| ---- |
| type=CONFIG_CHANGE msg=audit(02/10/22 02:22:56.242:7) : auid=unset ses=unset subj=u:r:chromeos:s0 op=add_rule key=sock_conn list=exit res=yes |
| ---- |
| type=CONFIG_CHANGE msg=audit(02/10/22 02:22:56.250:8) : auid=unset ses=unset subj=u:r:chromeos:s0 op=add_rule key=sock_conn list=exit res=yes |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.310:9) : proctitle=logger -t swap setting zram size to 12231708 Kb |
| type=PATH msg=audit(02/10/22 02:22:56.310:9) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.310:9) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.310:9) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.310:9) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5ae78305d180 a2=0x6e a3=0x1 items=1 ppid=491 pid=644 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.380:10) : proctitle=/sbin/crash_reporter --init |
| type=PATH msg=audit(02/10/22 02:22:56.380:10) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.380:10) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.380:10) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.380:10) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x8 a1=0x7ec6def215a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=637 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=crash_reporter exe=/sbin/crash_reporter subj=u:r:cros_crash:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.492:11) : proctitle=udevadm settle |
| type=PATH msg=audit(02/10/22 02:22:56.492:11) : item=0 name=/run/udev/control inode=1152 dev=00:15 mode=socket,755 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_run_udev:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.492:11) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.492:11) : saddr={ fam=local path=/run/udev/control } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.492:11) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5ab6327d2b28 a2=0x13 a3=0x7ffe0d0e122c items=1 ppid=1 pid=702 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=udevadm exe=/bin/udevadm subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.505:12) : proctitle=logger --priority daemon info -t iptables |
| type=PATH msg=audit(02/10/22 02:22:56.505:12) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.505:12) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.505:12) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.505:12) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x583cd8773180 a2=0x6e a3=0x1 items=1 ppid=713 pid=717 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.505:13) : proctitle=logger --priority daemon info -t ip6tables |
| type=PATH msg=audit(02/10/22 02:22:56.505:13) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.505:13) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.505:13) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.505:13) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x587eeb0cb180 a2=0x6e a3=0x1 items=1 ppid=718 pid=721 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.534:24) : proctitle=trunksd |
| type=PATH msg=audit(02/10/22 02:22:56.534:24) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.534:24) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.534:24) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.534:24) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x7ba605bc55a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=725 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=trunksd exe=/usr/sbin/trunksd subj=u:r:cros_trunksd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.543:26) : proctitle=trunksd |
| type=PATH msg=audit(02/10/22 02:22:56.543:26) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.543:26) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.543:26) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.543:26) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xc a1=0x7ffd3eb5b830 a2=0x1d a3=0x20 items=1 ppid=1 pid=746 auid=unset uid=trunks gid=trunks euid=trunks suid=trunks fsuid=trunks egid=trunks sgid=trunks fsgid=trunks tty=(none) ses=unset comm=trunksd exe=/usr/sbin/trunksd subj=u:r:cros_trunksd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.549:27) : proctitle=/usr/bin/gdbus wait --system --timeout 15 org.chromium.OobeConfigRestore |
| type=PATH msg=audit(02/10/22 02:22:56.549:27) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.549:27) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.549:27) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.549:27) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x5 a1=0x7ffcf1c03b50 a2=0x6e a3=0x7ffcf1c03b30 items=1 ppid=735 pid=742 auid=unset uid=oobe_config_restore gid=root euid=oobe_config_restore suid=oobe_config_restore fsuid=oobe_config_restore egid=root sgid=root fsgid=root tty=(none) ses=unset comm=gdbus exe=/usr/bin/gdbus subj=u:r:cros_gdbus:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.561:28) : proctitle=/usr/sbin/oobe_config_restore |
| type=PATH msg=audit(02/10/22 02:22:56.561:28) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.561:28) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.561:28) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.561:28) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7dcec88155a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=734 auid=unset uid=oobe_config_restore gid=root euid=oobe_config_restore suid=oobe_config_restore fsuid=oobe_config_restore egid=root sgid=root fsgid=root tty=(none) ses=unset comm=oobe_config_res exe=/usr/sbin/oobe_config_restore subj=u:r:cros_oobe_config_restore:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.561:29) : proctitle=/usr/sbin/oobe_config_restore |
| type=PATH msg=audit(02/10/22 02:22:56.561:29) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.561:29) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.561:29) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.561:29) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xa a1=0x7ffc2ad24820 a2=0x1d a3=0x20 items=1 ppid=1 pid=734 auid=unset uid=oobe_config_restore gid=root euid=oobe_config_restore suid=oobe_config_restore fsuid=oobe_config_restore egid=root sgid=root fsgid=root tty=(none) ses=unset comm=oobe_config_res exe=/usr/sbin/oobe_config_restore subj=u:r:cros_oobe_config_restore:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.563:30) : proctitle=/usr/sbin/wpa_supplicant -u -s -O/run/wpa_supplicant |
| type=PATH msg=audit(02/10/22 02:22:56.563:30) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.563:30) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.563:30) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.563:30) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7f91eeac95a0 a2=0x6e a3=0x1 items=1 ppid=1 pid=739 auid=unset uid=wpa gid=wpa euid=wpa suid=wpa fsuid=wpa egid=wpa sgid=wpa fsgid=wpa tty=(none) ses=unset comm=wpa_supplicant exe=/usr/sbin/wpa_supplicant subj=u:r:wpa_supplicant:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.563:31) : proctitle=/usr/sbin/spaced |
| type=PATH msg=audit(02/10/22 02:22:56.563:31) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.563:31) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.563:31) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.563:31) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x7ffcd2a750a0 a2=0x1d a3=0x20 items=1 ppid=1 pid=729 auid=unset uid=spaced gid=spaced euid=spaced suid=spaced fsuid=spaced egid=spaced sgid=spaced fsgid=spaced tty=(none) ses=unset comm=spaced exe=/usr/sbin/spaced subj=u:r:cros_spaced:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.564:32) : proctitle=/usr/sbin/wpa_supplicant -u -s -O/run/wpa_supplicant |
| type=PATH msg=audit(02/10/22 02:22:56.564:32) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.564:32) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.564:32) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.564:32) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x7ffc0a00eff0 a2=0x1d a3=0x20 items=1 ppid=1 pid=739 auid=unset uid=wpa gid=wpa euid=wpa suid=wpa fsuid=wpa egid=wpa sgid=wpa fsgid=wpa tty=(none) ses=unset comm=wpa_supplicant exe=/usr/sbin/wpa_supplicant subj=u:r:wpa_supplicant:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.567:33) : proctitle=local_data_migration |
| type=PATH msg=audit(02/10/22 02:22:56.567:33) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.567:33) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.567:33) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.567:33) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7a8ee3ae55a0 a2=0x6e a3=0x0 items=1 ppid=747 pid=748 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=local_data_migr exe=/usr/sbin/local_data_migration subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.581:34) : proctitle=logger -t boot-update-firmware Update fwupd firmware. |
| type=PATH msg=audit(02/10/22 02:22:56.581:34) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.581:34) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.581:34) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.581:34) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x588b6f8f2180 a2=0x6e a3=0x1 items=1 ppid=756 pid=761 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.583:35) : proctitle=/usr/sbin/tpm_managerd --wait_for_ownership_trigger |
| type=PATH msg=audit(02/10/22 02:22:56.583:35) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.583:35) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.583:35) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.583:35) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x8 a1=0x7c5fbdc2e5a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=753 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=tpm_managerd exe=/usr/sbin/tpm_managerd subj=u:r:cros_tpm_managerd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.583:36) : proctitle=/usr/sbin/tpm_managerd --wait_for_ownership_trigger |
| type=PATH msg=audit(02/10/22 02:22:56.583:36) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.583:36) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.583:36) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.583:36) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xa a1=0x7ffd71f85850 a2=0x1d a3=0x21 items=1 ppid=1 pid=753 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=tpm_managerd exe=/usr/sbin/tpm_managerd subj=u:r:cros_tpm_managerd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.586:37) : proctitle=/usr/sbin/tpm_managerd --wait_for_ownership_trigger |
| type=PATH msg=audit(02/10/22 02:22:56.586:37) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.586:37) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.586:37) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.586:37) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x10 a1=0x7c5fbd4c1fe0 a2=0x1d a3=0x20 items=1 ppid=1 pid=753 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=TpmManager Serv exe=/usr/sbin/tpm_managerd subj=u:r:cros_tpm_managerd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.594:39) : proctitle=/usr/bin/gdbus wait --system --timeout 15 org.chromium.TpmManager |
| type=PATH msg=audit(02/10/22 02:22:56.594:39) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.594:39) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.594:39) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.594:39) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x5 a1=0x7ffdf47c9580 a2=0x6e a3=0x7ffdf47c9560 items=1 ppid=754 pid=757 auid=unset uid=tpm_manager gid=root euid=tpm_manager suid=tpm_manager fsuid=tpm_manager egid=root sgid=root fsgid=root tty=(none) ses=unset comm=gdbus exe=/usr/bin/gdbus subj=u:r:cros_gdbus:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.615:40) : proctitle=/usr/sbin/iioservice |
| type=PATH msg=audit(02/10/22 02:22:56.615:40) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.615:40) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.615:40) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.615:40) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x7fff18ee8700 a2=0x1d a3=0x20 items=1 ppid=728 pid=775 auid=unset uid=iioservice gid=iioservice euid=iioservice suid=iioservice fsuid=iioservice egid=iioservice sgid=iioservice fsgid=iioservice tty=(none) ses=unset comm=iioservice exe=/usr/sbin/iioservice subj=u:r:cros_iioservice:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.619:41) : proctitle=/usr/sbin/spaced |
| type=PATH msg=audit(02/10/22 02:22:56.619:41) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.619:41) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.619:41) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.619:41) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xb a1=0x7bad9af4d5a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=729 auid=unset uid=spaced gid=spaced euid=spaced suid=spaced fsuid=spaced egid=spaced sgid=spaced fsgid=spaced tty=(none) ses=unset comm=spaced exe=/usr/sbin/spaced subj=u:r:cros_spaced:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.634:46) : proctitle=/usr/bin/gdbus wait --system --timeout 15 org.chromium.Chaps |
| type=PATH msg=audit(02/10/22 02:22:56.634:46) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.634:46) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.634:46) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.634:46) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x5 a1=0x7ffcebdd84c0 a2=0x6e a3=0x7ffcebdd84a0 items=1 ppid=820 pid=828 auid=unset uid=chaps gid=root euid=chaps suid=chaps fsuid=chaps egid=root sgid=root fsgid=root tty=(none) ses=unset comm=gdbus exe=/usr/bin/gdbus subj=u:r:cros_gdbus:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.640:49) : proctitle=iptables -A INPUT -p udp --destination 224.0.0.251 --dport 5353 -j ACCEPT -w |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.640:49) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:22:56.640:49) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffcb9b29470 a2=0x10 a3=0x0 items=0 ppid=716 pid=845 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.643:51) : proctitle=ip6tables -A INPUT -p udp --destination FF02::FB --dport 5353 -j ACCEPT -w |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.643:51) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:22:56.643:51) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffde070ba00 a2=0x10 a3=0x0 items=0 ppid=720 pid=849 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=ip6tables exe=/sbin/xtables-legacy-multi subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.644:53) : proctitle=iptables -A INPUT -p udp --destination 239.255.255.250 --dport 1900 -j ACCEPT -w |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.644:53) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:22:56.644:53) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffe2380d080 a2=0x10 a3=0x0 items=0 ppid=716 pid=855 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.645:55) : proctitle=/usr/sbin/chapsd --auto_load_system_token |
| type=PATH msg=audit(02/10/22 02:22:56.645:55) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.645:55) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.645:55) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.645:55) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x79c80b4c35a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=810 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=chapsd exe=/usr/sbin/chapsd subj=u:r:cros_chapsd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.648:56) : proctitle=/usr/sbin/chapsd --auto_load_system_token |
| type=PATH msg=audit(02/10/22 02:22:56.648:56) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.648:56) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.648:56) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.648:56) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xe a1=0x79c80ad1b320 a2=0x1d a3=0x20 items=1 ppid=1 pid=810 auid=unset uid=chaps gid=chronos-access euid=chaps suid=chaps fsuid=chaps egid=chronos-access sgid=chronos-access fsgid=chronos-access tty=(none) ses=unset comm=tpm_background_ exe=/usr/sbin/chapsd subj=u:r:cros_chapsd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.653:57) : proctitle=/usr/sbin/chapsd --auto_load_system_token |
| type=PATH msg=audit(02/10/22 02:22:56.653:57) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.653:57) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.653:57) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.653:57) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x19 a1=0x79c809d19450 a2=0x1d a3=0x21 items=1 ppid=1 pid=810 auid=unset uid=chaps gid=chronos-access euid=chaps suid=chaps fsuid=chaps egid=chronos-access sgid=chronos-access fsgid=chronos-access tty=(none) ses=unset comm=tpm_manager_thr exe=/usr/sbin/chapsd subj=u:r:cros_chapsd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.654:58) : proctitle=initctl status reboot |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.654:58) : saddr={ fam=local path=/com/ubuntu/upstart } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.654:58) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffe31093b40 a2=0x16 a3=0x20 items=0 ppid=857 pid=872 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=initctl exe=/sbin/initctl subj=u:r:cros_init_ui_pre_start:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.657:59) : proctitle=/usr/sbin/bootlockboxd |
| type=PATH msg=audit(02/10/22 02:22:56.657:59) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.657:59) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.657:59) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.657:59) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x8 a1=0x7fff8a55acc0 a2=0x1d a3=0x20 items=1 ppid=815 pid=829 auid=unset uid=bootlockboxd gid=bootlockboxd euid=bootlockboxd suid=bootlockboxd fsuid=bootlockboxd egid=bootlockboxd sgid=bootlockboxd fsgid=bootlockboxd tty=(none) ses=unset comm=bootlockboxd exe=/usr/sbin/bootlockboxd subj=u:r:cros_bootlockboxd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.664:60) : proctitle=initctl status halt |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.664:60) : saddr={ fam=local path=/com/ubuntu/upstart } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.664:60) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffcd5e15b70 a2=0x16 a3=0x20 items=0 ppid=857 pid=890 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=initctl exe=/sbin/initctl subj=u:r:cros_init_ui_pre_start:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.674:61) : proctitle=logger -p err -t shill-pre-start |
| type=PATH msg=audit(02/10/22 02:22:56.674:61) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.674:61) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.674:61) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.674:61) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5cb50345a180 a2=0x6e a3=0x1 items=1 ppid=871 pid=922 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_init_shill:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.713:62) : proctitle=/usr/bin/powerd --log_dir=/var/log/power_manager --run_dir=/run/power_manager/power --vmodule= |
| type=PATH msg=audit(02/10/22 02:22:56.713:62) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.713:62) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.713:62) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.713:62) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x79057275b5a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=968 auid=unset uid=power gid=power euid=power suid=power fsuid=power egid=power sgid=power fsgid=power tty=(none) ses=unset comm=powerd exe=/usr/bin/powerd subj=u:r:cros_powerd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.715:63) : proctitle=/usr/bin/powerd --log_dir=/var/log/power_manager --run_dir=/run/power_manager/power --vmodule= |
| type=PATH msg=audit(02/10/22 02:22:56.715:63) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.715:63) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.715:63) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.715:63) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xc a1=0x7ffedf014f60 a2=0x1d a3=0x0 items=1 ppid=1 pid=968 auid=unset uid=power gid=power euid=power suid=power fsuid=power egid=power sgid=power fsgid=power tty=(none) ses=unset comm=powerd exe=/usr/bin/powerd subj=u:r:cros_powerd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.729:64) : proctitle=/usr/sbin/chapsd --auto_load_system_token |
| type=PATH msg=audit(02/10/22 02:22:56.729:64) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.729:64) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.729:64) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.729:64) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1b a1=0x7ffda64fb580 a2=0x1d a3=0x21 items=1 ppid=1 pid=810 auid=unset uid=chaps gid=chronos-access euid=chaps suid=chaps fsuid=chaps egid=chronos-access sgid=chronos-access fsgid=chronos-access tty=(none) ses=unset comm=chapsd exe=/usr/sbin/chapsd subj=u:r:cros_chapsd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.741:65) : proctitle=/usr/bin/shill --log-level=0 --log-scopes= --vmodule=object_proxy=0,dbus_object=0,bus=0 --devices-blocked=eth_test,faketap0,wlan |
| type=PATH msg=audit(02/10/22 02:22:56.741:65) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.741:65) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.741:65) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.741:65) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x7ffcc604f710 a2=0x1d a3=0x40 items=1 ppid=1 pid=1028 auid=unset uid=shill gid=shill euid=shill suid=shill fsuid=shill egid=shill sgid=shill fsgid=shill tty=(none) ses=unset comm=shill exe=/usr/bin/shill subj=u:r:cros_shill:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.742:66) : proctitle=logger -e -t chaps-restore |
| type=PATH msg=audit(02/10/22 02:22:56.742:66) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.742:66) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.742:66) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.742:66) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5c7646f48180 a2=0x6e a3=0x1 items=1 ppid=1098 pid=1102 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.743:67) : proctitle=/usr/bin/shill --log-level=0 --log-scopes= --vmodule=object_proxy=0,dbus_object=0,bus=0 --devices-blocked=eth_test,faketap0,wlan |
| type=PATH msg=audit(02/10/22 02:22:56.743:67) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.743:67) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.743:67) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.743:67) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xa a1=0x7ffcc604f710 a2=0x1d a3=0x40 items=1 ppid=1 pid=1028 auid=unset uid=shill gid=shill euid=shill suid=shill fsuid=shill egid=shill sgid=shill fsgid=shill tty=(none) ses=unset comm=shill exe=/usr/bin/shill subj=u:r:cros_shill:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.745:68) : proctitle=/usr/bin/logger --priority daemon err --tag /usr/bin/shill |
| type=PATH msg=audit(02/10/22 02:22:56.745:68) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.745:68) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.745:68) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.745:68) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x59b780f3a180 a2=0x6e a3=0x1 items=1 ppid=1028 pid=1106 auid=unset uid=syslog gid=syslog euid=syslog suid=syslog fsuid=syslog egid=syslog sgid=syslog fsgid=syslog tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_shill:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.746:69) : proctitle=/usr/sbin/pca_agentd |
| type=PATH msg=audit(02/10/22 02:22:56.746:69) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.746:69) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.746:69) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.746:69) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x7ffd187386d0 a2=0x1d a3=0x20 items=1 ppid=1 pid=1054 auid=unset uid=attestation gid=attestation euid=attestation suid=attestation fsuid=attestation egid=attestation sgid=attestation fsgid=attestation tty=(none) ses=unset comm=pca_agentd exe=/usr/sbin/pca_agentd subj=u:r:cros_pca_agentd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.757:70) : proctitle=cryptohome --action=pkcs11_restore_tpm_tokens |
| type=PATH msg=audit(02/10/22 02:22:56.757:70) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.757:70) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.757:70) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.757:70) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7fffe5425790 a2=0x1d a3=0x21 items=1 ppid=1098 pid=1101 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=cryptohome exe=/usr/sbin/cryptohome subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.761:71) : proctitle=/usr/sbin/bootlockboxd |
| type=PATH msg=audit(02/10/22 02:22:56.761:71) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.761:71) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.761:71) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.761:71) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x7f43ff54e5a0 a2=0x6e a3=0x0 items=1 ppid=815 pid=829 auid=unset uid=bootlockboxd gid=bootlockboxd euid=bootlockboxd suid=bootlockboxd fsuid=bootlockboxd egid=bootlockboxd sgid=bootlockboxd fsgid=bootlockboxd tty=(none) ses=unset comm=bootlockboxd exe=/usr/sbin/bootlockboxd subj=u:r:cros_bootlockboxd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.762:72) : proctitle=/usr/bin/gdbus wait --system org.chromium.UserDataAuth |
| type=PATH msg=audit(02/10/22 02:22:56.762:72) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.762:72) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.762:72) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.762:72) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x5 a1=0x7ffdc8c878a0 a2=0x6e a3=0x7ffdc8c87880 items=1 ppid=1107 pid=1133 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=gdbus exe=/usr/bin/gdbus subj=u:r:cros_gdbus:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.766:73) : proctitle=/usr/sbin/bootlockboxd |
| type=PATH msg=audit(02/10/22 02:22:56.766:73) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.766:73) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.766:73) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.766:73) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xb a1=0x7fff8a55ac30 a2=0x1d a3=0x21 items=1 ppid=815 pid=829 auid=unset uid=bootlockboxd gid=bootlockboxd euid=bootlockboxd suid=bootlockboxd fsuid=bootlockboxd egid=bootlockboxd sgid=bootlockboxd fsgid=bootlockboxd tty=(none) ses=unset comm=bootlockboxd exe=/usr/sbin/bootlockboxd subj=u:r:cros_bootlockboxd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.768:74) : proctitle=status |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.768:74) : saddr={ fam=local path=/com/ubuntu/upstart } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.768:74) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7fff546dd900 a2=0x16 a3=0x20 items=0 ppid=1160 pid=1161 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=status exe=/sbin/initctl subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.769:75) : proctitle=/usr/bin/shill --log-level=0 --log-scopes= --vmodule=object_proxy=0,dbus_object=0,bus=0 --devices-blocked=eth_test,faketap0,wlan |
| type=PATH msg=audit(02/10/22 02:22:56.769:75) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.769:75) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.769:75) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.769:75) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xe a1=0x79613ddf05a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=1028 auid=unset uid=shill gid=shill euid=shill suid=shill fsuid=shill egid=shill sgid=shill fsgid=shill tty=(none) ses=unset comm=shill exe=/usr/bin/shill subj=u:r:cros_shill:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.777:76) : proctitle=status |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.777:76) : saddr={ fam=local path=/com/ubuntu/upstart } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.777:76) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffe07cd7be0 a2=0x16 a3=0x20 items=0 ppid=1171 pid=1173 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=status exe=/sbin/initctl subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.790:77) : proctitle=session_manager |
| type=PATH msg=audit(02/10/22 02:22:56.790:77) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.790:77) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.790:77) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.790:77) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x78609805a5a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=1145 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=session_manager exe=/sbin/session_manager subj=u:r:cros_session_manager:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.791:78) : proctitle=/usr/bin/shill --log-level=0 --log-scopes= --vmodule=object_proxy=0,dbus_object=0,bus=0 --devices-blocked=eth_test,faketap0,wlan |
| type=PATH msg=audit(02/10/22 02:22:56.791:78) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.791:78) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.791:78) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.791:78) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xf a1=0x7ffcc604eb40 a2=0x1d a3=0x21 items=1 ppid=1 pid=1028 auid=unset uid=shill gid=shill euid=shill suid=shill fsuid=shill egid=shill sgid=shill fsgid=shill tty=(none) ses=unset comm=shill exe=/usr/bin/shill subj=u:r:cros_shill:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.797:79) : proctitle=cryptohomed --noclose --direncryption --vmodule= |
| type=PATH msg=audit(02/10/22 02:22:56.797:79) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.797:79) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.797:79) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.797:79) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x7ffc708931f0 a2=0x1d a3=0x21 items=1 ppid=1 pid=1217 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=cryptohomed exe=/usr/sbin/cryptohomed subj=u:r:cros_cryptohomed:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.798:80) : proctitle=session_manager |
