Snap revision to be mounted but it is not

Sam.Sundar · November 18, 2021, 12:37pm

Hey Snap team,

We are trying to install some snaps in our offline RHEL 8.4 OS, since snap uses below paths to work,

/snap
/var/snap
/var/lib/snapd

we created lv for those and mounted the paths and tried to install snaps, since we have less space on / mount and we could see all snaps data is on /snap & '/var/snapd`.

When we install snap (Core Snap), we are getting below error and we are sure it’s because of the mounts which we created since we didn’t face this earlier when the paths were not mounted.

[root@user snap_base]# snap install core_11993.snap
error: cannot perform the following tasks:
- Mount snap "core" (11993) (cannot proceed, expected snap "core" revision 11993 to be mounted but is not)

and below is our mount information

Also one weird thing is, we already have a /snap mount and when i try to run symlink command ln -s /var/lib/snapd/snap /snap, it’s creating another snap directory inside /snap like /snap/snap. Is creating a mountpoint for /snap wrong ? Please let us know how to tackle this since our org. will not give more than 30 GB on /.

mardy · November 18, 2021, 2:35pm

Hi Sam, it might help to see the output of the following commands:

snap changes
journalctl -xe

I don’t recommend using symlinks – not that I’m aware of any issues with using them for snapd, but mount points are easier to see and debug.

In your screenshot, I see that the first and the third line look suspiciously similar: could it be that you are mounting the same device in two different places? If you have a single device that you’d like to mount in two places, I recommend creating two different subdirectories inside it (like for example snap and var_lib_snapd), mount the whole device somewhere else (maybe under /mnt/<something>), and then bind-mount /mnt/<something>/snap onto /snap and /mnt/<something>/var_lib_snap onto /var/lib/snapd.

Sam.Sundar · November 18, 2021, 2:44pm

Hi Mardy,

Sure i’ll fetch you the commands outputs.

So we have 3 volume mounts each for /snap, /var/snap, /var/lib/snapd. So one and three are different volumes but with same size of 100G. And it’s newly provisioned that’s why it’s looking similar but i assure you it’s not same mount.

And about the symlink command, snap’s site mentioned to run it after installing snapd at their site

I feel mounting /snap onto a volume is the main reason for this issue since this topic mentions about creating diff volumes for /var/lib/snapd and /var/snap but not for /snap.

And why exactly snap requires /snap, /var/snap and /var/lib/snapd to run ? Since we use microk8s and not having a separate volume will fill up the / volume which is already very low in size.

mborzecki · November 18, 2021, 6:49pm

Because of the policy in Fedora, the snapd package in Fedora and EPEL repositories is built expecting /var/lib/snapd/snap as the mount location. The /snap location is not shipped by the package, and only users that specifically need to run classic snaps need to create the symlink as described by the documentation. I don’t know why you chose to create a volume for /snap. Also, the /snap directory (or rather /var/lib/snapd/snap/ in your case) is a location where snaps are mounted, is it takes very little space, it’s just a couple of directories and a bunch of symlinks.

For your specific setup I would recommend having a volume for /var/snap (this is where snaps store their data) and /var/lib/snapd (this is where snapd state and actual snap squashfs images live).

Sam.Sundar · November 19, 2021, 12:00am

Hey @mborzecki,

Thanks a lot for the insights, let me unmount /snap and will try to install the snaps again. Appreciate the help, thanks much !!

Sam.Sundar · November 21, 2021, 1:42pm

Hey @mborzecki,

I’ve unmounted /snap and now everything seems to be working without any issues. Thanks much.

Sam.Sundar · November 26, 2021, 4:36am

Hi @mborzecki,

We are facing the issue again in a different rhel 7.7 server and this time, we don’t have /snap mount. In the journalctl -xe i get below error

Nov 26 14:56:26 TestServer001 snapd[5556]: handlers.go:757: expected snap "core" revision 11993 to be mounted but is not
Nov 26 14:56:36 TestServer001 snapd[5556]: taskrunner.go:271: [change 2 "Mount snap \"core\" (11993)" task] failed: cannot proceed, expected snap "core" revision 11993 to be mounted but is not
Nov 26 14:56:36 TestServer001 audispd[918]: node=TestServer001 type=USER_AVC msg=audit(1637898996.280:50519): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  { status } for auid=n/a uid=0 gid=0 cmdline="systemctl is-enabled whoopsie.service" scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=system  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'

This is our mount point details

Filesystem                                         Size  Used Avail Use% Mounted on
devtmpfs                                           2.0G     0  2.0G   0% /dev
tmpfs                                              2.0G     0  2.0G   0% /dev/shm
tmpfs                                              2.0G  207M  1.8G  11% /run
tmpfs                                              2.0G     0  2.0G   0% /sys/fs/cgroup
/dev/mapper/vg_system-lv_root                       12G  1.8G   11G  15% /
/dev/sdb2                                          109G  243M  103G   1% /users
/dev/mapper/vg_system-lv_var                        12G  2.1G   10G  17% /var
/dev/mapper/vg_system-lv_tmp                       2.0G   33M  2.0G   2% /tmp
/dev/mapper/vg_system-lv_opt                        10G   74M   10G   1% /opt
/dev/mapper/vg_system-lv_home                      5.0G  450M  4.6G   9% /home
/dev/mapper/vg_system-lv_snapd                     100G  132M  100G   1% /var/lib/snapd
/dev/mapper/vg_system-lv_var_log                    10G  456M  9.6G   5% /var/log
/dev/mapper/vg_system-lv_var_log_audit            1014M  225M  790M  23% /var/log/audit
/dev/sda1                                         1014M  150M  865M  15% /boot
/dev/mapper/vg_system-lv_var_tmp                   2.0G  964M  1.1G  48% /var/tmp
/dev/mapper/vg_system-lv_snap                      150G   33M  150G   1% /var/snap
tmpfs                                              395M     0  395M   0% /run/user/946850886

This is our snap changes output

ID   Status  Spawn                Ready                Summary
1    Done    today at 14:55 AEDT  today at 14:55 AEDT  Initialize system state
2    Error   today at 14:55 AEDT  today at 14:56 AEDT  Install "core" snap from file "core_11993.snap"
3    Doing   today at 14:56 AEDT  -                    Initialize device

