Description of problem: SELinux is preventing snapd from 'getattr' accesses on the netlink_route_socket Unknown. ***** Plugin catchall (100. confidence) suggests ************************** If cree que de manera predeterminada, snapd debería permitir acceso getattr sobre Unknown netlink_route_socket. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do allow this access for now by executing: # ausearch -c 'snapd' --raw | audit2allow -M my-snapd # semodule -X 300 -i my-snapd.pp Additional Information: Source Context system_u:system_r:snappy_t:s0 Target Context system_u:system_r:snappy_t:s0 Target Objects Unknown [ netlink_route_socket ] Source snapd Source Path snapd Port <Desconocido> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-283.16.fc27.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.13.13-300.fc27.x86_64 #1 SMP Wed Nov 15 15:47:50 UTC 2017 x86_64 x86_64 Alert Count 1 First Seen 2017-11-23 19:52:21 CST Last Seen 2017-11-23 19:52:21 CST Local ID ce9182b6-16db-410c-a354-c03c86342fb7 Raw Audit Messages type=AVC msg=audit(1511488341.265:274): avc: denied { getattr } for pid=3601 comm="snapd" scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:system_r:snappy_t:s0 tclass=netlink_route_socket permissive=1 Hash: snapd,snappy_t,snappy_t,netlink_route_socket,getattr Version-Release number of selected component: selinux-policy-3.13.1-283.16.fc27.noarch Additional info: component: selinux-policy reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.13.13-300.fc27.x86_64 type: libreport
Snappy is not part of SELinux distribution policy, this should be moved to snappy component. From SELinux POV, this should be allowed. Thanks, Lukas.
snapd-glib-1.39-1.fc28 snapd-2.32.4-1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-4f5c007eb3
snapd-glib-1.39-1.fc27 snapd-2.32.4-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-dd3f9d4285
snapd-glib-1.39-1.fc26 snapd-2.32.4-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-eed204f119
*** Bug 1567059 has been marked as a duplicate of this bug. ***
*** Bug 1567360 has been marked as a duplicate of this bug. ***
snapd-2.32.4-1.fc28, snapd-glib-1.39-1.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-4f5c007eb3
snapd-2.32.4-1.fc27, snapd-glib-1.39-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-dd3f9d4285
snapd-2.32.4-1.fc26, snapd-glib-1.39-1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-eed204f119
snapd-2.32.4-1.fc28, snapd-glib-1.39-1.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
snapd-2.32.4-1.fc26, snapd-glib-1.39-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
snapd-2.32.4-1.fc27, snapd-glib-1.39-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.