RHEL8: SELinux Blocking GPG Key Access

[JoePJisc]

Working with a clean install on RHEL8, all seems good except MISP is being blocked form accessing the GPG key by SELinux.

• OS: AlmaLinux release 8.6 (Sky Tiger) - also validated on Red Hat Enterprise Linux release 8.6 (Ootpa)
• RPM Version: 2.4.158-2.el8

I'm not sure if this is an RPM issue, or a MISP issue to fix, so starting here.

Setup Steps

Per RHEL8.md then:

• Enable HTTPS

• Generate Key:

  1. vi /tmp/gpg.conf

     Key-Type: default
     Key-Length: 2048
     Subkey-Type: default
     Name-Real: OrgName
     Name-Comment: MISP
     Name-Email: misp@domain.tld
     Expire-Date: 0
     Passphrase: qwertyuiop
     %commit

  2. sudo gpg --homedir /var/www/MISP/.gnupg --batch --gen-key /tmp/gpg.conf

  3. rm /tmp/gpg.conf

  4. sudo chown apache: -R /var/www/MISP/.gnupg

  5. sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/.gnupg

  6. sudo gpg --homedir /var/www/MISP/.gnupg --export --armor misp@domain.tld | sudo tee /var/www/MISP/app/webroot/gpg.asc

  7. sudo chown apache: /var/www/MISP/app/webroot/gpg.asc

  8. Configure GnuPG.email, GnuPG.homedir and GnuPG.password.

I found that the SELinux bool to allow HTTPD to use GPG (httpd_use_gpg) is set to 0 after install, setting this to 1 changes the error, but doesn't fix the issue. Below is the output of https://github.com/SteveClement/misp-test with 'debug' => true, added to the start of the array on line 260 ($gpg = new Crypt_GPG(array().

httpd_use_gpg = 0

Status: Crypt_GPG_Exception: Unknown error getting keys. Please use the 'debug' option when creating the Crypt_GPG object, and file a bug report at http://pear.php.net/bugs/report.php?package=Crypt_GPG in /var/www/MISP/app/Vendor/pear/crypt_gpg/Crypt/GPG/Engine.php on line 1741.

Debug Output

Crypt_GPG DEBUG: OPENING GPG SUBPROCESS WITH THE FOLLOWING COMMAND:
Crypt_GPG DEBUG: /usr/bin/gpg --status-fd '3' --command-fd '4' --no-secmem-warning --no-tty --no-default-keyring --no-options --always-trust --ignore-time-conflict --ignore-valid-from --homedir '/var/www/MISP/.gnupg' --version
Crypt_GPG DEBUG: BEGIN PROCESSING
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 1
Crypt_GPG DEBUG: GPG output stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG output
Crypt_GPG DEBUG: => read 588 bytes
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 3
Crypt_GPG DEBUG: GPG output stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG output
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: GPG error stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG error
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: GPG status stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG status
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: END PROCESSING
Crypt_GPG DEBUG: CLOSING GPG SUBPROCESS
Crypt_GPG DEBUG: USING GPG 2.2.20 with PHP 7.4.29
Crypt_GPG DEBUG: OPENING GPG SUBPROCESS WITH THE FOLLOWING COMMAND:
Crypt_GPG DEBUG: /usr/bin/gpg --status-fd '3' --command-fd '4' --no-secmem-warning --no-tty --no-default-keyring --no-options --no-permission-warning --exit-on-status-write-error --trust-model always --pinentry-mode loopback --ignore-time-conflict --ignore-valid-from --with-colons --with-fingerprint --with-fingerprint --fixed-list-mode --homedir '/var/www/MISP/.gnupg' --utf8-strings --list-secret-keys -- 'misp@domain.tld'
Crypt_GPG DEBUG: BEGIN PROCESSING
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 1
Crypt_GPG DEBUG: GPG error stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG error
Crypt_GPG DEBUG: => read 141 bytes
Crypt_GPG DEBUG: ERROR: gpg: can't connect to the agent: IPC connect call failed
Crypt_GPG DEBUG: ERROR: gpg: keydb_search failed: No agent running
Crypt_GPG DEBUG: ERROR: gpg: error reading key: No agent running
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 3
Crypt_GPG DEBUG: GPG output stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG output
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: GPG error stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG error
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: GPG status stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG status
Crypt_GPG DEBUG: => read 39 bytes
Crypt_GPG DEBUG: STATUS: ERROR keylist.getkey 33554509
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 1
Crypt_GPG DEBUG: GPG status stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG status
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: END PROCESSING
Crypt_GPG DEBUG: CLOSING GPG SUBPROCESS
Crypt_GPG DEBUG: => subprocess returned an unexpected exit code: 2

audit.log

type=AVC msg=audit(1652632300.078:989): avc:  denied  { create } for  pid=6955 comm="gpg-agent" name="S.gpg-agent" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=sock_file permissive=0
type=SYSCALL msg=audit(1652632300.078:989): arch=c000003e syscall=49 success=no exit=-13 a0=4 a1=56096f51ff70 a2=22 a3=31 items=2 ppid=1 pid=6955 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg-agent" exe="/usr/bin/gpg-agent" subj=system_u:system_r:httpd_t:s0 key=(null) ARCH=x86_64 SYSCALL=bind AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=SOCKADDR msg=audit(1652632300.078:989): saddr=01002F7661722F7777772F4D4953502F2E676E7570672F532E6770672D6167656E74 SADDR={ saddr_fam=local path=/var/www/MISP/.gnupg/S.gpg-agent }
type=CWD msg=audit(1652632300.078:989): cwd="/"
type=PATH msg=audit(1652632300.078:989): item=0 name="/var/www/MISP/.gnupg/" inode=201782331 dev=fd:00 mode=040700 ouid=48 ogid=48 rdev=00:00 obj=unconfined_u:object_r:httpd_sys_rw_content_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 OUID="apache" OGID="apache"
type=PATH msg=audit(1652632300.078:989): item=1 name="/var/www/MISP/.gnupg/S.gpg-agent" nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632300.078:989): proctitle=6770672D6167656E74002D2D686F6D65646972002F7661722F7777772F4D4953502F2E676E757067002D2D7573652D7374616E646172642D736F636B6574002D2D6461656D6F6E

httpd_use_gpg = 1

Status: Crypt_GPG_KeyNotFoundException: Key not found: misp@domain.tld in /var/www/MISP/app/Vendor/pear/crypt_gpg/Crypt/GPG.php on line 1164.