This is our journalctl -xe output

Nov 26 14:52:30 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637898750.450:50028): arch=c000003e syscall=189 success=yes exit=0 a0=30cf760 a1=7fcf625b8f6a a2=2216700 a3=1b items=1 ppid=5006 pid=5478 auid=946850886 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1861 comm="yum" exe="/usr/bin/python2.7" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="perm_mod"
Nov 26 14:52:32 TestServer001 dbus[972]: [system] Reloaded configuration
Nov 26 14:52:32 TestServer001 dbus[972]: [system] Reloaded configuration
Nov 26 14:52:32 TestServer001 systemd[1]: Reloading.
Nov 26 14:52:32 TestServer001 yum[5478]: Installed: snapd-2.51.7-1.el7.x86_64
Nov 26 14:53:37 TestServer001 polkitd[959]: Registered Authentication Agent for unix-process:5521:94635206 (system bus name :1.3890 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Nov 26 14:53:37 TestServer001 systemd[1]: Reloading.
Nov 26 14:53:37 TestServer001 systemd[1]: Starting Socket activation for snappy daemon.
-- Subject: Unit snapd.socket has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit snapd.socket has begun starting up.
Nov 26 14:53:37 TestServer001 systemd[1]: Listening on Socket activation for snappy daemon.
-- Subject: Unit snapd.socket has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit snapd.socket has finished starting up.
-- 
-- The start-up result is done.
Nov 26 14:53:37 TestServer001 polkitd[959]: Unregistered Authentication Agent for unix-process:5521:94635206 (system bus name :1.3890, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Nov 26 14:54:15 TestServer001 systemd-journal[604]: Suppressed 1854 messages from /system.slice/auditd.service
-- Subject: Messages from a service have been suppressed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- Documentation: man:journald.conf(5)
-- 
-- A service has logged too many messages within a time period. Messages
-- from the service have been dropped.
-- 
-- Note that only messages from the service in question have been
-- dropped, other services' messages are unaffected.
-- 
-- The limits controlling when messages are dropped may be configured
-- with RateLimitInterval= and RateLimitBurst= in
-- /etc/systemd/journald.conf. See journald.conf(5) for details.
Nov 26 14:54:15 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637898855.164:50507): arch=c000003e syscall=263 success=yes exit=0 a0=ffffffffffffff9c a1=1d9c0c0 a2=0 a3=7ffef06e1de0 items=2 ppid=5006 pid=5543 auid=946850886 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1861 comm="rm" exe="/usr/bin/rm" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"
Nov 26 14:54:15 TestServer001 audispd[918]: node=TestServer001 type=CWD msg=audit(1637898855.164:50507):  cwd="/opt/Test/15-oct/offline_pre-req/snap"
Nov 26 14:54:15 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637898855.164:50507): item=0 name="/" inode=64 dev=fd:00 mode=040555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:root_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 14:54:15 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637898855.164:50507): item=1 name="/snap" inode=195318 dev=fd:00 mode=0120777 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:root_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 14:54:15 TestServer001 audispd[918]: node=TestServer001 type=PROCTITLE msg=audit(1637898855.164:50507): proctitle=726D002D69002D7266002F736E6170
Nov 26 14:54:31 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637898871.609:50508): arch=c000003e syscall=263 success=yes exit=0 a0=ffffffffffffff9c a1=9f50c0 a2=200 a3=7ffe4e38c1a0 items=2 ppid=5006 pid=5545 auid=946850886 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1861 comm="rm" exe="/usr/bin/rm" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"
Nov 26 14:54:31 TestServer001 audispd[918]: node=TestServer001 type=CWD msg=audit(1637898871.609:50508):  cwd="/opt/Test/15-oct/offline_pre-req/snap"
Nov 26 14:54:31 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637898871.609:50508): item=0 name="/var/lib/snapd/" inode=64 dev=fd:0b mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:snappy_var_lib_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 14:54:31 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637898871.609:50508): item=1 name="/var/lib/snapd/snap" inode=201326729 dev=fd:0b mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:snappy_var_lib_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 14:54:31 TestServer001 audispd[918]: node=TestServer001 type=PROCTITLE msg=audit(1637898871.609:50508): proctitle=726D002D69002D7266002F7661722F6C69622F736E6170642F736E6170
Nov 26 14:55:42 TestServer001 systemd[1]: Starting Snap Daemon...
-- Subject: Unit snapd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit snapd.service has begun starting up.
Nov 26 14:55:42 TestServer001 snapd[5556]: AppArmor status: apparmor not enabled
Nov 26 14:55:42 TestServer001 snapd[5556]: daemon.go:248: started snapd/2.51.7-1.el7 (series 16; classic; devmode) rhel/7.9 (amd64) linux/3.10.0-1160.45.1.el7.x86_.
Nov 26 14:55:42 TestServer001 snapd[5556]: daemon.go:341: adjusting startup timeout by 30s (pessimistic estimate of 30s plus 5s per snap)
Nov 26 14:55:42 TestServer001 systemd[1]: Started Snap Daemon.
-- Subject: Unit snapd.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit snapd.service has finished starting up.
-- 
-- The start-up result is done.
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=SERVICE_START msg=audit(1637898942.419:50509): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=snapd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=AVC msg=audit(1637898942.422:50510): avc:  denied  { read } for  pid=5556 comm="snapd" name="generic-classic" dev="dm-11" ino=134320267 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637898942.422:50510): arch=c000003e syscall=257 success=yes exit=4 a0=ffffffffffffff9c a1=c0000e80a0 a2=80000 a3=0 items=1 ppid=1 pid=5556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snapd" exe="/usr/libexec/snapd/snapd" subj=system_u:system_r:snappy_t:s0 key=(null)
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=CWD msg=audit(1637898942.422:50510):  cwd="/"
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637898942.422:50510): item=0 name="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic" inode=134320267 dev=fd:0b mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:unlabeled_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=PROCTITLE msg=audit(1637898942.422:50510): proctitle="/usr/libexec/snapd/snapd"
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=AVC msg=audit(1637898942.422:50511): avc:  denied  { getattr } for  pid=5556 comm="snapd" path="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" dev="dm-11" ino=134320268 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637898942.422:50511): arch=c000003e syscall=262 success=yes exit=0 a0=ffffffffffffff9c a1=c0000e8140 a2=c00047c378 a3=0 items=1 ppid=1 pid=5556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snapd" exe="/usr/libexec/snapd/snapd" subj=system_u:system_r:snappy_t:s0 key=(null)
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=CWD msg=audit(1637898942.422:50511):  cwd="/"
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637898942.422:50511): item=0 name="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" inode=134320268 dev=fd:0b mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:unlabeled_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=PROCTITLE msg=audit(1637898942.422:50511): proctitle="/usr/libexec/snapd/snapd"
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=AVC msg=audit(1637898942.422:50512): avc:  denied  { read } for  pid=5556 comm="snapd" name="active" dev="dm-11" ino=134320268 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=AVC msg=audit(1637898942.422:50512): avc:  denied  { open } for  pid=5556 comm="snapd" path="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" dev="dm-11" ino=134320268 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637898942.422:50512): arch=c000003e syscall=257 success=yes exit=5 a0=ffffffffffffff9c a1=c0000e81e0 a2=80000 a3=0 items=1 ppid=1 pid=5556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snapd" exe="/usr/libexec/snapd/snapd" subj=system_u:system_r:snappy_t:s0 key=(null)
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=CWD msg=audit(1637898942.422:50512):  cwd="/"
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637898942.422:50512): item=0 name="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" inode=134320268 dev=fd:0b mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:unlabeled_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=PROCTITLE msg=audit(1637898942.422:50512): proctitle="/usr/libexec/snapd/snapd"
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=AVC msg=audit(1637898942.433:50513): avc:  denied  { getattr } for  pid=5556 comm="snapd" path="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" dev="dm-11" ino=134320268 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637898942.433:50513): arch=c000003e syscall=262 success=yes exit=0 a0=ffffffffffffff9c a1=c0000e81e0 a2=c0002d4788 a3=0 items=1 ppid=1 pid=5556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snapd" exe="/usr/libexec/snapd/snapd" subj=system_u:system_r:snappy_t:s0 key=(null)
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=CWD msg=audit(1637898942.433:50513):  cwd="/"
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637898942.433:50513): item=0 name="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" inode=134320268 dev=fd:0b mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:unlabeled_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=PROCTITLE msg=audit(1637898942.433:50513): proctitle="/usr/libexec/snapd/snapd"
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=AVC msg=audit(1637898942.433:50514): avc:  denied  { read } for  pid=5556 comm="snapd" name="active" dev="dm-11" ino=134320268 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=AVC msg=audit(1637898942.433:50514): avc:  denied  { open } for  pid=5556 comm="snapd" path="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" dev="dm-11" ino=134320268 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637898942.433:50514): arch=c000003e syscall=257 success=yes exit=4 a0=ffffffffffffff9c a1=c0000e8280 a2=80000 a3=0 items=1 ppid=1 pid=5556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snapd" exe="/usr/libexec/snapd/snapd" subj=system_u:system_r:snappy_t:s0 key=(null)
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=CWD msg=audit(1637898942.433:50514):  cwd="/"
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637898942.433:50514): item=0 name="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" inode=134320268 dev=fd:0b mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:unlabeled_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 14:55:42 TestServer001 audispd[918]: node=TestServer001 type=PROCTITLE msg=audit(1637898942.433:50514): proctitle="/usr/libexec/snapd/snapd"
Nov 26 14:56:21 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637898981.277:50515): arch=c000003e syscall=159 success=yes exit=0 a0=7fff43cbbec0 a1=0 a2=fffffffffffa4cf7 a3=55ebb8226520 items=0 ppid=1 pid=967 auid=4294967295 uid=998 gid=996 euid=998 suid=998 fsuid=998 egid=996 sgid=996 fsgid=996 tty=(none) ses=4294967295 comm="chronyd" exe="/usr/sbin/chronyd" subj=system_u:system_r:chronyd_t:s0 key="time-change"
Nov 26 14:56:21 TestServer001 audispd[918]: node=TestServer001 type=PROCTITLE msg=audit(1637898981.277:50515): proctitle="/usr/sbin/chronyd"
Nov 26 14:56:21 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637898981.277:50516): arch=c000003e syscall=159 success=yes exit=0 a0=7fff43cbbed0 a1=0 a2=fffffffffffa4956 a3=55ebb8226520 items=0 ppid=1 pid=967 auid=4294967295 uid=998 gid=996 euid=998 suid=998 fsuid=998 egid=996 sgid=996 fsgid=996 tty=(none) ses=4294967295 comm="chronyd" exe="/usr/sbin/chronyd" subj=system_u:system_r:chronyd_t:s0 key="time-change"
Nov 26 14:56:21 TestServer001 audispd[918]: node=TestServer001 type=PROCTITLE msg=audit(1637898981.277:50516): proctitle="/usr/sbin/chronyd"
Nov 26 14:56:21 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637898981.278:50517): arch=c000003e syscall=159 success=yes exit=0 a0=7fff43cbbfc0 a1=1 a2=0 a3=55ebb8226520 items=0 ppid=1 pid=967 auid=4294967295 uid=998 gid=996 euid=998 suid=998 fsuid=998 egid=996 sgid=996 fsgid=996 tty=(none) ses=4294967295 comm="chronyd" exe="/usr/sbin/chronyd" subj=system_u:system_r:chronyd_t:s0 key="time-change"
Nov 26 14:56:21 TestServer001 audispd[918]: node=TestServer001 type=PROCTITLE msg=audit(1637898981.278:50517): proctitle="/usr/sbin/chronyd"
Nov 26 14:56:25 TestServer001 snapd[5556]: stateengine.go:150: state ensure error: Get "https://api.snapcraft.io/api/v1/snaps/sections": context deadline exceeded
Nov 26 14:56:26 TestServer001 systemd[1]: Reloading.
Nov 26 14:56:26 TestServer001 audispd[918]: node=TestServer001 type=USER_AVC msg=audit(1637898986.200:50518): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  { enable } for auid=n/a uid=0 gid=0 path="/proc/self/mountinfo" cmdline="systemctl enable var-lib-snapd-snap-core-11993.mount" scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=service  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
Nov 26 14:56:26 TestServer001 systemd[1]: Reloading.
Nov 26 14:56:26 TestServer001 snapd[5556]: handlers.go:757: expected snap "core" revision 11993 to be mounted but is not
Nov 26 14:56:36 TestServer001 snapd[5556]: taskrunner.go:271: [change 2 "Mount snap \"core\" (11993)" task] failed: cannot proceed, expected snap "core" revision 11993 to be mounted but is not
Nov 26 14:56:36 TestServer001 audispd[918]: node=TestServer001 type=USER_AVC msg=audit(1637898996.280:50519): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  { status } for auid=n/a uid=0 gid=0 cmdline="systemctl is-enabled whoopsie.service" scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=system  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
Nov 26 14:56:36 TestServer001 audispd[918]: node=TestServer001 type=AVC msg=audit(1637898996.289:50520): avc:  denied  { search } for  pid=5743 comm="journalctl" name="1" dev="proc" ino=9801 scontext=system_u:system_r:journalctl_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dir permissive=0
Nov 26 14:56:36 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637898996.289:50520): arch=c000003e syscall=2 success=no exit=-13 a0=7ffca7d993a0 a1=80000 a2=1b6 a3=24 items=1 ppid=5556 pid=5743 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="journalctl" exe="/usr/bin/journalctl" subj=system_u:system_r:journalctl_t:s0 key=(null)
Nov 26 14:56:36 TestServer001 audispd[918]: node=TestServer001 type=CWD msg=audit(1637898996.289:50520):  cwd="/"
Nov 26 14:56:36 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637898996.289:50520): item=0 name="/proc/1/environ" objtype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 14:56:36 TestServer001 audispd[918]: node=TestServer001 type=PROCTITLE msg=audit(1637898996.289:50520): proctitle=6A6F75726E616C63746C002D62002D2D7072696F726974793D7761726E696E672E2E657272002D2D6C696E65733D31303030
Nov 26 14:56:36 TestServer001 audispd[918]: node=TestServer001 type=AVC msg=audit(1637898996.290:50521): avc:  denied  { sys_resource } for  pid=5743 comm="journalctl" capability=24  scontext=system_u:system_r:journalctl_t:s0 tcontext=system_u:system_r:journalctl_t:s0 tclass=capability permissive=0
Nov 26 14:56:36 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637898996.290:50521): arch=c000003e syscall=160 success=no exit=-1 a0=7 a1=7ffca7d99e70 a2=0 a3=8 items=0 ppid=5556 pid=5743 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="journalctl" exe="/usr/bin/journalctl" subj=system_u:system_r:journalctl_t:s0 key=(null)
Nov 26 14:56:36 TestServer001 audispd[918]: node=TestServer001 type=PROCTITLE msg=audit(1637898996.290:50521): proctitle=6A6F75726E616C63746C002D62002D2D7072696F726974793D7761726E696E672E2E657272002D2D6C696E65733D31303030
