Bug 1213833

Summary: Latest apparmor updates breaks nagios check_zypper causing check to always fail.
Product: [openSUSE] openSUSE Tumbleweed Reporter: William Brown <william.brown>
Component: AppArmorAssignee: Christian Boltz <suse-beta>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P5 - None CC: lars.vogdt, william.brown
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Updated profile

Description William Brown 2023-08-01 01:05:50 UTC 
The following denials are received 


type=AVC msg=audit(1690850018.759:17453): apparmor="DENIED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp-rpm.pid" pid=30052 comm="Zypp-main" requested_mask="rac" denied_mask="rac" fsuid=0 ouid=0
type=AVC msg=audit(1690850125.081:17550): apparmor="DENIED" operation="capable" class="cap" profile="/usr/lib/nagios/plugins/check_zypper" pid=30482 comm="sh" capability=1  capname="dac_override"
type=AVC msg=audit(1690850125.081:17550): apparmor="DENIED" operation="capable" class="cap" profile="/usr/lib/nagios/plugins/check_zypper" pid=30482 comm="sh" capability=2  capname="dac_read_search"
type=AVC msg=audit(1690850125.128:17552): apparmor="DENIED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp-rpm.pid" pid=30483 comm="Zypp-main" requested_mask="rac" denied_mask="rac" fsuid=0 ouid=0

This appears to be a bug in the new apparmor updates for check_zypper, and causes all systems with the check_zypper plugin to always fail the check.

When placed into complain mode, the following are the AVC's from the check.


