Description of problem: SELinux is preventing systemd from 'read' accesses on the lnk_file /var/lib/snapd/snap/core/current. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that systemd should be allowed read access on the current lnk_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'systemd' --raw | audit2allow -M my-systemd # semodule -X 300 -i my-systemd.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:object_r:snappy_var_lib_t:s0 Target Objects /var/lib/snapd/snap/core/current [ lnk_file ] Source systemd Source Path systemd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM <Unknown> Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.12.13-300.fc26.x86_64 #1 SMP Thu Sep 14 16:00:38 UTC 2017 x86_64 x86_64 Alert Count 23 First Seen 2017-06-02 21:51:26 CEST Last Seen 2017-09-30 14:27:59 CEST Local ID b92921f9-a2a8-4935-9828-538030836418 Raw Audit Messages type=AVC msg=audit(1506774479.970:155): avc: denied { read } for pid=1 comm="systemd" name="current" dev="dm-1" ino=2100022 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:snappy_var_lib_t:s0 tclass=lnk_file permissive=0 Hash: systemd,init_t,snappy_var_lib_t,lnk_file,read Additional info: component: selinux-policy reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.13.12-300.fc27.x86_64 type: libreport Potential duplicate: bug 1444808
*** Bug 1514801 has been marked as a duplicate of this bug. ***
*** Bug 1514802 has been marked as a duplicate of this bug. ***
*** Bug 1514804 has been marked as a duplicate of this bug. ***
*** Bug 1514805 has been marked as a duplicate of this bug. ***
*** Bug 1514807 has been marked as a duplicate of this bug. ***
*** Bug 1514808 has been marked as a duplicate of this bug. ***
*** Bug 1514809 has been marked as a duplicate of this bug. ***
*** Bug 1514810 has been marked as a duplicate of this bug. ***
*** Bug 1514811 has been marked as a duplicate of this bug. ***
*** Bug 1514812 has been marked as a duplicate of this bug. ***
*** Bug 1514813 has been marked as a duplicate of this bug. ***
Hi, I closed all bugs related to snappy_t SELinux domain, because as I said, this module is not part of Distribution selinux-policy rpm package. I'm here to help with this policy if you point me to right repository with policy sources. Closing this as CANTFIX. Lukas.
Description of problem: browsing in Nautilus/maybe NextCloud has something to do with it Version-Release number of selected component: selinux-policy-3.13.1-283.14.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.13.12-300.fc27.x86_64 type: libreport
Description of problem: user login Version-Release number of selected component: selinux-policy-3.13.1-283.17.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.13.15-300.fc27.x86_64 type: libreport
> I'm here to help with this policy if you point me to right repository with policy sources. Ah, all right. I assume it happens, because I have installed VLC from https://rpmfusion.org/. Just reported it there, too: https://bugzilla.rpmfusion.org/show_bug.cgi?id=4725 Also seems to be related to Bug 1520031, Bug 1520032. Also this happens from time to time: setroubleshootd: SELinux is preventing snapd from getattr access on the lnk_file /etc/pki/tls/certs/ca-bundle.crt. For complete SELinux messages run: sealert -l 9cb8f0c9-ec37-4490-be62-97a6cffc550d
(In reply to rugk from comment #15) > > I'm here to help with this policy if you point me to right repository with policy sources. > > Ah, all right. I assume it happens, because I have installed VLC from > https://rpmfusion.org/. NACK vlc in rpmfusion can't cope with snapd. Sorry, you need to set a better description of your issue.
Description of problem: sudo dnf install snapd sudo ln -s /var/lib/snapd/snap /snap snap install spotify Version-Release number of selected component: selinux-policy-3.13.1-283.21.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.14.14-300.fc27.x86_64 type: libreport
Description of problem: I installed snapd (`sudo dnf install snapd`) and installed Spotify (`sudo snap install spotify`). All kinds of AVC denials came up during the install of snapd, spotify and launching spotify. Spotify doesn't launch. I tried reinstalling snapd and its dependencies. Version-Release number of selected component: selinux-policy-3.13.1-283.21.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.14.16-300.fc27.x86_64 type: libreport
Description of problem: Installed snapd (sudo dnf install snapd). During the installation process several SELinux denials are raised Version-Release number of selected component: selinux-policy-3.13.1-283.24.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.14.16-300.fc27.x86_64 type: libreport
Description of problem: Il m'est dit que snapd demande des autorisation mais il a jamais fonctionné sur mo pc alors je l'ai supprimé avec la commande: "sudo dnf remove snapd" Et malgré le fait qu'il n'est plus dans mon pc il me demande toujours des authorisations c'est étrange The computer said to me snapd request authorisation but the problem it's simple I remove snapd because it doesn't work: "sudo dnf remove snapd" And weirdly it ask authorisation again but I don't find it in my system Sorry if my translation is not good I learn English the best I can. Version-Release number of selected component: selinux-policy-3.13.1-283.19.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.14.18-300.fc27.x86_64 type: libreport
Description of problem: Installed snapd. Rebooted. Getting this message. Version-Release number of selected component: selinux-policy-3.13.1-283.24.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.3-300.fc27.x86_64 type: libreport
Description of problem: Followed the directions to install Spotify under Fedora from the FedoraProject.org wiki: https://fedoraproject.org/wiki/Spotify These are the three steps: sudo dnf install snapd sudo ln -s /var/lib/snapd/snap /snap snap install spotify The alert came up during the "snap install spotify" command. Version-Release number of selected component: selinux-policy-3.13.1-283.24.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.4-300.fc27.x86_64 type: libreport
Description of problem: Just enable snappy support in GNOME software and the pop up from SELinux will start appearing every couple seconds. Version-Release number of selected component: selinux-policy-3.13.1-283.24.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.4-300.fc27.x86_64 type: libreport
Description of problem: Enable Snappy support in GNOME software. Version-Release number of selected component: selinux-policy-3.13.1-283.24.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.4-300.fc27.x86_64 type: libreport
Description of problem: Enabling Snappy support in GNOME Software. Version-Release number of selected component: selinux-policy-3.13.1-283.24.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.4-300.fc27.x86_64 type: libreport
