Just a heads up, I’ve proposed snapd 2.53.1 to the openSUSE repositories. Since Leap 15.3 has more recent packages, I have enabled AppArmor during the build. This means that once the package lands in the repository, the sudo systemctl enable --now snapd.apparmor
step will apply to both Tumbleweed and 15.3+.
I think we should tweak the instructions to provide first and foremost the commands for installation on Tumbleweed. That’s where we have most users, and I suspect folks often make a mistake of not replacing 15.3 with Tumbleed as the text below the command example states. Perhaps the paragraph does not stand out as much as it should, specially when viewed through Installing snap on openSUSE | Snapcraft documentation where it’s just gray on light gray, no admonition or anything like that.
Also, 15.3 is EOL, the current release if 15.5.
Given the above, perhaps we should have a separate paragraph for Tumbleweed and Leap, each with a header such that they stand out a little bit more. WDYT?
That makes complete sense, yes - I think you’re right, and having two separate paragraphs is a good idea too. I’ll fix the text.
I noticed in the instructions that the zypper repo for Tumbleweed has a typo. It should read https://download.opensuse.org/repositories/system:/snappy/openSUSE_Tumbleweed
instead. This was verified on a freshly installed VM.
Thank you so much! I’ve just updated the document.
snapd is blocked on tumbleweed by selinux. To solve this you have to install policy rules for selinux. To do so I installed package snapd-selinux-2.63-0.fc41.noarch.rpm of RedHat RawHide:
sudo mkdir /var/lib/rpm-state/
sudo rpm -ivh snapd-selinux-2.63-0.fc41.noarch.rpm
Then you can install for example newest skype with:
sudo snap install skype
Can you share more details about your configuration? SELinux is an option on openSUSE if you set up your system this way, but we currently do not build the policy for openSUSE . There is a plan to upstream the snapd policy to selinux-reference-policy but this work has not been started yet.
I would advise against installing the rpm policy from Fedora as may have been built against a completely different version of the SELInux policy.
Hi, it is newest tumbleweed with selinux enabled:
from selinux-policy-20240321-1.2.noarch: /etc/selinux/config:
SELINUX=permissive SELINUXTYPE=targeted
It is noted: This file controls the state of SELinux on the system. SELinux can be completly disabled with the “selinux=0” kernel commandline option.
No, with setting back to selinux=0, I couldn’t boot the system again! It failed! I had to boot and update with tumbleweed usb stick to fix this!
selinux is now default at install of tumbleweed or leap.
I’m sorry, I’m quite confused, AFAIK there is no plan to make SELinux default in Factory or TW. In fact the TW installer still shows AppArmor as the default major LSM and that how it installs by default. IIRC Aeon (formerly MicroOS) uses SELinux out of the box. If the defaults are being discussed in the Factory mailing list post I may have missed, I’d appreciate a link.
Anyhow, as I wrote earlier, snapd does not support switching the major LSM at the moment, nor does it support selection of one at runtime. I think you can try to rebuild the package yourself from src.rpm and change the configure options for snap-confine.