Debug Output

Crypt_GPG DEBUG: OPENING GPG SUBPROCESS WITH THE FOLLOWING COMMAND:
Crypt_GPG DEBUG: /usr/bin/gpg --status-fd '3' --command-fd '4' --no-secmem-warning --no-tty --no-default-keyring --no-options --always-trust --ignore-time-conflict --ignore-valid-from --homedir '/var/www/MISP/.gnupg' --version
Crypt_GPG DEBUG: BEGIN PROCESSING
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 3
Crypt_GPG DEBUG: GPG output stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG output
Crypt_GPG DEBUG: => read 588 bytes
Crypt_GPG DEBUG: GPG error stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG error
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: GPG status stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG status
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 1
Crypt_GPG DEBUG: GPG output stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG output
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: END PROCESSING
Crypt_GPG DEBUG: CLOSING GPG SUBPROCESS
Crypt_GPG DEBUG: USING GPG 2.2.20 with PHP 7.4.29
Crypt_GPG DEBUG: OPENING GPG SUBPROCESS WITH THE FOLLOWING COMMAND:
Crypt_GPG DEBUG: /usr/bin/gpg --status-fd '3' --command-fd '4' --no-secmem-warning --no-tty --no-default-keyring --no-options --no-permission-warning --exit-on-status-write-error --trust-model always --pinentry-mode loopback --ignore-time-conflict --ignore-valid-from --with-colons --with-fingerprint --with-fingerprint --fixed-list-mode --homedir '/var/www/MISP/.gnupg' --utf8-strings --list-secret-keys -- 'misp@domain.tld'
Crypt_GPG DEBUG: BEGIN PROCESSING
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 3
Crypt_GPG DEBUG: GPG output stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG output
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: GPG error stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG error
Crypt_GPG DEBUG: => read 115 bytes
Crypt_GPG DEBUG: ERROR: gpg: keyblock resource '/var/www/MISP/.gnupg/pubring.kbx': Permission denied
Crypt_GPG DEBUG: ERROR: gpg: error reading key: No secret key
Crypt_GPG DEBUG: GPG status stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG status
Crypt_GPG DEBUG: => read 116 bytes
Crypt_GPG DEBUG: STATUS: ERROR add_keyblock_resource 33587201
Crypt_GPG DEBUG: STATUS: ERROR keydb_search 33554445
Crypt_GPG DEBUG: STATUS: ERROR keylist.getkey 17
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 2
Crypt_GPG DEBUG: GPG error stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG error
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: GPG status stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG status
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: END PROCESSING
Crypt_GPG DEBUG: CLOSING GPG SUBPROCESS
Crypt_GPG DEBUG: => subprocess returned an unexpected exit code: 2
Crypt_GPG DEBUG: USING GPG 2.2.20 with PHP 7.4.29
Crypt_GPG DEBUG: OPENING GPG SUBPROCESS WITH THE FOLLOWING COMMAND:
Crypt_GPG DEBUG: /usr/bin/gpg --status-fd '3' --command-fd '4' --no-secmem-warning --no-tty --no-default-keyring --no-options --no-permission-warning --exit-on-status-write-error --trust-model always --pinentry-mode loopback --ignore-time-conflict --ignore-valid-from --with-colons --with-fingerprint --with-fingerprint --fixed-list-mode --homedir '/var/www/MISP/.gnupg' --utf8-strings --list-public-keys -- 'misp@domain.tld'
Crypt_GPG DEBUG: BEGIN PROCESSING
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 3
Crypt_GPG DEBUG: GPG output stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG output
Crypt_GPG DEBUG: => read 18 bytes
Crypt_GPG DEBUG: GPG error stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG error
Crypt_GPG DEBUG: => read 115 bytes
Crypt_GPG DEBUG: ERROR: gpg: keyblock resource '/var/www/MISP/.gnupg/pubring.kbx': Permission denied
Crypt_GPG DEBUG: ERROR: gpg: error reading key: No public key
Crypt_GPG DEBUG: GPG status stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG status
Crypt_GPG DEBUG: => read 115 bytes
Crypt_GPG DEBUG: STATUS: ERROR add_keyblock_resource 33587201
Crypt_GPG DEBUG: STATUS: ERROR keydb_search 33554445
Crypt_GPG DEBUG: STATUS: ERROR keylist.getkey 9
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 3
Crypt_GPG DEBUG: GPG output stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG output
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: GPG error stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG error
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: GPG status stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG status
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: END PROCESSING
Crypt_GPG DEBUG: CLOSING GPG SUBPROCESS
Crypt_GPG DEBUG: => subprocess returned an unexpected exit code: 2

audit.log

[too long to post will add as comment]

After sudo setenforce 0

The key loads as expected.

