc_t:dir { add_name remove_name watch write }; allow domain base_file_type:dir { getattr open search }; allow domain base_ro_file_type:dir { ioctl lock read }; :: [ 05:48:17 ] :: [ PASS ] :: check permission 'watch' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 3s :: Assertions: 2 good, 0 bad :: RESULT: PASS (bz#1980000) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: RHEL-24346 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 05:48:17 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t NetworkManager_t : cap_userns { sys_ptrace } [ ]' FILTERED RULES allow NetworkManager_t NetworkManager_t:cap_userns sys_ptrace; :: [ 05:48:18 ] :: [ PASS ] :: check permission 'sys_ptrace' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 1s :: Assertions: 1 good, 0 bad :: RESULT: PASS (RHEL-24346) NetworkManager_dispatcher_t is defined :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#2149317 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/lib/NetworkManager/dispatcher.d/04-iscsi system_u:object_r:NetworkManager_dispatcher_iscsid_script_t:s0 :: [ 05:48:20 ] :: [ PASS ] :: Result of matchpathcon /usr/lib/NetworkManager/dispatcher.d/04-iscsi should contain NetworkManager_dispatcher_iscsid_script_t (Assert: expected 0, got 0) /usr/lib/NetworkManager/dispatcher.d/10-sendmail system_u:object_r:NetworkManager_dispatcher_sendmail_script_t:s0 :: [ 05:48:20 ] :: [ PASS ] :: Result of matchpathcon /usr/lib/NetworkManager/dispatcher.d/10-sendmail should contain NetworkManager_dispatcher_sendmail_script_t (Assert: expected 0, got 0) /usr/lib/NetworkManager/dispatcher.d/11-dhclient system_u:object_r:NetworkManager_dispatcher_dhclient_script_t:s0 :: [ 05:48:21 ] :: [ PASS ] :: Result of matchpathcon /usr/lib/NetworkManager/dispatcher.d/11-dhclient should contain NetworkManager_dispatcher_dhclient_script_t (Assert: expected 0, got 0) /usr/lib/NetworkManager/dispatcher.d/20-chrony-dhcp system_u:object_r:NetworkManager_dispatcher_chronyc_script_t:s0 :: [ 05:48:21 ] :: [ PASS ] :: Result of matchpathcon /usr/lib/NetworkManager/dispatcher.d/20-chrony-dhcp should contain NetworkManager_dispatcher_chronyc_script_t (Assert: expected 0, got 0) /usr/lib/NetworkManager/dispatcher.d/30-winbind system_u:object_r:NetworkManager_dispatcher_winbind_script_t:s0 :: [ 05:48:22 ] :: [ PASS ] :: Result of matchpathcon /usr/lib/NetworkManager/dispatcher.d/30-winbind should contain NetworkManager_dispatcher_winbind_script_t (Assert: expected 0, got 0) :: [ 05:48:22 ] :: [ INFO ] :: rlSESearchRule: checking rule 'dontaudit NetworkManager_dispatcher_chronyc_t nscd_t : nscd { shmempwd }' FILTERED RULES dontaudit networkmanager_dispatcher_plugin nscd_t:nscd { getserv shmemgrp shmemhost shmempwd shmemserv }; :: [ 05:48:24 ] :: [ PASS ] :: check permission 'shmempwd' is present (Assert: '0' should equal '0') :: [ 05:48:24 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_chronyc_t nscd_t : unix_stream_socket { connectto }' FILTERED RULES allow networkmanager_dispatcher_plugin nscd_t:unix_stream_socket { append bind connect connectto create getattr getopt ioctl lock read setattr setopt shutdown write }; :: [ 05:48:25 ] :: [ PASS ] :: check permission 'connectto' is present (Assert: '0' should equal '0') :: [ 05:48:25 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_chronyc_t nscd_var_run_t : file { read map }' FILTERED RULES allow domain file_type:file map; [ domain_can_mmap_files ]:True allow networkmanager_dispatcher_plugin nscd_var_run_t:file { getattr ioctl lock map open read }; :: [ 05:48:27 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 05:48:27 ] :: [ PASS ] :: check permission 'map' is present (Assert: '0' should equal '0') :: [ 05:48:27 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_chronyc_t nscd_var_run_t : sock_file { write }' FILTERED RULES allow