:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Setup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 04:58:24 ] :: [ BEGIN ] :: Running 'rlImport 'selinux-policy/common'' :: [ 04:58:24 ] :: [ INFO ] :: rlImport: Found 'selinux-policy/common', version '43' during upwards traversal :: [ 04:58:24 ] :: [ INFO ] :: rlImport: Will try to import selinux-policy/common from /root/selinux-policy/Library/common/lib.sh :: [ 04:58:24 ] :: [ INFO ] :: found dependencies: 'distribution/epel ' :: [ 04:58:24 ] :: [ INFO ] :: rlImport: Found 'distribution/epel', version '2' during upwards traversal :: [ 04:58:24 ] :: [ INFO ] :: rlImport: Will try to import distribution/epel from /root/distribution/Library/epel/lib.sh :: [ 04:58:24 ] :: [ INFO ] :: found dependencies: ' distribution/LibrariesWrapper distribution/epel-internal' :: [ 04:58:24 ] :: [ INFO ] :: rlImport: Found 'distribution/LibrariesWrapper', version '9' during upwards traversal :: [ 04:58:24 ] :: [ INFO ] :: rlImport: Will try to import distribution/LibrariesWrapper from /root/distribution/Library/LibrariesWrapper/lib.sh :: [ 04:58:24 ] :: [ INFO ] :: found dependencies: '' :: [ 04:58:24 ] :: [ INFO ] :: rlImport: Found 'distribution/epel-internal', version '3' during upwards traversal :: [ 04:58:24 ] :: [ INFO ] :: rlImport: Will try to import distribution/epel-internal from /root/distribution/Library/epel-internal/lib.sh :: [ 04:58:24 ] :: [ INFO ] :: found dependencies: '' done. done. :: [ 04:58:25 ] :: [ BEGIN ] :: Running 'rlImport distribution/LibrariesWrapper' :: [ 04:58:25 ] :: [ PASS ] :: Command 'rlImport distribution/LibrariesWrapper' (Expected 0, got 0) :: [ 04:58:25 ] :: [ INFO ] :: LibrariesWrapperImport(): library fetched already :: [ 04:58:25 ] :: [ BEGIN ] :: Running 'git checkout "master" -- "epel"' :: [ 04:58:25 ] :: [ PASS ] :: Command 'git checkout "master" -- "epel"' (Expected 0, got 0) :: [ 04:58:25 ] :: [ INFO ] :: found epel v42 from https://github.com/beakerlib/epel.git?72a1d18b541fdbd775d87bb69b57c3e018e18552#epel in /root/distribution/Library/epel/lib/epel loading library distribution/epel v42... done. :: [ 04:58:25 ] :: [ LOG ] :: Determined distro is 'rhel' :: [ 04:58:25 ] :: [ LOG ] :: Determined rhel release is '10' :: [ 04:58:25 ] :: [ LOG ] :: epel repo is accessible :: [ 04:58:25 ] :: [ LOG ] :: epel repo already present :: [ 04:58:25 ] :: [ INFO ] :: SELinux: using 'semodule -lfull' to list modules :: [ 04:58:25 ] :: [ INFO ] :: Running with policy located in /etc/selinux/targeted/policy/policy.34 :: [ 04:58:25 ] :: [ BEGIN ] :: Running 'mkdir -p /etc/skel/.{cache,config,local}' :: [ 04:58:25 ] :: [ PASS ] :: Command 'mkdir -p /etc/skel/.{cache,config,local}' (Expected 0, got 0) :: [ 04:58:25 ] :: [ LOG ] :: enriched audit log format already enabled :: [ 04:58:25 ] :: [ LOG ] :: stop the audit daemon first :: [ 04:58:25 ] :: [ BEGIN ] :: Running 'service auditd stop' Stopping logging: :: [ 04:58:25 ] :: [ PASS ] :: Command 'service auditd stop' (Expected 0, got 0) :: [ 04:58:30 ] :: [ LOG ] :: audit daemon configuration file is updated, starting the audit service Redirecting to /bin/systemctl status auditd.service Redirecting to /bin/systemctl start auditd.service :: [ 04:58:30 ] :: [ LOG ] :: rlServiceStart: Service auditd started successfully :: [ 04:58:30 ] :: [ ERROR ] :: /etc/audit/audit.rules is not updated :: [ 04:58:30 ] :: [ INFO ] :: SELinux related packages listing: :: [ 04:58:30 ] :: [ INFO ] :: checkpolicy-3.8-1.el10.x86_64 libselinux-3.8-1.el10.x86_64 libselinux-utils-3.8-1.el10.x86_64 libsemanage-3.8.1-1.el10_0.x86_64 libsepol-3.8-1.el10.x86_64 policycoreutils-3.8-1.el10.x86_64 policycoreutils-devel-3.8-1.el10.x86_64 policycoreutils-python-utils-3.8-1.el10.noarch selinux-policy-40.13.30-1.el10.noarch selinux-policy-devel-40.13.30-1.el10.noarch selinux-policy-targeted-40.13.30-1.el10.noarch setools-console-4.5.1-4.el10.x86_64 :: [ 04:58:30 ] :: [ INFO ] :: listing took 0 second(s) :: [ 04:58:31 ] :: [ INFO ] :: package 'setools-console-4.5.1-4.el10.x86_64' covers required package 'setools-console' :: [ 04:58:31 ] :: [ INFO ] :: package 'expect-5.45.4-25.el10.x86_64' covers required package 'expect' :: [ 04:58:31 ] :: [ INFO ] :: package 'policycoreutils-python-utils-3.8-1.el10.noarch' covers required package 'policycoreutils-python-utils' :: [ 04:58:31 ] :: [ INFO ] :: package 'selinux-policy-devel-40.13.30-1.el10.noarch' covers required package 'selinux-policy-devel' :: [ 04:58:31 ] :: [ INFO ] :: package 'audit-rules-4.0.3-4.el10.x86_64' covers required package 'audit-rules' :: [ 04:58:31 ] :: [ PASS ] :: Command 'rlImport 'selinux-policy/common'' (Expected 0, got 0) :: [ 04:58:31 ] :: [ BEGIN ] :: Running 'rlFileBackup --clean --namespace 'library(selinux-policy:common)' /etc/yum.repos.d/' :: [ 04:58:31 ] :: [ INFO ] :: using '/var/tmp/beakerlib-FuWD52H/backup-library(selinux-policy:common)' as backup destination :: [ 04:58:31 ] :: [ PASS ] :: Command 'rlFileBackup --clean --namespace 'library(selinux-policy:common)' /etc/yum.repos.d/' (Expected 