Description of problem: Related to snapd. SELinux is preventing cp from 'setattr' accesses on the plik user-dirs.locale. ***** Plugin catchall (100. confidence) suggests ************************** Aby cp powinno mieć domyślnie setattr dostęp do user-dirs.locale file. Then proszę to zgłosić jako błąd. Można utworzyć lokalny moduł polityki, aby umożliwić ten dostęp. Do można tymczasowo zezwolić na ten dostęp wykonując polecenia: # ausearch -c 'cp' --raw | audit2allow -M my-cp # semodule -X 300 -i my-cp.pp Additional Information: Source Context system_u:system_r:snappy_t:s0 Target Context unconfined_u:object_r:config_home_t:s0 Target Objects user-dirs.locale [ file ] Source cp Source Path cp Port <Nieznane> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-283.34.fc27.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.16.7-200.fc27.x86_64 #1 SMP Wed May 2 20:33:31 UTC 2018 x86_64 x86_64 Alert Count 2 First Seen 2018-05-10 20:04:54 CEST Last Seen 2018-05-11 17:49:00 CEST Local ID 7f5035a5-7c92-4e61-814f-b0e71b8f5487 Raw Audit Messages type=AVC msg=audit(1526053740.907:278): avc: denied { setattr } for pid=2719 comm="cp" name="user-dirs.locale" dev="dm-2" ino=2361479 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:config_home_t:s0 tclass=file permissive=1 Hash: cp,snappy_t,config_home_t,file,setattr Version-Release number of selected component: selinux-policy-3.13.1-283.34.fc27.noarch Additional info: component: selinux-policy reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.16.7-200.fc27.x86_64 type: libreport
snapd-2.35-1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-d6660293c6
snapd-2.35-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-d6660293c6
snapd-2.35-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
Issue persists on F30, package snapd-2.39.2-1.fc30.x86_64
Just to add more detail: SELinux is preventing cp from setattr access on the file user-dirs.locale. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that cp should be allowed setattr access on the user-dirs.locale file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'cp' --raw | audit2allow -M my-cp # semodule -X 300 -i my-cp.pp Additional Information: Source Context system_u:system_r:snappy_t:s0 Target Context unconfined_u:object_r:config_home_t:s0 Target Objects user-dirs.locale [ file ] Source cp Source Path cp Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.3-40.fc30.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux dhcp-2.brq.redhat.com 5.1.17-300.fc30.x86_64 #1 SMP Wed Jul 10 15:20:27 UTC 2019 x86_64 x86_64 Alert Count 1 First Seen 2019-07-19 08:45:53 CEST Last Seen 2019-07-19 08:45:53 CEST Local ID 8732f3e0-9ccd-40fc-bcf3-0fe1eac5e67a Raw Audit Messages type=AVC msg=audit(1563518753.470:869): avc: denied { setattr } for pid=4461 comm="cp" name="user-dirs.locale" dev="dm-3" ino=11291731 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:config_home_t:s0 tclass=file permissive=1 Hash: cp,snappy_t,config_home_t,file,setattr
This bug is now tracked in an aggregate helper issue: https://bugs.launchpad.net/snapd/+bug/1863747