apollo13 · March 20, 2020 16:25
diff --git a/gistfile1.txt b/gistfile1.txt
 type=AVC msg=audit(1584721512.261:16623): avc:  denied  { map } for  pid=24196 comm="check_mailq" path="/usr/bin/perl" dev="dm-0" ino=778301 scontext=system_u:system_r:nagios_mail_plugin_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1
 type=AVC msg=audit(1584721512.261:16623): avc:  denied  { execute } for  pid=24196 comm="check_mailq" path="/usr/bin/perl" dev="dm-0" ino=778301 scontext=system_u:system_r:nagios_mail_plugin_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1
 type=SYSCALL msg=audit(1584721512.261:16623): arch=c000003e syscall=59 success=yes exit=0 a0=2dac4b0 a1=2dac4e0 a2=2dabc90 a3=fffffffffffffa86 items=0 ppid=18028 pid=24196 auid=4294967295 uid=992 gid=989 euid=992 suid=992 fsuid=992 egid=989 sgid=989 fsgid=989 tty=(none) ses=4294967295 comm="check_mailq" exe="/usr/bin/perl" subj=system_u:system_r:nagios_mail_plugin_t:s0 key=(null)ARCH=x86_64 SYSCALL=execve AUID="unset" UID="icinga" GID="icinga" EUID="icinga" SUID="icinga" FSUID="icinga" EGID="icinga" SGID="icinga" FSGID="icinga"
 type=PROCTITLE msg=audit(1584721512.261:16623): proctitle=2F7573722F62696E2F7065726C002D77002F7573722F6C696236342F6E6167696F732F706C7567696E732F636865636B5F6D61696C71002D4D00706F7374666978002D63003130002D770035
 type=AVC msg=audit(1584721512.292:16624): avc:  denied  { getattr } for  pid=24197 comm="mailq" path="pipe:[1310760]" dev="pipefs" ino=1310760 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:system_r:icinga2_t:s0 tclass=fifo_file permissive=1
 type=SYSCALL msg=audit(1584721512.292:16624): arch=c000003e syscall=5 success=yes exit=0 a0=2 a1=7ffce37db130 a2=7ffce37db130 a3=564d7c8c8010 items=0 ppid=24196 pid=24197 auid=4294967295 uid=992 gid=989 euid=992 suid=992 fsuid=992 egid=989 sgid=989 fsgid=989 tty=(none) ses=4294967295 comm="mailq" exe="/usr/sbin/sendmail.postfix" subj=system_u:system_r:system_mail_t:s0 key=(null)ARCH=x86_64 SYSCALL=fstat AUID="unset" UID="icinga" GID="icinga" EUID="icinga" SUID="icinga" FSUID="icinga" EGID="icinga" SGID="icinga" FSGID="icinga"
 type=PROCTITLE msg=audit(1584721512.292:16624): proctitle="/usr/bin/mailq"
 type=AVC msg=audit(1584721512.309:16625): avc:  denied  { write } for  pid=24197 comm="postqueue" path="pipe:[1310760]" dev="pipefs" ino=1310760 scontext=system_u:system_r:postfix_postqueue_t:s0 tcontext=system_u:system_r:icinga2_t:s0 tclass=fifo_file permissive=1
 type=SYSCALL msg=audit(1584721512.309:16625): arch=c000003e syscall=59 success=yes exit=0 a0=564d7c8e5890 a1=564d7c8e58f0 a2=564d7c8dcf20 a3=564d7c8c8010 items=0 ppid=24196 pid=24197 auid=4294967295 uid=992 gid=989 euid=992 suid=992 fsuid=992 egid=90 sgid=90 fsgid=90 tty=(none) ses=4294967295 comm="postqueue" exe="/usr/sbin/postqueue" subj=system_u:system_r:postfix_postqueue_t:s0 key=(null)ARCH=x86_64 SYSCALL=execve AUID="unset" UID="icinga" GID="icinga" EUID="icinga" SUID="icinga" FSUID="icinga" EGID="postdrop" SGID="postdrop" FSGID="postdrop"
 type=PROCTITLE msg=audit(1584721512.309:16625): proctitle="/usr/bin/mailq"
 type=AVC msg=audit(1584721512.314:16626): avc:  denied  { getattr } for  pid=24197 comm="postqueue" path="pipe:[1310760]" dev="pipefs" ino=1310760 scontext=system_u:system_r:postfix_postqueue_t:s0 tcontext=system_u:system_r:icinga2_t:s0 tclass=fifo_file permissive=1
 type=SYSCALL msg=audit(1584721512.314:16626): arch=c000003e syscall=5 success=yes exit=0 a0=2 a1=7ffce44923e0 a2=7ffce44923e0 a3=55c3ac3eb010 items=0 ppid=24196 pid=24197 auid=4294967295 uid=992 gid=989 euid=992 suid=992 fsuid=992 egid=90 sgid=90 fsgid=90 tty=(none) ses=4294967295 comm="postqueue" exe="/usr/sbin/postqueue" subj=system_u:system_r:postfix_postqueue_t:s0 key=(null)ARCH=x86_64 SYSCALL=fstat AUID="unset" UID="icinga" GID="icinga" EUID="icinga" SUID="icinga" FSUID="icinga" EGID="postdrop" SGID="postdrop" FSGID="postdrop"
