Description of problem: at first, my hibernate was not working at all. everytime it would just lock screen instead of hibernate, and i would receive this error when i unlock. attempted to follow some instructions for using swap file for hibernation, but it would not work and was getting the error on log in. then i read fedora doesn't use swap but zram, so i tried restoring /etc/systemd/sleep.conf to default settings (HibernateMode default contains platform, which i omitted based on what i was reading) since then, i reconfigure the swap partition with swapoff/on and corrected the /etc/fstab. everything is the same as before to the best of my knowledge, except uuid of swap partition changed and i ran "grub2-mkconfig -o /boot/grub2/grub.cfg" and "dracut --regenerate-all --force" a few times what i dont understand is that 1) now hibernate seems to work 2) this error shows up when it works and doesn't work SELinux is preventing systemd-sleep from 'write' accesses on the directory /sys/firmware/efi/efivars. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that systemd-sleep should be allowed write access on the efivars directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'systemd-sleep' --raw | audit2allow -M my-systemdsleep # semodule -X 300 -i my-systemdsleep.pp Additional Information: Source Context system_u:system_r:systemd_sleep_t:s0 Target Context system_u:object_r:efivarfs_t:s0 Target Objects /sys/firmware/efi/efivars [ dir ] Source systemd-sleep Source Path systemd-sleep Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-38.28-1.fc39.noarch Local Policy RPM selinux-policy-targeted-38.28-1.fc39.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 6.5.4-300.fc39.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Sep 19 13:09:45 UTC 2023 x86_64 Alert Count 1 First Seen 2023-09-23 01:29:41 EDT Last Seen 2023-09-23 01:29:41 EDT Local ID df682841-740a-4ed0-85df-7fd2fa5d19b9 Raw Audit Messages type=AVC msg=audit(1695446981.753:213): avc: denied { write } for pid=3179 comm="systemd-sleep" name="/" dev="efivarfs" ino=17850 scontext=system_u:system_r:systemd_sleep_t:s0 tcontext=system_u:object_r:efivarfs_t:s0 tclass=dir permissive=0 Hash: systemd-sleep,systemd_sleep_t,efivarfs_t,dir,write Version-Release number of selected component: selinux-policy-targeted-38.28-1.fc39.noarch Additional info: reporter: libreport-2.17.11 reason: SELinux is preventing systemd-sleep from 'write' accesses on the directory /sys/firmware/efi/efivars. package: selinux-policy-targeted-38.28-1.fc39.noarch component: selinux-policy hashmarkername: setroubleshoot type: libreport kernel: 6.5.4-300.fc39.x86_64 component: selinux-policy
Created attachment 1990151 [details] File: description
Created attachment 1990152 [details] File: os_info
Hi, Which particular instructions dis you follow? Did you run systemctl daemon-reload to take the fstab changes into account? Can you try the same scenarios in SELinux permissive mode to gather all denials? # setenforce 0
I didn't run systemctl daemon-reload before, but I did just now and the SELinux error still shows up. With permissive mode, it shows 4 alerts: write to /sys/firmware/efi/efivars add_name HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67 create HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67 write,open /sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67 not sure if it was clear, but hibernate is working now. and i didn't do much, just something similar to this https://www.ctrl.blog/entry/fedora-hibernate.html or this https://linuxconfig.org/how-to-restore-hibernation-on-fedora-35 did not include rd.luks.uuid, nor did i delete and create swap again. i think swapoff/on gave me a new UUID? my grub before changes already had the resume=UUID parameter because i created a swap on install. had to replace the UUID since i touched the swap but it was matching before and now. i can see /sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67 file is there as well and shows the time matching the alerts. created and deleted /etc/dracut.conf.d/resume.conf, /etc/systemd/sleep.conf settings is all commented out. the files i wrote i reverted except the swap partition is different UUID, that's all. before it was matching UUID, because that was the default configuration on install, i already had a swap partition, just never tried hibernate.
Please attach avc denials: # ausearch -i -m avc,user_avc,selinux_err,user_selinux_err -ts today
Created attachment 1990681 [details] my alerts from 9/25/2023 hibernate
Thank you.
FEDORA-2023-a2cd3807b5 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-a2cd3807b5
FEDORA-2023-a2cd3807b5 has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-a2cd3807b5` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-a2cd3807b5 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-a2cd3807b5 has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.