Bug 1824196 - SELinux is preventing /usr/lib/systemd/systemd-resolved from 'read' accesses on the file /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c.
Summary: SELinux is preventing /usr/lib/systemd/systemd-resolved from 'read' accesses ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 32
Hardware: x86_64
OS: Unspecified
low
low
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:58d024ca4a697511afa021ae220...
: 1819161 1823035 1827972 (view as bug list)
Depends On: 1812955
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-04-15 14:14 UTC by Michael DePaulo
Modified: 2021-04-16 16:51 UTC (History)
29 users (show)

Fixed In Version: selinux-policy-3.14.5-38.fc32 selinux-policy-3.14.5-39.fc32 selinux-policy-3.14.5-40.fc32
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-06-11 22:57:11 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Michael DePaulo 2020-04-15 14:14:24 UTC
Description of problem:
Booted & launched KDE.

Started after upgrading from F31 to F32.
SELinux is preventing /usr/lib/systemd/systemd-resolved from 'read' accesses on the file /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that systemd-resolved should be allowed read access on the SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'systemd-resolve' --raw | audit2allow -M my-systemdresolve
# semodule -X 300 -i my-systemdresolve.pp

Additional Information:
Source Context                system_u:system_r:systemd_resolved_t:s0
Target Context                system_u:object_r:efivarfs_t:s0
Target Objects                /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca
                              -11d2-aa0d-00e098032b8c [ file ]
Source                        systemd-resolve
Source Path                   /usr/lib/systemd/systemd-resolved
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           systemd-245.4-1.fc32.x86_64
Target RPM Packages           
SELinux Policy RPM            selinux-policy-3.14.5-32.fc32.noarch
Local Policy RPM              selinux-policy-targeted-3.14.5-32.fc32.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 5.6.4-300.fc32.x86_64 #1 SMP Mon
                              Apr 13 14:31:58 UTC 2020 x86_64 x86_64
Alert Count                   2
First Seen                    2020-04-14 17:53:23 EDT
Last Seen                     2020-04-15 10:05:15 EDT
Local ID                      c2a250f2-a565-41ca-b854-a4ebd0349110

Raw Audit Messages
type=AVC msg=audit(1586959515.439:141): avc:  denied  { read } for  pid=1053 comm="systemd-resolve" name="SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c" dev="efivarfs" ino=19536 scontext=system_u:system_r:systemd_resolved_t:s0 tcontext=system_u:object_r:efivarfs_t:s0 tclass=file permissive=0


type=SYSCALL msg=audit(1586959515.439:141): arch=x86_64 syscall=openat success=no exit=EACCES a0=ffffff9c a1=56088d28dae0 a2=80100 a3=0 items=1 ppid=1 pid=1053 auid=4294967295 uid=193 gid=193 euid=193 suid=193 fsuid=193 egid=193 sgid=193 fsgid=193 tty=(none) ses=4294967295 comm=systemd-resolve exe=/usr/lib/systemd/systemd-resolved subj=system_u:system_r:systemd_resolved_t:s0 key=(null)

type=CWD msg=audit(1586959515.439:141): cwd=/

type=PATH msg=audit(1586959515.439:141): item=0 name=/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c inode=19536 dev=00:1e mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:efivarfs_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0

Hash: systemd-resolve,systemd_resolved_t,efivarfs_t,file,read

Version-Release number of selected component:
selinux-policy-3.14.5-32.fc32.noarch

Additional info:
component:      selinux-policy
reporter:       libreport-2.12.0
hashmarkername: setroubleshoot
kernel:         5.6.4-300.fc32.x86_64
type:           libreport

Comment 1 Lukas Vrabec 2020-04-20 14:44:21 UTC
*** Bug 1823035 has been marked as a duplicate of this bug. ***

Comment 2 Lukas Vrabec 2020-04-20 14:54:17 UTC
commit 94e50ba442ae8792587879a18d714c10747e7de6 (HEAD -> rawhide)
Author: Lukas Vrabec <lvrabec>
Date:   Mon Apr 20 16:54:13 2020 +0200

    Allow read efivarfs_t files by domains executing systemctl file
    
    Resolves: rhbz#1824196

Comment 3 Fedora Update System 2020-04-29 09:04:52 UTC
FEDORA-2020-3ffe9fdf42 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-3ffe9fdf42