0, got 0) :: [ 04:58:31 ] :: [ BEGIN ] :: Running 'epelyum -y --nobest --nogpgcheck install audit libselinux libselinux-utils policycoreutils selinux-policy selinux-policy-targeted /usr/sbin/service setools-console varnish jemalloc psmisc ' actually running 'yum --enablerepo epel --enablerepo epel-internal -y --nobest --nogpgcheck install audit libselinux libselinux-utils policycoreutils selinux-policy selinux-policy-targeted /usr/sbin/service setools-console varnish jemalloc psmisc' Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register. internal epel repository 13 kB/s | 2.9 kB 00:00 Package audit-4.0.3-4.el10.x86_64 is already installed. Package libselinux-3.8-1.el10.x86_64 is already installed. Package libselinux-utils-3.8-1.el10.x86_64 is already installed. Package policycoreutils-3.8-1.el10.x86_64 is already installed. Package selinux-policy-40.13.30-1.el10.noarch is already installed. Package selinux-policy-targeted-40.13.30-1.el10.noarch is already installed. Package initscripts-service-10.26-2.el10.noarch is already installed. Package setools-console-4.5.1-4.el10.x86_64 is already installed. Package varnish-7.6.1-2.el10.x86_64 is already installed. Package jemalloc-5.3.0-10.el10_1.x86_64 is already installed. Package psmisc-23.6-8.el10.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! :: [ 04:58:33 ] :: [ PASS ] :: Command 'epelyum -y --nobest --nogpgcheck install audit libselinux libselinux-utils policycoreutils selinux-policy selinux-policy-targeted /usr/sbin/service setools-console varnish jemalloc psmisc ' (Expected 0,1, got 0) :: [ 04:58:33 ] :: [ BEGIN ] :: Running 'rlFileRestore --namespace 'library(selinux-policy:common)'' :: [ 04:58:33 ] :: [ PASS ] :: Command 'rlFileRestore --namespace 'library(selinux-policy:common)'' (Expected 0, got 0) :: [ 04:58:33 ] :: [ BEGIN ] :: Running 'rm -f /etc/yum.repos.d/rlSE-3335.repo' :: [ 04:58:33 ] :: [ PASS ] :: Command 'rm -f /etc/yum.repos.d/rlSE-3335.repo' (Expected 0, got 0) :: [ 04:58:33 ] :: [ BEGIN ] :: Running 'epelyum clean expire-cache' actually running 'yum --enablerepo epel --enablerepo epel-internal clean expire-cache' Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register. Cache was expired 0 files removed :: [ 04:58:33 ] :: [ PASS ] :: Command 'epelyum clean expire-cache' (Expected 0, got 0) selinux-policy-40.13.30-1.el10.noarch :: [ 04:58:33 ] :: [ PASS ] :: Checking for the presence of selinux-policy rpm :: [ 04:58:33 ] :: [ LOG ] :: Package versions: :: [ 04:58:33 ] :: [ LOG ] :: selinux-policy-40.13.30-1.el10.noarch selinux-policy-targeted-40.13.30-1.el10.noarch :: [ 04:58:33 ] :: [ PASS ] :: Checking for the presence of selinux-policy-targeted rpm :: [ 04:58:33 ] :: [ LOG ] :: Package versions: :: [ 04:58:33 ] :: [ LOG ] :: selinux-policy-targeted-40.13.30-1.el10.noarch varnish-7.6.1-2.el10.x86_64 :: [ 04:58:33 ] :: [ PASS ] :: Checking for the presence of varnish rpm :: [ 04:58:33 ] :: [ LOG ] :: Package versions: :: [ 04:58:33 ] :: [ LOG ] :: varnish-7.6.1-2.el10.x86_64 Redirecting to /bin/systemctl status varnish.service Redirecting to /bin/systemctl status varnishncsa.service :: [ 04:58:33 ] :: [ INFO ] :: using '/var/tmp/beakerlib-FuWD52H/backup' as backup destination :: [ 04:58:33 ] :: [ BEGIN ] :: Running 'setenforce 1' :: [ 04:58:33 ] :: [ PASS ] :: Command 'setenforce 1' (Expected 0, got 0) :: [ 04:58:33 ] :: [ BEGIN ] :: Running 'id -Z' unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 :: [ 04:58:33 ] :: [ PASS ] :: Command 'id -Z' (Expected 0, got 0) :: [ 04:58:33 ] :: [ BEGIN ] :: Running 'sestatus' SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33 :: [ 04:58:34 ] :: [ PASS ] :: Command 'sestatus' (Expected 0, got 0) :: [ 04:58:34 ] :: [ BEGIN ] :: Running 'semodule --list-modules=full | grep -i disabled' :: [ 04:58:34 ] :: [ PASS ] :: Command 'semodule --list-modules=full | grep -i disabled' (Expected 0,1, got 1) :: [ 04:58:34 ] :: [ LOG ] :: rlSESetTimestamp: Setting timestamp 'TIMESTAMP' [04/30/2025 04:58:34] :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 12s :: Assertions: 17 good, 0 bad :: RESULT: PASS (Setup) varnishd_t is defined varnishd_exec_t is defined sysfs_t is defined :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1026078 + bz#1083105 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/sbin/varnishd system_u:object_r:varnishd_exec_t:s0 :: [ 04:58:37 ] :: [ PASS ] :: Result of matchpathcon /usr/sbin/varnishd should contain varnishd_exec_t (Assert: expected 0, got 0) /sys/devices/system/cpu system_u:object_r:sysfs_t:s0 :: [ 04:58:37 ] :: [ PASS ] :: Result of matchpathcon /sys/devices/system/cpu should contain sysfs_t (Assert: expected 0, got 0) /sys/devices/system/cpu/online system_u:object_r:cpu_online_t:s0 :: [ 04:58:38 ] :: [ PASS ] :: Result of matchpathcon /sys/devices/system/cpu/online should contain cpu_online_t (Assert: expected 0, got 0) :: [ 04:58:38 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow init_t varnishd_exec_t : file { getattr open read execute } ' FILTERED