Cockpit Fails to Start after Centos 9 Update

Explain what happens

Update Centos 9 Appstream to Kernel 5.14.0-183.el9.x86_64
Reboot
Version of Cockpit

276.1-1.el9
Where is the problem in Cockpit?

SELinux
Server operating system

CentOS
Server operating system version

5.14.0-183.el9.x86_64
What browsers are you using?

Firefox, Chrome
System log

Dec 06 21:39:29 james.... setroubleshoot[35782]: SELinux is preventing /usr/bin/bash from write access on the file active.motd.

                                                                   *****  Plugin file (65.7 confidence) suggests   ******************************

                                                                   If you think this is caused by a badly mislabeled machine.
                                                                   Then you need to fully relabel.
                                                                   Do
                                                                   touch /.autorelabel; reboot

                                                                   *****  Plugin file (65.7 confidence) suggests   ******************************

                                                                   If you think this is caused by a badly mislabeled machine.
                                                                   Then you need to fully relabel.
                                                                   Do
                                                                   touch /.autorelabel; reboot

                                                                   *****  Plugin catchall_labels (11.3 confidence) suggests   *******************

                                                                   If you want to allow bash to have write access on the active.motd file
                                                                   Then you need to change the label on active.motd
                                                                   Do
                                                                   # semanage fcontext -a -t FILE_TYPE 'active.motd'
                                                                   where FILE_TYPE is one of the following: NetworkManager_unit_file_t, abrt_unit_file_t, accountsd_unit_file_t, afs_cache_t, alsa_lock_t, alsa_unit_file_t, amanda_unit_file_t, antivirus_unit_file_t, apcupsd_lock_t, apcupsd_unit_file_t, apmd_lock_t, apmd_unit_file_t, arpwatch_unit_file_t, auditd_etc_t, auditd_unit_file_t, automount_lock_t, automount_unit_file_t, avahi_unit_file_t, bcfg2_unit_file_t, binfmt_misc_fs_t, bluetooth_lock_t, bluetooth_unit_file_t, boinc_unit_file_t, bpf_t, brltty_unit_file_t, bumblebee_unit_file_t, cache_home_t, certmonger_unit_file_t, cgroup_t, chronyd_unit_file_t, cinder_api_unit_file_t, cinder_backup_unit_file_t, cinder_scheduler_unit_file_t, cinder_volume_unit_file_t, cloud_init_unit_file_t, cluster_unit_file_t, collectd_unit_file_t, colord_unit_file_t, condor_unit_file_t, condor_var_lock_t, config_home_t, conman_unit_file_t, conntrackd_unit_file_t, conntrackd_var_lock_t, consolekit_log_t, consolekit_unit_file_t, container_file_t, container_ro_file_t, couchdb_unit_file_t, cpuplug_lock_t, crond_unit_file_t, cupsd_lock_t, cupsd_unit_file_t, data_home_t, dbus_home_t, dbusd_unit_file_t, denyhosts_var_lock_t, device_t, dhcpd_unit_file_t, dirsrv_unit_file_t, dirsrv_var_lock_t, dirsrvadmin_lock_t, dirsrvadmin_unit_file_t, dnsmasq_unit_file_t, dnssec_trigger_unit_file_t, drbd_lock_t, etc_aliases_t, etc_runtime_t, faillog_t, fenced_lock_t, firewalld_unit_file_t, freeipmi_bmc_watchdog_unit_file_t, freeipmi_ipmidetectd_unit_file_t, freeipmi_ipmiseld_unit_file_t, ftpd_lock_t, ftpd_unit_file_t, fwupd_unit_file_t, gconf_home_t, getty_lock_t, getty_unit_file_t, gkeyringd_gnome_home_t, glance_api_unit_file_t, glance_registry_unit_file_t, glance_scrubber_unit_file_t, gnome_home_t, gssproxy_unit_file_t, gstreamer_home_t, haproxy_unit_file_t, hostapd_unit_file_t, hsqldb_unit_file_t, httpd_lock_t, httpd_unit_file_t, hwloc_dhwd_unit_t, hypervkvp_unit_file_t, hypervvssd_unit_file_t, icc_data_home_t, init_tmp_t, init_var_lib_t, init_var_run_t, initrc_state_t, initrc_var_run_t, innd_unit_file_t, insights_client_unit_file_t, insights_client_var_lock_t, iodined_unit_file_t, ipmievd_lock_t, ipmievd_unit_file_t, ipsec_mgmt_lock_t, ipsec_mgmt_unit_file_t, ipsec_var_run_t, iptables_lock_t, iptables_unit_file_t, iscsi_lock_t, iscsi_unit_file_t, jetty_unit_file_t, kdump_lock_t, kdump_unit_file_t, keepalived_unit_file_t, keystone_unit_file_t, kmscon_unit_file_t, krb5_host_rcache_t, krb5_keytab_t, krb5kdc_lock_t, ksm_unit_file_t, ksmtuned_unit_file_t, ktalkd_unit_file_t, lastlog_t, ld_so_cache_t, likewise_pstore_lock_t, local_login_lock_t, locale_t, lockdev_lock_t, logrotate_lock_t, logwatch_lock_t, lsmd_unit_file_t, lttng_sessiond_unit_file_t, lvm_lock_t, lvm_unit_file_t, machineid_t, mailman_lock_t, mandb_lock_t, mdadm_unit_file_t, mdadm_var_run_t, mip6d_unit_file_t, mnt_t, modemmanager_unit_file_t, mongod_unit_file_t, motion_unit_file_t, mount_var_run_t, mrtg_lock_t, mysqld_unit_file_t, named_conf_t, named_unit_file_t, netlabel_mgmt_unit_file_t, neutron_unit_file_t, nfsd_unit_file_t, ninfod_unit_file_t, nis_unit_file_t, nova_unit_file_t, nscd_unit_file_t, ntpd_unit_file_t, numad_unit_file_t, nut_unit_file_t, oddjob_unit_file_t, opendnssec_unit_file_t, opensm_unit_file_t, openvswitch_unit_file_t, openwsman_unit_file_t, passwd_file_t, pdns_unit_file_t, pesign_unit_file_t, phc2sys_unit_file_t, pkcs11proxyd_unit_file_t, pkcs_slotd_lock_t, pkcs_slotd_unit_file_t, pki_ra_lock_t, pki_tomcat_lock_t, pki_tomcat_unit_file_t, pki_tps_lock_t, polipo_unit_file_t, postgresql_lock_t, postgresql_unit_file_t, power_unit_file_t, pppd_lock_t, pppd_unit_file_t, print_spool_t, prosody_unit_file_t, ptp4l_unit_file_t, puppet_tmp_t, rabbitmq_unit_file_t, rabbitmq_var_lock_t, radiusd_unit_file_t, random_seed_t, rasdaemon_unit_file_t, rdisc_unit_file_t, redis_unit_file_t, rhcd_unit_file_t, rhev_agentd_unit_file_t, rhnsd_unit_file_t, rhsmcertd_lock_t, ricci_modstorage_lock_t, rkt_unit_file_t, rngd_unit_file_t, rolekit_unit_file_t, rpcbind_unit_file_t, rpcd_lock_t, rpcd_unit_file_t, rtas_errd_unit_file_t, rtas_errd_var_lock_t, samba_unit_file_t, sanlk_resetd_unit_file_t, sanlock_unit_file_t, sbd_unit_file_t, security_t, semanage_read_lock_t, semanage_trans_lock_t, sensord_unit_file_t, shorewall_lock_t, slapd_lock_t, slapd_unit_file_t, spamd_unit_file_t, spamd_update_unit_file_t, speech_dispatcher_unit_file_t, sshd_keygen_unit_file_t, sshd_unit_file_t, sslh_unit_file_t, sssd_unit_file_t, stalld_unit_file_t, svirt_home_t, svirt_image_t, svirt_tmp_t, svirt_tmpfs_t, svnserve_unit_file_t, swift_lock_t, swift_unit_file_t, sysctl_fs_t, sysctl_t, sysfs_t, syslogd_unit_file_t, system_cronjob_lock_t, systemd_bootchart_unit_file_t, systemd_gpt_generator_unit_file_t, systemd_home_t, systemd_hwdb_unit_file_t, systemd_logind_var_run_t, systemd_machined_unit_file_t, systemd_modules_load_unit_file_t, systemd_networkd_unit_file_t, systemd_passwd_var_run_t, systemd_resolved_unit_file_t, systemd_rfkill_unit_file_t, systemd_runtime_unit_file_t, systemd_socket_proxyd_unit_file_t, systemd_timedated_unit_file_t, systemd_unit_file_t, systemd_userdbd_unit_file_t, systemd_vconsole_unit_file_t, tangd_unit_file_t, targetclid_unit_file_t, targetd_unit_file_t, timemaster_unit_file_t, tlp_unit_file_t, tmpfs_t, tomcat_unit_file_t, tor_unit_file_t, udev_rules_t, usbmuxd_unit_file_t, uucpd_lock_t, var_lib_nfs_t, var_lib_t, var_lock_t, var_log_t, var_run_t, virt_lock_t, virtd_unit_file_t, virtlogd_unit_file_t, vmtools_unit_file_t, wireguard_unit_file_t, wtmp_t, xdm_lock_t, xdm_unit_file_t, ypbind_unit_file_t, zebra_unit_file_t, zoneminder_unit_file_t.
                                                                   Then execute:
                                                                   restorecon -v 'active.motd'

