I was in the process of trying to do some verification on fedora for the snapcraft snap and ran into what seem to be two issues:
- the rpm for snapd tries to setup selinux when the kernel is the ubuntu kernel
- snapd tried to install core by running apparmor hooks when the fedora userspace is not setup for such action
What follows are the logs:
[root@snapcraft-fedora ~]# dnf install snapd
Last metadata expiration check: 2:51:53 ago on Sat Nov 11 16:20:17 2017.
Dependencies resolved.
=================================================================================================================================
Package Arch Version Repository Size
=================================================================================================================================
Installing:
snapd x86_64 2.28.5-2.fc26 updates 9.4 M
Installing dependencies:
audit x86_64 2.8.1-1.fc26 updates 248 k
audit-libs-python3 x86_64 2.8.1-1.fc26 updates 79 k
bash-completion noarch 1:2.6-1.fc26 updates 271 k
checkpolicy x86_64 2.6-1.fc26 fedora 296 k
libcgroup x86_64 0.41-11.fc26 fedora 66 k
libselinux-python3 x86_64 2.6-7.fc26 updates 241 k
libsemanage-python3 x86_64 2.6-4.fc26 fedora 112 k
policycoreutils-python-utils x86_64 2.6-6.fc26 updates 219 k
policycoreutils-python3 x86_64 2.6-6.fc26 updates 1.8 M
python-IPy-python3 noarch 0.81-18.fc26 fedora 41 k
selinux-policy noarch 3.13.1-260.13.fc26 updates 507 k
selinux-policy-minimum noarch 3.13.1-260.13.fc26 updates 8.8 M
setools-python3 x86_64 4.1.0-5.fc26 updates 570 k
snap-confine x86_64 2.28.5-2.fc26 updates 1.7 M
snapd-selinux noarch 2.28.5-2.fc26 updates 61 k
squashfs-tools x86_64 4.3-13.fc26 fedora 159 k
tcp_wrappers-libs x86_64 7.6-85.fc26 fedora 71 k
Transaction Summary
=================================================================================================================================
Install 18 Packages
Total size: 25 M
Total download size: 20 M
Installed size: 73 M
Is this ok [y/N]: y
Downloading Packages:
[SKIPPED] snap-confine-2.28.5-2.fc26.x86_64.rpm: Already downloaded
[SKIPPED] snapd-selinux-2.28.5-2.fc26.noarch.rpm: Already downloaded
[SKIPPED] squashfs-tools-4.3-13.fc26.x86_64.rpm: Already downloaded
[SKIPPED] policycoreutils-python-utils-2.6-6.fc26.x86_64.rpm: Already downloaded
[SKIPPED] policycoreutils-python3-2.6-6.fc26.x86_64.rpm: Already downloaded
[SKIPPED] audit-libs-python3-2.8.1-1.fc26.x86_64.rpm: Already downloaded
[SKIPPED] libselinux-python3-2.6-7.fc26.x86_64.rpm: Already downloaded
[SKIPPED] checkpolicy-2.6-1.fc26.x86_64.rpm: Already downloaded
[SKIPPED] libsemanage-python3-2.6-4.fc26.x86_64.rpm: Already downloaded
[SKIPPED] python-IPy-python3-0.81-18.fc26.noarch.rpm: Already downloaded
(11/18): audit-2.8.1-1.fc26.x86_64.rpm 121 kB/s | 248 kB 00:02
(12/18): bash-completion-2.6-1.fc26.noarch.rpm 167 kB/s | 271 kB 00:01
(13/18): tcp_wrappers-libs-7.6-85.fc26.x86_64.rpm 17 kB/s | 71 kB 00:04
(14/18): setools-python3-4.1.0-5.fc26.x86_64.rpm 158 kB/s | 570 kB 00:03
(15/18): libcgroup-0.41-11.fc26.x86_64.rpm 15 kB/s | 66 kB 00:04
(16/18): selinux-policy-3.13.1-260.13.fc26.noarch.rpm 180 kB/s | 507 kB 00:02
(17/18): snapd-2.28.5-2.fc26.x86_64.rpm 139 kB/s | 9.4 MB 01:09
(18/18): selinux-policy-minimum-3.13.1-260.13.fc26.noarch.rpm 138 kB/s | 8.8 MB 01:04
---------------------------------------------------------------------------------------------------------------------------------
Total 269 kB/s | 20 MB 01:15
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : libselinux-python3-2.6-7.fc26.x86_64 1/18
Installing : libsemanage-python3-2.6-4.fc26.x86_64 2/18
Installing : selinux-policy-3.13.1-260.13.fc26.noarch 3/18
Running scriptlet: selinux-policy-3.13.1-260.13.fc26.noarch 3/18
Running scriptlet: libcgroup-0.41-11.fc26.x86_64 4/18
Installing : libcgroup-0.41-11.fc26.x86_64 4/18
Running scriptlet: libcgroup-0.41-11.fc26.x86_64 4/18
Installing : setools-python3-4.1.0-5.fc26.x86_64 5/18
Installing : bash-completion-1:2.6-1.fc26.noarch 6/18
Installing : tcp_wrappers-libs-7.6-85.fc26.x86_64 7/18
Running scriptlet: tcp_wrappers-libs-7.6-85.fc26.x86_64 7/18
Installing : audit-2.8.1-1.fc26.x86_64 8/18
Running scriptlet: audit-2.8.1-1.fc26.x86_64 8/18
Installing : audit-libs-python3-2.8.1-1.fc26.x86_64 9/18
Installing : python-IPy-python3-0.81-18.fc26.noarch 10/18
Installing : checkpolicy-2.6-1.fc26.x86_64 11/18
Installing : policycoreutils-python3-2.6-6.fc26.x86_64 12/18
Installing : policycoreutils-python-utils-2.6-6.fc26.x86_64 13/18
Running scriptlet: selinux-policy-minimum-3.13.1-260.13.fc26.noarch 14/18
Installing : selinux-policy-minimum-3.13.1-260.13.fc26.noarch 14/18
Running scriptlet: selinux-policy-minimum-3.13.1-260.13.fc26.noarch 14/18
Traceback (most recent call last):
File "/usr/sbin/semanage", line 28, in <module>
import seobject
File "/usr/lib64/python3.6/site-packages/seobject.py", line 1046, in <module>
class portRecords(semanageRecords):
File "/usr/lib64/python3.6/site-packages/seobject.py", line 1048, in portRecords
valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"])
File "/usr/lib/python3.6/site-packages/sepolicy/__init__.py", line 196, in <genexpr>
return ({
File "/usr/lib64/python3.6/site-packages/setools/typeattrquery.py", line 65, in results
for attr in self.policy.typeattributes():
AttributeError: 'NoneType' object has no attribute 'typeattributes'
Failed to resolve typeattributeset statement at /var/lib/selinux/minimum/tmp/modules/100/xserver/cil:472
/usr/sbin/semodule: Failed!
