[root@dell-r640-023 ~]# wget --no-check-certificate https://kojihub.stream.rdu2.redhat.com/kojifiles/work/tasks/5785/5995785/selinux-policy-38.1.60-1.selinux4392.1.noarch.rpm wget --no-check-certificate https://kojihub.stream.rdu2.redhat.com/kojifiles/work/tasks/5785/5995785/selinux-policy-devel-38.1.60-1.selinux4392.1.noarch.rpm wget --no-check-certificate https://kojihub.stream.rdu2.redhat.com/kojifiles/work/tasks/5785/5995785/selinux-policy-targeted-38.1.60-1.selinux4392.1.noarch.rpm wget --no-check-certificate https://kojihub.stream.rdu2.redhat.com/kojifiles/work/tasks/5785/5995785/selinux-policy-automotive-38.1.60-1.selinux4392.1.noarch.rpm wget --no-check-certificate https://kojihub.stream.rdu2.redhat.com/kojifiles/work/tasks/5785/5995785/selinux-policy-doc-38.1.60-1.selinux4392.1.noarch.rpm wget --no-check-certificate https://kojihub.stream.rdu2.redhat.com/kojifiles/work/tasks/5785/5995785/selinux-policy-minimum-38.1.60-1.selinux4392.1.noarch.rpm wget --no-check-certificate https://kojihub.stream.rdu2.redhat.com/kojifiles/work/tasks/5785/5995785/selinux-policy-mls-38.1.60-1.selinux4392.1.noarch.rpm wget --no-check-certificate https://kojihub.stream.rdu2.redhat.com/kojifiles/work/tasks/5785/5995785/selinux-policy-sandbox-38.1.60-1.selinux4392.1.noarch.rpm [root@dell-r640-023 ~]# dnf update ./selinux-* -y Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register. Last metadata expiration check: 0:24:44 ago on Tue 15 Jul 2025 01:22:07 AM EDT. Package selinux-policy-automotive not installed, cannot update it. No match for argument: selinux-policy-automotive-38.1.60-1.selinux4392.1.noarch.rpm Package selinux-policy-devel not installed, cannot update it. No match for argument: selinux-policy-devel-38.1.60-1.selinux4392.1.noarch.rpm Package selinux-policy-doc not installed, cannot update it. No match for argument: selinux-policy-doc-38.1.60-1.selinux4392.1.noarch.rpm Package selinux-policy-minimum not installed, cannot update it. No match for argument: selinux-policy-minimum-38.1.60-1.selinux4392.1.noarch.rpm Package selinux-policy-mls not installed, cannot update it. No match for argument: selinux-policy-mls-38.1.60-1.selinux4392.1.noarch.rpm Package selinux-policy-sandbox not installed, cannot update it. No match for argument: selinux-policy-sandbox-38.1.60-1.selinux4392.1.noarch.rpm Dependencies resolved. ================================================================================================================================================================== Package Architecture Version Repository Size ================================================================================================================================================================== Upgrading: selinux-policy noarch 38.1.60-1.selinux4392.1 @commandline 43 k selinux-policy-targeted noarch 38.1.60-1.selinux4392.1 @commandline 6.5 M Transaction Summary ================================================================================================================================================================== Upgrade 2 Packages Total size: 6.6 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Running scriptlet: selinux-policy-targeted-38.1.60-1.selinux4392.1.noarch 1/1 Preparing : 1/1 Upgrading : selinux-policy-38.1.60-1.selinux4392.1.noarch 1/4 Running scriptlet: selinux-policy-38.1.60-1.selinux4392.1.noarch 1/4 Running scriptlet: selinux-policy-targeted-38.1.60-1.selinux4392.1.noarch 2/4 Upgrading : selinux-policy-targeted-38.1.60-1.selinux4392.1.noarch 2/4 Running scriptlet: selinux-policy-targeted-38.1.60-1.selinux4392.1.noarch 2/4 Running scriptlet: selinux-policy-38.1.60-1.el9.noarch 3/4 Cleanup : selinux-policy-38.1.60-1.el9.noarch 3/4 Running scriptlet: selinux-policy-38.1.60-1.el9.noarch 3/4 Cleanup : selinux-policy-targeted-38.1.60-1.el9.noarch 4/4 Running scriptlet: selinux-policy-targeted-38.1.60-1.el9.noarch 4/4 Running scriptlet: selinux-policy-targeted-38.1.60-1.selinux4392.1.noarch 4/4 Running scriptlet: selinux-policy-targeted-38.1.60-1.el9.noarch 4/4 Verifying : selinux-policy-38.1.60-1.selinux4392.1.noarch 1/4 Verifying : selinux-policy-38.1.60-1.el9.noarch 2/4 Verifying : selinux-policy-targeted-38.1.60-1.selinux4392.1.noarch 3/4 Verifying : selinux-policy-targeted-38.1.60-1.el9.noarch 4/4 Installed products updated. Upgraded: selinux-policy-38.1.60-1.selinux4392.1.noarch selinux-policy-targeted-38.1.60-1.selinux4392.1.noarch Complete! [root@dell-r640-023 ~]# git clone -b c9s-insights-core https://github.com/zpytela/selinux-policy.git [root@dell-r640-023 ~]# git clone --depth=1 -q https://github.com/containers/container-selinux container-selinux [root@dell-r640-023 ~]# cp container-selinux/container.