I am unable to run snap on Rocky 8 if SELINUX is in enforcing mode.
[rocky@ip-172-31-24-223 ~]$ sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
[rocky@ip-172-31-24-223 ~]$ sudo snap refresh
error: cannot communicate with server: timeout exceeded while waiting for response
It works in permissive mode
[rocky@ip-172-31-24-223 ~]$ snap refresh
error: access denied (try with sudo)
[rocky@ip-172-31-24-223 ~]$ sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
[rocky@ip-172-31-24-223 ~]$ sudo snap refresh
All snaps up to date.
On Rocky 8 with all the latest patches applied
[rocky@ip-172-31-24-223 ~]$ cat /etc/os-release
NAME="Rocky Linux"
VERSION="8.10 (Green Obsidian)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.10"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Rocky Linux 8.10 (Green Obsidian)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:8:GA"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
SUPPORT_END="2029-05-31"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-8"
ROCKY_SUPPORT_PRODUCT_VERSION="8.10"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.10"
[rocky@ip-172-31-24-223 ~]$ dnf info snapd-selinux
Last metadata expiration check: 0:00:21 ago on Tue 04 Feb 2025 03:06:29 PM UTC.
Installed Packages
Name : snapd-selinux
Version : 2.67
Release : 0.el8
Architecture : noarch
Size : 44 k
Source : snapd-2.67-0.el8.src.rpm
Repository : @System
From repo : epel
Summary : SELinux module for snapd
URL : https://github.com/snapcore/snapd
License : GPL-2.0-or-later
Description : This package provides the SELinux policy module to ensure snapd
: runs properly under an environment with SELinux enabled.
If it helps, I have logged a bug at Bug #2097170 “Snapd not working on RHEL/Rocky 8 due to SELINUX” : Bugs : snapd