Nov 26 15:00:01 TestServer001 audispd[918]: node=TestServer001 type=USER_ACCT msg=audit(1637899201.896:50522): pid=5750 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_access,pam_unix,pam_localuser acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:00:01 TestServer001 audispd[918]: node=TestServer001 type=CRED_ACQ msg=audit(1637899201.897:50523): pid=5750 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:00:01 TestServer001 audispd[918]: node=TestServer001 type=LOGIN msg=audit(1637899201.897:50524): pid=5750 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=1863 res=1
Nov 26 15:00:01 TestServer001 systemd[1]: Created slice User Slice of root.
-- Subject: Unit user-0.slice has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit user-0.slice has finished starting up.
-- 
-- The start-up result is done.
Nov 26 15:00:01 TestServer001 systemd[1]: Started Session 1863 of user root.
-- Subject: Unit session-1863.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit session-1863.scope has finished starting up.
-- 
-- The start-up result is done.
Nov 26 15:00:01 TestServer001 audispd[918]: node=TestServer001 type=USER_START msg=audit(1637899201.917:50525): pid=5750 uid=0 auid=0 ses=1863 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:00:01 TestServer001 audispd[918]: node=TestServer001 type=CRED_REFR msg=audit(1637899201.919:50526): pid=5750 uid=0 auid=0 ses=1863 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:00:01 TestServer001 CROND[5752]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Nov 26 15:00:01 TestServer001 audispd[918]: node=TestServer001 type=CRED_DISP msg=audit(1637899201.938:50527): pid=5750 uid=0 auid=0 ses=1863 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:00:01 TestServer001 audispd[918]: node=TestServer001 type=USER_END msg=audit(1637899201.940:50528): pid=5750 uid=0 auid=0 ses=1863 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:00:01 TestServer001 systemd[1]: Removed slice User Slice of root.
-- Subject: Unit user-0.slice has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit user-0.slice has finished shutting down.
Nov 26 15:00:12 TestServer001 audispd[918]: node=TestServer001 type=AVC msg=audit(1637899212.851:50529): avc:  denied  { read } for  pid=5556 comm="snapd" name="generic-classic" dev="dm-11" ino=134320267 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1
Nov 26 15:00:12 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637899212.851:50529): arch=c000003e syscall=257 success=yes exit=3 a0=ffffffffffffff9c a1=c0002ba050 a2=80000 a3=0 items=1 ppid=1 pid=5556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snapd" exe="/usr/libexec/snapd/snapd" subj=system_u:system_r:snappy_t:s0 key=(null)
Nov 26 15:00:12 TestServer001 audispd[918]: node=TestServer001 type=CWD msg=audit(1637899212.851:50529):  cwd="/"
Nov 26 15:00:12 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637899212.851:50529): item=0 name="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic" inode=134320267 dev=fd:0b mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:unlabeled_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:00:12 TestServer001 audispd[918]: node=TestServer001 type=PROCTITLE msg=audit(1637899212.851:50529): proctitle="/usr/libexec/snapd/snapd"
Nov 26 15:00:12 TestServer001 audispd[918]: node=TestServer001 type=AVC msg=audit(1637899212.852:50530): avc:  denied  { getattr } for  pid=5556 comm="snapd" path="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" dev="dm-11" ino=134320268 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Nov 26 15:00:12 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637899212.852:50530): arch=c000003e syscall=262 success=yes exit=0 a0=ffffffffffffff9c a1=c0002ba140 a2=c00064a2a8 a3=0 items=1 ppid=1 pid=5556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snapd" exe="/usr/libexec/snapd/snapd" subj=system_u:system_r:snappy_t:s0 key=(null)
Nov 26 15:00:12 TestServer001 audispd[918]: node=TestServer001 type=CWD msg=audit(1637899212.852:50530):  cwd="/"
Nov 26 15:00:12 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637899212.852:50530): item=0 name="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" inode=134320268 dev=fd:0b mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:unlabeled_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:00:12 TestServer001 audispd[918]: node=TestServer001 type=PROCTITLE msg=audit(1637899212.852:50530): proctitle="/usr/libexec/snapd/snapd"
Nov 26 15:00:12 TestServer001 audispd[918]: node=TestServer001 type=AVC msg=audit(1637899212.852:50531): avc:  denied  { read } for  pid=5556 comm="snapd" name="active" dev="dm-11" ino=134320268 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Nov 26 15:00:12 TestServer001 audispd[918]: node=TestServer001 type=AVC msg=audit(1637899212.852:50531): avc:  denied  { open } for  pid=5556 comm="snapd" path="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" dev="dm-11" ino=134320268 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Nov 26 15:00:12 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637899212.852:50531): arch=c000003e syscall=257 success=yes exit=4 a0=ffffffffffffff9c a1=c0002ba280 a2=80000 a3=0 items=1 ppid=1 pid=5556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snapd" exe="/usr/libexec/snapd/snapd" subj=system_u:system_r:snappy_t:s0 key=(null)
Nov 26 15:00:12 TestServer001 audispd[918]: node=TestServer001 type=CWD msg=audit(1637899212.852:50531):  cwd="/"
Nov 26 15:00:12 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637899212.852:50531): item=0 name="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" inode=134320268 dev=fd:0b mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:unlabeled_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:00:12 TestServer001 audispd[918]: node=TestServer001 type=PROCTITLE msg=audit(1637899212.852:50531): proctitle="/usr/libexec/snapd/snapd"
Nov 26 15:01:01 TestServer001 audispd[918]: node=TestServer001 type=USER_ACCT msg=audit(1637899261.953:50532): pid=5764 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_access,pam_unix,pam_localuser acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:01:01 TestServer001 audispd[918]: node=TestServer001 type=CRED_ACQ msg=audit(1637899261.953:50533): pid=5764 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:01:01 TestServer001 audispd[918]: node=TestServer001 type=LOGIN msg=audit(1637899261.954:50534): pid=5764 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=1864 res=1
Nov 26 15:01:01 TestServer001 systemd[1]: Created slice User Slice of root.
-- Subject: Unit user-0.slice has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit user-0.slice has finished starting up.
-- 
-- The start-up result is done.
Nov 26 15:01:01 TestServer001 systemd[1]: Started Session 1864 of user root.
-- Subject: Unit session-1864.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit session-1864.scope has finished starting up.
-- 
-- The start-up result is done.
Nov 26 15:01:01 TestServer001 audispd[918]: node=TestServer001 type=USER_START msg=audit(1637899261.969:50535): pid=5764 uid=0 auid=0 ses=1864 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:01:01 TestServer001 audispd[918]: node=TestServer001 type=CRED_REFR msg=audit(1637899261.970:50536): pid=5764 uid=0 auid=0 ses=1864 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:01:01 TestServer001 CROND[5766]: (root) CMD (run-parts /etc/cron.hourly)
Nov 26 15:01:01 TestServer001 run-parts(/etc/cron.hourly)[5769]: starting 0anacron
Nov 26 15:01:01 TestServer001 run-parts(/etc/cron.hourly)[5775]: finished 0anacron
Nov 26 15:01:01 TestServer001 audispd[918]: node=TestServer001 type=CRED_DISP msg=audit(1637899261.995:50537): pid=5764 uid=0 auid=0 ses=1864 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:01:01 TestServer001 audispd[918]: node=TestServer001 type=USER_END msg=audit(1637899261.997:50538): pid=5764 uid=0 auid=0 ses=1864 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:01:02 TestServer001 systemd[1]: Removed slice User Slice of root.
-- Subject: Unit user-0.slice has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit user-0.slice has finished shutting down.
Nov 26 15:02:57 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637899377.787:50539): arch=c000003e syscall=2 success=no exit=-13 a0=1ac76d0 a1=441 a2=1b6 a3=fffffff0 items=1 ppid=5006 pid=5782 auid=946850886 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1861 comm="bash" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"
Nov 26 15:02:57 TestServer001 audispd[918]: node=TestServer001 type=CWD msg=audit(1637899377.787:50539):  cwd="/opt/Test/15-oct/offline_pre-req/snap"
Nov 26 15:02:57 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637899377.787:50539): item=0 name="/opt/Test/15-oct/offline_pre-req/snap" inode=5326603 dev=00:2d mode=040775 ouid=946850886 ogid=946800513 rdev=00:00 obj=system_u:object_r:nfs_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:02:57 TestServer001 audispd[918]: node=TestServer001 type=PROCTITLE msg=audit(1637899377.787:50539): proctitle="-bash"
Nov 26 15:03:56 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637899436.255:50540): arch=c000003e syscall=2 success=no exit=-13 a0=7ffe246136fa a1=941 a2=1b6 a3=7ffe24610de0 items=1 ppid=5006 pid=5783 auid=946850886 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1861 comm="touch" exe="/usr/bin/touch" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"
Nov 26 15:03:56 TestServer001 audispd[918]: node=TestServer001 type=CWD msg=audit(1637899436.255:50540):  cwd="/opt/Test/15-oct/offline_pre-req/snap"
Nov 26 15:03:56 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637899436.255:50540): item=0 name="/opt/Test/15-oct/offline_pre-req/snap" inode=5326603 dev=00:2d mode=040775 ouid=946850886 ogid=946800513 rdev=00:00 obj=system_u:object_r:nfs_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:03:56 TestServer001 audispd[918]: node=TestServer001 type=PROCTITLE msg=audit(1637899436.255:50540): proctitle=746F75636800726561646D652E747874
Nov 26 15:04:53 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637899493.728:50541): arch=c000003e syscall=87 success=yes exit=0 a0=1acf190 a1=0 a2=180 a3=ffffffff items=2 ppid=5005 pid=5006 auid=946850886 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1861 comm="bash" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"
Nov 26 15:04:53 TestServer001 audispd[918]: node=TestServer001 type=CWD msg=audit(1637899493.728:50541):  cwd="/var/lib/snapd"
Nov 26 15:04:53 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637899493.728:50541): item=0 name="/tmp/" inode=64 dev=fd:08 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:04:53 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637899493.728:50541): item=1 name="/tmp/sh-thd-34483822169" inode=70 dev=fd:08 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:04:53 TestServer001 audispd[918]: node=TestServer001 type=PROCTITLE msg=audit(1637899493.728:50541): proctitle="-bash"
Nov 26 15:05:00 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637899500.649:50542): arch=c000003e syscall=263 success=yes exit=0 a0=ffffffffffffff9c a1=190f0c0 a2=0 a3=7fff2ecfd560 items=2 ppid=5006 pid=5789 auid=946850886 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1861 comm="rm" exe="/usr/bin/rm" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"
Nov 26 15:05:00 TestServer001 audispd[918]: node=TestServer001 type=CWD msg=audit(1637899500.649:50542):  cwd="/var/lib/snapd"
Nov 26 15:05:00 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637899500.649:50542): item=0 name="/var/lib/snapd" inode=64 dev=fd:0b mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:snappy_var_lib_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:05:00 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637899500.649:50542): item=1 name="readme.txt" inode=84 dev=fd:0b mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:snappy_var_lib_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:05:00 TestServer001 audispd[918]: node=TestServer001 type=PROCTITLE msg=audit(1637899500.649:50542): proctitle=726D002D6900726561646D652E747874
Nov 26 15:06:06 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637899566.387:50543): arch=c000003e syscall=87 success=yes exit=0 a0=1ad0d90 a1=0 a2=180 a3=ffffffff items=2 ppid=5005 pid=5006 auid=946850886 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1861 comm="bash" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"
Nov 26 15:06:06 TestServer001 audispd[918]: node=TestServer001 type=CWD msg=audit(1637899566.387:50543):  cwd="/var/snap"
Nov 26 15:06:06 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637899566.387:50543): item=0 name="/tmp/" inode=64 dev=fd:08 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:06:06 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637899566.387:50543): item=1 name="/tmp/sh-thd-70588745982" inode=70 dev=fd:08 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:06:06 TestServer001 audispd[918]: node=TestServer001 type=PROCTITLE msg=audit(1637899566.387:50543): proctitle="-bash"
Nov 26 15:06:12 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637899572.296:50544): arch=c000003e syscall=263 success=yes exit=0 a0=ffffffffffffff9c a1=24b20c0 a2=0 a3=7ffdfc0947a0 items=2 ppid=5006 pid=5801 auid=946850886 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1861 comm="rm" exe="/usr/bin/rm" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"
Nov 26 15:06:12 TestServer001 audispd[918]: node=TestServer001 type=CWD msg=audit(1637899572.296:50544):  cwd="/var/snap"
Nov 26 15:06:12 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637899572.296:50544): item=0 name="/var/snap" inode=64 dev=fd:0a mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:snappy_var_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:06:12 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637899572.296:50544): item=1 name="readme.txt" inode=67 dev=fd:0a mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:snappy_var_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:06:12 TestServer001 audispd[918]: node=TestServer001 type=PROCTITLE msg=audit(1637899572.296:50544): proctitle=726D002D6900726561646D652E747874
Nov 26 15:06:28 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637899588.941:50545): arch=c000003e syscall=87 success=yes exit=0 a0=1ad16a0 a1=0 a2=180 a3=ffffffff items=2 ppid=5005 pid=5006 auid=946850886 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1861 comm="bash" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"
Nov 26 15:06:28 TestServer001 audispd[918]: node=TestServer001 type=CWD msg=audit(1637899588.941:50545):  cwd="/var/snap"
Nov 26 15:06:28 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637899588.941:50545): item=0 name="/tmp/" inode=64 dev=fd:08 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:06:28 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637899588.941:50545): item=1 name="/tmp/sh-thd-140651121516" inode=70 dev=fd:08 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:06:28 TestServer001 audispd[918]: node=TestServer001 type=PROCTITLE msg=audit(1637899588.941:50545): proctitle="-bash"
Nov 26 15:06:30 TestServer001 audispd[918]: node=TestServer001 type=SYSCALL msg=audit(1637899590.351:50546): arch=c000003e syscall=87 success=yes exit=0 a0=1ad17c0 a1=0 a2=180 a3=ffffffff items=2 ppid=5005 pid=5006 auid=946850886 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1861 comm="bash" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"
Nov 26 15:06:30 TestServer001 audispd[918]: node=TestServer001 type=CWD msg=audit(1637899590.351:50546):  cwd="/var/snap"
Nov 26 15:06:30 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637899590.351:50546): item=0 name="/tmp/" inode=64 dev=fd:08 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:06:30 TestServer001 audispd[918]: node=TestServer001 type=PATH msg=audit(1637899590.351:50546): item=1 name="/tmp/sh-thd-279697918652" inode=70 dev=fd:08 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:06:30 TestServer001 audispd[918]: node=TestServer001 type=PROCTITLE msg=audit(1637899590.351:50546): proctitle="-bash"

