I think some of these are bugs. sesearch -A -p execstack | grep -v True | awk '{print $2}' |sort -u boinc_project_t chrome_sandbox_t container_runtime_t container_t fsadm_t <--- locate_t <--- mock_build_t mock_t mozilla_plugin_config_t mozilla_plugin_t mycontainer_t openshift_app_t openshift_t pki_ra_t <--- (Unless these are java apps) pki_tps_t <---^^ podsleuth_t <-- ^^ prelink_t rpm_script_t sandbox_min_client_t sandbox_min_t sandbox_net_client_t sandbox_net_t sandbox_web_client_t sandbox_web_t sandbox_x_client_t sandbox_xserver_t sandbox_x_t setroubleshootd_t <<--- staff_wine_t svirt_qemu_net_t svirt_tcg_t user_wine_t vmware_host_t vmware_t wine_t Domains with arrow contain execstack permission. This should be removed most probably it's bug in application.
This bug appears to have been reported against 'rawhide' during the Fedora 29 development cycle. Changing version to '29'.
selinux-policy-3.14.2-34.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-db240a1726
selinux-policy-3.14.2-34.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.