# ausearch -m AVC -ts boot
----
time->Fri Feb 21 18:45:10 2025
type=PROCTITLE msg=audit(1740159910.180:48): proctitle=2F7573722F62696E2F707974686F6E332E3132002F7573722F7362696E2F6669726577616C6C64002D2D6E6F666F726B002D2D6E6F706964
type=SYSCALL msg=audit(1740159910.180:48): arch=c000003e syscall=262 success=no exit=-2 a0=ffffff9c a1=7f0372c9c230 a2=7fffc2787370 a3=0 items=0 ppid=1 pid=585 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="firewalld" exe="/usr/bin/python3.12" subj=system_u:system_r:firewalld_t key=(null)
type=AVC msg=audit(1740159910.180:48): avc:  denied  { dac_read_search } for  pid=585 comm="firewalld" capability=2  scontext=system_u:system_r:firewalld_t tcontext=system_u:system_r:firewalld_t tclass=capability permissive=1
----
time->Fri Feb 21 18:45:10 2025
type=PROCTITLE msg=audit(1740159910.485:49): proctitle=2F7573722F62696E2F707974686F6E332E3132002F7573722F7362696E2F6669726577616C6C64002D2D6E6F666F726B002D2D6E6F706964
type=SYSCALL msg=audit(1740159910.485:49): arch=c000003e syscall=257 success=yes exit=4 a0=ffffff9c a1=7f03734678d8 a2=80000 a3=0 items=0 ppid=1 pid=585 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="firewalld" exe="/usr/bin/python3.12" subj=system_u:system_r:firewalld_t key=(null)
type=AVC msg=audit(1740159910.485:49): avc:  denied  { open } for  pid=585 comm="firewalld" path="/sys/devices/system/cpu/possible" dev="sysfs" ino=35 scontext=system_u:system_r:firewalld_t tcontext=system_u:object_r:sysfs_t tclass=file permissive=1
type=AVC msg=audit(1740159910.485:49): avc:  denied  { read } for  pid=585 comm="firewalld" name="possible" dev="sysfs" ino=35 scontext=system_u:system_r:firewalld_t tcontext=system_u:object_r:sysfs_t tclass=file permissive=1
----
time->Fri Feb 21 18:45:10 2025
type=PROCTITLE msg=audit(1740159910.485:50): proctitle=2F7573722F62696E2F707974686F6E332E3132002F7573722F7362696E2F6669726577616C6C64002D2D6E6F666F726B002D2D6E6F706964
type=SYSCALL msg=audit(1740159910.485:50): arch=c000003e syscall=204 success=yes exit=8 a0=249 a1=8 a2=558ef37a9c10 a3=7f0373446fe0 items=0 ppid=1 pid=585 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="firewalld" exe="/usr/bin/python3.12" subj=system_u:system_r:firewalld_t key=(null)
type=AVC msg=audit(1740159910.485:50): avc:  denied  { getsched } for  pid=585 comm="firewalld" scontext=system_u:system_r:firewalld_t tcontext=system_u:system_r:firewalld_t tclass=process permissive=1
----
time->Fri Feb 21 18:45:10 2025
type=PROCTITLE msg=audit(1740159910.620:54): proctitle=2F7573722F62696E2F69707461626C6573002D77002D4C002D6E
type=SYSCALL msg=audit(1740159910.620:54): arch=c000003e syscall=55 success=no exit=-92 a0=4 a1=0 a2=40 a3=7ffecdb0d520 items=0 ppid=585 pid=586 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/bin/xtables-legacy-multi" subj=system_u:system_r:iptables_t key=(null)
type=AVC msg=audit(1740159910.620:54): avc:  denied  { read } for  pid=586 comm="iptables" path="pipe:[7200]" dev="pipefs" ino=7200 scontext=system_u:system_r:iptables_t tcontext=system_u:system_r:kernel_t tclass=fifo_file permissive=1
type=AVC msg=audit(1740159910.620:54): avc:  denied  { write } for  pid=586 comm="iptables" path="pipe:[7199]" dev="pipefs" ino=7199 scontext=system_u:system_r:iptables_t tcontext=system_u:system_r:kernel_t tclass=fifo_file permissive=1
----
time->Fri Feb 21 18:45:10 2025
type=PROCTITLE msg=audit(1740159910.622:53): proctitle=2F7362696E2F6D6F6470726F6265002D71002D2D00627066696C746572