Can you please let us know where we are doing wrong ?

Note: This is an offline environment, and these are the deps we installed to install snapd

libzstd-1.5.0-1.el7.x86_64.rpm 
snap-confine-2.51.7-1.el7.x86_64.rpm
squashfuse-libs-0.1.102-1.el7.x86_64.rpm 
squashfuse-0.1.102-1.el7.x86_64.rpm 
snapd-selinux2.51.7-1.el7.noarch.rpm 
snapd-2.51.7-1.el7.x86_64.rpm

mborzecki · November 26, 2021, 7:31am

When a snap is getting installed, snapd generates a mount unit, runs systemctl start <that-unit>.mount, and then waits for the mount to appear at the configured target location. In your case, the mount did not appear, even though the unit was started. This is roughly equivalent to systemd-mount -t squashfs /some/file.snap /some/location. The error message appear

It is expected that the host supports squashfs.

I think you can try the following to check:

$ snap download core
$ sudo systemd-mount -t squashfs core_*.snap /tmp/core-test

Does the mount succeed? Can you list files inside /tmp/core-test?

Sam.Sundar · November 26, 2021, 9:19am

Hey @mborzecki,

squashfs is supported. Let me try this.

Sam.Sundar · November 29, 2021, 11:07am

Hi @mborzecki,

the mount -t squashfs core_*.snap /tmp/core-test worked and below are the contents of the path.

But still when i try to install with snap install core_*.snap getting below error

$ snap install core_*.snap
error: cannot perform the following tasks:
- Mount snap "core" (11993) (cannot undo partial setup snap "core": umount: /var/lib/snapd/snap/core/11993: not mounted)
- Mount snap "core" (11993) (cannot proceed, expected snap "core" revision 11993 to be mounted but is not)

and here is my journalctl -xe logs

Nov 29 21:40:01 apty_server audispd[918]: node=apty_server type=USER_END msg=audit(1638182401.297:84696): pid=19003 uid=0 auid=0 ses=2422 subj=system_u:system_r:crond_t

Nov 29 21:40:01 apty_server systemd[1]: Removed slice User Slice of root.

-- Subject: Unit user-0.slice has finished shutting down

-- Defined-By: systemd

-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

--

-- Unit user-0.slice has finished shutting down.

Nov 29 21:40:14 apty_server audispd[918]: node=apty_server type=AVC msg=audit(1638182414.260:84697): avc:  denied  { read } for  pid=18833 comm="snapd" name="generic-cl

Nov 29 21:40:14 apty_server audispd[918]: node=apty_server type=SYSCALL msg=audit(1638182414.260:84697): arch=c000003e syscall=257 success=yes exit=3 a0=ffffffffffffff9

Nov 29 21:40:14 apty_server audispd[918]: node=apty_server type=CWD msg=audit(1638182414.260:84697):  cwd="/"

Nov 29 21:40:14 apty_server audispd[918]: node=apty_server type=PATH msg=audit(1638182414.260:84697): item=0 name="/var/lib/snapd/assertions/asserts-v0/model/16/generic

Nov 29 21:40:14 apty_server audispd[918]: node=apty_server type=PROCTITLE msg=audit(1638182414.260:84697): proctitle="/usr/libexec/snapd/snapd"

Nov 29 21:46:15 apty_server sssd_be[1006]: GSSAPI client step 1

Nov 29 21:46:15 apty_server sssd_be[1006]: GSSAPI client step 1

Nov 29 21:46:15 apty_server sssd_be[1006]: GSSAPI client step 1

Nov 29 21:46:15 apty_server sssd_be[1006]: GSSAPI client step 2

Nov 29 21:50:01 apty_server audispd[918]: node=apty_server type=USER_ACCT msg=audit(1638183001.320:84698): pid=19017 uid=0 auid=4294967295 ses=4294967295 subj=system_u:

Nov 29 21:50:01 apty_server audispd[918]: node=apty_server type=CRED_ACQ msg=audit(1638183001.320:84699): pid=19017 uid=0 auid=4294967295 ses=4294967295 subj=system_u:s

Nov 29 21:50:01 apty_server audispd[918]: node=apty_server type=LOGIN msg=audit(1638183001.320:84700): pid=19017 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old

Nov 29 21:50:01 apty_server systemd[1]: Created slice User Slice of root.

-- Subject: Unit user-0.slice has finished start-up

-- Defined-By: systemd

-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

--

-- Unit user-0.slice has finished starting up.

--

-- The start-up result is done.

Nov 29 21:50:01 apty_server systemd[1]: Started Session 2423 of user root.

-- Subject: Unit session-2423.scope has finished start-up

-- Defined-By: systemd

-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

--

-- Unit session-2423.scope has finished starting up.

--

-- The start-up result is done.

Nov 29 21:50:01 apty_server audispd[918]: node=apty_server type=USER_START msg=audit(1638183001.340:84701): pid=19017 uid=0 auid=0 ses=2423 subj=system_u:system_r:crond

Nov 29 21:50:01 apty_server audispd[918]: node=apty_server type=CRED_REFR msg=audit(1638183001.342:84702): pid=19017 uid=0 auid=0 ses=2423 subj=system_u:system_r:crond_

Nov 29 21:50:01 apty_server CROND[19019]: (root) CMD (/usr/lib64/sa/sa1 1 1)

Nov 29 21:50:01 apty_server audispd[918]: node=apty_server type=CRED_DISP msg=audit(1638183001.362:84703): pid=19017 uid=0 auid=0 ses=2423 subj=system_u:system_r:crond_

Nov 29 21:50:01 apty_server audispd[918]: node=apty_server type=USER_END msg=audit(1638183001.363:84704): pid=19017 uid=0 auid=0 ses=2423 subj=system_u:system_r:crond_t

Nov 29 21:50:01 apty_server systemd[1]: Removed slice User Slice of root.

-- Subject: Unit user-0.slice has finished shutting down

-- Defined-By: systemd

-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

--

-- Unit user-0.slice has finished shutting down.

Nov 29 21:53:19 apty_server sssd_be[1006]: GSSAPI client step 1

Nov 29 21:53:19 apty_server sssd_be[1006]: GSSAPI client step 1

Nov 29 21:53:19 apty_server sssd_be[1006]: GSSAPI client step 1

Nov 29 21:53:19 apty_server sssd_be[1006]: GSSAPI client step 2

Nov 29 21:54:18 apty_server systemd[1]: Reloading.

Nov 29 21:54:18 apty_server systemd[1]: Reloading.

Nov 29 21:54:18 apty_server snapd[18833]: handlers.go:757: expected snap "core" revision 11993 to be mounted but is not

Nov 29 21:54:28 apty_server snapd[18833]: taskrunner.go:271: [change 8 "Mount snap \"core\" (11993)" task] failed: cannot proceed, expected snap "core" revision 11993 to

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=AVC msg=audit(1638183268.490:84705): avc:  denied  { read } for  pid=18833 comm="snapd" name="generic-cl

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=SYSCALL msg=audit(1638183268.490:84705): arch=c000003e syscall=257 success=yes exit=4 a0=ffffffffffffff9

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=CWD msg=audit(1638183268.490:84705):  cwd="/"

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=PATH msg=audit(1638183268.490:84705): item=0 name="/var/lib/snapd/assertions/asserts-v0/model/16/generic

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=PROCTITLE msg=audit(1638183268.490:84705): proctitle="/usr/libexec/snapd/snapd"

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=AVC msg=audit(1638183268.490:84706): avc:  denied  { getattr } for  pid=18833 comm="snapd" path="/var/li

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=SYSCALL msg=audit(1638183268.490:84706): arch=c000003e syscall=262 success=yes exit=0 a0=ffffffffffffff9

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=CWD msg=audit(1638183268.490:84706):  cwd="/"

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=PATH msg=audit(1638183268.490:84706): item=0 name="/var/lib/snapd/assertions/asserts-v0/model/16/generic

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=PROCTITLE msg=audit(1638183268.490:84706): proctitle="/usr/libexec/snapd/snapd"

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=AVC msg=audit(1638183268.491:84707): avc:  denied  { read } for  pid=18833 comm="snapd" name="active" de

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=AVC msg=audit(1638183268.491:84707): avc:  denied  { open } for  pid=18833 comm="snapd" path="/var/lib/s

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=SYSCALL msg=audit(1638183268.491:84707): arch=c000003e syscall=257 success=yes exit=5 a0=ffffffffffffff9

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=CWD msg=audit(1638183268.491:84707):  cwd="/"

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=PATH msg=audit(1638183268.491:84707): item=0 name="/var/lib/snapd/assertions/asserts-v0/model/16/generic

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=PROCTITLE msg=audit(1638183268.491:84707): proctitle="/usr/libexec/snapd/snapd"

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=AVC msg=audit(1638183268.502:84708): avc:  denied  { search } for  pid=19160 comm="journalctl" name="1"

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=SYSCALL msg=audit(1638183268.502:84708): arch=c000003e syscall=2 success=no exit=-13 a0=7ffda5a18dc0 a1=

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=CWD msg=audit(1638183268.502:84708):  cwd="/"

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=PATH msg=audit(1638183268.502:84708): item=0 name="/proc/1/environ" objtype=UNKNOWN cap_fp=0000000000000

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=PROCTITLE msg=audit(1638183268.502:84708): proctitle=6A6F75726E616C63746C002D62002D2D7072696F726974793D7

