We already added some information to foreman-debug (grep AVC and audit2allow).

Unfortunately when selinux interfaces are not installed and generated, -R option can fail:

COMMAND> audit2allow -R < /var/log/audit/audit.log

could not open interface info [/var/lib/sepolgen/interface_info]

I am going to fix this:

• instead of grep AVC we will do sesearch -m AVC which gives nicer overview including SYSCALL lines
• instead audit2allow -R we will try to generate interfaces and if that fails we will do audit2allow without the -R option