                                                                   *****  Plugin catchall (2.67 confidence) suggests   **************************

                                                                   If you believe that bash should be allowed write access on the active.motd file by default.
                                                                   Then you should report this as a bug.
                                                                   You can generate a local policy module to allow this access.
                                                                   Do
                                                                   allow this access for now by executing:
                                                                   # ausearch -c 'update-motd' --raw | audit2allow -M my-updatemotd
                                                                   # semodule -X 300 -i my-updatemotd.pp

Dec 06 21:39:33 james.... setroubleshoot[35782]: SELinux is preventing /usr/bin/bash from write access on the file active.motd.

                                                                   *****  Plugin file (65.7 confidence) suggests   ******************************

                                                                   If you think this is caused by a badly mislabeled machine.
                                                                   Then you need to fully relabel.
                                                                   Do
                                                                   touch /.autorelabel; reboot

                                                                   *****  Plugin file (65.7 confidence) suggests   ******************************

                                                                   If you think this is caused by a badly mislabeled machine.
                                                                   Then you need to fully relabel.
                                                                   Do
                                                                   touch /.autorelabel; reboot

                                                                   *****  Plugin catchall_labels (11.3 confidence) suggests   *******************

                                                                   If you want to allow bash to have write access on the active.motd file
                                                                   Then you need to change the label on active.motd
                                                                   Do
                                                                   # semanage fcontext -a -t FILE_TYPE 'active.motd'
                                                                   where FILE_TYPE is one of the following: NetworkManager_unit_file_t, abrt_unit_file_t, accountsd_unit_file_t, afs_cache_t, alsa_lock_t, alsa_unit_file_t, amanda_unit_file_t, antivirus_unit_file_t, apcupsd_lock_t, apcupsd_unit_file_t, apmd_lock_t, apmd_unit_file_t, arpwatch_unit_file_t, auditd_etc_t, auditd_unit_file_t, automount_lock_t, automount_unit_file_t, avahi_unit_file_t, bcfg2_unit_file_t, binfmt_misc_fs_t, bluetooth_lock_t, bluetooth_unit_file_t, boinc_unit_file_t, bpf_t, brltty_unit_file_t, bumblebee_unit_file_t, cache_home_t, certmonger_unit_file_t, cgroup_t, chronyd_unit_file_t, cinder_api_unit_file_t, cinder_backup_unit_file_t, cinder_scheduler_unit_file_t, cinder_volume_unit_file_t, cloud_init_unit_file_t, cluster_unit_file_t, collectd_unit_file_t, colord_unit_file_t, condor_unit_file_t, condor_var_lock_t, config_home_t, conman_unit_file_t, conntrackd_unit_file_t, conntrackd_var_lock_t, consolekit_log_t, consolekit_unit_file_t, container_file_t, container_ro_file_t, couchdb_unit_file_t, cpuplug_lock_t, crond_unit_file_t, cupsd_lock_t, cupsd_unit_file_t, data_home_t, dbus_home_t, dbusd_unit_file_t, denyhosts_var_lock_t, device_t, dhcpd_unit_file_t, dirsrv_unit_file_t, dirsrv_var_lock_t, dirsrvadmin_lock_t, dirsrvadmin_unit_file_t, dnsmasq_unit_file_t, dnssec_trigger_unit_file_t, drbd_lock_t, etc_aliases_t, etc_runtime_t, faillog_t, fenced_lock_t, firewalld_unit_file_t, freeipmi_bmc_watchdog_unit_file_t, freeipmi_ipmidetectd_unit_file_t, freeipmi_ipmiseld_unit_file_t, ftpd_lock_t, ftpd_unit_file_t, fwupd_unit_file_t, gconf_home_t, getty_lock_t, getty_unit_file_t, gkeyringd_gnome_home_t, glance_api_unit_file_t, glance_registry_unit_file_t, glance_scrubber_unit_file_t, gnome_home_t, gssproxy_unit_file_t, gstreamer_home_t, haproxy_unit_file_t, hostapd_unit_file_t, hsqldb_unit_file_t, httpd_lock_t, httpd_unit_file_t, hwloc_dhwd_unit_t, hypervkvp_unit_file_t, hypervvssd_unit_file_t, icc_data_home_t, init_tmp_t, init_var_lib_t, init_var_run_t, initrc_state_t, initrc_var_run_t, innd_unit_file_t, insights_client_unit_file_t, insights_client_var_lock_t, iodined_unit_file_t, ipmievd_lock_t, ipmievd_unit_file_t, ipsec_mgmt_lock_t, ipsec_mgmt_unit_file_t, ipsec_var_run_t, iptables_lock_t, iptables_unit_file_t, iscsi_lock_t, iscsi_unit_file_t, jetty_unit_file_t, kdump_lock_t, kdump_unit_file_t, keepalived_unit_file_t, keystone_unit_file_t, kmscon_unit_file_t, krb5_host_rcache_t, krb5_keytab_t, krb5kdc_lock_t, ksm_unit_file_t, ksmtuned_unit_file_t, ktalkd_unit_file_t, lastlog_t, ld_so_cache_t, likewise_pstore_lock_t, local_login_lock_t, locale_t, lockdev_lock_t, logrotate_lock_t, logwatch_lock_t, lsmd_unit_file_t, lttng_sessiond_unit_file_t, lvm_lock_t, lvm_unit_file_t, machineid_t, mailman_lock_t, mandb_lock_t, mdadm_unit_file_t, mdadm_var_run_t, mip6d_unit_file_t, mnt_t, modemmanager_unit_file_t, mongod_unit_file_t, motion_unit_file_t, mount_var_run_t, mrtg_lock_t, mysqld_unit_file_t, named_conf_t, named_unit_file_t, netlabel_mgmt_unit_file_t, neutron_unit_file_t, nfsd_unit_file_t, ninfod_unit_file_t, nis_unit_file_t, nova_unit_file_t, nscd_unit_file_t, ntpd_unit_file_t, numad_unit_file_t, nut_unit_file_t, oddjob_unit_file_t, opendnssec_unit_file_t, opensm_unit_file_t, openvswitch_unit_file_t, openwsman_unit_file_t, passwd_file_t, pdns_unit_file_t, pesign_unit_file_t, phc2sys_unit_file_t, pkcs11proxyd_unit_file_t, pkcs_slotd_lock_t, pkcs_slotd_unit_file_t, pki_ra_lock_t, pki_tomcat_lock_t, pki_tomcat_unit_file_t, pki_tps_lock_t, polipo_unit_file_t, postgresql_lock_t, postgresql_unit_file_t, power_unit_file_t, pppd_lock_t, pppd_unit_file_t, print_spool_t, prosody_unit_file_t, ptp4l_unit_file_t, puppet_tmp_t, rabbitmq_unit_file_t, rabbitmq_var_lock_t, radiusd_unit_file_t, random_seed_t, rasdaemon_unit_file_t, rdisc_unit_file_t, redis_unit_file_t, rhcd_unit_file_t, rhev_agentd_unit_file_t, rhnsd_unit_file_t, rhsmcertd_lock_t, ricci_modstorage_lock_t, rkt_unit_file_t, rngd_unit_file_t, rolekit_unit_file_t, rpcbind_unit_file_t, rpcd_lock_t, rpcd_unit_file_t, rtas_errd_unit_file_t, rtas_errd_var_lock_t, samba_unit_file_t, sanlk_resetd_unit_file_t, sanlock_unit_file_t, sbd_unit_file_t, security_t, semanage_read_lock_t, semanage_trans_lock_t, sensord_unit_file_t, shorewall_lock_t, slapd_lock_t, slapd_unit_file_t, spamd_unit_file_t, spamd_update_unit_file_t, speech_dispatcher_unit_file_t, sshd_keygen_unit_file_t, sshd_unit_file_t, sslh_unit_file_t, sssd_unit_file_t, stalld_unit_file_t, svirt_home_t, svirt_image_t, svirt_tmp_t, svirt_tmpfs_t, svnserve_unit_file_t, swift_lock_t, swift_unit_file_t, sysctl_fs_t, sysctl_t, sysfs_t, syslogd_unit_file_t, system_cronjob_lock_t, systemd_bootchart_unit_file_t, systemd_gpt_generator_unit_file_t, systemd_home_t, systemd_hwdb_unit_file_t, systemd_logind_var_run_t, systemd_machined_unit_file_t, systemd_modules_load_unit_file_t, systemd_networkd_unit_file_t, systemd_passwd_var_run_t, systemd_resolved_unit_file_t, systemd_rfkill_unit_file_t, systemd_runtime_unit_file_t, systemd_socket_proxyd_unit_file_t, systemd_timedated_unit_file_t, systemd_unit_file_t, systemd_userdbd_unit_file_t, systemd_vconsole_unit_file_t, tangd_unit_file_t, targetclid_unit_file_t, targetd_unit_file_t, timemaster_unit_file_t, tlp_unit_file_t, tmpfs_t, tomcat_unit_file_t, tor_unit_file_t, udev_rules_t, usbmuxd_unit_file_t, uucpd_lock_t, var_lib_nfs_t, var_lib_t, var_lock_t, var_log_t, var_run_t, virt_lock_t, virtd_unit_file_t, virtlogd_unit_file_t, vmtools_unit_file_t, wireguard_unit_file_t, wtmp_t, xdm_lock_t, xdm_unit_file_t, ypbind_unit_file_t, zebra_unit_file_t, zoneminder_unit_file_t.
                                                                   Then execute:
                                                                   restorecon -v 'active.motd'