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=AVC msg=audit(1638183268.502:84709): avc:  denied  { sys_resource } for  pid=19160 comm="journalctl" cap

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=SYSCALL msg=audit(1638183268.502:84709): arch=c000003e syscall=160 success=no exit=-1 a0=7 a1=7ffda5a198

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=PROCTITLE msg=audit(1638183268.502:84709): proctitle=6A6F75726E616C63746C002D62002D2D7072696F726974793D7

Nov 29 21:55:19 apty_server audispd[918]: node=apty_server type=SYSCALL msg=audit(1638183319.994:84710): arch=c000003e syscall=159 success=yes exit=0 a0=7fff43cbbec0 a1

Nov 29 21:55:19 apty_server audispd[918]: node=apty_server type=PROCTITLE msg=audit(1638183319.994:84710): proctitle="/usr/sbin/chronyd"

Nov 29 21:55:19 apty_server audispd[918]: node=apty_server type=SYSCALL msg=audit(1638183319.994:84711): arch=c000003e syscall=159 success=yes exit=0 a0=7fff43cbbed0 a1

Nov 29 21:55:19 apty_server audispd[918]: node=apty_server type=PROCTITLE msg=audit(1638183319.994:84711): proctitle="/usr/sbin/chronyd"

Nov 29 21:55:19 apty_server audispd[918]: node=apty_server type=SYSCALL msg=audit(1638183319.994:84712): arch=c000003e syscall=159 success=yes exit=0 a0=7fff43cbbfc0 a1

Nov 29 21:55:19 apty_server audispd[918]: node=apty_server type=PROCTITLE msg=audit(1638183319.994:84712): proctitle="/usr/sbin/chronyd"

Is the mount issue because of these avc denied errors ?

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=PATH msg=audit(1638183268.490:84705): item=0 name="/var/lib/snapd/assertions/asserts-v0/model/16/generic

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=PROCTITLE msg=audit(1638183268.490:84705): proctitle="/usr/libexec/snapd/snapd"

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=AVC msg=audit(1638183268.490:84706): avc:  denied  { getattr } for  pid=18833 comm="snapd" path="/var/li

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=SYSCALL msg=audit(1638183268.490:84706): arch=c000003e syscall=262 success=yes exit=0 a0=ffffffffffffff9

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=CWD msg=audit(1638183268.490:84706):  cwd="/"

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=PATH msg=audit(1638183268.490:84706): item=0 name="/var/lib/snapd/assertions/asserts-v0/model/16/generic

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=PROCTITLE msg=audit(1638183268.490:84706): proctitle="/usr/libexec/snapd/snapd"

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=AVC msg=audit(1638183268.491:84707): avc:  denied  { read } for  pid=18833 comm="snapd" name="active" de

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=AVC msg=audit(1638183268.491:84707): avc:  denied  { open } for  pid=18833 comm="snapd" path="/var/lib/s

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=SYSCALL msg=audit(1638183268.491:84707): arch=c000003e syscall=257 success=yes exit=5 a0=ffffffffffffff9

mborzecki · November 29, 2021, 11:11am

Sam.Sundar:

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=PROCTITLE msg=audit(1638183268.490:84706): proctitle="/usr/libexec/snapd/snapd"

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=AVC msg=audit(1638183268.491:84707): avc:  denied  { read } for  pid=18833 comm="snapd" name="active" de

Nov 29 21:54:28 apty_server audispd[918]: node=apty_server type=AVC msg=audit(1638183268.491:84707): avc:  denied  { open } for  pid=18833 comm="snapd" path="/var/lib/s

The logs appear to be cut short. Can you add --no-pager to journalctl and paste them again?

Please run ls -lZ /var/lib/snapd and attach the output too.

Sam.Sundar · November 30, 2021, 1:35am

Hi @mborzecki,

Please find below requested details.

# ls -lZ /var/lib/snapd
drwxr-xr-x. root root system_u:object_r:snappy_var_lib_t:s0 assertions
drwxr-xr-x. root root system_u:object_r:snappy_var_lib_t:s0 cookie
drwxr-xr-x. root root system_u:object_r:snappy_var_lib_t:s0 dbus-1
drwxr-xr-x. root root system_u:object_r:snappy_var_lib_t:s0 desktop
drwxr-xr-x. root root system_u:object_r:snappy_var_lib_t:s0 device
-rw-------. root root system_u:object_r:snappy_var_lib_t:s0 errtracker.db
drwxr-xr-x. root root system_u:object_r:snappy_var_lib_t:s0 features
drwxr-xr-x. root root system_u:object_r:snappy_var_lib_t:s0 hostfs
drwxr-xr-x. root root system_u:object_r:snappy_var_lib_t:s0 inhibit
drwxr-xr-x. root root system_u:object_r:snappy_var_lib_t:s0 lib
-rw-r--r--. root root system_u:object_r:snappy_var_lib_t:s0 maintenance.json
drwxr-xr-x. root root system_u:object_r:snappy_var_lib_t:s0 mount
drwxr-xr-x. root root system_u:object_r:snappy_var_lib_t:s0 seccomp
drwxr-xr-x. root root system_u:object_r:snappy_var_lib_t:s0 snap
drwxr-xr-x. root root system_u:object_r:snappy_var_lib_t:s0 snaps
-rw-------. root root system_u:object_r:snappy_var_lib_t:s0 state.json
-rw-r--r--. root root system_u:object_r:snappy_var_lib_t:s0 system-key
d--x--x--x. root root system_u:object_r:snappy_var_lib_t:s0 void

