Comment # 1 on bug 1228380 from pallas wept

Since this was effectively denying access to logs I have blindly applied the
advice given by the tool. 

ausearch -c 'grub' --raw | audit2allow -M my-grub

Adding this new rule has apparently exposed a new flood of errors as follows:

type=AVC msg=audit(1722125351.618:425): avc: denied { execute_no_trans } for
pid=18478 comm="grub" path="/usr/bin/grub2-script-check" dev="nvme0n1p2"
ino=4261732 scontext=system_u:system_r:snapperd_t:s0
tcontext=system_u:object_r:bootloader_exec_t:s0 tclass=file permissive=0 

I have 10 minutes uptime and just over 300 errors so that one is relatively
tame at once every 2 seconds on average, in bursts... Still, very not good.