                                                                   *****  Plugin catchall (2.67 confidence) suggests   **************************

                                                                   If you believe that bash should be allowed write access on the active.motd file by default.
                                                                   Then you should report this as a bug.
                                                                   You can generate a local policy module to allow this access.
                                                                   Do
                                                                   allow this access for now by executing:
                                                                   # ausearch -c 'update-motd' --raw | audit2allow -M my-updatemotd
                                                                   # semodule -X 300 -i my-updatemotd.pp

Dec 06 21:39:35 james.... setroubleshootd[35782]: /etc/selinux/targeted/contexts/files/file_contexts:  invalid context system_u:object_r:cockpit_ws_exec_t:s0
Dec 06 21:39:35 james.... setroubleshoot[35782]: SELinux is preventing /usr/lib/systemd/systemd from execute access on the file /usr/share/cockpit/motd/update-motd.

                                                                   *****  Plugin file (65.7 confidence) suggests   ******************************

                                                                   If you think this is caused by a badly mislabeled machine.
                                                                   Then you need to fully relabel.
                                                                   Do
                                                                   touch /.autorelabel; reboot

                                                                   *****  Plugin file (65.7 confidence) suggests   ******************************

                                                                   If you think this is caused by a badly mislabeled machine.
                                                                   Then you need to fully relabel.
                                                                   Do
                                                                   touch /.autorelabel; reboot