type=AVC msg=audit(1690850528.170:18164): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp-rpm.pid" pid=31975 comm="Zypp-main" requested_mask="rac" denied_mask="rac" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.170:18165): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp-rpm.pid" pid=31975 comm="Zypp-main" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.170:18166): apparmor="ALLOWED" operation="file_lock" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp-rpm.pid" pid=31975 comm="Zypp-main" requested_mask="wk" denied_mask="wk" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.237:18171): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp.pid" pid=31978 comm="Zypp-main" requested_mask="rac" denied_mask="rac" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.240:18172): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp.pid" pid=31978 comm="Zypp-main" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.240:18173): apparmor="ALLOWED" operation="file_lock" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp.pid" pid=31978 comm="Zypp-main" requested_mask="wk" denied_mask="wk" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.240:18174): apparmor="ALLOWED" operation="truncate" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp.pid" pid=31978 comm="Zypp-main" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.240:18175): apparmor="ALLOWED" operation="file_perm" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp.pid" pid=31978 comm="Zypp-main" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.240:18176): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp-rpm.pid" pid=31978 comm="Zypp-main" requested_mask="rac" denied_mask="rac" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.240:18177): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp-rpm.pid" pid=31978 comm="Zypp-main" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.240:18178): apparmor="ALLOWED" operation="file_lock" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp-rpm.pid" pid=31978 comm="Zypp-main" requested_mask="wk" denied_mask="wk" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.250:18180): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/usr/lib/sysimage/rpm/Index.db" pid=31978 comm="Zypp-main" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.254:18181): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/usr/lib/sysimage/rpm/Index.db" pid=31978 comm="Zypp-main" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.260:18182): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/ld-linux-x86-64.so.2" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.260:18182): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/bin/gpgconf" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.260:18182): apparmor="ALLOWED" operation="file_inherit" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/dev/null" pid=31981 comm="gpgconf" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.260:18182): apparmor="ALLOWED" operation="exec" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/usr/bin/gpgconf" pid=31981 comm="Zypp-main" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf"
type=AVC msg=audit(1690850528.264:18183): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/ld.so.cache" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.264:18184): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/ld.so.cache" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.267:18185): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.267:18186): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.267:18187): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31981 comm="gpgconf" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.267:18188): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.267:18189): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.267:18190): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31981 comm="gpgconf" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.267:18191): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libc.so.6" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.267:18192): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libc.so.6" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.267:18193): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libc.so.6" pid=31981 comm="gpgconf" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.267:18194): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.267:18195): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.270:18196): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.270:18197): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.270:18198): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/gcrypt/hwf.deny" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.270:18199): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/gcrypt/hwf.deny" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.277:18200): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/ld-linux-x86-64.so.2" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.277:18200): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/bin/gpgconf" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.277:18200): apparmor="ALLOWED" operation="file_inherit" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/dev/null" pid=31983 comm="gpgconf" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.277:18200): apparmor="ALLOWED" operation="exec" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/usr/bin/gpgconf" pid=31983 comm="Zypp-main" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf"
type=AVC msg=audit(1690850528.277:18201): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/ld.so.cache" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.280:18202): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/ld.so.cache" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.280:18203): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.280:18204): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.280:18205): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31983 comm="gpgconf" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.280:18206): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.280:18207): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.280:18208): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31983 comm="gpgconf" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.280:18209): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libc.so.6" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.280:18210): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libc.so.6" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.280:18211): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libc.so.6" pid=31983 comm="gpgconf" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.284:18212): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.284:18213): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.284:18214): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.284:18215): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.284:18216): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/gcrypt/hwf.deny" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.284:18217): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/gcrypt/hwf.deny" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.300:18219): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/ld-linux-x86-64.so.2" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.300:18219): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/bin/gpgsm" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.300:18219): apparmor="ALLOWED" operation="file_inherit" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/dev/null" pid=31987 comm="gpgsm" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.300:18219): apparmor="ALLOWED" operation="exec" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/usr/bin/gpgsm" pid=31987 comm="Zypp-main" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm"
type=AVC msg=audit(1690850528.300:18220): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/etc/ld.so.cache" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.304:18221): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/etc/ld.so.cache" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.304:18222): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.307:18223): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.307:18224): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31987 comm="gpgsm" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.307:18225): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libksba.so.8.14.4" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.307:18226): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libksba.so.8.14.4" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.307:18227): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libksba.so.8.14.4" pid=31987 comm="gpgsm" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.307:18228): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.307:18229): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.307:18230): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31987 comm="gpgsm" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.307:18231): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libassuan.so.0.8.6" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.307:18232): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libassuan.so.0.8.6" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.307:18233): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libassuan.so.0.8.6" pid=31987 comm="gpgsm" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.307:18234): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libnpth.so.0.1.2" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.307:18235): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libnpth.so.0.1.2" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.307:18236): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libnpth.so.0.1.2" pid=31987 comm="gpgsm" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.307:18237): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libreadline.so.8.2" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.307:18238): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libreadline.so.8.2" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.307:18239): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libreadline.so.8.2" pid=31987 comm="gpgsm" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.307:18240): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libc.so.6" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.310:18241): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libc.so.6" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.310:18242): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libc.so.6" pid=31987 comm="gpgsm" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.310:18243): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libtinfo.so.6.4" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.310:18244): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libtinfo.so.6.4" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.310:18245): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libtinfo.so.6.4" pid=31987 comm="gpgsm" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.310:18246): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/proc/sys/crypto/fips_enabled" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.310:18247): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/proc/sys/crypto/fips_enabled" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.310:18248): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/proc/sys/crypto/fips_enabled" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.310:18249): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/proc/sys/crypto/fips_enabled" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.310:18250): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/etc/gcrypt/hwf.deny" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.310:18251): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/etc/gcrypt/hwf.deny" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.320:18252): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/ld-linux-x86-64.so.2" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.320:18252): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/bin/gpgconf" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.320:18252): apparmor="ALLOWED" operation="file_inherit" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/dev/null" pid=31989 comm="gpgconf" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.320:18252): apparmor="ALLOWED" operation="exec" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/usr/bin/gpgconf" pid=31989 comm="Zypp-main" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf"
type=AVC msg=audit(1690850528.324:18253): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/ld.so.cache" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.324:18254): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/ld.so.cache" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.324:18255): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.324:18256): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.324:18257): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31989 comm="gpgconf" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.324:18258): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.324:18259): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.324:18260): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31989 comm="gpgconf" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.327:18261): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libc.so.6" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.327:18262): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libc.so.6" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.327:18263): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libc.so.6" pid=31989 comm="gpgconf" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.327:18264): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.327:18265): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.327:18266): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.327:18267): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.327:18268): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/gcrypt/hwf.deny" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.327:18269): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/gcrypt/hwf.deny" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.350:18272): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg" name="/proc/31994/fd/" pid=31994 comm="gpg2" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.354:18273): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/ld-linux-x86-64.so.2" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.354:18273): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/bin/gpg-agent" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.354:18273): apparmor="ALLOWED" operation="file_inherit" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/dev/null" pid=31994 comm="gpg-agent" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.354:18273): apparmor="ALLOWED" operation="file_inherit" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/dev/null" pid=31994 comm="gpg-agent" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.354:18273): apparmor="ALLOWED" operation="file_inherit" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/dev/null" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.354:18273): apparmor="ALLOWED" operation="exec" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg" name="/usr/bin/gpg-agent" pid=31994 comm="gpg2" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent"
