[08:50] <mup> PR snapd#12577 closed: o/snapstate: create pre-dl task even if one is in DoneStatus <Simple 😃> <Created by MiguelPires> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/12577>
[10:05] <mup> PR snapd#12606 opened: tests: add test for snap-update-ns freezing processes <Created by valentindavid> <https://github.com/snapcore/snapd/pull/12606>
[15:36] <mup> PR pc-gadget#81 closed: Remove ubuntu-boot and replace with a simpler mbr <Created by valentindavid> <Merged by alfonsosanchezbeato> <https://github.com/snapcore/pc-gadget/pull/81>
[17:42] <mup> PR snapd#12607 opened: configcore: allow to run core configuration on classic via env <Needs Documentation -auto-> <Created by mvo5> <https://github.com/snapcore/snapd/pull/12607>
[21:18] <mup> PR snapd#12588 closed: tests: fix prepare task for arch linux <Simple 😃> <Test Robustness> <Flaky Test> <Created by sergiocazzolato> <Merged by sergiocazzolato> <https://github.com/snapcore/snapd/pull/12588>
[22:11] <micchickenburger> Hello, I'm wondering if anyone would be able to help me with some AppArmor issues.  Specifically, I have a Ruby on Rails project that uses a gem called Grover, which is essentially just a wrapper for the Puppeteer NodeJS package.  Puppeteer launches chromium.  Since I am running Ubuntu Focal on arm64, there are no precompiled binaries it can
[22:11] <micchickenburger> download, so I am using a system-installed chromium instead.  Both Ruby and Chromium are installed via snap.  NodeJS was installed using apt-get.
[22:11] <micchickenburger> Here are the AppArmor audit logs that appear when Grover launches a node process that launches Chromium:
[22:11] <micchickenburger> ```
[22:11] <micchickenburger> Feb 28 22:01:12 ip-10-0-20-196 kernel: [76184.205399] audit: type=1400 audit(1677621672.947:331): apparmor="DENIED" operation="file_inherit" profile="/snap/snapd/18363/usr/lib/snapd/snap-confine" pid=5319 comm="snap-confine" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none
[22:11] <micchickenburger> Feb 28 22:01:12 ip-10-0-20-196 kernel: [76184.205408] audit: type=1400 audit(1677621672.947:332): apparmor="DENIED" operation="file_inherit" profile="/snap/snapd/18363/usr/lib/snapd/snap-confine" pid=5319 comm="snap-confine" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none
[22:11] <micchickenburger> Feb 28 22:01:12 ip-10-0-20-196 kernel: [76184.207757] audit: type=1400 audit(1677621672.947:333): apparmor="DENIED" operation="signal" profile="/snap/snapd/18363/usr/lib/snapd/snap-confine" pid=5311 comm="node" requested_mask="receive" denied_mask="receive" signal=exists peer="snap.ruby.bundle"
[22:11] <micchickenburger> Feb 28 22:01:12 ip-10-0-20-196 kernel: [76184.211194] audit: type=1400 audit(1677621672.951:334): apparmor="DENIED" operation="file_inherit" profile="snap-update-ns.chromium" name="/apparmor/.null" pid=5337 comm="5" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
[22:11] <micchickenburger> Feb 28 22:01:12 ip-10-0-20-196 kernel: [76184.211201] audit: type=1400 audit(1677621672.951:335): apparmor="DENIED" operation="file_inherit" profile="snap-update-ns.chromium" name="/apparmor/.null" pid=5337 comm="5" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
[22:11] <micchickenburger> Feb 28 22:01:12 ip-10-0-20-196 kernel: [76184.215682] audit: type=1400 audit(1677621672.955:336): apparmor="DENIED" operation="file_inherit" profile="snap.chromium.chromium" name="/apparmor/.null" pid=5319 comm="snap-exec" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=0
[22:11] <micchickenburger> Feb 28 22:01:12 ip-10-0-20-196 kernel: [76184.215688] audit: type=1400 audit(1677621672.955:337): apparmor="DENIED" operation="file_inherit" profile="snap.chromium.chromium" name="/apparmor/.null" pid=5319 comm="snap-exec" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=0
[22:11] <micchickenburger> Feb 28 22:01:13 ip-10-0-20-196 kernel: [76184.401079] audit: type=1400 audit(1677621673.139:338): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/etc/vulkan/implicit_layer.d/" pid=5399 comm="chrome" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[22:11] <micchickenburger> Feb 28 22:01:13 ip-10-0-20-196 kernel: [76184.401131] audit: type=1400 audit(1677621673.139:339): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/etc/vulkan/implicit_layer.d/" pid=5399 comm="chrome" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[22:11] <micchickenburger> Feb 28 22:01:13 ip-10-0-20-196 kernel: [76184.405952] audit: type=1400 audit(1677621673.147:340): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/etc/vulkan/implicit_layer.d/" pid=5399 comm="chrome" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[22:11] <micchickenburger> ```
[22:12] <micchickenburger> I tried to add the AppArmor rules via these instructions, but they don't seem to be taking effect:  https://snapcraft.io/docs/debug-snaps#heading--apparmor
[22:15] <micchickenburger> For example, in /var/lib/snapd/apparmor/profiles/snap.chromium.chromium I added these lines:
[22:15] <micchickenburger> ```
[22:15] <micchickenburger> # ...
[22:15] <micchickenburger> }
[22:15] <micchickenburger> ```
[22:16] <micchickenburger> and in /var/lib/snapd/apparmor/profiles/snap.ruby.bundle I added these lines:
[22:16] <micchickenburger> ```
[22:16] <micchickenburger> # ...
[22:16] <micchickenburger> signal (send, receive) peer=node,
[22:16] <micchickenburger> }
[22:16] <micchickenburger> ```
[22:16] <micchickenburger> Then, I executed the `sudo apparmor_parser -r` command to both of these paths.  But the errors persist.  Any help would be immensely appreciated; I've been stuck on this issue for two days.