journalctl logs

Nov 26 14:52:32 AptyServer001 dbus[972]: [system] Reloaded configuration
Nov 26 14:52:32 AptyServer001 dbus[972]: [system] Reloaded configuration
Nov 26 14:52:32 AptyServer001 systemd[1]: Reloading.
Nov 26 14:52:32 AptyServer001 yum[5478]: Installed: snapd-2.51.7-1.el7.x86_64
Nov 26 14:53:37 AptyServer001 polkitd[959]: Registered Authentication Agent for unix-process:5521:94635206 (system bus name :1.3890 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Nov 26 14:53:37 AptyServer001 systemd[1]: Reloading.
Nov 26 14:53:37 AptyServer001 systemd[1]: Starting Socket activation for snappy daemon.
-- Subject: Unit snapd.socket has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit snapd.socket has begun starting up.
Nov 26 14:53:37 AptyServer001 systemd[1]: Listening on Socket activation for snappy daemon.
-- Subject: Unit snapd.socket has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit snapd.socket has finished starting up.
-- 
-- The start-up result is done.
Nov 26 14:53:37 AptyServer001 polkitd[959]: Unregistered Authentication Agent for unix-process:5521:94635206 (system bus name :1.3890, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Nov 26 14:54:15 AptyServer001 systemd-journal[604]: Suppressed 1854 messages from /system.slice/auditd.service
-- Subject: Messages from a service have been suppressed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- Documentation: man:journald.conf(5)
-- 
-- A service has logged too many messages within a time period. Messages
-- from the service have been dropped.
-- 
-- Note that only messages from the service in question have been
-- dropped, other services' messages are unaffected.
-- 
-- The limits controlling when messages are dropped may be configured
-- with RateLimitInterval= and RateLimitBurst= in
-- /etc/systemd/journald.conf. See journald.conf(5) for details.
Nov 26 14:54:15 AptyServer001 audispd[918]: node=AptyServer001 type=SYSCALL msg=audit(1637898855.164:50507): arch=c000003e syscall=263 success=yes exit=0 a0=ffffffffffffff9c a1=1d9c0c0 a2=0 a3=7ffef06e1de0 items=2 ppid=5006 pid=5543 auid=946850886 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1861 comm="rm" exe="/usr/bin/rm" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"
Nov 26 14:54:15 AptyServer001 audispd[918]: node=AptyServer001 type=CWD msg=audit(1637898855.164:50507):  cwd="/opt/apty/15-oct/offline_pre-req/snap"
Nov 26 14:54:15 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637898855.164:50507): item=0 name="/" inode=64 dev=fd:00 mode=040555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:root_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 14:54:15 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637898855.164:50507): item=1 name="/snap" inode=195318 dev=fd:00 mode=0120777 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:root_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 14:54:15 AptyServer001 audispd[918]: node=AptyServer001 type=PROCTITLE msg=audit(1637898855.164:50507): proctitle=726D002D69002D7266002F736E6170
Nov 26 14:54:31 AptyServer001 audispd[918]: node=AptyServer001 type=SYSCALL msg=audit(1637898871.609:50508): arch=c000003e syscall=263 success=yes exit=0 a0=ffffffffffffff9c a1=9f50c0 a2=200 a3=7ffe4e38c1a0 items=2 ppid=5006 pid=5545 auid=946850886 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1861 comm="rm" exe="/usr/bin/rm" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"
Nov 26 14:54:31 AptyServer001 audispd[918]: node=AptyServer001 type=CWD msg=audit(1637898871.609:50508):  cwd="/opt/apty/15-oct/offline_pre-req/snap"
Nov 26 14:54:31 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637898871.609:50508): item=0 name="/var/lib/snapd/" inode=64 dev=fd:0b mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:snappy_var_lib_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 14:54:31 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637898871.609:50508): item=1 name="/var/lib/snapd/snap" inode=201326729 dev=fd:0b mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:snappy_var_lib_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 14:54:31 AptyServer001 audispd[918]: node=AptyServer001 type=PROCTITLE msg=audit(1637898871.609:50508): proctitle=726D002D69002D7266002F7661722F6C69622F736E6170642F736E6170
Nov 26 14:55:42 AptyServer001 systemd[1]: Starting Snap Daemon...
-- Subject: Unit snapd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit snapd.service has begun starting up.
Nov 26 14:55:42 AptyServer001 snapd[5556]: AppArmor status: apparmor not enabled
Nov 26 14:55:42 AptyServer001 snapd[5556]: daemon.go:248: started snapd/2.51.7-1.el7 (series 16; classic; devmode) rhel/7.9 (amd64) linux/3.10.0-1160.45.1.el7.x86_.
Nov 26 14:55:42 AptyServer001 snapd[5556]: daemon.go:341: adjusting startup timeout by 30s (pessimistic estimate of 30s plus 5s per snap)
Nov 26 14:55:42 AptyServer001 systemd[1]: Started Snap Daemon.
-- Subject: Unit snapd.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit snapd.service has finished starting up.
-- 
-- The start-up result is done.
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=SERVICE_START msg=audit(1637898942.419:50509): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=snapd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=AVC msg=audit(1637898942.422:50510): avc:  denied  { read } for  pid=5556 comm="snapd" name="generic-classic" dev="dm-11" ino=134320267 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=SYSCALL msg=audit(1637898942.422:50510): arch=c000003e syscall=257 success=yes exit=4 a0=ffffffffffffff9c a1=c0000e80a0 a2=80000 a3=0 items=1 ppid=1 pid=5556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snapd" exe="/usr/libexec/snapd/snapd" subj=system_u:system_r:snappy_t:s0 key=(null)
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=CWD msg=audit(1637898942.422:50510):  cwd="/"
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637898942.422:50510): item=0 name="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic" inode=134320267 dev=fd:0b mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:unlabeled_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=PROCTITLE msg=audit(1637898942.422:50510): proctitle="/usr/libexec/snapd/snapd"
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=AVC msg=audit(1637898942.422:50511): avc:  denied  { getattr } for  pid=5556 comm="snapd" path="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" dev="dm-11" ino=134320268 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=SYSCALL msg=audit(1637898942.422:50511): arch=c000003e syscall=262 success=yes exit=0 a0=ffffffffffffff9c a1=c0000e8140 a2=c00047c378 a3=0 items=1 ppid=1 pid=5556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snapd" exe="/usr/libexec/snapd/snapd" subj=system_u:system_r:snappy_t:s0 key=(null)
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=CWD msg=audit(1637898942.422:50511):  cwd="/"
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637898942.422:50511): item=0 name="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" inode=134320268 dev=fd:0b mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:unlabeled_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=PROCTITLE msg=audit(1637898942.422:50511): proctitle="/usr/libexec/snapd/snapd"
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=AVC msg=audit(1637898942.422:50512): avc:  denied  { read } for  pid=5556 comm="snapd" name="active" dev="dm-11" ino=134320268 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=AVC msg=audit(1637898942.422:50512): avc:  denied  { open } for  pid=5556 comm="snapd" path="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" dev="dm-11" ino=134320268 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=SYSCALL msg=audit(1637898942.422:50512): arch=c000003e syscall=257 success=yes exit=5 a0=ffffffffffffff9c a1=c0000e81e0 a2=80000 a3=0 items=1 ppid=1 pid=5556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snapd" exe="/usr/libexec/snapd/snapd" subj=system_u:system_r:snappy_t:s0 key=(null)
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=CWD msg=audit(1637898942.422:50512):  cwd="/"
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637898942.422:50512): item=0 name="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" inode=134320268 dev=fd:0b mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:unlabeled_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=PROCTITLE msg=audit(1637898942.422:50512): proctitle="/usr/libexec/snapd/snapd"
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=AVC msg=audit(1637898942.433:50513): avc:  denied  { getattr } for  pid=5556 comm="snapd" path="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" dev="dm-11" ino=134320268 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=SYSCALL msg=audit(1637898942.433:50513): arch=c000003e syscall=262 success=yes exit=0 a0=ffffffffffffff9c a1=c0000e81e0 a2=c0002d4788 a3=0 items=1 ppid=1 pid=5556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snapd" exe="/usr/libexec/snapd/snapd" subj=system_u:system_r:snappy_t:s0 key=(null)
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=CWD msg=audit(1637898942.433:50513):  cwd="/"
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637898942.433:50513): item=0 name="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" inode=134320268 dev=fd:0b mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:unlabeled_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=PROCTITLE msg=audit(1637898942.433:50513): proctitle="/usr/libexec/snapd/snapd"
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=AVC msg=audit(1637898942.433:50514): avc:  denied  { read } for  pid=5556 comm="snapd" name="active" dev="dm-11" ino=134320268 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=AVC msg=audit(1637898942.433:50514): avc:  denied  { open } for  pid=5556 comm="snapd" path="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" dev="dm-11" ino=134320268 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=SYSCALL msg=audit(1637898942.433:50514): arch=c000003e syscall=257 success=yes exit=4 a0=ffffffffffffff9c a1=c0000e8280 a2=80000 a3=0 items=1 ppid=1 pid=5556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snapd" exe="/usr/libexec/snapd/snapd" subj=system_u:system_r:snappy_t:s0 key=(null)
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=CWD msg=audit(1637898942.433:50514):  cwd="/"
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637898942.433:50514): item=0 name="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" inode=134320268 dev=fd:0b mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:unlabeled_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 14:55:42 AptyServer001 audispd[918]: node=AptyServer001 type=PROCTITLE msg=audit(1637898942.433:50514): proctitle="/usr/libexec/snapd/snapd"
Nov 26 14:56:21 AptyServer001 audispd[918]: node=AptyServer001 type=SYSCALL msg=audit(1637898981.277:50515): arch=c000003e syscall=159 success=yes exit=0 a0=7fff43cbbec0 a1=0 a2=fffffffffffa4cf7 a3=55ebb8226520 items=0 ppid=1 pid=967 auid=4294967295 uid=998 gid=996 euid=998 suid=998 fsuid=998 egid=996 sgid=996 fsgid=996 tty=(none) ses=4294967295 comm="chronyd" exe="/usr/sbin/chronyd" subj=system_u:system_r:chronyd_t:s0 key="time-change"
Nov 26 14:56:21 AptyServer001 audispd[918]: node=AptyServer001 type=PROCTITLE msg=audit(1637898981.277:50515): proctitle="/usr/sbin/chronyd"
Nov 26 14:56:21 AptyServer001 audispd[918]: node=AptyServer001 type=SYSCALL msg=audit(1637898981.277:50516): arch=c000003e syscall=159 success=yes exit=0 a0=7fff43cbbed0 a1=0 a2=fffffffffffa4956 a3=55ebb8226520 items=0 ppid=1 pid=967 auid=4294967295 uid=998 gid=996 euid=998 suid=998 fsuid=998 egid=996 sgid=996 fsgid=996 tty=(none) ses=4294967295 comm="chronyd" exe="/usr/sbin/chronyd" subj=system_u:system_r:chronyd_t:s0 key="time-change"
Nov 26 14:56:21 AptyServer001 audispd[918]: node=AptyServer001 type=PROCTITLE msg=audit(1637898981.277:50516): proctitle="/usr/sbin/chronyd"
Nov 26 14:56:21 AptyServer001 audispd[918]: node=AptyServer001 type=SYSCALL msg=audit(1637898981.278:50517): arch=c000003e syscall=159 success=yes exit=0 a0=7fff43cbbfc0 a1=1 a2=0 a3=55ebb8226520 items=0 ppid=1 pid=967 auid=4294967295 uid=998 gid=996 euid=998 suid=998 fsuid=998 egid=996 sgid=996 fsgid=996 tty=(none) ses=4294967295 comm="chronyd" exe="/usr/sbin/chronyd" subj=system_u:system_r:chronyd_t:s0 key="time-change"
Nov 26 14:56:21 AptyServer001 audispd[918]: node=AptyServer001 type=PROCTITLE msg=audit(1637898981.278:50517): proctitle="/usr/sbin/chronyd"
Nov 26 14:56:25 AptyServer001 snapd[5556]: stateengine.go:150: state ensure error: Get "https://api.snapcraft.io/api/v1/snaps/sections": context deadline exceeded
Nov 26 14:56:26 AptyServer001 systemd[1]: Reloading.
Nov 26 14:56:26 AptyServer001 audispd[918]: node=AptyServer001 type=USER_AVC msg=audit(1637898986.200:50518): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  { enable } for auid=n/a uid=0 gid=0 path="/proc/self/mountinfo" cmdline="systemctl enable var-lib-snapd-snap-core-11993.mount" scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=service  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
Nov 26 14:56:26 AptyServer001 systemd[1]: Reloading.
Nov 26 14:56:26 AptyServer001 snapd[5556]: handlers.go:757: expected snap "core" revision 11993 to be mounted but is not
Nov 26 14:56:36 AptyServer001 snapd[5556]: taskrunner.go:271: [change 2 "Mount snap \"core\" (11993)" task] failed: cannot proceed, expected snap "core" revision 11993 to be mounted but is not
Nov 26 14:56:36 AptyServer001 audispd[918]: node=AptyServer001 type=USER_AVC msg=audit(1637898996.280:50519): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  { status } for auid=n/a uid=0 gid=0 cmdline="systemctl is-enabled whoopsie.service" scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=system  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
Nov 26 14:56:36 AptyServer001 audispd[918]: node=AptyServer001 type=AVC msg=audit(1637898996.289:50520): avc:  denied  { search } for  pid=5743 comm="journalctl" name="1" dev="proc" ino=9801 scontext=system_u:system_r:journalctl_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dir permissive=0
Nov 26 14:56:36 AptyServer001 audispd[918]: node=AptyServer001 type=SYSCALL msg=audit(1637898996.289:50520): arch=c000003e syscall=2 success=no exit=-13 a0=7ffca7d993a0 a1=80000 a2=1b6 a3=24 items=1 ppid=5556 pid=5743 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="journalctl" exe="/usr/bin/journalctl" subj=system_u:system_r:journalctl_t:s0 key=(null)
Nov 26 14:56:36 AptyServer001 audispd[918]: node=AptyServer001 type=CWD msg=audit(1637898996.289:50520):  cwd="/"
Nov 26 14:56:36 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637898996.289:50520): item=0 name="/proc/1/environ" objtype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 14:56:36 AptyServer001 audispd[918]: node=AptyServer001 type=PROCTITLE msg=audit(1637898996.289:50520): proctitle=6A6F75726E616C63746C002D62002D2D7072696F726974793D7761726E696E672E2E657272002D2D6C696E65733D31303030
Nov 26 14:56:36 AptyServer001 audispd[918]: node=AptyServer001 type=AVC msg=audit(1637898996.290:50521): avc:  denied  { sys_resource } for  pid=5743 comm="journalctl" capability=24  scontext=system_u:system_r:journalctl_t:s0 tcontext=system_u:system_r:journalctl_t:s0 tclass=capability permissive=0
Nov 26 14:56:36 AptyServer001 audispd[918]: node=AptyServer001 type=SYSCALL msg=audit(1637898996.290:50521): arch=c000003e syscall=160 success=no exit=-1 a0=7 a1=7ffca7d99e70 a2=0 a3=8 items=0 ppid=5556 pid=5743 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="journalctl" exe="/usr/bin/journalctl" subj=system_u:system_r:journalctl_t:s0 key=(null)
Nov 26 14:56:36 AptyServer001 audispd[918]: node=AptyServer001 type=PROCTITLE msg=audit(1637898996.290:50521): proctitle=6A6F75726E616C63746C002D62002D2D7072696F726974793D7761726E696E672E2E657272002D2D6C696E65733D31303030
