type=ADD_GROUP msg=audit(1651773419.122:2456): pid=30157 uid=0 auid=0 ses=7 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-group id=994 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success'
type=ADD_USER msg=audit(1651773419.152:2458): pid=30162 uid=0 auid=0 ses=7 subj=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 msg='op=add-user id=997 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'
# type=ANOM_ABEND msg=audit(3.000:4): auid=1001 uid=1001 gid=1001 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=30869 comm="exe" exe="/opt/bluejeans/bluejeans-bin" sig=11
type=CONFIG_CHANGE msg=audit(1628779616.468:100): op=set audit_pid=534 old=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=1AUID="unset"
 type=SYSCALL msg=audit(1628779616.468:100): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffd56716a40 a2=3c a3=0 items=0 ppid=531 pid=534 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditd" exe="/usr/sbin/auditd" subj=system_u:system_r:auditd_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
 type=PROCTITLE msg=audit(1628779616.468:100): proctitle="/sbin/auditd"
# type=AVC msg=audit(1646685688.464:1407): avc:  denied  { execmod } for  pid=341110 comm="stress-ng" path="/opt/stress-ng/stress-ng" dev="dm-0" ino=68621650 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file permissive=0
#  type=SYSCALL msg=audit(1646685688.464:1407): arch=c000003e syscall=10 success=no exit=-13 a0=585000 a1=1000 a2=5 a3=7f3538d082d0 items=0 ppid=341109 pid=341110 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=8 comm="stress-ng" exe="/opt/stress-ng/stress-ng" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=mprotect AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
#  type=PROCTITLE msg=audit(1646685688.464:1407): proctitle=7374726573732D6E672D696361636865205B72756E5D00002E
type=BPF msg=audit(1651747424.165:65): prog-id=33 op=LOAD
 type=SYSCALL msg=audit(1651747424.165:65): arch=c000003e syscall=321 success=yes exit=8 a0=5 a1=7ffc60179a70 a2=78 a3=7ffc60179a70 items=0 ppid=1 pid=929 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=bpf AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
 type=PROCTITLE msg=audit(1651747424.165:65): proctitle=2F7573722F6C69622F73797374656D642F73797374656D64002D2D75736572
type=CRED_ACQ msg=audit(1651773661.082:2750): pid=6361 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=CRED_DISP msg=audit(1651773661.112:2754): pid=6361 uid=0 auid=0 ses=9 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=CRED_REFR msg=audit(1651773661.092:2753): pid=6361 uid=0 auid=0 ses=9 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=CRYPTO_KEY_USER msg=audit(1603812053.531:1466): pid=4903 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:7b:93:19:7c:43:f6:ca:70:9f:58:60:28:76:9b:24:b2:4c:39:bb:1a:a0:25:f7:92:10:4b:99:88:63:9f:fc:a9 direction=? spid=4903 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1651763413.462:51): pid=3296 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-gcm@openssh.com ksize=256 mac=<implicit> pfs=curve25519-sha256 spid=3301 suid=74 rport=58286 laddr=10.0.139.94 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.43.12.115 terminal=? res=success'
type=CWD msg=audit(1651742054.475:1051): cwd="/tmp/tmp.nuwWMk2SUE"
 type=SYSCALL msg=audit(1651742054.475:1051): arch=c000003e syscall=257 success=yes exit=3 a0=ffffff9c a1=563f00f4f170 a2=441 a3=1b6 items=2 ppid=22170 pid=34761 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=11 comm="test.sh" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=openat AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
 type=PATH msg=audit(1651742054.475:1051): item=0 name="/etc/" inode=2097281 dev=fd:01 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
 type=PATH msg=audit(1651742054.475:1051): item=1 name="/etc/shadow" inode=2469767 dev=fd:01 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shadow_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
