Bugzilla – Bug 1213833
Latest apparmor updates breaks nagios check_zypper causing check to always fail.
Last modified: 2023-08-29 22:49:04 UTC
The following denials are received type=AVC msg=audit(1690850018.759:17453): apparmor="DENIED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp-rpm.pid" pid=30052 comm="Zypp-main" requested_mask="rac" denied_mask="rac" fsuid=0 ouid=0 type=AVC msg=audit(1690850125.081:17550): apparmor="DENIED" operation="capable" class="cap" profile="/usr/lib/nagios/plugins/check_zypper" pid=30482 comm="sh" capability=1 capname="dac_override" type=AVC msg=audit(1690850125.081:17550): apparmor="DENIED" operation="capable" class="cap" profile="/usr/lib/nagios/plugins/check_zypper" pid=30482 comm="sh" capability=2 capname="dac_read_search" type=AVC msg=audit(1690850125.128:17552): apparmor="DENIED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp-rpm.pid" pid=30483 comm="Zypp-main" requested_mask="rac" denied_mask="rac" fsuid=0 ouid=0 This appears to be a bug in the new apparmor updates for check_zypper, and causes all systems with the check_zypper plugin to always fail the check. When placed into complain mode, the following are the AVC's from the check. type=AVC msg=audit(1690850528.170:18164): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp-rpm.pid" pid=31975 comm="Zypp-main" requested_mask="rac" denied_mask="rac" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.170:18165): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp-rpm.pid" pid=31975 comm="Zypp-main" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.170:18166): apparmor="ALLOWED" operation="file_lock" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp-rpm.pid" pid=31975 comm="Zypp-main" requested_mask="wk" denied_mask="wk" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.237:18171): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp.pid" pid=31978 comm="Zypp-main" requested_mask="rac" denied_mask="rac" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.240:18172): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp.pid" pid=31978 comm="Zypp-main" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.240:18173): apparmor="ALLOWED" operation="file_lock" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp.pid" pid=31978 comm="Zypp-main" requested_mask="wk" denied_mask="wk" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.240:18174): apparmor="ALLOWED" operation="truncate" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp.pid" pid=31978 comm="Zypp-main" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.240:18175): apparmor="ALLOWED" operation="file_perm" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp.pid" pid=31978 comm="Zypp-main" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.240:18176): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp-rpm.pid" pid=31978 comm="Zypp-main" requested_mask="rac" denied_mask="rac" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.240:18177): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp-rpm.pid" pid=31978 comm="Zypp-main" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.240:18178): apparmor="ALLOWED" operation="file_lock" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp-rpm.pid" pid=31978 comm="Zypp-main" requested_mask="wk" denied_mask="wk" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.250:18180): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/usr/lib/sysimage/rpm/Index.db" pid=31978 comm="Zypp-main" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.254:18181): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/usr/lib/sysimage/rpm/Index.db" pid=31978 comm="Zypp-main" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.260:18182): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/ld-linux-x86-64.so.2" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.260:18182): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/bin/gpgconf" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.260:18182): apparmor="ALLOWED" operation="file_inherit" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/dev/null" pid=31981 comm="gpgconf" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.260:18182): apparmor="ALLOWED" operation="exec" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/usr/bin/gpgconf" pid=31981 comm="Zypp-main" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" type=AVC msg=audit(1690850528.264:18183): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/ld.so.cache" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.264:18184): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/ld.so.cache" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.267:18185): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.267:18186): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.267:18187): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31981 comm="gpgconf" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.267:18188): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.267:18189): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.267:18190): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31981 comm="gpgconf" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.267:18191): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libc.so.6" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.267:18192): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libc.so.6" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.267:18193): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libc.so.6" pid=31981 comm="gpgconf" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.267:18194): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.267:18195): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.270:18196): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.270:18197): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.270:18198): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/gcrypt/hwf.deny" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.270:18199): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/gcrypt/hwf.deny" pid=31981 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.277:18200): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/ld-linux-x86-64.so.2" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.277:18200): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/bin/gpgconf" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.277:18200): apparmor="ALLOWED" operation="file_inherit" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/dev/null" pid=31983 comm="gpgconf" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.277:18200): apparmor="ALLOWED" operation="exec" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/usr/bin/gpgconf" pid=31983 comm="Zypp-main" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" type=AVC msg=audit(1690850528.277:18201): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/ld.so.cache" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.280:18202): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/ld.so.cache" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.280:18203): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.280:18204): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.280:18205): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31983 comm="gpgconf" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.280:18206): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.280:18207): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.280:18208): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31983 comm="gpgconf" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.280:18209): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libc.so.6" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.280:18210): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libc.so.6" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.280:18211): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libc.so.6" pid=31983 