RULES allow domain file_type:file map; [ domain_can_mmap_files ]:True allow init_t direct_init_entry:file execute_no_trans; allow init_t file_type:file { getattr relabelfrom relabelto }; allow init_t non_security_file_type:file mounton; [ init_create_dirs ]:True allow init_t non_security_file_type:file watch; allow initrc_domain direct_init_entry:file { execute getattr map open read }; :: [ 04:58:40 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 04:58:40 ] :: [ PASS ] :: check permission 'open' is present (Assert: '0' should equal '0') :: [ 04:58:40 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 04:58:40 ] :: [ PASS ] :: check permission 'execute' is present (Assert: '0' should equal '0') :: [ 04:58:40 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow init_t varnishd_t : process { transition } ' FILTERED RULES allow init_t daemon:process siginh; allow init_t domain:process { getattr getpgid noatsecure rlimitinh setrlimit setsched sigchld sigkill signal signull sigstop }; allow initrc_domain daemon:process transition; :: [ 04:58:41 ] :: [ PASS ] :: check permission 'transition' is present (Assert: '0' should equal '0') :: [ 04:58:41 ] :: [ INFO ] :: rlSESearchRule: checking rule 'type_transition init_t varnishd_exec_t : process varnishd_t ' FILTERED RULES type_transition init_t varnishd_exec_t:process varnishd_t; :: [ 04:58:43 ] :: [ PASS ] :: check permission 'varnishd_t' is present (Assert: '0' should equal '0') :: [ 04:58:43 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow varnishd_t sysfs_t : dir { getattr open search }' FILTERED RULES allow domain sysfs_t:dir { getattr open search }; allow varnishd_t sysfs_t:dir { ioctl lock read }; :: [ 04:58:44 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 04:58:44 ] :: [ PASS ] :: check permission 'open' is present (Assert: '0' should equal '0') :: [ 04:58:44 ] :: [ PASS ] :: check permission 'search' is present (Assert: '0' should equal '0') :: [ 04:58:45 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow varnishd_t cpu_online_t : file { getattr open read }' FILTERED RULES allow domain cpu_online_t:file { getattr ioctl lock open read }; allow domain file_type:file map; [ domain_can_mmap_files ]:True :: [ 04:58:46 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 04:58:46 ] :: [ PASS ] :: check permission 'open' is present (Assert: '0' should equal '0') :: [ 04:58:46 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 10s :: Assertions: 15 good, 0 bad :: RESULT: PASS (bz#1026078 + bz#1083105) varnishd_t is defined varnishd_exec_t is defined :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1061733 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/sbin/varnishd system_u:object_r:varnishd_exec_t:s0 :: [ 04:58:47 ] :: [ PASS ] :: Result of matchpathcon /usr/sbin/varnishd should contain varnishd_exec_t (Assert: expected 0, got 0) :: [ 04:58:47 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow varnishd_t varnishd_t : capability { kill }' FILTERED RULES allow varnishd_t varnishd_t:capability { chown dac_override dac_read_search fowner fsetid ipc_lock kill net_bind_service setgid setuid sys_resource }; :: [ 04:58:49 ] :: [ PASS ] :: check permission 'kill' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 2s :: Assertions: 2 good, 0 bad :: RESULT: PASS (bz#1061733) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1102556 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/sbin/varnishd system_u:object_r:varnishd_exec_t:s0 :: [ 04:58:49 ] :: [ PASS ] :: Result of matchpathcon /usr/sbin/varnishd should contain varnishd_exec_t (Assert: expected 0, got 0) :: [ 04:58:49 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow varnishd_t varnishd_t : capability { fowner }' FILTERED RULES allow varnishd_t varnishd_t:capability { chown dac_override dac_read_search fowner fsetid ipc_lock kill net_bind_service setgid setuid sys_resource }; :: [ 04:58:51 ] :: [ PASS ] :: check permission 'fowner' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 2s :: Assertions: 2 good, 0 bad :: RESULT: PASS (bz#1102556) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1125165 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/sbin/varnishd system_u:object_r:varnishd_exec_t:s0 :: [ 04:58:52 ] :: [ PASS ] :: Result of matchpathcon /usr/sbin/varnishd should contain varnishd_exec_t (Assert: expected 0, got 0) :: [ 04:58:52 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow varnishd_t varnishd_t : capability { fsetid }' FILTERED RULES allow varnishd_t varnishd_t:capability { chown dac_override dac_read_search fowner fsetid ipc_lock kill net_bind_service setgid setuid sys_resource }; :: [ 04:58:53 ] :: [ PASS ] :: check permission 'fsetid' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 2s :: Assertions: 2 good, 0 bad :: RESULT: PASS (bz#1125165) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1600704 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/bin/varnishlog system_u:object_r:varnishlog_exec_t:s0 :: [ 04:58:54 ] :: [ PASS ] :: Result of