Debug Output

Crypt_GPG DEBUG: OPENING GPG SUBPROCESS WITH THE FOLLOWING COMMAND:
Crypt_GPG DEBUG: /usr/bin/gpg --status-fd '3' --command-fd '4' --no-secmem-warning --no-tty --no-default-keyring --no-options --always-trust --ignore-time-conflict --ignore-valid-from --homedir '/var/www/MISP/.gnupg' --version
Crypt_GPG DEBUG: BEGIN PROCESSING
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 3
Crypt_GPG DEBUG: GPG output stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG output
Crypt_GPG DEBUG: => read 588 bytes
Crypt_GPG DEBUG: GPG error stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG error
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: GPG status stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG status
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 1
Crypt_GPG DEBUG: GPG output stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG output
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: END PROCESSING
Crypt_GPG DEBUG: CLOSING GPG SUBPROCESS
Crypt_GPG DEBUG: USING GPG 2.2.20 with PHP 7.4.29
Crypt_GPG DEBUG: OPENING GPG SUBPROCESS WITH THE FOLLOWING COMMAND:
Crypt_GPG DEBUG: /usr/bin/gpg --status-fd '3' --command-fd '4' --no-secmem-warning --no-tty --no-default-keyring --no-options --no-permission-warning --exit-on-status-write-error --trust-model always --pinentry-mode loopback --ignore-time-conflict --ignore-valid-from --with-colons --with-fingerprint --with-fingerprint --fixed-list-mode --homedir '/var/www/MISP/.gnupg' --utf8-strings --list-secret-keys -- 'misp@domain.tld'
Crypt_GPG DEBUG: BEGIN PROCESSING
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 1
Crypt_GPG DEBUG: GPG status stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG status
Crypt_GPG DEBUG: => read 67 bytes
Crypt_GPG DEBUG: STATUS: KEY_CONSIDERED 2E3D82DB005E22F7BE6EE7FA1FDBC21A2D53C729 0
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 3
Crypt_GPG DEBUG: GPG output stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG output
Crypt_GPG DEBUG: => read 453 bytes
Crypt_GPG DEBUG: GPG error stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG error
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: GPG status stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG status
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 1
Crypt_GPG DEBUG: GPG output stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG output
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: END PROCESSING
Crypt_GPG DEBUG: CLOSING GPG SUBPROCESS
Crypt_GPG DEBUG: USING GPG 2.2.20 with PHP 7.4.29
Crypt_GPG DEBUG: OPENING GPG SUBPROCESS WITH THE FOLLOWING COMMAND:
Crypt_GPG DEBUG: /usr/bin/gpg --status-fd '3' --command-fd '4' --no-secmem-warning --no-tty --no-default-keyring --no-options --no-permission-warning --exit-on-status-write-error --trust-model always --pinentry-mode loopback --ignore-time-conflict --ignore-valid-from --with-colons --with-fingerprint --with-fingerprint --fixed-list-mode --homedir '/var/www/MISP/.gnupg' --utf8-strings --list-public-keys -- 'misp@domain.tld'
Crypt_GPG DEBUG: BEGIN PROCESSING
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 3
Crypt_GPG DEBUG: GPG output stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG output
Crypt_GPG DEBUG: => read 371 bytes
Crypt_GPG DEBUG: GPG error stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG error
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: GPG status stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG status
Crypt_GPG DEBUG: => read 67 bytes
Crypt_GPG DEBUG: STATUS: KEY_CONSIDERED 2E3D82DB005E22F7BE6EE7FA1FDBC21A2D53C729 0
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 2
Crypt_GPG DEBUG: GPG output stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG output
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: GPG status stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG status
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: END PROCESSING
Crypt_GPG DEBUG: CLOSING GPG SUBPROCESS
Crypt_GPG DEBUG: USING GPG 2.2.20 with PHP 7.4.29
Crypt_GPG DEBUG: OPENING GPG SUBPROCESS WITH THE FOLLOWING COMMAND:
Crypt_GPG DEBUG: /usr/bin/gpg --status-fd '3' --command-fd '4' --no-secmem-warning --no-tty --no-default-keyring --no-options --no-permission-warning --exit-on-status-write-error --trust-model always --pinentry-mode loopback --ignore-time-conflict --ignore-valid-from --armor --local-user '2E3D82DB005E22F7BE6EE7FA1FDBC21A2D53C729' --local-user '517A45ADCB91AD47C64999829699519C22DC816D' --homedir '/var/www/MISP/.gnupg' --clearsign
Crypt_GPG DEBUG: BEGIN PROCESSING
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 1
Crypt_GPG DEBUG: GPG is ready for input
Crypt_GPG DEBUG: => about to write 4 bytes to GPG input
Crypt_GPG DEBUG: => wrote 4 bytes
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 1
Crypt_GPG DEBUG: GPG is ready for input
Crypt_GPG DEBUG: => about to write 0 bytes to GPG input
Crypt_GPG DEBUG: => broken pipe on GPG input
Crypt_GPG DEBUG: => closing pipe GPG input
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 1
Crypt_GPG DEBUG: GPG status stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG status
Crypt_GPG DEBUG: => read 67 bytes
Crypt_GPG DEBUG: STATUS: KEY_CONSIDERED 2E3D82DB005E22F7BE6EE7FA1FDBC21A2D53C729 0
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 2
Crypt_GPG DEBUG: GPG error stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG error
Crypt_GPG DEBUG: => read 41 bytes
Crypt_GPG DEBUG: ERROR: gpg: skipped: secret key already present
Crypt_GPG DEBUG: GPG status stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG status
Crypt_GPG DEBUG: => read 67 bytes
Crypt_GPG DEBUG: STATUS: KEY_CONSIDERED 2E3D82DB005E22F7BE6EE7FA1FDBC21A2D53C729 0
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 2
Crypt_GPG DEBUG: GPG output stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG output
Crypt_GPG DEBUG: => read 54 bytes
Crypt_GPG DEBUG: GPG status stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG status
Crypt_GPG DEBUG: => read 26 bytes
Crypt_GPG DEBUG: STATUS: BEGIN_SIGNING H8
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 1
Crypt_GPG DEBUG: GPG status stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG status
Crypt_GPG DEBUG: => read 199 bytes
Crypt_GPG DEBUG: STATUS: USERID_HINT 9699519C22DC816D OrgName (MISP) <misp@domain.tld>
Crypt_GPG DEBUG: STATUS: NEED_PASSPHRASE 9699519C22DC816D 1FDBC21A2D53C729 1 0
Crypt_GPG DEBUG: STATUS: INQUIRE_MAXLEN 100
Crypt_GPG DEBUG: STATUS: GET_HIDDEN passphrase.enter
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 1
Crypt_GPG DEBUG: GPG is ready for command data
Crypt_GPG DEBUG: => about to write 82 bytes to GPG command
Crypt_GPG DEBUG: => wrote 82
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 1
Crypt_GPG DEBUG: GPG status stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG status
Crypt_GPG DEBUG: => read 16 bytes
Crypt_GPG DEBUG: STATUS: GOT_IT
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 3
Crypt_GPG DEBUG: GPG output stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG output
Crypt_GPG DEBUG: => read 488 bytes
Crypt_GPG DEBUG: GPG error stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG error
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: GPG status stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG status
Crypt_GPG DEBUG: => read 82 bytes
Crypt_GPG DEBUG: STATUS: SIG_CREATED C 1 8 01 1652632178 517A45ADCB91AD47C64999829699519C22DC816D
Crypt_GPG DEBUG: selecting streams
Crypt_GPG DEBUG: => got 2
Crypt_GPG DEBUG: GPG output stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG output
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: GPG status stream ready for reading
Crypt_GPG DEBUG: => about to read 65536 bytes from GPG status
Crypt_GPG DEBUG: => read 0 bytes
Crypt_GPG DEBUG: END PROCESSING
Crypt_GPG DEBUG: CLOSING GPG SUBPROCESS