 type=PROCTITLE msg=audit(1651742054.475:1051): proctitle=2F62696E2F62617368002E2F746573742E7368
# type=DAEMON_START msg=audit(1651747774.162:3750): op=start ver=3.0.7 format=enriched kernel=5.14.0-80.el9.x86_64 auid=4294967295 pid=13996 uid=0 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=successAUID="unset" UID="root"
# type=DAEMON_CONFIG msg=audit(1651747774.477:3750): op=reconfigure state=changed auid=0 pid=14186 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=successAUID="root"
# type=DAEMON_END msg=audit(1651747784.751:3751): op=terminate auid=0 pid=14385 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=successAUID="root"
# type=DAEMON_RESUME msg=audit(1651747879.223:2202): op=resume-logging auid=0 pid=20306 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=successAUID="root"
# type=DAEMON_ROTATE msg=audit(1651749983.000:7813): op=rotate-logs auid=0 pid=163963 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=successAUID="root"
type=DEL_GROUP msg=audit(1651773480.132:2643): pid=32475 uid=0 auid=0 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=delete-group id=1000 exe="/usr/sbin/groupdel" hostname=? addr=? terminal=? res=success'
type=DEL_USER msg=audit(1651773482.152:2645): pid=32482 uid=0 auid=0 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=delete-user id=1000 exe="/usr/sbin/userdel" hostname=? addr=? terminal=? res=success'
# type=FS_RELABEL msg=audit(1603812076.111:1542): pid=4983 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=mass relabel exe="/usr/sbin/setfiles" hostname=? addr=? terminal=? res=success'
type=GRP_CHAUTHTOK msg=audit(1651773461.132:2624): pid=31391 uid=0 auid=0 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=change-password grp="group15619" acct="root" exe="/usr/bin/gpasswd" hostname=ci-vm-10-0-139-94.hosted.upshift.rdu2.redhat.com addr=? terminal=pts/1 res=success'
type=GRP_MGMT msg=audit(1651773419.122:2457): pid=30157 uid=0 auid=0 ses=7 subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 msg='op=add-shadow-group id=994 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success'
# type=LOGIN msg=audit(1651773661.082:2751): pid=6361 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=9 res=1
type=MAC_CONFIG_CHANGE msg=audit(1646755230.873:1668): bool=virt_use_nfs val=1 old_val=0 auid=0 ses=10AUID="root"
 type=SYSCALL msg=audit(1646755230.873:1668): arch=c000003e syscall=1 success=yes exit=2 a0=4 a1=7ffcb893e35e a2=2 a3=0 items=0 ppid=1282977 pid=1282978 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=10 comm="setsebool" exe="/usr/sbin/setsebool" subj=unconfined_u:unconfined_r:setsebool_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
 type=PROCTITLE msg=audit(1646755230.873:1668): proctitle=2F7573722F7362696E2F7365747365626F6F6C002D50002D4E00766972745F7573655F6E66733D3100766972745F73616E64626F785F7573655F616C6C5F636170733D31
# type=MQ_OPEN msg=audit(1651750004.283:75950): oflag=0xc0 mode=0 mq_flags=0x0 mq_maxmsg=0 mq_msgsize=0 mq_curmsgs=0
#  type=SYSCALL msg=audit(1651750004.283:75950): arch=c000003e syscall=240 success=yes exit=3 a0=7ffdbc48b5a5 a1=c0 a2=0 a3=0 items=2 ppid=165616 pid=166394 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=46 comm="do_mq_open" exe="/var/tmp/tmt/run-008/plans/default/discover/default/tests/Sanity/syscalls-smoke/do_mq_open" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=mq_open AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
#  type=CWD msg=audit(1651750004.283:75950): cwd="/var/tmp/tmt/run-008/plans/default/discover/default/tests/Sanity/syscalls-smoke"
#  type=PATH msg=audit(1651750004.283:75950): item=0 name="test" inode=446332 dev=00:13 mode=0100000 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
#  type=PROCTITLE msg=audit(1651750004.283:75950): proctitle=2E2F646F5F6D715F6F70656E002F74657374006372656174653A72647772
type=ROLE_ASSIGN msg=audit(1651773446.462:2612): pid=30911 uid=0 auid=0 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login-sename,role,range acct="user9827" old-seuser=? old-role=? old-range=? new-seuser=staff_u new-role=staff_r,sysadm_r,system_r,unconfined_r new-range=s0-s0:c0.c1023 exe="/usr/bin/python2.7" hostname=? addr=? terminal=? res=success'