matchpathcon /usr/bin/varnishlog should contain varnishlog_exec_t (Assert: expected 0, got 0) /var/lib/varnish system_u:object_r:varnishd_var_lib_t:s0 :: [ 04:58:54 ] :: [ PASS ] :: Result of matchpathcon /var/lib/varnish should contain varnishd_var_lib_t (Assert: expected 0, got 0) /var/lib/varnish/localhost.localdomain system_u:object_r:varnishd_var_lib_t:s0 :: [ 04:58:55 ] :: [ PASS ] :: Result of matchpathcon /var/lib/varnish/localhost.localdomain should contain varnishd_var_lib_t (Assert: expected 0, got 0) /var/lib/varnish/localhost.localdomain/_.vsm system_u:object_r:varnishd_var_lib_t:s0 :: [ 04:58:55 ] :: [ PASS ] :: Result of matchpathcon /var/lib/varnish/localhost.localdomain/_.vsm should contain varnishd_var_lib_t (Assert: expected 0, got 0) :: [ 04:58:55 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow varnishlog_t varnishd_var_lib_t : file { map }' FILTERED RULES allow domain file_type:file map; [ domain_can_mmap_files ]:True allow varnishlog_t varnishd_var_lib_t:file { getattr ioctl map open read }; :: [ 04:58:57 ] :: [ PASS ] :: check permission 'map' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 4s :: Assertions: 5 good, 0 bad :: RESULT: PASS (bz#1600704) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1579379 + bz#1582251 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/sbin/varnishd system_u:object_r:varnishd_exec_t:s0 :: [ 04:58:58 ] :: [ PASS ] :: Result of matchpathcon /usr/sbin/varnishd should contain varnishd_exec_t (Assert: expected 0, got 0) /run/dbus/system_bus_socket system_u:object_r:system_dbusd_var_run_t:s0 :: [ 04:58:58 ] :: [ PASS ] :: Result of matchpathcon /run/dbus/system_bus_socket should contain system_dbusd_var_run_t (Assert: expected 0, got 0) :: [ 04:58:58 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow varnishd_t system_dbusd_var_run_t : sock_file { write } [ ]' FILTERED RULES allow nsswitch_domain system_dbusd_var_run_t:sock_file { append getattr open write }; :: [ 04:59:00 ] :: [ PASS ] :: check permission 'write' is present (Assert: '0' should equal '0') :: [ 04:59:00 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow varnishd_t varnishd_t : capability { dac_override } [ ]' FILTERED RULES allow varnishd_t varnishd_t:capability { chown dac_override dac_read_search fowner fsetid ipc_lock kill net_bind_service setgid setuid sys_resource }; :: [ 04:59:01 ] :: [ PASS ] :: check permission 'dac_override' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 4s :: Assertions: 4 good, 0 bad :: RESULT: PASS (bz#1579379 + bz#1582251) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1584632 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 04:59:01 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow varnishd_t system_dbusd_t : dbus { send_msg } [ ]' FILTERED RULES allow nsswitch_domain system_dbusd_t:dbus send_msg; allow varnishd_t system_dbusd_t:dbus acquire_svc; :: [ 04:59:03 ] :: [ PASS ] :: check permission 'send_msg' is present (Assert: '0' should equal '0') :: [ 04:59:03 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow system_dbusd_t varnishd_t : dbus { send_msg } [ ]' FILTERED RULES allow system_dbusd_t nsswitch_domain:dbus send_msg; :: [ 04:59:05 ] :: [ PASS ] :: check permission 'send_msg' is present (Assert: '0' should equal '0') :: [ 04:59:05 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow varnishd_t init_t : dbus { send_msg } [ ]' FILTERED RULES allow nsswitch_domain init_t:dbus send_msg; :: [ 04:59:06 ] :: [ PASS ] :: check permission 'send_msg' is present (Assert: '0' should equal '0') :: [ 04:59:06 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow init_t varnishd_t : dbus { send_msg } [ ]' FILTERED RULES allow init_t nsswitch_domain:dbus send_msg; :: [ 04:59:08 ] :: [ PASS ] :: check permission 'send_msg' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 7s :: Assertions: 4 good, 0 bad :: RESULT: PASS (bz#1584632) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1605194 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/bin/varnishlog system_u:object_r:varnishlog_exec_t:s0 :: [ 04:59:09 ] :: [ PASS ] :: Result of matchpathcon /usr/bin/varnishlog should contain varnishlog_exec_t (Assert: expected 0, got 0) /var/lib/varnish system_u:object_r:varnishd_var_lib_t:s0 :: [ 04:59:09 ] :: [ PASS ] :: Result of matchpathcon /var/lib/varnish should contain varnishd_var_lib_t (Assert: expected 0, got 0) /var/lib/varnish/localhost.localdomain system_u:object_r:varnishd_var_lib_t:s0 :: [ 04:59:10 ] :: [ PASS ] :: Result of matchpathcon /var/lib/varnish/localhost.localdomain should contain varnishd_var_lib_t (Assert: expected 0, got 0) :: [ 04:59:10 ] :: [ BEGIN ] :: Running 'rlImport 'varnish/varnish'' :: [ 04:59:10 ] :: [ INFO ] :: rlImport: Found 'varnish/varnish' during upwards traversal :: [ 04:59:10 ] :: [ INFO ] :: rlImport: Will try to import varnish/varnish from /root/varnish/Library/varnish/lib.sh :: [ 04:59:10 ] :: [ INFO ] :: found dependencies: '' :: [ 04:59:10 ] :: [ INFO ] :: COLLECTIONS= :: [ 04:59:10 ] :: [ INFO ] :: varnishCOLLECTION=0 :: [ 04:59:10 ] :: [ INFO ] :: varnishCOLLECTION_NAME= :: [ 04:59:10 ] :: [ INFO ] :: varnishMAIN=varnish :: [ 04:59:10 ] :: [ INFO ] :: varnishROOTPREFIX=/var/opt/rh/ :: [ 04:59:10 ] :: [ INFO ] :: varnishCONFDIR=/etc/varnish :: [ 04:59:10 ] :: [ INFO ] :: varnishLOGDIR=/var/log/varnish varnish-7.6.1-2.el10.x86_64 :: [ 04:59:10 ] :: [ PASS ] :: Checking for the presence of varnish rpm :: [ 04:59:10 ] :: [ LOG ] :: Package versions: :: [ 04:59:10 ] :: [ LOG ] :: varnish-7.6.1-2.el10.x86_64 :: [ 04:59:10 ] :: [ PASS ] :: Command 'rlImport 'varnish/varnish'' (Expected 0, got 0) :: [ 04:59:10 ] :: [ BEGIN ] :: Running 'varnishStart' Redirecting to /bin/systemctl status varnish.service Redirecting to /bin/systemctl start varnish.service :: [ 04:59:12 ] :: [ LOG ] :: rlServiceStart: Service varnish started successfully :: [ 04:59:12 ] :: [ PASS ] :: Command 'varnishStart' (Expected 0, got 0) :: [ 04:59:12 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow varnishlog_t varnishd_var_lib_t : dir { read } [ ]' FILTERED RULES allow varnishlog_t varnishd_var_lib_t:dir { getattr ioctl lock open read search }; :: [ 04:59:13 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 04:59:13 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow varnishlog_t varnishlog_t : capability { dac_override dac_read_search }' FILTERED RULES :: [ 04:59:15 ] :: [ PASS ] :: check permission 'dac_override' is present (Assert: '1' should equal '1') :: [ 04:59:15 ] :: [ PASS ] :: check permission 'dac_read_search' is present (Assert: '1' should equal '1') :: [ 04:59:15 ] :: [ BEGIN ] :: Running 'varnishStop' Redirecting to /bin/systemctl status varnish.service Redirecting to /bin/systemctl stop varnish.service :: [ 04:59:15 ] :: [ PASS ] :: Command 'varnishStop' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 7s :: Assertions: 10 good, 0 bad :: RESULT: PASS (bz#1605194) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1730270 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/bin/varnishncsa system_u:object_r:varnishlog_exec_t:s0 :: [ 04:59:16 ] :: [ PASS ] :: Result of matchpathcon /usr/bin/varnishncsa should contain varnishlog_exec_t (Assert: expected 0, got 0) /usr/sbin/varnishd system_u:object_r:varnishd_exec_t:s0 :: [ 04:59:16 ] :: [ PASS ] :: Result of matchpathcon /usr/sbin/varnishd should contain varnishd_exec_t (Assert: expected 0, got 0) :: [ 04:59:16 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow varnishlog_t varnishd_t : process { signull } [ ]' FILTERED RULES allow varnishlog_t varnishd_t:process signull; :: [ 04:59:18 ] :: [ PASS ] :: check permission 'signull' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 3s :: Assertions: 3 good, 0 bad :: RESULT: PASS (bz#1730270) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: RHEL-77779 + RHEL-77995 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 04:59:18 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow varnishd_t varnishd_t : capability { sys_resource } [ ]' FILTERED RULES allow varnishd_t varnishd_t:capability { chown dac_override dac_read_search fowner fsetid ipc_lock kill net_bind_service setgid setuid sys_resource }; :: [ 04:59:20 ] :: [ PASS ] :: check permission 'sys_resource' is present (Assert: '0' should equal '0') :: [ 04:59:20 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow varnishd_t varnishd_t : process { setrlimit } [ ]' FILTERED RULES allow varnishd_t varnishd_t:process { execmem fork getcap getsched setrlimit sigchld sigkill signal signull sigstop }; :: [ 04:59:22 ] :: [ PASS ] :: check permission 'setrlimit' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 4s :: Assertions: 2 good, 0 bad :: RESULT: PASS (RHEL-77779 + RHEL-77995) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: real scenario -- standalone service :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 04:59:22 ] :: [ BEGIN ] :: Running 'echo redhat | passwd --stdin root' BAD PASSWORD: The password is shorter than 8 characters :: [ 04:59:22 ] :: [ PASS ] :: Command 'echo redhat | passwd --stdin root' (Expected 0, got 0) varnishd_t is defined :: [ 04:59:22 ] :: [ BEGIN ] :: Running 'service varnish start' Redirecting to /bin/systemctl start varnish.service :: [ 04:59:23 ] :: [ PASS ] :: Command 'service varnish start' (Expected 0, got 0) :: [ 04:59:24 ] :: [ BEGIN ] :: Running 'ps -efZ | grep -v " grep " | grep -E "varnishd"' system_u:system_r:varnishd_t:s0 varnish 22158 1 0 04:59 ? 00:00:00 /usr/sbin/varnishd -a :6081 -a localhost:8443,PROXY -f /etc/varnish/default.vcl -P /run/varnish/varnishd.pid -p feature=+http2 -s malloc,256m system_u:system_r:varnishd_t:s0 varnish 22179 22158 0 04:59 ? 00:00:00 /usr/sbin/varnishd -a :6081 -a localhost:8443,PROXY -f /etc/varnish/default.vcl -P /run/varnish/varnishd.pid -p feature=+http2 -s malloc,256m :: [ 04:59:24 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "varnishd"' (Expected 0, got 0) :: [ 04:59:24 ] :: [ BEGIN ] :: Running 'ps -efZ | grep -v " grep " | grep -E "varnishd_t.