Bug 1822884

Summary: Updating grub2 packages causes SELinux error message
Product: [Fedora] Fedora Reporter: Nikolaos Perrakis <nikperrakis>
Component: grub2Assignee: Peter Jones <pjones>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 31CC: andbruna, fmartine, lkundrak, pjones, skr
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-14 09:33:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nikolaos Perrakis 2020-04-10 09:52:44 UTC 
Description of problem:

My laptop is running Fedora MATE 31.
After performing today’s (09:10 London time) dnf upgrade I got error messages like the one below:

Upgrading        : grub2-common-1:2.02-107.fc31.noarch  1/86 
error: lsetfilecon: (/boot/efi/EFI/fedora, system_u:object_r:boot_t:s0) Operation not supported

At the end I did get:

Verifying        : grub2-common-1:2.02-107.fc31.noarch 9/86

Note that similar errors also appeared for the packages below:

Upgrading        : grub2-efi-ia32-1:2.02-107.fc31.x86_64
error: lsetfilecon: (/boot/efi/EFI/fedora/fonts, system_u:object_r:boot_t:s0) Operation not supported
error: lsetfilecon: (/boot/efi/EFI/fedora/grubia32.efi;5e902960, system_u:object_r:boot_t:s0) Operation not supported

  Upgrading        : grub2-efi-x64-1:2.02-107.fc31.x86_64
error: lsetfilecon: (/boot/efi/EFI/fedora/grubx64.efi;5e902960, system_u:object_r:boot_t:s0) Operation not supported

  Upgrading        : grub2-efi-ia32-cdboot-1:2.02-107.fc31.x86_64
error: lsetfilecon: (/boot/efi/EFI/fedora/fonts, system_u:object_r:boot_t:s0) Operation not supported
error: lsetfilecon: (/boot/efi/EFI/fedora/fonts/unicode.pf2;5e902960, system_u:object_r:boot_t:s0) Operation not supported
error: lsetfilecon: (/boot/efi/EFI/fedora/gcdia32.efi;5e902960, system_u:object_r:boot_t:s0) Operation not supported

  Upgrading        : grub2-efi-x64-cdboot-1:2.02-107.fc31.x86_64  
error: lsetfilecon: (/boot/efi/EFI/fedora/gcdx64.efi;5e902960, system_u:object_r:boot_t:s0) Operation not supported

Those packages also validated at the end.

Version-Release number of selected component (if applicable):


How reproducible:

I m not sure how easily it is to reproduce the error message.

Steps to Reproduce:
1. Install previous versions of all mentioned packages and associated SELinux policies.
2. Update mentioned packages to versions shown above.

Actual results:

SELinux error messages shown above.

Expected results:

No SELinux error messages should be encountered.

Additional info:

The bug looks similar to this RHEL8.2 reported bug
https://bugzilla.redhat.com/show_bug.cgi?id=1783201
Comment 1 Andrea Bruna 2020-04-10 12:53:45 UTC 
Same issue here:

 Upgrading                    : grub2-common-1:2.02-107.fc31.noarch      2/235 
error: lsetfilecon: (/boot/efi/EFI/fedora, system_u:object_r:boot_t:s0) Operation not supported

 Upgrading                    : grub2-efi-ia32-1:2.02-107.fc31.x86_6    98/235 
error: lsetfilecon: (/boot/efi/EFI/fedora/fonts, system_u:object_r:boot_t:s0) Operation not supported
error: lsetfilecon: (/boot/efi/EFI/fedora/grubia32.efi;5e9069ba, system_u:object_r:boot_t:s0) Operation not supported

  Upgrading                    : grub2-efi-x64-1:2.02-107.fc31.x86_64    99/235 
error: lsetfilecon: (/boot/efi/EFI/fedora/grubx64.efi;5e9069ba, system_u:object_r:boot_t:s0) Operation not supported

  Upgrading                    : grub2-efi-ia32-cdboot-1:2.02-107.fc3   100/235 
error: lsetfilecon: (/boot/efi/EFI/fedora/fonts, system_u:object_r:boot_t:s0) Operation not supported
error: lsetfilecon: (/boot/efi/EFI/fedora/fonts/unicode.pf2;5e9069ba, system_u:object_r:boot_t:s0) Operation not supported
error: lsetfilecon: (/boot/efi/EFI/fedora/gcdia32.efi;5e9069ba, system_u:object_r:boot_t:s0) Operation not supported
  
Upgrading                    : grub2-efi-x64-cdboot-1:2.02-107.fc31   101/235 
error: lsetfilecon: (/boot/efi/EFI/fedora/gcdx64.efi;5e9069ba, system_u:object_r:boot_t:s0) Operation not supported
Comment 2 Javier Martinez Canillas 2020-04-14 09:33:55 UTC 

*** This bug has been marked as a duplicate of bug 1722766 ***