Description of problem:
Lookup alert return NULL alerts

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.13.1-155.fc24.noarch

How reproducible:
101%

Steps to Reproduce:
1. Run SELinux Troubleshooter browser 'sealert -b'

Actual results:
Lookup alert returns NULL alerts

Expected results:
Lookup alert returns ALL alerts

Additional info:
# sealert -a /var/log/audit/audit.log
100% done
found 4 alerts in /var/log/audit/audit.log
--------------------------------------------------------------------------------

SELinux is preventing spice-vdagentd from getattr access on the filesystem /sys/fs/cgroup.
https://bugzilla.redhat.com/show_bug.cgi?id=1274958

--------------------------------------------------------------------------------

SELinux is preventing setroubleshootd from write access on the directory /dev/shm.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that setroubleshootd should be allowed write access on the shm directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep setroubleshootd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023
Target Context                system_u:object_r:tmpfs_t:s0
Target Objects                /dev/shm [ dir ]
Source                        setroubleshootd
Source Path                   setroubleshootd
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-155.fc24.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     localhost
Platform                      Linux localhost 4.3.0-0.rc6.git1.1.fc24.x86_64 #1
                              SMP Tue Oct 20 15:25:10 UTC 2015 x86_64 x86_64
Alert Count                   10
First Seen                    2015-10-24 00:59:28 EDT
Last Seen                     2015-10-24 00:59:28 EDT
Local ID                      a73632da-4272-4b3a-9d3c-b2121a459de2

Raw Audit Messages
type=AVC msg=audit(1445662768.275:620): avc:  denied  { write } for  pid=2899 comm="setroubleshootd" name="/" dev="tmpfs" ino=10416 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir permissive=0


Hash: setroubleshootd,setroubleshootd_t,tmpfs_t,dir,write

--------------------------------------------------------------------------------

SELinux is preventing setroubleshootd from write access on the directory /tmp.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that setroubleshootd should be allowed write access on the tmp directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep setroubleshootd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023
Target Context                system_u:object_r:tmp_t:s0
Target Objects                /tmp [ dir ]
Source                        setroubleshootd
Source Path                   setroubleshootd
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           
Target RPM Packages           filesystem-3.2-35.fc24.x86_64
Policy RPM                    selinux-policy-3.13.1-155.fc24.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     localhost
Platform                      Linux localhost 4.3.0-0.rc6.git1.1.fc24.x86_64 #1
                              SMP Tue Oct 20 15:25:10 UTC 2015 x86_64 x86_64
Alert Count                   12
First Seen                    2015-10-24 00:59:28 EDT
Last Seen                     2015-10-24 00:59:28 EDT
Local ID                      1ac75f96-3563-46f9-8a05-f230f2acb39e

Raw Audit Messages
type=AVC msg=audit(1445662768.274:617): avc:  denied  { write } for  pid=2899 comm="setroubleshootd" name="/" dev="tmpfs" ino=16469 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0


Hash: setroubleshootd,setroubleshootd_t,tmp_t,dir,write

--------------------------------------------------------------------------------

# grep setroubleshootd /var/log/audit/audit.log | audit2allow -M mypol
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i mypol.pp

# cat mypol.te 

module mypol 1.0;

require {
	type tmp_t;
	type setroubleshootd_t;
	type tmpfs_t;
	class dir write;
}

#============= setroubleshootd_t ==============

#!!!! WARNING: 'tmp_t' is a base type.
allow setroubleshootd_t tmp_t:dir write;
allow setroubleshootd_t tmpfs_t:dir write;