# type=MAC_POLICY_LOAD msg=audit(1651773446.742:2613): policy loaded auid=0 ses=7
#  type=SYSCALL msg=audit(1651773446.742:2613): arch=c000003e syscall=1 success=yes exit=3851447 a0=4 a1=7fb2c8111000 a2=3ac4b7 a3=7ffd3e8c5aa0 items=0 ppid=30911 pid=30915 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=7 comm="load_policy" exe="/usr/sbin/load_policy" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
#  type=PROCTITLE msg=audit(1651773446.742:2613): proctitle="/sbin/load_policy"
type=ROLE_REMOVE msg=audit(1651773449.752:2615): pid=30971 uid=0 auid=0 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login acct="user9827" old-seuser=staff_u old-role=staff_r,sysadm_r,system_r,unconfined_r old-range=s0-s0:c0.c1023 new-seuser=? new-role=? new-range=? exe="/usr/bin/python2.7" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1651773509.192:2705): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1603812147.351:1595): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhel-dmesg comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
# type=SOCKADDR msg=audit(1651742056.136:1062): saddr=100000000000000000000000SADDR={ saddr_fam=netlink nlnk-fam=16 nlnk-pid=0 }
#  type=SYSCALL msg=audit(1651742056.136:1062): arch=c000003e syscall=44 success=yes exit=60 a0=3 a1=7ffcbf25d8d0 a2=3c a3=0 items=0 ppid=35953 pid=35954 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditd" exe="/usr/sbin/auditd" subj=system_u:system_r:auditd_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendto AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
#  type=PROCTITLE msg=audit(1651742056.136:1062): proctitle="/sbin/auditd"
type=SOFTWARE_UPDATE msg=audit(1651763441.922:391): pid=11240 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='sw="mailx-12.5-19.el7.x86_64" sw_type=rpm key_enforce=0 gpg_res=0 root_dir="/" comm="yum" exe="/usr/bin/python2.7" hostname=? addr=? terminal=? res=success'
# type=SYSTEM_BOOT msg=audit(1651763407.480:8): pid=1651 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'
type=SYSTEM_RUNLEVEL msg=audit(1651763413.462:53): pid=3317 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='old-level=N new-level=3 comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'
# type=SYSTEM_SHUTDOWN msg=audit(1627975721.288:1384): pid=21188 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
# type=TIME_ADJNTPVAL msg=audit(1598448535.494:975): op=freq old=340724940800000 new=341161345024000
#  type=SYSCALL msg=audit(1598448535.494:975): arch=c000003e syscall=159 success=yes exit=0 a0=7ffca5624fa0 a1=0 a2=2710 a3=ec997922887af items=0 ppid=1 pid=837 auid=4294967295 uid=995 gid=992 euid=995 suid=995 fsuid=995 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm="chronyd" exe="/usr/sbin/chronyd" subj=system_u:system_r:chronyd_t:s0 key=(null)ARCH=x86_64 SYSCALL=adjtimex AUID="unset" UID="chrony" GID="chrony" EUID="chrony" SUID="chrony" FSUID="chrony" EGID="chrony" SGID="chrony" FSGID="chrony"
#  type=PROCTITLE msg=audit(1598448535.494:975): proctitle="/usr/sbin/chronyd"
type=USER msg=audit(1651773514.212:2706): pid=3031 uid=0 auid=0 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='LOCAL0 test exe="/usr/sbin/auditctl" hostname=? addr=? terminal=? res=success'
type=USER_ACCT msg=audit(1651773661.082:2749): pid=6361 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_access,pam_unix,pam_localuser acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=USER_AUTH msg=audit(1651763414.142:56): pid=3296 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=58286 acct="root" exe="/usr/sbin/sshd" hostname=? addr=10.43.12.115 terminal=? res=success'
