What were you trying to do that didn't work?

Aide would like to get gettatr perms to filesystem with label fs_t. Rule is not allowed and AVC's were shown.

Please provide the package NVR for which the bug is seen:

aide-0.19.2-2.el10.x86_64
selinux-policy-42.1.7-1.el10.noarch
selinux-policy-devel-42.1.7-1.el10.noarch
selinux-policy-targeted-42.1.7-1.el10.noarch

How reproducible is this bug?

Always

Steps to reproduce

1. Obtain a RHEL-10.2 machine
2. Clone the selinux-policy tests repository https://gitlab.com/redhat/rhel/tests/selinux-policy.git 
3. Run the following command:

   tmt --context distro=RHEL-10.2 run plan --default -vvv prepare discover -h fmf -t /Regression/aide-general -vv provision -h connect -g IP -u root execute --how tmt --interactive login finish -vvv
   

Expected results

• no SELinux denials

Actual results

----
type=PROCTITLE msg=audit(10/15/2025 07:40:50.367:173228) : proctitle=/usr/sbin/aide --config=/etc/aide.conf --check 
type=SYSCALL msg=audit(10/15/2025 07:40:50.367:173228) : arch=x86_64 syscall=fstatfs success=no exit=EACCES(Permission denied) a0=0x5 a1=0x7fc05a81f590 a2=0x0 a3=0x0 items=0 ppid=15303 pid=15304 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=aide exe=/usr/sbin/aide subj=system_u:system_r:aide_t:s0-s0:c0.c1023 key=(null) 
type=AVC msg=audit(10/15/2025 07:40:50.367:173228) : avc:  denied  { getattr } for  pid=15304 comm=aide name=/ dev="vda2" ino=128 scontext=system_u:system_r:aide_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0 
----

Test output log: https://artifacts.osci.redhat.com/testing-farm/a15158a8-d7e5-4574-9563-06246b3f1c6c/work-[…]ream_selinux_tests/Regression/aide-general-22/output.txt