[JoePJisc]

httpd_use_gpg 1 audit.log:

type=AVC msg=audit(1652632401.302:992): avc:  denied  { search } for  pid=6997 comm="gpg" name="sss" dev="dm-0" ino=67529013 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.302:992): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=560b11d48780 a2=80000 a3=0 items=1 ppid=1284 pid=6997 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=openat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.302:992): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.302:992): item=0 name="/var/lib/sss/mc/passwd" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.302:992): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D616C776179732D7472757374002D2D69676E6F7265
type=AVC msg=audit(1652632401.302:993): avc:  denied  { search } for  pid=6997 comm="gpg" name="sss" dev="dm-0" ino=67529013 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.302:993): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=560b11d48780 a2=80000 a3=0 items=1 ppid=1284 pid=6997 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=openat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.302:993): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.302:993): item=0 name="/var/lib/sss/mc/passwd" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.302:993): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D616C776179732D7472757374002D2D69676E6F7265
type=AVC msg=audit(1652632401.302:994): avc:  denied  { search } for  pid=6997 comm="gpg" name="sss" dev="dm-0" ino=67529013 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.302:994): arch=c000003e syscall=42 success=no exit=-13 a0=6 a1=7ffeda521690 a2=6e a3=0 items=1 ppid=1284 pid=6997 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=connect AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=SOCKADDR msg=audit(1652632401.302:994): saddr=01002F7661722F6C69622F7373732F70697065732F6E73730000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 SADDR={ saddr_fam=local path=/var/lib/sss/pipes/nss }
type=CWD msg=audit(1652632401.302:994): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.302:994): item=0 name="/var/lib/sss/pipes/nss" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.302:994): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D616C776179732D7472757374002D2D69676E6F7265
type=AVC msg=audit(1652632401.303:995): avc:  denied  { read } for  pid=6997 comm="gpg" name="passwd" dev="dm-0" ino=135461644 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=0
type=SYSCALL msg=audit(1652632401.303:995): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7f111af8aeae a2=80000 a3=0 items=1 ppid=1284 pid=6997 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=openat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.303:995): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.303:995): item=0 name="/etc/passwd" inode=135461644 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 OUID="root" OGID="root"
type=PROCTITLE msg=audit(1652632401.303:995): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D616C776179732D7472757374002D2D69676E6F7265
type=AVC msg=audit(1652632401.304:996): avc:  denied  { search } for  pid=6997 comm="gpg" name="sss" dev="dm-0" ino=67529013 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.304:996): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=560b11d4d5f0 a2=80000 a3=0 items=1 ppid=1284 pid=6997 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=openat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.304:996): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.304:996): item=0 name="/var/lib/sss/mc/passwd" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.304:996): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D616C776179732D7472757374002D2D69676E6F7265
type=AVC msg=audit(1652632401.304:997): avc:  denied  { search } for  pid=6997 comm="gpg" name="sss" dev="dm-0" ino=67529013 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.304:997): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=560b11d4d5f0 a2=80000 a3=0 items=1 ppid=1284 pid=6997 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=openat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.304:997): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.304:997): item=0 name="/var/lib/sss/mc/passwd" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.304:997): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D616C776179732D7472757374002D2D69676E6F7265
type=AVC msg=audit(1652632401.304:998): avc:  denied  { search } for  pid=6997 comm="gpg" name="sss" dev="dm-0" ino=67529013 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.304:998): arch=c000003e syscall=42 success=no exit=-13 a0=6 a1=7ffeda521670 a2=6e a3=0 items=1 ppid=1284 pid=6997 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=connect AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=SOCKADDR msg=audit(1652632401.304:998): saddr=01002F7661722F6C69622F7373732F70697065732F6E73730000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 SADDR={ saddr_fam=local path=/var/lib/sss/pipes/nss }
type=CWD msg=audit(1652632401.304:998): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.304:998): item=0 name="/var/lib/sss/pipes/nss" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.304:998): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D616C776179732D7472757374002D2D69676E6F7265
type=AVC msg=audit(1652632401.304:999): avc:  denied  { read } for  pid=6997 comm="gpg" name="passwd" dev="dm-0" ino=135461644 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=0
type=SYSCALL msg=audit(1652632401.304:999): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7f111af8aeae a2=80000 a3=0 items=1 ppid=1284 pid=6997 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=openat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.304:999): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.304:999): item=0 name="/etc/passwd" inode=135461644 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 OUID="root" OGID="root"
type=PROCTITLE msg=audit(1652632401.304:999): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D616C776179732D7472757374002D2D69676E6F7265
type=AVC msg=audit(1652632401.304:1000): avc:  denied  { search } for  pid=6997 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.304:1000): arch=c000003e syscall=21 success=no exit=-13 a0=560b11d4d5c0 a1=4 a2=0 a3=57 items=1 ppid=1284 pid=6997 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.304:1000): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.304:1000): item=0 name="/var/www/MISP/.gnupg/gpg.conf-2.2.20" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.304:1000): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D616C776179732D7472757374002D2D69676E6F7265
type=AVC msg=audit(1652632401.304:1001): avc:  denied  { search } for  pid=6997 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.304:1001): arch=c000003e syscall=21 success=no exit=-13 a0=560b11d4d5c0 a1=4 a2=0 a3=57 items=1 ppid=1284 pid=6997 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.304:1001): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.304:1001): item=0 name="/var/www/MISP/.gnupg/gpg.conf-2.2" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.304:1001): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D616C776179732D7472757374002D2D69676E6F7265
