Description of problem: SELinux is preventing sosreport from 'associate' accesses on the filesystem randomize_va_space. ***** Plugin associate (99.5 confidence) suggests ************************* If you want to change the label of randomize_va_space to proc_security_t, you are not allowed to since it is not a valid file type. Then you must pick a valid file label. Do select a valid file type. List valid file labels by executing: # seinfo -afile_type -x ***** Plugin catchall (1.49 confidence) suggests ************************** If you believe that sosreport should be allowed associate access on the randomize_va_space filesystem by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'sosreport' --raw | audit2allow -M my-sosreport # semodule -X 300 -i my-sosreport.pp Additional Information: Source Context system_u:object_r:proc_security_t:s0 Target Context system_u:object_r:fs_t:s0 Target Objects randomize_va_space [ filesystem ] Source sosreport Source Path sosreport Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM <Unknown> Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.11.11-300.fc26.x86_64 #1 SMP Mon Jul 17 16:32:11 UTC 2017 x86_64 x86_64 Alert Count 14 First Seen 2017-09-05 16:17:28 EDT Last Seen 2017-09-06 10:46:52 EDT Local ID 28b50c71-d201-415d-ade1-4c3fa61e799d Raw Audit Messages type=AVC msg=audit(1504709212.636:28797): avc: denied { associate } for pid=25810 comm="sosreport" name="randomize_va_space" dev="dm-12" ino=147395 scontext=system_u:object_r:proc_security_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0 Hash: sosreport,proc_security_t,fs_t,filesystem,associate Additional info: component: selinux-policy reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.6-300.fc27.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 1553164 ***