Hello, friends. I have a Tumbleweed install that I am very close to getting back into transactional-updates after a restoration from a tarball. I can’t for the life of me figure out what is going on here but have traced it to a particular source file in tukit - see here, in particular /lib/Transaction.cpp. It builds up a list of directories in the snapMount function and /var/lib/selinux is one. I will provide system details further below. For the record, I had transactional-updates operational on a fairly custom install of Tumbleweed prior. I thought this was some issue with mktempfs but turns out it is occuring in that particular source file.
***:/home/**** # transactional-update dup
Checking for newer version.
transactional-update 5.5.0 started
Options: dup
Separate /var detected.
ERROR: filesystem error: cannot create directories: Operation not permitted [/tmp/transactional-update-FZjPF4/var/lib/selinux]
...
Once I get the golden first success into a read-only snapshot, my system is basically back where it was. I am not a fan of handling snapper things manually for the time being.
/dev/mapper/cr_root / btrfs defaults,subvol=/@ 0 0
UUID=19b70809-f196-41df-8353-aea0a02575d1 /var btrfs subvol=/@/var,x-initrd.mount 0 0
UUID=19b70809-f196-41df-8353-aea0a02575d1 /var/.snapshots btrfs subvol=/@/var/.snapshots 0 0
UUID=19b70809-f196-41df-8353-aea0a02575d1 /var/lib/machines btrfs subvol=/@/var/lib/machines 0 0
UUID=19b70809-f196-41df-8353-aea0a02575d1 /var/lib/machines/.snapshots btrfs subvol=/@/var/lib/machines/.snapshots 0 0
UUID=19b70809-f196-41df-8353-aea0a02575d1 /usr/local btrfs subvol=/@/usr/local 0 0
UUID=19b70809-f196-41df-8353-aea0a02575d1 /srv btrfs subvol=/@/srv 0 0
UUID=19b70809-f196-41df-8353-aea0a02575d1 /root btrfs subvol=/@/root,x-initrd.mount 0 0
UUID=19b70809-f196-41df-8353-aea0a02575d1 /opt btrfs subvol=/@/opt 0 0
/dev/mapper/cr_home /home btrfs subvol=/@/home 0 0
UUID=19b70809-f196-41df-8353-aea0a02575d1 /boot/grub2/x86_64-efi btrfs subvol=/@/boot/grub2/x86_64-efi 0 0
UUID=19b70809-f196-41df-8353-aea0a02575d1 /boot/grub2/i386-pc btrfs subvol=/@/boot/grub2/i386-pc 0 0
UUID=24A0-FCE1 /boot/efi vfat utf8,fmask=0077,dmask=0077 0 2
/var/swap/swapfile none swap defaults 0 0
/dev/mapper/cr_root /.snapshots btrfs subvol=/@/.snapshots 0 0
proc /proc proc nosuid,nodev,noexec,hidepid=2,gid=proc 0 0
# bind mount for /var/lib/wtmpdb since readonly database errors are occuring as-is
/srv/data/wtmpdb /var/lib/wtmpdb none bind 0 0
/etc /etc none bind,x-initrd.mount 0 0
tmpfs /tmp tmpfs size=25%,uid=root,gid=root,mode=1777,noexec 0 0
GRUB_CMDLINE_LINUX="root=/dev/mapper/cr_root plymouth.enable=0 loglevel=0 security=selinux selinux=1 enforcing=0 net.ifnames=1 biosdevname=0 slab_nomerge slub_debug=FZ init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on randomize_kstack_offset=on vsyscall=none debugfs=off oops=panic module.sig_enforce=1 lockdown=confidentiality spectre_v2=on gather_data_sampling=force spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force hash_pointers=always i2c_hid.acpi_force_power=1 resume=/dev/mapper/cr_root resume_offset=46457490 mitigations=auto,nosmt rootflags=subvol=@/.snapshots/446/snapshot systemd.machine_id=494df0033c5ad3748a474efd68747ab7"
# Configuration file for transactional-update
# See transactional-update.conf(5) for details
# Reboot method
# Valid values: auto rebootmgr notify systemd kured none
# Deprecated: kexec
#REBOOT_METHOD=auto
# Default zypper update method
# Valid values: dup up
UPDATE_METHOD=dup
# Import new repository GPG keys automatically
# Valid values: 0 1
#ZYPPER_AUTO_IMPORT_KEYS=0
I don’t think the crypttab would matter here, let me know if I missed any configs you may need.