{if,te,fc} selinux-policy/policy/modules/contrib [root@dell-r640-023 ~]# cd selinux-policy/policy/modules/contrib [root@dell-r640-023 contrib]# make -f /usr/share/selinux/devel/Makefile insights_core.pp make: /usr/share/selinux/devel/Makefile: No such file or directory make: *** No rule to make target '/usr/share/selinux/devel/Makefile'. Stop. [root@dell-r640-023 contrib]# [root@dell-r640-023 ~]# yum install -y selinux-policy-devel-38.1.60-1.selinux4392.1.noarch.rpm Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register. Last metadata expiration check: 0:28:04 ago on Tue 15 Jul 2025 01:22:07 AM EDT. Dependencies resolved. ================================================================================================================================================================== Package Architecture Version Repository Size ================================================================================================================================================================== Installing: selinux-policy-devel noarch 38.1.60-1.selinux4392.1 @commandline 1.2 M Installing dependencies: m4 x86_64 1.4.19-1.el9 beaker-AppStream 304 k policycoreutils-devel x86_64 3.6-3.el9 beaker-AppStream 145 k Transaction Summary ================================================================================================================================================================== Install 3 Packages Total size: 1.6 M Total download size: 450 k Installed size: 23 M Downloading Packages: (1/2): m4-1.4.19-1.el9.x86_64.rpm 37 MB/s | 304 kB 00:00 (2/2): policycoreutils-devel-3.6-3.el9.x86_64.rpm 3.3 MB/s | 145 kB 00:00 ------------------------------------------------------------------------------------------------------------------------------------------------------------------ Total 9.9 MB/s | 450 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : m4-1.4.19-1.el9.x86_64 1/3 Installing : policycoreutils-devel-3.6-3.el9.x86_64 2/3 Installing : selinux-policy-devel-38.1.60-1.selinux4392.1.noarch 3/3 Running scriptlet: selinux-policy-devel-38.1.60-1.selinux4392.1.noarch 3/3 Verifying : m4-1.4.19-1.el9.x86_64 1/3 Verifying : policycoreutils-devel-3.6-3.el9.x86_64 2/3 Verifying : selinux-policy-devel-38.1.60-1.selinux4392.1.noarch 3/3 Installed products updated. Installed: m4-1.4.19-1.el9.x86_64 policycoreutils-devel-3.6-3.el9.x86_64 selinux-policy-devel-38.1.60-1.selinux4392.1.noarch Complete! [root@dell-r640-023 ~]# cd selinux-policy/policy/modules/contrib [root@dell-r640-023 contrib]# make -f /usr/share/selinux/devel/Makefile insights_core.pp … … . zoneminder.if:347: Warning: duplicate definition of zoneminder_admin(). Original definition on /usr/share/selinux/devel/include/contrib/zoneminder.if:347. zosremote.if:13: Warning: duplicate definition of zosremote_domtrans(). Original definition on /usr/share/selinux/devel/include/contrib/zosremote.if:13. zosremote.if:40: Warning: duplicate definition of zosremote_run(). Original definition on /usr/share/selinux/devel/include/contrib/zosremote.if:40. Compiling targeted insights_core module Creating targeted insights_core.pp policy package rm tmp/insights_core.mod tmp/insights_core.mod.fc [root@dell-r640-023 contrib]# semodule -i insights_core.pp [root@dell-r640-023 contrib]# semodule -l | grep insights_core insights_core [root@dell-r640-023 ~]# curl -O https://download-01.beak-001.prod.iad2.dc.redhat.com/brewroot/work/tasks/4528/68204528/insights-client-3.9.0-5.el9.noarch.rpm -k [root@dell-r640-023 ~]# dnf install -y ./insights-client* Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register. Last metadata expiration check: 0:30:32 ago on Tue 15 Jul 2025 01:22:07 AM EDT. Dependencies resolved. ================================================================================================================================================================== Package Architecture Version Repository Size ================================================================================================================================================================== Upgrading: insights-client noarch 3.9.0-5.el9 @commandline 1.2 M Installing dependencies: insights-core-selinux noarch 3.7.0-1.el9 beaker-AppStream 31 k Transaction Summary ================================================================================================================================================================== Install 1 Package Upgrade 1 Package Total size: 1.3 M Total download size: 31 k Downloading Packages: insights-core-selinux-3.7.0-1.el9.noarch.rpm 1.1 MB/s | 31 kB 00:00 ------------------------------------------------------------------------------------------------------------------------------------------------------------------ Total 1.0 MB/s | 31 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: insights-core-selinux-3.7.0-1.el9.noarch 1/3 Installing : insights-core-selinux-3.7.0-1.el9.noarch 1/3 Running scriptlet: insights-core-selinux-3.7.0-1.el9.noarch 1/3 libsemanage.semanage_direct_install_info: A higher priority insights_core module exists at priority 400 and will override the module currently being installed at priority 200. Upgrading : insights-client-3.9.0-5.el9.noarch 2/3 Running scriptlet: insights-client-3.9.0-5.el9.noarch 2/3 Running scriptlet: insights-client-3.2.8-1.el9.noarch 3/3 Cleanup : insights-client-3.2.8-1.el9.noarch 3/3 Running scriptlet: insights-client-3.2.8-1.el9.noarch 3/3 Verifying : insights-core-selinux-3.7.0-1.el9.noarch 1/3 Verifying : insights-client-3.9.0-5.el9.noarch 2/3 Verifying : insights-client-3.2.8-1.el9.noarch 3/3 Installed products updated. Upgraded: insights-client-3.9.0-5.el9.noarch Installed: insights-core-selinux-3.7.0-1.el9.noarch Complete! [root@dell-r640-023 ~]# curl -o insights-core.el9.egg https://gitlab.cee.redhat.com/insights-release-eng/insights-core-assets/-/raw/v2025-03-24-1637/assets/insights-core.el9.egg -k [root@dell-r640-023 ~]# curl -o insights-core.el9.egg.asc https://gitlab.cee.redhat.com/insights-release-eng/insights-core-assets/-/raw/v2025-03-24-1637/assets/insights-core.el9.egg.asc -k [root@dell-r640-023 ~]# echo "-w /etc/shadow -p w" >> /etc/audit/rules.d/fullauditing.rules [root@dell-r640-023 ~]# semodule -B [root@dell-r640-023 ~]# grep enforcing /etc/selinux/config # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. SELINUX=enforcing [root@dell-r640-023 ~]# reboot [root@dell-r640-023 ~]# EGG=./insights-core.el9.egg insights-client --output-file=/root/selinux-insights-core.tar.gz WARN: BASIC authentication method is being deprecated. Please consider using CERT authentication method. Unable to fetch egg url https://cert-api.access.redhat.com/r/insights/platform/module-update-router/v1/channel?module=insights-core: 401: Unauthorized. Defaulting to /release Starting to collect Insights data for dell-r640-023.dsal.lab.eng.pek2.redhat.com Writing RHSM facts to /etc/rhsm/facts/insights-client.facts ... Collected data copied to /root/selinux-insights-core.tar.gz [root@dell-r640-023 ~]# [root@dell-r640-023 ~]# ausearch -i -m avc,user_avc,selinux_err,user_selinux_err -ts boot | audit2allow -v #============= insights_client_t ============== # src="insights_client_t" tgt="sssd_var_lib_t" class="dir", perms="search" # comm="nsights-clien" exe="" path="" allow insights_client_t sssd_var_lib_t:dir search; #============= insights_core_t ============== # src="insights_core_t" tgt="insights_client_var_log_t" class="file", perms="append" # comm="ython" exe="" path="" allow insights_core_t insights_client_var_log_t:file append;