type=AVC msg=audit(1549433333.064:221172): avc:  denied  { dac_override } for  pid=11761 comm="newuidmap" capability=1  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability permissive=0
type=AVC msg=audit(1549433371.737:221198): avc:  denied  { dac_override } for  pid=11820 comm="newuidmap" capability=1  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability permissive=0
type=AVC msg=audit(1549433463.891:221320): avc:  denied  { dac_override } for  pid=11923 comm="newuidmap" capability=1  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability permissive=0
type=AVC msg=audit(1549434314.697:222932): avc:  denied  { dac_override } for  pid=13882 comm="newuidmap" capability=1  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability permissive=0
type=AVC msg=audit(1549434559.771:223028): avc:  denied  { dac_override } for  pid=13991 comm="newuidmap" capability=1  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability permissive=0
type=AVC msg=audit(1549434765.588:223188): avc:  denied  { dac_override } for  pid=14128 comm="newuidmap" capability=1  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability permissive=1
type=AVC msg=audit(1549434765.590:223190): avc:  denied  { setgid } for  pid=14127 comm="podman" capability=6  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=cap_userns permissive=1
type=AVC msg=audit(1549434765.590:223191): avc:  denied  { setuid } for  pid=14127 comm="podman" capability=7  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=cap_userns permissive=1
type=AVC msg=audit(1549434765.627:223193): avc:  denied  { mounton } for  pid=14127 comm="podman" path="/home/rlpowell/.local/share/containers/storage/overlay" dev="vdb" ino=532489 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:data_home_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1549434765.690:223197): avc:  denied  { dac_override } for  pid=14147 comm="rpm" capability=1  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=cap_userns permissive=1
type=AVC msg=audit(1549434765.711:223199): avc:  denied  { unmount } for  pid=14127 comm="podman" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=1
type=AVC msg=audit(1549434765.819:223203): avc:  denied  { dac_read_search } for  pid=14149 comm="podman" capability=2  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=cap_userns permissive=1
type=AVC msg=audit(1549434765.819:223203): avc:  denied  { dac_override } for  pid=14149 comm="podman" capability=1  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=cap_userns permissive=1
type=AVC msg=audit(1549434772.209:223223): avc:  denied  { dac_override } for  pid=14184 comm="newuidmap" capability=1  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability permissive=0
type=AVC msg=audit(1549434940.232:223478): avc:  denied  { dac_override } for  pid=14373 comm="newuidmap" capability=1  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability permissive=1
type=AVC msg=audit(1549434940.232:223479): avc:  denied  { setuid } for  pid=14373 comm="newuidmap" capability=7  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability permissive=1
type=AVC msg=audit(1549434940.234:223481): avc:  denied  { setgid } for  pid=14372 comm="podman" capability=6  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=cap_userns permissive=1
type=AVC msg=audit(1549434940.234:223482): avc:  denied  { setuid } for  pid=14372 comm="podman" capability=7  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=cap_userns permissive=1
type=AVC msg=audit(1549434940.269:223484): avc:  denied  { mounton } for  pid=14372 comm="podman" path="/home/rlpowell/.local/share/containers/storage/overlay" dev="vdb" ino=532489 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:data_home_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1549434940.272:223485): avc:  denied  { dac_read_search } for  pid=14372 comm="podman" capability=2  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=cap_userns permissive=1
type=AVC msg=audit(1549434940.272:223485): avc:  denied  { dac_override } for  pid=14372 comm="podman" capability=1  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=cap_userns permissive=1