| type=PATH msg=audit(02/10/22 02:22:56.798:80) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.798:80) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.798:80) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.798:80) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xc a1=0x7fff328d2d70 a2=0x1d a3=0x20 items=1 ppid=1 pid=1145 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=session_manager exe=/sbin/session_manager subj=u:r:cros_session_manager:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.800:81) : proctitle=cryptohomed --noclose --direncryption --vmodule= |
| type=PATH msg=audit(02/10/22 02:22:56.800:81) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.800:81) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.800:81) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.800:81) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xf a1=0x799a64b3c350 a2=0x1d a3=0x20 items=1 ppid=1 pid=1217 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=tpm_manager_thr exe=/usr/sbin/cryptohomed subj=u:r:cros_cryptohomed:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.804:82) : proctitle=cryptohomed --noclose --direncryption --vmodule= |
| type=PATH msg=audit(02/10/22 02:22:56.804:82) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.804:82) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.804:82) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.804:82) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x10 a1=0x799a656025a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=1217 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=tpm_manager_thr exe=/usr/sbin/cryptohomed subj=u:r:cros_cryptohomed:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.804:83) : proctitle=initctl emit shill-disconnected |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.804:83) : saddr={ fam=local path=/com/ubuntu/upstart } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.804:83) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7fff2d9c5a20 a2=0x16 a3=0x20 items=0 ppid=1227 pid=1229 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=initctl exe=/sbin/initctl subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.819:84) : proctitle=/usr/bin/gdbus wait --system --timeout 15 org.chromium.UserDataAuth |
| type=PATH msg=audit(02/10/22 02:22:56.819:84) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.819:84) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.819:84) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.819:84) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x5 a1=0x7ffeec1cde80 a2=0x6e a3=0x7ffeec1cde60 items=1 ppid=1220 pid=1232 auid=unset uid=cryptohome gid=root euid=cryptohome suid=cryptohome fsuid=cryptohome egid=root sgid=root fsgid=root tty=(none) ses=unset comm=gdbus exe=/usr/bin/gdbus subj=u:r:cros_gdbus:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.824:85) : proctitle=cryptohomed --noclose --direncryption --vmodule= |
| type=PATH msg=audit(02/10/22 02:22:56.824:85) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.824:85) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.824:85) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.824:85) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x11 a1=0x7ffc70892b90 a2=0x1d a3=0x20 items=1 ppid=1 pid=1217 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=cryptohomed exe=/usr/sbin/cryptohomed subj=u:r:cros_cryptohomed:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.860:86) : proctitle=initctl status avahi |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.860:86) : saddr={ fam=local path=/com/ubuntu/upstart } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.860:86) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7fff6e2ed740 a2=0x16 a3=0x20 items=0 ppid=1258 pid=1310 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=initctl exe=/sbin/initctl subj=u:r:cros_machine_id_regen:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.865:87) : proctitle=initctl emit cros-machine-id-regenerated |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.865:87) : saddr={ fam=local path=/com/ubuntu/upstart } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.865:87) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7fff12cdc830 a2=0x16 a3=0x20 items=0 ppid=1258 pid=1321 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=initctl exe=/sbin/initctl subj=u:r:cros_machine_id_regen:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.870:88) : proctitle=logger -t cros-machine-id-regen Regenerated /var/lib/dbus/machine-id (reason: network). |
| type=PATH msg=audit(02/10/22 02:22:56.870:88) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.870:88) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.870:88) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.870:88) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x596e4840b180 a2=0x6e a3=0x1 items=1 ppid=1258 pid=1328 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_machine_id_regen:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.883:89) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:22:56.883:89) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.883:89) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.883:89) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.883:89) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffc41e881b0 a2=0x1d a3=0x20 items=1 ppid=1217 pid=1346 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.897:90) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:22:56.897:90) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.897:90) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.897:90) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.897:90) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffeb8b15ed0 a2=0x1d a3=0x20 items=1 ppid=1217 pid=1369 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.903:91) : proctitle=cryptohomed --noclose --direncryption --vmodule= |
| type=PATH msg=audit(02/10/22 02:22:56.903:91) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.903:91) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.903:91) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.903:91) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x18 a1=0x799a5fffdcf0 a2=0x1d a3=0x0 items=1 ppid=1 pid=1217 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=MountThread exe=/usr/sbin/cryptohomed subj=u:r:cros_cryptohomed:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:56.927:92) : proctitle=cryptohomed --noclose --direncryption --vmodule= |
| type=PATH msg=audit(02/10/22 02:22:56.927:92) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:56.927:92) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:56.927:92) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:56.927:92) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x19 a1=0x799a5fffe370 a2=0x1d a3=0x0 items=1 ppid=1 pid=1217 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=MountThread exe=/usr/sbin/cryptohomed subj=u:r:cros_cryptohomed:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.070:93) : proctitle=/usr/sbin/cdm-oemcrypto --allow_dev_mode --provision_test_credentials |
| type=PATH msg=audit(02/10/22 02:22:57.070:93) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:57.070:93) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.070:93) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.070:93) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7816f69fa5a0 a2=0x6e a3=0x0 items=1 ppid=1663 pid=1668 auid=unset uid=cdm-oemcrypto gid=cdm-oemcrypto euid=cdm-oemcrypto suid=cdm-oemcrypto fsuid=cdm-oemcrypto egid=cdm-oemcrypto sgid=cdm-oemcrypto fsgid=cdm-oemcrypto tty=(none) ses=unset comm=cdm-oemcrypto exe=/usr/sbin/cdm-oemcrypto subj=u:r:cros_cdm_oemcrypto:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.071:94) : proctitle=/usr/sbin/cdm-oemcrypto --allow_dev_mode --provision_test_credentials |
| type=PATH msg=audit(02/10/22 02:22:57.071:94) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:57.071:94) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.071:94) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.071:94) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xa a1=0x7ffc17e1d7a0 a2=0x1d a3=0x0 items=1 ppid=1663 pid=1668 auid=unset uid=cdm-oemcrypto gid=cdm-oemcrypto euid=cdm-oemcrypto suid=cdm-oemcrypto fsuid=cdm-oemcrypto egid=cdm-oemcrypto sgid=cdm-oemcrypto fsgid=cdm-oemcrypto tty=(none) ses=unset comm=cdm-oemcrypto exe=/usr/sbin/cdm-oemcrypto subj=u:r:cros_cdm_oemcrypto:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.125:95) : proctitle=/opt/google/chrome/chrome --use-gl=egl --gpu-sandbox-failures-fatal=no --enable-logging --log-level=1 --use-cras --enable-waylan |
| type=PATH msg=audit(02/10/22 02:22:57.125:95) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:57.125:95) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.125:95) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.125:95) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x16 a1=0x7a726fcf9940 a2=0x1d a3=0x58ae783cf980 items=1 ppid=1145 pid=1240 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=D-Bus thread exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.145:96) : proctitle=/sbin/start fwupd |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.145:96) : saddr={ fam=local path=/com/ubuntu/upstart } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.145:96) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffe167106a0 a2=0x16 a3=0x20 items=0 ppid=1718 pid=1719 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=start exe=/sbin/initctl subj=u:r:cros_dbus_daemon:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.157:97) : proctitle=/opt/google/chrome/chrome --use-gl=egl --gpu-sandbox-failures-fatal=no --enable-logging --log-level=1 --use-cras --enable-waylan |
| type=PATH msg=audit(02/10/22 02:22:57.157:97) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:57.157:97) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.157:97) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.157:97) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7a726d085b30 a2=0x1d a3=0x58ae783cf980 items=1 ppid=1145 pid=1240 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Bluez D-Bus thr exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.163:98) : proctitle=initctl status boot-services |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.163:98) : saddr={ fam=local path=/com/ubuntu/upstart } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.163:98) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffea17606c0 a2=0x16 a3=0x20 items=0 ppid=1736 pid=1747 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=initctl exe=/sbin/initctl subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.169:99) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/dev/shm |
| type=PATH msg=audit(02/10/22 02:22:57.169:99) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:57.169:99) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.169:99) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.169:99) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffc24775550 a2=0x1d a3=0x20 items=1 ppid=1240 pid=1748 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.187:100) : proctitle=/usr/bin/gdbus wait --system --timeout 15 org.freedesktop.fwupd |
| type=PATH msg=audit(02/10/22 02:22:57.187:100) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:57.187:100) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.187:100) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.187:100) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x5 a1=0x7ffc5a163690 a2=0x6e a3=0x7ffc5a163670 items=1 ppid=1767 pid=1771 auid=unset uid=fwupd gid=fwupd euid=fwupd suid=fwupd fsuid=fwupd egid=fwupd sgid=fwupd fsgid=fwupd tty=(none) ses=unset comm=gdbus exe=/usr/bin/gdbus subj=u:r:cros_gdbus:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.300:101) : proctitle=/usr/libexec/fwupd/fwupd |
| type=PATH msg=audit(02/10/22 02:22:57.300:101) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:57.300:101) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.300:101) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.300:101) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xd a1=0x7d424a4d1a60 a2=0x6e a3=0x7d424a4d1a40 items=1 ppid=1770 pid=1822 auid=unset uid=fwupd gid=fwupd euid=fwupd suid=fwupd fsuid=fwupd egid=fwupd sgid=fwupd fsgid=fwupd tty=(none) ses=unset comm=pool-fwupd exe=/usr/libexec/fwupd/fwupd subj=u:r:cros_fwupd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.319:102) : proctitle=/usr/sbin/attestationd |
| type=PATH msg=audit(02/10/22 02:22:57.319:102) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:57.319:102) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.319:102) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.319:102) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x8 a1=0x7e8f54a105a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=1887 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=attestationd exe=/usr/sbin/attestationd subj=u:r:cros_attestationd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.322:103) : proctitle=/usr/sbin/attestationd |
| type=PATH msg=audit(02/10/22 02:22:57.322:103) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:57.322:103) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.322:103) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.322:103) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xb a1=0x7ffedcd43b30 a2=0x1d a3=0x0 items=1 ppid=1 pid=1887 auid=unset uid=attestation gid=attestation euid=attestation suid=attestation fsuid=attestation egid=attestation sgid=attestation fsgid=attestation tty=(none) ses=unset comm=attestationd exe=/usr/sbin/attestationd subj=u:r:cros_attestationd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.327:106) : proctitle=/usr/sbin/attestationd |
| type=PATH msg=audit(02/10/22 02:22:57.327:106) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:57.327:106) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.327:106) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.327:106) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x16 a1=0x7e8f53be7450 a2=0x1d a3=0x20 items=1 ppid=1 pid=1887 auid=unset uid=attestation gid=attestation euid=attestation suid=attestation fsuid=attestation egid=attestation sgid=attestation fsgid=attestation tty=(none) ses=unset comm=attestationd exe=/usr/sbin/attestationd subj=u:r:cros_attestationd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.329:107) : proctitle=/usr/bin/gdbus wait --system --timeout 15 org.chromium.Attestation |
| type=PATH msg=audit(02/10/22 02:22:57.329:107) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:57.329:107) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.329:107) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.329:107) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x5 a1=0x7ffe6f263c00 a2=0x6e a3=0x7ffe6f263be0 items=1 ppid=1888 pid=1892 auid=unset uid=attestation gid=root euid=attestation suid=attestation fsuid=attestation egid=root sgid=root fsgid=root tty=(none) ses=unset comm=gdbus exe=/usr/bin/gdbus subj=u:r:cros_gdbus:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.333:108) : proctitle=/usr/sbin/attestationd |
| type=PATH msg=audit(02/10/22 02:22:57.333:108) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:57.333:108) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.333:108) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.333:108) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x17 a1=0x7e8f543e5fc0 a2=0x1d a3=0x21 items=1 ppid=1 pid=1887 auid=unset uid=attestation gid=attestation euid=attestation suid=attestation fsuid=attestation egid=attestation sgid=attestation fsgid=attestation tty=(none) ses=unset comm=attestationd exe=/usr/sbin/attestationd subj=u:r:cros_attestationd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.359:130) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/chronos/Default/Code Cache/js |
| type=PATH msg=audit(02/10/22 02:22:57.359:130) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:57.359:130) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.359:130) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.359:130) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7fff4ffc6dd0 a2=0x1d a3=0x20 items=1 ppid=1240 pid=1904 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.369:131) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/chronos/Default/Code Cache/wasm |
| type=PATH msg=audit(02/10/22 02:22:57.369:131) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:57.369:131) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.369:131) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.369:131) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffcc3123590 a2=0x1d a3=0x20 items=1 ppid=1240 pid=1907 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.374:132) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/chronos/Default/Code Cache/webui_js |
| type=PATH msg=audit(02/10/22 02:22:57.374:132) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:57.374:132) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.374:132) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.374:132) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7fffc523e550 a2=0x1d a3=0x20 items=1 ppid=1240 pid=1908 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.431:133) : proctitle=/usr/sbin/arc-prepare-host-generated-dir --log_tag=arc-prepare-host-generated-dir |
| type=PATH msg=audit(02/10/22 02:22:57.431:133) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:57.431:133) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.431:133) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.431:133) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7e12e746e5a0 a2=0x6e a3=0x0 items=1 ppid=1893 pid=1909 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=arc-prepare-hos exe=/usr/sbin/arc-prepare-host-generated-dir subj=u:r:minijailed:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.465:134) : proctitle=/usr/sbin/iioservice |
| type=PATH msg=audit(02/10/22 02:22:57.465:134) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:57.465:134) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.465:134) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.465:134) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xa a1=0x7809a44475a0 a2=0x6e a3=0x0 items=1 ppid=728 pid=775 auid=unset uid=iioservice gid=iioservice euid=iioservice suid=iioservice fsuid=iioservice egid=iioservice sgid=iioservice fsgid=iioservice tty=(none) ses=unset comm=iioservice exe=/usr/sbin/iioservice subj=u:r:cros_iioservice:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.497:135) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.497:135) : saddr={ fam=inet laddr=127.0.0.1 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.497:135) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x19 a1=0x7b7870ae3800 a2=0x10 a3=0x822d320000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.498:136) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.498:136) : saddr={ fam=inet laddr=127.0.0.1 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.498:136) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1a a1=0x7b7870ae37e0 a2=0x10 a3=0x82a7440000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.498:137) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.498:137) : saddr={ fam=inet laddr=127.0.0.1 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.498:137) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1b a1=0x7b7870ae36e0 a2=0x10 a3=0x82a7440000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.498:138) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.498:138) : saddr={ fam=inet laddr=127.0.0.1 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.498:138) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1c a1=0x7b7870ae36c0 a2=0x10 a3=0x82a7440000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.500:139) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.500:139) : saddr={ fam=inet laddr=127.0.0.1 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.500:139) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x19 a1=0x7b786f2e5d0c a2=0x10 a3=0x7b786f2e2194 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=ThreadPoolForeg exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:57.501:140) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:22:57.501:140) : saddr={ fam=inet laddr=127.0.0.1 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:22:57.501:140) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x19 a1=0x7b786f2e5d0c a2=0x10 a3=0x7b786f2e2194 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=ThreadPoolForeg exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:58.845:318) : proctitle=/sbin/dhcpcd -B -q -4 eth0=ethernet_any |
| type=PATH msg=audit(02/10/22 02:22:58.845:318) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:58.845:318) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:58.845:318) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:22:58.845:318) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x8 a1=0x7ffca89bf4e0 a2=0x1d a3=0x20 items=1 ppid=1028 pid=1959 auid=unset uid=dhcp gid=dhcp euid=dhcp suid=dhcp fsuid=dhcp egid=dhcp sgid=dhcp fsgid=dhcp tty=(none) ses=unset comm=dhcpcd exe=/sbin/dhcpcd subj=u:r:cros_shill:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:58.849:319) : proctitle=/sbin/dhcpcd -B -q -4 eth0=ethernet_any |
| type=PATH msg=audit(02/10/22 02:22:58.849:319) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:22:58.849:319) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:22:58.849:319) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:22:58.849:319) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x7e72688055a0 a2=0x6e a3=0x0 items=1 ppid=1028 pid=1959 auid=unset uid=dhcp gid=dhcp euid=dhcp suid=dhcp fsuid=dhcp egid=dhcp sgid=dhcp fsgid=dhcp tty=(none) ses=unset comm=dhcpcd exe=/sbin/dhcpcd subj=u:r:cros_shill:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:59.214:321) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:22:59.214:321) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:22:59.214:321) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1b a1=0x7b7870ae0ae0 a2=0x10 a3=0x1d8119c0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:59.215:322) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:22:59.215:322) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:22:59.215:322) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1e a1=0x7b7870ae09c0 a2=0x10 a3=0x1d88bae0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:22:59.201:320) : proctitle=initctl emit shill-connected |
| type=SOCKADDR msg=audit(02/10/22 02:22:59.201:320) : saddr={ fam=local path=/com/ubuntu/upstart } |
| type=SYSCALL msg=audit(02/10/22 02:22:59.201:320) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffe5fa027e0 a2=0x16 a3=0x20 items=0 ppid=1962 pid=1963 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=initctl exe=/sbin/initctl subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:00.386:384) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:00.386:384) : saddr={ fam=inet6 laddr=2001:4860:4860::8888 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:00.386:384) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1f a1=0x7b7870ae5f70 a2=0x1c a3=0x4d3f640000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:00.388:385) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:00.388:385) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:00.388:385) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1f a1=0x7b7870ae2f00 a2=0x10 a3=0x4e33880000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:00.389:386) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:00.389:386) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:00.389:386) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae2de0 a2=0x10 a3=0x4ead9a0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.621:418) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.621:418) : saddr={ fam=inet6 laddr=2001:4860:4860::8888 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.621:418) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae2860 a2=0x1c a3=0xbd4dea0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.621:419) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.621:419) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.621:419) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae1ca0 a2=0x10 a3=0xbd4dea0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.622:420) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.622:420) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.622:420) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x21 a1=0x7b7870ae1b80 a2=0x10 a3=0xbdc7fc0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.622:421) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.622:421) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.622:421) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x22 a1=0x7b7870ae1a60 a2=0x10 a3=0xbdc7fc0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.624:422) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.624:422) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.624:422) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x23 a1=0x7b7870ae1ca0 a2=0x10 a3=0x20c400299260 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.624:423) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.624:423) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.624:423) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x24 a1=0x7b7870ae1b80 a2=0x10 a3=0xbebc200000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.625:424) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.625:424) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.625:424) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x25 a1=0x7b7870ae1a60 a2=0x10 a3=0x20c400299260 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.646:445) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.646:445) : saddr={ fam=inet6 laddr=2a00:1450:400c:c06::8b lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.646:445) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x21 a1=0x7b7870ae5d40 a2=0x1c a3=0xc939ac0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.646:446) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.646:446) : saddr={ fam=inet6 laddr=2a00:1450:400c:c06::66 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.646:446) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x21 a1=0x7b7870ae5d40 a2=0x1c a3=0xc939ac0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.646:447) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.646:447) : saddr={ fam=inet6 laddr=2a00:1450:400c:c06::71 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.646:447) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x21 a1=0x7b7870ae5d40 a2=0x1c a3=0xc939ac0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.646:448) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.646:448) : saddr={ fam=inet6 laddr=2a00:1450:400c:c06::8a lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.646:448) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x21 a1=0x7b7870ae5d40 a2=0x1c a3=0xc939ac0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.647:449) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.647:449) : saddr={ fam=inet laddr=66.102.1.113 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.647:449) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x21 a1=0x7b7870ae5d40 a2=0x10 a3=0xc9b3be0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.647:450) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.647:450) : saddr={ fam=inet laddr=66.102.1.102 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.647:450) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x21 a1=0x7b7870ae5d40 a2=0x10 a3=0xc9b3be0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.647:451) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.647:451) : saddr={ fam=inet laddr=66.102.1.139 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.647:451) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x21 a1=0x7b7870ae5d40 a2=0x10 a3=0xc9b3be0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.647:452) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.647:452) : saddr={ fam=inet laddr=66.102.1.101 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.647:452) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x21 a1=0x7b7870ae5d40 a2=0x10 a3=0xc9b3be0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.647:453) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.647:453) : saddr={ fam=inet laddr=66.102.1.138 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.647:453) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x21 a1=0x7b7870ae5d40 a2=0x10 a3=0xc9b3be0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.647:454) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.647:454) : saddr={ fam=inet laddr=66.102.1.100 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.647:454) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x21 a1=0x7b7870ae5d40 a2=0x10 a3=0xc9b3be0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.648:455) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.648:455) : saddr={ fam=inet6 laddr=2a00:1450:400c:c00::67 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.648:455) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae5d40 a2=0x1c a3=0xca2dd00000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.648:456) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.648:456) : saddr={ fam=inet6 laddr=2a00:1450:400c:c00::93 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.648:456) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae5d40 a2=0x1c a3=0xca2dd00000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.648:457) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.648:457) : saddr={ fam=inet6 laddr=2a00:1450:400c:c00::69 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.648:457) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae5d40 a2=0x1c