Nov 26 15:00:01 AptyServer001 audispd[918]: node=AptyServer001 type=USER_ACCT msg=audit(1637899201.896:50522): pid=5750 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_access,pam_unix,pam_localuser acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:00:01 AptyServer001 audispd[918]: node=AptyServer001 type=CRED_ACQ msg=audit(1637899201.897:50523): pid=5750 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:00:01 AptyServer001 audispd[918]: node=AptyServer001 type=LOGIN msg=audit(1637899201.897:50524): pid=5750 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=1863 res=1
Nov 26 15:00:01 AptyServer001 systemd[1]: Created slice User Slice of root.
-- Subject: Unit user-0.slice has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit user-0.slice has finished starting up.
-- 
-- The start-up result is done.
Nov 26 15:00:01 AptyServer001 systemd[1]: Started Session 1863 of user root.
-- Subject: Unit session-1863.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit session-1863.scope has finished starting up.
-- 
-- The start-up result is done.
Nov 26 15:00:01 AptyServer001 audispd[918]: node=AptyServer001 type=USER_START msg=audit(1637899201.917:50525): pid=5750 uid=0 auid=0 ses=1863 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:00:01 AptyServer001 audispd[918]: node=AptyServer001 type=CRED_REFR msg=audit(1637899201.919:50526): pid=5750 uid=0 auid=0 ses=1863 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:00:01 AptyServer001 CROND[5752]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Nov 26 15:00:01 AptyServer001 audispd[918]: node=AptyServer001 type=CRED_DISP msg=audit(1637899201.938:50527): pid=5750 uid=0 auid=0 ses=1863 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:00:01 AptyServer001 audispd[918]: node=AptyServer001 type=USER_END msg=audit(1637899201.940:50528): pid=5750 uid=0 auid=0 ses=1863 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:00:01 AptyServer001 systemd[1]: Removed slice User Slice of root.
-- Subject: Unit user-0.slice has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit user-0.slice has finished shutting down.
Nov 26 15:00:12 AptyServer001 audispd[918]: node=AptyServer001 type=AVC msg=audit(1637899212.851:50529): avc:  denied  { read } for  pid=5556 comm="snapd" name="generic-classic" dev="dm-11" ino=134320267 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1
Nov 26 15:00:12 AptyServer001 audispd[918]: node=AptyServer001 type=SYSCALL msg=audit(1637899212.851:50529): arch=c000003e syscall=257 success=yes exit=3 a0=ffffffffffffff9c a1=c0002ba050 a2=80000 a3=0 items=1 ppid=1 pid=5556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snapd" exe="/usr/libexec/snapd/snapd" subj=system_u:system_r:snappy_t:s0 key=(null)
Nov 26 15:00:12 AptyServer001 audispd[918]: node=AptyServer001 type=CWD msg=audit(1637899212.851:50529):  cwd="/"
Nov 26 15:00:12 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637899212.851:50529): item=0 name="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic" inode=134320267 dev=fd:0b mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:unlabeled_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:00:12 AptyServer001 audispd[918]: node=AptyServer001 type=PROCTITLE msg=audit(1637899212.851:50529): proctitle="/usr/libexec/snapd/snapd"
Nov 26 15:00:12 AptyServer001 audispd[918]: node=AptyServer001 type=AVC msg=audit(1637899212.852:50530): avc:  denied  { getattr } for  pid=5556 comm="snapd" path="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" dev="dm-11" ino=134320268 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Nov 26 15:00:12 AptyServer001 audispd[918]: node=AptyServer001 type=SYSCALL msg=audit(1637899212.852:50530): arch=c000003e syscall=262 success=yes exit=0 a0=ffffffffffffff9c a1=c0002ba140 a2=c00064a2a8 a3=0 items=1 ppid=1 pid=5556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snapd" exe="/usr/libexec/snapd/snapd" subj=system_u:system_r:snappy_t:s0 key=(null)
Nov 26 15:00:12 AptyServer001 audispd[918]: node=AptyServer001 type=CWD msg=audit(1637899212.852:50530):  cwd="/"
Nov 26 15:00:12 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637899212.852:50530): item=0 name="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" inode=134320268 dev=fd:0b mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:unlabeled_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:00:12 AptyServer001 audispd[918]: node=AptyServer001 type=PROCTITLE msg=audit(1637899212.852:50530): proctitle="/usr/libexec/snapd/snapd"
Nov 26 15:00:12 AptyServer001 audispd[918]: node=AptyServer001 type=AVC msg=audit(1637899212.852:50531): avc:  denied  { read } for  pid=5556 comm="snapd" name="active" dev="dm-11" ino=134320268 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Nov 26 15:00:12 AptyServer001 audispd[918]: node=AptyServer001 type=AVC msg=audit(1637899212.852:50531): avc:  denied  { open } for  pid=5556 comm="snapd" path="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" dev="dm-11" ino=134320268 scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Nov 26 15:00:12 AptyServer001 audispd[918]: node=AptyServer001 type=SYSCALL msg=audit(1637899212.852:50531): arch=c000003e syscall=257 success=yes exit=4 a0=ffffffffffffff9c a1=c0002ba280 a2=80000 a3=0 items=1 ppid=1 pid=5556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snapd" exe="/usr/libexec/snapd/snapd" subj=system_u:system_r:snappy_t:s0 key=(null)
Nov 26 15:00:12 AptyServer001 audispd[918]: node=AptyServer001 type=CWD msg=audit(1637899212.852:50531):  cwd="/"
Nov 26 15:00:12 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637899212.852:50531): item=0 name="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" inode=134320268 dev=fd:0b mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:unlabeled_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:00:12 AptyServer001 audispd[918]: node=AptyServer001 type=PROCTITLE msg=audit(1637899212.852:50531): proctitle="/usr/libexec/snapd/snapd"
Nov 26 15:01:01 AptyServer001 audispd[918]: node=AptyServer001 type=USER_ACCT msg=audit(1637899261.953:50532): pid=5764 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_access,pam_unix,pam_localuser acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:01:01 AptyServer001 audispd[918]: node=AptyServer001 type=CRED_ACQ msg=audit(1637899261.953:50533): pid=5764 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:01:01 AptyServer001 audispd[918]: node=AptyServer001 type=LOGIN msg=audit(1637899261.954:50534): pid=5764 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=1864 res=1
Nov 26 15:01:01 AptyServer001 systemd[1]: Created slice User Slice of root.
-- Subject: Unit user-0.slice has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit user-0.slice has finished starting up.
-- 
-- The start-up result is done.
Nov 26 15:01:01 AptyServer001 systemd[1]: Started Session 1864 of user root.
-- Subject: Unit session-1864.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit session-1864.scope has finished starting up.
-- 
-- The start-up result is done.
Nov 26 15:01:01 AptyServer001 audispd[918]: node=AptyServer001 type=USER_START msg=audit(1637899261.969:50535): pid=5764 uid=0 auid=0 ses=1864 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:01:01 AptyServer001 audispd[918]: node=AptyServer001 type=CRED_REFR msg=audit(1637899261.970:50536): pid=5764 uid=0 auid=0 ses=1864 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:01:01 AptyServer001 CROND[5766]: (root) CMD (run-parts /etc/cron.hourly)
Nov 26 15:01:01 AptyServer001 run-parts(/etc/cron.hourly)[5769]: starting 0anacron
Nov 26 15:01:01 AptyServer001 run-parts(/etc/cron.hourly)[5775]: finished 0anacron
Nov 26 15:01:01 AptyServer001 audispd[918]: node=AptyServer001 type=CRED_DISP msg=audit(1637899261.995:50537): pid=5764 uid=0 auid=0 ses=1864 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:01:01 AptyServer001 audispd[918]: node=AptyServer001 type=USER_END msg=audit(1637899261.997:50538): pid=5764 uid=0 auid=0 ses=1864 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
Nov 26 15:01:02 AptyServer001 systemd[1]: Removed slice User Slice of root.
-- Subject: Unit user-0.slice has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit user-0.slice has finished shutting down.
Nov 26 15:02:57 AptyServer001 audispd[918]: node=AptyServer001 type=SYSCALL msg=audit(1637899377.787:50539): arch=c000003e syscall=2 success=no exit=-13 a0=1ac76d0 a1=441 a2=1b6 a3=fffffff0 items=1 ppid=5006 pid=5782 auid=946850886 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1861 comm="bash" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"
Nov 26 15:02:57 AptyServer001 audispd[918]: node=AptyServer001 type=CWD msg=audit(1637899377.787:50539):  cwd="/opt/apty/15-oct/offline_pre-req/snap"
Nov 26 15:02:57 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637899377.787:50539): item=0 name="/opt/apty/15-oct/offline_pre-req/snap" inode=5326603 dev=00:2d mode=040775 ouid=946850886 ogid=946800513 rdev=00:00 obj=system_u:object_r:nfs_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:02:57 AptyServer001 audispd[918]: node=AptyServer001 type=PROCTITLE msg=audit(1637899377.787:50539): proctitle="-bash"
Nov 26 15:03:56 AptyServer001 audispd[918]: node=AptyServer001 type=SYSCALL msg=audit(1637899436.255:50540): arch=c000003e syscall=2 success=no exit=-13 a0=7ffe246136fa a1=941 a2=1b6 a3=7ffe24610de0 items=1 ppid=5006 pid=5783 auid=946850886 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1861 comm="touch" exe="/usr/bin/touch" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access"
Nov 26 15:03:56 AptyServer001 audispd[918]: node=AptyServer001 type=CWD msg=audit(1637899436.255:50540):  cwd="/opt/apty/15-oct/offline_pre-req/snap"
Nov 26 15:03:56 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637899436.255:50540): item=0 name="/opt/apty/15-oct/offline_pre-req/snap" inode=5326603 dev=00:2d mode=040775 ouid=946850886 ogid=946800513 rdev=00:00 obj=system_u:object_r:nfs_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:03:56 AptyServer001 audispd[918]: node=AptyServer001 type=PROCTITLE msg=audit(1637899436.255:50540): proctitle=746F75636800726561646D652E747874
Nov 26 15:04:53 AptyServer001 audispd[918]: node=AptyServer001 type=SYSCALL msg=audit(1637899493.728:50541): arch=c000003e syscall=87 success=yes exit=0 a0=1acf190 a1=0 a2=180 a3=ffffffff items=2 ppid=5005 pid=5006 auid=946850886 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1861 comm="bash" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"
Nov 26 15:04:53 AptyServer001 audispd[918]: node=AptyServer001 type=CWD msg=audit(1637899493.728:50541):  cwd="/var/lib/snapd"
Nov 26 15:04:53 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637899493.728:50541): item=0 name="/tmp/" inode=64 dev=fd:08 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:04:53 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637899493.728:50541): item=1 name="/tmp/sh-thd-34483822169" inode=70 dev=fd:08 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:04:53 AptyServer001 audispd[918]: node=AptyServer001 type=PROCTITLE msg=audit(1637899493.728:50541): proctitle="-bash"
Nov 26 15:05:00 AptyServer001 audispd[918]: node=AptyServer001 type=SYSCALL msg=audit(1637899500.649:50542): arch=c000003e syscall=263 success=yes exit=0 a0=ffffffffffffff9c a1=190f0c0 a2=0 a3=7fff2ecfd560 items=2 ppid=5006 pid=5789 auid=946850886 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1861 comm="rm" exe="/usr/bin/rm" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"
Nov 26 15:05:00 AptyServer001 audispd[918]: node=AptyServer001 type=CWD msg=audit(1637899500.649:50542):  cwd="/var/lib/snapd"
Nov 26 15:05:00 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637899500.649:50542): item=0 name="/var/lib/snapd" inode=64 dev=fd:0b mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:snappy_var_lib_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:05:00 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637899500.649:50542): item=1 name="readme.txt" inode=84 dev=fd:0b mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:snappy_var_lib_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:05:00 AptyServer001 audispd[918]: node=AptyServer001 type=PROCTITLE msg=audit(1637899500.649:50542): proctitle=726D002D6900726561646D652E747874
Nov 26 15:06:06 AptyServer001 audispd[918]: node=AptyServer001 type=SYSCALL msg=audit(1637899566.387:50543): arch=c000003e syscall=87 success=yes exit=0 a0=1ad0d90 a1=0 a2=180 a3=ffffffff items=2 ppid=5005 pid=5006 auid=946850886 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1861 comm="bash" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"
Nov 26 15:06:06 AptyServer001 audispd[918]: node=AptyServer001 type=CWD msg=audit(1637899566.387:50543):  cwd="/var/snap"
Nov 26 15:06:06 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637899566.387:50543): item=0 name="/tmp/" inode=64 dev=fd:08 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:06:06 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637899566.387:50543): item=1 name="/tmp/sh-thd-70588745982" inode=70 dev=fd:08 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:06:06 AptyServer001 audispd[918]: node=AptyServer001 type=PROCTITLE msg=audit(1637899566.387:50543): proctitle="-bash"
Nov 26 15:06:12 AptyServer001 audispd[918]: node=AptyServer001 type=SYSCALL msg=audit(1637899572.296:50544): arch=c000003e syscall=263 success=yes exit=0 a0=ffffffffffffff9c a1=24b20c0 a2=0 a3=7ffdfc0947a0 items=2 ppid=5006 pid=5801 auid=946850886 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1861 comm="rm" exe="/usr/bin/rm" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"
Nov 26 15:06:12 AptyServer001 audispd[918]: node=AptyServer001 type=CWD msg=audit(1637899572.296:50544):  cwd="/var/snap"
Nov 26 15:06:12 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637899572.296:50544): item=0 name="/var/snap" inode=64 dev=fd:0a mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:snappy_var_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:06:12 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637899572.296:50544): item=1 name="readme.txt" inode=67 dev=fd:0a mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:snappy_var_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:06:12 AptyServer001 audispd[918]: node=AptyServer001 type=PROCTITLE msg=audit(1637899572.296:50544): proctitle=726D002D6900726561646D652E747874
Nov 26 15:06:28 AptyServer001 audispd[918]: node=AptyServer001 type=SYSCALL msg=audit(1637899588.941:50545): arch=c000003e syscall=87 success=yes exit=0 a0=1ad16a0 a1=0 a2=180 a3=ffffffff items=2 ppid=5005 pid=5006 auid=946850886 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1861 comm="bash" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"
Nov 26 15:06:28 AptyServer001 audispd[918]: node=AptyServer001 type=CWD msg=audit(1637899588.941:50545):  cwd="/var/snap"
Nov 26 15:06:28 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637899588.941:50545): item=0 name="/tmp/" inode=64 dev=fd:08 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:06:28 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637899588.941:50545): item=1 name="/tmp/sh-thd-140651121516" inode=70 dev=fd:08 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:06:28 AptyServer001 audispd[918]: node=AptyServer001 type=PROCTITLE msg=audit(1637899588.941:50545): proctitle="-bash"
Nov 26 15:06:30 AptyServer001 audispd[918]: node=AptyServer001 type=SYSCALL msg=audit(1637899590.351:50546): arch=c000003e syscall=87 success=yes exit=0 a0=1ad17c0 a1=0 a2=180 a3=ffffffff items=2 ppid=5005 pid=5006 auid=946850886 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1861 comm="bash" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="delete"
Nov 26 15:06:30 AptyServer001 audispd[918]: node=AptyServer001 type=CWD msg=audit(1637899590.351:50546):  cwd="/var/snap"
Nov 26 15:06:30 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637899590.351:50546): item=0 name="/tmp/" inode=64 dev=fd:08 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:06:30 AptyServer001 audispd[918]: node=AptyServer001 type=PATH msg=audit(1637899590.351:50546): item=1 name="/tmp/sh-thd-279697918652" inode=70 dev=fd:08 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Nov 26 15:06:30 AptyServer001 audispd[918]: node=AptyServer001 type=PROCTITLE msg=audit(1637899590.351:50546): proctitle="-bash"

