--- MASTER/testing/pluto/ikev2-labeled-ipsec-03-multi-acquires-permissive/west.console.txt
+++ OUTPUT/testing/pluto/ikev2-labeled-ipsec-03-multi-acquires-permissive/west.console.txt
@@ -66,7 +66,7 @@
  # trigger an acquire; both ends initiate Child SA
 west #
  echo "quit" | runcon -t netutils_t nc -w 50 -p 4301 -vvv 192.1.2.23 4300 2>&1 | sed "s/received in .*$/received .../"
-Ncat: Version 7.91 ( https://nmap.org/ncat )
+Ncat: Version 7.92 ( https://nmap.org/ncat )
 NCAT DEBUG: Using system default trusted CA certificates and those in PATH/share/ncat/ca-bundle.crt.
 NCAT DEBUG: Unable to load trusted CA certificates from PATH/share/ncat/ca-bundle.crt: error:02001002:system library:fopen:No such file or directory
 libnsock nsock_iod_new2(): nsock_iod_new (IOD #1)
@@ -173,7 +173,7 @@
  # let another on-demand label establish
 west #
  echo "quit" | runcon -u system_u -r system_r -t sshd_t nc -w 50 -vvv 192.1.2.23 22 2>&1 | sed "s/received in .*$/received .../"
-Ncat: Version 7.91 ( https://nmap.org/ncat )
+Ncat: Version 7.92 ( https://nmap.org/ncat )
 NCAT DEBUG: Using system default trusted CA certificates and those in PATH/share/ncat/ca-bundle.crt.
 NCAT DEBUG: Unable to load trusted CA certificates from PATH/share/ncat/ca-bundle.crt: error:02001002:system library:fopen:No such file or directory
 libnsock nsock_iod_new2(): nsock_iod_new (IOD #1)
@@ -390,4 +390,59 @@
 Certificate Nickname                                         Trust Attributes
                                                              SSL,S/MIME,JAR/XPI
 west #
+ >>>>>>>>>> post-mortem >>>>>>>>>>../../guestbin/post-mortem.sh
+   PPID     PID    PGID     SID TTY        TPGID STAT   UID   TIME COMMAND
+      1     778     778     778 ?             -1 Ssl      0   0:00 PATH/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork
+:
+: checking shutting down pluto
+:
+ipsec whack --shutdown
+pidof pluto
+PASS: shutting down pluto
+:
+: checking core files
+:
+PASS: core files
+:
+: checking memory leaks
+:
+PASS: memory leaks
+:
+: checking reference leaks
+:
+PASS: reference leaks
+:
+: checking xfrm errors
+:
+ERROR: west: XfrmOutNoStates         	7
+IGNORE: xfrm errors
+:
+: checking state/policy entries
+:
+PASS: state/policy entries
+:
+: checking selinux audit records
+:
+type=AVC msg=audit(1652549686.963:185): avc:  denied  { entrypoint } for  pid=925 comm="runcon" path="PATH/bin/ncat" dev="vda1" ino=8666114 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1
+type=AVC msg=audit(1652549686.980:186): avc:  denied  { name_connect } for  pid=925 comm="nc" dest=22 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ssh_port_t:s0 tclass=tcp_socket permissive=1
+type=AVC msg=audit(1652549687.158:187): avc:  denied  { setcontext } for  pid=778 comm="pluto" scontext=system_u:system_r:unconfined_service_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=association permissive=1
+FAIL: selinux audit records
+saving rules in OUTPUT/post-mortem.west.audit2allow.rules
+require {
+	type unconfined_service_t;
+	type sshd_t;
+	class association setcontext;
+}
+#============= sshd_t ==============
+corecmd_bin_entry_type(sshd_t)
+corenet_tcp_connect_ssh_port(sshd_t)
+#============= unconfined_service_t ==============
+allow unconfined_service_t sshd_t:association setcontext;
+:
+: unload any selinux modules
+:
+Unloading ipsecspd
+semodule -r ipsecspd
+libsemanage.semanage_direct_remove_key: Removing last ipsecspd module (no other ipsecspd module exists at another priority).
+west #