*varnishd"' system_u:system_r:varnishd_t:s0 varnish 22158 1 0 04:59 ? 00:00:00 /usr/sbin/varnishd -a :6081 -a localhost:8443,PROXY -f /etc/varnish/default.vcl -P /run/varnish/varnishd.pid -p feature=+http2 -s malloc,256m system_u:system_r:varnishd_t:s0 varnish 22179 22158 0 04:59 ? 00:00:00 /usr/sbin/varnishd -a :6081 -a localhost:8443,PROXY -f /etc/varnish/default.vcl -P /run/varnish/varnishd.pid -p feature=+http2 -s malloc,256m :: [ 04:59:24 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "varnishd_t.*varnishd"' (Expected 0, got 0) :: [ 04:59:26 ] :: [ BEGIN ] :: Running 'service varnish status' Redirecting to /bin/systemctl status varnish.service ● varnish.service - Varnish Cache, a high-performance HTTP accelerator Loaded: loaded (/usr/lib/systemd/system/varnish.service; disabled; preset: disabled) Active: active (running) since Wed 2025-04-30 04:59:23 EDT; 2s ago Invocation: d613d17ed51442d599bc09273731334e Process: 22156 ExecStart=/usr/sbin/varnishd -a :6081 -a localhost:8443,PROXY -f /etc/varnish/default.vcl -P /run/varnish/varnishd.pid -p feature=+http2 -s malloc,256m (code=exited, status=0/SUCCESS) Main PID: 22158 (varnishd) Tasks: 217 Memory: 89.4M (peak: 89.7M) CPU: 703ms CGroup: /system.slice/varnish.service ├─22158 /usr/sbin/varnishd -a :6081 -a localhost:8443,PROXY -f /etc/varnish/default.vcl -P /run/varnish/va… └─22179 /usr/sbin/varnishd -a :6081 -a localhost:8443,PROXY -f /etc/varnish/default.vcl -P /run/varnish/va… Apr 30 04:59:22 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 systemd[1]: Starting varnish.service - Va…... Apr 30 04:59:22 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 varnishd[22158]: Info: Working directory …ion Apr 30 04:59:22 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 varnishd[22158]: Working directory not mo…ion Apr 30 04:59:23 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 varnishd[22158]: Version: varnish-7.6.1 r…a3c Apr 30 04:59:23 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 varnishd[22158]: Platform: Linux,6.12.0-7…bit Apr 30 04:59:23 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 varnishd[22158]: Child (22179) Started Apr 30 04:59:23 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 varnishd[22158]: Child launched OK Apr 30 04:59:23 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 varnishd[22158]: Child (22179) said Child…rts Apr 30 04:59:23 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 systemd[1]: Started varnish.service - Var…or. Hint: Some lines were ellipsized, use -l to show in full. :: [ 04:59:26 ] :: [ PASS ] :: Command 'service varnish status' (Expected 0,1,3, got 0) :: [ 04:59:27 ] :: [ BEGIN ] :: Running 'restorecon -Rv /etc /var /run -e /var/ARTIFACTS' Can't stat exclude path "/var/ARTIFACTS", No such file or directory - ignoring. Relabeled /run/NetworkManager/no-stub-resolv.conf from system_u:object_r:NetworkManager_var_run_t:s0 to system_u:object_r:net_conf_t:s0 :: [ 04:59:27 ] :: [ PASS ] :: Command 'restorecon -Rv /etc /var /run -e /var/ARTIFACTS' (Expected 0-255, got 0) :: [ 04:59:27 ] :: [ BEGIN ] :: Running 'service varnish restart' Redirecting to /bin/systemctl restart varnish.service :: [ 04:59:28 ] :: [ PASS ] :: Command 'service varnish restart' (Expected 0, got 0) :: [ 04:59:30 ] :: [ BEGIN ] :: Running 'ps -efZ | grep -v " grep " | grep -E "varnishd"' system_u:system_r:varnishd_t:s0 varnish 23073 1 0 04:59 ? 00:00:00 /usr/sbin/varnishd -a :6081 -a localhost:8443,PROXY -f /etc/varnish/default.vcl -P /run/varnish/varnishd.pid -p feature=+http2 -s malloc,256m system_u:system_r:varnishd_t:s0 varnish 23094 23073 0 04:59 ? 00:00:00 /usr/sbin/varnishd -a :6081 -a localhost:8443,PROXY -f /etc/varnish/default.vcl -P /run/varnish/varnishd.pid -p feature=+http2 -s malloc,256m :: [ 04:59:30 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "varnishd"' (Expected 0, got 0) :: [ 04:59:30 ] :: [ BEGIN ] :: Running 'ps -efZ | grep -v " grep " | grep -E "varnishd_t.*varnishd"' system_u:system_r:varnishd_t:s0 varnish 23073 1 0 04:59 ? 00:00:00 /usr/sbin/varnishd -a :6081 -a localhost:8443,PROXY -f /etc/varnish/default.vcl -P /run/varnish/varnishd.pid -p feature=+http2 -s malloc,256m system_u:system_r:varnishd_t:s0 varnish 23094 23073 0 04:59 ? 00:00:00 /usr/sbin/varnishd -a :6081 -a localhost:8443,PROXY -f /etc/varnish/default.vcl -P /run/varnish/varnishd.pid -p feature=+http2 -s malloc,256m :: [ 04:59:30 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "varnishd_t.