a3=0xca2dd00000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.648:458) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.648:458) : saddr={ fam=inet6 laddr=2a00:1450:400c:c00::6a lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.648:458) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae5d40 a2=0x1c a3=0xca2dd00000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.651:459) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.651:459) : saddr={ fam=inet laddr=142.251.5.147 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.651:459) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae5d40 a2=0x10 a3=0xcb9c060000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.651:460) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.651:460) : saddr={ fam=inet laddr=142.251.5.99 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.651:460) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae5d40 a2=0x10 a3=0xcb9c060000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.651:461) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.651:461) : saddr={ fam=inet laddr=142.251.5.104 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.651:461) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae5d40 a2=0x10 a3=0xcb9c060000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.651:462) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.651:462) : saddr={ fam=inet laddr=142.251.5.105 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.651:462) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae5d40 a2=0x10 a3=0xcb9c060000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.651:463) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.651:463) : saddr={ fam=inet laddr=142.251.5.106 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.651:463) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae5d40 a2=0x10 a3=0xcb9c060000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.652:464) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.652:464) : saddr={ fam=inet laddr=142.251.5.103 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.652:464) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae5d40 a2=0x10 a3=0xcb9c060000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.684:489) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.684:489) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.684:489) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x22 a1=0x7b7870ae0c10 a2=0x10 a3=0xdb58580000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.684:490) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.684:490) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.684:490) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x23 a1=0x7b7870ae0af0 a2=0x10 a3=0xdb58580000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.685:491) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.685:491) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.685:491) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x24 a1=0x7b7870ae09d0 a2=0x10 a3=0xdbd26a0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.688:492) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.688:492) : saddr={ fam=inet6 laddr=2a00:1450:400c:c00::8d lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.688:492) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x22 a1=0x7b7870ae5d40 a2=0x1c a3=0xdd40a00000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.689:493) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.689:493) : saddr={ fam=inet laddr=173.194.76.141 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.689:493) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x22 a1=0x7b7870ae5d40 a2=0x10 a3=0xddbab20000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.836:495) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.836:495) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.836:495) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x24 a1=0x7b7870ae3800 a2=0x10 a3=0x123d3080000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.839:496) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.839:496) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.839:496) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x27 a1=0x7b7870ae36e0 a2=0x10 a3=0x125413e0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.839:497) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.839:497) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.839:497) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x28 a1=0x7b7870ae35c0 a2=0x10 a3=0x125413e0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.844:498) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.844:498) : saddr={ fam=inet6 laddr=2a00:1450:400c:c07::5e lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.844:498) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x24 a1=0x7b7870ae5d40 a2=0x1c a3=0x127a3980000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.844:499) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.844:499) : saddr={ fam=inet laddr=108.177.15.94 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.844:499) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x24 a1=0x7b7870ae5d40 a2=0x10 a3=0x127a3980000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.858:501) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.858:501) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.858:501) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2a a1=0x7b7870ae3800 a2=0x10 a3=0x12e50940000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.859:502) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.859:502) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.859:502) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2b a1=0x7b7870ae36e0 a2=0x10 a3=0x12ecaa60000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.859:503) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.859:503) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.859:503) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2c a1=0x7b7870ae35c0 a2=0x10 a3=0x12ecaa60000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.859:504) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.859:504) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.859:504) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2d a1=0x7b7870ae3800 a2=0x10 a3=0x12ecaa60000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.860:505) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.860:505) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.860:505) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2e a1=0x7b7870ae36e0 a2=0x10 a3=0x12ecaa60000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.860:506) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.860:506) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.860:506) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2f a1=0x7b7870ae35c0 a2=0x10 a3=0x12f44b80000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.872:508) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.872:508) : saddr={ fam=inet6 laddr=2a00:1450:400c:c0c::8a lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.872:508) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x27 a1=0x7b7870ae5d40 a2=0x1c a3=0x134fd900000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.872:509) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.872:509) : saddr={ fam=inet6 laddr=2a00:1450:400c:c0c::8b lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.872:509) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x27 a1=0x7b7870ae5d40 a2=0x1c a3=0x134fd900000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.872:510) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.872:510) : saddr={ fam=inet6 laddr=2a00:1450:400c:c0c::66 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.872:510) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x27 a1=0x7b7870ae5d40 a2=0x1c a3=0x134fd900000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.872:511) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.872:511) : saddr={ fam=inet6 laddr=2a00:1450:400c:c0c::71 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.872:511) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x27 a1=0x7b7870ae5d40 a2=0x1c a3=0x134fd900000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.872:512) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.872:512) : saddr={ fam=inet laddr=142.251.5.138 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.872:512) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x27 a1=0x7b7870ae5d40 a2=0x10 a3=0x134fd900000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.872:513) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.872:513) : saddr={ fam=inet laddr=142.251.5.113 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.872:513) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x27 a1=0x7b7870ae5d40 a2=0x10 a3=0x134fd900000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.873:514) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.873:514) : saddr={ fam=inet laddr=142.251.5.139 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.873:514) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x27 a1=0x7b7870ae5d40 a2=0x10 a3=0x13577a20000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.873:515) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.873:515) : saddr={ fam=inet laddr=142.251.5.102 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.873:515) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x27 a1=0x7b7870ae5d40 a2=0x10 a3=0x13577a20000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.873:516) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.873:516) : saddr={ fam=inet laddr=142.251.5.100 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.873:516) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x27 a1=0x7b7870ae5d40 a2=0x10 a3=0x13577a20000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.873:517) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.873:517) : saddr={ fam=inet laddr=142.251.5.101 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.873:517) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x27 a1=0x7b7870ae5d40 a2=0x10 a3=0x13577a20000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.877:518) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.877:518) : saddr={ fam=inet6 laddr=2a00:1450:400c:c07::61 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.877:518) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x24 a1=0x7b7870ae5d40 a2=0x1c a3=0x1375fea0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:01.877:519) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:01.877:519) : saddr={ fam=inet laddr=108.177.15.97 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:01.877:519) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x24 a1=0x7b7870ae5d40 a2=0x10 a3=0x1375fea0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.100:557) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.100:557) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.100:557) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x29 a1=0x7b7870ae3800 a2=0x10 a3=0x1a1b5980000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.100:558) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.100:558) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.100:558) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2a a1=0x7b7870ae36e0 a2=0x10 a3=0x1a1b5980000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.100:559) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.100:559) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.100:559) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2b a1=0x7b7870ae35c0 a2=0x10 a3=0x1a1b5980000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.106:560) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.106:560) : saddr={ fam=inet6 laddr=2a00:1450:400c:c00::5e lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.106:560) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x29 a1=0x7b7870ae5d40 a2=0x1c a3=0x1a492040000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.106:561) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.106:561) : saddr={ fam=inet laddr=173.194.76.94 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.106:561) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x29 a1=0x7b7870ae5d40 a2=0x10 a3=0x1a492040000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.143:562) : proctitle=iptables -t raw -A OUTPUT -p udp -d 224.0.0.251 --sport 5353 --dport 5353 -j CT --helper mdns -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.143:562) : saddr={ fam=inet6 laddr=::1 lport=5353 } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.143:562) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5acebb2ac800 a2=0x1c a3=0x0 items=0 ppid=2030 pid=2046 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.143:563) : proctitle=iptables -t raw -A OUTPUT -p udp -d 224.0.0.251 --sport 5353 --dport 5353 -j CT --helper mdns -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.143:563) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:23:02.143:563) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffe795b12d0 a2=0x10 a3=0x6 items=0 ppid=2030 pid=2046 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.143:564) : proctitle=iptables -t raw -A OUTPUT -p udp -d 224.0.0.251 --sport 5353 --dport 5353 -j CT --helper mdns -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.143:564) : saddr={ fam=inet laddr=127.0.0.1 lport=5353 } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.143:564) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5acebb2ac130 a2=0x10 a3=0x6 items=0 ppid=2030 pid=2046 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.144:565) : proctitle=iptables -t raw -A OUTPUT -p udp -d 224.0.0.251 --sport 5353 --dport 5353 -j CT --helper mdns -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.144:565) : saddr={ fam=inet6 laddr=::1 lport=5353 } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.144:565) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5acebb2ac8c0 a2=0x1c a3=0x2 items=0 ppid=2030 pid=2046 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.144:566) : proctitle=iptables -t raw -A OUTPUT -p udp -d 224.0.0.251 --sport 5353 --dport 5353 -j CT --helper mdns -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.144:566) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:23:02.144:566) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffe795b12d0 a2=0x10 a3=0x6 items=0 ppid=2030 pid=2046 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.144:567) : proctitle=iptables -t raw -A OUTPUT -p udp -d 224.0.0.251 --sport 5353 --dport 5353 -j CT --helper mdns -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.144:567) : saddr={ fam=inet laddr=127.0.0.1 lport=5353 } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.144:567) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5acebb2ac970 a2=0x10 a3=0x6 items=0 ppid=2030 pid=2046 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.150:569) : proctitle=iptables -t raw -A OUTPUT -p udp --dport 1900 -j CT --helper ssdp -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.150:569) : saddr={ fam=inet6 laddr=::1 lport=1900 } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.150:569) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x582277252800 a2=0x1c a3=0x0 items=0 ppid=2030 pid=2051 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.150:570) : proctitle=iptables -t raw -A OUTPUT -p udp --dport 1900 -j CT --helper ssdp -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.150:570) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:23:02.150:570) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffcd0f06020 a2=0x10 a3=0x6 items=0 ppid=2030 pid=2051 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.150:571) : proctitle=iptables -t raw -A OUTPUT -p udp --dport 1900 -j CT --helper ssdp -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.150:571) : saddr={ fam=inet laddr=127.0.0.1 lport=1900 } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.150:571) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x582277252130 a2=0x10 a3=0x6 items=0 ppid=2030 pid=2051 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.151:573) : proctitle=/usr/bin/patchpaneld |
| type=PATH msg=audit(02/10/22 02:23:02.151:573) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.151:573) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.151:573) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.151:573) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x7996fe24c5a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=2035 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=patchpaneld exe=/usr/bin/patchpaneld subj=u:r:cros_patchpaneld:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.152:574) : proctitle=/usr/bin/patchpaneld |
| type=PATH msg=audit(02/10/22 02:23:02.152:574) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.152:574) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.152:574) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.152:574) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x10 a1=0x7fffe22a6fd0 a2=0x1d a3=0x20 items=1 ppid=1 pid=2035 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=patchpaneld exe=/usr/bin/patchpaneld subj=u:r:cros_patchpaneld:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.160:575) : proctitle=iptables -t raw -A PREROUTING -p udp --dport 1900 -j CT --helper ssdp -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.160:575) : saddr={ fam=inet6 laddr=::1 lport=1900 } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.160:575) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5d4212306800 a2=0x1c a3=0x0 items=0 ppid=2030 pid=2059 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.160:576) : proctitle=iptables -t raw -A PREROUTING -p udp --dport 1900 -j CT --helper ssdp -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.160:576) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:23:02.160:576) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffe34d61b60 a2=0x10 a3=0x6 items=0 ppid=2030 pid=2059 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.160:577) : proctitle=iptables -t raw -A PREROUTING -p udp --dport 1900 -j CT --helper ssdp -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.160:577) : saddr={ fam=inet laddr=127.0.0.1 lport=1900 } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.160:577) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5d4212306130 a2=0x10 a3=0x6 items=0 ppid=2030 pid=2059 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.162:579) : proctitle=/usr/bin/patchpaneld --mcast_proxy_fd=6 |
| type=PATH msg=audit(02/10/22 02:23:02.162:579) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.162:579) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.162:579) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.162:579) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7edff97855a0 a2=0x6e a3=0x0 items=1 ppid=2035 pid=2053 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=patchpaneld exe=/usr/bin/patchpaneld subj=u:r:cros_patchpaneld:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.164:580) : proctitle=/usr/bin/patchpaneld --adb_proxy_fd=4 |
| type=PATH msg=audit(02/10/22 02:23:02.164:580) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.164:580) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.164:580) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.164:580) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7921e43aa5a0 a2=0x6e a3=0x0 items=1 ppid=2035 pid=2050 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=patchpaneld exe=/usr/bin/patchpaneld subj=u:r:cros_patchpaneld:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.165:581) : proctitle=/usr/bin/patchpaneld --adb_proxy_fd=4 |
| type=PATH msg=audit(02/10/22 02:23:02.165:581) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.165:581) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.165:581) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.165:581) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xb a1=0x7fff8642c680 a2=0x1d a3=0x21 items=1 ppid=2035 pid=2050 auid=unset uid=patchpaneld gid=patchpaneld euid=patchpaneld suid=patchpaneld fsuid=patchpaneld egid=patchpaneld sgid=patchpaneld fsgid=patchpaneld tty=(none) ses=unset comm=patchpaneld exe=/usr/bin/patchpaneld subj=u:r:cros_patchpaneld:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.171:582) : proctitle=logger -t nebraska Can't run nebraska.py without its config file. |
| type=PATH msg=audit(02/10/22 02:23:02.171:582) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.171:582) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.171:582) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.171:582) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5bd97c699180 a2=0x6e a3=0x1 items=1 ppid=2065 pid=2073 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.175:584) : proctitle=stop |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.175:584) : saddr={ fam=local path=/com/ubuntu/upstart } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.175:584) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffd3e55bab0 a2=0x16 a3=0x20 items=0 ppid=2065 pid=2075 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=stop exe=/sbin/initctl subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.180:585) : proctitle=/usr/bin/cras |
| type=PATH msg=audit(02/10/22 02:23:02.180:585) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.180:585) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.180:585) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.180:585) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xe a1=0x7fff6f1e3e40 a2=0x1d a3=0x21 items=1 ppid=2032 pid=2041 auid=unset uid=cras gid=cras euid=cras suid=cras fsuid=cras egid=cras sgid=cras fsgid=cras tty=(none) ses=unset comm=cras exe=/usr/bin/cras subj=u:r:cros_cras:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.182:586) : proctitle=sshd -t -q |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.182:586) : saddr={ fam=inet6 laddr=:: lport=22 } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.182:586) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5ae46c25a740 a2=0x1c a3=0x7ffce10d5334 items=0 ppid=2048 pid=2061 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_init_sshd_pre:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.182:587) : proctitle=sshd -t -q |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.182:587) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:23:02.182:587) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffce10d64e0 a2=0x10 a3=0x6 items=0 ppid=2048 pid=2061 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_init_sshd_pre:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.182:588) : proctitle=sshd -t -q |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.182:588) : saddr={ fam=inet laddr=0.0.0.0 lport=22 } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.182:588) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5ae46c258a00 a2=0x10 a3=0x6 items=0 ppid=2048 pid=2061 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_init_sshd_pre:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.186:589) : proctitle=/usr/bin/patchpaneld --nd_proxy_fd=8 |
| type=PATH msg=audit(02/10/22 02:23:02.186:589) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.186:589) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.186:589) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.186:589) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7d1f14b565a0 a2=0x6e a3=0x0 items=1 ppid=2035 pid=2056 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=patchpaneld exe=/usr/bin/patchpaneld subj=u:r:cros_patchpaneld:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.190:590) : proctitle=/usr/bin/cras |
| type=PATH msg=audit(02/10/22 02:23:02.190:590) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.190:590) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.190:590) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.190:590) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x16 a1=0x78746fc835a0 a2=0x6e a3=0x0 items=1 ppid=2032 pid=2041 auid=unset uid=cras gid=cras euid=cras suid=cras fsuid=cras egid=cras sgid=cras fsgid=cras tty=(none) ses=unset comm=cras exe=/usr/bin/cras subj=u:r:cros_cras:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.205:592) : proctitle=/usr/bin/gdbus wait --system --timeout 15 org.chromium.CrosHealthd |
| type=PATH msg=audit(02/10/22 02:23:02.205:592) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.205:592) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.205:592) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.205:592) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x5 a1=0x7ffcbe4838c0 a2=0x6e a3=0x7ffcbe4838a0 items=1 ppid=2084 pid=2090 auid=unset uid=cros_healthd gid=cros_healthd euid=cros_healthd suid=cros_healthd fsuid=cros_healthd egid=cros_healthd sgid=cros_healthd fsgid=cros_healthd tty=(none) ses=unset comm=gdbus exe=/usr/bin/gdbus subj=u:r:cros_gdbus:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.212:593) : proctitle=/usr/bin/permission_broker |
| type=PATH msg=audit(02/10/22 02:23:02.212:593) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.212:593) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.212:593) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.212:593) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x7ffe58857570 a2=0x1d a3=0x20 items=1 ppid=1 pid=2083 auid=unset uid=devbroker gid=root euid=devbroker suid=devbroker fsuid=devbroker egid=root sgid=root fsgid=root tty=(none) ses=unset comm=permission_brok exe=/usr/bin/permission_broker subj=u:r:cros_permission_broker:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.214:594) : proctitle=upstart-socket-bridge --daemon |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.214:594) : saddr={ fam=local path=/com/ubuntu/upstart } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.214:594) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x7fffbc7ab0e0 a2=0x16 a3=0x21 items=0 ppid=1 pid=2102 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=upstart-socket- exe=/sbin/upstart-socket-bridge subj=u:r:cros_upstart_socket_bridge:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.219:596) : proctitle=logger -t cros-disks Loading FUSE module |
| type=PATH msg=audit(02/10/22 02:23:02.219:596) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.219:596) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.219:596) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.219:596) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5789b52cc180 a2=0x6e a3=0x1 items=1 ppid=2092 pid=2113 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.226:597) : proctitle=/usr/sbin/sshd -D -oPort=2222 |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.226:597) : saddr={ fam=inet6 laddr=:: lport=2222 } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.226:597) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x599471628740 a2=0x1c a3=0x7ffecce97144 items=0 ppid=1 pid=2114 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_sshd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.226:598) : proctitle=/usr/sbin/sshd -D -oPort=2222 |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.226:598) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:23:02.226:598) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffecce982f0 a2=0x10 a3=0x6 items=0 ppid=1 pid=2114 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_sshd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.226:599) : proctitle=/usr/sbin/sshd -D -oPort=2222 |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.226:599) : saddr={ fam=inet laddr=0.0.0.0 lport=2222 } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.226:599) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x599471626a00 a2=0x10 a3=0x6 items=0 ppid=1 pid=2114 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_sshd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.231:600) : proctitle=/usr/sbin/sshd -D -oPort=2222 |
| type=PATH msg=audit(02/10/22 02:23:02.231:600) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.231:600) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.231:600) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.231:600) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x7eb6e6c0a5a0 a2=0x6e a3=0x7ffecce97d00 items=1 ppid=1 pid=2114 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_sshd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.231:601) : proctitle=/usr/sbin/sshd -D -oPort=2222 |
| type=PATH msg=audit(02/10/22 02:23:02.231:601) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.231:601) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.231:601) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.231:601) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x5 a1=0x7eb6e6c0a5a0 a2=0x6e a3=0x7ffecce97d00 items=1 ppid=1 pid=2114 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_sshd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.234:602) : proctitle=/usr/sbin/mtpd -minloglevel=1 |
| type=PATH msg=audit(02/10/22 02:23:02.234:602) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.234:602) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.234:602) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.234:602) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x7ffdb0cba720 a2=0x1d a3=0x20 items=1 ppid=1 pid=2097 auid=unset uid=mtp gid=mtp euid=mtp suid=mtp fsuid=mtp egid=mtp sgid=mtp fsgid=mtp tty=(none) ses=unset comm=mtpd exe=/usr/sbin/mtpd subj=u:r:cros_mtpd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.248:603) : proctitle=/usr/sbin/conntrackd |
| type=PATH msg=audit(02/10/22 02:23:02.248:603) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.248:603) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.248:603) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.248:603) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x5 a1=0x7b08bbd7d5a0 a2=0x6e a3=0x0 items=1 ppid=2106 pid=2130 auid=unset uid=nfqueue gid=nfqueue euid=nfqueue suid=nfqueue fsuid=nfqueue egid=nfqueue sgid=nfqueue fsgid=nfqueue tty=(none) ses=unset comm=conntrackd exe=/usr/sbin/conntrackd subj=u:r:cros_conntrackd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.252:604) : proctitle=/usr/sbin/avahi-daemon --syslog --file=/etc/avahi/avahi-daemon.conf |
