Comment 5 for bug 2023779

(In reply to Christian Boltz from comment #2)
> https://forum.snapcraft.io/t/apparmor-issue/35461 shows the following line
> from /var/log/audit/audit.log:
>
> type=AVC msg=audit(1685879595.481:528): apparmor="DENIED" operation="mount"
> class="mount" info="failed perms check" error=-13
> profile="/usr/lib/snapd/snap-confine" name="/tmp/snap.rootfs_uAIbsj/"
> pid=13661 comm="snap-confine" fstype="tmpfs" srcname="none"
>
> Can you please confirm that you get a similar line in your audit.log when
> snap fails?

Yes, have the same:

> telegram-desktop
cannot perform operation: mount -t tmpfs /tmp/snap.rootfs_Z2gZo7: Permission denied

> And in the log:
type=AVC msg=audit(1685966246.468:373): apparmor="DENIED" operation="mount" class="mount" info="failed perms check" error=-13 profile="/usr/libexec/snapd/snap-confine" name="/tmp/snap.rootfs_Z2gZo7/" pid=28351 comm="snap-confine" fstype="tmpfs" srcname="none"

>
> If I got the log message right, adding the following rule to the
> snap-confine profile should fix the problem:
>
> mount fstype=tmpfs -> /tmp/snap.rootfs_??????/,

Where to add this?