networkmanager_dispatcher_plugin nscd_var_run_t:sock_file { append getattr open write }; :: [ 05:48:28 ] :: [ PASS ] :: check permission 'write' is present (Assert: '0' should equal '0') :: [ 05:48:28 ] :: [ INFO ] :: rlSESearchRule: checking rule 'dontaudit NetworkManager_dispatcher_cloud_t nscd_t : nscd { shmempwd }' FILTERED RULES dontaudit networkmanager_dispatcher_plugin nscd_t:nscd { getserv shmemgrp shmemhost shmempwd shmemserv }; :: [ 05:48:30 ] :: [ PASS ] :: check permission 'shmempwd' is present (Assert: '0' should equal '0') :: [ 05:48:30 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_cloud_t nscd_t : unix_stream_socket { connectto }' FILTERED RULES allow networkmanager_dispatcher_plugin nscd_t:unix_stream_socket { append bind connect connectto create getattr getopt ioctl lock read setattr setopt shutdown write }; :: [ 05:48:32 ] :: [ PASS ] :: check permission 'connectto' is present (Assert: '0' should equal '0') :: [ 05:48:32 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_cloud_t nscd_var_run_t : file { read map }' FILTERED RULES allow domain file_type:file map; [ domain_can_mmap_files ]:True allow networkmanager_dispatcher_plugin nscd_var_run_t:file { getattr ioctl lock map open read }; :: [ 05:48:33 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 05:48:33 ] :: [ PASS ] :: check permission 'map' is present (Assert: '0' should equal '0') :: [ 05:48:33 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_cloud_t nscd_var_run_t : sock_file { write }' FILTERED RULES allow networkmanager_dispatcher_plugin nscd_var_run_t:sock_file { append getattr open write }; :: [ 05:48:35 ] :: [ PASS ] :: check permission 'write' is present (Assert: '0' should equal '0') :: [ 05:48:35 ] :: [ INFO ] :: rlSESearchRule: checking rule 'dontaudit NetworkManager_dispatcher_dhclient_t nscd_t : nscd { shmempwd }' FILTERED RULES dontaudit networkmanager_dispatcher_plugin nscd_t:nscd { getserv shmemgrp shmemhost shmempwd shmemserv }; :: [ 05:48:36 ] :: [ PASS ] :: check permission 'shmempwd' is present (Assert: '0' should equal '0') :: [ 05:48:36 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_dhclient_t nscd_t : unix_stream_socket { connectto }' FILTERED RULES allow networkmanager_dispatcher_plugin nscd_t:unix_stream_socket { append bind connect connectto create getattr getopt ioctl lock read setattr setopt shutdown write }; :: [ 05:48:38 ] :: [ PASS ] :: check permission 'connectto' is present (Assert: '0' should equal '0') :: [ 05:48:38 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_dhclient_t nscd_var_run_t : file { read map }' FILTERED RULES allow domain file_type:file map; [ domain_can_mmap_files ]:True allow networkmanager_dispatcher_plugin nscd_var_run_t:file { getattr ioctl lock map open read }; :: [ 05:48:39 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 05:48:39 ] :: [ PASS ] :: check permission 'map' is present (Assert: '0' should equal '0') :: [ 05:48:40 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_dhclient_t nscd_var_run_t : sock_file { write }' FILTERED RULES allow networkmanager_dispatcher_plugin nscd_var_run_t:sock_file { append getattr open write }; :: [ 05:48:41 ] :: [ PASS ] :: check permission 'write' is present (Assert: '0' should equal '0') :: [ 05:48:41 ] :: [ INFO ] :: rlSESearchRule: checking rule 'dontaudit NetworkManager_dispatcher_iscsid_t nscd_t : nscd { shmempwd }' FILTERED RULES dontaudit networkmanager_dispatcher_plugin nscd_t:nscd { getserv shmemgrp shmemhost shmempwd shmemserv }; :: [ 05:48:43 ] :: [ PASS ] :: check permission 'shmempwd' is present (Assert: '0' should equal '0') :: [ 05:48:43 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_iscsid_t nscd_t : unix_stream_socket { connectto }' FILTERED RULES allow networkmanager_dispatcher_plugin nscd_t:unix_stream_socket { append bind connect connectto create