*varnishd"' (Expected 0, got 0) :: [ 04:59:31 ] :: [ BEGIN ] :: Running 'service varnish status' Redirecting to /bin/systemctl status varnish.service ● varnish.service - Varnish Cache, a high-performance HTTP accelerator Loaded: loaded (/usr/lib/systemd/system/varnish.service; disabled; preset: disabled) Active: active (running) since Wed 2025-04-30 04:59:28 EDT; 2s ago Invocation: 90c1ddeef62e460ab01912dff1871134 Process: 23071 ExecStart=/usr/sbin/varnishd -a :6081 -a localhost:8443,PROXY -f /etc/varnish/default.vcl -P /run/varnish/varnishd.pid -p feature=+http2 -s malloc,256m (code=exited, status=0/SUCCESS) Main PID: 23073 (varnishd) Tasks: 217 Memory: 90M (peak: 90.2M) CPU: 707ms CGroup: /system.slice/varnish.service ├─23073 /usr/sbin/varnishd -a :6081 -a localhost:8443,PROXY -f /etc/varnish/default.vcl -P /run/varnish/va… └─23094 /usr/sbin/varnishd -a :6081 -a localhost:8443,PROXY -f /etc/varnish/default.vcl -P /run/varnish/va… Apr 30 04:59:28 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 systemd[1]: Starting varnish.service - Va…... Apr 30 04:59:28 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 varnishd[23073]: Info: Working directory …ion Apr 30 04:59:28 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 varnishd[23073]: Working directory not mo…ion Apr 30 04:59:28 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 varnishd[23073]: Version: varnish-7.6.1 r…a3c Apr 30 04:59:28 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 varnishd[23073]: Platform: Linux,6.12.0-7…bit Apr 30 04:59:28 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 varnishd[23073]: Child (23094) Started Apr 30 04:59:28 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 varnishd[23073]: Child launched OK Apr 30 04:59:28 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 varnishd[23073]: Child (23094) said Child…rts Apr 30 04:59:28 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 systemd[1]: Started varnish.service - Var…or. Hint: Some lines were ellipsized, use -l to show in full. :: [ 04:59:31 ] :: [ PASS ] :: Command 'service varnish status' (Expected 0,1,3, got 0) system_u:object_r:varnishlog_exec_t:s0 /usr/bin/varnishncsa :: [ 04:59:33 ] :: [ BEGIN ] :: Running 'service varnishncsa start' Redirecting to /bin/systemctl start varnishncsa.service :: [ 04:59:33 ] :: [ PASS ] :: Command 'service varnishncsa start' (Expected 0, got 0) :: [ 04:59:34 ] :: [ BEGIN ] :: Running 'ps -efZ | grep -v " grep " | grep -E "varnishncsa"' system_u:system_r:varnishlog_t:s0 varnish 23895 1 0 04:59 ? 00:00:00 /usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log -D :: [ 04:59:34 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "varnishncsa"' (Expected 0, got 0) :: [ 04:59:34 ] :: [ BEGIN ] :: Running 'ps -efZ | grep -v " grep " | grep -E "varnishlog_t.*varnishncsa"' system_u:system_r:varnishlog_t:s0 varnish 23895 1 0 04:59 ? 00:00:00 /usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log -D :: [ 04:59:34 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "varnishlog_t.*varnishncsa"' (Expected 0, got 0) :: [ 04:59:35 ] :: [ BEGIN ] :: Running 'service varnishncsa status' Redirecting to /bin/systemctl status varnishncsa.service ● varnishncsa.service - Varnish Cache HTTP accelerator NCSA logging daemon Loaded: loaded (/usr/lib/systemd/system/varnishncsa.service; disabled; preset: disabled) Active: active (running) since Wed 2025-04-30 04:59:33 EDT; 2s ago Invocation: 3340134b2c624b5c93bb277595b6156e Process: 23893 ExecStart=/usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log -D (code=exited, status=0/SUCCESS) Main PID: 23895 (varnishncsa) Tasks: 1 (limit: 10681) Memory: 288K (peak: 3.5M) CPU: 26ms CGroup: /system.slice/varnishncsa.service └─23895 /usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log -D Apr 30 04:59:33 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 systemd[1]: Starting varnishncsa.service …... Apr 30 04:59:33 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 systemd[1]: Started varnishncsa.service -…on. Hint: Some lines were ellipsized, use -l to show in full. :: [ 04:59:35 ] :: [ PASS ] :: Command 'service varnishncsa status' (Expected 0,1,3, got 0) :: [ 04:59:37 ] :: [ BEGIN ] :: Running 'service varnishncsa restart' Redirecting to /bin/systemctl restart varnishncsa.service :: [ 04:59:37 ] :: [ PASS ] :: Command 'service varnishncsa restart' (Expected 0, got 0) :: [ 04:59:39 ] :: [ BEGIN ] :: Running 'ps -efZ | grep -v " grep " | grep -E "varnishncsa"' system_u:system_r:varnishlog_t:s0 varnish 24479 1 0 04:59 ? 00:00:00 /usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log -D :: [ 04:59:39 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "varnishncsa"' (Expected 0, got 0) :: [ 04:59:39 ] :: [ BEGIN ] :: Running 'ps -efZ | grep -v " grep " | grep -E "varnishlog_t.*varnishncsa"' system_u:system_r:varnishlog_t:s0 varnish 24479 1 0 04:59 ? 00:00:00 /usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log -D :: [ 04:59:39 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "varnishlog_t.