Description of problem: This happened on the first boot after upgrading Fedora 31 to 32. SELinux is preventing systemd-modules from 'getattr' accesses on the file /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that systemd-modules should be allowed getattr access on the SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'systemd-modules' --raw | audit2allow -M my-systemdmodules # semodule -X 300 -i my-systemdmodules.pp Additional Information: Source Context system_u:system_r:systemd_modules_load_t:s0 Target Context system_u:object_r:efivarfs_t:s0 Target Objects /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca -11d2-aa0d-00e098032b8c [ file ] Source systemd-modules Source Path systemd-modules Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-3.14.5-32.fc32.noarch Local Policy RPM selinux-policy-targeted-3.14.5-32.fc32.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 5.6.6-300.fc32.x86_64 #1 SMP Tue Apr 21 13:44:19 UTC 2020 x86_64 x86_64 Alert Count 1 First Seen 2020-04-28 23:06:06 CEST Last Seen 2020-04-28 23:06:06 CEST Local ID 2d6199a6-d4c6-4836-b06a-c7a6634e0484 Raw Audit Messages type=AVC msg=audit(1588107966.577:349): avc: denied { getattr } for pid=40362 comm="systemd-modules" path="/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c" dev="efivarfs" ino=2516 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:efivarfs_t:s0 tclass=file permissive=1 Hash: systemd-modules,systemd_modules_load_t,efivarfs_t,file,getattr Version-Release number of selected component: selinux-policy-targeted-3.14.5-32.fc32.noarch Additional info: component: selinux-policy reporter: libreport-2.12.0 hashmarkername: setroubleshoot kernel: 5.6.6-300.fc32.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 1833502 ***