How do you Manual Compile Fedora 27/28/29 Talpa?

Question

I have been working on scripting installs of Sophos AV on Linux hosts. I have no issues with the supported platforms, but we have some Debian, some Scientific Linux, and some Fedora. 
 I was able to figure out what was needed on SciLinux, and Debian to get the Talpa to compile with the standard installer script from Sophos, but I can not get the same to work on any of the currently stable Fedora builds. 
 
 I found the sophos talpa source in gethub, and have gotten it to compile the binary packages. I can run /opt/sophos-av/engine/talpa_select select and it will look like its working, but no matter what I do afterwards, the real time scan engine does not start. 
 Current Output from Talpa Select: 
 [root@ITRS-505687645a engine]# ./talpa_select select [Talpa-select] Copyright 1989-2018 Sophos Limited. All rights reserved. Fri Jan 11 15:26:25 2019 GMT Linux distribution: [fedora] Product: [Fedora release 29 (Twenty Nine)] Kernel: [4.19.13-300.fc29.x86_64] Multiprocessor support enabled. Searching for source pack... Searching for suitable binary pack... Binary pack was created locally. Found suitable binary pack. Using: /opt/sophos-av/talpa/compiled/talpa-binpack-fedora-x86_64-4.19.13-300.fc29.x86_64-1smpsatdec29225428utc2018.tar.gz 
 I have tried to reboot, which does not enable the on-access scanning. 
 I have tried to run /opt/sophos-av/bin/savdctl enable, which does not enable the on-access scanning. 
 No matter which I do, whenever I run /opt/sophos-av/bin/savdstatus: 
 [root@ITRS-505687645a talpa]# /opt/sophos-av/bin/savdstatus Sophos Anti-Virus is active but on-access scanning is not running 
 
 When looking into the logs, this appears to be the pertinent bit of information: 
 Fri 11 Jan 2019 07:46:01 AM CST: update.updated Updated to versions - SAV: 10.4.1, Engine: 3.74.2, Data: 5.58 Fri 11 Jan 2019 07:46:01 AM CST: update.updated Successfully updated Sophos Anti-Virus from sdds:SOPHOS Fri 11 Jan 2019 07:46:41 AM CST: talpa.startup Unable to load Talpa modules. Fri 11 Jan 2019 08:45:51 AM CST: update.check Successfully updated Sophos Anti-Virus from sdds:SOPHOS Fri 11 Jan 2019 08:50:29 AM CST: talpa_select.compiled NOTE: You are running Sophos Anti-Virus on a kernel for which Sophos does not provide binary kernel modules. Therefore the kernel modules have been locally compiled. Please see KBA14377 for supported platforms and kernels. Fri 11 Jan 2019 08:50:32 AM CST: talpa_select Failed to load module talpa_syscallhook insmod: ERROR: could not insert module /opt/sophos-av/talpa/current/talpa_syscallhook.ko: Permission denied 
 Fri 11 Jan 2019 08:50:32 AM CST: talpa.startup Unable to load Talpa modules. 
 
 Any help here would be useful. I feel like I am REALLY close to getting this running, but so far no luck.

Greg Smith · Answer

I can confirm, if you use the github version of Talpa, it will compile on Fedora, BUT, it will not load the kernel modules as the newest profiles in SELinux do not allow the loading. 
 
 After you have compiled the module from github ( https://github.com/sophos/talpa ), and have tried to turn on the on-access scanning (# /opt/sophos-av/bin/savdctl enable), do the following: 
 **** WARNING -- This is what I did on Fedora 27, 28, 29. It might not work on your system -- WARNING **** 
 This will look at your SELinux Audit logs parsing it for recent insmod failures and build the policy info to add to the default targeted policy. 
 # ausearch -c insmod -r | audit2allow -M talpainsmod -p /etc/selinux/targeted/policy/policy.31 
 
 Once you have that new policy file, you need to add it to existing policy on the system. 
 # semodule - talpainsmod.pp 
 
 Then you just need to reboot the system and the talpa modules compiled before from Github should compile and allow Sophos to run.