SELinux blocks snaps on fedora

Also replied in the forums: https://forum.snapcraft.io/t/selinux-blocking-snapd-since-update-on-fedora-27/3002/2

Pulled the latest Fedora cloud image. Installed snapd and kernel-modules (to get squashfs driver). Things seem to be working just fine here:

[fedora@localhost ~]$ sudo snap install hello-world
hello-world 6.3 from 'canonical' installed
[fedora@localhost ~]$ snap list
Name Version Rev Developer Notes
core 16-2.29.4.2 3604 canonical core
hello-world 6.3 27 canonical -
[fedora@localhost ~]$ uname -a
Linux localhost.localdomain 4.14.5-300.fc27.x86_64 #1 SMP Mon Dec 11 16:00:36 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[fedora@localhost ~]$ snap version
snap 2.29.4-2.fc27
snapd 2.29.4-2.fc27
series 16
fedora 27
kernel 4.14.5-300.fc27.x86_64
[fedora@localhost ~]$ getenforce
Enforcing

getattr getting blocked by SELinux seems to be unrelated.

Before updating the system and snapd package can you check:

- selinux is in enforcing mode
- does it still freeze if selinux is in permissive?
- long shot but check if there are unlabeled files find / -context '*unlabeled_t*',
  this should list only files under /var/lib/snapd/snap (the snaps that are installed
  and mounted)

If nothing unusual comes up, can you update the system to the latest kernel and snapd
pacakge and try again?

As discussed in the forum, the problem is after all caused by SELinux. A pull request with a proposed fix is currently opened in snapd repo: https://github.com/snapcore/snapd/pull/4404

The fix has been merged to master. The patches will be cherry-picked for 2.30 release.

Fedora maintainer has released the fix to Fedora 26 and 27. Update status:
https://bodhi.fedoraproject.org/updates/FEDORA-2017-cdd5534bdf
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6283ed1413

Updates should hit the `updates` by the end of the year.

Both packages are in the 'updates' repositories for Fedora 26 and 27 now.