type=AVC msg=audit(1690850528.354:18274): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/etc/ld.so.cache" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.354:18275): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/etc/ld.so.cache" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.354:18276): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.354:18277): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.354:18278): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31994 comm="gpg-agent" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.354:18279): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libassuan.so.0.8.6" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.354:18280): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libassuan.so.0.8.6" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18281): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libassuan.so.0.8.6" pid=31994 comm="gpg-agent" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18282): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libnpth.so.0.1.2" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18283): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libnpth.so.0.1.2" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18284): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libnpth.so.0.1.2" pid=31994 comm="gpg-agent" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18285): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18286): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18287): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31994 comm="gpg-agent" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18288): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libc.so.6" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18289): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libc.so.6" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18290): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libc.so.6" pid=31994 comm="gpg-agent" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18291): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/proc/sys/crypto/fips_enabled" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18292): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/proc/sys/crypto/fips_enabled" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18293): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/proc/31994/fd/" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18294): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/proc/31994/fd/" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18295): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/dev/null" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18296): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/dev/null" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18297): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/dev/null" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18298): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/proc/sys/crypto/fips_enabled" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18299): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/proc/sys/crypto/fips_enabled" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18300): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/etc/gcrypt/hwf.deny" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18301): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/etc/gcrypt/hwf.deny" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18302): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18303): apparmor="ALLOWED" operation="mkdir" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/private-keys-v1.d/" pid=31994 comm="gpg-agent" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18304): apparmor="ALLOWED" operation="chmod" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/private-keys-v1.d/" pid=31994 comm="gpg-agent" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18305): apparmor="ALLOWED" operation="mknod" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/S.gpg-agent" pid=31994 comm="gpg-agent" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18306): apparmor="ALLOWED" operation="chmod" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/S.gpg-agent" pid=31994 comm="gpg-agent" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18307): apparmor="ALLOWED" operation="mknod" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/S.gpg-agent.extra" pid=31994 comm="gpg-agent" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.360:18308): apparmor="ALLOWED" operation="chmod" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/S.gpg-agent.extra" pid=31994 comm="gpg-agent" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.364:18309): apparmor="ALLOWED" operation="mknod" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/S.gpg-agent.browser" pid=31994 comm="gpg-agent" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.364:18310): apparmor="ALLOWED" operation="chmod" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/S.gpg-agent.browser" pid=31994 comm="gpg-agent" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.364:18311): apparmor="ALLOWED" operation="mknod" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/S.gpg-agent.ssh" pid=31994 comm="gpg-agent" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.364:18312): apparmor="ALLOWED" operation="chmod" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/S.gpg-agent.ssh" pid=31994 comm="gpg-agent" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.364:18313): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/dev/null" pid=31995 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.364:18314): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/dev/null" pid=31995 comm="gpg-agent" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.367:18315): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/dev/null" pid=31997 comm="gpg-agent" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.367:18316): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/proc/31997/fd/" pid=31997 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.367:18317): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/proc/31997/fd/" pid=31997 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.367:18318): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/ld-linux-x86-64.so.2" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.367:18318): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/bin/scdaemon" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.367:18318): apparmor="ALLOWED" operation="file_inherit" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/dev/null" pid=31997 comm="scdaemon" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.367:18318): apparmor="ALLOWED" operation="exec" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/bin/scdaemon" pid=31997 comm="gpg-agent" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon"
type=AVC msg=audit(1690850528.370:18319): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/etc/ld.so.cache" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18320): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/etc/ld.so.cache" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18321): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18322): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18323): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31997 comm="scdaemon" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18324): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libksba.so.8.14.4" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18325): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libksba.so.8.14.4" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18326): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libksba.so.8.14.4" pid=31997 comm="scdaemon" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18327): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18328): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18329): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31997 comm="scdaemon" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18330): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libassuan.so.0.8.6" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18331): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libassuan.so.0.8.6" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18332): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libassuan.so.0.8.6" pid=31997 comm="scdaemon" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18333): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libnpth.so.0.1.2" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18334): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libnpth.so.0.1.2" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18335): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libnpth.so.0.1.2" pid=31997 comm="scdaemon" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18336): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libusb-1.0.so.0.3.0" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18337): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libusb-1.0.so.0.3.0" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18338): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libusb-1.0.so.0.3.0" pid=31997 comm="scdaemon" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18339): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libc.so.6" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18340): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libc.so.6" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18341): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libc.so.6" pid=31997 comm="scdaemon" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18342): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libudev.so.1.7.6" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18343): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libudev.so.1.7.6" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18344): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libudev.so.1.7.6" pid=31997 comm="scdaemon" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18345): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libcap.so.2.69" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18346): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libcap.so.2.69" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.370:18347): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libcap.so.2.69" pid=31997 comm="scdaemon" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.374:18348): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/proc/sys/crypto/fips_enabled" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.374:18349): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/proc/sys/crypto/fips_enabled" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.374:18350): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/proc/sys/crypto/fips_enabled" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.374:18351): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/proc/sys/crypto/fips_enabled" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.374:18352): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/etc/gcrypt/hwf.deny" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.374:18353): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/etc/gcrypt/hwf.deny" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.374:18354): apparmor="ALLOWED" operation="mknod" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/S.scdaemon" pid=31997 comm="scdaemon" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.377:18355): apparmor="ALLOWED" operation="chmod" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/S.scdaemon" pid=31997 comm="scdaemon" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.377:18356): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/proc/31997/task/31998/comm" pid=31997 comm="scdaemon" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
type=AVC msg=audit(1690850528.414:18359): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/usr/lib/sysimage/rpm/Index.db" pid=31978 comm="Zypp-main" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
type=AVC msg=audit(1690850529.017:18360): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/usr/lib/sysimage/rpm/Index.db" pid=31978 comm="Zypp-main" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
type=AVC msg=audit(1690850529.664:18361): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/var/log/zypp/history" pid=31978 comm="Zypp-main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850529.664:18362): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/var/log/zypp/history" pid=31978 comm="Zypp-main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850529.664:18363): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/var/log/zypp/history" pid=31978 comm="Zypp-main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1690850529.807:18364): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp.pid" pid=31978 comm="Zypp-main" requested_mask="rac" denied_mask="rac" fsuid=0 ouid=0
type=AVC msg=audit(1690850529.807:18365): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp.pid" pid=31978 comm="Zypp-main" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
type=AVC msg=audit(1690850529.807:18366): apparmor="ALLOWED" operation="file_lock" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp.pid" pid=31978 comm="Zypp-main" requested_mask="wk" denied_mask="wk" fsuid=0 ouid=0
type=AVC msg=audit(1690850529.807:18367): apparmor="ALLOWED" operation="truncate" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp.pid" pid=31978 comm="Zypp-main" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
Comment 1 Christian Boltz 2023-08-01 20:07:33 UTC 
I slightly ;-) doubt that this is caused by a new AppArmor version. The only relevant (and possibly problematic) changes in recent 3.1.x releases affect mount rules, and your log doesn't mention anything related to mount.