*varnishncsa"' (Expected 0, got 0) :: [ 04:59:40 ] :: [ BEGIN ] :: Running 'service varnishncsa status' Redirecting to /bin/systemctl status varnishncsa.service ● varnishncsa.service - Varnish Cache HTTP accelerator NCSA logging daemon Loaded: loaded (/usr/lib/systemd/system/varnishncsa.service; disabled; preset: disabled) Active: active (running) since Wed 2025-04-30 04:59:37 EDT; 2s ago Invocation: 48220a0426a54251ba81abcca62ed76f Process: 24477 ExecStart=/usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log -D (code=exited, status=0/SUCCESS) Main PID: 24479 (varnishncsa) Tasks: 1 (limit: 10681) Memory: 284K (peak: 3.4M) CPU: 22ms CGroup: /system.slice/varnishncsa.service └─24479 /usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log -D Apr 30 04:59:37 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 systemd[1]: Starting varnishncsa.service …... Apr 30 04:59:37 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 systemd[1]: Started varnishncsa.service -…on. Hint: Some lines were ellipsized, use -l to show in full. :: [ 04:59:40 ] :: [ PASS ] :: Command 'service varnishncsa status' (Expected 0,1,3, got 0) :: [ 04:59:42 ] :: [ BEGIN ] :: Running 'service varnishncsa stop' Redirecting to /bin/systemctl stop varnishncsa.service :: [ 04:59:42 ] :: [ PASS ] :: Command 'service varnishncsa stop' (Expected 0, got 0) :: [ 04:59:43 ] :: [ BEGIN ] :: Running 'service varnishncsa status' Redirecting to /bin/systemctl status varnishncsa.service ○ varnishncsa.service - Varnish Cache HTTP accelerator NCSA logging daemon Loaded: loaded (/usr/lib/systemd/system/varnishncsa.service; disabled; preset: disabled) Active: inactive (dead) Apr 30 04:59:33 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 systemd[1]: Starting varnishncsa.service …... Apr 30 04:59:33 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 systemd[1]: Started varnishncsa.service -…on. Apr 30 04:59:37 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 systemd[1]: Stopping varnishncsa.service …... Apr 30 04:59:37 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 systemd[1]: varnishncsa.service: Deactiva…ly. Apr 30 04:59:37 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 systemd[1]: Stopped varnishncsa.service -…on. Apr 30 04:59:37 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 systemd[1]: Starting varnishncsa.service …... Apr 30 04:59:37 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 systemd[1]: Started varnishncsa.service -…on. Apr 30 04:59:42 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 systemd[1]: Stopping varnishncsa.service …... Apr 30 04:59:42 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 systemd[1]: varnishncsa.service: Deactiva…ly. Apr 30 04:59:42 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 systemd[1]: Stopped varnishncsa.service -…on. Hint: Some lines were ellipsized, use -l to show in full. :: [ 04:59:43 ] :: [ PASS ] :: Command 'service varnishncsa status' (Expected 0,1,3, got 3) :: [ 04:59:45 ] :: [ BEGIN ] :: Running 'service varnish stop' Redirecting to /bin/systemctl stop varnish.service :: [ 04:59:45 ] :: [ PASS ] :: Command 'service varnish stop' (Expected 0, got 0) :: [ 04:59:47 ] :: [ BEGIN ] :: Running 'service varnish status' Redirecting to /bin/systemctl status varnish.service ○ varnish.service - Varnish Cache, a high-performance HTTP accelerator Loaded: loaded (/usr/lib/systemd/system/varnish.service; disabled; preset: disabled) Active: inactive (dead) Apr 30 04:59:45 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 varnishd[23073]: Manager got SIGTERM Apr 30 04:59:45 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 varnishd[23073]: Stopping Child Apr 30 04:59:45 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 varnishd[23073]: Child (23094) said Child…ies Apr 30 04:59:45 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 varnishd[23073]: Child (23094) ended Apr 30 04:59:45 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 varnishd[23073]: Child cleanup complete Apr 30 04:59:45 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 varnishd[23073]: manager stopping child Apr 30 04:59:45 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 varnishd[23073]: manager dies Apr 30 04:59:45 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 systemd[1]: varnish.service: Deactivated …ly. Apr 30 04:59:45 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 systemd[1]: Stopped varnish.service - Var…or. Apr 30 04:59:45 prereserve-1mt-rhel-10.1-20250428.2-20439-2025-04-30-08-47 systemd[1]: varnish.service: Consumed 720…ak. Hint: Some lines were ellipsized, use -l to show in full. :: [ 04:59:47 ] :: [ PASS ] :: Command 'service varnish status' (Expected 0,1,3, got 3) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 26s :: Assertions: 22 good, 0 bad :: RESULT: PASS (real scenario -- standalone service) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Cleanup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 04:59:50 ] :: [ LOG ] :: rlSEAVCCheck: Search for AVCs, USER_AVCs, SELINUX_ERRs, and USER_SELINUX_ERRs since timestamp 'TIMESTAMP' [04/30/2025 04:58:34] :: [ 04:59:50 ] :: [ INFO ] :: rlSEAVCCheck: ignoring patterns: :: [ 04:59:50 ] :: [ INFO ] :: rlSEAVCCheck: type=USER_AVC.*received (policyload|setenforce) notice :: [ 04:59:50 ] :: [ PASS ] :: Check there are no unexpected AVCs/ERRORs (Assert: expected 0, got 0) Redirecting to /bin/systemctl status varnish.service Redirecting to /bin/systemctl status varnishncsa.service :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 2s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Cleanup)