type=AVC msg=audit(1652632401.304:1002): avc:  denied  { search } for  pid=6997 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.304:1002): arch=c000003e syscall=21 success=no exit=-13 a0=560b11d4d5c0 a1=4 a2=0 a3=57 items=1 ppid=1284 pid=6997 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.304:1002): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.304:1002): item=0 name="/var/www/MISP/.gnupg/gpg.conf-2" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.304:1002): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D616C776179732D7472757374002D2D69676E6F7265
type=AVC msg=audit(1652632401.304:1003): avc:  denied  { search } for  pid=6997 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.304:1003): arch=c000003e syscall=21 success=no exit=-13 a0=560b11d4d5c0 a1=4 a2=0 a3=57 items=1 ppid=1284 pid=6997 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.304:1003): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.304:1003): item=0 name="/var/www/MISP/.gnupg/gpg.conf" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.304:1003): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D616C776179732D7472757374002D2D69676E6F7265
type=AVC msg=audit(1652632401.304:1004): avc:  denied  { search } for  pid=6997 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.304:1004): arch=c000003e syscall=21 success=no exit=-13 a0=560b11d4d610 a1=4 a2=0 a3=57 items=1 ppid=1284 pid=6997 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.304:1004): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.304:1004): item=0 name="/var/www/MISP/.gnupg/options" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.304:1004): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D616C776179732D7472757374002D2D69676E6F7265
type=AVC msg=audit(1652632401.304:1005): avc:  denied  { search } for  pid=6997 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.304:1005): arch=c000003e syscall=4 success=no exit=-13 a0=560b11d4d640 a1=7ffeda521db0 a2=7ffeda521db0 a3=57 items=1 ppid=1284 pid=6997 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=stat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.304:1005): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.304:1005): item=0 name="/var/www/MISP/.gnupg" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.304:1005): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D616C776179732D7472757374002D2D69676E6F7265
type=AVC msg=audit(1652632401.311:1006): avc:  denied  { search } for  pid=7000 comm="gpg" name="sss" dev="dm-0" ino=67529013 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.311:1006): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=55ff3bce2780 a2=80000 a3=0 items=1 ppid=1284 pid=7000 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=openat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.311:1006): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.311:1006): item=0 name="/var/lib/sss/mc/passwd" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.311:1006): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.311:1007): avc:  denied  { search } for  pid=7000 comm="gpg" name="sss" dev="dm-0" ino=67529013 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.311:1007): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=55ff3bce2780 a2=80000 a3=0 items=1 ppid=1284 pid=7000 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=openat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.311:1007): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.311:1007): item=0 name="/var/lib/sss/mc/passwd" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.311:1007): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.311:1008): avc:  denied  { search } for  pid=7000 comm="gpg" name="sss" dev="dm-0" ino=67529013 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.311:1008): arch=c000003e syscall=42 success=no exit=-13 a0=6 a1=7ffde43b8710 a2=6e a3=0 items=1 ppid=1284 pid=7000 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=connect AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=SOCKADDR msg=audit(1652632401.311:1008): saddr=01002F7661722F6C69622F7373732F70697065732F6E73730000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 SADDR={ saddr_fam=local path=/var/lib/sss/pipes/nss }
type=CWD msg=audit(1652632401.311:1008): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.311:1008): item=0 name="/var/lib/sss/pipes/nss" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.311:1008): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.311:1009): avc:  denied  { read } for  pid=7000 comm="gpg" name="passwd" dev="dm-0" ino=135461644 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=0
type=SYSCALL msg=audit(1652632401.311:1009): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ff463e75eae a2=80000 a3=0 items=1 ppid=1284 pid=7000 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=openat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.311:1009): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.311:1009): item=0 name="/etc/passwd" inode=135461644 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 OUID="root" OGID="root"
type=PROCTITLE msg=audit(1652632401.311:1009): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.312:1010): avc:  denied  { search } for  pid=7000 comm="gpg" name="sss" dev="dm-0" ino=67529013 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.312:1010): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=55ff3bce75f0 a2=80000 a3=0 items=1 ppid=1284 pid=7000 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=openat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.312:1010): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.312:1010): item=0 name="/var/lib/sss/mc/passwd" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.312:1010): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.312:1011): avc:  denied  { search } for  pid=7000 comm="gpg" name="sss" dev="dm-0" ino=67529013 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.312:1011): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=55ff3bce75f0 a2=80000 a3=0 items=1 ppid=1284 pid=7000 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=openat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.312:1011): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.312:1011): item=0 name="/var/lib/sss/mc/passwd" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.312:1011): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.312:1012): avc:  denied  { search } for  pid=7000 comm="gpg" name="sss" dev="dm-0" ino=67529013 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.312:1012): arch=c000003e syscall=42 success=no exit=-13 a0=6 a1=7ffde43b86f0 a2=6e a3=0 items=1 ppid=1284 pid=7000 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=connect AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=SOCKADDR msg=audit(1652632401.312:1012): saddr=01002F7661722F6C69622F7373732F70697065732F6E73730000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 SADDR={ saddr_fam=local path=/var/lib/sss/pipes/nss }
