It’s far enough into the initialisation that snappy-debug could prove useful. Could you please try sudo snap install snappy-debug, and then snap run snappy-debug in a second terminal, whilst running Bitwarden.
Hopefully it’ll help paint a clearer picture of what’s going on
= AppArmor =
Time: Jun 8 15:36:28
Log: apparmor="DENIED" operation="capable" class="cap" profile="snap.bitwarden.bitwarden" pid=2119433 comm="desktop-init.sh" capability=2 capname="dac_read_search"
Capability: dac_read_search
Suggestions:
* adjust program to not require 'CAP_DAC_READ_SEARCH' (see 'man 7 capabilities')
* add one of 'microstack-support, system-backup' to 'plugs'
* do nothing if program otherwise works properly
Here’s the full message, which has a lot of other snaps in there:
kernel.printk_ratelimit = 0
= AppArmor =
Time: Jun 8 15:36:28
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6221 comm="Utils" requested_mask="read" denied_mask="read" peer="unconfined"
Ptrace: peer=unconfined (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly
= AppArmor =
Time: Jun 8 15:36:28
Log: apparmor="DENIED" operation="open" class="file" profile="snap.discord.discord" name="/proc/4443/cmdline" pid=6221 comm="Utils" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /proc/4443/cmdline (read)
Suggestion:
* adjust program to not access '@{PROC}/@{pid}/cmdline'
= AppArmor =
Time: Jun 8 15:36:28
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6221 comm="Utils" requested_mask="read" denied_mask="read" peer="unconfined"
Ptrace: peer=unconfined (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly
= AppArmor =
Time: Jun 8 15:36:28
Log: apparmor="DENIED" operation="open" class="file" profile="snap.discord.discord" name="/proc/4710/cmdline" pid=6221 comm="Utils" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /proc/4710/cmdline (read)
Suggestion:
* adjust program to not access '@{PROC}/@{pid}/cmdline'
= AppArmor =
Time: Jun 8 15:36:28
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6221 comm="Utils" requested_mask="read" denied_mask="read" peer="unconfined"
Ptrace: peer=unconfined (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly
= AppArmor =
Time: Jun 8 15:36:28
Log: apparmor="DENIED" operation="open" class="file" profile="snap.discord.discord" name="/proc/4963/cmdline" pid=6221 comm="Utils" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /proc/4963/cmdline (read)
Suggestion:
* adjust program to not access '@{PROC}/@{pid}/cmdline'
= AppArmor =
Time: Jun 8 15:36:28
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6221 comm="Utils" requested_mask="read" denied_mask="read" peer="unconfined"
Ptrace: peer=unconfined (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly
= AppArmor =
Time: Jun 8 15:36:28
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6221 comm="Utils" requested_mask="read" denied_mask="read" peer="snap.firefox.firefox"
Ptrace: peer=snap.firefox.firefox (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly
= AppArmor =
Time: Jun 8 15:36:28
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6221 comm="Utils" requested_mask="read" denied_mask="read" peer="unconfined"
Ptrace: peer=unconfined (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly
= AppArmor =
Time: Jun 8 15:36:28
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6221 comm="Utils" requested_mask="read" denied_mask="read" peer="snap.firefox.firefox"
Ptrace: peer=snap.firefox.firefox (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly
= AppArmor =
Time: Jun 8 15:36:28
Log: apparmor="DENIED" operation="open" class="file" profile="snap.discord.discord" name="/proc/390731/cmdline" pid=6221 comm="Utils" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /proc/390731/cmdline (read)
Suggestion:
* adjust program to not access '@{PROC}/@{pid}/cmdline'
= AppArmor =
Time: Jun 8 15:36:28
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6221 comm="Utils" requested_mask="read" denied_mask="read" peer="unconfined"
Ptrace: peer=unconfined (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly
= AppArmor =
Time: Jun 8 15:36:28
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6221 comm="Utils" requested_mask="read" denied_mask="read" peer="snap.jellyfinmediaplayer.jellyfinmediaplayer"
Ptrace: peer=snap.jellyfinmediaplayer.jellyfinmediaplayer (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly
= AppArmor =
Time: Jun 8 15:36:28
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6221 comm="Utils" requested_mask="read" denied_mask="read" peer="snap.thunderbird.thunderbird"
Ptrace: peer=snap.thunderbird.thunderbird (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly
= AppArmor =
Time: Jun 8 15:36:28
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6221 comm="Utils" requested_mask="read" denied_mask="read" peer="unconfined"
Ptrace: peer=unconfined (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly
= AppArmor =
Time: Jun 8 15:36:28
Log: apparmor="DENIED" operation="capable" class="cap" profile="snap.bitwarden.bitwarden" pid=2119433 comm="desktop-init.sh" capability=2 capname="dac_read_search"
Capability: dac_read_search
Suggestions:
* adjust program to not require 'CAP_DAC_READ_SEARCH' (see 'man 7 capabilities')
* add one of 'microstack-support, system-backup' to 'plugs'
* do nothing if program otherwise works properly
= AppArmor =
Time: Jun 8 15:36:33
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6221 comm="Utils" requested_mask="read" denied_mask="read" peer="unconfined"
Ptrace: peer=unconfined (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly
= AppArmor =
Time: Jun 8 15:36:33
Log: apparmor="DENIED" operation="open" class="file" profile="snap.discord.discord" name="/proc/4443/cmdline" pid=6221 comm="Utils" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /proc/4443/cmdline (read)
Suggestion:
* adjust program to not access '@{PROC}/@{pid}/cmdline'
= AppArmor =
Time: Jun 8 15:36:33
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6221 comm="Utils" requested_mask="read" denied_mask="read" peer="unconfined"
Ptrace: peer=unconfined (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly
= AppArmor =
Time: Jun 8 15:36:33
Log: apparmor="DENIED" operation="open" class="file" profile="snap.discord.discord" name="/proc/4710/cmdline" pid=6221 comm="Utils" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /proc/4710/cmdline (read)
Suggestion:
* adjust program to not access '@{PROC}/@{pid}/cmdline'
= AppArmor =
Time: Jun 8 15:36:33
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6221 comm="Utils" requested_mask="read" denied_mask="read" peer="unconfined"
Ptrace: peer=unconfined (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly
= AppArmor =
Time: Jun 8 15:36:33
Log: apparmor="DENIED" operation="open" class="file" profile="snap.discord.discord" name="/proc/4963/cmdline" pid=6221 comm="Utils" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /proc/4963/cmdline (read)
Suggestion:
* adjust program to not access '@{PROC}/@{pid}/cmdline'
= AppArmor =
Time: Jun 8 15:36:33
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6221 comm="Utils" requested_mask="read" denied_mask="read" peer="unconfined"
Ptrace: peer=unconfined (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly
= AppArmor =
Time: Jun 8 15:36:33
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6221 comm="Utils" requested_mask="read" denied_mask="read" peer="snap.firefox.firefox"
Ptrace: peer=snap.firefox.firefox (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly
= AppArmor =
Time: Jun 8 15:36:33
