I’m on Fedora 35. The first time (after boot) I do anything snap related (launch one/run any snap command), I get 3 SELinux alerts:
getattr and open on /home/.snapshots; read on /.snapshots, the default paths for snapper.
Please correct me if I’m wrong, but I don’t see a reason for snapd to touch filesystem snapshots.
(Snaps still work fine)
Can you paste the actual AVC entries?
I didn’t get it again so far, I’ll keep an eye on it O_o
I recall a bug I someone filed a couple of days ago: https://bugzilla.redhat.com/show_bug.cgi?id=2027627. The /.snapshots and $HOME/.snapshots belong to snapper, not snapd. Vaguely similar names, but completely unrelated.
I am very well aware that snapper and snapd are unrelated, the alert (I accidentally deleted .__.) said snapd. I’m just wondering why I didn’t see another SELinux alert so far O_o
You can probably go through the audit log: ausearch -m AVC,USER_AVC and look for /.snapshots.
sudo ausearch -m AVC,USER_AVC|grep snapshot literally nothing.
Thanks so far, I’ll just keep going and an eye on angry SELinux alerts.
“Can’t reproduce” without changing things (as far as I know) is not ideal, but I’ll take it
