Description of problem:
TL;DR: backport https://github.com/sosreport/sos/pull/2560 to RHEL8.5.

Longer version: sosreport still attempts to copystat also SELinux context of some files from /proc or /sys (when adding the files as strings, or for special device files like pipe/shmem/..). This affects newer versions of SELinux policy than what probably appears in 8.5 GA, but it will harm us once the policy is updated a bit.


Version-Release number of selected component (if applicable):
sos


How reproducible:
100%


Steps to Reproduce:
1. Have a SELinux policy preventing to relabel files under /tmp to system_u:object_r:sysctl_vm_t:s0 context (like /proc/sys/vm/drop_caches has).
2. Run sos report in temp dir under /tmp:
TmpDir=$(mktemp -d)
sos report -o system --batch -vvv --tmp-dir=$TmpDir
3. Check AVC denials
4. Check if all files under _collected_ /proc/sys/vm/ dir (esp drop_caches and compact_memory) has unconfined_u:object_r:user_tmp_t:s0 context and not system_u:object_r:sysctl_vm_t:s0 one, and proper mode&permissions.


Actual results:
sos reports an error:
[archive:TarFileArchive] Unable to add '/tmp/tmp.tlrpbtJP3y/sos.n4i00rxe/sosreport-pmoravec-rhel9-2021-05-26-taiozlo/proc/sys/vm/drop_caches' to archive: [Errno 13] Permission denied: '/tmp/tmp.tlrpbtJP3y/sos.n4i00rxe/sosreport-pmoravec-rhel9-2021-05-26-taiozlo/proc/sys/vm/drop_caches'

and the same for compact_memory.

AVC denials:

type=AVC msg=audit(1622032383.981:332): avc:  denied  { associate } for  pid=1456 comm="sosreport" name="compact_memory" dev="tmpfs" ino=5873 scontext=system_u:object_r:sysctl_vm_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=0
type=AVC msg=audit(1622032384.292:333): avc:  denied  { associate } for  pid=1456 comm="sosreport" name="drop_caches" dev="tmpfs" ino=6374 scontext=system_u:object_r:sysctl_vm_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=0


Expected results:
No sos errors, and no AVCs.


Additional info: