Fixing the brave sandbox

posix4e · November 13, 2018, 8:25pm

Nov 13 09:26:54 localhost.localdomain audit[7719]: SECCOMP auid=1000 uid=1000 gid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=7719 comm="brave" exe="/snap/brave/x1/opt/brave.com/brave/brave" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7fe6115fd4d9 code=0x50000
Nov 13 09:26:54 localhost.localdomain audit[7611]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=7611 comm="brave" exe="/snap/brave/x1/opt/brave.com/brave/brave" sig=5 res=1
Nov 13 09:26:55 localhost.localdomain audit[7745]: AVC avc:  denied  { read } for  pid=7745 comm="abrt-action-gen" name="brave" dev="loop5" ino=174 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0
Nov 13 09:26:55 localhost.localdomain audit[7745]: AVC avc:  denied  { read } for  pid=7745 comm="abrt-action-gen" name="brave" dev="loop5" ino=174 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0
Nov 13 09:26:55 localhost.localdomain audit[7762]: AVC avc:  denied  { read } for  pid=7762 comm="eu-unstrip" name="brave" dev="loop5" ino=174 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0
Nov 13 09:27:14 localhost.localdomain audit[7951]: USER_CMD pid=7951 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/posix4e/src/brave/brave" cmd=736E61702072656D6F7665206272617665 terminal=pts/0 res=success'
Nov 13 09:27:14 localhost.localdomain audit[8027]: AVC avc:  denied  { read write } for  pid=8027 comm="snap-update-ns" name="brave.lock" dev="tmpfs" ino=94556 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:27:14 localhost.localdomain audit[8027]: AVC avc:  denied  { open } for  pid=8027 comm="snap-update-ns" path="/run/snapd/lock/brave.lock" dev="tmpfs" ino=94556 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:27:14 localhost.localdomain audit[8027]: AVC avc:  denied  { lock } for  pid=8027 comm="snap-update-ns" path="/run/snapd/lock/brave.lock" dev="tmpfs" ino=94556 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:27:14 localhost.localdomain audit[8027]: AVC avc:  denied  { write } for  pid=8027 comm="snap-update-ns" name="snap.brave" dev="cgroup" ino=16 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=dir permissive=1
Nov 13 09:27:14 localhost.localdomain audit[8027]: AVC avc:  denied  { add_name } for  pid=8027 comm="snap-update-ns" name="snap.brave.fstab.SYlqPmm6NryL~" scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=dir permissive=1
Nov 13 09:27:14 localhost.localdomain audit[8027]: AVC avc:  denied  { create } for  pid=8027 comm="snap-update-ns" name="snap.brave.fstab.SYlqPmm6NryL~" scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:27:14 localhost.localdomain audit[8027]: AVC avc:  denied  { write open } for  pid=8027 comm="snap-update-ns" path="/run/snapd/ns/snap.brave.fstab.SYlqPmm6NryL~" dev="tmpfs" ino=101544 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:27:14 localhost.localdomain audit[8027]: AVC avc:  denied  { getattr } for  pid=8027 comm="snap-update-ns" path="/run/snapd/ns/snap.brave.fstab" dev="tmpfs" ino=92481 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:27:14 localhost.localdomain audit[8027]: AVC avc:  denied  { remove_name } for  pid=8027 comm="snap-update-ns" name="snap.brave.fstab.SYlqPmm6NryL~" dev="tmpfs" ino=101544 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=dir permissive=1
Nov 13 09:27:14 localhost.localdomain audit[8027]: AVC avc:  denied  { rename } for  pid=8027 comm="snap-update-ns" name="snap.brave.fstab.SYlqPmm6NryL~" dev="tmpfs" ino=101544 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:27:14 localhost.localdomain audit[8027]: AVC avc:  denied  { unlink } for  pid=8027 comm="snap-update-ns" name="snap.brave.fstab" dev="tmpfs" ino=92481 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:27:14 localhost.localdomain audit[8039]: AVC avc:  denied  { read } for  pid=8039 comm="snap-update-ns" name="snap.brave.fstab" dev="tmpfs" ino=101544 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:27:14 localhost.localdomain audit[8039]: AVC avc:  denied  { mounton } for  pid=8039 comm="snap-update-ns" path="/tmp/.snap/snap/brave/x1" dev="tmpfs" ino=96046 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1
