I was running the emoj snap on x86_64 and I got this
lip 20 14:17:55 fyke kernel: audit: type=1400 audit(1500553075.963:253): apparmor="DENIED" operation="capable" profile="/snap/core/2445/usr/lib/snapd/snap-confine" pid=10030 comm="snap-confine" capability=4 capname="fsetid"
The odd thing is that:
I’m opening this thread in case someone has the same error and googles for it.
Original summary:
apparmor=“DENIED” operation=“capable” … comm=“snap-confine” capability=4 capname=“fsetid”
Let’s please try to have short readable summaries that clearly hint at what’s inside the topic. Having the original error message so people can search is a good thing, but searching also looks into the content of the topic.
The denial is harmless and caused by the chmod() in sc_quirk_create_writable_mimic(). Please see https://github.com/snapcore/snapd/pull/3634 for details.
FYI, this will be fixed in 2.27.
Same error for me, but with a snapd version definitely newer (2.45.3.1).
Can be reproduced with tcpdump-snap snap, see here:
FYI, this was fixed for a while but a code refactor in snap-confine reintroduced it. The denial is just noise and shouldn’t affect the functionality of your snap though. The issue is being tracked and will be fixed in a future release of snapd.
Thanks @jdstrand, unfortunately the functionality of my snap is affected:
sudo /snap/bin/tcpdump-snap.tcpdump tcpdump: Can't open netlink socket: Operation not permitted
The only way I have found so far to make it working is installing the snap in --devmode.
Not sure if there’s another issue underneath, due to the fact that tcpdump is most likely trying to access the network interface in promiscuous mode?
you should really open a fresh thread for this one … 
Please disregards my previous post. I figured out that the error reported has no relation with fsetid for snap-confine. @jdstrand, the functionality of my snap is not impacted, so it is fine for me.
