SELinux prevents chattr to use linux_immutable

cookie170 · April 15, 2026, 10:57am

On Tumbleweed, up-to-date, SELinux prints:

SELinux hindert chattr daran, die linux_immutable-Fähigkeit zu verwenden.

which can be translated into English as “SELinux prevents chattr to use linux_immutable” or “to use linux_immutable abilities”.

I’ve no idea what chattr is supposed to do and how to make it work. Some hints would be helpful – thank you!

susejunky · April 15, 2026, 12:15pm

When will SELinux print this error message? After execution of what command?

LANG=C ausearch -m avc,user_avc,selinux_err,user_selinux_err -ts boot

(executed as “root” in a terminal/konsole) may provide better information about the problem.

cookie170 · April 15, 2026, 8:33pm

LANG=C ausearch -m avc,user_avc,selinux_err,user_selinux_err -ts boot
----
time->Wed Apr 15 11:52:14 2026
type=AVC msg=audit(1776246734.849:171): avc:  denied  { linux_immutable } for  pid=5793 comm="chattr" capability=9  scontext=system_u:system_r:snapper_sdbootutil_plugin_t:s0 tcontext=system_u:system_r:snapper_sdbootutil_plugin_t:s0 tclass=capability permissive=1

susejunky · April 16, 2026, 12:57pm

As I do not use snapper I can’t help you with that. But probably

LANG=C ausearch -m avc,user_avc,selinux_err,user_selinux_err -ts boot | audit2why

can give you a hint.

malcolmlewis · April 16, 2026, 1:56pm

@cookie170 in the forum side panel is a link to the SELinux Portal . Suggest you visit there and look at creating a bug report.

system · May 16, 2026, 1:56pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.