I have the same issue. Updated this on CentOS 7
---> Package snap-confine.x86_64 0:2.53.2-2.el7 will be updated
---> Package snap-confine.x86_64 0:2.53.4-1.el7 will be an update
---> Package snapd.x86_64 0:2.53.2-2.el7 will be updated
---> Package snapd.x86_64 0:2.53.4-1.el7 will be an update
---> Package snapd-selinux.noarch 0:2.53.2-2.el7 will be updated
---> Package snapd-selinux.noarch 0:2.53.4-1.el7 will be an update
and it stopped working. In permissive mode, it seems fine although I didn’t test much. After reboot, snap refresh, list and some more, it looks like it’s related to timedated:
# audit2allow < /var/log/audit/audit.log
#============= snappy_t ==============
allow snappy_t proc_xen_t:dir search;
allow snappy_t systemd_timedated_t:dbus send_msg;
#============= sssd_selinux_manager_t ==============
allow sssd_selinux_manager_t init_t:unix_stream_socket append;
#============= systemd_timedated_t ==============
allow systemd_timedated_t snappy_t:dbus send_msg;
The sssd_selinux_manager_t is “normal” and proc_xen_t:dir is /proc/xen because it’s running on a Xen VM. I guess it’s scanning the whole /proc directory? (Why?) Either way, those two were also there before the update…
I don’t know about EL 8.