# type=USER_AVC msg=audit(1651773447.362:2614): pid=1725 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  received policyload notice (seqno=2)  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
# type=USER_CHAUTHTOK msg=audit(1651773452.732:2618): pid=31031 uid=0 auid=0 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=updating-password id=1000 exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success'
type=USER_END msg=audit(1651773661.112:2755): pid=6361 uid=0 auid=0 ses=9 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=USER_ERR msg=audit(1651773281.952:2237): pid=29956 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:bad_ident grantors=? acct="?" exe="/usr/sbin/sshd" hostname=10.43.12.115 addr=10.43.12.115 terminal=ssh res=failed'
type=USER_LOGIN msg=audit(1603812053.531:1464): pid=11942 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=10.40.208.5 addr=10.40.208.5 terminal=ssh res=success'
type=USER_LOGOUT msg=audit(1603812053.121:1463): pid=11942 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/usr/sbin/sshd" hostname=10.40.208.5 addr=10.40.208.5 terminal=ssh res=success'
type=USER_MGMT msg=audit(1651773441.232:2610): pid=30721 uid=0 auid=0 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=add-home-dir id=1000 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'
type=USER_ROLE_CHANGE msg=audit(1651763414.212:63): pid=3296 uid=0 auid=0 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=10.43.12.115 addr=10.43.12.115 terminal=ssh res=success'
type=USER_START msg=audit(1651773661.092:2752): pid=6361 uid=0 auid=0 ses=9 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=VIRT_CONTROL msg=audit(1648128277.363:701): pid=6154 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm op=start reason=booted vm="bz1878892-vm" uuid=57ad178f-f744-450a-9db4-030fa3a35a89 vm-pid=6942 exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=VIRT_MACHINE_ID msg=audit(1648128276.703:679): pid=6154 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm vm="bz1878892-vm" uuid=57ad178f-f744-450a-9db4-030fa3a35a89 vm-ctx=system_u:system_r:svirt_t:s0:c356,c652 img-ctx=system_u:object_r:svirt_image_t:s0:c356,c652 model=selinux exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=VIRT_RESOURCE msg=audit(1648128276.788:683): pid=6154 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm resrc=net reason=open vm="bz1878892-vm" uuid=57ad178f-f744-450a-9db4-030fa3a35a89 net=52:54:00:08:99:f5 path="/dev/net/tun" rdev=0A:C8 exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
# type=TIME_INJOFFSET msg=audit(757094400.123:1072): sec=894649447 nsec=550082880
#  type=SYSCALL msg=audit(757094400.123:1072): arch=c000003e syscall=164 success=yes exit=0 a0=7ffe10d9b110 a1=0 a2=7f9ada5eddfd a3=0 items=0 ppid=10171 pid=10180 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=14 comm="test_settime" exe="/var/tmp/tmt/run-008/plans/default/discover/default/tests/Sanity/audit-testsuite/audit-testsuite/tests/time_change/test_settime" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="testsuite-1651743847-DwTZTnDD"ARCH=x86_64 SYSCALL=settimeofday AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
#  type=PROCTITLE msg=audit(757094400.123:1072): proctitle=74696D655F6368616E67652F746573745F73657474696D650073657474696D656F666461790037353730393434303000313233343536
type=NETFILTER_CFG msg=audit(1651743847.115:772): table=filter:2 family=2 entries=3 op=nft_register_chain pid=10047 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 comm="iptables"
 type=SYSCALL msg=audit(1651743847.115:772): arch=c000003e syscall=46 success=yes exit=540 a0=3 a1=7ffcf0821c50 a2=0 a3=7ffcf0821c3c items=0 ppid=10040 pid=10047 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=14 comm="iptables" exe="/usr/sbin/xtables-nft-multi" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=sendmsg AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
 type=PROCTITLE msg=audit(1651743847.115:772): proctitle=69707461626C6573002D4900494E505554002D69006C6F002D700069636D70002D2D69636D702D74797065006563686F2D72657175657374002D6A004155444954002D2D7479706500616363657074