type=PATH msg=audit(1740159910.622:53): item=3 name=(null) inode=2 dev=00:32 mode=0100700 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmpfs_t nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(1740159910.622:53): item=2 name=(null) inode=1 dev=00:32 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmpfs_t nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(1740159910.622:53): item=1 name=(null) nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(1740159910.622:53): item=0 name=(null) inode=1 dev=00:32 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmpfs_t nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1740159910.622:53): cwd="/"
type=SYSCALL msg=audit(1740159910.622:53): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=55d1124d09b2 a2=0 a3=40 items=4 ppid=50 pid=588 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=system_u:system_r:kmod_t key=(null)
type=AVC msg=audit(1740159910.622:53): avc:  denied  { write open } for  pid=588 comm="modprobe" path="/bpfilter_umh" dev="tmpfs" ino=2 scontext=system_u:system_r:kmod_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1740159910.622:53): avc:  denied  { create } for  pid=588 comm="modprobe" name="bpfilter_umh" scontext=system_u:system_r:kmod_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
type=AVC msg=audit(1740159910.622:53): avc:  denied  { add_name } for  pid=588 comm="modprobe" name="bpfilter_umh" scontext=system_u:system_r:kmod_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1740159910.622:53): avc:  denied  { write } for  pid=588 comm="modprobe" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:kmod_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
----
time->Fri Feb 21 18:45:10 2025
type=PROCTITLE msg=audit(1740159910.984:62): proctitle=2F7573722F62696E2F69707461626C6573002D773130002D74007365637572697479002D4C002D6E
type=SYSCALL msg=audit(1740159910.984:62): arch=c000003e syscall=55 success=yes exit=0 a0=4 a1=0 a2=40 a3=7fff0b5c7660 items=0 ppid=585 pid=615 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/bin/xtables-legacy-multi" subj=system_u:system_r:iptables_t key=(null)
type=NETFILTER_CFG msg=audit(1740159910.984:62): table=security family=2 entries=0 op=xt_register pid=615 subj=system_u:system_r:iptables_t comm="iptables"
type=AVC msg=audit(1740159910.984:62): avc:  denied  { read } for  pid=615 comm="iptables" path="pipe:[7200]" dev="pipefs" ino=7200 scontext=system_u:system_r:iptables_t tcontext=system_u:system_r:kernel_t tclass=fifo_file permissive=1
type=AVC msg=audit(1740159910.984:62): avc:  denied  { write } for  pid=615 comm="iptables" path="pipe:[7199]" dev="pipefs" ino=7199 scontext=system_u:system_r:iptables_t tcontext=system_u:system_r:kernel_t tclass=fifo_file permissive=1
----
time->Fri Feb 21 18:45:11 2025
type=AVC msg=audit(1740159911.026:67): avc:  denied  { getattr } for  pid=462 comm="systemd-udevd" path="/run/modprobe.d" dev="tmpfs" ino=108 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
----
time->Fri Feb 21 18:45:11 2025
type=PROCTITLE msg=audit(1740159911.396:74): proctitle=2F7573722F62696E2F707974686F6E332E3132002F7573722F7362696E2F6669726577616C6C64002D2D6E6F666F726B002D2D6E6F706964
type=SYSCALL msg=audit(1740159911.396:74): arch=c000003e syscall=9 success=yes exit=139652782977024 a0=0 a1=1000 a2=5 a3=1 items=0 ppid=1 pid=585 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="firewalld" exe="/usr/bin/python3.12" subj=system_u:system_r:firewalld_t key=(null)