type=AVC msg=audit(1549434940.272:223486): avc:  denied  { getattr } for  pid=14372 comm="podman" path="/var/lib/containers" dev="vdb" ino=1065025 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:container_var_lib_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1549434958.064:223488): avc:  denied  { mounton } for  pid=14392 comm="exe" path="/" dev="vdb" ino=2 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1549434958.066:223489): avc:  denied  { unmount } for  pid=14392 comm="exe" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=1
type=AVC msg=audit(1549434958.174:223490): avc:  denied  { dac_override } for  pid=14392 comm="exe" capability=1  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=cap_userns permissive=1
type=AVC msg=audit(1549434958.176:223491): avc:  denied  { chown } for  pid=14392 comm="exe" capability=0  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=cap_userns permissive=1
type=AVC msg=audit(1549434958.177:223492): avc:  denied  { fowner } for  pid=14392 comm="exe" capability=3  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=cap_userns permissive=1
type=AVC msg=audit(1549434958.177:223492): avc:  denied  { fsetid } for  pid=14392 comm="exe" capability=4  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=cap_userns permissive=1
type=AVC msg=audit(1549434966.067:223493): avc:  denied  { relabelfrom } for  pid=14372 comm="podman" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=1
type=AVC msg=audit(1549434966.067:223493): avc:  denied  { relabelto } for  pid=14372 comm="podman" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:container_file_t:s0:c368,c744 tclass=filesystem permissive=1
type=AVC msg=audit(1549434966.067:223493): avc:  denied  { relabelfrom } for  pid=14372 comm="podman" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:container_file_t:s0:c368,c744 tclass=filesystem permissive=1
type=AVC msg=audit(1549434966.067:223493): avc:  denied  { mount } for  pid=14372 comm="podman" name="/" dev="tmpfs" ino=10923521 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:container_file_t:s0:c368,c744 tclass=filesystem permissive=1
type=AVC msg=audit(1549434966.105:223495): avc:  denied  { mount } for  pid=14403 comm="fuse-overlayfs" name="/" dev="fuse" ino=1 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=filesystem permissive=1
type=AVC msg=audit(1549434966.174:223500): avc:  denied  { setuid } for  pid=14425 comm="runc:[2:INIT]" capability=7  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=cap_userns permissive=1
type=AVC msg=audit(1549434966.174:223501): avc:  denied  { setgid } for  pid=14425 comm="runc:[2:INIT]" capability=6  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=cap_userns permissive=1
type=AVC msg=audit(1549434966.183:223502): avc:  denied  { nlmsg_write } for  pid=14425 comm="runc:[2:INIT]" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=netlink_route_socket permissive=1
type=AVC msg=audit(1549434966.185:223503): avc:  denied  { mount } for  pid=14425 comm="runc:[2:INIT]" name="/" dev="proc" ino=1 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=filesystem permissive=1
type=AVC msg=audit(1549434966.185:223504): avc:  denied  { mount } for  pid=14425 comm="runc:[2:INIT]" name="/" dev="sysfs" ino=1 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=filesystem permissive=1
type=AVC msg=audit(1549434966.185:223505): avc:  denied  { mounton } for  pid=14425 comm="runc:[2:INIT]" path="/home/rlpowell/.local/share/containers/storage/overlay/730beedbeb96994011ac9e795681f869853cd5cef247b289bac4b206841c8cbb/merged/dev/mqueue" dev="tmpfs" ino=10923693 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:container_file_t:s0:c368,c744 tclass=dir permissive=1
type=AVC msg=audit(1549434966.190:223506): avc:  denied  { mount } for  pid=14425 comm="runc:[2:INIT]" name="/" dev="mqueue" ino=10923660 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=1
type=AVC msg=audit(1549434966.190:223507): avc:  denied  { relabelto } for  pid=14425 comm="runc:[2:INIT]" name="/" dev="mqueue" ino=10923660 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:container_file_t:s0:c368,c744 tclass=dir permissive=1
type=AVC msg=audit(1549434966.190:223508): avc:  denied  { relabelfrom } for  pid=14425 comm="runc:[2:INIT]" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=filesystem permissive=1
type=AVC msg=audit(1549434966.191:223509): avc:  denied  { mounton } for  pid=14425 comm="runc:[2:INIT]" path="/home/rlpowell/.local/share/containers/storage/overlay/730beedbeb96994011ac9e795681f869853cd5cef247b289bac4b206841c8cbb/merged/etc/resolv.conf" dev="fuse" ino=529296 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=file permissive=1
type=AVC msg=audit(1549434966.191:223510): avc:  denied  { mounton } for  pid=14425 comm="runc:[2:INIT]" path="/home/rlpowell/.local/share/containers/storage/overlay/730beedbeb96994011ac9e795681f869853cd5cef247b289bac4b206841c8cbb/merged/etc/resolv.conf" dev="tmpfs" ino=10920632 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:container_file_t:s0:c368,c744 tclass=file permissive=1
type=AVC msg=audit(1549434966.194:223511): avc:  denied  { mounton } for  pid=14425 comm="runc:[2:INIT]" path="/home/rlpowell/.local/share/containers/storage/overlay/730beedbeb96994011ac9e795681f869853cd5cef247b289bac4b206841c8cbb/merged/sys/fs/cgroup" dev="sysfs" ino=3 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1549434966.194:223512): avc:  denied  { mounton } for  pid=14425 comm="runc:[2:INIT]" path="/home/rlpowell/.local/share/containers/storage/overlay/730beedbeb96994011ac9e795681f869853cd5cef247b289bac4b206841c8cbb/merged/sys/fs/cgroup/systemd" dev="cgroup" ino=9503 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1549434966.194:223513): avc:  denied  { remount } for  pid=14425 comm="runc:[2:INIT]" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=filesystem permissive=1
type=AVC msg=audit(1549434966.196:223514): avc:  denied  { remount } for  pid=14425 comm="runc:[2:INIT]" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:container_file_t:s0:c368,c744 tclass=filesystem permissive=1
type=AVC msg=audit(1549434966.208:223515): avc:  denied  { read write } for  pid=14425 comm="runc:[2:INIT]" name="ptmx" dev="devpts" ino=2 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:container_file_t:s0:c368,c744 tclass=chr_file permissive=1
type=AVC msg=audit(1549434966.208:223515): avc:  denied  { open } for  pid=14425 comm="runc:[2:INIT]" path="/dev/pts/ptmx" dev="devpts" ino=2 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:container_file_t:s0:c368,c744 tclass=chr_file permissive=1
type=AVC msg=audit(1549434966.208:223516): avc:  denied  { ioctl } for  pid=14425 comm="runc:[2:INIT]" path="/dev/pts/ptmx" dev="devpts" ino=2 ioctlcmd=0x5430 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:container_file_t:s0:c368,c744 tclass=chr_file permissive=1
type=AVC msg=audit(1549434966.209:223517): avc:  denied  { mounton } for  pid=14425 comm="runc:[2:INIT]" path="/proc/bus" dev="proc" ino=4026531853 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1549434966.209:223518): avc:  denied  { remount } for  pid=14425 comm="runc:[2:INIT]" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=filesystem permissive=1
type=AVC msg=audit(1549434966.209:223519): avc:  denied  { mounton } for  pid=14425 comm="runc:[2:INIT]" path="/proc/irq" dev="proc" ino=4026531861 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1549434966.209:223520): avc:  denied  { mounton } for  pid=14425 comm="runc:[2:INIT]" path="/proc/sys" dev="proc" ino=4026531854 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sysctl_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1549434966.209:223521): avc:  denied  { mounton } for  pid=14425 comm="runc:[2:INIT]" path="/proc/sysrq-trigger" dev="proc" ino=4026532100 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sysctl_t:s0 tclass=file permissive=1
type=AVC msg=audit(1549434966.219:223522): avc:  denied  { mounton } for  pid=14425 comm="runc:[2:INIT]" path="/proc/kcore" dev="proc" ino=4026532030 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:proc_kcore_t:s0 tclass=file permissive=1
type=AVC msg=audit(1549434966.219:223523): avc:  denied  { mounton } for  pid=14425 comm="runc:[2:INIT]" path="/proc/keys" dev="proc" ino=4026532076 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file permissive=1
