Description of problem: Sophos Linux free anti-virus has a problem with it's module. SELinux is preventing insmod from 'module_load' accesses on the system /opt/sophos-av/talpa/current/talpa_syscallhook.ko. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that insmod should be allowed module_load access on the talpa_syscallhook.ko system by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'insmod' --raw | audit2allow -M my-insmod # semodule -X 300 -i my-insmod.pp Additional Information: Source Context system_u:system_r:unconfined_service_t:s0 Target Context system_u:object_r:usr_t:s0 Target Objects /opt/sophos-av/talpa/current/talpa_syscallhook.ko [ system ] Source insmod Source Path insmod Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-283.35.fc27.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.17.11-100.fc27.x86_64 #1 SMP Mon Jul 30 15:22:33 UTC 2018 x86_64 x86_64 Alert Count 8 First Seen 2018-07-28 12:27:31 CDT Last Seen 2018-08-04 22:07:31 CDT Local ID 7b4037ae-28c8-4b5c-a5ea-0002fcaba47c Raw Audit Messages type=AVC msg=audit(1533438451.268:226): avc: denied { module_load } for pid=5184 comm="insmod" path="/opt/sophos-av/talpa/current/talpa_syscallhook.ko" dev="dm-19" ino=132535 scontext=system_u:system_r:unconfined_service_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=system permissive=0 Hash: insmod,unconfined_service_t,usr_t,system,module_load Version-Release number of selected component: selinux-policy-3.13.1-283.35.fc27.noarch Additional info: component: selinux-policy reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.17.11-100.fc27.x86_64 type: libreport Potential duplicate: bug 1593799
*** This bug has been marked as a duplicate of bug 1593799 ***