Bug 1760677

Summary: grub2 gets caught by selinux
Product: [Fedora] Fedora Reporter: D. Hugh Redelmeier <hugh>
Component: grub2Assignee: Peter Jones <pjones>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 31CC: egor.pugin, fmartine, hugh, lkundrak, pjones, plroskin
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-10-17 22:44:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description D. Hugh Redelmeier 2019-10-11 05:49:13 UTC 
Description of problem:
When updating grub2-efi-ia32 and -x64, SELinux gets unhappy

Version-Release number of selected component (if applicable):
grub2-efi-ia32-1:2.02-100.fc31.x86_64
grub2-efi-x64-1:2.02-100.fc31.x86_64

How reproducible:
unknown

Steps to Reproduce:
1. sudo dnf update

Actual results:

  Upgrading        : grub2-efi-ia32-1:2.02-100.fc31.x86_64              102/230 
error: lsetfilecon: (/boot/efi/EFI/fedora/fonts, system_u:object_r:boot_t:s0) Operation not supported
error: lsetfilecon: (/boot/efi/EFI/fedora/grubia32.efi;5da00ddb, system_u:object_r:boot_t:s0) Operation not supported

  Upgrading        : grub2-efi-x64-1:2.02-100.fc31.x86_64               103/230 
error: lsetfilecon: (/boot/efi/EFI/fedora/grubx64.efi;5da00ddb, system_u:object_r:boot_t:s0) Operation not supported

  Upgrading        : sqlite-3.30.0-1.fc31.x86_64                        104/230 
  Upgrading        : grub2-efi-ia32-cdboot-1:2.02-100.fc31.x86_64       105/230 
error: lsetfilecon: (/boot/efi/EFI/fedora/fonts, system_u:object_r:boot_t:s0) Operation not supported
error: lsetfilecon: (/boot/efi/EFI/fedora/fonts/unicode.pf2;5da00ddb, system_u:object_r:boot_t:s0) Operation not supported
error: lsetfilecon: (/boot/efi/EFI/fedora/gcdia32.efi;5da00ddb, system_u:object_r:boot_t:s0) Operation not supported

  Upgrading        : grub2-efi-x64-cdboot-1:2.02-100.fc31.x86_64        106/230 
error: lsetfilecon: (/boot/efi/EFI/fedora/gcdx64.efi;5da00ddb, system_u:object_r:boot_t:s0) Operation not supported

  Upgrading        : grub2-tools-efi-1:2.02-100.fc31.x86_64             107/230 

Expected results:
no diagnostics

Additional info:
Comment 1 Pavel Roskin 2019-10-17 22:44:38 UTC 
I believe it's a duplicate of #1726018, which in turn was marked as duplicate of #1722766

Whether it's /proc or /boot/efi, rpm should be silent about the SELinux labels on filesystems that don't support them, as long as it's considered to be safe.

*** This bug has been marked as a duplicate of bug 1726018 ***