I'm not sure why these denials appear now (maybe a change in zypper or libzypp?), but I'm quite sure the issues don't come from AppArmor changes.

That said - the check_zypper profile needs several updates, for example the zypper child profile needs
  /run/zypp-rpm.pid rw,
  /run/zypp.pid rw,
Also, zypper needs to execute /usr/bin/gpgconf and /usr/bin/gpgsm (see the null-* profiles). You can either make this  ix  rules to run them inside the zypper profile, or use  Px -> /usr/lib/nagios/plugins/check_zypper//gpgconf  to run it in a separate child profile.

BTW: I'd recommend to change the profile name to something shorter, from
    /usr/lib/nagios/plugins/check_zypper {
to a named profile, for example
    profile nagios_check_zypper /usr/lib/nagios/plugins/check_zypper {
(if you do that, you'll also need the Px rule I proposed above to
Px -> nagios_check_zypper//gpgconf )

That said - are you familiar enough with AppArmor to update the profile yourself, or do you want/need help?
Comment 2 William Brown 2023-08-02 00:27:32 UTC 
(In reply to Christian Boltz from comment #1)
> I slightly ;-) doubt that this is caused by a new AppArmor version. The only
> relevant (and possibly problematic) changes in recent 3.1.x releases affect
> mount rules, and your log doesn't mention anything related to mount.
> 
> I'm not sure why these denials appear now (maybe a change in zypper or
> libzypp?), but I'm quite sure the issues don't come from AppArmor changes.

Sadly though, its the only thing that changed and it's triggered a lot of alerts for me :) 

> 
> That said - the check_zypper profile needs several updates, for example the
> zypper child profile needs
>   /run/zypp-rpm.pid rw,
>   /run/zypp.pid rw,
> Also, zypper needs to execute /usr/bin/gpgconf and /usr/bin/gpgsm (see the
> null-* profiles). You can either make this  ix  rules to run them inside the
> zypper profile, or use  Px -> /usr/lib/nagios/plugins/check_zypper//gpgconf 
> to run it in a separate child profile.
> 
> BTW: I'd recommend to change the profile name to something shorter, from
>     /usr/lib/nagios/plugins/check_zypper {
> to a named profile, for example
>     profile nagios_check_zypper /usr/lib/nagios/plugins/check_zypper {
> (if you do that, you'll also need the Px rule I proposed above to
> Px -> nagios_check_zypper//gpgconf )
> 
> That said - are you familiar enough with AppArmor to update the profile
> yourself, or do you want/need help?

