The files are definitely not part of the Nextcloud package. Open it and check its content to get an idea where they’re coming from. Nextcloud in general verifies the content of its package and all files, which are not part of the original package, are generating the mentioned security warning.
I checked the page …/nextcloud/index.php/settings/admin/logging and it shows no entries for 2020-03-31 (the day those two files were created). And I don’t remember if I did anything special with NC on that day.
journalctl shows the following message four times for that day
setroubleshoot: failed to retrieve rpm info for /sys/kernel/config
setroubleshoot: SELinux is preventing /usr/bin/df from getattr access on the directory /sys/kernel/config. For complete SELinux messages run: sealert -l 1ad922aa-ce69-42b1-8753-64820b6a2917
python: SELinux is preventing /usr/bin/df from getattr access on the directory /sys/kernel/config.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that df should be allowed getattr access on the config directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c 'df' --raw | audit2allow -M my-df
# semodule -i my-df.pp
Should I just delete those two files or should I make some changes to SELinux?