                                                                   *****  Plugin catchall_labels (11.3 confidence) suggests   *******************

                                                                   If you want to allow systemd to have execute access on the update-motd file
                                                                   Then you need to change the label on /usr/share/cockpit/motd/update-motd
                                                                   Do
                                                                   # semanage fcontext -a -t FILE_TYPE '/usr/share/cockpit/motd/update-motd'
                                                                   where FILE_TYPE is one of the following: NetworkManager_dispatcher_exec_t, NetworkManager_exec_t, NetworkManager_initrc_exec_t, NetworkManager_priv_helper_exec_t, abrt_dump_oops_exec_t, abrt_exec_t, abrt_helper_exec_t, abrt_initrc_exec_t, abrt_upload_watch_exec_t, abrt_watch_log_exec_t, accountsd_exec_t, acct_exec_t, acct_initrc_exec_t, afs_bosserver_exec_t, afs_exec_t, afs_initrc_exec_t, aiccu_exec_t, aiccu_initrc_exec_t, aide_exec_t, ajaxterm_exec_t, ajaxterm_initrc_exec_t, alsa_exec_t, amanda_inetd_exec_t, amtu_exec_t, amtu_initrc_exec_t, anacron_exec_t, antivirus_exec_t, antivirus_initrc_exec_t, apcupsd_exec_t, apcupsd_initrc_exec_t, apmd_exec_t, apmd_initrc_exec_t, arpwatch_exec_t, arpwatch_initrc_exec_t, asterisk_exec_t, asterisk_initrc_exec_t, audisp_exec_t, auditctl_exec_t, auditd_exec_t, auditd_initrc_exec_t, automount_exec_t, automount_initrc_exec_t, avahi_exec_t, avahi_initrc_exec_t, bacula_exec_t, bacula_initrc_exec_t, bcfg2_exec_t, bcfg2_initrc_exec_t, bin_t, bitlbee_exec_t, bitlbee_initrc_exec_t, blkmapd_exec_t, blkmapd_initrc_exec_t, blueman_exec_t, bluetooth_exec_t, bluetooth_initrc_exec_t, boinc_exec_t, boinc_initrc_exec_t, boltd_exec_t, boot_t, bootloader_exec_t, brctl_exec_t, brltty_exec_t, bumblebee_exec_t, cachefilesd_exec_t, callweaver_exec_t, callweaver_initrc_exec_t, canna_exec_t, canna_initrc_exec_t, cardmgr_exec_t, ccs_exec_t, ccs_initrc_exec_t, certmaster_exec_t, certmaster_initrc_exec_t, certmonger_exec_t, certmonger_initrc_exec_t, cfengine_execd_exec_t, cfengine_initrc_exec_t, cfengine_monitord_exec_t, cfengine_serverd_exec_t, cgclear_exec_t, cgconfig_exec_t, cgconfig_initrc_exec_t, cgred_exec_t, cgred_initrc_exec_t, checkpc_exec_t, chkpwd_exec_t, chronyc_exec_t, chronyd_exec_t, chronyd_initrc_exec_t, chroot_exec_t, cinder_api_exec_t, cinder_backup_exec_t, cinder_scheduler_exec_t, cinder_volume_exec_t, ciped_exec_t, ciped_initrc_exec_t, clogd_exec_t, cloud_init_exec_t, cluster_exec_t, cluster_initrc_exec_t, clvmd_exec_t, clvmd_initrc_exec_t, cmirrord_exec_t, cmirrord_initrc_exec_t, cobblerd_exec_t, cobblerd_initrc_exec_t, collectd_exec_t, collectd_initrc_exec_t, colord_exec_t, comsat_exec_t, condor_collector_exec_t, condor_initrc_exec_t, condor_master_exec_t, condor_negotiator_exec_t, condor_procd_exec_t, condor_schedd_exec_t, condor_startd_exec_t, conman_exec_t, conman_unconfined_script_exec_t, conntrackd_exec_t, conntrackd_initrc_exec_t, consolekit_exec_t, couchdb_exec_t, couchdb_initrc_exec_t, courier_authdaemon_exec_t, courier_pcp_exec_t, courier_pop_exec_t, courier_sqwebmail_exec_t, courier_tcpd_exec_t, cpucontrol_exec_t, cpufreqselector_exec_t, cpuplug_exec_t, cpuplug_initrc_exec_t, cpuspeed_exec_t, crond_exec_t, crond_initrc_exec_t, ctdbd_exec_t, ctdbd_initrc_exec_t, cupsd_config_exec_t, cupsd_exec_t, cupsd_initrc_exec_t, cupsd_lpd_exec_t, cvs_exec_t, cvs_initrc_exec_t, cyphesis_exec_t, cyphesis_initrc_exec_t, cyrus_exec_t, cyrus_initrc_exec_t, dbskkd_exec_t, dbusd_exec_t, dccd_exec_t, dccifd_exec_t, dccm_exec_t, dcerpcd_exec_t, ddclient_exec_t, ddclient_initrc_exec_t, debuginfo_exec_t, deltacloudd_exec_t, denyhosts_exec_t, denyhosts_initrc_exec_t, devicekit_disk_exec_t, devicekit_exec_t, devicekit_power_exec_t, dhcpc_exec_t, dhcpc_helper_exec_t, dhcpd_exec_t, dhcpd_initrc_exec_t, dictd_exec_t, dictd_initrc_exec_t, dirsrv_exec_t, dirsrv_snmp_exec_t, dirsrvadmin_exec_t, dkim_milter_exec_t, dlm_controld_exec_t, dlm_controld_initrc_exec_t, dmesg_exec_t, dnsmasq_exec_t, dnsmasq_initrc_exec_t, dnssec_trigger_exec_t, dovecot_exec_t, dovecot_initrc_exec_t, drbd_exec_t, drbd_initrc_exec_t, dspam_exec_t, dspam_initrc_exec_t, entropyd_exec_t, entropyd_initrc_exec_t, etc_runtime_t, etc_t, eventlogd_exec_t, evtchnd_exec_t, exim_exec_t, exim_initrc_exec_t, fail2ban_client_exec_t, fail2ban_exec_t, fail2ban_initrc_exec_t, fcoemon_exec_t, fcoemon_initrc_exec_t, fenced_exec_t, fetchmail_exec_t, fetchmail_initrc_exec_t, fingerd_exec_t, firewalld_exec_t, firewalld_initrc_exec_t, firewallgui_exec_t, firstboot_exec_t, foghorn_exec_t, foghorn_initrc_exec_t, fprintd_exec_t, freeipmi_bmc_watchdog_exec_t, freeipmi_ipmidetectd_exec_t, freeipmi_ipmiseld_exec_t, fsadm_exec_t, fsdaemon_exec_t, fsdaemon_initrc_exec_t, ftpd_exec_t, ftpd_initrc_exec_t, ftpdctl_exec_t, fwupd_exec_t, games_exec_t, gconfdefaultsm_exec_t, gdomap_exec_t, gdomap_initrc_exec_t, geoclue_exec_t, getty_exec_t, gfs_controld_exec_t, gitd_exec_t, glance_api_exec_t, glance_api_initrc_exec_t, glance_registry_exec_t, glance_registry_initrc_exec_t, glance_scrubber_exec_t, glance_scrubber_initrc_exec_t, glusterd_exec_t, glusterd_initrc_exec_t, gnome_atspi_exec_t, gnomesystemmm_exec_t, gpm_exec_t, gpm_initrc_exec_t, gpsd_exec_t, gpsd_initrc_exec_t, greylist_milter_exec_t, groupadd_exec_t, groupd_exec_t, gssd_exec_t, gssproxy_exec_t, haproxy_exec_t, hddtemp_exec_t, hddtemp_initrc_exec_t, home_bin_t, hostapd_exec_t, hostname_exec_t, hsqldb_exec_t, httpd_exec_t, httpd_initrc_exec_t, httpd_rotatelogs_exec_t, hwclock_exec_t, hwloc_dhwd_exec_t, hypervkvp_exec_t, hypervkvp_initrc_exec_t, hypervvssd_exec_t, ibacm_exec_t, icecast_exec_t, icecast_initrc_exec_t, ifconfig_exec_t, inetd_child_exec_t, inetd_exec_t, init_exec_t, initrc_exec_t, initrc_state_t, innd_exec_t, innd_initrc_exec_t, insights_client_exec_t, install_exec_t, iodined_exec_t, iodined_initrc_exec_t, ipmievd_exec_t, ipmievd_helper_exec_t, ipsec_exec_t, ipsec_initrc_exec_t, ipsec_mgmt_exec_t, iptables_exec_t, iptables_initrc_exec_t, irqbalance_exec_t, irqbalance_initrc_exec_t, iscsid_exec_t, isnsd_exec_t, isnsd_initrc_exec_t, iwhd_exec_t, iwhd_initrc_exec_t, jabberd_exec_t, jabberd_initrc_exec_t, jabberd_router_exec_t, jetty_exec_t, jockey_exec_t, journalctl_exec_t, kadmind_exec_t, kdump_exec_t, kdump_initrc_exec_t, kdumpctl_exec_t, kdumpgui_exec_t, keepalived_exec_t, kerberos_initrc_exec_t, keyboardd_exec_t, keystone_exec_t, keystone_initrc_exec_t, kismet_exec_t, kismet_initrc_exec_t, klogd_exec_t, kmod_exec_t, kmscon_exec_t, kpatch_exec_t, kpropd_exec_t, krb5kdc_exec_t, ksm_exec_t, ksmtuned_exec_t, ksmtuned_initrc_exec_t, ktalkd_exec_t, l2tpd_exec_t, l2tpd_initrc_exec_t, ld_so_t, ldconfig_exec_t, lib_t, likewise_initrc_exec_t, lircd_exec_t, lircd_initrc_exec_t, lldpad_exec_t, lldpad_initrc_exec_t, loadkeys_exec_t, locate_exec_t, logrotate_exec_t, logwatch_exec_t, lpd_exec_t, lsassd_exec_t, lsmd_exec_t, lttng_sessiond_exec_t, lvm_exec_t, lwiod_exec_t, lwregd_exec_t, lwsmd_exec_t, mailman_mail_exec_t, mandb_exec_t, mcelog_exec_t, mcelog_initrc_exec_t, mdadm_exec_t, mdadm_initrc_exec_t, memcached_exec_t, memcached_initrc_exec_t, minidlna_exec_t, minidlna_initrc_exec_t, minissdpd_exec_t, minissdpd_initrc_exec_t, mip6d_exec_t, modemmanager_exec_t, mon_procd_exec_t, mon_statd_exec_t, mon_statd_initrc_exec_t, mongod_exec_t, mongod_initrc_exec_t, motion_exec_t, mount_ecryptfs_exec_t, mount_exec_t, mpd_exec_t, mpd_initrc_exec_t, mrtg_exec_t, mrtg_initrc_exec_t, mscan_exec_t, mscan_initrc_exec_t, munin_exec_t, munin_initrc_exec_t, mysqld_exec_t, mysqld_initrc_exec_t, mysqld_safe_exec_t, mysqlmanagerd_exec_t, mysqlmanagerd_initrc_exec_t, naemon_exec_t, naemon_initrc_exec_t, nagios_exec_t, nagios_initrc_exec_t, named_checkconf_exec_t, named_exec_t, named_initrc_exec_t, namespace_init_exec_t, ndc_exec_t, netlabel_mgmt_exec_t, netlogond_exec_t, netutils_exec_t, neutron_exec_t, neutron_initrc_exec_t, nfsd_exec_t, nfsd_initrc_exec_t, ninfod_exec_t, nis_initrc_exec_t, nmbd_exec_t, nova_exec_t, nrpe_exec_t, nscd_exec_t, nscd_initrc_exec_t, nsd_exec_t, nslcd_exec_t, nslcd_initrc_exec_t, ntop_exec_t, ntop_initrc_exec_t, ntpd_exec_t, ntpd_initrc_exec_t, ntpdate_exec_t, numad_exec_t, nut_upsd_exec_t, nut_upsdrvctl_exec_t, nut_upsmon_exec_t, nx_server_exec_t, oddjob_exec_t, oddjob_mkhomedir_exec_t, opafm_exec_t, openct_exec_t, openct_initrc_exec_t, opendnssec_exec_t, openfortivpn_exec_t, openhpid_exec_t, openhpid_initrc_exec_t, openshift_initrc_exec_t, opensm_exec_t, openvpn_exec_t, openvpn_initrc_exec_t, openvswitch_exec_t, openwsman_exec_t, oracleasm_exec_t, oracleasm_initrc_exec_t, osad_exec_t, osad_initrc_exec_t, pads_exec_t, pads_initrc_exec_t, pam_console_exec_t, pcp_plugin_exec_t, pcp_plugin_initrc_exec_t, pcp_pmcd_exec_t, pcp_pmcd_initrc_exec_t, pcp_pmie_exec_t, pcp_pmie_initrc_exec_t, pcp_pmlogger_exec_t, pcp_pmlogger_initrc_exec_t, pcp_pmproxy_exec_t, pcp_pmproxy_initrc_exec_t, pcscd_exec_t, pcscd_initrc_exec_t, pdns_control_exec_t, pdns_exec_t, pegasus_exec_t, pegasus_openlmi_account_exec_t, pegasus_openlmi_admin_exec_t, pegasus_openlmi_logicalfile_exec_t, pegasus_openlmi_services_exec_t, pegasus_openlmi_storage_exec_t, pegasus_openlmi_system_exec_t, pegasus_openlmi_unconfined_exec_t, pesign_exec_t, phc2sys_exec_t, ping_exec_t, pingd_exec_t, pingd_initrc_exec_t, piranha_fos_exec_t, piranha_lvs_exec_t, piranha_pulse_exec_t, piranha_pulse_initrc_exec_t, piranha_web_exec_t, pkcs11proxyd_exec_t, pkcs_slotd_exec_t, pkcs_slotd_initrc_exec_t, pki_ra_exec_t, pki_ra_script_exec_t, pki_tomcat_exec_t, pki_tps_exec_t, pki_tps_script_exec_t, plymouth_exec_t, plymouthd_exec_t, policykit_auth_exec_t, policykit_exec_t, policykit_grant_exec_t, policykit_resolve_exec_t, polipo_exec_t, polipo_initrc_exec_t, portmap_exec_t, portmap_helper_exec_t, portmap_initrc_exec_t, portreserve_exec_t, portreserve_initrc_exec_t, postfix_exec_t, postfix_initrc_exec_t, postfix_master_exec_t, postgresql_exec_t, postgresql_initrc_exec_t, postgrey_exec_t, postgrey_initrc_exec_t, pppd_exec_t, pppd_initrc_exec_t, pptp_exec_t, prelink_exec_t, prelude_audisp_exec_t, prelude_correlator_exec_t, prelude_exec_t, prelude_initrc_exec_t, prelude_lml_exec_t, privoxy_exec_t, privoxy_initrc_exec_t, prosody_exec_t, psad_exec_t, psad_initrc_exec_t, ptal_exec_t, ptp4l_exec_t, publicfile_exec_t, pulseaudio_exec_t, puppetagent_exec_t, puppetagent_initrc_exec_t, puppetmaster_exec_t, puppetmaster_initrc_exec_t, pyicqt_exec_t, qdiskd_exec_t, qmail_start_exec_t, qmail_tcp_env_exec_t, qpidd_exec_t, qpidd_initrc_exec_t, quota_exec_t, quota_nld_exec_t, rabbitmq_exec_t, rabbitmq_initrc_exec_t, racoon_exec_t, radiusd_exec_t, radiusd_initrc_exec_t, radvd_exec_t, radvd_initrc_exec_t, rasdaemon_exec_t, rdisc_exec_t, readahead_exec_t, realmd_exec_t, redis_exec_t, redis_initrc_exec_t, regex_milter_exec_t, restorecond_exec_t, rhcd_exec_t, rhev_agentd_exec_t, rhgb_exec_t, rhnsd_exec_t, rhnsd_initrc_exec_t, rhsmcertd_exec_t, rhsmcertd_initrc_exec_t, ricci_exec_t, ricci_initrc_exec_t, ricci_modclusterd_exec_t, rkt_exec_t, rlogind_exec_t, rngd_exec_t, rngd_initrc_exec_t, rolekit_exec_t, roundup_exec_t, roundup_initrc_exec_t, rpcbind_exec_t, rpcbind_initrc_exec_t, rpcd_exec_t, rpcd_initrc_exec_t, rpm_exec_t, rpmdb_exec_t, rrdcached_exec_t, rshd_exec_t, rssh_chroot_helper_exec_t, rsync_exec_t, rtas_errd_exec_t, rtkit_daemon_exec_t, rtkit_daemon_initrc_exec_t, rwho_exec_t, rwho_initrc_exec_t, samba_initrc_exec_t, sambagui_exec_t, sanlk_resetd_exec_t, sanlock_exec_t, sanlock