getattr getopt ioctl lock read setattr setopt shutdown write }; :: [ 05:48:44 ] :: [ PASS ] :: check permission 'connectto' is present (Assert: '0' should equal '0') :: [ 05:48:44 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_iscsid_t nscd_var_run_t : file { read map }' FILTERED RULES allow domain file_type:file map; [ domain_can_mmap_files ]:True allow networkmanager_dispatcher_plugin nscd_var_run_t:file { getattr ioctl lock map open read }; :: [ 05:48:46 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 05:48:46 ] :: [ PASS ] :: check permission 'map' is present (Assert: '0' should equal '0') :: [ 05:48:46 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_iscsid_t nscd_var_run_t : sock_file { write }' FILTERED RULES allow networkmanager_dispatcher_plugin nscd_var_run_t:sock_file { append getattr open write }; :: [ 05:48:48 ] :: [ PASS ] :: check permission 'write' is present (Assert: '0' should equal '0') :: [ 05:48:48 ] :: [ INFO ] :: rlSESearchRule: checking rule 'dontaudit NetworkManager_dispatcher_sendmail_t nscd_t : nscd { shmempwd }' FILTERED RULES dontaudit networkmanager_dispatcher_plugin nscd_t:nscd { getserv shmemgrp shmemhost shmempwd shmemserv }; :: [ 05:48:49 ] :: [ PASS ] :: check permission 'shmempwd' is present (Assert: '0' should equal '0') :: [ 05:48:49 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_sendmail_t nscd_t : unix_stream_socket { connectto }' FILTERED RULES allow networkmanager_dispatcher_plugin nscd_t:unix_stream_socket { append bind connect connectto create getattr getopt ioctl lock read setattr setopt shutdown write }; :: [ 05:48:51 ] :: [ PASS ] :: check permission 'connectto' is present (Assert: '0' should equal '0') :: [ 05:48:51 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_sendmail_t nscd_var_run_t : file { read map }' FILTERED RULES allow domain file_type:file map; [ domain_can_mmap_files ]:True allow networkmanager_dispatcher_plugin nscd_var_run_t:file { getattr ioctl lock map open read }; :: [ 05:48:52 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 05:48:52 ] :: [ PASS ] :: check permission 'map' is present (Assert: '0' should equal '0') :: [ 05:48:52 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_sendmail_t nscd_var_run_t : sock_file { write }' FILTERED RULES allow networkmanager_dispatcher_plugin nscd_var_run_t:sock_file { append getattr open write }; :: [ 05:48:54 ] :: [ PASS ] :: check permission 'write' is present (Assert: '0' should equal '0') :: [ 05:48:54 ] :: [ INFO ] :: rlSESearchRule: checking rule 'dontaudit NetworkManager_dispatcher_winbind_t nscd_t : nscd { shmempwd }' FILTERED RULES dontaudit networkmanager_dispatcher_plugin nscd_t:nscd { getserv shmemgrp shmemhost shmempwd shmemserv }; :: [ 05:48:55 ] :: [ PASS ] :: check permission 'shmempwd' is present (Assert: '0' should equal '0') :: [ 05:48:56 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_winbind_t nscd_t : unix_stream_socket { connectto }' FILTERED RULES allow networkmanager_dispatcher_plugin nscd_t:unix_stream_socket { append bind connect connectto create getattr getopt ioctl lock read setattr setopt shutdown write }; :: [ 05:48:57 ] :: [ PASS ] :: check permission 'connectto' is present (Assert: '0' should equal '0') :: [ 05:48:57 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_winbind_t nscd_var_run_t : file { read map }' FILTERED RULES allow domain file_type:file map; [ domain_can_mmap_files ]:True allow networkmanager_dispatcher_plugin nscd_var_run_t:file { getattr ioctl lock map open read }; :: [ 05:48:59 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 05:48:59 ] :: [ PASS ] :: check permission 'map' is present (Assert: '0' should equal '0') :: [ 05:48:59 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_winbind_t nscd_var_run_t : sock_file { write }' FILTERED RULES allow