comm="gpgconf" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.284:18212): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.284:18213): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.284:18214): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.284:18215): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.284:18216): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/gcrypt/hwf.deny" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.284:18217): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/gcrypt/hwf.deny" pid=31983 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.300:18219): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/ld-linux-x86-64.so.2" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.300:18219): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/bin/gpgsm" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.300:18219): apparmor="ALLOWED" operation="file_inherit" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/dev/null" pid=31987 comm="gpgsm" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.300:18219): apparmor="ALLOWED" operation="exec" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/usr/bin/gpgsm" pid=31987 comm="Zypp-main" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" type=AVC msg=audit(1690850528.300:18220): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/etc/ld.so.cache" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.304:18221): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/etc/ld.so.cache" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.304:18222): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.307:18223): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.307:18224): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31987 comm="gpgsm" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.307:18225): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libksba.so.8.14.4" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.307:18226): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libksba.so.8.14.4" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.307:18227): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libksba.so.8.14.4" pid=31987 comm="gpgsm" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.307:18228): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.307:18229): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.307:18230): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31987 comm="gpgsm" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.307:18231): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libassuan.so.0.8.6" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.307:18232): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libassuan.so.0.8.6" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.307:18233): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libassuan.so.0.8.6" pid=31987 comm="gpgsm" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.307:18234): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libnpth.so.0.1.2" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.307:18235): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libnpth.so.0.1.2" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.307:18236): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libnpth.so.0.1.2" pid=31987 comm="gpgsm" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.307:18237): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libreadline.so.8.2" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.307:18238): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libreadline.so.8.2" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.307:18239): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libreadline.so.8.2" pid=31987 comm="gpgsm" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.307:18240): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libc.so.6" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.310:18241): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libc.so.6" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.310:18242): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libc.so.6" pid=31987 comm="gpgsm" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.310:18243): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libtinfo.so.6.4" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.310:18244): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libtinfo.so.6.4" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.310:18245): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/usr/lib64/libtinfo.so.6.4" pid=31987 comm="gpgsm" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.310:18246): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/proc/sys/crypto/fips_enabled" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.310:18247): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/proc/sys/crypto/fips_enabled" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.310:18248): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/proc/sys/crypto/fips_enabled" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.310:18249): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/proc/sys/crypto/fips_enabled" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.310:18250): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/etc/gcrypt/hwf.deny" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.310:18251): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgsm" name="/etc/gcrypt/hwf.deny" pid=31987 comm="gpgsm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.320:18252): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/ld-linux-x86-64.so.2" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.320:18252): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/bin/gpgconf" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.320:18252): apparmor="ALLOWED" operation="file_inherit" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/dev/null" pid=31989 comm="gpgconf" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.320:18252): apparmor="ALLOWED" operation="exec" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/usr/bin/gpgconf" pid=31989 comm="Zypp-main" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" type=AVC msg=audit(1690850528.324:18253): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/ld.so.cache" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.324:18254): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/ld.so.cache" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.324:18255): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.324:18256): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.324:18257): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31989 comm="gpgconf" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.324:18258): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.324:18259): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.324:18260): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31989 comm="gpgconf" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.327:18261): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libc.so.6" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.327:18262): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libc.so.6" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.327:18263): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/usr/lib64/libc.so.6" pid=31989 comm="gpgconf" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.327:18264): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.327:18265): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.327:18266): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.327:18267): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/proc/sys/crypto/fips_enabled" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.327:18268): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/gcrypt/hwf.deny" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.327:18269): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper//null-/usr/bin/gpgconf" name="/etc/gcrypt/hwf.deny" pid=31989 comm="gpgconf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.350:18272): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg" name="/proc/31994/fd/" pid=31994 