 type=PROCTITLE msg=audit(1584721512.314:16626): proctitle="/usr/bin/mailq"
	type=AVC msg=audit(1584721512.261:16623): avc: denied { map } for pid=24196 comm="check_mailq" path="/usr/bin/perl" dev="dm-0" ino=778301 scontext=system_u:system_r:nagios_mail_plugin_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1
	type=AVC msg=audit(1584721512.261:16623): avc: denied { execute } for pid=24196 comm="check_mailq" path="/usr/bin/perl" dev="dm-0" ino=778301 scontext=system_u:system_r:nagios_mail_plugin_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1
	type=SYSCALL msg=audit(1584721512.261:16623): arch=c000003e syscall=59 success=yes exit=0 a0=2dac4b0 a1=2dac4e0 a2=2dabc90 a3=fffffffffffffa86 items=0 ppid=18028 pid=24196 auid=4294967295 uid=992 gid=989 euid=992 suid=992 fsuid=992 egid=989 sgid=989 fsgid=989 tty=(none) ses=4294967295 comm="check_mailq" exe="/usr/bin/perl" subj=system_u:system_r:nagios_mail_plugin_t:s0 key=(null)ARCH=x86_64 SYSCALL=execve AUID="unset" UID="icinga" GID="icinga" EUID="icinga" SUID="icinga" FSUID="icinga" EGID="icinga" SGID="icinga" FSGID="icinga"
	type=PROCTITLE msg=audit(1584721512.261:16623): proctitle=2F7573722F62696E2F7065726C002D77002F7573722F6C696236342F6E6167696F732F706C7567696E732F636865636B5F6D61696C71002D4D00706F7374666978002D63003130002D770035
	type=AVC msg=audit(1584721512.292:16624): avc: denied { getattr } for pid=24197 comm="mailq" path="pipe:[1310760]" dev="pipefs" ino=1310760 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:system_r:icinga2_t:s0 tclass=fifo_file permissive=1
	type=SYSCALL msg=audit(1584721512.292:16624): arch=c000003e syscall=5 success=yes exit=0 a0=2 a1=7ffce37db130 a2=7ffce37db130 a3=564d7c8c8010 items=0 ppid=24196 pid=24197 auid=4294967295 uid=992 gid=989 euid=992 suid=992 fsuid=992 egid=989 sgid=989 fsgid=989 tty=(none) ses=4294967295 comm="mailq" exe="/usr/sbin/sendmail.postfix" subj=system_u:system_r:system_mail_t:s0 key=(null)ARCH=x86_64 SYSCALL=fstat AUID="unset" UID="icinga" GID="icinga" EUID="icinga" SUID="icinga" FSUID="icinga" EGID="icinga" SGID="icinga" FSGID="icinga"
	type=PROCTITLE msg=audit(1584721512.292:16624): proctitle="/usr/bin/mailq"
	type=AVC msg=audit(1584721512.309:16625): avc: denied { write } for pid=24197 comm="postqueue" path="pipe:[1310760]" dev="pipefs" ino=1310760 scontext=system_u:system_r:postfix_postqueue_t:s0 tcontext=system_u:system_r:icinga2_t:s0 tclass=fifo_file permissive=1
	type=SYSCALL msg=audit(1584721512.309:16625): arch=c000003e syscall=59 success=yes exit=0 a0=564d7c8e5890 a1=564d7c8e58f0 a2=564d7c8dcf20 a3=564d7c8c8010 items=0 ppid=24196 pid=24197 auid=4294967295 uid=992 gid=989 euid=992 suid=992 fsuid=992 egid=90 sgid=90 fsgid=90 tty=(none) ses=4294967295 comm="postqueue" exe="/usr/sbin/postqueue" subj=system_u:system_r:postfix_postqueue_t:s0 key=(null)ARCH=x86_64 SYSCALL=execve AUID="unset" UID="icinga" GID="icinga" EUID="icinga" SUID="icinga" FSUID="icinga" EGID="postdrop" SGID="postdrop" FSGID="postdrop"
	type=PROCTITLE msg=audit(1584721512.309:16625): proctitle="/usr/bin/mailq"
	type=AVC msg=audit(1584721512.314:16626): avc: denied { getattr } for pid=24197 comm="postqueue" path="pipe:[1310760]" dev="pipefs" ino=1310760 scontext=system_u:system_r:postfix_postqueue_t:s0 tcontext=system_u:system_r:icinga2_t:s0 tclass=fifo_file permissive=1
	type=SYSCALL msg=audit(1584721512.314:16626): arch=c000003e syscall=5 success=yes exit=0 a0=2 a1=7ffce44923e0 a2=7ffce44923e0 a3=55c3ac3eb010 items=0 ppid=24196 pid=24197 auid=4294967295 uid=992 gid=989 euid=992 suid=992 fsuid=992 egid=90 sgid=90 fsgid=90 tty=(none) ses=4294967295 comm="postqueue" exe="/usr/sbin/postqueue" subj=system_u:system_r:postfix_postqueue_t:s0 key=(null)ARCH=x86_64 SYSCALL=fstat AUID="unset" UID="icinga" GID="icinga" EUID="icinga" SUID="icinga" FSUID="icinga" EGID="postdrop" SGID="postdrop" FSGID="postdrop"
	type=PROCTITLE msg=audit(1584721512.314:16626): proctitle="/usr/bin/mailq"