mborzecki · November 30, 2021, 7:17am

Sam.Sundar:

Nov 26 14:56:26 AptyServer001 audispd[918]: node=AptyServer001 type=USER_AVC msg=audit(1637898986.200:50518): 
pid=1 uid=0 auid=4294967295 ses=4294967295 
subj=system_u:system_r:init_t:s0 
msg='avc:  denied  { enable } for auid=n/a uid=0 gid=0 path="/proc/self/mountinfo" 
     cmdline="systemctl enable var-lib-snapd-snap-core-11993.mount" 
     scontext=system_u:system_r:snappy_t:s0 
     tcontext=system_u:system_r:init_t:s0 tclass=service  
     exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'

I think this denial may be causing a problem. I’m not quite sure why it does not come up in our test suite which runs some tests in enforcing mode. SInce snapd touches many things in the system, its policy is still set to permissive. For some reason, this is ignored(?) by the userspace selinux server?

Sam.Sundar:

Nov 26 15:00:12 AptyServer001 audispd[918]: node=AptyServer001 type=AVC msg=audit(1637899212.852:50531): 
  avc:  denied  { read } for  pid=5556 comm="snapd" 
  name="active" dev="dm-11" ino=134320268 
  scontext=system_u:system_r:snappy_t:s0 
  tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Nov 26 15:00:12 AptyServer001 audispd[918]: node=AptyServer001 type=AVC msg=audit(1637899212.852:50531): 
  avc:  denied  { open } for  pid=5556 comm="snapd" 
  path="/var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active" 
  dev="dm-11" ino=134320268
  scontext=system_u:system_r:snappy_t:s0
  tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1

Was this file copied around with cp but without -a ? Please run restorecon -FRv /var/lib/snapd/assertions.

Sam.Sundar · November 30, 2021, 7:22am

Hi @mborzecki,

Sure we will run restorecon -FRv /var/lib/snapd/assertions

Is there any way to fix this denial issue ?

Sam.Sundar · December 1, 2021, 1:59am

Hi @mborzecki

Ran restorecon and still no luck . Any help would be very helpful for me.

[root@AptyServer snap]# restorecon -FRv /var/lib/snapd

restorecon reset /var/lib/snapd/assertions/asserts-v0 context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/account-key context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/account-key/BWDEoaqyr25nF5SNCvEv2v7QnM9QsfCc0PBMYD_i2NGSQ32EF2d4D0hqUel3m8ul context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/account-key/BWDEoaqyr25nF5SNCvEv2v7QnM9QsfCc0PBMYD_i2NGSQ32EF2d4D0hqUel3m8ul/active context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/snap-declaration context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/snap-declaration/16 context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/snap-declaration/16/99T7MUlRhtI3U0QFgl5mXXESAiSwt776 context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/snap-declaration/16/99T7MUlRhtI3U0QFgl5mXXESAiSwt776/active context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/snap-declaration/16/CSO04Jhav2yK0uz97cr0ipQRyqg0qQL6 context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/snap-declaration/16/CSO04Jhav2yK0uz97cr0ipQRyqg0qQL6/active context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/snap-declaration/16/TKebVGcPeDKoOqAmNmczU2oWLtsojKD5 context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/snap-declaration/16/TKebVGcPeDKoOqAmNmczU2oWLtsojKD5/active context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/snap-declaration/16/PMrrV4ml8uWuEUDBT8dSGnKUYbevVhc4 context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/snap-declaration/16/PMrrV4ml8uWuEUDBT8dSGnKUYbevVhc4/active context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/snap-revision context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/snap-revision/oePUXTKN5c6Y8Hi3OeGgMnLmYRSSiEpJSmF-0GaipyxyxnaH0oMBJblLORJA21in context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/snap-revision/oePUXTKN5c6Y8Hi3OeGgMnLmYRSSiEpJSmF-0GaipyxyxnaH0oMBJblLORJA21in/active context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/snap-revision/QFGovoTbBaFi6YSqscNf7hmhHFXK6svoyMI5d-dY_MyGRmA-7r8D6jBdMWRm_QMz context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/snap-revision/QFGovoTbBaFi6YSqscNf7hmhHFXK6svoyMI5d-dY_MyGRmA-7r8D6jBdMWRm_QMz/active context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/snap-revision/fcPYIOOe2wPt3Nvf6GcQ1Tp4B5sKHyvvIIty7TruSjYv939pP6udkGnfFUKC-5L9 context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/snap-revision/fcPYIOOe2wPt3Nvf6GcQ1Tp4B5sKHyvvIIty7TruSjYv939pP6udkGnfFUKC-5L9/active context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/snap-revision/pg0ImlVJyQglqV9Bj2SQPQwZnUuEPJ7PnkdEPUHF1D0JTKXTcVJ4TENW4pl4Zhqz context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/snap-revision/pg0ImlVJyQglqV9Bj2SQPQwZnUuEPJ7PnkdEPUHF1D0JTKXTcVJ4TENW4pl4Zhqz/active context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/model context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/model/16 context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/model/16/generic context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

restorecon reset /var/lib/snapd/assertions/asserts-v0/model/16/generic/generic-classic/active context system_u:object_r:unlabeled_t:s0->system_u:object_r:snappy_var_lib_t:s0

[root@AptyServer snap]#

When i try again,


[root@AptyServer snap]# snap install core_*.snap

error: cannot perform the following tasks:

- Mount snap "core" (11993) (cannot undo partial setup snap "core": umount: /var/lib/snapd/snap/core/11993: not mounted)

- Mount snap "core" (11993) (cannot proceed, expected snap "core" revision 11993 to be mounted but is not)

mborzecki · December 1, 2021, 7:58am

The restorecon command only fixed the denials in /var/lib/snapd/assertions/asserts-v0, as those were clearly wrong, possibly due to incorrect invocation of cp command done before.

I’ve set up a clean CentOS 8 system, made sure it’s in enforcing mode, installed and removed a couple of snaps and it works. I’ve inspected the SELinux policy, and clearly snapd (snappy_t context) has the right permissions to manage systemd units (systemd_unit_t context):

[guest@localhost ~]$ sesearch -A -s snappy_t |grep unit
allow daemon systemd_unit_file_type:dir getattr;
allow snappy_t systemd_unit_file_t:dir rmdir;
allow snappy_t systemd_unit_file_type:dir { add_name getattr ioctl lock open read remove_name search write };
allow snappy_t systemd_unit_file_type:file { append create getattr ioctl link lock open read rename setattr unlink write };
allow snappy_t systemd_unit_file_type:lnk_file { append create getattr ioctl link lock read rename setattr unlink write };
allow snappy_t systemd_unit_file_type:service { disable enable reload start status stop };

And the units under /etc/systemd/system have correct labels:

[guest@localhost ~]$ ls -lZ /etc/systemd/system |grep var-lib-snap
-rw-r--r--. 1 root root system_u:object_r:systemd_unit_file_t:s0  339 Dec  1 07:40 var-lib-snapd-snap-core-11993.mount

At this point I have no idea why it does not work in your system. I suspect there is something wrong with the policy you have installed, or perhaps the labels are wrong given that they were wrong for other files too.

Perhaps you should auto-relabel the whole system on boot and make sure that all packages are updated. The relabeling on boot is usually achieved by touch /.autorelabel && reboot, but please double check with the relevant RHEL manual.

Sam.Sundar · December 1, 2021, 9:29am

Hey @mborzecki,

Thanks a lot, at this point even i’m thinking of taking a new server and start from scratch.

Thanks a lot for the insights, you guys are the BEST !!

Sam.Sundar · December 13, 2021, 11:17am

Hi @mborzecki,

As you know we had mounts configured and we had to restart the server and all the folders in below folder went missing. Weird thing is, volume is already present and is mounted, only these files are missing. What can be done to restore the files back ?

/var/lib/snapd/snap

mborzecki · December 13, 2021, 11:48am

You need to ensure that whatever volume holds the contents of /var/lib/snapd gets mounted before the snaps at /var/lib/snapd/snap/*. Given that you were shuffling volumes before, I would suggest to verify that the contents are actually on the volume you expect.

Sam.Sundar · December 13, 2021, 11:55am

Hey @mborzecki,

The contents inside /var/lib/snapd are present only the bin folder inside /var/lib/snapd/snap is long gone.