1661158 – IO error and AVC denial when creating snapshot using snapper tool [rhel-7.6.z]

Bug 1661158 - IO error and AVC denial when creating snapshot using snapper tool [rhel-7.6.z]

Summary: IO error and AVC denial when creating snapshot using snapper tool [rhel-7.6.z]

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	selinux-policy
Sub Component:
Version:	7.6
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Lukas Vrabec
QA Contact:	Milos Malik
Docs Contact:	Mirek Jahoda
URL:
Whiteboard:
Depends On:	1619306
Blocks:
TreeView+	depends on / blocked

Reported:	2018-12-20 08:44 UTC by RAD team bot copy to z-stream
Modified:	2019-05-07 18:23 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Prior to this update, an allow rule for the snapper daemon (snapperd) was missing in the SELinux policy. Consequently, snapper was not able to create a configuration file on a btrfs volume for a new snapshot with SELinux in enforcing mode. With this update, the missing rule has been added, and SELinux now allows snapperd to manage all non-security directories.
Clone Of:	1619306
Environment:
Last Closed:	2019-01-29 17:24:35 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2019:0192	0	None	None	None	2019-01-29 17:24:36 UTC

Description RAD team bot copy to z-stream 2018-12-20 08:44:45 UTC

This bug has been copied from bug #1619306 and has been proposed to be backported to 7.6 z-stream (EUS).

Comment 2 Lukas Vrabec 2018-12-20 09:10:26 UTC

commit 9e34b98ea6f035934dfc7010b484abb0c2c44b08 (HEAD -> rhel7.6-contrib, origin/rhel7.6-contrib)
Author: Lukas Vrabec <lvrabec>
Date:   Mon Dec 17 11:16:08 2018 +0100

    Update snapperd policy to allow snapperd manage all non security dirs.
    Resolves: rhbz#1661158

Comment 8 errata-xmlrpc 2019-01-29 17:24:35 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0192

Note You need to log in before you can comment on or make changes to this bug.