| type=PATH msg=audit(02/10/22 02:23:02.252:604) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.252:604) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.252:604) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.252:604) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7986b924d5a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=2108 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=avahi-daemon exe=/usr/sbin/avahi-daemon subj=u:r:cros_avahi_daemon:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.254:605) : proctitle=/usr/sbin/dnsproxyd |
| type=PATH msg=audit(02/10/22 02:23:02.254:605) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.254:605) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.254:605) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.254:605) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x8 a1=0x7db063d085a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=2105 auid=unset uid=dns-proxy gid=dns-proxy euid=dns-proxy suid=dns-proxy fsuid=dns-proxy egid=dns-proxy sgid=dns-proxy fsgid=dns-proxy tty=(none) ses=unset comm=dnsproxyd exe=/usr/sbin/dnsproxyd subj=u:r:cros_dnsproxyd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.254:606) : proctitle=/usr/sbin/dnsproxyd |
| type=PATH msg=audit(02/10/22 02:23:02.254:606) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.254:606) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.254:606) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.254:606) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xa a1=0x7fffb3e73e30 a2=0x1d a3=0x0 items=1 ppid=1 pid=2105 auid=unset uid=dns-proxy gid=dns-proxy euid=dns-proxy suid=dns-proxy fsuid=dns-proxy egid=dns-proxy sgid=dns-proxy fsgid=dns-proxy tty=(none) ses=unset comm=dnsproxyd exe=/usr/sbin/dnsproxyd subj=u:r:cros_dnsproxyd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.254:607) : proctitle=/usr/sbin/avahi-daemon --syslog --file=/etc/avahi/avahi-daemon.conf |
| type=PATH msg=audit(02/10/22 02:23:02.254:607) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.254:607) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.254:607) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.254:607) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xa a1=0x7ffcbf7c3d30 a2=0x1d a3=0x0 items=1 ppid=1 pid=2108 auid=unset uid=avahi gid=avahi euid=avahi suid=avahi fsuid=avahi egid=avahi sgid=avahi fsgid=avahi tty=(none) ses=unset comm=avahi-daemon exe=/usr/sbin/avahi-daemon subj=u:r:cros_avahi_daemon:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.256:608) : proctitle=udevadm settle |
| type=PATH msg=audit(02/10/22 02:23:02.256:608) : item=0 name=/run/udev/control inode=1152 dev=00:15 mode=socket,755 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_run_udev:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.256:608) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.256:608) : saddr={ fam=local path=/run/udev/control } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.256:608) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x575d0848bb38 a2=0x13 a3=0x7ffc1dbb2c3c items=1 ppid=1 pid=2055 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=udevadm exe=/bin/udevadm subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.259:609) : proctitle=/usr/sbin/dlcservice |
| type=PATH msg=audit(02/10/22 02:23:02.259:609) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.259:609) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.259:609) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.259:609) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x7fff22e5ef80 a2=0x1d a3=0x21 items=1 ppid=1 pid=2111 auid=unset uid=dlcservice gid=dlcservice euid=dlcservice suid=dlcservice fsuid=dlcservice egid=dlcservice sgid=dlcservice fsgid=dlcservice tty=(none) ses=unset comm=dlcservice exe=/usr/sbin/dlcservice subj=u:r:cros_dlcservice:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.263:610) : proctitle=/usr/sbin/dlcservice |
| type=PATH msg=audit(02/10/22 02:23:02.263:610) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.263:610) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.263:610) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.263:610) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xa a1=0x7fff22e5ee80 a2=0x1d a3=0x21 items=1 ppid=1 pid=2111 auid=unset uid=dlcservice gid=dlcservice euid=dlcservice suid=dlcservice fsuid=dlcservice egid=dlcservice sgid=dlcservice fsgid=dlcservice tty=(none) ses=unset comm=dlcservice exe=/usr/sbin/dlcservice subj=u:r:cros_dlcservice:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.268:611) : proctitle=/usr/sbin/dnsproxyd |
| type=PATH msg=audit(02/10/22 02:23:02.268:611) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.268:611) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.268:611) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.268:611) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xb a1=0x7fffb3e73a80 a2=0x1d a3=0x20 items=1 ppid=1 pid=2105 auid=unset uid=dns-proxy gid=dns-proxy euid=dns-proxy suid=dns-proxy fsuid=dns-proxy egid=dns-proxy sgid=dns-proxy fsgid=dns-proxy tty=(none) ses=unset comm=dnsproxyd exe=/usr/sbin/dnsproxyd subj=u:r:cros_dnsproxyd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.282:612) : proctitle=/usr/sbin/dlcservice |
| type=PATH msg=audit(02/10/22 02:23:02.282:612) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.282:612) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.282:612) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.282:612) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xb a1=0x7a2c140245a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=2111 auid=unset uid=dlcservice gid=dlcservice euid=dlcservice suid=dlcservice fsuid=dlcservice egid=dlcservice sgid=dlcservice fsgid=dlcservice tty=(none) ses=unset comm=dlcservice exe=/usr/sbin/dlcservice subj=u:r:cros_dlcservice:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.287:613) : proctitle=/usr/bin/cros_healthd |
| type=PATH msg=audit(02/10/22 02:23:02.287:613) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.287:613) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.287:613) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.287:613) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xb a1=0x7ffcba9c2930 a2=0x1d a3=0x40 items=1 ppid=2080 pid=2109 auid=unset uid=cros_healthd gid=cros_healthd euid=cros_healthd suid=cros_healthd fsuid=cros_healthd egid=cros_healthd sgid=cros_healthd fsgid=cros_healthd tty=(none) ses=unset comm=cros_healthd exe=/usr/bin/cros_healthd subj=u:r:cros_healthd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.293:614) : proctitle=update_engine |
| type=PATH msg=audit(02/10/22 02:23:02.293:614) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.293:614) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.293:614) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.293:614) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xb a1=0x7ffd029fb100 a2=0x1d a3=0x20 items=1 ppid=1 pid=2170 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=update_engine exe=/usr/sbin/update_engine subj=u:r:cros_update_engine:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.298:615) : proctitle=status |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.298:615) : saddr={ fam=local path=/com/ubuntu/upstart } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.298:615) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffe83763100 a2=0x16 a3=0x20 items=0 ppid=2177 pid=2178 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=status exe=/sbin/initctl subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.305:616) : proctitle=/usr/bin/cros_healthd |
| type=PATH msg=audit(02/10/22 02:23:02.305:616) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.305:616) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.305:616) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.305:616) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xc a1=0x7ccdcf25e5a0 a2=0x6e a3=0x0 items=1 ppid=2080 pid=2109 auid=unset uid=cros_healthd gid=cros_healthd euid=cros_healthd suid=cros_healthd fsuid=cros_healthd egid=cros_healthd sgid=cros_healthd fsgid=cros_healthd tty=(none) ses=unset comm=cros_healthd exe=/usr/bin/cros_healthd subj=u:r:cros_healthd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.305:617) : proctitle=/usr/bin/cros_healthd |
| type=PATH msg=audit(02/10/22 02:23:02.305:617) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.305:617) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.305:617) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.305:617) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xe a1=0x7ffcba9c2940 a2=0x1d a3=0x0 items=1 ppid=2080 pid=2109 auid=unset uid=cros_healthd gid=cros_healthd euid=cros_healthd suid=cros_healthd fsuid=cros_healthd egid=cros_healthd sgid=cros_healthd fsgid=cros_healthd tty=(none) ses=unset comm=cros_healthd exe=/usr/bin/cros_healthd subj=u:r:cros_healthd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.310:618) : proctitle=/usr/sbin/ModemManager --log-level=INFO |
| type=PATH msg=audit(02/10/22 02:23:02.310:618) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.310:618) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.310:618) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.310:618) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x5 a1=0x790ba41855a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=2112 auid=unset uid=modem gid=modem euid=modem suid=modem fsuid=modem egid=modem sgid=modem fsgid=modem tty=(none) ses=unset comm=ModemManager exe=/usr/sbin/ModemManager subj=u:r:cros_modem_manager:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.323:619) : proctitle=/usr/sbin/ModemManager --log-level=INFO |
| type=PATH msg=audit(02/10/22 02:23:02.323:619) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.323:619) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.323:619) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.323:619) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x6 a1=0x790ba369db10 a2=0x6e a3=0x790ba369daf0 items=1 ppid=1 pid=2112 auid=unset uid=modem gid=modem euid=modem suid=modem fsuid=modem egid=modem sgid=modem fsgid=modem tty=(none) ses=unset comm=pool-ModemManag exe=/usr/sbin/ModemManager subj=u:r:cros_modem_manager:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.325:620) : proctitle=/usr/bin/cros-disks --foreground --log_level=1 |
| type=PATH msg=audit(02/10/22 02:23:02.325:620) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.325:620) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.325:620) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.325:620) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xa a1=0x7fffaf6014e0 a2=0x1d a3=0x21 items=1 ppid=1 pid=2176 auid=unset uid=cros-disks gid=cros-disks euid=cros-disks suid=cros-disks fsuid=cros-disks egid=cros-disks sgid=cros-disks fsgid=cros-disks tty=(none) ses=unset comm=cros-disks exe=/usr/bin/cros-disks subj=u:r:cros_disks:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.343:621) : proctitle=/usr/sbin/dnsproxyd --t=sys |
| type=PATH msg=audit(02/10/22 02:23:02.343:621) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.343:621) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.343:621) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.343:621) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x7936510755a0 a2=0x6e a3=0x0 items=1 ppid=2105 pid=2180 auid=unset uid=dns-proxy gid=dns-proxy euid=dns-proxy suid=dns-proxy fsuid=dns-proxy egid=dns-proxy sgid=dns-proxy fsgid=dns-proxy tty=(none) ses=unset comm=dnsproxyd exe=/usr/sbin/dnsproxyd subj=u:r:cros_dnsproxyd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.364:622) : proctitle=/usr/sbin/dnsproxyd --t=sys |
| type=PATH msg=audit(02/10/22 02:23:02.364:622) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.364:622) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.364:622) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.364:622) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xb a1=0x7ffc74c374d0 a2=0x1d a3=0x0 items=1 ppid=2105 pid=2180 auid=unset uid=dns-proxy gid=dns-proxy euid=dns-proxy suid=dns-proxy fsuid=dns-proxy egid=dns-proxy sgid=dns-proxy fsgid=dns-proxy tty=(none) ses=unset comm=dnsproxyd exe=/usr/sbin/dnsproxyd subj=u:r:cros_dnsproxyd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.397:623) : proctitle=/usr/sbin/usb_bouncer --fork udev add /devices/pci0000:00/0000:00:01.2/usb1 |
| type=PATH msg=audit(02/10/22 02:23:02.397:623) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.397:623) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.397:623) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.397:623) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x6 a1=0x7f77275ee5a0 a2=0x6e a3=0x0 items=1 ppid=2158 pid=2173 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=usb_bouncer exe=/usr/sbin/usb_bouncer subj=u:r:cros_udevd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.413:624) : proctitle=/usr/sbin/dnsproxyd --t=sys |
| type=PATH msg=audit(02/10/22 02:23:02.413:624) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.413:624) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.413:624) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.413:624) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xc a1=0x7ffc74c37140 a2=0x1d a3=0x20 items=1 ppid=2105 pid=2180 auid=unset uid=dns-proxy gid=dns-proxy euid=dns-proxy suid=dns-proxy fsuid=dns-proxy egid=dns-proxy sgid=dns-proxy fsgid=dns-proxy tty=(none) ses=unset comm=dnsproxyd exe=/usr/sbin/dnsproxyd subj=u:r:cros_dnsproxyd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.417:625) : proctitle=/usr/sbin/dnsproxyd --t=def |
| type=PATH msg=audit(02/10/22 02:23:02.417:625) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.417:625) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.417:625) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.417:625) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x78866eabb5a0 a2=0x6e a3=0x0 items=1 ppid=2105 pid=2181 auid=unset uid=dns-proxy gid=dns-proxy euid=dns-proxy suid=dns-proxy fsuid=dns-proxy egid=dns-proxy sgid=dns-proxy fsgid=dns-proxy tty=(none) ses=unset comm=dnsproxyd exe=/usr/sbin/dnsproxyd subj=u:r:cros_dnsproxyd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.417:626) : proctitle=/usr/sbin/dnsproxyd --t=def |
| type=PATH msg=audit(02/10/22 02:23:02.417:626) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.417:626) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.417:626) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.417:626) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xb a1=0x7fff8004ec30 a2=0x1d a3=0x0 items=1 ppid=2105 pid=2181 auid=unset uid=dns-proxy gid=dns-proxy euid=dns-proxy suid=dns-proxy fsuid=dns-proxy egid=dns-proxy sgid=dns-proxy fsgid=dns-proxy tty=(none) ses=unset comm=dnsproxyd exe=/usr/sbin/dnsproxyd subj=u:r:cros_dnsproxyd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.425:627) : proctitle=/usr/sbin/dnsproxyd --t=def |
| type=PATH msg=audit(02/10/22 02:23:02.425:627) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.425:627) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.425:627) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.425:627) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xc a1=0x7fff8004e8a0 a2=0x1d a3=0x20 items=1 ppid=2105 pid=2181 auid=unset uid=dns-proxy gid=dns-proxy euid=dns-proxy suid=dns-proxy fsuid=dns-proxy egid=dns-proxy sgid=dns-proxy fsgid=dns-proxy tty=(none) ses=unset comm=dnsproxyd exe=/usr/sbin/dnsproxyd subj=u:r:cros_dnsproxyd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.517:635) : proctitle=/usr/sbin/usb_bouncer --fork udev add /devices/pci0000:00/0000:00:01.2/usb1 |
| type=PATH msg=audit(02/10/22 02:23:02.517:635) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.517:635) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.517:635) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.517:635) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x0 a1=0x7ffe99377ae0 a2=0x1d a3=0x5adcfaefb010 items=1 ppid=1 pid=2227 auid=unset uid=usb_bouncer gid=usb_bouncer euid=usb_bouncer suid=usb_bouncer fsuid=usb_bouncer egid=usb_bouncer sgid=usb_bouncer fsgid=usb_bouncer tty=(none) ses=unset comm=usb_bouncer exe=/usr/sbin/usb_bouncer subj=u:r:cros_udevd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.522:636) : proctitle=/usr/sbin/usb_bouncer --fork udev add /devices/pci0000:00/0000:00:01.2/usb1 |
| type=PATH msg=audit(02/10/22 02:23:02.522:636) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.522:636) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.522:636) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.522:636) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffe99377b40 a2=0x1d a3=0x21 items=1 ppid=1 pid=2227 auid=unset uid=usb_bouncer gid=usb_bouncer euid=usb_bouncer suid=usb_bouncer fsuid=usb_bouncer egid=usb_bouncer sgid=usb_bouncer fsgid=usb_bouncer tty=(none) ses=unset comm=usb_bouncer exe=/usr/sbin/usb_bouncer subj=u:r:cros_udevd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.527:637) : proctitle=/usr/sbin/usb_bouncer --fork udev add /devices/pci0000:00/0000:00:01.2/usb1 |
| type=PATH msg=audit(02/10/22 02:23:02.527:637) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.527:637) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.527:637) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.527:637) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x7ffe99377c60 a2=0x1d a3=0x40 items=1 ppid=1 pid=2227 auid=unset uid=usb_bouncer gid=usb_bouncer euid=usb_bouncer suid=usb_bouncer fsuid=usb_bouncer egid=usb_bouncer sgid=usb_bouncer fsgid=usb_bouncer tty=(none) ses=unset comm=usb_bouncer exe=/usr/sbin/usb_bouncer subj=u:r:cros_udevd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.683:669) : proctitle=/usr/sbin/usb_bouncer --fork udev add /devices/pci0000:00/0000:00:01.2/usb1/1-1 |
| type=PATH msg=audit(02/10/22 02:23:02.683:669) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.683:669) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.683:669) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.683:669) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x0 a1=0x7ffc2cfea5c0 a2=0x1d a3=0x5742482e4010 items=1 ppid=2301 pid=2302 auid=unset uid=usb_bouncer gid=usb_bouncer euid=usb_bouncer suid=usb_bouncer fsuid=usb_bouncer egid=usb_bouncer sgid=usb_bouncer fsgid=usb_bouncer tty=(none) ses=unset comm=usb_bouncer exe=/usr/sbin/usb_bouncer subj=u:r:cros_udevd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.687:672) : proctitle=/usr/sbin/usb_bouncer --fork udev add /devices/pci0000:00/0000:00:01.2/usb1/1-1 |
| type=PATH msg=audit(02/10/22 02:23:02.687:672) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.687:672) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.687:672) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.687:672) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7b84987945a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=2302 auid=unset uid=usb_bouncer gid=usb_bouncer euid=usb_bouncer suid=usb_bouncer fsuid=usb_bouncer egid=usb_bouncer sgid=usb_bouncer fsgid=usb_bouncer tty=(none) ses=unset comm=usb_bouncer exe=/usr/sbin/usb_bouncer subj=u:r:cros_udevd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.688:673) : proctitle=/usr/sbin/usb_bouncer --fork udev add /devices/pci0000:00/0000:00:01.2/usb1/1-1 |
| type=PATH msg=audit(02/10/22 02:23:02.688:673) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.688:673) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.688:673) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.688:673) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x7ffc2cfea620 a2=0x1d a3=0x21 items=1 ppid=1 pid=2302 auid=unset uid=usb_bouncer gid=usb_bouncer euid=usb_bouncer suid=usb_bouncer fsuid=usb_bouncer egid=usb_bouncer sgid=usb_bouncer fsgid=usb_bouncer tty=(none) ses=unset comm=usb_bouncer exe=/usr/sbin/usb_bouncer subj=u:r:cros_udevd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.692:675) : proctitle=/usr/sbin/usb_bouncer --fork udev add /devices/pci0000:00/0000:00:01.2/usb1/1-1 |
| type=PATH msg=audit(02/10/22 02:23:02.692:675) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.692:675) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.692:675) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.692:675) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x6 a1=0x7ffc2cfea740 a2=0x1d a3=0x40 items=1 ppid=1 pid=2302 auid=unset uid=usb_bouncer gid=usb_bouncer euid=usb_bouncer suid=usb_bouncer fsuid=usb_bouncer egid=usb_bouncer sgid=usb_bouncer fsgid=usb_bouncer tty=(none) ses=unset comm=usb_bouncer exe=/usr/sbin/usb_bouncer subj=u:r:cros_udevd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.735:692) : proctitle=initctl status system-services |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.735:692) : saddr={ fam=local path=/com/ubuntu/upstart } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.735:692) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffd18476090 a2=0x16 a3=0x20 items=0 ppid=2327 pid=2331 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=initctl exe=/sbin/initctl subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.766:699) : proctitle=logger -t tmpfiles.d -f /run/tmpfiles.log |
| type=PATH msg=audit(02/10/22 02:23:02.766:699) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.766:699) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.766:699) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.766:699) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5b8dc5baf180 a2=0x6e a3=0x1 items=1 ppid=2357 pid=2358 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.774:702) : proctitle=logger -t /usr/share/cros/init/crx-import.sh CRX Cache exists. No import performed. |
| type=PATH msg=audit(02/10/22 02:23:02.774:702) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.774:702) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.774:702) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.774:702) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5c49a5450180 a2=0x6e a3=0x1 items=1 ppid=2361 pid=2372 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_crx_import:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.823:708) : proctitle=/usr/bin/btmanagerd |
| type=PATH msg=audit(02/10/22 02:23:02.823:708) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.823:708) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.823:708) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.823:708) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7dd7153c35a0 a2=0x6e a3=0x0 items=1 ppid=2341 pid=2348 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=btmanagerd exe=/usr/bin/btmanagerd subj=u:r:cros_btmanagerd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.833:712) : proctitle=minijail0 -u bluetooth -g bluetooth -G -n -l --uts -e --profile minimalistic-mountns -k /run /run tmpfs MS_NODEV MS_NOEXEC MS_NO |
| type=PATH msg=audit(02/10/22 02:23:02.833:712) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.833:712) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.833:712) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.833:712) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x79de3661a5a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=2341 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=minijail0 exe=/sbin/minijail0 subj=u:r:minijail:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.852:715) : proctitle=initctl status system-services |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.852:715) : saddr={ fam=local path=/com/ubuntu/upstart } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.852:715) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffcc94917c0 a2=0x16 a3=0x20 items=0 ppid=2434 pid=2479 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=initctl exe=/sbin/initctl subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.881:717) : proctitle=logger -t create-system-key -f /run/create_system_key.log |
| type=PATH msg=audit(02/10/22 02:23:02.881:717) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.881:717) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.881:717) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.881:717) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x578a306dd180 a2=0x6e a3=0x1 items=1 ppid=2541 pid=2545 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.896:721) : proctitle=logger -t mount-encrypted -f /var/log/mount-encrypted.log |
| type=PATH msg=audit(02/10/22 02:23:02.896:721) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.896:721) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.896:721) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.896:721) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5c99d995b180 a2=0x6e a3=0x1 items=1 ppid=2546 pid=2577 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.949:727) : proctitle=/usr/bin/anomaly_detector |
| type=PATH msg=audit(02/10/22 02:23:02.949:727) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.949:727) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.949:727) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.949:727) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xb a1=0x7fffecc9e930 a2=0x1d a3=0x40 items=1 ppid=2618 pid=2649 auid=unset uid=root gid=syslog euid=root suid=root fsuid=root egid=syslog sgid=syslog fsgid=syslog tty=(none) ses=unset comm=anomaly_detecto exe=/usr/bin/anomaly_detector subj=u:r:cros_anomaly_detector:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.950:728) : proctitle=logger -t temp_logger Exiting temp_logger, system does not have any temp sensor. |
| type=PATH msg=audit(02/10/22 02:23:02.950:728) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.950:728) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.950:728) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.950:728) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x588bff9cc180 a2=0x6e a3=0x1 items=1 ppid=2650 pid=2677 auid=unset uid=power gid=root euid=power suid=power fsuid=power egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_init_temp_logger:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.953:729) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.953:729) : saddr={ fam=inet6 laddr=2001:4860:4860::8888 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.953:729) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x29 a1=0x7b7870ae2ec0 a2=0x1c a3=0x15b9d420000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:02.994:737) : proctitle=mosys -l ec info |
| type=PATH msg=audit(02/10/22 02:23:02.994:737) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:02.994:737) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:02.994:737) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:02.994:737) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7a3f7411d5a0 a2=0x6e a3=0x0 items=1 ppid=2653 pid=2684 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=mosys exe=/usr/sbin/mosys subj=u:r:cros_userfeedback:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.014:739) : proctitle=/usr/bin/resourced |
| type=PATH msg=audit(02/10/22 02:23:03.014:739) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.014:739) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.014:739) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.014:739) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7d9223e835a0 a2=0x6e a3=0x0 items=1 ppid=2724 pid=2753 auid=unset uid=resourced gid=resourced euid=resourced suid=resourced fsuid=resourced egid=resourced sgid=resourced fsgid=resourced tty=(none) ses=unset comm=resourced exe=/usr/bin/resourced subj=u:r:cros_resourced:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.014:740) : proctitle=/usr/bin/resourced |
| type=PATH msg=audit(02/10/22 02:23:03.014:740) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.014:740) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.014:740) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.014:740) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x7ffd42b8e830 a2=0x1d a3=0x5787319b5010 items=1 ppid=2724 pid=2753 auid=unset uid=resourced gid=resourced euid=resourced suid=resourced fsuid=resourced egid=resourced sgid=resourced fsgid=resourced tty=(none) ses=unset comm=resourced exe=/usr/bin/resourced subj=u:r:cros_resourced:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.017:741) : proctitle=stop |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.017:741) : saddr={ fam=local path=/com/ubuntu/upstart } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.017:741) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffdaa4d93a0 a2=0x16 a3=0x20 items=0 ppid=2327 pid=2783 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=stop exe=/sbin/initctl subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.020:742) : proctitle=/usr/bin/missived |
| type=PATH msg=audit(02/10/22 02:23:03.020:742) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.020:742) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.020:742) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.020:742) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x8 a1=0x7da1c76b15a0 a2=0x6e a3=0x0 items=1 ppid=2716 pid=2757 auid=unset uid=missived gid=missived euid=missived suid=missived fsuid=missived egid=missived sgid=missived fsgid=missived tty=(none) ses=unset comm=missived exe=/usr/bin/missived subj=u:r:cros_missived:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.020:743) : proctitle=/usr/bin/missived |
| type=PATH msg=audit(02/10/22 02:23:03.020:743) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.020:743) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.020:743) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.020:743) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xe a1=0x7ffc37f59a60 a2=0x1d a3=0x20 items=1 ppid=2716 pid=2757 auid=unset uid=missived gid=missived euid=missived suid=missived fsuid=missived egid=missived sgid=missived fsgid=missived tty=(none) ses=unset comm=missived exe=/usr/bin/missived subj=u:r:cros_missived:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.023:744) : proctitle=/usr/bin/missived |