_initrc_exec_t, saslauthd_exec_t, saslauthd_initrc_exec_t, sbd_exec_t, sblim_gatherd_exec_t, sblim_initrc_exec_t, sblim_reposd_exec_t, sblim_sfcbd_exec_t, sectoolm_exec_t, semanage_exec_t, sendmail_exec_t, sendmail_initrc_exec_t, sensord_exec_t, sensord_initrc_exec_t, setfiles_exec_t, setkey_exec_t, setrans_exec_t, setrans_initrc_exec_t, setroubleshoot_fixit_exec_t, setroubleshootd_exec_t, setsebool_exec_t, sge_execd_exec_t, shell_exec_t, shorewall_exec_t, shorewall_initrc_exec_t, slapd_exec_t, slapd_initrc_exec_t, slpd_exec_t, slpd_initrc_exec_t, smbd_exec_t, smokeping_exec_t, smokeping_initrc_exec_t, smsd_exec_t, smsd_initrc_exec_t, snapperd_exec_t, snmpd_exec_t, snmpd_initrc_exec_t, snort_exec_t, snort_initrc_exec_t, soundd_exec_t, soundd_initrc_exec_t, spamass_milter_exec_t, spamd_exec_t, spamd_initrc_exec_t, spamd_update_exec_t, speech_dispatcher_exec_t, squid_cron_exec_t, squid_exec_t, squid_initrc_exec_t, src_t, srvsvcd_exec_t, ssh_keygen_exec_t, sshd_exec_t, sshd_initrc_exec_t, sshd_keygen_exec_t, sslh_exec_t, sslh_initrc_exec_t, sssd_exec_t, sssd_initrc_exec_t, stalld_exec_t, stapserver_exec_t, stratisd_exec_t, stunnel_exec_t, sulogin_exec_t, svc_start_exec_t, svnserve_exec_t, svnserve_initrc_exec_t, swat_exec_t, swift_exec_t, syslogd_exec_t, syslogd_initrc_exec_t, sysstat_exec_t, sysstat_initrc_exec_t, system_conf_t, system_db_t, systemd_bootchart_exec_t, systemd_coredump_exec_t, systemd_gpt_generator_exec_t, systemd_hostnamed_exec_t, systemd_hwdb_exec_t, systemd_importd_exec_t, systemd_initctl_exec_t, systemd_journal_upload_exec_t, systemd_localed_exec_t, systemd_logger_exec_t, systemd_logind_exec_t, systemd_machined_exec_t, systemd_modules_load_exec_t, systemd_network_generator_exec_t, systemd_networkd_exec_t, systemd_notify_exec_t, systemd_passwd_agent_exec_t, systemd_resolved_exec_t, systemd_rfkill_exec_t, systemd_sleep_exec_t, systemd_socket_proxyd_exec_t, systemd_sysctl_exec_t, systemd_systemctl_exec_t, systemd_timedated_exec_t, systemd_tmpfiles_exec_t, systemd_userdbd_exec_t, tangd_exec_t, targetclid_exec_t, targetd_exec_t, tcpd_exec_t, tcsd_exec_t, tcsd_initrc_exec_t, telnetd_exec_t, textrel_shlib_t, tftpd_exec_t, tgtd_exec_t, tgtd_initrc_exec_t, thin_aeolus_configserver_exec_t, thin_exec_t, timedatex_exec_t, timemaster_exec_t, tlp_exec_t, tmpfs_t, tmpreaper_exec_t, tomcat_exec_t, tor_exec_t, tor_initrc_exec_t, traceroute_exec_t, tuned_exec_t, tuned_initrc_exec_t, udev_exec_t, ulogd_exec_t, ulogd_initrc_exec_t, uml_switch_exec_t, updfstab_exec_t, updpwd_exec_t, usbmodules_exec_t, usbmuxd_exec_t, useradd_exec_t, usr_t, uucpd_exec_t, uucpd_initrc_exec_t, uuidd_exec_t, uuidd_initrc_exec_t, var_run_t, varnishd_exec_t, varnishd_initrc_exec_t, varnishlog_exec_t, varnishlog_initrc_exec_t, vdagent_exec_t, vdagentd_initrc_exec_t, vhostmd_exec_t, vhostmd_initrc_exec_t, virsh_exec_t, virt_qemu_ga_exec_t, virtd_exec_t, virtd_initrc_exec_t, virtd_lxc_exec_t, virtlogd_exec_t, virtlogd_initrc_exec_t, vmtools_exec_t, vmware_host_exec_t, vnstatd_exec_t, vnstatd_initrc_exec_t, vpnc_exec_t, watchdog_exec_t, watchdog_initrc_exec_t, wdmd_exec_t, wdmd_initrc_exec_t, winbind_exec_t, wireguard_exec_t, wpa_cli_exec_t, xdm_exec_t, xenconsoled_exec_t, xend_exec_t, xenstored_exec_t, xserver_exec_t, ypbind_exec_t, ypbind_initrc_exec_t, yppasswdd_exec_t, ypserv_exec_t, ypxfr_exec_t, zabbix_agent_exec_t, zabbix_agent_initrc_exec_t, zabbix_exec_t, zabbix_initrc_exec_t, zarafa_deliver_exec_t, zarafa_gateway_exec_t, zarafa_ical_exec_t, zarafa_indexer_exec_t, zarafa_monitor_exec_t, zarafa_server_exec_t, zarafa_spooler_exec_t, zebra_exec_t, zebra_initrc_exec_t, zoneminder_exec_t, zoneminder_initrc_exec_t, zos_remote_exec_t.
                                                                   Then execute:
                                                                   restorecon -v '/usr/share/cockpit/motd/update-motd'

