Would a run of `audit2allow` be sufficient to update the policy?
This is sufficient to cause AVC denials:
```bash
sudo dnf install -y snapd
```
... This causes quite a few more; which is tragically unfortunate.
```bash
snap install microk8s --classic
```
Is snap fundamentally incompatible with MAC: Mandatory Access Control systems like SELinux?
Or would it be necessary to require package authors to include SELinux labels?
Looks like "SELinux is preventing umount from 'getattr' accesses on the filesystem /." may contain reports of one of these AVC denials: https:/ /bugzilla. redhat. com/show_ bug.cgi? id=1597878
Would a run of `audit2allow` be sufficient to update the policy?
This is sufficient to cause AVC denials:
```bash
sudo dnf install -y snapd
```
... This causes quite a few more; which is tragically unfortunate.
```bash
snap install microk8s --classic
```
Is snap fundamentally incompatible with MAC: Mandatory Access Control systems like SELinux?
Or would it be necessary to require package authors to include SELinux labels?