comm="gpg2" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.354:18273): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/ld-linux-x86-64.so.2" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.354:18273): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/bin/gpg-agent" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.354:18273): apparmor="ALLOWED" operation="file_inherit" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/dev/null" pid=31994 comm="gpg-agent" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.354:18273): apparmor="ALLOWED" operation="file_inherit" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/dev/null" pid=31994 comm="gpg-agent" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.354:18273): apparmor="ALLOWED" operation="file_inherit" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/dev/null" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.354:18273): apparmor="ALLOWED" operation="exec" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg" name="/usr/bin/gpg-agent" pid=31994 comm="gpg2" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" type=AVC msg=audit(1690850528.354:18274): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/etc/ld.so.cache" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.354:18275): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/etc/ld.so.cache" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.354:18276): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.354:18277): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.354:18278): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31994 comm="gpg-agent" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.354:18279): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libassuan.so.0.8.6" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.354:18280): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libassuan.so.0.8.6" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18281): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libassuan.so.0.8.6" pid=31994 comm="gpg-agent" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18282): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libnpth.so.0.1.2" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18283): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libnpth.so.0.1.2" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18284): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libnpth.so.0.1.2" pid=31994 comm="gpg-agent" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18285): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18286): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18287): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31994 comm="gpg-agent" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18288): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libc.so.6" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18289): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libc.so.6" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18290): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/lib64/libc.so.6" pid=31994 comm="gpg-agent" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18291): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/proc/sys/crypto/fips_enabled" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18292): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/proc/sys/crypto/fips_enabled" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18293): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/proc/31994/fd/" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18294): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/proc/31994/fd/" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18295): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/dev/null" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18296): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/dev/null" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18297): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/dev/null" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18298): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/proc/sys/crypto/fips_enabled" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18299): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/proc/sys/crypto/fips_enabled" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18300): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/etc/gcrypt/hwf.deny" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18301): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/etc/gcrypt/hwf.deny" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18302): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/" pid=31994 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18303): apparmor="ALLOWED" operation="mkdir" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/private-keys-v1.d/" pid=31994 comm="gpg-agent" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18304): apparmor="ALLOWED" operation="chmod" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/private-keys-v1.d/" pid=31994 comm="gpg-agent" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18305): apparmor="ALLOWED" operation="mknod" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/S.gpg-agent" pid=31994 comm="gpg-agent" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18306): apparmor="ALLOWED" operation="chmod" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/S.gpg-agent" pid=31994 comm="gpg-agent" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18307): apparmor="ALLOWED" operation="mknod" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/S.gpg-agent.extra" pid=31994 comm="gpg-agent" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.360:18308): apparmor="ALLOWED" operation="chmod" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/S.gpg-agent.extra" pid=31994 comm="gpg-agent" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.364:18309): apparmor="ALLOWED" operation="mknod" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/S.gpg-agent.browser" pid=31994 comm="gpg-agent" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.364:18310): apparmor="ALLOWED" operation="chmod" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/S.gpg-agent.browser" pid=31994 comm="gpg-agent" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.364:18311): apparmor="ALLOWED" operation="mknod" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/S.gpg-agent.ssh" pid=31994 comm="gpg-agent" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.364:18312): apparmor="ALLOWED" operation="chmod" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/S.gpg-agent.ssh" pid=31994 comm="gpg-agent" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.364:18313): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/dev/null" pid=31995 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.364:18314): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/dev/null" pid=31995 comm="gpg-agent" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.367:18315): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/dev/null" pid=31997 comm="gpg-agent" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.367:18316): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/proc/31997/fd/" pid=31997 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.367:18317): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/proc/31997/fd/" pid=31997 comm="gpg-agent" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.367:18318): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/ld-linux-x86-64.so.2" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.367:18318): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/bin/scdaemon" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.367:18318): apparmor="ALLOWED" operation="file_inherit" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/dev/null" pid=31997 comm="scdaemon" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.367:18318): apparmor="ALLOWED" operation="exec" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent" name="/usr/bin/scdaemon" pid=31997 comm="gpg-agent" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" type=AVC