Description of problem: SELinux is preventing sosreport from 'relabelto' accesses on the file limits. ***** Plugin associate (99.5 confidence) suggests ************************* If you want to change the label of limits to dnsmasq_t, you are not allowed to since it is not a valid file type. Then you must pick a valid file label. Do select a valid file type. List valid file labels by executing: # seinfo -afile_type -x ***** Plugin catchall (1.49 confidence) suggests ************************** If you believe that sosreport should be allowed relabelto access on the limits file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'sosreport' --raw | audit2allow -M my-sosreport # semodule -X 300 -i my-sosreport.pp Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context system_u:system_r:dnsmasq_t:s0-s0:c0.c1023 Target Objects limits [ file ] Source sosreport Source Path sosreport Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM <Unknown> Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.11.11-300.fc26.x86_64 #1 SMP Mon Jul 17 16:32:11 UTC 2017 x86_64 x86_64 Alert Count 8 First Seen 2017-09-05 16:16:30 EDT Last Seen 2017-09-06 10:45:44 EDT Local ID 8a6a802b-6983-4b48-b67b-ebf905a5f209 Raw Audit Messages type=AVC msg=audit(1504709144.675:28026): avc: denied { relabelto } for pid=25810 comm="sosreport" name="limits" dev="dm-12" ino=145972 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:system_r:dnsmasq_t:s0-s0:c0.c1023 tclass=file permissive=0 Hash: sosreport,unconfined_t,dnsmasq_t,file,relabelto Additional info: component: selinux-policy reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.6-300.fc27.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 1553164 ***