vinzent/gist:e0f6026c3cff6038852a5919b9624823

## gistfile1.txt
# ausearch -m AVC,USER_AVC,SELINUX_ERR --start today -i
----
type=USER_AVC msg=audit(02/07/2018 10:11:45.153:807656) : pid=1 uid=root auid=unset ses=unset subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=2)  exe=/usr/lib/systemd/systemd sauid=root hostname=? addr=? terminal=?'
----
type=USER_AVC msg=audit(02/07/2018 10:12:59.848:807742) : pid=1 uid=root auid=unset ses=unset subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=3)  exe=/usr/lib/systemd/systemd sauid=root hostname=? addr=? terminal=?'
----
type=USER_AVC msg=audit(02/07/2018 10:20:17.465:808721) : pid=1 uid=root auid=unset ses=unset subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=4)  exe=/usr/lib/systemd/systemd sauid=root hostname=? addr=? terminal=?'
----
type=USER_AVC msg=audit(02/07/2018 10:25:37.738:809410) : pid=1 uid=root auid=unset ses=unset subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=5)  exe=/usr/lib/systemd/systemd sauid=root hostname=? addr=? terminal=?'
----
type=USER_AVC msg=audit(02/07/2018 10:28:58.978:809653) : pid=1 uid=root auid=unset ses=unset subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=6)  exe=/usr/lib/systemd/systemd sauid=root hostname=? addr=? terminal=?'
----
type=USER_AVC msg=audit(02/07/2018 10:52:44.578:812363) : pid=1 uid=root auid=unset ses=unset subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=7)  exe=/usr/lib/systemd/systemd sauid=root hostname=? addr=? terminal=?'
----
type=USER_AVC msg=audit(02/07/2018 11:23:54.139:816353) : pid=1 uid=root auid=unset ses=unset subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=8)  exe=/usr/lib/systemd/systemd sauid=root hostname=? addr=? terminal=?'
----
type=PROCTITLE msg=audit(02/07/2018 14:03:22.972:835799) : proctitle=php /opt/phab/phabricator/scripts/ssh/ssh-auth.php git
type=SYSCALL msg=audit(02/07/2018 14:03:22.972:835799) : arch=x86_64 syscall=connect success=no exit=EACCES(Permission denied) a0=0x3 a1=0x7ffd07c687f0 a2=0x1b a3=0x1 items=0 ppid=51013 pid=51014 auid=unset uid=phabricator gid=phabricator euid=phabricator suid=phabricator fsuid=phabricator egid=phabricator sgid=phabricator fsgid=phabricator tty=(none) ses=unset comm=php exe=/opt/rh/rh-php71/root/usr/bin/php subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(02/07/2018 14:03:22.972:835799) : avc:  denied  { connectto } for  pid=51014 comm=php path=/var/lib/mysql/mysql.sock scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:mysqld_t:s0 tclass=unix_stream_socket


# ls -lZ /opt/phab/phabricator/bin/ssh-auth-wrapper
-rwxr-xr-x. root root system_u:object_r:phabricator_ssh_auth_exec_t:s0 /opt/phab/phabricator/bin/ssh-auth-wrapper
	# ausearch -m AVC,USER_AVC,SELINUX_ERR --start today -i
	----
	type=USER_AVC msg=audit(02/07/2018 10:11:45.153:807656) : pid=1 uid=root auid=unset ses=unset subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=2) exe=/usr/lib/systemd/systemd sauid=root hostname=? addr=? terminal=?'
	----
	type=USER_AVC msg=audit(02/07/2018 10:12:59.848:807742) : pid=1 uid=root auid=unset ses=unset subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=3) exe=/usr/lib/systemd/systemd sauid=root hostname=? addr=? terminal=?'
	----
	type=USER_AVC msg=audit(02/07/2018 10:20:17.465:808721) : pid=1 uid=root auid=unset ses=unset subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=4) exe=/usr/lib/systemd/systemd sauid=root hostname=? addr=? terminal=?'
	----
	type=USER_AVC msg=audit(02/07/2018 10:25:37.738:809410) : pid=1 uid=root auid=unset ses=unset subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=5) exe=/usr/lib/systemd/systemd sauid=root hostname=? addr=? terminal=?'
	----
	type=USER_AVC msg=audit(02/07/2018 10:28:58.978:809653) : pid=1 uid=root auid=unset ses=unset subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=6) exe=/usr/lib/systemd/systemd sauid=root hostname=? addr=? terminal=?'
	----
	type=USER_AVC msg=audit(02/07/2018 10:52:44.578:812363) : pid=1 uid=root auid=unset ses=unset subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=7) exe=/usr/lib/systemd/systemd sauid=root hostname=? addr=? terminal=?'
	----
	type=USER_AVC msg=audit(02/07/2018 11:23:54.139:816353) : pid=1 uid=root auid=unset ses=unset subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=8) exe=/usr/lib/systemd/systemd sauid=root hostname=? addr=? terminal=?'
	----
	type=PROCTITLE msg=audit(02/07/2018 14:03:22.972:835799) : proctitle=php /opt/phab/phabricator/scripts/ssh/ssh-auth.php git
	type=SYSCALL msg=audit(02/07/2018 14:03:22.972:835799) : arch=x86_64 syscall=connect success=no exit=EACCES(Permission denied) a0=0x3 a1=0x7ffd07c687f0 a2=0x1b a3=0x1 items=0 ppid=51013 pid=51014 auid=unset uid=phabricator gid=phabricator euid=phabricator suid=phabricator fsuid=phabricator egid=phabricator sgid=phabricator fsgid=phabricator tty=(none) ses=unset comm=php exe=/opt/rh/rh-php71/root/usr/bin/php subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
	type=AVC msg=audit(02/07/2018 14:03:22.972:835799) : avc: denied { connectto } for pid=51014 comm=php path=/var/lib/mysql/mysql.sock scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:mysqld_t:s0 tclass=unix_stream_socket


	# ls -lZ /opt/phab/phabricator/bin/ssh-auth-wrapper
	-rwxr-xr-x. root root system_u:object_r:phabricator_ssh_auth_exec_t:s0 /opt/phab/phabricator/bin/ssh-auth-wrapper