| type=PATH msg=audit(02/10/22 02:23:03.023:744) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.023:744) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.023:744) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.023:744) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x10 a1=0x7ffc37f59860 a2=0x1d a3=0x20 items=1 ppid=2716 pid=2757 auid=unset uid=missived gid=missived euid=missived suid=missived fsuid=missived egid=missived sgid=missived fsgid=missived tty=(none) ses=unset comm=missived exe=/usr/bin/missived subj=u:r:cros_missived:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.062:747) : proctitle=/usr/bin/cros_camera_service |
| type=PATH msg=audit(02/10/22 02:23:03.062:747) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.062:747) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.062:747) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.062:747) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x7c4bd33495a0 a2=0x6e a3=0x0 items=1 ppid=2717 pid=2747 auid=unset uid=arc-camera gid=arc-camera euid=arc-camera suid=arc-camera fsuid=arc-camera egid=arc-camera sgid=arc-camera fsgid=arc-camera tty=(none) ses=unset comm=cros_camera_ser exe=/usr/bin/cros_camera_service subj=u:r:cros_camera_service:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.113:748) : proctitle=/sbin/debugd |
| type=PATH msg=audit(02/10/22 02:23:03.113:748) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.113:748) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.113:748) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.113:748) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x7fff7ca4f2a0 a2=0x1d a3=0x40 items=1 ppid=1 pid=2807 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=debugd exe=/sbin/debugd subj=u:r:cros_debugd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.115:749) : proctitle=/usr/libexec/bluetooth/bluetoothd --nodetach --configfile=/var/lib/bluetooth/main.conf -E d4992530-b9ec-469f-ab01-6c481c47da1c, |
| type=PATH msg=audit(02/10/22 02:23:03.115:749) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.115:749) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.115:749) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.115:749) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x5 a1=0x7e52656bd5a0 a2=0x6e a3=0x20 items=1 ppid=2657 pid=2761 auid=unset uid=bluetooth gid=bluetooth euid=bluetooth suid=bluetooth fsuid=bluetooth egid=bluetooth sgid=bluetooth fsgid=bluetooth tty=(none) ses=unset comm=bluetoothd exe=/usr/libexec/bluetooth/bluetoothd subj=u:r:cros_bluetoothd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.116:751) : proctitle=/usr/libexec/bluetooth/bluetoothd --nodetach --configfile=/var/lib/bluetooth/main.conf -E d4992530-b9ec-469f-ab01-6c481c47da1c, |
| type=PATH msg=audit(02/10/22 02:23:03.116:751) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.116:751) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.116:751) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.116:751) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x6 a1=0x7ffea038f430 a2=0x1d a3=0x0 items=1 ppid=2657 pid=2761 auid=unset uid=bluetooth gid=bluetooth euid=bluetooth suid=bluetooth fsuid=bluetooth egid=bluetooth sgid=bluetooth fsgid=bluetooth tty=(none) ses=unset comm=bluetoothd exe=/usr/libexec/bluetooth/bluetoothd subj=u:r:cros_bluetoothd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.117:752) : proctitle=/usr/bin/cros_camera_service |
| type=PATH msg=audit(02/10/22 02:23:03.117:752) : item=0 name=/run/camera/camera3.sock inode=10033 dev=00:15 mode=socket,660 ouid=chronos ogid=arc-camera rdev=00:00 obj=u:object_r:camera_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.117:752) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.117:752) : saddr={ fam=local path=/run/camera/camera3.sock } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.117:752) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x16 a1=0x7c4bd223a220 a2=0x1a a3=0x0 items=1 ppid=2717 pid=2747 auid=unset uid=arc-camera gid=arc-camera euid=arc-camera suid=arc-camera fsuid=arc-camera egid=arc-camera sgid=arc-camera fsgid=arc-camera tty=(none) ses=unset comm=MojoIpcThread exe=/usr/bin/cros_camera_service subj=u:r:cros_camera_service:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.119:754) : proctitle=/sbin/debugd |
| type=PATH msg=audit(02/10/22 02:23:03.119:754) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.119:754) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.119:754) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.119:754) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xa a1=0x79fb1344a5a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=2807 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=debugd exe=/sbin/debugd subj=u:r:cros_debugd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.136:759) : proctitle=/usr/bin/btmanagerd |
| type=PATH msg=audit(02/10/22 02:23:03.136:759) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.136:759) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.136:759) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.136:759) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x6 a1=0x7ffde937a1b0 a2=0xb a3=0x20 items=1 ppid=2707 pid=2714 auid=unset uid=bluetooth gid=bluetooth euid=bluetooth suid=bluetooth fsuid=bluetooth egid=bluetooth sgid=bluetooth fsgid=bluetooth tty=(none) ses=unset comm=btmanagerd exe=/usr/bin/btmanagerd subj=u:r:cros_btmanagerd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.140:760) : proctitle=/usr/bin/btmanagerd |
| type=PATH msg=audit(02/10/22 02:23:03.140:760) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.140:760) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.140:760) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.140:760) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x7 a1=0x7ffde937a090 a2=0x1d a3=0x20 items=1 ppid=2707 pid=2714 auid=unset uid=bluetooth gid=bluetooth euid=bluetooth suid=bluetooth fsuid=bluetooth egid=bluetooth sgid=bluetooth fsgid=bluetooth tty=(none) ses=unset comm=btmanagerd exe=/usr/bin/btmanagerd subj=u:r:cros_btmanagerd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.181:770) : proctitle=dbus-send --system --dest=org.chromium.SessionManager --type=method_call /org/chromium/SessionManager org.chromium.SessionManage |
| type=PATH msg=audit(02/10/22 02:23:03.181:770) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.181:770) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.181:770) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.181:770) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffd894337e0 a2=0x1d a3=0x20 items=1 ppid=2902 pid=2923 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dbus-send exe=/usr/bin/dbus-send subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.010:738) : proctitle=/usr/bin/gdbus wait --system --timeout 15 org.chromium.Missived |
| type=PATH msg=audit(02/10/22 02:23:03.010:738) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.010:738) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.010:738) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.010:738) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x5 a1=0x7ffe62a96770 a2=0x6e a3=0x7ffe62a96750 items=1 ppid=2746 pid=2760 auid=unset uid=missived gid=missived euid=missived suid=missived fsuid=missived egid=missived sgid=missived fsgid=missived tty=(none) ses=unset comm=gdbus exe=/usr/bin/gdbus subj=u:r:cros_gdbus:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.214:782) : proctitle=mosys -l pd info |
| type=PATH msg=audit(02/10/22 02:23:03.214:782) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.214:782) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.214:782) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.214:782) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7c6c900d55a0 a2=0x6e a3=0x0 items=1 ppid=2653 pid=2763 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=mosys exe=/usr/sbin/mosys subj=u:r:cros_userfeedback:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.250:794) : proctitle=/opt/google/chrome/chrome --use-gl=egl --gpu-sandbox-failures-fatal=no --enable-logging --log-level=1 --use-cras --enable-waylan |
| type=PATH msg=audit(02/10/22 02:23:03.250:794) : item=0 name=/run/perfetto/traced-producer.sock inode=1957 dev=00:15 mode=socket,666 ouid=traced ogid=traced-producer rdev=00:00 obj=u:object_r:cros_run_perfetto:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.250:794) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.250:794) : saddr={ fam=local path=/run/perfetto/traced-producer.sock } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.250:794) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x5d a1=0x3418014ed540 a2=0x25 a3=0xb782cf items=1 ppid=1145 pid=1240 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=ThreadPoolForeg exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.335:815) : proctitle=/usr/bin/patchpaneld |
| type=PATH msg=audit(02/10/22 02:23:03.335:815) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.335:815) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.335:815) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.335:815) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x11 a1=0x7fffe22a6ad0 a2=0x1d a3=0x20 items=1 ppid=1 pid=2035 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=patchpaneld exe=/usr/bin/patchpaneld subj=u:r:cros_patchpaneld:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.355:816) : proctitle=logger -t arc-keymasterd Start arc-keymaster |
| type=PATH msg=audit(02/10/22 02:23:03.355:816) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.355:816) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.355:816) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.355:816) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5d435a079180 a2=0x6e a3=0x1 items=1 ppid=3010 pid=3011 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.355:817) : proctitle=mosys -l sh info |
| type=PATH msg=audit(02/10/22 02:23:03.355:817) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.355:817) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.355:817) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.355:817) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7e02f9d4b5a0 a2=0x6e a3=0x0 items=1 ppid=2653 pid=2950 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=mosys exe=/usr/sbin/mosys subj=u:r:cros_userfeedback:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.360:818) : proctitle=logger -t arc-keymasterd Executing: minijail0 -p -N -n --uts -l -e -S /usr/share/policy/arc-keymasterd-seccomp.policy -u arc-ke |
| type=PATH msg=audit(02/10/22 02:23:03.360:818) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.360:818) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.360:818) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.360:818) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x58b546600180 a2=0x6e a3=0x1 items=1 ppid=3010 pid=3015 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.363:819) : proctitle=logger -t arc-ureadahead |
| type=PATH msg=audit(02/10/22 02:23:03.363:819) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.363:819) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.363:819) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.363:819) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5a79e3a28180 a2=0x6e a3=0x1 items=1 ppid=3014 pid=3018 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.365:820) : proctitle=logger -t arc-lifetime Pre-start arc-lifetime |
| type=PATH msg=audit(02/10/22 02:23:03.365:820) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.365:820) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.365:820) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.365:820) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x581e7a2ab180 a2=0x6e a3=0x1 items=1 ppid=1 pid=3012 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.369:821) : proctitle=/usr/bin/run_oci --log_tag=arc-container --container_path=/opt/google/containers/android start android-run_oci |
| type=PATH msg=audit(02/10/22 02:23:03.369:821) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.369:821) : cwd=/opt/google/containers/android |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.369:821) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.369:821) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7cf32b9875a0 a2=0x6e a3=0x0 items=1 ppid=1145 pid=3009 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=run_oci exe=/usr/bin/run_oci subj=u:r:cros_arc_setup:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.383:822) : proctitle=/sbin/minijail0 -v -- /usr/libexec/debugd/helpers/dev_features_rootfs_verification -q |
| type=PATH msg=audit(02/10/22 02:23:03.383:822) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.383:822) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.383:822) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.383:822) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7e7369ffb5a0 a2=0x6e a3=0x0 items=1 ppid=2807 pid=3016 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=minijail0 exe=/sbin/minijail0 subj=u:r:cros_debugd_minijail:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.389:823) : proctitle=/usr/sbin/arc-setup --log_tag=arc-setup-precreate --mode=setup |
| type=PATH msg=audit(02/10/22 02:23:03.389:823) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.389:823) : cwd=/opt/google/containers/android |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.389:823) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.389:823) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7cbb51dd45a0 a2=0x6e a3=0x0 items=1 ppid=3009 pid=3023 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=arc-setup exe=/usr/sbin/arc-setup subj=u:r:cros_arc_setup:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.395:824) : proctitle=/sbin/initctl start --no-wait arc-kmsg-logger |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.395:824) : saddr={ fam=local path=/com/ubuntu/upstart } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.395:824) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffe485bc760 a2=0x16 a3=0x20 items=0 ppid=3023 pid=3027 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=initctl exe=/sbin/initctl subj=u:r:cros_arc_setup:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.405:825) : proctitle=/sbin/minijail0 -v -- /usr/libexec/debugd/helpers/dev_features_usb_boot -q |
| type=PATH msg=audit(02/10/22 02:23:03.405:825) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.405:825) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.405:825) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.405:825) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x78dfd7ab15a0 a2=0x6e a3=0x0 items=1 ppid=2807 pid=3024 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=minijail0 exe=/sbin/minijail0 subj=u:r:cros_debugd_minijail:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.407:826) : proctitle=/usr/bin/run_oci --log_tag=arc-container --container_path=/opt/google/containers/android start android-run_oci |
| type=PATH msg=audit(02/10/22 02:23:03.407:826) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.407:826) : cwd=/opt/google/containers/android |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.407:826) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.407:826) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2 a1=0x7cf32b9875a0 a2=0x6e a3=0x0 items=1 ppid=3009 pid=3022 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=run_oci exe=/usr/bin/run_oci subj=u:r:cros_arc_setup:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.408:827) : proctitle=logger -t arc-kmsg-logger Start arc-kmsg-logger |
| type=PATH msg=audit(02/10/22 02:23:03.408:827) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.408:827) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.408:827) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.408:827) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5a24ff7dd180 a2=0x6e a3=0x1 items=1 ppid=3029 pid=3030 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.428:828) : proctitle=/sbin/minijail0 -v -u debugd -g debugd -- /usr/libexec/debugd/helpers/dev_features_chrome_remote_debugging -q |
| type=PATH msg=audit(02/10/22 02:23:03.428:828) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.428:828) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.428:828) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.428:828) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7d4644e335a0 a2=0x6e a3=0x0 items=1 ppid=2807 pid=3031 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=minijail0 exe=/sbin/minijail0 subj=u:r:cros_debugd_minijail:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.437:829) : proctitle=sudo -u android-root logger -t arc-kmsg-logger --prio-prefix --file /run/arc/android.kmsg.fifo |
| type=PATH msg=audit(02/10/22 02:23:03.437:829) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.437:829) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.437:829) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.437:829) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x6 a1=0x7ebfcaef15a0 a2=0x6e a3=0x0 items=1 ppid=3029 pid=3033 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sudo exe=/usr/bin/sudo subj=u:r:cros_arc_kmsg_logger:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.448:830) : proctitle=/sbin/minijail0 -v -- /usr/libexec/debugd/helpers/dev_features_ssh -q |
| type=PATH msg=audit(02/10/22 02:23:03.448:830) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.448:830) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.448:830) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.448:830) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7b2a8ed9a5a0 a2=0x6e a3=0x0 items=1 ppid=2807 pid=3039 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=minijail0 exe=/sbin/minijail0 subj=u:r:cros_debugd_minijail:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.464:831) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.464:831) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.464:831) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x29 a1=0x7b7870ae3800 a2=0x10 a3=0x7270e00000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.464:832) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.464:832) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.464:832) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2b a1=0x7b7870ae36e0 a2=0x10 a3=0x7270e00000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.464:833) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.464:833) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.464:833) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2c a1=0x7b7870ae35c0 a2=0x10 a3=0x7270e00000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.470:834) : proctitle=/opt/google/chrome/chrome --use-gl=egl --gpu-sandbox-failures-fatal=no --enable-logging --log-level=1 --use-cras --enable-waylan |
| type=PATH msg=audit(02/10/22 02:23:03.470:834) : item=0 name=/run/perfetto/traced-producer.sock inode=1957 dev=00:15 mode=socket,666 ouid=traced ogid=traced-producer rdev=00:00 obj=u:object_r:cros_run_perfetto:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.470:834) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.470:834) : saddr={ fam=local path=/run/perfetto/traced-producer.sock } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.470:834) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x5d a1=0x34180220c030 a2=0x25 a3=0xbade25 items=1 ppid=1145 pid=1240 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=ThreadPoolForeg exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.471:835) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.471:835) : saddr={ fam=inet6 laddr=2a00:1450:400c:c0a::5e lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.471:835) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x29 a1=0x7b7870ae5d40 a2=0x1c a3=0x75c75e0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.471:836) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.471:836) : saddr={ fam=inet laddr=64.233.167.94 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.471:836) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x29 a1=0x7b7870ae5d40 a2=0x10 a3=0x75c75e0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.476:837) : proctitle=/sbin/minijail0 -v -- /usr/libexec/debugd/helpers/dev_features_password -q --user=root |
| type=PATH msg=audit(02/10/22 02:23:03.476:837) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.476:837) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.476:837) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.476:837) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x79e18422a5a0 a2=0x6e a3=0x0 items=1 ppid=2807 pid=3045 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=minijail0 exe=/sbin/minijail0 subj=u:r:cros_debugd_minijail:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.479:838) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.479:838) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.479:838) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2b a1=0x7b7870adfe50 a2=0x10 a3=0x7997ee0000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.480:839) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.480:839) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.480:839) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2c a1=0x7b7870adfd30 a2=0x10 a3=0x7a12000000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.480:840) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.480:840) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.480:840) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2d a1=0x7b7870adfc10 a2=0x10 a3=0x7a12000000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.488:841) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.488:841) : saddr={ fam=inet6 laddr=2a00:1450:400c:c00::9a lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.488:841) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2b a1=0x7b7870ae5d40 a2=0x1c a3=0x7de2900000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.488:842) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.488:842) : saddr={ fam=inet6 laddr=2a00:1450:400c:c00::9c lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.488:842) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2b a1=0x7b7870ae5d40 a2=0x1c a3=0x7de2900000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.488:843) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.488:843) : saddr={ fam=inet6 laddr=2a00:1450:400c:c00::9d lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.488:843) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2b a1=0x7b7870ae5d40 a2=0x1c a3=0x7de2900000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.488:844) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.488:844) : saddr={ fam=inet6 laddr=2a00:1450:400c:c00::9b lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.488:844) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2b a1=0x7b7870ae5d40 a2=0x1c a3=0x7de2900000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.488:845) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.488:845) : saddr={ fam=inet laddr=173.194.76.155 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.488:845) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2b a1=0x7b7870ae5d40 a2=0x10 a3=0x7de2900000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.488:846) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.488:846) : saddr={ fam=inet laddr=173.194.76.156 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.488:846) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2b a1=0x7b7870ae5d40 a2=0x10 a3=0x7de2900000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.488:847) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.488:847) : saddr={ fam=inet laddr=173.194.76.154 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.488:847) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2b a1=0x7b7870ae5d40 a2=0x10 a3=0x7de2900000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.488:848) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.488:848) : saddr={ fam=inet laddr=173.194.76.157 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.488:848) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2b a1=0x7b7870ae5d40 a2=0x10 a3=0x7de2900000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.490:849) : proctitle=mosys -l pd chip 0 |
| type=PATH msg=audit(02/10/22 02:23:03.490:849) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.490:849) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.490:849) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.490:849) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ecb0fbaf5a0 a2=0x6e a3=0x0 items=1 ppid=2653 pid=3019 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=mosys exe=/usr/sbin/mosys subj=u:r:cros_userfeedback:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.494:850) : proctitle=/usr/sbin/arc-keymasterd |
| type=PATH msg=audit(02/10/22 02:23:03.494:850) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.494:850) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.494:850) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.494:850) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x792ea8dc05a0 a2=0x6e a3=0x0 items=1 ppid=3021 pid=3046 auid=unset uid=arc-keymasterd gid=arc-keymasterd euid=arc-keymasterd suid=arc-keymasterd fsuid=arc-keymasterd egid=arc-keymasterd sgid=arc-keymasterd fsgid=arc-keymasterd tty=(none) ses=unset comm=arc-keymasterd exe=/usr/sbin/arc-keymasterd subj=u:r:cros_arc_keymasterd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.495:851) : proctitle=/usr/sbin/arc-keymasterd |
| type=PATH msg=audit(02/10/22 02:23:03.495:851) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.495:851) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.495:851) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.495:851) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xa a1=0x7ffd96acb2a0 a2=0x1d a3=0x40 items=1 ppid=3021 pid=3046 auid=unset uid=arc-keymasterd gid=arc-keymasterd euid=arc-keymasterd suid=arc-keymasterd fsuid=arc-keymasterd egid=arc-keymasterd sgid=arc-keymasterd fsgid=arc-keymasterd tty=(none) ses=unset comm=arc-keymasterd exe=/usr/sbin/arc-keymasterd subj=u:r:cros_arc_keymasterd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.508:852) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.508:852) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.508:852) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2c a1=0x7b7870adfe50 a2=0x10 a3=0x876bf80000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.508:853) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.508:853) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.508:853) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2d a1=0x7b7870adfd30 a2=0x10 a3=0x876bf80000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.508:854) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.508:854) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.508:854) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2e a1=0x7b7870adfc10 a2=0x10 a3=0x20c400299260 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.512:855) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.512:855) : saddr={ fam=inet6 laddr=2a00:1450:400c:c06::71 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.512:855) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2c a1=0x7b7870ae5d40 a2=0x1c a3=0x8954400000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.512:856) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.512:856) : saddr={ fam=inet6 laddr=2a00:1450:400c:c06::64 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.512:856) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2c a1=0x7b7870ae5d40 a2=0x1c a3=0x8954400000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.512:857) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.512:857) : saddr={ fam=inet6 laddr=2a00:1450:400c:c06::66 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.512:857) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2c a1=0x7b7870ae5d40 a2=0x1c a3=0x8954400000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.512:858) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.512:858) : saddr={ fam=inet6 laddr=2a00:1450:400c:c06::8a lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.512:858) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2c a1=0x7b7870ae5d40 a2=0x1c a3=0x8954400000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.512:859) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.512:859) : saddr={ fam=inet laddr=173.194.76.100 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.512:859) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2c a1=0x7b7870ae5d40 a2=0x10 a3=0x8954400000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.512:860) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.512:860) : saddr={ fam=inet laddr=173.194.76.102 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.512:860) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2c a1=0x7b7870ae5d40 a2=0x10 a3=0x8954400000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.512:861) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.512:861) : saddr={ fam=inet laddr=173.194.76.101 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.512:861) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2c a1=0x7b7870ae5d40 a2=0x10 a3=0x8954400000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.512:862) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.512:862) : saddr={ fam=inet laddr=173.194.76.138 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.512:862) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2c a1=0x7b7870ae5d40 a2=0x10 a3=0x8954400000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.512:863) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.512:863) : saddr={ fam=inet laddr=173.194.76.113 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.512:863) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2c a1=0x7b7870ae5d40 a2=0x10 a3=0x8954400000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.512:864) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.512:864) : saddr={ fam=inet laddr=173.194.76.139 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.512:864) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2c a1=0x7b7870ae5d40 a2=0x10 a3=0x8954400000000 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.552:867) : proctitle=/usr/bin/traced_probes |
