Bitwarden won't launch - permission denied on .last_revision

I changed the default location of my Documents directory, but it’s still doing this:

Jul 01 13:26:01 systemd[5118]: Started Bitwarden - Password Manager.
Jul 01 13:26:01 systemd[5118]: Started snap.bitwarden.bitwarden-f6e8630f-7b5d-493b-87de-096463963ce7.scope.
Jul 01 13:26:01 audit[8975]: AVC apparmor="DENIED" operation="open" class="file" profile="snap.bitwarden.bitwarden" name="/media/DATA/WDB4TB/yamiyuki/Documents/" pid=8975 comm="head" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Jul 01 13:26:01 audit[8978]: AVC apparmor="DENIED" operation="rmdir" class="file" profile="snap.bitwarden.bitwarden" name="/media/DATA/WDB4TB/yamiyuki/Documents/" pid=8978 comm="rmdir" requested_mask="d" denied_mask="d" fsuid=1000 ouid=1000

> cat .config/user-dirs.dirs 
XDG_DESKTOP_DIR="$HOME/Desktop"
XDG_DOCUMENTS_DIR="$HOME/Documents"
XDG_DOWNLOAD_DIR="/media/DATA/WDB4TB/yamiyuki/Downloads"
XDG_MUSIC_DIR="/home/DATA/WDB8TB/yamiyuki/Music/"
XDG_PICTURES_DIR="/media/DATA/WDB4TB/yamiyuki/Pictures"
XDG_PUBLICSHARE_DIR="/media/DATA/WDB4TB/yamiyuki/Public"
XDG_TEMPLATES_DIR="/media/DATA/WDB4TB/yamiyuki/Templates"
XDG_VIDEOS_DIR="/home/DATA/WDB8TB/yamiyuki/Videos/"

any potential consequences when I do this? Would it move my ~/snap to my HDD?

Edit: I checked the confinement, and it looks “right”, I think:

> snap debug confinement
strict

> snap debug sandbox-features
apparmor:             kernel:caps kernel:dbus kernel:domain kernel:domain:attach_conditions kernel:file kernel:io_uring kernel:ipc kernel:mount kernel:namespaces kernel:network kernel:network_v8 kernel:policy kernel:policy:unconfined_restrictions kernel:policy:versions kernel:ptrace kernel:query kernel:query:label kernel:rlimit kernel:signal parser:cap-audit-read parser:cap-bpf parser:include-if-exists parser:mqueue parser:qipcrtr-socket parser:unconfined parser:unsafe parser:xdp policy:default support-level:full
confinement-options:  classic devmode strict
dbus:                 mediated-bus-access
kmod:                 mediated-modprobe
mount:                layouts mount-namespace per-snap-persistency per-snap-profiles per-snap-updates per-snap-user-profiles stale-base-invalidation
seccomp:              bpf-actlog bpf-argument-filtering kernel:allow kernel:errno kernel:kill_process kernel:kill_thread kernel:log kernel:trace kernel:trap kernel:user_notif
udev:                 device-cgroup-v2 device-filtering tagging

Any way to just force AppArmor to disregard this:

Jul 27 16:32:05 audit[154085]: AVC apparmor="DENIED" operation="open" class="file" profile="snap.armcord.armcord" name="/media/DATA/WDB4TB/yamiyuki/Downloads/" pid=154085 comm="head" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Jul 27 16:32:05 audit[154090]: AVC apparmor="DENIED" operation="rmdir" class="file" profile="snap.armcord.armcord" name="/media/DATA/WDB4TB/yamiyuki/Downloads/" pid=154090 comm="rmdir" requested_mask="d" denied_mask="d" fsuid=1000 ouid=1000

Not even sure how it found that info when I’ve already override the default Documents, Downloads, etc.

FYI, I don’t wanna change the default home directory since it’s on the SSD, and I only want my documents, downloads, etc. to go to my HDDs.

I got it to launch.

I created a bind mount for the disks in /media/DATA to /home/DATA.

I moved it to /media/DATA originally because Steam Snap doesn’t seem to like it if I mount it in /home/DATA, but the inverse is also true for apps like Armcord and Bitwarden.

My fstab entry has this note LOL:

## Bind to bypass Snap AppArmor
/media/DATA     /home/DATA      none    rbind,nofail    0       0

Edit: forgot I did think of binding already months ago haha