Comment 4 Fedora Update System 2020-04-30 04:13:12 UTC
FEDORA-2020-3ffe9fdf42 has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-3ffe9fdf42`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-3ffe9fdf42

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 5 Zdenek Pytela 2020-04-30 07:11:04 UTC
Lukasi,

This bug was reported not fixed with the update. I cannot see the permission either:

# sesearch -A -s systemd_resolved_t -t efivarfs_t -c file -p read
# sesearch -A -s systemd_modules_load_t -t efivarfs_t -c file
allow domain file_type:file map; [ domain_can_mmap_files ]:True

I even cannot find the commit. Has the commit reached the github repo?

Comment 6 Lukas Vrabec 2020-04-30 08:06:58 UTC
commit ff8b5f9c119a828e92036f86e3d82c898412db59 (HEAD -> rawhide, origin/rawhide)
Author: Lukas Vrabec <lvrabec>
Date:   Thu Apr 30 10:06:21 2020 +0200

    Allow read efivarfs_t files by domains executing systemctl file
    
    Resolves: rhbz#1824196


https://github.com/fedora-selinux/selinux-policy/commit/ff8b5f9c119a828e92036f86e3d82c898412db59

Thanks for heads-up.

Comment 7 Lukas Vrabec 2020-05-04 12:54:42 UTC
*** Bug 1819161 has been marked as a duplicate of this bug. ***

Comment 8 Ryan 2020-05-05 03:40:05 UTC
just noted this happening for me too. following.

Comment 9 Fedora Update System 2020-05-05 11:34:28 UTC
FEDORA-2020-a6cd8de2ed has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-a6cd8de2ed

Comment 11 Nathan Morell 2020-05-05 16:17:07 UTC
Fixed with the following:

# cat efivars-systemd-resolved-fix.te 

module efivars-systemd-resolved-fix 1.0;

require {
        type efivarfs_t;
        type systemd_resolved_t;
        class file { getattr open read };
}

#============= systemd_resolved_t ==============
allow systemd_resolved_t efivarfs_t:file getattr;

#!!!! This avc is allowed in the current policy
allow systemd_resolved_t efivarfs_t:file { open read };


---

# sesearch -A -s systemd_resolved_t -t efivarfs_t -c file -p read
allow systemd_resolved_t efivarfs_t:file { getattr open read };

Comment 12 david.hu.2035 2020-05-06 04:02:07 UTC
Similar problem has been detected:

 It happens when I tried to install some third-party kernel modules

hashmarkername: setroubleshoot
kernel:         5.6.8-300.fc32.x86_64
package:        selinux-policy-targeted-3.14.5-32.fc32.noarch
reason:         SELinux is preventing systemd-modules from 'read' accesses on the file SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c.
type:           libreport

Comment 13 Fedora Update System 2020-05-06 04:30:03 UTC
FEDORA-2020-a6cd8de2ed has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 14 david.hu.2035 2020-05-06 18:02:48 UTC
Similar problem has been detected:

It happens every time when I install a third-party kernel module (probably ashmem?)

hashmarkername: setroubleshoot
kernel:         5.6.10-300.fc32.x86_64
package:        selinux-policy-targeted-3.14.5-38.fc32.noarch
reason:         SELinux is preventing systemd-modules from 'read' accesses on the file SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c.
type:           libreport

Comment 15 david.hu.2035 2020-05-06 18:05:22 UTC
Similar problem has been detected:

Install a third party software called xDroid (a proprietary Android compatibility layer developed by Chinese people)
During the installation process the warning pops up several times.

hashmarkername: setroubleshoot
kernel:         5.6.10-300.fc32.x86_64
package:        selinux-policy-targeted-3.14.5-38.fc32.noarch
reason:         SELinux is preventing systemd-modules from 'read' accesses on the file SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c.
type:           libreport

Comment 16 Anthony Messina 2020-05-06 23:07:26 UTC
This issue is not resolved with this update, even after a manual relabel.  Also note #1827466 in the first AVC.