| type=PATH msg=audit(02/10/22 02:23:03.552:867) : item=0 name=/run/perfetto/traced-producer.sock inode=1957 dev=00:15 mode=socket,666 ouid=traced ogid=traced-producer rdev=00:00 obj=u:object_r:cros_run_perfetto:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.552:867) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.552:867) : saddr={ fam=local path=/run/perfetto/traced-producer.sock } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.552:867) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x6 a1=0x55f204b87810 a2=0x25 a3=0x0 items=1 ppid=1 pid=3028 auid=unset uid=traced-probes gid=traced-probes euid=traced-probes suid=traced-probes fsuid=traced-probes egid=traced-probes sgid=traced-probes fsgid=traced-probes tty=(none) ses=unset comm=traced_probes exe=/usr/bin/traced_probes subj=u:r:cros_traced_probes:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.593:882) : proctitle=/sbin/iptables -t nat -I redirect_dns -p udp --dport 53 -o eth0 -j DNAT --to-destination 10.0.2.3 -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.593:882) : saddr={ fam=inet6 laddr=::1 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.593:882) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x5a97d2676830 a2=0x1c a3=0x0 items=0 ppid=2035 pid=3072 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:cros_patchpaneld:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.593:883) : proctitle=/sbin/iptables -t nat -I redirect_dns -p udp --dport 53 -o eth0 -j DNAT --to-destination 10.0.2.3 -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.593:883) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:23:03.593:883) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x7ffc2ee8ed00 a2=0x10 a3=0x6 items=0 ppid=2035 pid=3072 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:cros_patchpaneld:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.593:884) : proctitle=/sbin/iptables -t nat -I redirect_dns -p udp --dport 53 -o eth0 -j DNAT --to-destination 10.0.2.3 -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.593:884) : saddr={ fam=inet laddr=127.0.0.1 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.593:884) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x5a97d2676160 a2=0x10 a3=0x6 items=0 ppid=2035 pid=3072 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:cros_patchpaneld:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.659:907) : proctitle=/opt/google/chrome/chrome --use-gl=egl --gpu-sandbox-failures-fatal=no --enable-logging --log-level=1 --use-cras --enable-waylan |
| type=PATH msg=audit(02/10/22 02:23:03.659:907) : item=0 name=/run/perfetto/traced-producer.sock inode=1957 dev=00:15 mode=socket,666 ouid=traced ogid=traced-producer rdev=00:00 obj=u:object_r:cros_run_perfetto:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.659:907) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.659:907) : saddr={ fam=local path=/run/perfetto/traced-producer.sock } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.659:907) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x87 a1=0x34180220c150 a2=0x25 a3=0xbdbf32 items=1 ppid=1145 pid=1240 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=ThreadPoolForeg exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.659:908) : proctitle=/opt/google/chrome/chrome --use-gl=egl --gpu-sandbox-failures-fatal=no --enable-logging --log-level=1 --use-cras --enable-waylan |
| type=PATH msg=audit(02/10/22 02:23:03.659:908) : item=0 name=/run/perfetto/traced-producer.sock inode=1957 dev=00:15 mode=socket,666 ouid=traced ogid=traced-producer rdev=00:00 obj=u:object_r:cros_run_perfetto:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.659:908) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.659:908) : saddr={ fam=local path=/run/perfetto/traced-producer.sock } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.659:908) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x8c a1=0x34180220c150 a2=0x25 a3=0xbdbfd7 items=1 ppid=1145 pid=1240 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=ThreadPoolForeg exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.675:915) : proctitle=/opt/google/chrome/chrome --use-gl=egl --gpu-sandbox-failures-fatal=no --enable-logging --log-level=1 --use-cras --enable-waylan |
| type=PATH msg=audit(02/10/22 02:23:03.675:915) : item=0 name=/run/perfetto/traced-producer.sock inode=1957 dev=00:15 mode=socket,666 ouid=traced ogid=traced-producer rdev=00:00 obj=u:object_r:cros_run_perfetto:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.675:915) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.675:915) : saddr={ fam=local path=/run/perfetto/traced-producer.sock } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.675:915) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x87 a1=0x34180220c150 a2=0x25 a3=0xbdffa3 items=1 ppid=1145 pid=1240 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=ThreadPoolForeg exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.766:943) : proctitle=/sbin/crash_reporter --boot_collect |
| type=PATH msg=audit(02/10/22 02:23:03.766:943) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.766:943) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.766:943) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.766:943) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x8 a1=0x79d57ae3a5a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=3057 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=crash_reporter exe=/sbin/crash_reporter subj=u:r:cros_crash:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.791:944) : proctitle=logger -t metrics-init-cleanup |
| type=PATH msg=audit(02/10/22 02:23:03.791:944) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.791:944) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.791:944) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.791:944) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5d0afea3c180 a2=0x6e a3=0x1 items=1 ppid=3140 pid=3142 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.797:945) : proctitle=/usr/bin/tlsdated -- /usr/bin/tlsdate -v -C /usr/share/chromeos-ca-certificates -l |
| type=PATH msg=audit(02/10/22 02:23:03.797:945) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.797:945) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.797:945) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.797:945) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x8 a1=0x7f1f84a4c5a0 a2=0x6e a3=0x5b2d5b82fca3 items=1 ppid=3130 pid=3135 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=tlsdated exe=/usr/bin/tlsdated subj=u:r:cros_tlsdated:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.799:946) : proctitle=/usr/bin/tlsdated -- /usr/bin/tlsdate -v -C /usr/share/chromeos-ca-certificates -l |
| type=PATH msg=audit(02/10/22 02:23:03.799:946) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.799:946) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.799:946) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.799:946) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x7 a1=0x7ffebaabcfe0 a2=0x1d a3=0x21 items=1 ppid=3130 pid=3135 auid=unset uid=tlsdate gid=tlsdate euid=tlsdate suid=tlsdate fsuid=tlsdate egid=tlsdate sgid=tlsdate fsgid=tlsdate tty=(none) ses=unset comm=tlsdated exe=/usr/bin/tlsdated subj=u:r:cros_tlsdated:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.914:965) : proctitle=/opt/google/chrome/chrome --use-gl=egl --gpu-sandbox-failures-fatal=no --enable-logging --log-level=1 --use-cras --enable-waylan |
| type=PATH msg=audit(02/10/22 02:23:03.914:965) : item=0 name=/run/perfetto/traced-producer.sock inode=1957 dev=00:15 mode=socket,666 ouid=traced ogid=traced-producer rdev=00:00 obj=u:object_r:cros_run_perfetto:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.914:965) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.914:965) : saddr={ fam=local path=/run/perfetto/traced-producer.sock } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.914:965) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x8c a1=0x34180288b760 a2=0x25 a3=0xc1a4d7 items=1 ppid=1145 pid=1240 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=ThreadPoolForeg exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.968:972) : proctitle=/usr/bin/metrics_daemon --nodaemon |
| type=PATH msg=audit(02/10/22 02:23:03.968:972) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.968:972) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.968:972) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.968:972) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x8 a1=0x7ed2add4a5a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=3152 auid=unset uid=metrics gid=metrics euid=metrics suid=metrics fsuid=metrics egid=metrics sgid=metrics fsgid=metrics tty=(none) ses=unset comm=metrics_daemon exe=/usr/bin/metrics_daemon subj=u:r:cros_metrics_daemon:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.971:973) : proctitle=/usr/bin/metrics_daemon --nodaemon |
| type=PATH msg=audit(02/10/22 02:23:03.971:973) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.971:973) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.971:973) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.971:973) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xa a1=0x7ffe2ad6af90 a2=0x1d a3=0x0 items=1 ppid=1 pid=3152 auid=unset uid=metrics gid=metrics euid=metrics suid=metrics fsuid=metrics egid=metrics sgid=metrics fsgid=metrics tty=(none) ses=unset comm=metrics_daemon exe=/usr/bin/metrics_daemon subj=u:r:cros_metrics_daemon:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.975:975) : proctitle=/usr/bin/memd |
| type=PATH msg=audit(02/10/22 02:23:03.975:975) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.975:975) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.975:975) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.975:975) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffcfb095310 a2=0xb a3=0x8080808080808080 items=1 ppid=3156 pid=3185 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=memd exe=/usr/bin/memd subj=u:r:cros_memd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:03.975:977) : proctitle=/usr/bin/memd |
| type=PATH msg=audit(02/10/22 02:23:03.975:977) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:03.975:977) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:03.975:977) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:03.975:977) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x7ffcfb0724c0 a2=0x1d a3=0x20 items=1 ppid=3156 pid=3185 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=memd exe=/usr/bin/memd subj=u:r:cros_memd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.020:988) : proctitle=/opt/google/chrome/chrome --use-gl=egl --gpu-sandbox-failures-fatal=no --enable-logging --log-level=1 --use-cras --enable-waylan |
| type=PATH msg=audit(02/10/22 02:23:04.020:988) : item=0 name=/run/perfetto/traced-producer.sock inode=1957 dev=00:15 mode=socket,666 ouid=traced ogid=traced-producer rdev=00:00 obj=u:object_r:cros_run_perfetto:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:04.020:988) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.020:988) : saddr={ fam=local path=/run/perfetto/traced-producer.sock } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.020:988) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x8c a1=0x3418027c9050 a2=0x25 a3=0xc343be items=1 ppid=1145 pid=1240 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=ThreadPoolForeg exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.035:989) : proctitle=/sbin/iptables -t mangle -A skip_apply_vpn_mark -p udp --dport 53 -j ACCEPT -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.035:989) : saddr={ fam=inet6 laddr=::1 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.035:989) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x5c4109003830 a2=0x1c a3=0x0 items=0 ppid=2035 pid=3204 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:cros_patchpaneld:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.036:990) : proctitle=/sbin/iptables -t mangle -A skip_apply_vpn_mark -p udp --dport 53 -j ACCEPT -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.036:990) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:23:04.036:990) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x7fff60ba70c0 a2=0x10 a3=0xa items=0 ppid=2035 pid=3204 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:cros_patchpaneld:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.036:991) : proctitle=/sbin/iptables -t mangle -A skip_apply_vpn_mark -p udp --dport 53 -j ACCEPT -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.036:991) : saddr={ fam=inet laddr=127.0.0.1 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.036:991) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x5c4109003160 a2=0x10 a3=0xa items=0 ppid=2035 pid=3204 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:cros_patchpaneld:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.043:994) : proctitle=/sbin/iptables -t nat -I redirect_chrome_dns -p udp --dport 53 -m owner --uid-owner chronos -j DNAT --to-destination 10.0.2.3 -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.043:994) : saddr={ fam=inet6 laddr=::1 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.043:994) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x5bc179fe3830 a2=0x1c a3=0x0 items=0 ppid=2035 pid=3206 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:cros_patchpaneld:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.043:995) : proctitle=/sbin/iptables -t nat -I redirect_chrome_dns -p udp --dport 53 -m owner --uid-owner chronos -j DNAT --to-destination 10.0.2.3 -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.043:995) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:23:04.043:995) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x7fff30e7d040 a2=0x10 a3=0xa items=0 ppid=2035 pid=3206 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:cros_patchpaneld:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.043:996) : proctitle=/sbin/iptables -t nat -I redirect_chrome_dns -p udp --dport 53 -m owner --uid-owner chronos -j DNAT --to-destination 10.0.2.3 -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.043:996) : saddr={ fam=inet laddr=127.0.0.1 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.043:996) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x5bc179fe3160 a2=0x10 a3=0xa items=0 ppid=2035 pid=3206 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:cros_patchpaneld:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.051:999) : proctitle=/sbin/iptables -t nat -I snat_chrome_dns -p udp --dport 53 -j MASQUERADE -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.051:999) : saddr={ fam=inet6 laddr=::1 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.051:999) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x599eb4d44830 a2=0x1c a3=0x0 items=0 ppid=2035 pid=3208 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:cros_patchpaneld:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.051:1000) : proctitle=/sbin/iptables -t nat -I snat_chrome_dns -p udp --dport 53 -j MASQUERADE -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.051:1000) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:23:04.051:1000) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x7ffe5f5e2320 a2=0x10 a3=0xa items=0 ppid=2035 pid=3208 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:cros_patchpaneld:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.051:1001) : proctitle=/sbin/iptables -t nat -I snat_chrome_dns -p udp --dport 53 -j MASQUERADE -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.051:1001) : saddr={ fam=inet laddr=127.0.0.1 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.051:1001) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x599eb4d44160 a2=0x10 a3=0xa items=0 ppid=2035 pid=3208 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:cros_patchpaneld:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.058:1004) : proctitle=/sbin/iptables -t nat -A redirect_user_dns -p udp --dport 53 -j DNAT --to-destination 100.115.92.134 -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.058:1004) : saddr={ fam=inet6 laddr=::1 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.058:1004) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x55b2843fb830 a2=0x1c a3=0x0 items=0 ppid=2035 pid=3210 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:cros_patchpaneld:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.058:1005) : proctitle=/sbin/iptables -t nat -A redirect_user_dns -p udp --dport 53 -j DNAT --to-destination 100.115.92.134 -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.058:1005) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:23:04.058:1005) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x7fff339eb7c0 a2=0x10 a3=0xa items=0 ppid=2035 pid=3210 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:cros_patchpaneld:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.058:1006) : proctitle=/sbin/iptables -t nat -A redirect_user_dns -p udp --dport 53 -j DNAT --to-destination 100.115.92.134 -w |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.058:1006) : saddr={ fam=inet laddr=127.0.0.1 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.058:1006) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x55b2843fb160 a2=0x10 a3=0xa items=0 ppid=2035 pid=3210 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iptables exe=/sbin/xtables-legacy-multi subj=u:r:cros_patchpaneld:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.833:1009) : proctitle=tlsdate clients3.google.com 443 tlsv12 racket verbose /usr/share/chromeos-ca-certificates dont-set-clock showtime=raw no-fun lea |
| type=PATH msg=audit(02/10/22 02:23:04.833:1009) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:04.833:1009) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.833:1009) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.833:1009) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7d100588e5a0 a2=0x6e a3=0x0 items=1 ppid=3135 pid=3219 auid=unset uid=tlsdate gid=tlsdate euid=tlsdate suid=tlsdate fsuid=tlsdate egid=tlsdate sgid=tlsdate fsgid=tlsdate tty=(none) ses=unset comm=tlsdate-helper exe=/usr/bin/tlsdate-helper subj=u:r:cros_tlsdated:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.838:1010) : proctitle=tlsdate clients3.google.com 443 tlsv12 racket verbose /usr/share/chromeos-ca-certificates dont-set-clock showtime=raw no-fun lea |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.838:1010) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.838:1010) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x7d100588f4f4 a2=0x10 a3=0x7ffd3559c594 items=0 ppid=3219 pid=3220 auid=unset uid=tlsdate gid=tlsdate euid=tlsdate suid=tlsdate fsuid=tlsdate egid=tlsdate sgid=tlsdate fsgid=tlsdate tty=(none) ses=unset comm=tlsdate-helper exe=/usr/bin/tlsdate-helper subj=u:r:cros_tlsdated:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.839:1011) : proctitle=/usr/sbin/dnsproxyd --t=def |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.839:1011) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.839:1011) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x13 a1=0x7fff8004eb80 a2=0x10 a3=0x125413e0000000 items=0 ppid=2105 pid=2181 auid=unset uid=dns-proxy gid=dns-proxy euid=dns-proxy suid=dns-proxy fsuid=dns-proxy egid=dns-proxy sgid=dns-proxy fsgid=dns-proxy tty=(none) ses=unset comm=dnsproxyd exe=/usr/sbin/dnsproxyd subj=u:r:cros_dnsproxyd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.844:1012) : proctitle=/usr/sbin/dnsproxyd --t=def |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.844:1012) : saddr={ fam=inet laddr=10.0.2.3 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.844:1012) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x13 a1=0x7fff8004eb80 a2=0x10 a3=0x127a3980000000 items=0 ppid=2105 pid=2181 auid=unset uid=dns-proxy gid=dns-proxy euid=dns-proxy suid=dns-proxy fsuid=dns-proxy egid=dns-proxy sgid=dns-proxy fsgid=dns-proxy tty=(none) ses=unset comm=dnsproxyd exe=/usr/sbin/dnsproxyd subj=u:r:cros_dnsproxyd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.848:1013) : proctitle=tlsdate clients3.google.com 443 tlsv12 racket verbose /usr/share/chromeos-ca-certificates dont-set-clock showtime=raw no-fun lea |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.848:1013) : saddr={ fam=inet laddr=142.251.5.100 lport=443 } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.848:1013) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x5afd1398f0b0 a2=0x10 a3=0x0 items=0 ppid=3219 pid=3220 auid=unset uid=tlsdate gid=tlsdate euid=tlsdate suid=tlsdate fsuid=tlsdate egid=tlsdate sgid=tlsdate fsgid=tlsdate tty=(none) ses=unset comm=tlsdate-helper exe=/usr/bin/tlsdate-helper subj=u:r:cros_tlsdated:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.849:1014) : proctitle=tlsdate clients3.google.com 443 tlsv12 racket verbose /usr/share/chromeos-ca-certificates dont-set-clock showtime=raw no-fun lea |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.849:1014) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:23:04.849:1014) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x7ffd3559dda0 a2=0x10 a3=0xa items=0 ppid=3219 pid=3220 auid=unset uid=tlsdate gid=tlsdate euid=tlsdate suid=tlsdate fsuid=tlsdate egid=tlsdate sgid=tlsdate fsgid=tlsdate tty=(none) ses=unset comm=tlsdate-helper exe=/usr/bin/tlsdate-helper subj=u:r:cros_tlsdated:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.849:1015) : proctitle=tlsdate clients3.google.com 443 tlsv12 racket verbose /usr/share/chromeos-ca-certificates dont-set-clock showtime=raw no-fun lea |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.849:1015) : saddr={ fam=inet laddr=142.251.5.102 lport=443 } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.849:1015) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x5afd13990730 a2=0x10 a3=0xa items=0 ppid=3219 pid=3220 auid=unset uid=tlsdate gid=tlsdate euid=tlsdate suid=tlsdate fsuid=tlsdate egid=tlsdate sgid=tlsdate fsgid=tlsdate tty=(none) ses=unset comm=tlsdate-helper exe=/usr/bin/tlsdate-helper subj=u:r:cros_tlsdated:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.849:1016) : proctitle=tlsdate clients3.google.com 443 tlsv12 racket verbose /usr/share/chromeos-ca-certificates dont-set-clock showtime=raw no-fun lea |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.849:1016) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:23:04.849:1016) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x7ffd3559dda0 a2=0x10 a3=0xa items=0 ppid=3219 pid=3220 auid=unset uid=tlsdate gid=tlsdate euid=tlsdate suid=tlsdate fsuid=tlsdate egid=tlsdate sgid=tlsdate fsgid=tlsdate tty=(none) ses=unset comm=tlsdate-helper exe=/usr/bin/tlsdate-helper subj=u:r:cros_tlsdated:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.849:1017) : proctitle=tlsdate clients3.google.com 443 tlsv12 racket verbose /usr/share/chromeos-ca-certificates dont-set-clock showtime=raw no-fun lea |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.849:1017) : saddr={ fam=inet laddr=142.251.5.139 lport=443 } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.849:1017) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x5afd13990780 a2=0x10 a3=0xa items=0 ppid=3219 pid=3220 auid=unset uid=tlsdate gid=tlsdate euid=tlsdate suid=tlsdate fsuid=tlsdate egid=tlsdate sgid=tlsdate fsgid=tlsdate tty=(none) ses=unset comm=tlsdate-helper exe=/usr/bin/tlsdate-helper subj=u:r:cros_tlsdated:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.849:1018) : proctitle=tlsdate clients3.google.com 443 tlsv12 racket verbose /usr/share/chromeos-ca-certificates dont-set-clock showtime=raw no-fun lea |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.849:1018) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:23:04.849:1018) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x7ffd3559dda0 a2=0x10 a3=0xa items=0 ppid=3219 pid=3220 auid=unset uid=tlsdate gid=tlsdate euid=tlsdate suid=tlsdate fsuid=tlsdate egid=tlsdate sgid=tlsdate fsgid=tlsdate tty=(none) ses=unset comm=tlsdate-helper exe=/usr/bin/tlsdate-helper subj=u:r:cros_tlsdated:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.849:1019) : proctitle=tlsdate clients3.google.com 443 tlsv12 racket verbose /usr/share/chromeos-ca-certificates dont-set-clock showtime=raw no-fun lea |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.849:1019) : saddr={ fam=inet laddr=142.251.5.113 lport=443 } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.849:1019) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x5afd139907d0 a2=0x10 a3=0xa items=0 ppid=3219 pid=3220 auid=unset uid=tlsdate gid=tlsdate euid=tlsdate suid=tlsdate fsuid=tlsdate egid=tlsdate sgid=tlsdate fsgid=tlsdate tty=(none) ses=unset comm=tlsdate-helper exe=/usr/bin/tlsdate-helper subj=u:r:cros_tlsdated:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.849:1020) : proctitle=tlsdate clients3.google.com 443 tlsv12 racket verbose /usr/share/chromeos-ca-certificates dont-set-clock showtime=raw no-fun lea |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.849:1020) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:23:04.849:1020) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x7ffd3559dda0 a2=0x10 a3=0xa items=0 ppid=3219 pid=3220 auid=unset uid=tlsdate gid=tlsdate euid=tlsdate suid=tlsdate fsuid=tlsdate egid=tlsdate sgid=tlsdate fsgid=tlsdate tty=(none) ses=unset comm=tlsdate-helper exe=/usr/bin/tlsdate-helper subj=u:r:cros_tlsdated:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.849:1021) : proctitle=tlsdate clients3.google.com 443 tlsv12 racket verbose /usr/share/chromeos-ca-certificates dont-set-clock showtime=raw no-fun lea |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.849:1021) : saddr={ fam=inet laddr=142.251.5.101 lport=443 } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.849:1021) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x5afd13990820 a2=0x10 a3=0xa items=0 ppid=3219 pid=3220 auid=unset uid=tlsdate gid=tlsdate euid=tlsdate suid=tlsdate fsuid=tlsdate egid=tlsdate sgid=tlsdate fsgid=tlsdate tty=(none) ses=unset comm=tlsdate-helper exe=/usr/bin/tlsdate-helper subj=u:r:cros_tlsdated:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.849:1022) : proctitle=tlsdate clients3.google.com 443 tlsv12 racket verbose /usr/share/chromeos-ca-certificates dont-set-clock showtime=raw no-fun lea |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.849:1022) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:23:04.849:1022) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x7ffd3559dda0 a2=0x10 a3=0xa items=0 ppid=3219 pid=3220 auid=unset uid=tlsdate gid=tlsdate euid=tlsdate suid=tlsdate fsuid=tlsdate egid=tlsdate sgid=tlsdate fsgid=tlsdate tty=(none) ses=unset comm=tlsdate-helper exe=/usr/bin/tlsdate-helper subj=u:r:cros_tlsdated:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.849:1023) : proctitle=tlsdate clients3.google.com 443 tlsv12 racket verbose /usr/share/chromeos-ca-certificates dont-set-clock showtime=raw no-fun lea |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.849:1023) : saddr={ fam=inet laddr=142.251.5.138 lport=443 } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.849:1023) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x5afd13990870 a2=0x10 a3=0xa items=0 ppid=3219 pid=3220 auid=unset uid=tlsdate gid=tlsdate euid=tlsdate suid=tlsdate fsuid=tlsdate egid=tlsdate sgid=tlsdate fsgid=tlsdate tty=(none) ses=unset comm=tlsdate-helper exe=/usr/bin/tlsdate-helper subj=u:r:cros_tlsdated:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.849:1024) : proctitle=tlsdate clients3.google.com 443 tlsv12 racket verbose /usr/share/chromeos-ca-certificates dont-set-clock showtime=raw no-fun lea |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.849:1024) : saddr={ fam=inet6 laddr=2a00:1450:400c:c1b::8b lport=443 } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.849:1024) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x5afd139686e0 a2=0x1c a3=0xa items=0 ppid=3219 pid=3220 auid=unset uid=tlsdate gid=tlsdate euid=tlsdate suid=tlsdate fsuid=tlsdate egid=tlsdate sgid=tlsdate fsgid=tlsdate tty=(none) ses=unset comm=tlsdate-helper exe=/usr/bin/tlsdate-helper subj=u:r:cros_tlsdated:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.849:1025) : proctitle=tlsdate clients3.google.com 443 tlsv12 racket verbose /usr/share/chromeos-ca-certificates dont-set-clock showtime=raw no-fun lea |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.849:1025) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:23:04.849:1025) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x7ffd3559dda0 a2=0x10 a3=0xa items=0 ppid=3219 pid=3220 auid=unset uid=tlsdate gid=tlsdate euid=tlsdate suid=tlsdate fsuid=tlsdate egid=tlsdate sgid=tlsdate fsgid=tlsdate tty=(none) ses=unset comm=tlsdate-helper exe=/usr/bin/tlsdate-helper subj=u:r:cros_tlsdated:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.849:1026) : proctitle=tlsdate clients3.google.com 443 tlsv12 racket verbose /usr/share/chromeos-ca-certificates dont-set-clock showtime=raw no-fun lea |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.849:1026) : saddr={ fam=inet6 laddr=2a00:1450:400c:c1b::64 lport=443 } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.849:1026) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x5afd139830c0 a2=0x1c a3=0xa items=0 ppid=3219 pid=3220 auid=unset uid=tlsdate gid=tlsdate euid=tlsdate suid=tlsdate fsuid=tlsdate egid=tlsdate sgid=tlsdate fsgid=tlsdate tty=(none) ses=unset comm=tlsdate-helper exe=/usr/bin/tlsdate-helper subj=u:r:cros_tlsdated:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.849:1027) : proctitle=tlsdate clients3.google.com 443 tlsv12 racket verbose /usr/share/chromeos-ca-certificates dont-set-clock showtime=raw no-fun lea |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.849:1027) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:23:04.849:1027) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x7ffd3559dda0 a2=0x10 a3=0xa items=0 ppid=3219 pid=3220 auid=unset uid=tlsdate gid=tlsdate euid=tlsdate suid=tlsdate fsuid=tlsdate egid=tlsdate sgid=tlsdate fsgid=tlsdate tty=(none) ses=unset comm=tlsdate-helper exe=/usr/bin/tlsdate-helper subj=u:r:cros_tlsdated:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.849:1028) : proctitle=tlsdate clients3.google.com 443 tlsv12 racket verbose /usr/share/chromeos-ca-certificates dont-set-clock showtime=raw no-fun lea |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.849:1028) : saddr={ fam=inet6 laddr=2a00:1450:400c:c1b::65 lport=443 } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.849:1028) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x5afd139908c0 a2=0x1c a3=0xa items=0 ppid=3219 pid=3220 auid=unset uid=tlsdate gid=tlsdate euid=tlsdate suid=tlsdate fsuid=tlsdate egid=tlsdate sgid=tlsdate fsgid=tlsdate tty=(none) ses=unset comm=tlsdate-helper exe=/usr/bin/tlsdate-helper subj=u:r:cros_tlsdated:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.849:1029) : proctitle=tlsdate clients3.google.com 443 tlsv12 racket verbose /usr/share/chromeos-ca-certificates dont-set-clock showtime=raw no-fun lea |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.849:1029) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:23:04.849:1029) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x7ffd3559dda0 a2=0x10 a3=0xa items=0 ppid=3219 pid=3220 auid=unset uid=tlsdate gid=tlsdate euid=tlsdate suid=tlsdate fsuid=tlsdate egid=tlsdate sgid=tlsdate fsgid=tlsdate tty=(none) ses=unset comm=tlsdate-helper exe=/usr/bin/tlsdate-helper subj=u:r:cros_tlsdated:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.850:1030) : proctitle=tlsdate clients3.google.com 443 tlsv12 racket verbose /usr/share/chromeos-ca-certificates dont-set-clock showtime=raw no-fun lea |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.850:1030) : saddr={ fam=inet6 laddr=2a00:1450:400c:c1b::71 lport=443 } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.850:1030) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x5afd13990920 a2=0x1c a3=0xa items=0 ppid=3219 pid=3220 auid=unset uid=tlsdate gid=tlsdate euid=tlsdate suid=tlsdate fsuid=tlsdate egid=tlsdate sgid=tlsdate fsgid=tlsdate tty=(none) ses=unset comm=tlsdate-helper exe=/usr/bin/tlsdate-helper subj=u:r:cros_tlsdated:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:04.853:1031) : proctitle=tlsdate clients3.google.com 443 tlsv12 racket verbose /usr/share/chromeos-ca-certificates dont-set-clock showtime=raw no-fun lea |