Nov 13 09:27:14 localhost.localdomain audit[8039]: AVC avc:  denied  { mounton } for  pid=8039 comm="snap-update-ns" path="/snap/brave/x1" dev="loop5" ino=23578 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1
Nov 13 09:27:14 localhost.localdomain audit[8039]: AVC avc:  denied  { mounton } for  pid=8039 comm="snap-update-ns" path="/snap/brave/x1/bin" dev="tmpfs" ino=96051 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir permissive=1
Nov 13 09:27:14 localhost.localdomain audit[8039]: AVC avc:  denied  { create } for  pid=8039 comm="snap-update-ns" name="command-brave.wrapper" scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=1
Nov 13 09:27:14 localhost.localdomain audit[8039]: AVC avc:  denied  { read open } for  pid=8039 comm="snap-update-ns" path="/snap/brave/x1/command-brave.wrapper" dev="tmpfs" ino=96053 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=1
Nov 13 09:27:14 localhost.localdomain audit[8039]: AVC avc:  denied  { setattr } for  pid=8039 comm="snap-update-ns" name="command-brave.wrapper" dev="tmpfs" ino=96053 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=1
Nov 13 09:27:14 localhost.localdomain audit[8039]: AVC avc:  denied  { getattr } for  pid=8039 comm="snap-update-ns" path="/snap/brave/x1/command-brave.wrapper" dev="tmpfs" ino=96053 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=1
Nov 13 09:27:14 localhost.localdomain audit[8039]: AVC avc:  denied  { mounton } for  pid=8039 comm="snap-update-ns" path="/snap/brave/x1/command-brave.wrapper" dev="tmpfs" ino=96053 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=1
Nov 13 09:27:14 localhost.localdomain audit[8039]: AVC avc:  denied  { getattr } for  pid=8039 comm="snap-update-ns" path="/run/snapd/ns/snap.brave.fstab" dev="tmpfs" ino=101544 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:27:14 localhost.localdomain audit[8039]: AVC avc:  denied  { unlink } for  pid=8039 comm="snap-update-ns" name="snap.brave.fstab" dev="tmpfs" ino=101544 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:27:16 localhost.localdomain audit[2988]: AVC avc:  denied  { write } for  pid=2988 comm="snapd" name="brave" dev="dm-3" ino=11144713 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1
Nov 13 09:27:16 localhost.localdomain audit[2988]: AVC avc:  denied  { remove_name } for  pid=2988 comm="snapd" name="snap.brave" dev="tmpfs" ino=92484 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1
Nov 13 09:27:16 localhost.localdomain audit[2988]: AVC avc:  denied  { rmdir } for  pid=2988 comm="snapd" name="snap.brave" dev="tmpfs" ino=92484 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1
Nov 13 09:27:16 localhost.localdomain audit[8393]: AVC avc:  denied  { read write } for  pid=8393 comm="snap-discard-ns" name="brave.lock" dev="tmpfs" ino=94556 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:27:16 localhost.localdomain audit[8393]: AVC avc:  denied  { open } for  pid=8393 comm="snap-discard-ns" path="/run/snapd/lock/brave.lock" dev="tmpfs" ino=94556 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:27:16 localhost.localdomain audit[8393]: AVC avc:  denied  { lock } for  pid=8393 comm="snap-discard-ns" path="/run/snapd/lock/brave.lock" dev="tmpfs" ino=94556 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:27:30 localhost.localdomain audit[8402]: USER_CMD pid=8402 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/posix4e/src/brave/brave" cmd=736E617020696E7374616C6C202D2D64616E6765726F7573202E2F62726176652E736E6170 terminal=pts/0 res=success'