Running scriptlet: snapd-selinux-2.28.5-2.fc26.noarch 15/18
Installing : snapd-selinux-2.28.5-2.fc26.noarch 15/18
Running scriptlet: snapd-selinux-2.28.5-2.fc26.noarch 15/18
Failed to resolve roletype statement at /var/lib/selinux/targeted/tmp/modules/200/snappy/cil:12
/usr/sbin/semodule: Failed!
Installing : squashfs-tools-4.3-13.fc26.x86_64 16/18
Installing : snap-confine-2.28.5-2.fc26.x86_64 17/18
Installing : snapd-2.28.5-2.fc26.x86_64 18/18
Running scriptlet: snapd-2.28.5-2.fc26.x86_64 18/18
Running scriptlet: snapd-selinux-2.28.5-2.fc26.noarch 18/18
Running scriptlet: snapd-2.28.5-2.fc26.x86_64 18/18
Verifying : snapd-2.28.5-2.fc26.x86_64 1/18
Verifying : snap-confine-2.28.5-2.fc26.x86_64 2/18
Verifying : snapd-selinux-2.28.5-2.fc26.noarch 3/18
Verifying : squashfs-tools-4.3-13.fc26.x86_64 4/18
Verifying : policycoreutils-python-utils-2.6-6.fc26.x86_64 5/18
Verifying : policycoreutils-python3-2.6-6.fc26.x86_64 6/18
Verifying : audit-libs-python3-2.8.1-1.fc26.x86_64 7/18
Verifying : libselinux-python3-2.6-7.fc26.x86_64 8/18
Verifying : checkpolicy-2.6-1.fc26.x86_64 9/18
Verifying : libsemanage-python3-2.6-4.fc26.x86_64 10/18
Verifying : python-IPy-python3-0.81-18.fc26.noarch 11/18
Verifying : audit-2.8.1-1.fc26.x86_64 12/18
Verifying : tcp_wrappers-libs-7.6-85.fc26.x86_64 13/18
Verifying : bash-completion-1:2.6-1.fc26.noarch 14/18
Verifying : setools-python3-4.1.0-5.fc26.x86_64 15/18
Verifying : libcgroup-0.41-11.fc26.x86_64 16/18
Verifying : selinux-policy-minimum-3.13.1-260.13.fc26.noarch 17/18
Verifying : selinux-policy-3.13.1-260.13.fc26.noarch 18/18
Installed:
snapd.x86_64 2.28.5-2.fc26 audit.x86_64 2.8.1-1.fc26
audit-libs-python3.x86_64 2.8.1-1.fc26 bash-completion.noarch 1:2.6-1.fc26
checkpolicy.x86_64 2.6-1.fc26 libcgroup.x86_64 0.41-11.fc26
libselinux-python3.x86_64 2.6-7.fc26 libsemanage-python3.x86_64 2.6-4.fc26
policycoreutils-python-utils.x86_64 2.6-6.fc26 policycoreutils-python3.x86_64 2.6-6.fc26
python-IPy-python3.noarch 0.81-18.fc26 selinux-policy.noarch 3.13.1-260.13.fc26
selinux-policy-minimum.noarch 3.13.1-260.13.fc26 setools-python3.x86_64 4.1.0-5.fc26
snap-confine.x86_64 2.28.5-2.fc26 snapd-selinux.noarch 2.28.5-2.fc26
squashfs-tools.x86_64 4.3-13.fc26 tcp_wrappers-libs.x86_64 7.6-85.fc26
Complete!
[root@snapcraft-fedora ~]# snap install core
error: cannot perform the following tasks:
- Setup snap "core" (3247) security profiles (cannot setup apparmor for snap "core": cannot load apparmor profile "snap.core.hook.configure": cannot load apparmor profile: exec: "apparmor_parser": executable file not found in $PATH
apparmor_parser output:
)
- Setup snap "core" (3247) security profiles (cannot load apparmor profile "snap.core.hook.configure": cannot load apparmor profile: exec: "apparmor_parser": executable file not found in $PATH
apparmor_parser output:
)
[root@snapcraft-fedora ~]# uname -a
Linux snapcraft-fedora 4.13.0-16-generic #19-Ubuntu SMP Wed Oct 11 18:35:14 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[root@snapcraft-fedora ~]#