type=CWD msg=audit(1652632401.312:1012): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.312:1012): item=0 name="/var/lib/sss/pipes/nss" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.312:1012): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.313:1013): avc:  denied  { read } for  pid=7000 comm="gpg" name="passwd" dev="dm-0" ino=135461644 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=0
type=SYSCALL msg=audit(1652632401.313:1013): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ff463e75eae a2=80000 a3=0 items=1 ppid=1284 pid=7000 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=openat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.313:1013): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.313:1013): item=0 name="/etc/passwd" inode=135461644 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 OUID="root" OGID="root"
type=PROCTITLE msg=audit(1652632401.313:1013): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.313:1014): avc:  denied  { search } for  pid=7000 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.313:1014): arch=c000003e syscall=21 success=no exit=-13 a0=55ff3bce75c0 a1=4 a2=0 a3=57 items=1 ppid=1284 pid=7000 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.313:1014): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.313:1014): item=0 name="/var/www/MISP/.gnupg/gpg.conf-2.2.20" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.313:1014): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.313:1015): avc:  denied  { search } for  pid=7000 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.313:1015): arch=c000003e syscall=21 success=no exit=-13 a0=55ff3bce75c0 a1=4 a2=0 a3=57 items=1 ppid=1284 pid=7000 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.313:1015): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.313:1015): item=0 name="/var/www/MISP/.gnupg/gpg.conf-2.2" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.313:1015): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.313:1016): avc:  denied  { search } for  pid=7000 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.313:1016): arch=c000003e syscall=21 success=no exit=-13 a0=55ff3bce75c0 a1=4 a2=0 a3=57 items=1 ppid=1284 pid=7000 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.313:1016): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.313:1016): item=0 name="/var/www/MISP/.gnupg/gpg.conf-2" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.313:1016): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.313:1017): avc:  denied  { search } for  pid=7000 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.313:1017): arch=c000003e syscall=21 success=no exit=-13 a0=55ff3bce75c0 a1=4 a2=0 a3=57 items=1 ppid=1284 pid=7000 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.313:1017): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.313:1017): item=0 name="/var/www/MISP/.gnupg/gpg.conf" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.313:1017): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.313:1018): avc:  denied  { search } for  pid=7000 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.313:1018): arch=c000003e syscall=21 success=no exit=-13 a0=55ff3bce7610 a1=4 a2=0 a3=57 items=1 ppid=1284 pid=7000 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.313:1018): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.313:1018): item=0 name="/var/www/MISP/.gnupg/options" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.313:1018): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.313:1019): avc:  denied  { search } for  pid=7000 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.313:1019): arch=c000003e syscall=21 success=no exit=-13 a0=55ff3bce75c0 a1=0 a2=1000000 a3=1 items=1 ppid=1284 pid=7000 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.313:1019): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.313:1019): item=0 name="/var/www/MISP/.gnupg/random_seed" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.313:1019): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.313:1020): avc:  denied  { search } for  pid=7000 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.313:1020): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=55ff3bce75c0 a2=0 a3=0 items=1 ppid=1284 pid=7000 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=openat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.313:1020): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.313:1020): item=0 name="/var/www/MISP/.gnupg/pubring.gpg" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.313:1020): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.313:1021): avc:  denied  { search } for  pid=7000 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.313:1021): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=55ff3bce75c0 a2=0 a3=0 items=1 ppid=1284 pid=7000 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=openat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.313:1021): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.313:1021): item=0 name="/var/www/MISP/.gnupg/pubring.kbx" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.313:1021): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.313:1022): avc:  denied  { search } for  pid=7000 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.313:1022): arch=c000003e syscall=21 success=no exit=-13 a0=55ff3bce75c0 a1=0 a2=1 a3=0 items=1 ppid=1284 pid=7000 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.313:1022): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.313:1022): item=0 name="/var/www/MISP/.gnupg/pubring.kbx" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.313:1022): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.313:1023): avc:  denied  { search } for  pid=7000 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.313:1023): arch=c000003e syscall=21 success=no exit=-13 a0=55ff3bce75c0 a1=0 a2=102111 a3=0 items=1 ppid=1284 pid=7000 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.313:1023): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.313:1023): item=0 name="/var/www/MISP/.gnupg" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.313:1023): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.313:1024): avc:  denied  { search } for  pid=7000 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.313:1024): arch=c000003e syscall=21 success=no exit=-13 a0=55ff3bce75c0 a1=0 a2=ffffffffffffff80 a3=0 items=1 ppid=1284 pid=7000 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.313:1024): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.313:1024): item=0 name="/var/www/MISP/.gnupg" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.313:1024): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.314:1025): avc:  denied  { search } for  pid=7000 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.314:1025): arch=c000003e syscall=21 success=no exit=-13 a0=55ff3bce75c0 a1=0 a2=0 a3=0 items=1 ppid=1284 pid=7000 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.314:1025): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.314:1025): item=0 name="/var/www/MISP/.gnupg/secring.gpg" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.314:1025): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.314:1026): avc:  denied  { search } for  pid=7000 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.314:1026): arch=c000003e syscall=4 success=no exit=-13 a0=55ff3bced9b0 a1=7ffde43b8b40 a2=7ffde43b8b40 a3=0 items=1 ppid=1284 pid=7000 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=stat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.314:1026): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.314:1026): item=0 name="/var/www/MISP/.gnupg/trustdb.gpg" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.314:1026): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.319:1027): avc:  denied  { search } for  pid=7001 comm="gpg" name="sss" dev="dm-0" ino=67529013 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.319:1027): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=5597119c5780 a2=80000 a3=0 items=1 ppid=1284 pid=7001 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=openat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.319:1027): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.319:1027): item=0 name="/var/lib/sss/mc/passwd" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.319:1027): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.319:1028): avc:  denied  { search } for  pid=7001 comm="gpg" name="sss" dev="dm-0" ino=67529013 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.319:1028): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=5597119c5780 a2=80000 a3=0 items=1 ppid=1284 pid=7001 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=openat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.319:1028): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.319:1028): item=0 name="/var/lib/sss/mc/passwd" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.319:1028): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.319:1029): avc:  denied  { search } for  pid=7001 comm="gpg" name="sss" dev="dm-0" ino=67529013 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.319:1029): arch=c000003e syscall=42 success=no exit=-13 a0=6 a1=7ffcd5904110 a2=6e a3=0 items=1 ppid=1284 pid=7001 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=connect AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=SOCKADDR msg=audit(1652632401.319:1029): saddr=01002F7661722F6C69622F7373732F70697065732F6E73730000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 SADDR={ saddr_fam=local path=/var/lib/sss/pipes/nss }
type=CWD msg=audit(1652632401.319:1029): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.319:1029): item=0 name="/var/lib/sss/pipes/nss" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.319:1029): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.319:1030): avc:  denied  { read } for  pid=7001 comm="gpg" name="passwd" dev="dm-0" ino=135461644 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=0
type=SYSCALL msg=audit(1652632401.319:1030): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7f67f3cd5eae a2=80000 a3=0 items=1 ppid=1284 pid=7001 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=openat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.319:1030): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.319:1030): item=0 name="/etc/passwd" inode=135461644 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 OUID="root" OGID="root"
type=PROCTITLE msg=audit(1652632401.319:1030): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.320:1031): avc:  denied  { search } for  pid=7001 comm="gpg" name="sss" dev="dm-0" ino=67529013 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.320:1031): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=5597119ca5f0 a2=80000 a3=0 items=1 ppid=1284 pid=7001 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=openat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.320:1031): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.320:1031): item=0 name="/var/lib/sss/mc/passwd" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.320:1031): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.320:1032): avc:  denied  { search } for  pid=7001 comm="gpg" name="sss" dev="dm-0" ino=67529013 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.320:1032): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=5597119ca5f0 a2=80000 a3=0 items=1 ppid=1284 pid=7001 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=openat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.320:1032): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.320:1032): item=0 name="/var/lib/sss/mc/passwd" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.320:1032): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.320:1033): avc:  denied  { search } for  pid=7001 comm="gpg" name="sss" dev="dm-0" ino=67529013 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.320:1033): arch=c000003e syscall=42 success=no exit=-13 a0=6 a1=7ffcd59040f0 a2=6e a3=0 items=1 ppid=1284 pid=7001 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=connect AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=SOCKADDR msg=audit(1652632401.320:1033): saddr=01002F7661722F6C69622F7373732F70697065732F6E73730000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 SADDR={ saddr_fam=local path=/var/lib/sss/pipes/nss }
type=CWD msg=audit(1652632401.320:1033): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.320:1033): item=0 name="/var/lib/sss/pipes/nss" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.320:1033): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.320:1034): avc:  denied  { read } for  pid=7001 comm="gpg" name="passwd" dev="dm-0" ino=135461644 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=0
type=SYSCALL msg=audit(1652632401.320:1034): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7f67f3cd5eae a2=80000 a3=0 items=1 ppid=1284 pid=7001 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=openat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.320:1034): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.320:1034): item=0 name="/etc/passwd" inode=135461644 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 OUID="root" OGID="root"