~]# ausearch -m avc -ts boot
----
time->Wed May  6 17:57:42 2020
type=AVC msg=audit(1588805862.874:118): avc:  denied  { read } for  pid=815 comm="sssd" name="systemd" dev="tmpfs" ino=256 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=dir permissive=1
----
time->Wed May  6 17:57:44 2020
type=AVC msg=audit(1588805864.772:163): avc:  denied  { read } for  pid=925 comm="systemd-resolve" name="SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c" dev="efivarfs" ino=239 scontext=system_u:system_r:systemd_resolved_t:s0 tcontext=system_u:object_r:efivarfs_t:s0 tclass=file permissive=1
----
time->Wed May  6 17:57:44 2020
type=AVC msg=audit(1588805864.772:164): avc:  denied  { open } for  pid=925 comm="systemd-resolve" path="/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c" dev="efivarfs" ino=239 scontext=system_u:system_r:systemd_resolved_t:s0 tcontext=system_u:object_r:efivarfs_t:s0 tclass=file permissive=1
----
time->Wed May  6 17:57:44 2020
type=AVC msg=audit(1588805864.772:165): avc:  denied  { getattr } for  pid=925 comm="systemd-resolve" path="/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c" dev="efivarfs" ino=239 scontext=system_u:system_r:systemd_resolved_t:s0 tcontext=system_u:object_r:efivarfs_t:s0 tclass=file permissive=1

Comment 17 Ryan 2020-05-08 10:36:10 UTC
I am also getting: SELinux is preventing systemd-resolve from read access on the file SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c

selinux-policy 3.14.5-8.fc32

audit2allow generates the following

module my-systemdresolve 1.0;

require {
        type efivarfs_t;
        type systemd_resolved_t;
        class file read;
}

#============= systemd_resolved_t ==============
allow systemd_resolved_t efivarfs_t:file read;

Comment 18 Ryan 2020-05-08 10:39:34 UTC
edit: selinux-policy version is 3.14.5-38.fc32

Comment 19 Ryan 2020-05-08 10:52:55 UTC
after applying the above policy (2 comments up) I now get:

SELinux is preventing systemd-resolve from open access on the file /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c

audit2allow module updated:

module my-systemdresolve 1.0;

require {
        type efivarfs_t;
        type systemd_resolved_t;
        class file { open read };
}

#============= systemd_resolved_t ==============

#!!!! This avc is allowed in the current policy
allow systemd_resolved_t efivarfs_t:file read;
allow systemd_resolved_t efivarfs_t:file open;

Comment 20 Ryan 2020-05-08 11:02:55 UTC
after applying the above policy I get SELinux is preventing systemd-resolve from getattr access on the file /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c

audit2allow policy now looks like:

module my-systemdresolve 1.0;

require {
        type systemd_resolved_t;
        type efivarfs_t;
        class file { getattr open read };
}

#============= systemd_resolved_t ==============
allow systemd_resolved_t efivarfs_t:file getattr;

#!!!! This avc is allowed in the current policy
allow systemd_resolved_t efivarfs_t:file { open read };

this resolves the whole issue

Comment 21 dani 2020-05-09 19:27:22 UTC
Similar problem has been detected:

dnf distro-sync --allowerasing --best --refresh
Happend during 'Running scriptlet: kernel-core-5.6.10-300.fc32.x86_64' phase.

hashmarkername: setroubleshoot
kernel:         5.6.8-300.fc32.x86_64
package:        selinux-policy-targeted-3.14.5-38.fc32.noarch
reason:         SELinux is preventing systemd-modules from 'read' accesses on the file SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c.
type:           libreport

Comment 22 dani 2020-05-09 19:34:51 UTC
I'm not sure if relevant, but I did `fixfiles onboot` in previous session, rebooted, and now had the issue popup during new kernel-core install.

