Comment # 8 on bug 1228380 from Cathy Hu 
> ----
> time->Thu Aug  1 19:17:34 2024
> type=AVC msg=audit(1722503854.212:204): avc:  denied  { search } for 
> pid=14253 comm="grub" name="nscd" dev="tmpfs" ino=4234
> scontext=system_u:system_r:snapper_grub_plugin_t:s0
> tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir permissive=0
> ----
> time->Thu Aug  1 19:17:34 2024
> type=AVC msg=audit(1722503854.212:205): avc:  denied  { search } for 
> pid=14253 comm="grub" name="nscd" dev="tmpfs" ino=4234
> scontext=system_u:system_r:snapper_grub_plugin_t:s0
> tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir permissive=0
> ----
> 
> This looks different, is less in volume, and the original two messages are
> gone, should I file a new bug for that?

ah thanks, yes these are new, i opened another bug:
https://bugzilla.suse.com/show_bug.cgi?id=1228745


> 
> I'm sorry I'm a bit noob at this, would you mind telling me the command to
> get the file to attach?
> 
> I was going to attach the output of
> ` sudo ausearch -m AVC,USER_AVC -c snapper -c grub >~/Desktop/ausearch.txt `
> It's ~7MB and I feel like maybe I'm doing it wrong, perhaps there's a way to
> filter out all the dupes? I could filter it to just today, and that will
> capture all the different states.

just filter with `-ts <time>`, e.g. `ausearch -m avc -ts 19:17', i actually
dont know if you could filter out duplicates with ausearch, maybe pipe into
grep. or just attach the whole file :D

You are receiving this mail because: