# Pastebin Q9PySGal type=AVC msg=audit(08/19/19 13:08:32.800:193) : avc: denied { read } for pid=25938 comm=snapd name=snap.yaml dev="loop0" ino=2441 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:08:32.801:194) : avc: denied { open } for pid=25938 comm=snapd path=/var/lib/snapd/snap/core/7629/meta/snap.yaml dev="loop0" ino=2441 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:08:32.801:195) : avc: denied { getattr } for pid=25938 comm=snapd path=/var/lib/snapd/snap/core/7629/meta/snap.yaml dev="loop0" ino=2441 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:08:32.802:196) : avc: denied { getattr } for pid=25938 comm=snapd path=/var/lib/snapd/snap/core/7629/meta/hooks dev="loop0" ino=2439 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:08:32.802:197) : avc: denied { read } for pid=25938 comm=snapd name=hooks dev="loop0" ino=2439 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:08:32.802:198) : avc: denied { open } for pid=25938 comm=snapd path=/var/lib/snapd/snap/core/7629/meta/hooks dev="loop0" ino=2439 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:08:32.893:200) : avc: denied { read } for pid=25938 comm=snapd name=snap.yaml dev="loop0" ino=2441 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:08:32.893:201) : avc: denied { open } for pid=25938 comm=snapd path=/var/lib/snapd/snap/core/7629/meta/snap.yaml dev="loop0" ino=2441 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:08:32.893:202) : avc: denied { getattr } for pid=25938 comm=snapd path=/var/lib/snapd/snap/core/7629/meta/snap.yaml dev="loop0" ino=2441 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:22.693:306) : avc: denied { getattr } for pid=28902 comm=snapd path=/home/gopath/src/github.com/snapcore/snapd/tests/regression/lp-1764977/test-snapd-sh dev="sda1" ino=287910 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:22.693:307) : avc: denied { read } for pid=28902 comm=snapd name=snap.yaml dev="sda1" ino=287912 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:22.693:308) : avc: denied { open } for pid=28902 comm=snapd path=/home/gopath/src/github.com/snapcore/snapd/tests/regression/lp-1764977/test-snapd-sh/meta/snap.yaml dev="sda1" ino=287912 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:22.695:309) : avc: denied { read } for pid=28902 comm=snapd name=test-snapd-sh dev="sda1" ino=287910 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:22.695:310) : avc: denied { open } for pid=28902 comm=snapd path=/home/gopath/src/github.com/snapcore/snapd/tests/regression/lp-1764977/test-snapd-sh dev="sda1" ino=287910 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:23.032:311) : avc: denied { read } for pid=1 comm=systemd name=test-snapd-sh_x1.snap dev="sda1" ino=415280 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:snappy_var_lib_t:s0 tclass=lnk_file permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:23.060:312) : avc: denied { read } for pid=28902 comm=snapd name=snap.yaml dev="sda1" ino=287912 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:23.060:313) : avc: denied { open } for pid=28902 comm=snapd path=/var/lib/snapd/snap/test-snapd-sh/x1/meta/snap.yaml dev="sda1" ino=287912 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:44.795:335) : avc: denied { setfscreate } for pid=29944 comm=cp scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:system_r:snappy_t:s0 tclass=process permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:44.871:336) : avc: denied { unmount } for pid=29946 comm=snap-update-ns scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:snappy_snap_t:s0 tclass=filesystem permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:44.872:337) : avc: denied { getattr } for pid=29946 comm=snap-update-ns path=/snap/test-snapd-app/x1/things/b dev="tmpfs" ino=72399 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:44.873:338) : avc: denied { write } for pid=29946 comm=snap-update-ns name=/ dev="tmpfs" ino=72394 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:44.873:339) : avc: denied { remove_name } for pid=29946 comm=snap-update-ns name=b dev="tmpfs" ino=72399 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:44.873:340) : avc: denied { rmdir } for pid=29946 comm=snap-update-ns name=b dev="tmpfs" ino=72399 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:44.873:341) : avc: denied { read } for pid=29946 comm=snap-update-ns name=snap dev="sda1" ino=415206 