Nov 13 09:27:33 localhost.localdomain audit[2988]: AVC avc:  denied  { getattr } for  pid=2988 comm="snapd" path="/run/snapd/ns/brave.mnt" dev="tmpfs" ino=94557 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:27:33 localhost.localdomain audit[8592]: AVC avc:  denied  { read } for  pid=8592 comm="snap-update-ns" name="brave.mnt" dev="tmpfs" ino=94557 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:27:33 localhost.localdomain audit[8592]: AVC avc:  denied  { open } for  pid=8592 comm="snap-update-ns" path="/run/snapd/ns/brave.mnt" dev="tmpfs" ino=94557 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:27:34 localhost.localdomain audit[2988]: AVC avc:  denied  { getattr } for  pid=2988 comm="snapd" path="/run/snapd/ns/brave.mnt" dev="tmpfs" ino=94557 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:27:34 localhost.localdomain audit[8827]: AVC avc:  denied  { read } for  pid=8827 comm="snap-update-ns" name="brave.mnt" dev="tmpfs" ino=94557 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:27:34 localhost.localdomain audit[8827]: AVC avc:  denied  { open } for  pid=8827 comm="snap-update-ns" path="/run/snapd/ns/brave.mnt" dev="tmpfs" ino=94557 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:27:51 localhost.localdomain audit[9194]: SECCOMP auid=1000 uid=1000 gid=1000 ses=3 sudo journalctl | grep brave| grep auditsubj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=9194 comm="brave" exe="/snap/brave/x1/opt/brave.com/brave/brave" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f30887514d9 code=0x50000
Nov 13 09:27:51 localhost.localdomain audit[8951]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=8951 comm="brave" exe="/snap/brave/x1/opt/brave.com/brave/brave" sig=5 res=1
Nov 13 09:27:52 localhost.localdomain audit[9217]: AVC avc:  denied  { read } for  pid=9217 comm="abrt-action-gen" name="brave" dev="loop5" ino=174 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0
Nov 13 09:27:52 localhost.localdomain audit[9217]: AVC avc:  denied  { read } for  pid=9217 comm="abrt-action-gen" name="brave" dev="loop5" ino=174 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0
Nov 13 09:27:52 localhost.localdomain audit[9234]: AVC avc:  denied  { read } for  pid=9234 comm="eu-unstrip" name="brave" dev="loop5" ino=174 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0
Nov 13 09:27:58 localhost.localdomain audit[9253]: USER_CMD pid=9253 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/posix4e/src/brave/brave" cmd=736E617020696E7374616C6C202D2D64616E6765726F7573202D2D6465766D6F6465202E2F62726176652E736E6170 terminal=pts/0 res=success'
Nov 13 09:28:01 localhost.localdomain audit[9441]: AVC avc:  denied  { write } for  pid=9441 comm="cp" name="brave" dev="dm-3" ino=11144713 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1
Nov 13 09:28:01 localhost.localdomain audit[9441]: AVC avc:  denied  { open } for  pid=9441 comm="cp" path="/home/posix4e/snap/brave/x1/.config/user-dirs.dirs" dev="dm-3" ino=17318135 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
Nov 13 09:28:01 localhost.localdomain audit[9441]: AVC avc:  denied  { write } for  pid=9441 comm="cp" path="/home/posix4e/snap/brave/x2/.config/user-dirs.dirs" dev="dm-3" ino=18110033 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
Nov 13 09:28:01 localhost.localdomain audit[9441]: AVC avc:  denied  { getattr } for  pid=9441 comm="cp" path="/home/posix4e/snap/brave/x1/.config/user-dirs.locale" dev="dm-3" ino=17318136 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:config_home_t:s0 tclass=file permissive=1
Nov 13 09:28:01 localhost.localdomain audit[9441]: AVC avc:  denied  { open } for  pid=9441 comm="cp" path="/home/posix4e/snap/brave/x1/.config/user-dirs.locale" dev="dm-3" ino=17318136 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:config_home_t:s0 tclass=file permissive=1
Nov 13 09:28:01 localhost.localdomain audit[9441]: AVC avc:  denied  { write } for  pid=9441 comm="cp" path="/home/posix4e/snap/brave/x2/.config/user-dirs.locale" dev="dm-3" ino=18110034 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:config_home_t:s0 tclass=file permissive=1
Nov 13 09:28:01 localhost.localdomain audit[9441]: AVC avc:  denied  { getattr } for  pid=9441 comm="cp" path="/home/posix4e/snap/brave/x1/.config/dconf/user" dev="dm-3" ino=17319007 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=lnk_file permissive=1