type=PROCTITLE msg=audit(1652632401.320:1034): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.320:1035): avc:  denied  { search } for  pid=7001 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.320:1035): arch=c000003e syscall=21 success=no exit=-13 a0=5597119ca5c0 a1=4 a2=0 a3=57 items=1 ppid=1284 pid=7001 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.320:1035): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.320:1035): item=0 name="/var/www/MISP/.gnupg/gpg.conf-2.2.20" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.320:1035): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.320:1036): avc:  denied  { search } for  pid=7001 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.320:1036): arch=c000003e syscall=21 success=no exit=-13 a0=5597119ca5c0 a1=4 a2=0 a3=57 items=1 ppid=1284 pid=7001 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.320:1036): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.320:1036): item=0 name="/var/www/MISP/.gnupg/gpg.conf-2.2" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.320:1036): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.320:1037): avc:  denied  { search } for  pid=7001 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.320:1037): arch=c000003e syscall=21 success=no exit=-13 a0=5597119ca5c0 a1=4 a2=0 a3=57 items=1 ppid=1284 pid=7001 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.320:1037): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.320:1037): item=0 name="/var/www/MISP/.gnupg/gpg.conf-2" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.320:1037): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.320:1038): avc:  denied  { search } for  pid=7001 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.320:1038): arch=c000003e syscall=21 success=no exit=-13 a0=5597119ca5c0 a1=4 a2=0 a3=57 items=1 ppid=1284 pid=7001 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.320:1038): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.320:1038): item=0 name="/var/www/MISP/.gnupg/gpg.conf" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.320:1038): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.320:1039): avc:  denied  { search } for  pid=7001 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.320:1039): arch=c000003e syscall=21 success=no exit=-13 a0=5597119ca610 a1=4 a2=0 a3=57 items=1 ppid=1284 pid=7001 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.320:1039): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.320:1039): item=0 name="/var/www/MISP/.gnupg/options" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.320:1039): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.321:1040): avc:  denied  { search } for  pid=7001 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.321:1040): arch=c000003e syscall=21 success=no exit=-13 a0=5597119ca5c0 a1=0 a2=1000000 a3=1 items=1 ppid=1284 pid=7001 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.321:1040): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.321:1040): item=0 name="/var/www/MISP/.gnupg/random_seed" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.321:1040): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.321:1041): avc:  denied  { search } for  pid=7001 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.321:1041): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=5597119ca5c0 a2=0 a3=0 items=1 ppid=1284 pid=7001 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=openat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.321:1041): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.321:1041): item=0 name="/var/www/MISP/.gnupg/pubring.gpg" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.321:1041): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.321:1042): avc:  denied  { search } for  pid=7001 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.321:1042): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=5597119ca5c0 a2=0 a3=0 items=1 ppid=1284 pid=7001 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=openat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.321:1042): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.321:1042): item=0 name="/var/www/MISP/.gnupg/pubring.kbx" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.321:1042): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.321:1043): avc:  denied  { search } for  pid=7001 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.321:1043): arch=c000003e syscall=21 success=no exit=-13 a0=5597119ca5c0 a1=0 a2=1 a3=0 items=1 ppid=1284 pid=7001 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.321:1043): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.321:1043): item=0 name="/var/www/MISP/.gnupg/pubring.kbx" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.321:1043): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.321:1044): avc:  denied  { search } for  pid=7001 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.321:1044): arch=c000003e syscall=21 success=no exit=-13 a0=5597119ca5c0 a1=0 a2=102111 a3=0 items=1 ppid=1284 pid=7001 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.321:1044): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.321:1044): item=0 name="/var/www/MISP/.gnupg" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.321:1044): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.321:1045): avc:  denied  { search } for  pid=7001 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.321:1045): arch=c000003e syscall=21 success=no exit=-13 a0=5597119ca5c0 a1=0 a2=ffffffffffffff80 a3=0 items=1 ppid=1284 pid=7001 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=access AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.321:1045): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.321:1045): item=0 name="/var/www/MISP/.gnupg" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.321:1045): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67
type=AVC msg=audit(1652632401.321:1046): avc:  denied  { search } for  pid=7001 comm="gpg" name="www" dev="dm-0" ino=135212249 scontext=system_u:system_r:gpg_web_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1652632401.321:1046): arch=c000003e syscall=4 success=no exit=-13 a0=5597119d09b0 a1=7ffcd5904420 a2=7ffcd5904420 a3=0 items=1 ppid=1284 pid=7001 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:gpg_web_t:s0 key=(null) ARCH=x86_64 SYSCALL=stat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=CWD msg=audit(1652632401.321:1046): cwd="/var/www/MISP/app/webroot"
type=PATH msg=audit(1652632401.321:1046): item=0 name="/var/www/MISP/.gnupg/trustdb.gpg" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PROCTITLE msg=audit(1652632401.321:1046): proctitle=2F7573722F62696E2F677067002D2D7374617475732D66640033002D2D636F6D6D616E642D66640034002D2D6E6F2D7365636D656D2D7761726E696E67002D2D6E6F2D747479002D2D6E6F2D64656661756C742D6B657972696E67002D2D6E6F2D6F7074696F6E73002D2D6E6F2D7065726D697373696F6E2D7761726E696E67

[JoePJisc]

I've just tried the "correct" context for gpg files, with the httpd_use_gpg bool, but now test.php complains that hte directory is not writable.

sudo chcon -R -t gpg_secret_t /var/www/MISP/.gnupg/
sudo setsebool -P httpd_use_gpg 1

Crypt_GPG_FileException: The 'homedir' "/var/www/MISP/.gnupg" is not writable by the current user. Please check the permissions on your homedir and make sure the current user can both enter and write to the directory. in /var/www/MISP/app/Vendor/pear/crypt_gpg/Crypt/GPGAbstract.php on line 256

[amuehlem]

Why don't you put the .gnupg directory in the apache users homedirectory /usr/share/httpd ? This might prevent the selinux blockings.

[JoePJisc]

I'll give that a go, I only put it in there as that is the direcotry the MISP install guide for RHEL8 uses.

I'll update once I've had a chance to try using /usr/share/httpd/.gnupg.

[amuehlem]

no update since May 2022