| type=SOCKADDR msg=audit(02/10/22 02:23:04.853:1031) : saddr={ fam=inet laddr=142.251.5.100 lport=443 } |
| type=SYSCALL msg=audit(02/10/22 02:23:04.853:1031) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x5afd1398f0b0 a2=0x10 a3=0x4000 items=0 ppid=3219 pid=3220 auid=unset uid=tlsdate gid=tlsdate euid=tlsdate suid=tlsdate fsuid=tlsdate egid=tlsdate sgid=tlsdate fsgid=tlsdate tty=(none) ses=unset comm=tlsdate-helper exe=/usr/bin/tlsdate-helper subj=u:r:cros_tlsdated:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:05.421:1035) : proctitle=logger -t arc-kmsg-logger --prio-prefix --file /run/arc/android.kmsg.fifo |
| type=PATH msg=audit(02/10/22 02:23:05.421:1035) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:05.421:1035) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:05.421:1035) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:05.421:1035) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5623a21f7180 a2=0x6e a3=0x1 items=1 ppid=3033 pid=3042 auid=unset uid=android-root gid=android-root euid=android-root suid=android-root fsuid=android-root egid=android-root sgid=android-root fsgid=android-root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_arc_kmsg_logger:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:05.330:1032) : proctitle=/usr/sbin/arc-setup --log_tag=arc-setup-prechroot --mode=pre-chroot |
| type=PATH msg=audit(02/10/22 02:23:05.330:1032) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:05.330:1032) : cwd=/opt/google/containers/android |
| type=SOCKADDR msg=audit(02/10/22 02:23:05.330:1032) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:05.330:1032) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7acf606985a0 a2=0x6e a3=0x0 items=1 ppid=3009 pid=3227 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=arc-setup exe=/usr/sbin/arc-setup subj=u:r:cros_arc_setup:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:07.190:1046) : proctitle=/opt/google/chrome/chrome --use-gl=egl --gpu-sandbox-failures-fatal=no --enable-logging --log-level=1 --use-cras --enable-waylan |
| type=PATH msg=audit(02/10/22 02:23:07.190:1046) : item=0 name=/run/perfetto/traced-producer.sock inode=1957 dev=00:15 mode=socket,666 ouid=traced ogid=traced-producer rdev=00:00 obj=u:object_r:cros_run_perfetto:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:07.190:1046) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:07.190:1046) : saddr={ fam=local path=/run/perfetto/traced-producer.sock } |
| type=SYSCALL msg=audit(02/10/22 02:23:07.190:1046) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x8c a1=0x34180247ad40 a2=0x25 a3=0x341800d8fc80 items=1 ppid=1145 pid=1240 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=ThreadPoolForeg exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:07.603:1047) : proctitle=/usr/sbin/sslh-fork -F/etc/sslh.conf |
| type=SOCKADDR msg=audit(02/10/22 02:23:07.603:1047) : saddr={ fam=inet laddr=127.0.0.1 lport=2222 } |
| type=SYSCALL msg=audit(02/10/22 02:23:07.603:1047) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x59a8f9bcb500 a2=0x10 a3=0x7cb7eae88710 items=0 ppid=2175 pid=3344 auid=unset uid=sslh gid=sslh euid=sslh suid=sslh fsuid=sslh egid=sslh sgid=sslh fsgid=sslh tty=(none) ses=unset comm=sslh-fork exe=/usr/sbin/sslh-fork subj=u:r:cros_sslh:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:07.608:1048) : proctitle=/usr/sbin/sshd -D -oPort=2222 -R |
| type=SOCKADDR msg=audit(02/10/22 02:23:07.608:1048) : saddr={ fam=inet6 laddr=:: lport=2222 } |
| type=SYSCALL msg=audit(02/10/22 02:23:07.608:1048) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x56258fc74760 a2=0x1c a3=0x7ffda15ee8d4 items=0 ppid=2114 pid=3345 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_sshd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:07.608:1049) : proctitle=/usr/sbin/sshd -D -oPort=2222 -R |
| type=SOCKADDR msg=audit(02/10/22 02:23:07.608:1049) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:23:07.608:1049) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x7ffda15ef9f0 a2=0x10 a3=0xa items=0 ppid=2114 pid=3345 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_sshd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:07.608:1050) : proctitle=/usr/sbin/sshd -D -oPort=2222 -R |
| type=SOCKADDR msg=audit(02/10/22 02:23:07.608:1050) : saddr={ fam=inet laddr=0.0.0.0 lport=2222 } |
| type=SYSCALL msg=audit(02/10/22 02:23:07.608:1050) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x56258fc75250 a2=0x10 a3=0xa items=0 ppid=2114 pid=3345 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_sshd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:09.749:1052) : proctitle=/usr/sbin/sshd -D -oPort=2222 -R |
| type=PATH msg=audit(02/10/22 02:23:09.749:1052) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:09.749:1052) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:09.749:1052) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:09.749:1052) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x5 a1=0x7ef28518b5a0 a2=0x6e a3=0x7ffda15ef740 items=1 ppid=2114 pid=3345 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_sshd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:09.752:1054) : proctitle=/usr/sbin/sshd -D -oPort=2222 -R |
| type=PATH msg=audit(02/10/22 02:23:09.752:1054) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:09.752:1054) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:09.752:1054) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:09.752:1054) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ef28518b5a0 a2=0x6e a3=0x0 items=1 ppid=2114 pid=3345 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=1 comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_sshd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:09.801:1055) : proctitle=/usr/sbin/sshd -D -oPort=2222 -R |
| type=PATH msg=audit(02/10/22 02:23:09.801:1055) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:09.801:1055) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:09.801:1055) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:09.801:1055) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ef28518b5a0 a2=0x6e a3=0x7ffda15eb480 items=1 ppid=2114 pid=3345 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=1 comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_sshd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:09.801:1056) : proctitle=/usr/sbin/sshd -D -oPort=2222 -R |
| type=PATH msg=audit(02/10/22 02:23:09.801:1056) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:09.801:1056) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:09.801:1056) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:09.801:1056) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ef28518b5a0 a2=0x6e a3=0x0 items=1 ppid=2114 pid=3345 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=1 comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_sshd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:13.946:1061) : proctitle=/usr/sbin/sshd -D -oPort=2222 -R |
| type=SOCKADDR msg=audit(02/10/22 02:23:13.946:1061) : saddr={ fam=inet6 laddr=:: lport=2222 } |
| type=SYSCALL msg=audit(02/10/22 02:23:13.946:1061) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x55e89e34a760 a2=0x1c a3=0x7ffd5bf20944 items=0 ppid=2114 pid=3426 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_sshd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:13.946:1062) : proctitle=/usr/sbin/sshd -D -oPort=2222 -R |
| type=SOCKADDR msg=audit(02/10/22 02:23:13.946:1062) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:23:13.946:1062) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x7ffd5bf21a60 a2=0x10 a3=0xa items=0 ppid=2114 pid=3426 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_sshd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:13.946:1063) : proctitle=/usr/sbin/sshd -D -oPort=2222 -R |
| type=SOCKADDR msg=audit(02/10/22 02:23:13.946:1063) : saddr={ fam=inet laddr=0.0.0.0 lport=2222 } |
| type=SYSCALL msg=audit(02/10/22 02:23:13.946:1063) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x55e89e34b250 a2=0x10 a3=0xa items=0 ppid=2114 pid=3426 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_sshd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:13.941:1060) : proctitle=/usr/sbin/sslh-fork -F/etc/sslh.conf |
| type=SOCKADDR msg=audit(02/10/22 02:23:13.941:1060) : saddr={ fam=inet laddr=127.0.0.1 lport=2222 } |
| type=SYSCALL msg=audit(02/10/22 02:23:13.941:1060) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x59a8f9bcb500 a2=0x10 a3=0x7cb7eae88710 items=0 ppid=2175 pid=3425 auid=unset uid=sslh gid=sslh euid=sslh suid=sslh fsuid=sslh egid=sslh sgid=sslh fsgid=sslh tty=(none) ses=unset comm=sslh-fork exe=/usr/sbin/sslh-fork subj=u:r:cros_sslh:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:27.947:1064) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:27.947:1064) : saddr={ fam=inet6 laddr=2001:4860:4860::8888 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:27.947:1064) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2e a1=0x7b7870ae34e0 a2=0x1c a3=0x158f9ec6f2a074 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:32.826:1065) : proctitle=logger -t preload-network WiFi interface not found after 30 seconds. |
| type=PATH msg=audit(02/10/22 02:23:32.826:1065) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:32.826:1065) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:32.826:1065) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:32.826:1065) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5c22c34b9180 a2=0x6e a3=0x1 items=1 ppid=2312 pid=3466 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:36.101:1068) : proctitle=/usr/sbin/sshd -D -oPort=2222 -R |
| type=PATH msg=audit(02/10/22 02:23:36.101:1068) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:36.101:1068) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:36.101:1068) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:36.101:1068) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7f95414e05a0 a2=0x6e a3=0x0 items=1 ppid=2114 pid=3426 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=2 comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_sshd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:36.099:1066) : proctitle=/usr/sbin/sshd -D -oPort=2222 -R |
| type=PATH msg=audit(02/10/22 02:23:36.099:1066) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:36.099:1066) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:36.099:1066) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:36.099:1066) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x5 a1=0x7f95414e05a0 a2=0x6e a3=0x7ffd5bf217c0 items=1 ppid=2114 pid=3426 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_sshd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:49.636:1069) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:49.636:1069) : saddr={ fam=inet6 laddr=2001:4860:4860::8888 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:49.636:1069) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2e a1=0x7b7870ae34e0 a2=0x1c a3=0xc49a6220a725b items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:52.967:1070) : proctitle=/usr/bin/hardware_verifier --send_to_uma --pii --output_format=text |
| type=PATH msg=audit(02/10/22 02:23:52.967:1070) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:52.967:1070) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:52.967:1070) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:52.967:1070) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7907c04ce5a0 a2=0x6e a3=0x0 items=1 ppid=3543 pid=3544 auid=unset uid=hardware_verifier gid=hardware_verifier euid=hardware_verifier suid=hardware_verifier fsuid=hardware_verifier egid=hardware_verifier sgid=hardware_verifier fsgid=hardware_verifier tty=(none) ses=unset comm=hardware_verifi exe=/usr/bin/hardware_verifier subj=u:r:minijailed:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:52.983:1071) : proctitle=minijail0 -e -N -p -r -v -l --uts -n -u hardware_verifier -g hardware_verifier -G --profile=minimalistic-mountns -k tmpfs /run t |
| type=PATH msg=audit(02/10/22 02:23:52.983:1071) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:52.983:1071) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:52.983:1071) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:52.983:1071) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7b939d8535a0 a2=0x6e a3=0x0 items=1 ppid=2444 pid=3542 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=minijail0 exe=/sbin/minijail0 subj=u:r:minijail:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:57.887:1074) : proctitle=/opt/google/chrome/chrome --use-gl=egl --gpu-sandbox-failures-fatal=no --enable-logging --log-level=1 --use-cras --enable-waylan |
| type=PATH msg=audit(02/10/22 02:23:57.887:1074) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:57.887:1074) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:57.887:1074) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:57.887:1074) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x8e a1=0x7a72657d67d0 a2=0x1d a3=0x34180029b980 items=1 ppid=1145 pid=1240 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=ThreadPoolSingl exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:57.901:1075) : proctitle=/usr/sbin/spaced_cli --get_total_disk_space=/home/chronos/Default/blob_storage/157ab334-8ca7-4cf5-a960-1437145df4f2 |
| type=PATH msg=audit(02/10/22 02:23:57.901:1075) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:57.901:1075) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:57.901:1075) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:57.901:1075) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffd375af790 a2=0x1d a3=0x20 items=1 ppid=1240 pid=3554 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:57.975:1076) : proctitle=/usr/bin/permission_broker |
| type=PATH msg=audit(02/10/22 02:23:57.975:1076) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:57.975:1076) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:57.975:1076) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:57.975:1076) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x10 a1=0x7e2dbdd535a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=2083 auid=unset uid=devbroker gid=root euid=devbroker suid=devbroker fsuid=devbroker egid=root sgid=root fsgid=root tty=(none) ses=unset comm=permission_brok exe=/usr/bin/permission_broker subj=u:r:cros_permission_broker:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:56.936:1073) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:23:56.936:1073) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:56.936:1073) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:56.936:1073) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:56.936:1073) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7fff0917c2b0 a2=0x1d a3=0x20 items=1 ppid=1217 pid=3551 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:58.110:1113) : proctitle=/sbin/start ml-service TASK=mojo_service |
| type=SOCKADDR msg=audit(02/10/22 02:23:58.110:1113) : saddr={ fam=local path=/com/ubuntu/upstart } |
| type=SYSCALL msg=audit(02/10/22 02:23:58.110:1113) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffd3506a400 a2=0x16 a3=0x20 items=0 ppid=3562 pid=3563 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=start exe=/sbin/initctl subj=u:r:cros_dbus_daemon:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:58.122:1120) : proctitle=logger -t ml-service Pre-start ml-service task=mojo_service |
| type=PATH msg=audit(02/10/22 02:23:58.122:1120) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:58.122:1120) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:58.122:1120) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:23:58.122:1120) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x5ab6086f9180 a2=0x6e a3=0x1 items=1 ppid=3570 pid=3571 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:58.133:1121) : proctitle=initctl status system-services |
| type=SOCKADDR msg=audit(02/10/22 02:23:58.133:1121) : saddr={ fam=local path=/com/ubuntu/upstart } |
| type=SYSCALL msg=audit(02/10/22 02:23:58.133:1121) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7fff037df360 a2=0x16 a3=0x20 items=0 ppid=3570 pid=3574 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=initctl exe=/sbin/initctl subj=u:r:cros_init_scripts:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:58.203:1122) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:58.203:1122) : saddr={ fam=inet6 laddr=2001:4860:4860::8888 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:58.203:1122) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2e a1=0x7b7870ae33d0 a2=0x1c a3=0x1d31a9d00f4631 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:58.206:1123) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:58.206:1123) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:58.206:1123) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2e a1=0x7b7870ae0700 a2=0x10 a3=0x1d48901df9f4f0 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:58.208:1124) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:58.208:1124) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:58.208:1124) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2f a1=0x7b7870ae05e0 a2=0x10 a3=0x1d5032380c2924 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:58.209:1125) : proctitle=/usr/bin/ml_service --task=mojo_service |
| type=PATH msg=audit(02/10/22 02:23:58.209:1125) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:23:58.209:1125) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:23:58.209:1125) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:23:58.209:1125) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x9 a1=0x7fff84d9bde0 a2=0x1d a3=0x40 items=1 ppid=3577 pid=3579 auid=unset uid=ml-service gid=ml-service euid=ml-service-dbus suid=ml-service fsuid=ml-service-dbus egid=ml-service sgid=ml-service fsgid=ml-service tty=(none) ses=unset comm=ml_service exe=/usr/bin/ml_service subj=u:r:cros_ml_service:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:58.209:1126) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:58.209:1126) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:58.209:1126) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x30 a1=0x7b7870ae04c0 a2=0x10 a3=0x1d5f766bfb8ef0 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:58.213:1127) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:58.213:1127) : saddr={ fam=inet6 laddr=2a00:1450:400c:c00::5e lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:58.213:1127) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2e a1=0x7b7870ae5d40 a2=0x1c a3=0x1d7dfed3f8a726 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:58.214:1128) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:58.214:1128) : saddr={ fam=inet laddr=173.194.76.94 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:58.214:1128) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2e a1=0x7b7870ae5d40 a2=0x10 a3=0x1d85a0ee09e675 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:58.267:1129) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:58.267:1129) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:58.267:1129) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2f a1=0x7b7870ae0ae0 a2=0x10 a3=0x14ccb50066f7c items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:58.268:1130) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:58.268:1130) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:58.268:1130) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x30 a1=0x7b7870ae09c0 a2=0x10 a3=0x1546d69fa29bd items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:58.268:1131) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:58.268:1131) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:23:58.268:1131) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x31 a1=0x7b7870ae08a0 a2=0x10 a3=0x1546d69fa29bd items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:58.274:1132) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:58.274:1132) : saddr={ fam=inet6 laddr=2600:1900:4110:86f:: lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:58.274:1132) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2f a1=0x7b7870ae5d40 a2=0x1c a3=0x1823a0605736c items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:23:58.275:1133) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:23:58.275:1133) : saddr={ fam=inet laddr=34.104.35.123 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:23:58.275:1133) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x2f a1=0x7b7870ae5d40 a2=0x10 a3=0x189dc1ffa3276 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:24:01.683:1231) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:24:01.683:1231) : saddr={ fam=inet6 laddr=2001:4860:4860::8888 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:24:01.683:1231) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x30 a1=0x7b7870ae3c80 a2=0x1c a3=0xdb0630c0e6252 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:24:17.986:1247) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:24:17.986:1247) : saddr={ fam=inet6 laddr=2001:4860:4860::8888 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:24:17.986:1247) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x30 a1=0x7b7870ae34e0 a2=0x1c a3=0x20c400299260 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:24:57.015:1248) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:24:57.015:1248) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:24:57.015:1248) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:24:57.015:1248) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:24:57.015:1248) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffea8329970 a2=0x1d a3=0x20 items=1 ppid=1217 pid=3672 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:25:17.603:1249) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:25:17.603:1249) : saddr={ fam=inet6 laddr=2001:4860:4860::8888 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:25:17.603:1249) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x30 a1=0x7b7870ae34e0 a2=0x1c a3=0xb45f3b60e0cc9 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:25:57.096:1253) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:25:57.096:1253) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:25:57.096:1253) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:25:57.096:1253) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:25:57.096:1253) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffdebe6a060 a2=0x1d a3=0x20 items=1 ppid=1217 pid=3736 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:26:47.656:1272) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:26:47.656:1272) : saddr={ fam=inet6 laddr=2001:4860:4860::8888 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:26:47.656:1272) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x30 a1=0x7b7870ae34e0 a2=0x1c a3=0xce1f940075c2a items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:26:57.179:1273) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:26:57.179:1273) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:26:57.179:1273) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:26:57.179:1273) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:26:57.179:1273) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7fff2bf7a2a0 a2=0x1d a3=0x20 items=1 ppid=1217 pid=3803 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:27:39.394:1275) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:27:39.394:1275) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:27:39.394:1275) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1f a1=0x7b7870ae0810 a2=0x10 a3=0x511f9400e48b5 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:27:39.392:1274) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:27:39.392:1274) : saddr={ fam=inet6 laddr=2001:4860:4860::8888 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:27:39.392:1274) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1f a1=0x7b7870ae34e0 a2=0x1c a3=0x502b50c08c17c items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:27:39.394:1276) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:27:39.394:1276) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:27:39.394:1276) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae06f0 a2=0x10 a3=0x511f9400e48b5 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:27:39.394:1277) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:27:39.394:1277) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:27:39.394:1277) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x21 a1=0x7b7870ae05d0 a2=0x10 a3=0x511f9400e48b5 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:27:39.398:1278) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:27:39.398:1278) : saddr={ fam=inet6 laddr=2a00:1450:400c:c0b::5f lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:27:39.398:1278) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1f a1=0x7b7870ae5d40 a2=0x1c a3=0x53081a80b064b items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:27:39.399:1279) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:27:39.399:1279) : saddr={ fam=inet laddr=108.177.15.95 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:27:39.399:1279) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1f a1=0x7b7870ae5d40 a2=0x10 a3=0x53823c20662cb items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:27:57.259:1280) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:27:57.259:1280) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:27:57.259:1280) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:27:57.259:1280) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:27:57.259:1280) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffc46abb130 a2=0x1d a3=0x20 items=1 ppid=1217 pid=3865 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:28:02.127:1282) : proctitle=periodic_scheduler --period=3600 --timeout=14400 --start_immediately --task_name=crash_sender -- /sbin/crash_sender |
| type=PATH msg=audit(02/10/22 02:28:02.127:1282) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:28:02.127:1282) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:28:02.127:1282) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:28:02.127:1282) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x78f9c3be75a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=2019 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=periodic_schedu exe=/usr/bin/periodic_scheduler subj=u:r:cros_periodic_scheduler:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:28:02.154:1283) : proctitle=/sbin/crash_sender |
| type=PATH msg=audit(02/10/22 02:28:02.154:1283) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:28:02.154:1283) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:28:02.154:1283) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:28:02.154:1283) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7857096da5a0 a2=0x6e a3=0x0 items=1 ppid=3873 pid=3874 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=crash_sender exe=/sbin/crash_sender subj=u:r:cros_crash_sender:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:28:02.166:1284) : proctitle=/sbin/crash_sender |