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:snappy_var_lib_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:44.874:342) : avc: denied { read } for pid=29946 comm=snap-update-ns name=/ dev="tmpfs" ino=72394 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:44.874:343) : avc: denied { open } for pid=29946 comm=snap-update-ns path=/snap/test-snapd-app/x1/things dev="tmpfs" ino=72394 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:44.874:344) : avc: denied { add_name } for pid=29946 comm=snap-update-ns name=a scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:44.874:345) : avc: denied { create } for pid=29946 comm=snap-update-ns name=a scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:44.874:346) : avc: denied { read } for pid=29946 comm=snap-update-ns name=a dev="tmpfs" ino=72756 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:44.874:347) : avc: denied { open } for pid=29946 comm=snap-update-ns path=/snap/test-snapd-app/x1/things/a dev="tmpfs" ino=72756 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:44.874:348) : avc: denied { setattr } for pid=29946 comm=snap-update-ns name=a dev="tmpfs" ino=72756 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:44.875:349) : avc: denied { getattr } for pid=29946 comm=snap-update-ns path=/snap/test-snapd-app/x1/things/a dev="tmpfs" ino=72756 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:44.875:350) : avc: denied { mounton } for pid=29946 comm=snap-update-ns path=/snap/test-snapd-app/x1/things/a dev="tmpfs" ino=72756 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:44.875:351) : avc: denied { remount } for pid=29946 comm=snap-update-ns scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:snappy_snap_t:s0 tclass=filesystem permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:45.923:357) : avc: denied { getattr } for pid=30034 comm=snap-update-ns path=/snap/test-snapd-app/x1/things/c dev="tmpfs" ino=72762 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:45.924:358) : avc: denied { rmdir } for pid=30034 comm=snap-update-ns name=c dev="tmpfs" ino=72762 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:45.924:359) : avc: denied { unlink } for pid=30034 comm=snap-update-ns name=README dev="tmpfs" ino=72395 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:45.924:360) : avc: denied { unmount } for pid=30034 comm=snap-update-ns scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:55.714:377) : avc: denied { setfscreate } for pid=30746 comm=cp scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:system_r:snappy_t:s0 tclass=process permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:55.714:378) : avc: denied { create } for pid=30746 comm=cp name=x2 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:snappy_home_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:59.898:379) : avc: denied { unmount } for pid=30751 comm=snap-update-ns scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:snappy_snap_t:s0 tclass=filesystem permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:59.898:380) : avc: denied { write } for pid=30751 comm=snap-update-ns name=stub dev="tmpfs" ino=75027 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:59.898:381) : avc: denied { remove_name } for pid=30751 comm=snap-update-ns name=stub.txt dev="tmpfs" ino=75028 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:59.898:382) : avc: denied { unlink } for pid=30751 comm=snap-update-ns name=stub.txt dev="tmpfs" ino=75028 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:59.899:383) : avc: denied { read } for pid=30751 comm=snap-update-ns name=/ dev="tmpfs" ino=75023 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:59.899:384) : avc: denied { open } for pid=30751 comm=snap-update-ns path=/usr/share/java dev="tmpfs" ino=75023 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:59.899:385) : avc: denied { getattr } for pid=30751 comm=snap-update-ns path=/usr/share/java dev="tmpfs" ino=75023 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:59.899:386) : avc: denied { add_name } for pid=30751 comm=snap-update-ns name=stub.txt scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:59.899:387) : avc: denied { create } for pid=30751 comm=snap-update-ns name=stub.txt scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:59.899:388) : avc: denied { setattr } for pid=30751 comm=snap-update-ns name=stub.txt dev="tmpfs" ino=75269 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:09:59.899:389) : avc: denied { mounton } for pid=30751 comm=snap-update-ns