Nov 13 09:28:02 localhost.localdomain audit[9544]: AVC avc:  denied  { read write } for  pid=9544 comm="snap-update-ns" name="brave.lock" dev="tmpfs" ino=94556 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:28:02 localhost.localdomain audit[9544]: AVC avc:  denied  { open } for  pid=9544 comm="snap-update-ns" path="/run/snapd/lock/brave.lock" dev="tmpfs" ino=94556 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:28:02 localhost.localdomain audit[9544]: AVC avc:  denied  { lock } for  pid=9544 comm="snap-update-ns" path="/run/snapd/lock/brave.lock" dev="tmpfs" ino=94556 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:28:02 localhost.localdomain audit[9544]: AVC avc:  denied  { mounton } for  pid=9544 comm="snap-update-ns" path="/tmp/.snap/snap/brave/x2" dev="tmpfs" ino=298274 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=dir permissive=1
Nov 13 09:28:02 localhost.localdomain audit[9544]: AVC avc:  denied  { mounton } for  pid=9544 comm="snap-update-ns" path="/snap/brave/x2" dev="loop14" ino=23578 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1
Nov 13 09:28:02 localhost.localdomain audit[9544]: AVC avc:  denied  { mounton } for  pid=9544 comm="snap-update-ns" path="/snap/brave/x2/bin" dev="tmpfs" ino=298279 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir permissive=1
Nov 13 09:28:02 localhost.localdomain audit[9544]: AVC avc:  denied  { create } for  pid=9544 comm="snap-update-ns" name="command-brave.wrapper" scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=1
Nov 13 09:28:02 localhost.localdomain audit[9544]: AVC avc:  denied  { read open } for  pid=9544 comm="snap-update-ns" path="/snap/brave/x2/command-brave.wrapper" dev="tmpfs" ino=298281 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=1
Nov 13 09:28:02 localhost.localdomain audit[9544]: AVC avc:  denied  { setattr } for  pid=9544 comm="snap-update-ns" name="command-brave.wrapper" dev="tmpfs" ino=298281 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=1
Nov 13 09:28:02 localhost.localdomain audit[9544]: AVC avc:  denied  { getattr } for  pid=9544 comm="snap-update-ns" path="/snap/brave/x2/command-brave.wrapper" dev="tmpfs" ino=298281 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=1
Nov 13 09:28:02 localhost.localdomain audit[9544]: AVC avc:  denied  { mounton } for  pid=9544 comm="snap-update-ns" path="/snap/brave/x2/command-brave.wrapper" dev="tmpfs" ino=298281 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=1
Nov 13 09:28:02 localhost.localdomain audit[9544]: AVC avc:  denied  { add_name } for  pid=9544 comm="snap-update-ns" name="snap.brave.fstab.wFCRSbM1NBwQ~" scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=dir permissive=1
Nov 13 09:28:02 localhost.localdomain audit[9544]: AVC avc:  denied  { create } for  pid=9544 comm="snap-update-ns" name="snap.brave.fstab.wFCRSbM1NBwQ~" scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:28:02 localhost.localdomain audit[9544]: AVC avc:  denied  { write open } for  pid=9544 comm="snap-update-ns" path="/run/snapd/ns/snap.brave.fstab.wFCRSbM1NBwQ~" dev="tmpfs" ino=298321 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:28:02 localhost.localdomain audit[9544]: AVC avc:  denied  { getattr } for  pid=9544 comm="snap-update-ns" path="/run/snapd/ns/snap.brave.fstab" dev="tmpfs" ino=201857 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:28:02 localhost.localdomain audit[9544]: AVC avc:  denied  { remove_name } for  pid=9544 comm="snap-update-ns" name="snap.brave.fstab.wFCRSbM1NBwQ~" dev="tmpfs" ino=298321 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=dir permissive=1
Nov 13 09:28:02 localhost.localdomain audit[9544]: AVC avc:  denied  { rename } for  pid=9544 comm="snap-update-ns" name="snap.brave.fstab.wFCRSbM1NBwQ~" dev="tmpfs" ino=298321 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=1
Nov 13 09:28:02 localhost.localdomain audit[9544]: AVC avc:  denied  { unlink } for  pid=9544 comm="snap-update-ns" name="snap.brave.fstab" dev="tmpfs" ino=201857 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file permissive=1