| type=PATH msg=audit(02/10/22 02:28:02.166:1284) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:28:02.166:1284) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:28:02.166:1284) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:28:02.166:1284) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7857096da5a0 a2=0x6e a3=0x0 items=1 ppid=2019 pid=3873 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=crash_sender exe=/sbin/crash_sender subj=u:r:cros_crash_sender:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:28:04.249:1288) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:28:04.249:1288) : saddr={ fam=inet6 laddr=2001:4860:4860::8888 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:28:04.249:1288) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae2ec0 a2=0x1c a3=0xc2ed5e0e0207 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:28:04.251:1289) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:28:04.251:1289) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:28:04.251:1289) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870adfe50 a2=0x10 a3=0xd2319204bb07 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:28:04.251:1290) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:28:04.251:1290) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:28:04.251:1290) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x21 a1=0x7b7870adfd30 a2=0x10 a3=0xd2319204bb07 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:28:04.251:1291) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:28:04.251:1291) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:28:04.251:1291) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x22 a1=0x7b7870adfc10 a2=0x10 a3=0xd2319204bb07 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:28:04.256:1292) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:28:04.256:1292) : saddr={ fam=inet6 laddr=2a00:1450:400c:c06::66 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:28:04.256:1292) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae5d40 a2=0x1c a3=0xf85c140bf3ea items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:28:04.256:1293) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:28:04.256:1293) : saddr={ fam=inet6 laddr=2a00:1450:400c:c06::8a lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:28:04.256:1293) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae5d40 a2=0x1c a3=0xf85c140bf3ea items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:28:04.256:1294) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:28:04.256:1294) : saddr={ fam=inet6 laddr=2a00:1450:400c:c06::65 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:28:04.256:1294) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae5d40 a2=0x1c a3=0xf85c140bf3ea items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:28:04.256:1295) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:28:04.256:1295) : saddr={ fam=inet6 laddr=2a00:1450:400c:c06::71 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:28:04.256:1295) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae5d40 a2=0x1c a3=0xf85c140bf3ea items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:28:04.256:1296) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:28:04.256:1296) : saddr={ fam=inet laddr=66.102.1.138 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:28:04.256:1296) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae5d40 a2=0x10 a3=0xf85c140bf3ea items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:28:04.256:1297) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:28:04.256:1297) : saddr={ fam=inet laddr=66.102.1.113 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:28:04.256:1297) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae5d40 a2=0x10 a3=0xf85c140bf3ea items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:28:04.256:1298) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:28:04.256:1298) : saddr={ fam=inet laddr=66.102.1.101 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:28:04.256:1298) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae5d40 a2=0x10 a3=0xf85c140bf3ea items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:28:04.256:1299) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:28:04.256:1299) : saddr={ fam=inet laddr=66.102.1.100 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:28:04.256:1299) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae5d40 a2=0x10 a3=0xf85c140bf3ea items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:28:04.256:1300) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:28:04.256:1300) : saddr={ fam=inet laddr=66.102.1.102 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:28:04.256:1300) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae5d40 a2=0x10 a3=0xf85c140bf3ea items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:28:04.257:1301) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:28:04.257:1301) : saddr={ fam=inet laddr=66.102.1.139 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:28:04.257:1301) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae5d40 a2=0x10 a3=0xfffe2e07506a items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:28:12.876:1303) : proctitle=logger -t cros-machine-id-regen Not regenerating since we did so 316 seconds ago. |
| type=PATH msg=audit(02/10/22 02:28:12.876:1303) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:28:12.876:1303) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:28:12.876:1303) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:28:12.876:1303) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x58c989faf180 a2=0x6e a3=0x1 items=1 ppid=3890 pid=3898 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=logger exe=/usr/bin/logger subj=u:r:cros_machine_id_regen:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:28:12.948:1304) : proctitle=periodic_scheduler --period=21600 --timeout=3600 --task_name=trim -- chromeos-trim |
| type=PATH msg=audit(02/10/22 02:28:12.948:1304) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:28:12.948:1304) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:28:12.948:1304) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:28:12.948:1304) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7a966fd7f5a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=2651 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=periodic_schedu exe=/usr/bin/periodic_scheduler subj=u:r:cros_periodic_scheduler:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:28:12.851:1302) : proctitle=periodic_scheduler --period=3600 --timeout=60 --task_name=cros-machine-id-regen -- /usr/sbin/cros-machine-id-regen -r periodic - |
| type=PATH msg=audit(02/10/22 02:28:12.851:1302) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:28:12.851:1302) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:28:12.851:1302) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:28:12.851:1302) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7889c3b9b5a0 a2=0x6e a3=0x0 items=1 ppid=1 pid=2457 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=periodic_schedu exe=/usr/bin/periodic_scheduler subj=u:r:cros_periodic_scheduler:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:28:57.339:1305) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:28:57.339:1305) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:28:57.339:1305) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:28:57.339:1305) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:28:57.339:1305) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffee7f15b40 a2=0x1d a3=0x20 items=1 ppid=1217 pid=3991 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:29:57.422:1306) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:29:57.422:1306) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:29:57.422:1306) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:29:57.422:1306) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:29:57.422:1306) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7fff77e3e460 a2=0x1d a3=0x20 items=1 ppid=1217 pid=4054 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:30:19.533:1307) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:30:19.533:1307) : saddr={ fam=inet6 laddr=2001:4860:4860::8888 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:30:19.533:1307) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x21 a1=0x7b7870ae34e0 a2=0x1c a3=0x92f0d240b508c items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:30:57.501:1308) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:30:57.501:1308) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:30:57.501:1308) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:30:57.501:1308) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:30:57.501:1308) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffcc2dd75b0 a2=0x1d a3=0x20 items=1 ppid=1217 pid=4117 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:31:57.524:1309) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:31:57.524:1309) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:31:57.524:1309) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:31:57.524:1309) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:31:57.524:1309) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffcfda30e30 a2=0x1d a3=0x20 items=1 ppid=1217 pid=4177 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:32:57.550:1310) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:32:57.550:1310) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:32:57.550:1310) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:32:57.550:1310) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:32:57.550:1310) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffdc22ff400 a2=0x1d a3=0x20 items=1 ppid=1217 pid=4238 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:33:57.568:1311) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:33:57.568:1311) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:33:57.568:1311) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:33:57.568:1311) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:33:57.568:1311) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffd36d22950 a2=0x1d a3=0x20 items=1 ppid=1217 pid=4306 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:34:57.648:1312) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:34:57.648:1312) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:34:57.648:1312) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:34:57.648:1312) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:34:57.648:1312) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7fff36d665d0 a2=0x1d a3=0x20 items=1 ppid=1217 pid=4368 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:35:19.545:1314) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:35:19.545:1314) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:35:19.545:1314) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1b a1=0x7b7870ae0ae0 a2=0x10 a3=0x991b5f9f2d8e0 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:35:19.543:1313) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:35:19.543:1313) : saddr={ fam=inet6 laddr=2001:4860:4860::8888 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:35:19.543:1313) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1f a1=0x7b7870ae34e0 a2=0x1c a3=0x98271c60afb7d items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:35:19.545:1315) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:35:19.545:1315) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:35:19.545:1315) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1f a1=0x7b7870ae09c0 a2=0x10 a3=0x20c400299260 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:35:19.546:1316) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:35:19.546:1316) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:35:19.546:1316) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae08a0 a2=0x10 a3=0x991b5f9f2d8e0 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:35:19.550:1317) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:35:19.550:1317) : saddr={ fam=inet6 laddr=2a00:1450:400c:c00::5e lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:35:19.550:1317) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1f a1=0x7b7870ae5d40 a2=0x1c a3=0x9b7e07c095a99 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:35:19.550:1318) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:35:19.550:1318) : saddr={ fam=inet laddr=64.233.184.94 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:35:19.550:1318) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1f a1=0x7b7870ae5d40 a2=0x10 a3=0x9b7e07c095a99 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:35:57.726:1319) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:35:57.726:1319) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:35:57.726:1319) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:35:57.726:1319) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:35:57.726:1319) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffe40e3b0d0 a2=0x1d a3=0x20 items=1 ppid=1217 pid=4430 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:36:57.806:1320) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:36:57.806:1320) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:36:57.806:1320) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:36:57.806:1320) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:36:57.806:1320) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffdfcadad20 a2=0x1d a3=0x20 items=1 ppid=1217 pid=4491 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:37:57.882:1321) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:37:57.882:1321) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:37:57.882:1321) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:37:57.882:1321) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:37:57.882:1321) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffddc8e2e30 a2=0x1d a3=0x20 items=1 ppid=1217 pid=4551 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:38:57.924:1322) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:38:57.924:1322) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:38:57.924:1322) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:38:57.924:1322) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:38:57.924:1322) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffdfad88e70 a2=0x1d a3=0x20 items=1 ppid=1217 pid=4616 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:39:57.949:1326) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:39:57.949:1326) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:39:57.949:1326) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:39:57.949:1326) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:39:57.949:1326) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffd769d99c0 a2=0x1d a3=0x20 items=1 ppid=1217 pid=4678 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:40:19.562:1327) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:40:19.562:1327) : saddr={ fam=inet6 laddr=2001:4860:4860::8888 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:40:19.562:1327) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1b a1=0x7b7870ae34e0 a2=0x1c a3=0xa12e7380e02e9 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:40:19.562:1328) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:40:19.562:1328) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:40:19.562:1328) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1b a1=0x7b7870ae0ae0 a2=0x10 a3=0xa12e7380e02e9 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:40:19.564:1329) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:40:19.564:1329) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:40:19.564:1329) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1f a1=0x7b7870ae09c0 a2=0x10 a3=0x20c400299260 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:40:19.564:1330) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:40:19.564:1330) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:40:19.564:1330) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae08a0 a2=0x10 a3=0xa222b6c04bbe9 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:40:19.567:1331) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:40:19.567:1331) : saddr={ fam=inet6 laddr=2a00:1450:400c:c00::5e lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:40:19.567:1331) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1b a1=0x7b7870ae5d40 a2=0x1c a3=0xa3911ba052ee6 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:40:19.569:1332) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:40:19.569:1332) : saddr={ fam=inet laddr=64.233.184.94 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:40:19.569:1332) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1b a1=0x7b7870ae5d40 a2=0x10 a3=0xa3911ba052ee6 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:40:58.026:1339) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:40:58.026:1339) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:40:58.026:1339) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:40:58.026:1339) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:40:58.026:1339) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffe48830470 a2=0x1d a3=0x20 items=1 ppid=1217 pid=4742 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:41:58.106:1340) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:41:58.106:1340) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:41:58.106:1340) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:41:58.106:1340) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:41:58.106:1340) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffed8861f30 a2=0x1d a3=0x20 items=1 ppid=1217 pid=4803 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:42:14.284:1342) : proctitle=/usr/sbin/sshd -D -oPort=2222 -R |
| type=SOCKADDR msg=audit(02/10/22 02:42:14.284:1342) : saddr={ fam=inet6 laddr=:: lport=2222 } |
| type=SYSCALL msg=audit(02/10/22 02:42:14.284:1342) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x5b62308b9760 a2=0x1c a3=0x7ffc7b6ee144 items=0 ppid=2114 pid=4821 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_sshd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:42:14.278:1341) : proctitle=/usr/sbin/sslh-fork -F/etc/sslh.conf |
| type=SOCKADDR msg=audit(02/10/22 02:42:14.278:1341) : saddr={ fam=inet laddr=127.0.0.1 lport=2222 } |
| type=SYSCALL msg=audit(02/10/22 02:42:14.278:1341) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x59a8f9bcb500 a2=0x10 a3=0x7cb7eae88710 items=0 ppid=2175 pid=4820 auid=unset uid=sslh gid=sslh euid=sslh suid=sslh fsuid=sslh egid=sslh sgid=sslh fsgid=sslh tty=(none) ses=unset comm=sslh-fork exe=/usr/sbin/sslh-fork subj=u:r:cros_sslh:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:42:14.285:1343) : proctitle=/usr/sbin/sshd -D -oPort=2222 -R |
| type=SOCKADDR msg=audit(02/10/22 02:42:14.285:1343) : saddr=unknown-family(0) |
| type=SYSCALL msg=audit(02/10/22 02:42:14.285:1343) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x7ffc7b6ef260 a2=0x10 a3=0xa items=0 ppid=2114 pid=4821 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_sshd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:42:14.285:1344) : proctitle=/usr/sbin/sshd -D -oPort=2222 -R |
| type=SOCKADDR msg=audit(02/10/22 02:42:14.285:1344) : saddr={ fam=inet laddr=0.0.0.0 lport=2222 } |
| type=SYSCALL msg=audit(02/10/22 02:42:14.285:1344) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x4 a1=0x5b62308ba250 a2=0x10 a3=0xa items=0 ppid=2114 pid=4821 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_sshd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:42:16.595:1345) : proctitle=/usr/sbin/sshd -D -oPort=2222 -R |
| type=PATH msg=audit(02/10/22 02:42:16.595:1345) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:42:16.595:1345) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:42:16.595:1345) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:42:16.595:1345) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x5 a1=0x7d0f9d2f45a0 a2=0x6e a3=0x7ffc7b6eefc0 items=1 ppid=2114 pid=4821 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_sshd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:42:16.599:1347) : proctitle=/usr/sbin/sshd -D -oPort=2222 -R |
| type=PATH msg=audit(02/10/22 02:42:16.599:1347) : item=0 name=/dev/log inode=10509 dev=00:06 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=u:object_r:logger_device:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:42:16.599:1347) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:42:16.599:1347) : saddr={ fam=local path=/dev/log } |
| type=SYSCALL msg=audit(02/10/22 02:42:16.599:1347) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7d0f9d2f45a0 a2=0x6e a3=0x0 items=1 ppid=2114 pid=4821 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=3 comm=sshd exe=/usr/sbin/sshd subj=u:r:cros_sshd:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:42:58.185:1348) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:42:58.185:1348) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:42:58.185:1348) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:42:58.185:1348) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:42:58.185:1348) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffdeca9f330 a2=0x1d a3=0x20 items=1 ppid=1217 pid=4877 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:43:58.228:1349) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:43:58.228:1349) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:43:58.228:1349) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:43:58.228:1349) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:43:58.228:1349) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffd9bf13210 a2=0x1d a3=0x20 items=1 ppid=1217 pid=4945 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:44:58.251:1350) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:44:58.251:1350) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:44:58.251:1350) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:44:58.251:1350) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:44:58.251:1350) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffce2daefd0 a2=0x1d a3=0x20 items=1 ppid=1217 pid=5008 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:45:19.577:1351) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:45:19.577:1351) : saddr={ fam=inet6 laddr=2001:4860:4860::8888 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:45:19.577:1351) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1f a1=0x7b7870ae34e0 a2=0x1c a3=0xa84d4420bea8b items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:45:19.578:1352) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:45:19.578:1352) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:45:19.578:1352) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1b a1=0x7b7870ae0ae0 a2=0x10 a3=0xa8c765c07470b items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:45:19.579:1353) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:45:19.579:1353) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:45:19.579:1353) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1f a1=0x7b7870ae09c0 a2=0x10 a3=0x20c400299260 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:45:19.579:1354) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:45:19.579:1354) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:45:19.579:1354) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae08a0 a2=0x10 a3=0xa94187600fe65 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:45:19.602:1355) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:45:19.602:1355) : saddr={ fam=inet6 laddr=2a00:1450:400c:c00::5e lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:45:19.602:1355) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1f a1=0x7b7870ae5d40 a2=0x1c a3=0xb43a8cc04ee65 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:45:19.603:1356) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:45:19.603:1356) : saddr={ fam=inet laddr=173.194.76.94 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:45:19.603:1356) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1f a1=0x7b7870ae5d40 a2=0x10 a3=0xb4b4ae5ff00c5 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:45:58.302:1363) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:45:58.302:1363) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:45:58.302:1363) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:45:58.302:1363) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:45:58.302:1363) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffc53daebb0 a2=0x1d a3=0x20 items=1 ppid=1217 pid=5073 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:46:58.354:1367) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:46:58.354:1367) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:46:58.354:1367) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:46:58.354:1367) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:46:58.354:1367) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffe47643390 a2=0x1d a3=0x20 items=1 ppid=1217 pid=5142 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:47:58.413:1371) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:47:58.413:1371) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:47:58.413:1371) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:47:58.413:1371) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:47:58.413:1371) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffde0cc8440 a2=0x1d a3=0x20 items=1 ppid=1217 pid=5209 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:48:58.492:1372) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:48:58.492:1372) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:48:58.492:1372) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:48:58.492:1372) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:48:58.492:1372) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffef22ce460 a2=0x1d a3=0x20 items=1 ppid=1217 pid=5282 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:49:58.550:1373) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:49:58.550:1373) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:49:58.550:1373) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:49:58.550:1373) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:49:58.550:1373) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffcb94200a0 a2=0x1d a3=0x20 items=1 ppid=1217 pid=5344 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:50:19.614:1374) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:50:19.614:1374) : saddr={ fam=inet6 laddr=2001:4860:4860::8888 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:50:19.614:1374) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1b a1=0x7b7870ae34e0 a2=0x1c a3=0xb9eaf87ffd896 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:50:19.616:1375) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:50:19.616:1375) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:50:19.616:1375) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1b a1=0x7b7870ae0ae0 a2=0x10 a3=0xbadf3bc085568 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:50:19.616:1376) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:50:19.616:1376) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:50:19.616:1376) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1f a1=0x7b7870ae09c0 a2=0x10 a3=0x20c400299260 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:50:19.617:1377) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:50:19.617:1377) : saddr={ fam=inet laddr=100.115.92.130 lport=53 } |
| type=SYSCALL msg=audit(02/10/22 02:50:19.617:1377) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x20 a1=0x7b7870ae08a0 a2=0x10 a3=0xbb595d6014f7a items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:50:19.637:1378) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:50:19.637:1378) : saddr={ fam=inet6 laddr=2a00:1450:400c:c00::5e lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:50:19.637:1378) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1b a1=0x7b7870ae5d40 a2=0x1c a3=0xc4e3fde00e659 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:50:19.637:1379) : proctitle=/opt/google/chrome/chrome --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=non |
| type=SOCKADDR msg=audit(02/10/22 02:50:19.637:1379) : saddr={ fam=inet laddr=74.125.140.94 lport=80 } |
| type=SYSCALL msg=audit(02/10/22 02:50:19.637:1379) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x1b a1=0x7b7870ae5d40 a2=0x10 a3=0xc4e3fde00e659 items=0 ppid=1240 pid=1817 auid=unset uid=chronos gid=chronos euid=chronos suid=chronos fsuid=chronos egid=chronos sgid=chronos fsgid=chronos tty=(none) ses=unset comm=Chrome_ChildIOT exe=/opt/google/chrome/chrome subj=u:r:cros_browser:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:50:58.603:1380) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:50:58.603:1380) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:50:58.603:1380) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:50:58.603:1380) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:50:58.603:1380) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffe5cadc340 a2=0x1d a3=0x20 items=1 ppid=1217 pid=5407 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
| ---- |
| type=PROCTITLE msg=audit(02/10/22 02:51:58.654:1381) : proctitle=/usr/sbin/spaced_cli --get_free_disk_space=/home/.shadow |
| type=PATH msg=audit(02/10/22 02:51:58.654:1381) : item=0 name=/run/dbus/system_bus_socket inode=1276 dev=00:15 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=u:object_r:cros_system_bus_socket:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 |
| type=CWD msg=audit(02/10/22 02:51:58.654:1381) : cwd=/ |
| type=SOCKADDR msg=audit(02/10/22 02:51:58.654:1381) : saddr={ fam=local path=/run/dbus/system_bus_socket } |
| type=SYSCALL msg=audit(02/10/22 02:51:58.654:1381) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffc7a44d850 a2=0x1d a3=0x20 items=1 ppid=1217 pid=5469 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=spaced_cli exe=/usr/sbin/spaced_cli subj=u:r:chromeos:s0 key=sock_conn |
