$ grub2-mkconfig -o /boot/grub/grub.cfg /usr/sbin/grub2-probe: error: cannot restore the original directory. Most users/admins call grub2-mkconfig from their home directory, so grant it search rights on the home directory (but no more). AVC denial: time->Sun Jan 25 13:56:19 2015 type=UNKNOWN[1327] msg=audit(1422194179.942:64): proctitle=2F7573722F7362696E2F67727562322D70726F6265002D2D7461726765743D646576696365002F type=PATH msg=audit(1422194179.942:64): item=0 name="/root" inode=393217 dev=fc:03 mode=040700 ouid=0 ogid=0 rdev=00:00 obj=root:object_r:user_home_dir_t:s0 nametype=NORMAL type=CWD msg=audit(1422194179.942:64): cwd="/dev" type=SYSCALL msg=audit(1422194179.942:64): arch=c000003e syscall=80 success=no exit=-13 a0=3ae2340a30 a1=3ae234af06 a2=27e2019e5a8 a3=3ae234aef0 items=1 ppid=3365 pid=3369 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="grub2-probe" exe="/usr/sbin/grub2-probe" subj=root:sysadm_r:bootloader_t:s0 key=(null) type=AVC msg=audit(1422194179.942:64): avc: denied { search } for pid=3369 comm="grub2-probe" name="root" dev="vda3" ino=393217 scontext=root:sysadm_r:bootloader_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir The following SELinux policy addition fixes this: userdom_search_user_home_dirs(bootloader_t) Result: $ grub2-mkconfig -o /boot/grub/grub.cfg Generating grub configuration file ... Found linux image: /boot/vmlinuz-3.17.7-hardened-r1 Found linux image: /boot/vmlinuz-3.15.10-hardened-r1 done Reproducible: Always
in ~arch
r4 is stable