type=AVC msg=audit(1549434966.256:223524): avc:  denied  { setpcap } for  pid=14425 comm="runc:[2:INIT]" capability=8  scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=cap_userns permissive=1
type=AVC msg=audit(1549434966.258:223525): avc:  denied  { getattr } for  pid=14425 comm="runc:[2:INIT]" path="/dev/pts/0" dev="devpts" ino=3 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:container_file_t:s0:c368,c744 tclass=chr_file permissive=1
type=AVC msg=audit(1549434966.258:223526): avc:  denied  { setattr } for  pid=14425 comm="runc:[2:INIT]" name="0" dev="devpts" ino=3 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:container_file_t:s0:c368,c744 tclass=chr_file permissive=1
type=AVC msg=audit(1549434966.267:223528): avc:  denied  { read write } for  pid=14433 comm="slirp4netns" name="tun" dev="devtmpfs" ino=1016 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file permissive=1
type=AVC msg=audit(1549434966.267:223528): avc:  denied  { open } for  pid=14433 comm="slirp4netns" path="/dev/net/tun" dev="devtmpfs" ino=1016 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file permissive=1
type=AVC msg=audit(1549434966.280:223529): avc:  denied  { ioctl } for  pid=14433 comm="slirp4netns" path="/dev/net/tun" dev="devtmpfs" ino=1016 ioctlcmd=0x54ca scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file permissive=1
type=AVC msg=audit(1549434966.280:223529): avc:  denied  { create } for  pid=14433 comm="slirp4netns" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=tun_socket permissive=1
type=AVC msg=audit(1549434966.282:223530): avc:  denied  { ioctl } for  pid=14413 comm="conmon" path="/dev/pts/ptmx" dev="devpts" ino=2 ioctlcmd=0x5414 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:container_file_t:s0:c368,c744 tclass=chr_file permissive=1
type=AVC msg=audit(1549434966.296:223532): avc:  denied  { nosuid_transition } for  pid=14425 comm="runc:[2:INIT]" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:container_t:s0:c368,c744 tclass=process2 permissive=1
type=AVC msg=audit(1549434966.296:223532): avc:  denied  { transition } for  pid=14425 comm="runc:[2:INIT]" path="/usr/bin/echo" dev="fuse" ino=529454 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:container_t:s0:c368,c744 tclass=process permissive=1
type=AVC msg=audit(1549434966.296:223532): avc:  denied  { map } for  pid=14425 comm="echo" path="/usr/bin/echo" dev="fuse" ino=529454 scontext=system_u:system_r:container_t:s0:c368,c744 tcontext=system_u:object_r:fusefs_t:s0 tclass=file permissive=1
type=AVC msg=audit(1549434966.296:223532): avc:  denied  { read execute } for  pid=14425 comm="echo" path="/usr/bin/echo" dev="fuse" ino=529454 scontext=system_u:system_r:container_t:s0:c368,c744 tcontext=system_u:object_r:fusefs_t:s0 tclass=file permissive=1
type=AVC msg=audit(1549434966.300:223533): avc:  denied  { open } for  pid=14425 comm="echo" path="/etc/ld.so.cache" dev="fuse" ino=529027 scontext=system_u:system_r:container_t:s0:c368,c744 tcontext=system_u:object_r:fusefs_t:s0 tclass=file permissive=1
type=AVC msg=audit(1549434966.300:223534): avc:  denied  { getattr } for  pid=14425 comm="echo" path="/etc/ld.so.cache" dev="fuse" ino=529027 scontext=system_u:system_r:container_t:s0:c368,c744 tcontext=system_u:object_r:fusefs_t:s0 tclass=file permissive=1
type=AVC msg=audit(1549434966.300:223535): avc:  denied  { read } for  pid=14425 comm="echo" name="lib64" dev="fuse" ino=533695 scontext=system_u:system_r:container_t:s0:c368,c744 tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file permissive=1
type=AVC msg=audit(1549434966.331:223536): avc:  denied  { unmount } for  pid=14372 comm="podman" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:container_file_t:s0:c368,c744 tclass=filesystem permissive=1
type=AVC msg=audit(1549434966.338:223537): avc:  denied  { unmount } for  pid=14372 comm="podman" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=filesystem permissive=1
type=AVC msg=audit(1549434966.379:223539): avc:  denied  { unmount } for  pid=14372 comm="podman" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=1