Description of problem: On rebooting the system which has a fresh Fedora 29 installation, the following error occurs: SELinux is preventing plymouthd from getattr access on the directory /sys/firmware/efi/efivars. Version-Release number of selected component (if applicable): 3.14.2-44.fc29 (current Fedora 29 versions) How reproducible: Every reboot Full output from troubleshooting window copied below: SELinux is preventing plymouthd from getattr access on the directory /sys/firmware/efi/efivars. ***** Plugin restorecon (99.5 confidence) suggests ************************ If you want to fix the label. /sys/firmware/efi/efivars default label should be sysfs_t. Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly. Do # /sbin/restorecon -v /sys/firmware/efi/efivars ***** Plugin catchall (1.49 confidence) suggests ************************** If you believe that plymouthd should be allowed getattr access on the efivars directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'plymouthd' --raw | audit2allow -M my-plymouthd # semodule -X 300 -i my-plymouthd.pp Additional Information: Source Context system_u:system_r:plymouthd_t:s0 Target Context system_u:object_r:efivarfs_t:s0 Target Objects /sys/firmware/efi/efivars [ dir ] Source plymouthd Source Path plymouthd Port <Unknown> Host Hostname Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.2-44.fc29.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name Hostname Platform Linux Hostname 4.19.10-300.fc29.x86_64 #1 SMP Mon Dec 17 15:34:44 UTC 2018 x86_64 x86_64 Alert Count 1 First Seen 2019-01-11 14:56:09 EST Last Seen 2019-01-11 14:56:09 EST Local ID 19785ad5-ce64-4be3-a003-93a15d6119e6 Raw Audit Messages type=AVC msg=audit(1547236569.468:3462): avc: denied { getattr } for pid=7534 comm="plymouthd" path="/sys/firmware/efi/efivars" dev="efivarfs" ino=1313 scontext=system_u:system_r:plymouthd_t:s0 tcontext=system_u:object_r:efivarfs_t:s0 tclass=dir permissive=0 Hash: plymouthd,plymouthd_t,efivarfs_t,dir,getattr
Hi, Could you try it with this build? https://koji.fedoraproject.org/koji/buildinfo?buildID=1178902 Thanks, Lukas.
Please continue in discussion in bz 1664143 with further information. *** This bug has been marked as a duplicate of bug 1664143 ***
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days