I have no skill in apparmor at all, I had to google everything I did yesterday in a hope it would give you the info needed. Surprisingly I'm actually better at selinux .... 

So if you could help here, that would be great.
Comment 3 Christian Boltz 2023-08-02 21:14:11 UTC 
Created attachment 868605 [details]
Updated profile

(In reply to William Brown from comment #2)
> (In reply to Christian Boltz from comment #1)
> > I'm not sure why these denials appear now (maybe a change in zypper or
> > libzypp?), but I'm quite sure the issues don't come from AppArmor changes.
> 
> Sadly though, its the only thing that changed and it's triggered a lot of
> alerts for me :) 

That sounds interesting[tm]. I'll ask upstream if someone has an explanation, but I'm still quite sure that this isn't caused by changes in AppArmor.
(maybe you can check your /var/log/zypp/history if there were other updates, or try the previous AppArmor package)

> I have no skill in apparmor at all, I had to google everything I did
> yesterday in a hope it would give you the info needed.

Looks like you were quite successful :-)
Nevertheless, may I point you to https://doc.opensuse.org/documentation/leap/security/html/book-security/part-apparmor.html ? ;-)

That said - I attached an updated AppArmor profile. Please test if it works - and if you still hit denials, switch it to complain mode with
    aa-complain /etc/apparmor.d/usr.lib.nagios.plugins.check_zypper
and provide a new round of log events.

As a sidenote - the profile would need some modernization (most visible: giving it a profile name, which would also make all the "px -> ..." more readable), but that's outside the scope of this bugreport ;-)
Comment 4 William Brown 2023-08-03 00:05:03 UTC 
Updated policy file works! Hooray! 

Thank you very much :)
Comment 5 Christian Boltz 2023-08-03 09:47:15 UTC 
(In reply to William Brown from comment #4)
> Updated policy file works! Hooray! 

I'm glad to hear this :-)

May I ask you to do another test?I was quite surprised to see that zypper wants to write to /usr/lib/sysimage/rpm/Index.db while checking for updates (which should be a read-only operation for the rpm database).

Can you please remove the line
    /usr/lib/sysimage/rpm/Index.db rwlk,  # why write?
Then reload the profile and test if it still works.

(In case you wonder - abstractions/rpm has /usr/lib/sysimage/rpm/** rlk, which covers read access to the rpm database.)

After that is clarified, I'll send the updated profile upstream.
Comment 6 William Brown 2023-08-15 04:43:29 UTC 
(In reply to Christian Boltz from comment #5)
> (In reply to William Brown from comment #4)
> > Updated policy file works! Hooray! 
> 
> I'm glad to hear this :-)
> 
> May I ask you to do another test?I was quite surprised to see that zypper
> wants to write to /usr/lib/sysimage/rpm/Index.db while checking for updates
> (which should be a read-only operation for the rpm database).
> 
> Can you please remove the line
>     /usr/lib/sysimage/rpm/Index.db rwlk,  # why write?
> Then reload the profile and test if it still works.
> 
> (In case you wonder - abstractions/rpm has /usr/lib/sysimage/rpm/** rlk,
> which covers read access to the rpm database.)
> 
> After that is clarified, I'll send the updated profile upstream.

Looks like that line is critical - check_zypper triggers a repo refresh which requires that to be present.
Comment 7 Christian Boltz 2023-08-15 12:12:20 UTC 
Submitted upstream: https://github.com/lrupp/monitoring-plugins-zypper/pull/3
Comment 8 William Brown 2023-08-15 21:54:27 UTC 
Thank you! Any guesses to when this will be in an update in tumbleweed?
Comment 9 Christian Boltz 2023-08-29 18:12:06 UTC 
(In reply to William Brown from comment #8)
> Thank you! Any guesses to when this will be in an update in tumbleweed?

The bug number didn't make it into the changelog, which also broke the automated bugzilla notification. Therefore here's the manual notification:

https://build.opensuse.org/request/show/1105442 was merged into Tumbleweed 6 days ago.
Comment 10 William Brown 2023-08-29 22:49:04 UTC 
No problem, thanks so much for your help :)