type=AVC msg=audit(1740159911.396:74): avc:  denied  { execute } for  pid=585 comm="firewalld" path=2F6D656D66643A6C6962666669202864656C6574656429 dev="tmpfs" ino=51 scontext=system_u:system_r:firewalld_t tcontext=system_u:object_r:firewalld_tmpfs_t tclass=file permissive=1
----
time->Fri Feb 21 18:45:11 2025
type=PROCTITLE msg=audit(1740159911.441:76): proctitle=2F7362696E2F616765747479002D6F002D70202D2D205C75002D2D6E6F636C656172002D006C696E7578
type=PATH msg=audit(1740159911.441:76): item=0 name="/run/credentials/getty@tty1.service" inode=1 dev=00:36 mode=040500 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmpfs_t nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1740159911.441:76): cwd="/"
type=SYSCALL msg=audit(1740159911.441:76): arch=c000003e syscall=257 success=yes exit=3 a0=ffffff9c a1=559c8848a330 a2=80000 a3=0 items=1 ppid=1 pid=613 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty1 ses=4294967295 comm="agetty" exe="/usr/bin/agetty" subj=system_u:system_r:getty_t key=(null)
type=AVC msg=audit(1740159911.441:76): avc:  denied  { open } for  pid=613 comm="agetty" path="/run/credentials/getty@tty1.service" dev="tmpfs" ino=1 scontext=system_u:system_r:getty_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1740159911.441:76): avc:  denied  { read } for  pid=613 comm="agetty" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:getty_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
type=AVC msg=audit(1740159911.441:76): avc:  denied  { search } for  pid=613 comm="agetty" name="credentials" dev="tmpfs" ino=5 scontext=system_u:system_r:getty_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
----
time->Fri Feb 21 18:45:11 2025
type=PROCTITLE msg=audit(1740159911.441:77): proctitle=2F7362696E2F616765747479002D6F002D70202D2D205C75002D2D6E6F636C656172002D006C696E7578
type=SYSCALL msg=audit(1740159911.441:77): arch=c000003e syscall=5 success=yes exit=0 a0=4 a1=7ffef89aa830 a2=0 a3=0 items=0 ppid=1 pid=613 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty1 ses=4294967295 comm="agetty" exe="/usr/bin/agetty" subj=system_u:system_r:getty_t key=(null)
type=AVC msg=audit(1740159911.441:77): avc:  denied  { getattr } for  pid=613 comm="agetty" path="/run/credentials/getty@tty1.service" dev="tmpfs" ino=1 scontext=system_u:system_r:getty_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
----
time->Fri Feb 21 18:46:47 2025
type=PROCTITLE msg=audit(1740160007.340:92): proctitle="-bash"
type=PATH msg=audit(1740160007.340:92): item=0 name="/lib64/ld-linux-x86-64.so.2" inode=412510 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1740160007.340:92): cwd="/var/home/ansible"
type=EXECVE msg=audit(1740160007.340:92): argc=1 a0="-bash"
type=SYSCALL msg=audit(1740160007.340:92): arch=c000003e syscall=59 success=yes exit=0 a0=5647764b0eb0 a1=7ffe83cc8ca0 a2=5647764a59b0 a3=7 items=1 ppid=891 pid=892 auid=5000 uid=5000 gid=5000 euid=5000 suid=5000 fsuid=5000 egid=5000 sgid=5000 fsgid=5000 tty=pts0 ses=1 comm="bash" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t key=(null)
type=AVC msg=audit(1740160007.340:92): avc:  denied  { siginh } for  pid=892 comm="bash" scontext=system_u:system_r:sshd_t tcontext=unconfined_u:unconfined_r:unconfined_t tclass=process permissive=1
type=AVC msg=audit(1740160007.340:92): avc:  denied  { rlimitinh } for  pid=892 comm="bash" scontext=system_u:system_r:sshd_t tcontext=unconfined_u:unconfined_r:unconfined_t tclass=process permissive=1
type=AVC msg=audit(1740160007.340:92): avc:  denied  { noatsecure } for  pid=892 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=unconfined_u:unconfined_r:unconfined_t tclass=process permissive=1
