Description of problem:

Getting SELinux error messages on a brand new Satellite 6.17, and upgraded 6.17 Satellite server.

Error is for the foreman user, using the tar command on a "tmpfs" system, for the "userdb" directory.  The type context for the file/directory which foreman user doesn't have access to:

systemd_userdbd_runtime_t

From a system with permissive mode we see these warnings in the logs:

 type=AVC msg=audit(1749562714.603:251): avc:  denied  { read } for  pid=7258 comm="tar" name="userdb" dev="tmpfs" ino=40 scontext=system_u:system_r:foreman_rails_t:s0 tcontext=system_u:object_r:systemd_userdbd_runtime_t:s0 tclass=dir permissive=0

type=SYSCALL msg=audit(1749562714.603:251): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7f521f7e0128 a2=90800 a3=0 items=0 ppid=7249 pid=7258 auid=4294967295 uid=988 gid=988 euid=988 suid=988 fsuid=988 egid=988 sgid=988 fsgid=988 tty=(none) ses=4294967295 comm="tar" exe="/usr/bin/tar" subj=system_u:system_r:foreman_rails_t:s0 key=(null)^]ARCH=x86_64 SYSCALL=openat AUID="unset" UID="foreman" GID="foreman" EUID="foreman" SUID="foreman" FSUID="foreman" EGID="foreman" SGID="foreman" FSGID="foreman"

How reproducible:

always

Is this issue a regression from an earlier version:

Yes, not seeing this issue in Satellite 6.16.

Steps to Reproduce:

1. issue is seen in a new installation of Satellite 6.17, or on a 6.17 that has been upgraded from 6.16.

Actual behavior:
Foreman user is getting SELinux issues running the tar command on the '/var

Expected behavior:
To not see SELinux errors for the foreman user

Business Impact / Additional info:

Attaching a screenshot from a system that has SELinux in enforcing mode.