Snapd won't start in tumbleed because of SELinux

English Applications
1

I am trying to install gradle on my new opensuse tumbleweed desktop using snapd. But first I have to install snapd.

I noticed now with Tumbleweed SELinux is now turned on when installed.

When I try to enable snapd with:

sudo systemctl start snapd --now

It fails. I then do

systemctl status snapd

I get

× snapd.service - Snap Daemon
     Loaded: loaded (/usr/lib/systemd/system/snapd.service; disabled; preset: disabled)
     Active: failed (Result: exit-code) since Thu 2025-04-17 21:29:26 CDT; 10min ago
 Invocation: 1ea1a8116ff940938e4cccc003440a19
TriggeredBy: × snapd.socket
    Process: 19005 ExecStart=/usr/lib/snapd/snapd (code=exited, status=1/FAILURE)
   Main PID: 19005 (code=exited, status=1/FAILURE)

I looked in dmesg output and at same time

[ 5688.528615] [  T19017] SELinux: security_context_str_to_sid (system_u:object_r:snappy_snap_t:s0) failed with errno=-22

I did some searching and people of other distributions are installing a package called snappy-selinux

Is there a solution for getting snap to work on tumbleweed?

2

Additional information, I did

sudo ausearch -ts today -m avc,user_avc,selinux_err,user_selinux_err

and I see many of these

type=AVC msg=audit(1744943365.551:847): avc:  denied  { create } for  pid=18933 comm="snapd" name="README.Mhf771tSBHDj~" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:default_t:s0 tclass=file permissive=0
3

I am a software engineer I need gradle, so I found a work around by using SDKMAN instead of Snap, but still am willing to help make this work.

4

See"Report a SELinux bug"
https://en.opensuse.org/Portal:SELinux

1 Like
5

Where snapd comes from? There is no package in openSUSE for all I can tell.

6

https://en.opensuse.org/Snap

1 Like
7

Are you OP? And your link points outside of openSUSE repositories which just confirms what I said - there is no snapd provided by openSUSE. In which case bug report against SELinux in openSUSE is not appropriate unless it includes the working snapd SELinux policy proposed for addition to openSUSE (although it is subject to discussion whether such policy for an external software needs to be included in the main distribution).

In which case you could test Fedora snapd SELinux policy whether it works. At least it avoids doing everything from scratch. If you get working version, the first step would be to get in touch with maintainers of the development project to get this policy into it.

8

No. But this forum lives from helpers which are able to gather informations and provide them. You should know that…(or get used to it).

And the link provides the official information how to install and use snap on openSUSE even if it is not in the standard repos.

9

OK, looking more closely. Upstream snapd comes with SELinux policy and it is possible to build it with either AppArmor or SELinux (I do not know if it can support both at the same time). Fedora package enables SELinux during build. So, what you could do - branch openSUSE package, try to build it with SELinux enabled, test.

11

What is the issue here? I got the documentation on how to install SNAP from opensuse link: https://en.opensuse.org/Snap

12

This is what I used to install SNAP

13

@arvidjaar What in the world is OP ???

I originally installed Tumbleweed 3 months ago and using these instructions, https://en.opensuse.org/Snap everything worked find. I had to reinstall Tumbleweed 2 days ago, and using the same instructions things didn’t work.

That is why I posted the issue here…

If this is the type of response I am going to get, then bye bye… OpenSuse…

14

Thanks! Will do @hui

15

@karlmistelberger - why is this flagged and hidden? I know of other users who are having this same problem… this is an issue…

16

@chostrander because it’s irrelevant to this discussion.

17

Instructions were obviously created before Tumbleweed switched to SELinux as default. If you need snapd now, just switch back to AppArmor.