Comment 23 Keefer Rourke 2020-05-09 23:43:17 UTC
Similar problem has been detected:

This SELinux alert was present on first boot after upgrading from Fedora 31 to Fedora 32.

hashmarkername: setroubleshoot
kernel:         5.6.10-300.fc32.x86_64
package:        selinux-policy-targeted-3.14.5-38.fc32.noarch
reason:         SELinux is preventing systemd-modules from 'read' accesses on the file SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c.
type:           libreport

Comment 24 Matthias Andree 2020-05-10 00:32:15 UTC
Similar problem has been detected:

this happened while updating packages (among them kernel packages)

hashmarkername: setroubleshoot
kernel:         5.6.8-300.fc32.x86_64
package:        selinux-policy-targeted-3.14.5-38.fc32.noarch
reason:         SELinux is preventing systemd-modules from 'read' accesses on the Datei SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c.
type:           libreport

Comment 25 Matthias Andree 2020-05-13 16:30:55 UTC
Similar problem has been detected:

This happened after waking up my laptop from suspend. Reason unknown.

hashmarkername: setroubleshoot
kernel:         5.6.10-300.fc32.x86_64
package:        selinux-policy-targeted-3.14.5-38.fc32.noarch
reason:         SELinux is preventing systemd-modules from 'read' accesses on the Datei SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c.
type:           libreport

Comment 26 Baleta 2020-05-19 12:28:35 UTC
Similar problem has been detected:

In boot show message "Failed to start Load Kernel Modules"

hashmarkername: setroubleshoot
kernel:         5.6.12-300.fc32.x86_64
package:        selinux-policy-targeted-3.14.5-38.fc32.noarch
reason:         SELinux is preventing systemd-modules from 'read' accesses on the arquivo SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c.
type:           libreport

Comment 27 Zdenek Pytela 2020-05-19 15:50:13 UTC
*** Bug 1827972 has been marked as a duplicate of this bug. ***

Comment 28 Joseph D. Wagner 2020-05-19 17:05:24 UTC
# ausearch -i -m avc,user_avc,selinux_err,user_selinux_err -ts today
----
type=PROCTITLE msg=audit(05/19/2020 00:01:02.472:577) : proctitle=/usr/bin/systemctl --quiet is-active psacct.service 
type=PATH msg=audit(05/19/2020 00:01:02.472:577) : item=0 name=/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c inode=15548 dev=00:1c mode=file,644 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:efivarfs_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=CWD msg=audit(05/19/2020 00:01:02.472:577) : cwd=/ 
type=SYSCALL msg=audit(05/19/2020 00:01:02.472:577) : arch=x86_64 syscall=openat success=no exit=EACCES(Permission denied) a0=0xffffff9c a1=0x5632c2c7fe40 a2=O_RDONLY|O_NOCTTY|O_CLOEXEC a3=0x0 items=1 ppid=10059 pid=10060 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemctl exe=/usr/bin/systemctl subj=system_u:system_r:logrotate_t:s0 key=(null) 
type=AVC msg=audit(05/19/2020 00:01:02.472:577) : avc:  denied  { read } for  pid=10060 comm=systemctl name=SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c dev="efivarfs" ino=15548 scontext=system_u:system_r:logrotate_t:s0 tcontext=system_u:object_r:efivarfs_t:s0 tclass=file permissive=0

Comment 29 Fedora Update System 2020-05-20 11:52:40 UTC
FEDORA-2020-886cc9af08 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-886cc9af08

Comment 30 Fedora Update System 2020-05-21 05:23:26 UTC
FEDORA-2020-886cc9af08 has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-886cc9af08`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-886cc9af08

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 31 Cenk Kulacoglu 2020-05-21 12:36:14 UTC
Similar problem has been detected:

Happened after dnf update command.


hashmarkername: setroubleshoot
kernel:         5.6.12-300.fc32.x86_64
package:        selinux-policy-targeted-3.14.5-38.fc32.noarch
reason:         SELinux is preventing /usr/lib/systemd/systemd-modules-load from 'read' accesses on the file /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c.
type:           libreport

Comment 32 Zdenek Pytela 2020-05-22 09:21:50 UTC
Changing status to assigned, the reported issue has not been resolved, neither was the similar for systemd_modules_load_t.

Comment 33 Jonathon Poppleton 2020-05-24 09:05:18 UTC
Similar problem has been detected:

Restarted nfs

 sudo systemctl restart rpcbind nfs-server 

the error suddenly appeared

hashmarkername: setroubleshoot
kernel:         5.6.13-300.fc32.x86_64
package:        selinux-policy-targeted-3.14.5-38.fc32.noarch
reason:         SELinux is preventing systemctl from 'read' accesses on the file SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c.
type:           libreport

Comment 34 thewindblows1 2020-05-25 15:43:26 UTC
Similar problem has been detected:

This occurs upon rebooting and whenever I resume (power on) from a hybrid suspend.  This started after upgrading from Fedora 31 to 32.  