path=/usr/share/java/stub/stub.txt dev="tmpfs" ino=75269 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:10:00.785:390) : avc: denied { write } for pid=30877 comm=snap-update-ns name=stub dev="tmpfs" ino=75027 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:10:00.786:391) : avc: denied { remove_name } for pid=30877 comm=snap-update-ns name=stub.txt dev="tmpfs" ino=75269 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:10:00.786:392) : avc: denied { unlink } for pid=30877 comm=snap-update-ns name=stub.txt dev="tmpfs" ino=75269 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:10:00.786:393) : avc: denied { read } for pid=30877 comm=snap-update-ns name=/ dev="tmpfs" ino=75023 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:10:00.787:394) : avc: denied { open } for pid=30877 comm=snap-update-ns path=/usr/share/java dev="tmpfs" ino=75023 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:10:00.787:395) : avc: denied { getattr } for pid=30877 comm=snap-update-ns path=/usr/share/java dev="tmpfs" ino=75023 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:10:00.787:396) : avc: denied { add_name } for pid=30877 comm=snap-update-ns name=stub.txt scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:10:00.787:397) : avc: denied { create } for pid=30877 comm=snap-update-ns name=stub.txt scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:10:00.787:398) : avc: denied { setattr } for pid=30877 comm=snap-update-ns name=stub.txt dev="tmpfs" ino=75537 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:10:00.787:399) : avc: denied { mounton } for pid=30877 comm=snap-update-ns path=/usr/share/java/stub/stub.txt dev="tmpfs" ino=75537 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:10:42.990:489) : avc: denied { execute } for pid=425 comm=snapd name=bad-snap-seccomp dev="sda1" ino=13509 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:10:42.996:490) : avc: denied { read open } for pid=425 comm=snapd path=/usr/libexec/snapd/snap-seccomp dev="sda1" ino=13509 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:10:42.996:491) : avc: denied { execute_no_trans } for pid=425 comm=snapd path=/usr/libexec/snapd/snap-seccomp dev="sda1" ino=13509 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:10:43.005:492) : avc: denied { ioctl } for pid=425 comm=snap-seccomp path=/usr/libexec/snapd/snap-seccomp dev="sda1" ino=13509 ioctlcmd=TCGETS scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:12:19.887:674) : avc: denied { getattr } for pid=4963 comm=snapd path=/tmp/test-snapd-sh dev="sda1" ino=262173 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:12:19.887:675) : avc: denied { read } for pid=4963 comm=snapd name=snap.yaml dev="sda1" ino=262175 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:12:19.887:676) : avc: denied { open } for pid=4963 comm=snapd path=/tmp/test-snapd-sh/meta/snap.yaml dev="sda1" ino=262175 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:12:19.887:677) : avc: denied { read } for pid=4963 comm=snapd name=test-snapd-sh dev="sda1" ino=262173 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:12:19.888:678) : avc: denied { open } for pid=4963 comm=snapd path=/tmp/test-snapd-sh dev="sda1" ino=262173 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:12:20.214:679) : avc: denied { read } for pid=1 comm=systemd name=test-snapd-sh_x1.snap dev="sda1" ino=400636 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:snappy_var_lib_t:s0 tclass=lnk_file permissive=1 ---- type=AVC msg=audit(08/19/19 13:12:28.135:680) : avc: denied { read } for pid=4963 comm=snapd name=snap.yaml dev="sda1" ino=262175 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:12:28.135:681) : avc: denied { open } for pid=4963 comm=snapd path=/var/lib/snapd/snap/test-snapd-sh/x1/meta/snap.yaml dev="sda1" ino=262175 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:12:44.613:724) : avc: denied { setfscreate } for pid=6406 comm=cp scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:system_r:snappy_t:s0 tclass=process permissive=1 ---- type=AVC msg=audit(08/19/19 13:12:44.614:725) : avc: denied { create } for pid=6406 comm=cp name=x2 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:snappy_home_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:12:48.799:726) : avc: denied { unmount } for pid=6411 comm=snap-update-ns scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:snappy_snap_t:s0 tclass=filesystem permissive=1 ---- type=AVC msg=audit(08/19/19 