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6221 comm="Utils" requested_mask="read" denied_mask="read" peer="unconfined"
Ptrace: peer=unconfined (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly
= AppArmor =
Time: Jun 8 15:36:33
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6221 comm="Utils" requested_mask="read" denied_mask="read" peer="snap.firefox.firefox"
Ptrace: peer=snap.firefox.firefox (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly
= AppArmor =
Time: Jun 8 15:36:33
Log: apparmor="DENIED" operation="open" class="file" profile="snap.discord.discord" name="/proc/390731/cmdline" pid=6221 comm="Utils" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /proc/390731/cmdline (read)
Suggestion:
* adjust program to not access '@{PROC}/@{pid}/cmdline'
= AppArmor =
Time: Jun 8 15:36:33
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6221 comm="Utils" requested_mask="read" denied_mask="read" peer="unconfined"
Ptrace: peer=unconfined (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly
= AppArmor =
Time: Jun 8 15:36:33
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6221 comm="Utils" requested_mask="read" denied_mask="read" peer="snap.jellyfinmediaplayer.jellyfinmediaplayer"
Ptrace: peer=snap.jellyfinmediaplayer.jellyfinmediaplayer (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly
= AppArmor =
Time: Jun 8 15:36:33
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6221 comm="Utils" requested_mask="read" denied_mask="read" peer="snap.thunderbird.thunderbird"
Ptrace: peer=snap.thunderbird.thunderbird (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly
= AppArmor =
Time: Jun 8 15:36:33
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6221 comm="Utils" requested_mask="read" denied_mask="read" peer="unconfined"
Ptrace: peer=unconfined (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:28" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:28 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:79" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:79 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c5:2" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c5:2 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:56" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:56 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:18" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:18 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:1" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:1 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:46" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:46 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:70" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:70 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:36" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:36 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:87" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:87 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:26" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:26 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:77" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:77 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:54" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:54 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:16" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:16 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:44" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:44 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:95" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:95 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c5:1" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c5:1 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:68" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:68 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:34" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:34 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:85" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:85 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:62" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:62 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:24" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:24 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:75" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:75 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:8" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:8 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:52" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:52 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:14" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:14 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:42" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:42 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:66" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:66 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:32" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:32 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
= AppArmor =
Time: Jun 8 15:36:35
Log: apparmor="DENIED" operation="open" class="file" profile="snap.jellyfinmediaplayer.jellyfinmediaplayer" name="/run/udev/data/c4:60" pid=2050201 comm="InputCEC" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/udev/data/c4:60 (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'hardware-observe' to 'plugs'
Did you removed the snap before using snap remove --purge? Also, try removing the $HOME/snap/bitwarden folder once again, even if you did purge the snap before. I tried in 24.04 and it was completely fine.
You should really mention tuxedo in the subject line when opening such threads. Given that tuxedo actively tries to prevent snap execution in their OS as you have shown in another (the zoom) thread, this information is kind of essential for the supporters…
I don’t think it’s Tuxedo, as I tested with standard KDE Neon just now:
Jun 10 20:46:58 Raven-Neon systemd[1512]: Started Bitwarden - Password Manager.
Jun 10 20:46:58 Raven-Neon systemd[1512]: Started snap.bitwarden.bitwarden-40a4110d-6e98-4ba7-bfcb-267458c5ddbe.scope.
Jun 10 20:47:13 Raven-Neon systemd[1512]: Started Bitwarden - Password Manager.
Jun 10 20:47:13 Raven-Neon systemd[1512]: Started snap.bitwarden.bitwarden-34dc2cfd-1874-4629-9d8d-1aa8f633972d.scope.
Well, again not some standard ubuntu, where does that kernel come from, does it use the ubuntu SAUCE security patches, does it have the correct configuration options enabled etc etc…
right, and snapd will simply not know about this if the kernel gets blindly replaced … so it can not cater for potential differences it does not know about … replacing a kernel with a completely unsupported one is actively breaking snap behavior …
But, I think we should work on this. We should make this format agnostic even to kernels. Why should we even rely something from the system? ( I know apparmor, but still, can’t we do anything is such cases?)
We already do for all known distros, snapd knows where the confinement has to be used in a degraded manner, but we can not easily protect against people installing random third party kernels from some website
This seems relevant here, do you have your Downloads/Documents/Music/etc folders symlinked to an external drive?
Try set those links up as a bind mount in /etc/fstab instead. If they’re symlinks, it could be that AppArmor is seeing their true path and blocking access.