The same occurs with systemd-modules:

SELinux is preventing systemd-modules from read access on the file SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c.

Plugin: catchall 
 SELinux denied access requested by systemd-modules. It is not expected that
this access is required by systemd-modules and this access may signal an
intrusion attempt. It is also possible that the specific version or
configuration of the application is causing it to require additional access.

If you believe that systemd-modules should be allowed read access on the SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c file by default.
You should report this as a bug.
You can generate a local policy module to allow this access.
Allow this access for now by executing:
# ausearch -c 'systemd-modules' --raw | audit2allow -M my-systemdmodules
# semodule -X 300 -i my-systemdmodules.pp

hashmarkername: setroubleshoot
kernel:         5.6.13-300.fc32.x86_64
package:        selinux-policy-targeted-3.14.5-38.fc32.noarch
reason:         SELinux is preventing systemctl from 'read' accesses on the file SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c.
type:           libreport

Comment 35 Fedora Update System 2020-05-26 03:12:47 UTC
FEDORA-2020-886cc9af08 has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 36 Hugo Leonardo R. D. Lopes 2020-05-27 16:12:10 UTC
Similar problem has been detected:

A bateria do Notebook acabou no momento da instalação de programas

hashmarkername: setroubleshoot
kernel:         5.6.14-300.fc32.x86_64
package:        selinux-policy-targeted-3.14.5-39.fc32.noarch
reason:         SELinux is preventing systemd-modules from 'read' accesses on the arquivo SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c.
type:           libreport

Comment 37 accounts 2020-05-28 08:47:10 UTC
Similar problem has been detected:

This just popped up after dnf update

hashmarkername: setroubleshoot
kernel:         5.6.8-300.fc32.x86_64
package:        selinux-policy-targeted-3.14.5-39.fc32.noarch
reason:         SELinux is preventing systemd-modules from 'read' accesses on the file SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c.
type:           libreport

Comment 38 Zdenek Pytela 2020-06-03 14:03:32 UTC
I've submitted a new Fedora PR to address the issue:
https://github.com/fedora-selinux/selinux-policy/pull/361

Comment 39 Lukas Vrabec 2020-06-03 14:21:08 UTC
commit 8c4ffe785f5278ca5399563df5091487041d9257 (HEAD -> rawhide, origin/rawhide)
Author: Zdenek Pytela <zpytela>
Date:   Wed Jun 3 16:00:48 2020 +0200

    Allow systemd_resolved_t to read efivarfs
    
    Resolves: rhbz#1824196

Comment 40 Fedora Update System 2020-06-05 13:42:13 UTC
FEDORA-2020-ca8855e4de has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-ca8855e4de

Comment 41 Fedora Update System 2020-06-08 01:46:05 UTC
FEDORA-2020-ca8855e4de has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-ca8855e4de`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-ca8855e4de

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 42 A.J. Bonnema 2020-06-10 06:32:02 UTC
Similar problem has been detected:

This error gets reported after logging on. I suspect it occurs at startup time. But I do not know what software causes this violation.

hashmarkername: setroubleshoot
kernel:         5.6.16-300.fc32.x86_64
package:        selinux-policy-targeted-3.14.5-39.fc32.noarch
reason:         SELinux is preventing systemd-modules from 'read' accesses on the file SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c.
type:           libreport

Comment 43 Zdenek Pytela 2020-06-10 08:39:24 UTC
gbonnema, see bz#1833502, should be resolved in the same policy package version.

Comment 44 A.J. Bonnema 2020-06-10 09:34:11 UTC
Zdenek Pytela, thanks for the pointer.

Comment 45 Masoud 2020-06-11 06:33:07 UTC
Similar problem has been detected:

Just logged in and received this error message

hashmarkername: setroubleshoot
kernel:         5.6.16-300.fc32.x86_64
package:        selinux-policy-targeted-3.14.5-39.fc32.noarch
reason:         SELinux is preventing systemd-modules from 'read' accesses on the file SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c.
type:           libreport

Comment 46 Fedora Update System 2020-06-11 22:57:11 UTC
selinux-policy-3.14.5-40.fc32 has been pushed to the Fedora 32 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.