type=AVC msg=audit(1740160007.340:92): avc:  denied  { transition } for  pid=892 comm="sshd-session" path="/usr/bin/bash" dev="dm-0" ino=412678 scontext=system_u:system_r:sshd_t tcontext=unconfined_u:unconfined_r:unconfined_t tclass=process permissive=1
----
time->Fri Feb 21 18:56:09 2025
type=PROCTITLE msg=audit(1740160569.559:97): proctitle=2F7573722F62696E2F707974686F6E332E3132002F7573722F6C69622F707974686F6E2D657865632F707974686F6E332E31322F656D6572676500776F726C64002D747661002D444E75
type=SYSCALL msg=audit(1740160569.559:97): arch=c000003e syscall=49 success=yes exit=0 a0=4 a1=7ffd50a40040 a2=1c a3=7fa54b1da558 items=0 ppid=903 pid=2001 auid=5000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="emerge" exe="/usr/bin/python3.12" subj=unconfined_u:unconfined_r:portage_t key=(null)
type=AVC msg=audit(1740160569.559:97): avc:  denied  { node_bind } for  pid=2001 comm="emerge" saddr=::1 scontext=unconfined_u:unconfined_r:portage_t tcontext=system_u:object_r:node_t tclass=udp_socket permissive=1
----
time->Fri Feb 21 18:56:09 2025
type=PROCTITLE msg=audit(1740160569.677:98): proctitle=2F7573722F62696E2F707974686F6E332E3132002F7573722F6C69622F707974686F6E2D657865632F707974686F6E332E31322F656D6572676500776F726C64002D747661002D444E75
type=SYSCALL msg=audit(1740160569.677:98): arch=c000003e syscall=262 success=yes exit=0 a0=ffffff9c a1=7fa549c2dcd0 a2=7ffd50a3f2f0 a3=0 items=0 ppid=903 pid=2001 auid=5000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="emerge" exe="/usr/bin/python3.12" subj=unconfined_u:unconfined_r:portage_t key=(null)
type=AVC msg=audit(1740160569.677:98): avc:  denied  { getattr } for  pid=2001 comm="emerge" path="/var/db/repos/gentoo" dev="loop0" ino=152458 scontext=unconfined_u:unconfined_r:portage_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
----
time->Fri Feb 21 18:56:09 2025
type=PROCTITLE msg=audit(1740160569.677:99): proctitle=2F7573722F62696E2F707974686F6E332E3132002F7573722F6C69622F707974686F6E2D657865632F707974686F6E332E31322F656D6572676500776F726C64002D747661002D444E75
type=PATH msg=audit(1740160569.677:99): item=0 name="/var/db/repos/gentoo/profiles/repo_name" inode=130334 dev=07:00 mode=0100644 ouid=250 ogid=250 rdev=00:00 obj=system_u:object_r:unlabeled_t nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1740160569.677:99): cwd="/root"
type=SYSCALL msg=audit(1740160569.677:99): arch=c000003e syscall=257 success=yes exit=3 a0=ffffff9c a1=7fa54a22f070 a2=80000 a3=0 items=1 ppid=903 pid=2001 auid=5000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="emerge" exe="/usr/bin/python3.12" subj=unconfined_u:unconfined_r:portage_t key=(null)
type=AVC msg=audit(1740160569.677:99): avc:  denied  { open } for  pid=2001 comm="emerge" path="/var/db/repos/gentoo/profiles/repo_name" dev="loop0" ino=130334 scontext=unconfined_u:unconfined_r:portage_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
type=AVC msg=audit(1740160569.677:99): avc:  denied  { read } for  pid=2001 comm="emerge" name="repo_name" dev="loop0" ino=130334 scontext=unconfined_u:unconfined_r:portage_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
type=AVC msg=audit(1740160569.677:99): avc:  denied  { search } for  pid=2001 comm="emerge" name="/" dev="loop0" ino=152458 scontext=unconfined_u:unconfined_r:portage_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
----
time->Fri Feb 21 18:56:09 2025
