A snap, connected to the 'network-setup-control' interface can edit files in /etc/netplan/ but it is not able to execute 'netplan generate' command successfully.
A call to '/usr/sbin/netplan generate' fails with apparmor errors like this:
[ 529.034756] audit: type=1400 audit(1619611886.273:702): apparmor="DENIED" operation="exec" profile="snap.network-manager.networkmanager" name="/usr/lib/netplan/generate" pid=15227 comm="netplan" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Apr 28 12:13:55 foobar network-manager.networkmanager[2280]: PermissionError: [Errno 13] Permission denied: '/lib/netplan/generate
It looks like the Python wrapper for netplan (in /usr/sbin/netplan) is whitelisted, but the actual netplan generator (in /usr/lib/netplan/generate) is not.
A snap, connected to the 'network- setup-control' interface can edit files in /etc/netplan/ but it is not able to execute 'netplan generate' command successfully.
A call to '/usr/sbin/netplan generate' fails with apparmor errors like this: 6.273:702) : apparmor="DENIED" operation="exec" profile= "snap.network- manager. networkmanager" name="/ usr/lib/ netplan/ generate" pid=15227 comm="netplan" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 manager. networkmanager[ 2280]: PermissionError: [Errno 13] Permission denied: '/lib/netplan/ generate
[ 529.034756] audit: type=1400 audit(161961188
Apr 28 12:13:55 foobar network-
It looks like the Python wrapper for netplan (in /usr/sbin/netplan) is whitelisted, but the actual netplan generator (in /usr/lib/ netplan/ generate) is not.