Timothée Ravier

That's likely https://github.com/coreos/fedora-coreos-tracker/issues/1771

Looks like this has been fixed in the SELinux policy that landed in F41.

I spoke too soon, I can still see some issues on Silverblue: ``` type=AVC msg=audit(1725290040.770:429): avc: denied { getattr } for pid=4524 comm="bootupctl" path="/boot/efi/EFI/BOOT/BOOTIA32.EFI" dev="vda1" ino=142 scontext=system_u:system_r:bootupd_t:s0 tcontext=system_u:object_r:dosfs_t:s0 tclass=file permissive=1...

Filed: https://github.com/fedora-selinux/selinux-policy/issues/2334

Part 2 in https://github.com/fedora-selinux/selinux-policy/issues/2341

Freeze exception for F41: https://bugzilla.redhat.com/show_bug.cgi?id=2309742

Looks like fixes has just been merged in the policy. We'll have to wait for a build and test this again.

This should be fixed with [selinux-policy-41.26-1.fc41](https://bodhi.fedoraproject.org/updates/FEDORA-2024-ee068c46d3).

Great! Thanks!

See https://docs.fedoraproject.org/en-US/fedora-silverblue/troubleshooting/#_running_restorecon for why you should never run `restorecon -R` on `/sysroot`. It's also part of the reasons that we made `/sysroot` RO by default on Atomic Desktops. There should...