networkmanager_dispatcher_plugin nscd_var_run_t:sock_file { append getattr open write }; :: [ 05:49:00 ] :: [ PASS ] :: check permission 'write' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 41s :: Assertions: 35 good, 0 bad :: RESULT: PASS (bz#2149317) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#2053640 + bz#2053641 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/libexec/nm-dispatcher system_u:object_r:NetworkManager_dispatcher_exec_t:s0 :: [ 05:49:01 ] :: [ PASS ] :: Result of matchpathcon /usr/libexec/nm-dispatcher should contain NetworkManager_dispatcher_exec_t (Assert: expected 0, got 0) /usr/lib/NetworkManager/dispatcher.d/04-iscsi system_u:object_r:NetworkManager_dispatcher_iscsid_script_t:s0 :: [ 05:49:02 ] :: [ PASS ] :: Result of matchpathcon /usr/lib/NetworkManager/dispatcher.d/04-iscsi should contain NetworkManager_dispatcher_iscsid_script_t (Assert: expected 0, got 0) /usr/lib/NetworkManager/dispatcher.d/30-winbind system_u:object_r:NetworkManager_dispatcher_winbind_script_t:s0 :: [ 05:49:02 ] :: [ PASS ] :: Result of matchpathcon /usr/lib/NetworkManager/dispatcher.d/30-winbind should contain NetworkManager_dispatcher_winbind_script_t (Assert: expected 0, got 0) :: [ 05:49:03 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_t NetworkManager_dispatcher_iscsid_script_t : file { execute } [ ]' FILTERED RULES allow NetworkManager_dispatcher_t NetworkManager_dispatcher_iscsid_script_t:file { execute map }; allow NetworkManager_dispatcher_t networkmanager_dispatcher_script:file { getattr ioctl lock open read }; :: [ 05:49:04 ] :: [ PASS ] :: check permission 'execute' is present (Assert: '0' should equal '0') :: [ 05:49:04 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_t NetworkManager_dispatcher_winbind_script_t : file { execute } [ ]' FILTERED RULES allow NetworkManager_dispatcher_t NetworkManager_dispatcher_winbind_script_t:file { execute map }; allow NetworkManager_dispatcher_t networkmanager_dispatcher_script:file { getattr ioctl lock open read }; :: [ 05:49:06 ] :: [ PASS ] :: check permission 'execute' is present (Assert: '0' should equal '0') :: [ 05:49:06 ] :: [ INFO ] :: rlSESearchRule: checking rule 'type_transition NetworkManager_dispatcher_t NetworkManager_dispatcher_iscsid_script_t : process NetworkManager_dispatcher_iscsid_t' FILTERED RULES type_transition NetworkManager_dispatcher_t NetworkManager_dispatcher_iscsid_script_t:process NetworkManager_dispatcher_iscsid_t; :: [ 05:49:08 ] :: [ PASS ] :: check permission 'NetworkManager_dispatcher_iscsid_t' is present (Assert: '0' should equal '0') :: [ 05:49:08 ] :: [ INFO ] :: rlSESearchRule: checking rule 'type_transition NetworkManager_dispatcher_t NetworkManager_dispatcher_winbind_script_t : process NetworkManager_dispatcher_winbind_t' FILTERED RULES type_transition NetworkManager_dispatcher_t NetworkManager_dispatcher_winbind_script_t:process NetworkManager_dispatcher_winbind_t; :: [ 05:49:10 ] :: [ PASS ] :: check permission 'NetworkManager_dispatcher_winbind_t' is present (Assert: '0' should equal '0') :: [ 05:49:10 ] :: [ BEGIN ] :: Running 'seinfo -a networkmanager_dispatcher_plugin -x' Type Attributes: 1 attribute networkmanager_dispatcher_plugin; NetworkManager_dispatcher_chronyc_t NetworkManager_dispatcher_cloud_t NetworkManager_dispatcher_console_t NetworkManager_dispatcher_custom_t NetworkManager_dispatcher_ddclient_t NetworkManager_dispatcher_dhclient_t NetworkManager_dispatcher_dnssec_t NetworkManager_dispatcher_iscsid_t NetworkManager_dispatcher_sendmail_t NetworkManager_dispatcher_tlp_t NetworkManager_dispatcher_winbind_t :: [ 05:49:10 ] :: [ PASS ] :: Command 'seinfo -a networkmanager_dispatcher_plugin -x' (Expected 0, got 0) :: [ 05:49:10 ] :: [ BEGIN ] :: Running 'seinfo -a networkmanager_dispatcher_script -x' Type Attributes: 1 attribute