This is the denial that is causing trouble. This access is currently allowed in networkManagerConnectedSlotAppArmor via this rule:
# Allow traffic to/from our DBus path
dbus (receive, send)
bus=system
path=/org/freedesktop/NetworkManager{,/**}
peer=(label=###PLUG_SECURITY_TAGS###),
Can you look to see if this rule is in /var/lib/snapd/apparmor/profiles/snap.network-manager.networkmanager:
# Allow traffic to/from our DBus path
dbus (receive, send)
bus=system
path=/org/freedesktop/NetworkManager{,/**}
peer=(label="snap.machineshop-edge.service"),
I suspect that at the time of access the security policy doesn’t contain this rule. This could be a result of nmcli running before you have manually connected the interfaces. Can you verify that the interfaces are connected with ‘snap interfaces’ and then run nmcli (and report any security policy denials).
If the interfaces show they are connected but the above rule isn’t in your policy, then that would indicate there is a bug in the interface connection code.