msg=audit(1690850528.370:18319): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/etc/ld.so.cache" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18320): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/etc/ld.so.cache" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18321): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18322): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18323): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/glibc-hwcaps/x86-64-v3/libgcrypt.so.20.4.2" pid=31997 comm="scdaemon" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18324): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libksba.so.8.14.4" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18325): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libksba.so.8.14.4" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18326): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libksba.so.8.14.4" pid=31997 comm="scdaemon" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18327): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18328): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18329): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libgpg-error.so.0.34.0" pid=31997 comm="scdaemon" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18330): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libassuan.so.0.8.6" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18331): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libassuan.so.0.8.6" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18332): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libassuan.so.0.8.6" pid=31997 comm="scdaemon" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18333): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libnpth.so.0.1.2" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18334): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libnpth.so.0.1.2" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18335): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libnpth.so.0.1.2" pid=31997 comm="scdaemon" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18336): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libusb-1.0.so.0.3.0" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18337): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libusb-1.0.so.0.3.0" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18338): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libusb-1.0.so.0.3.0" pid=31997 comm="scdaemon" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18339): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libc.so.6" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18340): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libc.so.6" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18341): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libc.so.6" pid=31997 comm="scdaemon" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18342): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libudev.so.1.7.6" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18343): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libudev.so.1.7.6" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18344): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libudev.so.1.7.6" pid=31997 comm="scdaemon" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18345): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libcap.so.2.69" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18346): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libcap.so.2.69" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.370:18347): apparmor="ALLOWED" operation="file_mmap" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/usr/lib64/libcap.so.2.69" pid=31997 comm="scdaemon" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.374:18348): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/proc/sys/crypto/fips_enabled" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.374:18349): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/proc/sys/crypto/fips_enabled" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.374:18350): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/proc/sys/crypto/fips_enabled" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.374:18351): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/proc/sys/crypto/fips_enabled" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.374:18352): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/etc/gcrypt/hwf.deny" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.374:18353): apparmor="ALLOWED" operation="getattr" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/etc/gcrypt/hwf.deny" pid=31997 comm="scdaemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.374:18354): apparmor="ALLOWED" operation="mknod" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/S.scdaemon" pid=31997 comm="scdaemon" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.377:18355): apparmor="ALLOWED" operation="chmod" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/var/tmp/zypp.3UtYwC/zypp-trusted-krXCqRNu/S.scdaemon" pid=31997 comm="scdaemon" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.377:18356): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//gpg//null-/usr/bin/gpg-agent//null-/usr/bin/scdaemon" name="/proc/31997/task/31998/comm" pid=31997 comm="scdaemon" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 type=AVC msg=audit(1690850528.414:18359): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/usr/lib/sysimage/rpm/Index.db" pid=31978 comm="Zypp-main" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 type=AVC msg=audit(1690850529.017:18360): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/usr/lib/sysimage/rpm/Index.db" pid=31978 comm="Zypp-main" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 type=AVC msg=audit(1690850529.664:18361): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/var/log/zypp/history" pid=31978 comm="Zypp-main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850529.664:18362): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/var/log/zypp/history" pid=31978 comm="Zypp-main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850529.664:18363): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/var/log/zypp/history" pid=31978 comm="Zypp-main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1690850529.807:18364): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp.pid" pid=31978 comm="Zypp-main" requested_mask="rac" denied_mask="rac" fsuid=0 ouid=0 type=AVC msg=audit(1690850529.807:18365): apparmor="ALLOWED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp.pid" pid=31978 comm="Zypp-main" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 type=AVC msg=audit(1690850529.807:18366): apparmor="ALLOWED" operation="file_lock" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp.pid" pid=31978 comm="Zypp-main" requested_mask="wk" denied_mask="wk" fsuid=0 ouid=0 type=AVC msg=audit(1690850529.807:18367): apparmor="ALLOWED" operation="truncate" class="file" profile="/usr/lib/nagios/plugins/check_zypper//zypper" name="/run/zypp.pid" pid=31978 comm="Zypp-main" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
I slightly ;-) doubt that this is caused by a new AppArmor version. The only relevant (and possibly problematic) changes in recent 3.1.x releases affect mount rules, and your log doesn't mention anything related to mount. I'm not sure why these denials appear now (maybe a change in zypper or libzypp?), but I'm quite sure the issues don't come from AppArmor changes. That said - the check_zypper profile needs several updates, for example the zypper child profile needs /run/zypp-rpm.pid rw, /run/zypp.pid rw, Also, zypper needs to execute /usr/bin/gpgconf and /usr/bin/gpgsm (see the null-* profiles). You can either make this ix rules to run them inside the zypper profile, or use Px -> /usr/lib/nagios/plugins/check_zypper//gpgconf to run it in a separate child profile. BTW: I'd recommend to change the profile name to something shorter, from /usr/lib/nagios/plugins/check_zypper { to a named profile, for example profile nagios_check_zypper /usr/lib/nagios/plugins/check_zypper { (if you do that, you'll also need the Px rule I proposed above to Px -> nagios_check_zypper//gpgconf ) That said - are you familiar enough with AppArmor to update the profile yourself, or do you want/need help?