# type=NETFILTER_PKT msg=audit(1651743847.194:784): mark=0xaec0ff52 saddr=127.0.0.1 daddr=127.0.0.1 proto=1
# type=KERN_MODULE msg=audit(1651743847.452:1060): name="arp_tables"
#  type=SYSCALL msg=audit(1651743847.452:1060): arch=c000003e syscall=175 success=yes exit=0 a0=55a300eb23d0 a1=9ab0 a2=55a300957962 a3=5 items=0 ppid=10130 pid=10131 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=14 comm="modprobe" exe="/usr/bin/kmod" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="testsuite-1651743847-ZNugVyCm-load"ARCH=x86_64 SYSCALL=init_module AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
#  type=PROCTITLE msg=audit(1651743847.452:1060): proctitle=6D6F6470726F6265006172705F7461626C6573
type=FANOTIFY msg=audit(1651743851.566:1192): resp=1
 type=SYSCALL msg=audit(1651743851.566:1192): arch=c000003e syscall=257 success=yes exit=5 a0=ffffff9c a1=564185bcc840 a2=80241 a3=1b6 items=2 ppid=9577 pid=10477 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=14 comm="perl" exe="/usr/bin/perl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="testsuite-1651743848-UrMNDIoN"ARCH=x86_64 SYSCALL=openat AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
 type=CWD msg=audit(1651743851.566:1192): cwd="/var/tmp/tmt/run-008/plans/default/discover/default/tests/Sanity/audit-testsuite/audit-testsuite/tests"
 type=PATH msg=audit(1651743851.566:1192): item=0 name="/tmp/" inode=132 dev=fd:01 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
 type=PATH msg=audit(1651743851.566:1192): item=1 name="/tmp/testsuite-1651743848-UrMNDIoN" inode=145164 dev=fd:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
 type=PROCTITLE msg=audit(1651743851.566:1192): proctitle=2F7573722F62696E2F7065726C002D770066616E6F746966792F74657374
type=FEATURE_CHANGE msg=audit(1651773876.972:2836):  ppid=12457 pid=12459 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=7 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 feature=loginuid_immutable old=0 new=1 old_lock=0 new_lock=1 res=1
type=EXECVE msg=audit(1651773964.709:223): argc=1 a0="date"
 type=SYSCALL msg=audit(1651773964.709:223): arch=c000003e syscall=59 success=yes exit=0 a0=1e6cf90 a1=1e75b50 a2=1e7a050 a3=7ffde156e6e0 items=2 ppid=5663 pid=6336 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="date" exe="/usr/bin/date" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="watch-date"
 type=CWD msg=audit(1651773964.709:223): cwd="/tmp/tmp.MDlxYCUqGj"
 type=PATH msg=audit(1651773964.709:223): item=0 name="/usr/bin/date" inode=4441711 dev=fd:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
 type=PATH msg=audit(1651773964.709:223): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=6343206 dev=fd:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
 type=PROCTITLE msg=audit(1651773964.709:223): proctitle="date"
# node=ci-vm-10-0-139-94.hosted.upshift.rdu2.redhat.com type=FD_PAIR msg=audit(1651774134.579:764): fd0=3 fd1=4
#  node=ci-vm-10-0-139-94.hosted.upshift.rdu2.redhat.com type=SYSCALL msg=audit(1651774134.579:764): arch=c000003e syscall=22 success=yes exit=0 a0=7ffccae8cb40 a1=7ffccae8cb50 a2=7ffccae8cbd0 a3=8 items=0 ppid=20774 pid=20779 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=19 comm="runtest.sh" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="pid-test-rule"
#  node=ci-vm-10-0-139-94.hosted.upshift.rdu2.redhat.com type=PROCTITLE msg=audit(1651774134.579:764): proctitle=2F62696E2F62617368002E2F72756E746573742E7368
type=MMAP msg=audit(1651774450.649:8974): fd=3 flags=0x2
 type=SYSCALL msg=audit(1651774450.649:8974): arch=c000003e syscall=9 success=yes exit=140080763113472 a0=0 a1=838a a2=1 a3=2 items=0 ppid=11328 pid=11330 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=51 comm="ls" exe="/usr/bin/ls" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
 type=PROCTITLE msg=audit(1651774450.649:8974): proctitle=61757472616365002F62696E2F6C73002F746D702F746D702E6F535874526576473571