13:12:48.799:727) : avc: denied { mounton } for pid=6411 comm=snap-update-ns path=/snap/test-snapd-layout/x2/b/c dev="loop2" ino=4 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:snappy_snap_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:13:27.434:792) : avc: denied { search } for pid=8044 comm=journalctl name=1 dev="proc" ino=12286 scontext=system_u:system_r:journalctl_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:13:27.434:793) : avc: denied { read } for pid=8044 comm=journalctl name=environ dev="proc" ino=12442 scontext=system_u:system_r:journalctl_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:13:27.435:794) : avc: denied { open } for pid=8044 comm=journalctl path=/proc/1/environ dev="proc" ino=12442 scontext=system_u:system_r:journalctl_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:13:27.435:795) : avc: denied { getattr } for pid=8044 comm=journalctl path=/proc/1/environ dev="proc" ino=12442 scontext=system_u:system_r:journalctl_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:13:27.435:796) : avc: denied { sys_resource } for pid=8044 comm=journalctl capability=sys_resource scontext=system_u:system_r:journalctl_t:s0 tcontext=system_u:system_r:journalctl_t:s0 tclass=capability permissive=1 ---- type=AVC msg=audit(08/19/19 13:13:27.435:797) : avc: denied { setrlimit } for pid=8044 comm=journalctl scontext=system_u:system_r:journalctl_t:s0 tcontext=system_u:system_r:journalctl_t:s0 tclass=process permissive=1 ---- type=AVC msg=audit(08/19/19 13:16:17.057:968) : avc: denied { getattr } for pid=12866 comm=snapd path=/home/gopath/src/github.com/snapcore/snapd/tests/main/try-snap-goes-away/trydir dev="sda1" ino=410 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:16:17.057:969) : avc: denied { read } for pid=12866 comm=snapd name=snap.yaml dev="sda1" ino=427 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:16:17.057:970) : avc: denied { open } for pid=12866 comm=snapd path=/home/gopath/src/github.com/snapcore/snapd/tests/main/try-snap-goes-away/trydir/meta/snap.yaml dev="sda1" ino=427 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:16:17.057:971) : avc: denied { read } for pid=12866 comm=snapd name=trydir dev="sda1" ino=410 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:16:17.057:972) : avc: denied { open } for pid=12866 comm=snapd path=/home/gopath/src/github.com/snapcore/snapd/tests/main/try-snap-goes-away/trydir dev="sda1" ino=410 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:16:17.408:973) : avc: denied { read } for pid=1 comm=systemd name=test-snapd-service_x1.snap dev="sda1" ino=400639 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:snappy_var_lib_t:s0 tclass=lnk_file permissive=1 ---- type=AVC msg=audit(08/19/19 13:16:24.978:977) : avc: denied { read } for pid=13045 comm=snap name=snap.yaml dev="sda1" ino=427 scontext=system_u:system_r:snappy_cli_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:16:24.980:978) : avc: denied { open } for pid=13045 comm=snap path=/var/lib/snapd/snap/test-snapd-service/x1/meta/snap.yaml dev="sda1" ino=427 scontext=system_u:system_r:snappy_cli_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:16:24.980:979) : avc: denied { getattr } for pid=13045 comm=snap path=/var/lib/snapd/snap/test-snapd-service/x1/meta/snap.yaml dev="sda1" ino=427 scontext=system_u:system_r:snappy_cli_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:16:24.981:980) : avc: denied { read } for pid=13045 comm=snap name=hooks dev="sda1" ino=425 scontext=system_u:system_r:snappy_cli_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:16:25.066:982) : avc: denied { read } for pid=13057 comm=snap name=hooks dev="sda1" ino=425 scontext=system_u:system_r:snappy_cli_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:16:25.961:991) : avc: denied { read } for pid=12866 comm=snapd name=snap.yaml dev="sda1" ino=427 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:16:25.962:992) : avc: denied { open } for pid=12866 comm=snapd path=/var/lib/snapd/snap/test-snapd-service/x1/meta/snap.yaml dev="sda1" ino=427 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:16:25.970:993) : avc: denied { getattr } for pid=12866 comm=snapd path=/var/lib/snapd/snap/test-snapd-service/x1/meta/hooks dev="sda1" ino=425 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:16:25.970:994) : avc: denied { read } for pid=12866 comm=snapd name=hooks dev="sda1" ino=425 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:16:25.971:995) : avc: denied { open } for pid=12866 comm=snapd path=/var/lib/snapd/snap/test-snapd-service/x1/meta/hooks dev="sda1" ino=425 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.398:1076) : avc: denied { read } for pid=16900 comm=snap-update-ns name=snap dev="sda1" ino=400570 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:snappy_var_lib_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.399:1077) : avc: denied { read } for pid=16900 comm=snap-update-ns name=tmp dev="sda1" ino=427 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.399:1078) : avc: denied { open } for pid=16900 comm=snap-update-ns path=/tmp dev="sda1" ino=427 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.400:1079) : avc: denied { write } for pid=16900 comm=snap-update-ns name=tmp dev="sda1" ino=427 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.400:1080) : avc: denied { add_name } for pid=16900 comm=snap-update-ns name=.snap scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.400:1081) : avc: denied { create } for pid=16900 comm=snap-update-ns name=.snap scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.400:1082) : avc: denied { read } for pid=16900 comm=snap-update-ns name=.snap dev="sda1" ino=438 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.400:1083) : avc: denied { open } for pid=16900 comm=snap-update-ns path=/tmp/.snap dev="sda1" ino=438 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.400:1084) : avc: denied { setattr } for pid=16900 comm=snap-update-ns name=.snap dev="sda1" ino=438 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.400:1085) : avc: denied { write } for pid=16900 comm=snap-update-ns name=.snap dev="sda1" ino=438 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.400:1086) : avc: denied { add_name } for pid=16900 comm=snap-update-ns name=snap scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.401:1087) : avc: denied { getattr } for pid=16900 comm=snap-update-ns path=/tmp/.snap/snap/test-snapd-content-advanced-plug/x1 dev="sda1" ino=441 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.401:1088) : avc: denied { mounton } for pid=16900 comm=snap-update-ns path=/tmp/.snap/snap/test-snapd-content-advanced-plug/x1 dev="sda1" ino=441 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.401:1089) : avc: denied { mounton } for pid=16900 comm=snap-update-ns path=/snap/test-snapd-content-advanced-plug/x1 dev="loop3" ino=5 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:snappy_snap_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.401:1090) : avc: denied { mount } for pid=16900 comm=snap-update-ns name=/ dev="tmpfs" ino=139663 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.401:1091) : avc: denied { read } for pid=16900 comm=snap-update-ns name=/ dev="tmpfs" ino=139663 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.402:1092) : avc: denied { write } for pid=16900 comm=snap-update-ns name=/ dev="tmpfs" ino=139663 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.402:1093) : avc: denied { add_name } for pid=16900 comm=snap-update-ns name=bin scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.402:1094) : avc: denied { create } for pid=16900 comm=snap-update-ns name=bin scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.402:1095) : avc: denied { setattr } for pid=16900 comm=snap-update-ns name=bin dev="tmpfs" ino=139664 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.402:1096) : avc: denied { mounton } for pid=16900 comm=snap-update-ns path=/snap/test-snapd-content-advanced-plug/x1/bin dev="tmpfs" ino=139664 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.403:1097) : avc: denied { unmount } for pid=16900 comm=snap-update-ns scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:snappy_snap_t:s0 tclass=filesystem permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.403:1098) : avc: denied { remove_name } for pid=16900 comm=snap-update-ns name=x1 dev="sda1" ino=441 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.403:1099) : avc: denied { rmdir } for pid=16900 comm=snap-update-ns name=x1 dev="sda1" ino=441 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.783:1100) : avc: denied { remove_name } for pid=16992 comm=snap-update-ns name=target dev="tmpfs" ino=139667 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.783:1101) : avc: denied { rmdir } for pid=16992 comm=snap-update-ns name=target dev="tmpfs" ino=139667 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:32.783:1102) : avc: denied { unmount } for pid=16992 comm=snap-update-ns scontext=system_u:system_r:snappy_mount_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:33.062:1103) : avc: denied { getattr } for pid=17022 comm=snap-update-ns path=/snap/test-snapd-content-advanced-plug/x1/target dev="tmpfs" ino=139524 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:33.062:1104) : avc: denied { remove_name } for pid=17022 comm=snap-update-ns name=target dev="tmpfs" ino=139524 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:33.062:1105) : avc: denied { rmdir } for pid=17022 comm=snap-update-ns name=target dev="tmpfs" ino=139524 scontext=system_u:system_r:snappy_mount_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:57.666:1144) : avc: denied { execute } for pid=18358 comm=(akestore) name=fakestore dev="sda1" ino=155343 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:57.666:1145) : avc: denied { execute_no_trans } for pid=18358 comm=(akestore) path=/home/gopath/bin/fakestore dev="sda1" ino=155343 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:57.667:1146) : avc: denied { map } for pid=18358 comm=fakestore path=/home/gopath/bin/fakestore dev="sda1" ino=155343 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:57.826:1149) : avc: denied { read } for pid=18358 comm=fakestore name=current dev="sda1" ino=400624 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:snappy_var_lib_t:s0 tclass=lnk_file permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:59.536:1156) : avc: denied { name_connect } for pid=18431 comm=snapd dest=11028 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:59.537:1157) : avc: denied { read } for pid=18358 comm=fakestore name=16,test-snapd-control-consumer-id.snap-declaration dev="sda1" ino=453 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/19/19 13:17:59.537:1158) : avc: denied { open } for pid=18358 comm=fakestore path=/home/gopath/src/github.com/snapcore/snapd/tests/main/interfaces-snapd-control-with-manage/fake-store-blobdir/asserts/16,test-snapd-control-consumer-id.snap-declaration dev="sda1" ino=453 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 + echo 'Given a basic snap is installed' Given a basic snap is installed + . /home/gopath/src/github.com/snapcore/snapd/tests/lib/snaps.sh + install_local test-snapd-tools + local SNAP_NAME=test-snapd-tools + shift ++ make_snap test-snapd-tools ++ local SNAP_NAME=test-snapd-tools ++ shift ++ local SNAP_FILE=/home/gopath/src/github.com/snapcore/snapd/tests/lib/snaps/test-snapd-tools/test-snapd-tools_1.0_all.snap ++ local SNAP_DIR +++ dirname /home/gopath/src/github.com/snapcore/snapd/tests/lib/snaps/test-snapd-tools/test-snapd-tools_1.0_all.snap ++ SNAP_DIR=/home/gopath/src/github.com/snapcore/snapd/tests/lib/snaps/test-snapd-tools ++ '[' '!' -f /home/gopath/src/github.com/snapcore/snapd/tests/lib/snaps/test-snapd-tools/test-snapd-tools_1.0_all.snap ']' ++ '[' -f /home/gopath/src/github.com/snapcore/snapd/tests/lib/snaps/test-snapd-tools/test-snapd-tools_1.0_all.snap ']' ++ echo /home/gopath/src/github.com/snapcore/snapd/tests/lib/snaps/test-snapd-tools/test-snapd-tools_1.0_all.snap + SNAP_FILE=/home/gopath/src/github.com/snapcore/snapd/tests/lib/snaps/test-snapd-tools/test-snapd-tools_1.0_all.snap + snap install --dangerous /home/gopath/src/github.com/snapcore/snapd/tests/lib/snaps/test-snapd-tools/test-snapd-tools_1.0_all.snap test-snapd-tools 1.0 installed + echo 'And another basic snap is installed' And another basic snap is installed + mkdir -p /home/gopath/src/github.com/snapcore/snapd/tests/main/security-private-tmp/snap-install-dir + cp -ra /home/gopath/src/github.com/snapcore/snapd/tests/lib/snaps/test-snapd-tools/bin /home/gopath/src/github.com/snapcore/snapd/tests/lib/snaps/test-snapd-tools/meta /home/gopath/src/github.com/snapcore/snapd/tests/lib/snaps/test-snapd-tools/test-snapd-tools_1.0_all.snap /home/gopath/src/github.com/snapcore/snapd/tests/main/security-private-tmp/snap-install-dir + sed -i s/test-snapd-tools/not-test-snapd-tools/g /home/gopath/src/github.com/snapcore/snapd/tests/main/security-private-tmp/snap-install-dir/meta/snap.yaml + snap pack /home/gopath/src/github.com/snapcore/snapd/tests/main/security-private-tmp/snap-install-dir container.go:204: in snap "not-test-snapd-tools": "." should be world-readable and executable, and isn't: drwx------ error: cannot pack "/home/gopath/src/github.com/snapcore/snapd/tests/main/security-private-tmp/snap-install-dir": snap is unusable due to bad permissions