(In reply to Christian Boltz from comment #1) > I slightly ;-) doubt that this is caused by a new AppArmor version. The only > relevant (and possibly problematic) changes in recent 3.1.x releases affect > mount rules, and your log doesn't mention anything related to mount. > > I'm not sure why these denials appear now (maybe a change in zypper or > libzypp?), but I'm quite sure the issues don't come from AppArmor changes. Sadly though, its the only thing that changed and it's triggered a lot of alerts for me :) > > That said - the check_zypper profile needs several updates, for example the > zypper child profile needs > /run/zypp-rpm.pid rw, > /run/zypp.pid rw, > Also, zypper needs to execute /usr/bin/gpgconf and /usr/bin/gpgsm (see the > null-* profiles). You can either make this ix rules to run them inside the > zypper profile, or use Px -> /usr/lib/nagios/plugins/check_zypper//gpgconf > to run it in a separate child profile. > > BTW: I'd recommend to change the profile name to something shorter, from > /usr/lib/nagios/plugins/check_zypper { > to a named profile, for example > profile nagios_check_zypper /usr/lib/nagios/plugins/check_zypper { > (if you do that, you'll also need the Px rule I proposed above to > Px -> nagios_check_zypper//gpgconf ) > > That said - are you familiar enough with AppArmor to update the profile > yourself, or do you want/need help? I have no skill in apparmor at all, I had to google everything I did yesterday in a hope it would give you the info needed. Surprisingly I'm actually better at selinux .... So if you could help here, that would be great.
Created attachment 868605 [details] Updated profile (In reply to William Brown from comment #2) > (In reply to Christian Boltz from comment #1) > > I'm not sure why these denials appear now (maybe a change in zypper or > > libzypp?), but I'm quite sure the issues don't come from AppArmor changes. > > Sadly though, its the only thing that changed and it's triggered a lot of > alerts for me :) That sounds interesting[tm]. I'll ask upstream if someone has an explanation, but I'm still quite sure that this isn't caused by changes in AppArmor. (maybe you can check your /var/log/zypp/history if there were other updates, or try the previous AppArmor package) > I have no skill in apparmor at all, I had to google everything I did > yesterday in a hope it would give you the info needed. Looks like you were quite successful :-) Nevertheless, may I point you to https://doc.opensuse.org/documentation/leap/security/html/book-security/part-apparmor.html ? ;-) That said - I attached an updated AppArmor profile. Please test if it works - and if you still hit denials, switch it to complain mode with aa-complain /etc/apparmor.d/usr.lib.nagios.plugins.check_zypper and provide a new round of log events. As a sidenote - the profile would need some modernization (most visible: giving it a profile name, which would also make all the "px -> ..." more readable), but that's outside the scope of this bugreport ;-)
Updated policy file works! Hooray! Thank you very much :)
(In reply to William Brown from comment #4) > Updated policy file works! Hooray! I'm glad to hear this :-) May I ask you to do another test?I was quite surprised to see that zypper wants to write to /usr/lib/sysimage/rpm/Index.db while checking for updates (which should be a read-only operation for the rpm database). Can you please remove the line /usr/lib/sysimage/rpm/Index.db rwlk, # why write? Then reload the profile and test if it still works. (In case you wonder - abstractions/rpm has /usr/lib/sysimage/rpm/** rlk, which covers read access to the rpm database.) After that is clarified, I'll send the updated profile upstream.
(In reply to Christian Boltz from comment #5) > (In reply to William Brown from comment #4) > > Updated policy file works! Hooray! > > I'm glad to hear this :-) > > May I ask you to do another test?I was quite surprised to see that zypper > wants to write to /usr/lib/sysimage/rpm/Index.db while checking for updates > (which should be a read-only operation for the rpm database). > > Can you please remove the line > /usr/lib/sysimage/rpm/Index.db rwlk, # why write? > Then reload the profile and test if it still works. > > (In case you wonder - abstractions/rpm has /usr/lib/sysimage/rpm/** rlk, > which covers read access to the rpm database.) > > After that is clarified, I'll send the updated profile upstream. Looks like that line is critical - check_zypper triggers a repo refresh which requires that to be present.
Submitted upstream: https://github.com/lrupp/monitoring-plugins-zypper/pull/3
Thank you! Any guesses to when this will be in an update in tumbleweed?
(In reply to William Brown from comment #8) > Thank you! Any guesses to when this will be in an update in tumbleweed? The bug number didn't make it into the changelog, which also broke the automated bugzilla notification. Therefore here's the manual notification: https://build.opensuse.org/request/show/1105442 was merged into Tumbleweed 6 days ago.
No problem, thanks so much for your help :)