                                                                   *****  Plugin catchall (2.67 confidence) suggests   **************************

                                                                   If you believe that systemd should be allowed execute access on the update-motd file by default.
                                                                   Then you should report this as a bug.
                                                                   You can generate a local policy module to allow this access.
                                                                   Do
                                                                   allow this access for now by executing:
                                                                   # ausearch -c '(ate-motd)' --raw | audit2allow -M my-atemotd
                                                                   # semodule -X 300 -i my-atemotd.pp

Dec 06 21:39:35 james.... setroubleshootd[35782]: /etc/selinux/targeted/contexts/files/file_contexts:  invalid context system_u:object_r:cockpit_ws_exec_t:s0
Dec 06 21:39:35 james.... setroubleshoot[35782]: SELinux is preventing /usr/bin/bash from execute_no_trans access on the file /usr/share/cockpit/motd/update-motd.

                                                                   *****  Plugin file (73.6 confidence) suggests   ******************************

                                                                   If you think this is caused by a badly mislabeled machine.
                                                                   Then you need to fully relabel.
                                                                   Do
                                                                   touch /.autorelabel; reboot

                                                                   *****  Plugin file (73.6 confidence) suggests   ******************************

                                                                   If you think this is caused by a badly mislabeled machine.
                                                                   Then you need to fully relabel.
                                                                   Do
                                                                   touch /.autorelabel; reboot

                                                                   *****  Plugin catchall (2.93 confidence) suggests   **************************

                                                                   If you believe that bash should be allowed execute_no_trans access on the update-motd file by default.
                                                                   Then you should report this as a bug.
                                                                   You can generate a local policy module to allow this access.
                                                                   Do
                                                                   allow this access for now by executing:
                                                                   # ausearch -c 'update-motd' --raw | audit2allow -M my-updatemotd
                                                                   # semodule -X 300 -i my-updatemotd.pp

Dec 06 21:39:36 james.... systemd[1]: /usr/lib/systemd/system/tog-pegasus.service:9: PIDFile= references a path below legacy directory /var/run/, updating /var/run/tog-pegasus/cimserver.pid → /run/tog-pegasus/cimserver.pid; please update the unit file accordingly.
Dec 06 21:39:42 james.... setroubleshoot[35782]: SELinux is preventing /usr/bin/python3.9 from name_connect access on the tcp_socket port 3000.

                                                                   *****  Plugin catchall (100. confidence) suggests   **************************

                                                                   If you believe that python3.9 should be allowed name_connect access on the port 3000 tcp_socket by default.
                                                                   Then you should report this as a bug.
                                                                   You can generate a local policy module to allow this access.
                                                                   Do
                                                                   allow this access for now by executing:
                                                                   # ausearch -c 'python3' --raw | audit2allow -M my-python3
                                                                   # semodule -X 300 -i my-python3.pp

Dec 06 21:39:44 james.... systemd[1]: /usr/lib/systemd/system/tog-pegasus.service:9: PIDFile= references a path below legacy directory /var/run/, updating /var/run/tog-pegasus/cimserver.pid → /run/tog-pegasus/cimserver.pid; please update the unit file accordingly.
Dec 06 21:39:45 james.... systemd[1]: cockpit.socket: Failed to determine SELinux label: Invalid argument
Dec 06 21:39:45 james.... systemd[1]: cockpit.socket: Failed to listen on sockets: Invalid argument
Dec 06 21:39:45 james.... systemd[1]: Starting Cockpit Web Service Socket...
░░ Subject: A start job for unit cockpit.socket has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A start job for unit cockpit.socket has begun execution.
░░ 
░░ The job identifier is 36463.
Dec 06 21:39:45 james.... systemd[1]: cockpit.socket: Failed with result 'resources'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ The unit cockpit.socket has entered the 'failed' state with result 'resources'.
Dec 06 21:39:45 james.... systemd[1]: Failed to listen on Cockpit Web Service Socket.
░░ Subject: A start job for unit cockpit.socket has failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A start job for unit cockpit.socket has finished with a failure.
░░ 
░░ The job identifier is 36463 and the job result is failed.
Dec 06 21:39:45 james.... systemd[1]: Starting Cockpit motd updater service...
░░ Subject: A start job for unit cockpit-motd.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ 
░░ A start job for unit cockpit-motd.service has begun execution.
░░ 
░░ The job identifier is 36573.
cockpit-project / cockpit

Cockpit Fails to Start after Centos 9 Update #18003

Explain what happens

Version of Cockpit

Where is the problem in Cockpit?

Server operating system

Server operating system version

What browsers are you using?

System log