type=PROCTITLE msg=audit(1740160569.680:100): proctitle=2F7573722F62696E2F707974686F6E332E3132002F7573722F6C69622F707974686F6E2D657865632F707974686F6E332E31322F656D6572676500776F726C64002D747661002D444E75
type=SYSCALL msg=audit(1740160569.680:100): arch=c000003e syscall=5 success=yes exit=0 a0=3 a1=7ffd50a3f080 a2=0 a3=0 items=0 ppid=903 pid=2001 auid=5000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="emerge" exe="/usr/bin/python3.12" subj=unconfined_u:unconfined_r:portage_t key=(null)
type=AVC msg=audit(1740160569.680:100): avc:  denied  { getattr } for  pid=2001 comm="emerge" path="/var/db/repos/gentoo/profiles/repo_name" dev="loop0" ino=130334 scontext=unconfined_u:unconfined_r:portage_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
----
time->Fri Feb 21 18:56:09 2025
type=PROCTITLE msg=audit(1740160569.680:101): proctitle=2F7573722F62696E2F707974686F6E332E3132002F7573722F6C69622F707974686F6E2D657865632F707974686F6E332E31322F656D6572676500776F726C64002D747661002D444E75
type=SYSCALL msg=audit(1740160569.680:101): arch=c000003e syscall=16 success=no exit=-25 a0=3 a1=5401 a2=7ffd50a3f200 a3=7fa549bc74d8 items=0 ppid=903 pid=2001 auid=5000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="emerge" exe="/usr/bin/python3.12" subj=unconfined_u:unconfined_r:portage_t key=(null)
type=AVC msg=audit(1740160569.680:101): avc:  denied  { ioctl } for  pid=2001 comm="emerge" path="/var/db/repos/gentoo/profiles/repo_name" dev="loop0" ino=130334 ioctlcmd=0x5401 scontext=unconfined_u:unconfined_r:portage_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
----
time->Fri Feb 21 18:56:09 2025
type=PROCTITLE msg=audit(1740160569.699:102): proctitle=2F7573722F62696E2F707974686F6E332E3132002F7573722F6C69622F707974686F6E2D657865632F707974686F6E332E31322F656D6572676500776F726C64002D747661002D444E75
type=SYSCALL msg=audit(1740160569.699:102): arch=c000003e syscall=257 success=yes exit=3 a0=ffffff9c a1=7fa54a01a8d0 a2=90800 a3=0 items=0 ppid=903 pid=2001 auid=5000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="emerge" exe="/usr/bin/python3.12" subj=unconfined_u:unconfined_r:portage_t key=(null)
type=AVC msg=audit(1740160569.699:102): avc:  denied  { open } for  pid=2001 comm="emerge" path="/var/db/repos/gentoo/eclass" dev="loop0" ino=59936 scontext=unconfined_u:unconfined_r:portage_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
type=AVC msg=audit(1740160569.699:102): avc:  denied  { read } for  pid=2001 comm="emerge" name="eclass" dev="loop0" ino=59936 scontext=unconfined_u:unconfined_r:portage_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
----
time->Fri Feb 21 19:00:11 2025
type=PROCTITLE msg=audit(1740160811.109:103): proctitle=73797374656D642D746D7066696C6573002D2D636C65616E
type=PATH msg=audit(1740160811.109:103): item=0 name=".ssh" inode=56091 dev=fd:00 mode=040700 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:default_t nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1740160811.109:103): cwd="/"
type=SYSCALL msg=audit(1740160811.109:103): arch=c000003e syscall=257 success=yes exit=5 a0=7 a1=56428334cf50 a2=2a0000 a3=0 items=1 ppid=1 pid=3092 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-tmpfile" exe="/usr/bin/systemd-tmpfiles" subj=system_u:system_r:systemd_tmpfiles_t key=(null)
type=AVC msg=audit(1740160811.109:103): avc:  denied  { search } for  pid=3092 comm="systemd-tmpfile" name="root" dev="dm-0" ino=393221 scontext=system_u:system_r:systemd_tmpfiles_t tcontext=system_u:object_r:default_t tclass=dir permissive=1