http://bugzilla.opensuse.org/show_bug.cgi?id=1205151
http://bugzilla.opensuse.org/show_bug.cgi?id=1205151#c2
--- Comment #2 from Schaukelstuhl ---
The problem is the default "file context" configuration of selinux-policy.
It says (`semanage fcontext -l | grep snapperd_data_t`):
/\.snapshots(/.*)? all files
system_u:object_r:snapperd_data_t:s0
/etc/\.snapshots(/.*)? all files
system_u:object_r:snapperd_data_t:s0
/home/(.*/)?\.snapshots(/.*)? all files
system_u:object_r:snapperd_data_t:s0
/mnt/(.*/)?\.snapshots(/.*)? all files
system_u:object_r:snapperd_data_t:s0
/usr/\.snapshots(/.*)? all files
system_u:object_r:snapperd_data_t:s0
/var/\.snapshots(/.*)? all files
system_u:object_r:snapperd_data_t:s0
To be able to create snapshots anywhere the following rule would be enough:
(.*/)?\.snapshots(/.*)? all files
system_u:object_r:snapperd_data_t:s0
If the maintainer don't want to allow that, it would be great, to allow at
least snapshots of /home/ by default:
/home/\.snapshots(/.*)? all files
system_u:object_r:snapperd_data_t:s0
It would be great if that gets patched. (I would do it myself, when someone
describes to me, where and how to create a pull request - didn't find it on
GitHub)
===================
CURRENT WORKAROUND:
Adding SELinux File Context Rule to allow snapper creating .snapshots directory
everywhere:
# semanage fcontext -a -t snapperd_data_t '(.*/)?\.snapshots(/.*)?'
And applying it to /home/.snapshots/:
# restorecon -R -v /home/.snapshots/
--
You are receiving this mail because:
You are on the CC list for the bug.
