Bug 1889645
Summary: | SELinux is preventing mandb from 'search' accesses on the directory /var/lib/snapd. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | ricky.tigg |
Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 33 | CC: | dwalsh, fry.futurateam, grepl.miroslav, lvrabec, mmalik, plautrba, vmojzis, zpytela |
Target Milestone: | --- | Keywords: | Triaged |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:c9a9b4ab600c92bd44d26c68a659a592b8ede26cb99c4a99891d84eb9dbad315;VARIANT_ID=workstation; | ||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-10-22 09:17:23 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
ricky.tigg
2020-10-20 09:52:44 UTC
Hi, Could you please ensure you have the snappy selinux module installed and active? 1. Ensure the subpackage is installed: rpm -q snapd-selinux 2. Check the active modules: semodule -lfull|grep -e snappy 3. List all modules with priority 200: ls -l /var/lib/selinux/targeted/active/modules/200/ 4. Check the default context: matchpathcon /var/lib/snapd 5. List the context of the directory: ls -lZ /var/lib/snapd I must have brought confusion to this report by omitting mentioning that snapd had previously been uninstalled. $ rpm -q snapd-selinux package snapd-selinux is not installed # semodule -lfull|grep -e snappy # ls -l /var/lib/selinux/targeted/active/modules/200/ | sed 1d drwx------. 1 root root 28 Oct 16 12:48 container drwx------. 1 root root 28 Oct 16 12:48 flatpak drwx------. 1 root root 28 Oct 16 12:48 mysql $ matchpathcon /var/lib/snapd Deprecated, use selabel_lookup /var/lib/snapd system_u:object_r:var_lib_t:s0 $ ls -lZ /var/lib/snapd | sed 1d drwx------. 1 root root system_u:object_r:unlabeled_t:s0 0 Oct 16 12:48 cache drwxr-xr-x. 1 root root system_u:object_r:unlabeled_t:s0 10 Oct 16 12:48 desktop drwxr-xr-x. 1 root root system_u:object_r:unlabeled_t:s0 0 Oct 16 12:48 sequence Hi, That explains. You should now remove the remnant files/dirs if you don't need them any longer, or relabel if yes with restorecon, and check why mandb wants to go through this directory: /etc/man_db.conf Closing as NOTABUG. Feel free to reopen the bugzilla if the issues continue. *** Bug 1782694 has been marked as a duplicate of this bug. *** |