networkmanager_dispatcher_script; NetworkManager_dispatcher_chronyc_script_t NetworkManager_dispatcher_cloud_script_t NetworkManager_dispatcher_console_script_t NetworkManager_dispatcher_ddclient_script_t NetworkManager_dispatcher_dhclient_script_t NetworkManager_dispatcher_dnssec_script_t NetworkManager_dispatcher_iscsid_script_t NetworkManager_dispatcher_script_t NetworkManager_dispatcher_sendmail_script_t NetworkManager_dispatcher_tlp_script_t NetworkManager_dispatcher_winbind_script_t :: [ 05:49:10 ] :: [ PASS ] :: Command 'seinfo -a networkmanager_dispatcher_script -x' (Expected 0, got 0) :: [ 05:49:10 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t NetworkManager_dispatcher_t : dbus { send_msg } [ ]' FILTERED RULES allow NetworkManager_t NetworkManager_dispatcher_t:dbus send_msg; :: [ 05:49:12 ] :: [ PASS ] :: check permission 'send_msg' is present (Assert: '0' should equal '0') :: [ 05:49:12 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_t NetworkManager_t : dbus { send_msg } [ ]' FILTERED RULES allow NetworkManager_dispatcher_t NetworkManager_t:dbus send_msg; :: [ 05:49:13 ] :: [ PASS ] :: check permission 'send_msg' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 13s :: Assertions: 11 good, 0 bad :: RESULT: PASS (bz#2053640 + bz#2053641) NetworkManager_dispatcher_cloud_t is defined :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#2154414 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/lib/systemd/system/nm-cloud-setup.service system_u:object_r:NetworkManager_unit_file_t:s0 :: [ 05:49:14 ] :: [ PASS ] :: Result of matchpathcon /usr/lib/systemd/system/nm-cloud-setup.service should contain NetworkManager_unit_file_t (Assert: expected 0, got 0) :: [ 05:49:15 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_cloud_t NetworkManager_unit_file_t : service { start status } [ ]' FILTERED RULES allow NetworkManager_dispatcher_cloud_t NetworkManager_unit_file_t:service { start status stop }; :: [ 05:49:16 ] :: [ PASS ] :: check permission 'start' is present (Assert: '0' should equal '0') :: [ 05:49:16 ] :: [ PASS ] :: check permission 'status' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 2s :: Assertions: 3 good, 0 bad :: RESULT: PASS (bz#2154414) NetworkManager_dispatcher_iscsid_t is defined :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#2164845 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 05:49:16 ] :: [ BEGIN ] :: Running 'ls -Z /proc/cpuinfo | grep :proc_t' system_u:object_r:proc_t:s0 /proc/cpuinfo :: [ 05:49:16 ] :: [ PASS ] :: Command 'ls -Z /proc/cpuinfo | grep :proc_t' (Expected 0, got 0) :: [ 05:49:17 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_iscsid_t proc_t : file { getattr open read } [ ]' FILTERED RULES allow networkmanager_dispatcher_plugin proc_t:file { getattr ioctl lock open read }; :: [ 05:49:18 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 05:49:18 ] :: [ PASS ] :: check permission 'open' is present (Assert: '0' should equal '0') :: [ 05:49:18 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 2s :: Assertions: 4 good, 0 bad :: RESULT: PASS (bz#2164845) NetworkManager_dispatcher_sendmail_t is defined :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#2158746 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 05:49:19 ] :: [ BEGIN ] :: Running 'ls -Z /proc/cpuinfo | grep :proc_t' system_u:object_r:proc_t:s0 /proc/cpuinfo :: [ 05:49:19 ] :: [ PASS ] :: Command 'ls -Z /proc/cpuinfo | grep :proc_t' (Expected 0, got 0) :: [ 05:49:19 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_dispatcher_sendmail_t proc_t : file { getattr open read } [ ]' FILTERED RULES allow networkmanager_dispatcher_plugin proc_t:file { getattr ioctl lock open read }; :: [ 05:49:20 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 05:49:20 ] :: [ PASS ] :: check permission 'open' is present (Assert: '0' should equal '0') :: [ 05:49:20 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 1s :: Assertions: 4 good, 0 bad :: RESULT: PASS (bz#2158746) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: RHEL-83529 + RHEL-86258 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/bin/ping system_u:object_r:ping_exec_t:s0 :: [ 05:49:21 ] :: [ PASS ] :: Result of matchpathcon /usr/bin/ping should contain ping_exec_t (Assert: expected 0, got 0) :: [ 05:49:22 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow NetworkManager_t ping_exec_t : file { getattr open read map execute } [ ]' FILTERED RULES allow NetworkManager_t ping_exec_t:file { execute execute_no_trans getattr ioctl lock map open read }; :: [ 05:49:23 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 05:49:23 ] :: [ PASS ] :: check permission 'open' is present (Assert: '0' should equal '0') :: [ 05:49:23 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 05:49:23 ] :: [ PASS ] :: check permission 'map' is present (Assert: '0' should equal '0') :: [ 05:49:23 ] :: [ PASS ] :: check permission 'execute' is present (Assert: '0' should equal '0') :: [ 05:49:23 ] :: [ BEGIN ] :: Running 'service NetworkManager start' Redirecting to /bin/systemctl start NetworkManager.service :: [ 05:49:23 ] :: [ PASS ] :: Command 'service NetworkManager start' (Expected 0, got 0) :: [ 05:49:24 ] :: [ BEGIN ] :: Running 'nmcli con show lo | grep ping' connection.gateway-ping-timeout: 0 connection.ip-ping-timeout: 0 connection.ip-ping-addresses: -- connection.ip-ping-addresses-require-all:-1 (default) :: [ 05:49:24 ] :: [ PASS ] :: Command 'nmcli con show lo | grep ping' (Expected 0, got 0) :: [ 05:49:24 ] :: [ BEGIN ] :: Running 'nmcli con down lo' Connection 'lo' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1) :: [ 05:49:24 ] :: [ PASS ] :: Command 'nmcli con down lo' (Expected 0, got 0) :: [ 05:49:24 ] :: [ BEGIN ] :: Running 'nmcli con mod lo connection.ip-ping-timeout 5 connection.ip-ping-addresses 8.8.8.8 ipv4.may-fail false' :: [ 05:49:24 ] :: [ PASS ] :: Command 'nmcli con mod lo connection.ip-ping-timeout 5 connection.ip-ping-addresses 8.8.8.8 ipv4.may-fail false' (Expected 0, got 0) :: [ 05:49:24 ] :: [ BEGIN ] :: Running 'nmcli con up lo' Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4) :: [ 05:49:30 ] :: [ PASS ] :: Command 'nmcli con up lo' (Expected 0, got 0) :: [ 05:49:30 ] :: [ BEGIN ] :: Running 'nmcli con show lo | grep ping' connection.gateway-ping-timeout: 0 connection.ip-ping-timeout: 5 connection.ip-ping-addresses: 8.8.8.8 connection.ip-ping-addresses-require-all:-1 (default) :: [ 05:49:30 ] :: [ PASS ] :: Command 'nmcli con show lo | grep ping' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 9s :: Assertions: 12 good, 0 bad :: RESULT: PASS (RHEL-83529 + RHEL-86258) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Cleanup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 05:49:32 ] :: [ LOG ] :: rlSEAVCCheck: Search for AVCs, USER_AVCs, SELINUX_ERRs, and USER_SELINUX_ERRs since timestamp 'TIMESTAMP' [04/29/2025 05:45:35] :: [ 05:49:32 ] :: [ INFO ] :: rlSEAVCCheck: ignoring patterns: :: [ 05:49:32 ] :: [ INFO ] :: rlSEAVCCheck: type=USER_AVC.*received (policyload|setenforce) notice :: [ 05:49:32 ] :: [ PASS ] :: Check there are no unexpected AVCs/ERRORs (Assert: expected 0, got 0) Redirecting to /bin/systemctl status nscd.service Unit nscd.service could not be found. :: [ 05:49:32 ] :: [ WARNING ] :: rlServiceRestore: service nscd status returned 4 :: [ 05:49:32 ] :: [ WARNING ] :: rlServiceRestore: Guessing that current state of nscd is stopped :: [ 05:49:32 ] :: [ BEGIN ] :: Running 'systemctl daemon-reload' :: [ 05:49:32 ] :: [ PASS ] :: Command 'systemctl daemon-reload' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 2s :: Assertions: 2 good, 0 bad :: RESULT: PASS (Cleanup)