Description of problem: I got this error after login into my user after fresh boot. Version-Release number of selected component: selinux-policy-3.13.1-283.26.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.6-300.fc27.x86_64 type: libreport
Description of problem: restarting the system shows multiple such errors and keeps on showing them. Version-Release number of selected component: selinux-policy-3.13.1-283.26.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.6-300.fc27.x86_64 type: libreport
Description of problem: Booted from external hard drive via USB3-1, did nothing else.. Version-Release number of selected component: selinux-policy-3.13.1-283.26.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.6-300.fc27.x86_64 type: libreport
Description of problem: sudo dnf install snapd After this SELinux goes wild - 50+ denials then PC locked up. After hard reset I had to immediately uninstall snapd due to a steady stream of SELinux denials. Version-Release number of selected component: selinux-policy-3.13.1-283.26.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.6-300.fc27.x86_64 type: libreport
Description of problem: SElinux blocking every snapd access not just 'getattr'. There are 40 other snapd function call alerts. After installing the snapd package the problem starts immediately. Snapd version is: snapd 2.31.1-2.fc27 Version-Release number of selected component: selinux-policy-3.13.1-283.26.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.8-300.fc27.x86_64 type: libreport
Description of problem: i install snap Version-Release number of selected component: selinux-policy-3.13.1-283.26.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.9-300.fc27.x86_64 type: libreport
Description of problem: I just turned on my pc and the notification pop-up, I don't even know what this problem is. Version-Release number of selected component: selinux-policy-3.13.1-283.26.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.8-300.fc27.x86_64 type: libreport
Description of problem: just using a snap, phpstorm, from snapcraft. Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.9-300.fc27.x86_64 type: libreport
Description of problem: after the system update, remmina remote desktop does not work anymore, the last update Version-Release number of selected component: selinux-policy-3.13.1-283.26.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.9-300.fc27.x86_64 type: libreport
Description of problem: Opening hiri e-mail client installed as a snap Version-Release number of selected component: selinux-policy-3.13.1-283.28.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.10-300.fc27.x86_64 type: libreport
Description of problem: I was watching a Hulu movie and the SELinux alert came up. I recently installed the "snapd" package from Ubuntu, installed one trial "Snap", and I have been receiving SELinux alerts ever since. Version-Release number of selected component: selinux-policy-3.13.1-283.28.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.10-300.fc27.x86_64 type: libreport
Description of problem: I installed snapd and afterwards the snap-package spotify Version-Release number of selected component: selinux-policy-3.13.1-283.29.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.13-300.fc27.x86_64 type: libreport
Description of problem: 1) start laptop 2) enter password for encrypted harddrive 3) enter password for desktop session 4) GDM crashes and restarts 5) enter password for desktop session, again 6) logged in, but with reported error Version-Release number of selected component: selinux-policy-3.13.1-283.29.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.12-301.fc27.x86_64 type: libreport
Description of problem: It just started to show. I don't know what is causing this. Maybe autoupdates. Version-Release number of selected component: selinux-policy-3.13.1-283.30.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.14-300.fc27.x86_64 type: libreport
Description of problem: It just appeared as a notification. I understand systemd must have access to any file Version-Release number of selected component: selinux-policy-3.13.1-283.30.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.15-300.fc27.x86_64 type: libreport
(In reply to Checho Molinero from comment #40) > Description of problem: > It just appeared as a notification. I understand systemd must have access to > any file I believe it's another systemd inside snap.
Description of problem: Installed snapd & Spotify snap. Spotify works fine but SELinux throws a bunch of repetitive alerts. Version-Release number of selected component: selinux-policy-3.13.1-283.30.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.17-300.fc27.x86_64 type: libreport
Description of problem: i got this bug when i boot my computer Version-Release number of selected component: selinux-policy-3.13.1-283.30.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.17-300.fc27.x86_64 type: libreport
*** Bug 1572444 has been marked as a duplicate of this bug. ***
Description of problem: Running snapd Version-Release number of selected component: selinux-policy-3.13.1-283.30.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.16.3-200.fc27.x86_64 type: libreport
(In reply to Adam Farden from comment #29) > Description of problem: > sudo dnf install snapd > > After this SELinux goes wild - 50+ denials then PC locked up. After hard > reset I had to immediately uninstall snapd due to a steady stream of SELinux > denials. I had this problem too -- many selinux denials and then lock up. It wasn't a complete system hang, but X died. snapd on Fedora seems unusable for now.
Description of problem: Luego instalar spotify con snap y al reiniciar y iniciarla me solte este error luego de unos 3 min inicio la aplicacion Version-Release number of selected component: selinux-policy-3.13.1-283.32.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.13.9-300.fc27.x86_64 type: libreport
Description of problem: al apagar la pc o reiniciar, no se apaga si no es aplastando el boton y teniendolo aplastado Version-Release number of selected component: selinux-policy-3.13.1-283.32.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.16.5-200.fc27.x86_64 type: libreport
Description of problem: This happened after a fresh install of snapd, when trying to install notepadqq (#snap install notepadqq) after that, I got multiple SElinux notifications. (https://imgur.com/a/dvsZMSa) (snapd was installed using #dnf install snapd; #ln -s /var/lib/snapd/snap /snap) System is Fedora 27 xfce Version-Release number of selected component: selinux-policy-3.13.1-283.30.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.17-300.fc27.x86_64 type: libreport