(In reply to Christian Boltz from comment #2)
> https://forum.snapcraft.io/t/apparmor-issue/35461 shows the following line
> from /var/log/audit/audit.log:
>
> type=AVC msg=audit(1685879595.481:528): apparmor="DENIED" operation="mount"
> class="mount" info="failed perms check" error=-13
> profile="/usr/lib/snapd/snap-confine" name="/tmp/snap.rootfs_uAIbsj/"
> pid=13661 comm="snap-confine" fstype="tmpfs" srcname="none"
>
> Can you please confirm that you get a similar line in your audit.log when
> snap fails?
> And in the log:
type=AVC msg=audit(1685966246.468:373): apparmor="DENIED" operation="mount" class="mount" info="failed perms check" error=-13 profile="/usr/libexec/snapd/snap-confine" name="/tmp/snap.rootfs_Z2gZo7/" pid=28351 comm="snap-confine" fstype="tmpfs" srcname="none"
>
> If I got the log message right, adding the following rule to the
> snap-confine profile should fix the problem:
>
> mount fstype=tmpfs -> /tmp/snap.rootfs_??????/,
(In reply to Christian Boltz from comment #2) /forum. snapcraft. io/t/apparmor- issue/35461 shows the following line audit/audit. log: 1685879595. 481:528) : apparmor="DENIED" operation="mount" "/usr/lib/ snapd/snap- confine" name="/ tmp/snap. rootfs_ uAIbsj/ "
> https:/
> from /var/log/
>
> type=AVC msg=audit(
> class="mount" info="failed perms check" error=-13
> profile=
> pid=13661 comm="snap-confine" fstype="tmpfs" srcname="none"
>
> Can you please confirm that you get a similar line in your audit.log when
> snap fails?
Yes, have the same:
> telegram-desktop rootfs_ Z2gZo7: Permission denied
cannot perform operation: mount -t tmpfs /tmp/snap.
> And in the log: 1685966246. 468:373) : apparmor="DENIED" operation="mount" class="mount" info="failed perms check" error=-13 profile= "/usr/libexec/ snapd/snap- confine" name="/ tmp/snap. rootfs_ Z2gZo7/ " pid=28351 comm="snap-confine" fstype="tmpfs" srcname="none"
type=AVC msg=audit(
> rootfs_ ??????/ ,
> If I got the log message right, adding the following rule to the
> snap-confine profile should fix the problem:
>
> mount fstype=tmpfs -> /tmp/snap.
Where to add this?