Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1778389

Summary: error: lsetfilecon: (/boot/efi/EFI/fedora, system_u:object_r:boot_t:s0) Operation not supported
Product: [Fedora] Fedora Reporter: Sam Varshavchik <mrsam>
Component: grub2Assignee: Peter Jones <pjones>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 31CC: bugzilla, didiksupriadi41, fmartine, lkundrak, pjones, prd-fedora
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-01-18 19:25:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sam Varshavchik 2019-11-30 15:40:46 UTC 
Description of problem:

Latest grub2 update logs a bunch of permission errors:

  Upgrading        : glib2-2.62.3-1.fc31.x86_64                           1/184 
  Upgrading        : grub2-common-1:2.02-103.fc31.noarch                  2/184 
error: lsetfilecon: (/boot/efi/EFI/fedora, system_u:object_r:boot_t:s0) Operation not supported

Other grub2 packages logged similar errors for stuff that they install into /boot/efi/EFI

Version-Release number of selected component (if applicable):

grub2-common-1:2.02-103.fc31.noarch

How reproducible:

About half of various servers reported these errors when installing this update.

Steps to Reproduce:
1. install the grub update

Actual results:

A bunch of permission errors, but the update does get installed.

Expected results:

No errors.

Additional info:

The errors do not appear to be fatal, the servers that experienced this problem seem to have survived their reboot.

The servers that appear to experience this problem use EFI to boot, and the selinux context is:

drwx------. 3 root root system_u:object_r:dosfs_t:s0 4096 Nov 30 10:29 /boot/efi/EFI/fedora

restorecon does not appear to fix this.

Non-EFI servers without a /boot/efi:

drwx------. 2 root root system_u:object_r:boot_t:s0 1024 Oct 10 03:35 /boot/efi/EFI/fedora
Comment 1 Chris Murphy 2020-01-18 19:25:27 UTC 

*** This bug has been marked as a duplicate of bug 1722766 ***
Comment 2 Didik Supriadi 2020-04-23 21:59:11 UTC 
(In reply to Chris Murphy from comment #1)
> 
> *** This bug has been marked as a duplicate of bug 1722766 ***

same problem BUT bug 1722766 doesn't fix my issues, please reopen
Comment 3 Didik Supriadi 2020-04-23 22:07:08 UTC 
specifically: bug 1722766, comment 29
Comment 4 Didik Supriadi 2020-04-23 22:53:55 UTC 
I'm just worried if it could be an issue when I do system-upgrade for Fedore next release, F32.