Let’s look at a couple of these denials:
May 21 17:08:08 adam-thinkpad-t430 kernel: audit: type=1400 audit(1526918888.223:15262): apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/home/adam/.local/share/flatpak/exports/share/applications/" pid=11704 comm="xdg-mime" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
This isn’t allowed by any policy. It could in theory be added to desktop-legacy. @jamesh, thoughts?
May 21 17:08:08 adam-thinkpad-t430 audit[11748]: AVC apparmor="DENIED" operation="open" profile="snap.discord.discord" name="/var/lib/snapd/desktop/applications/0ad_play0ad.desktop" pid=11748 comm="grep" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
This is already allowed by the unity7 interface. Please connect the unity7 interface. I’ll take a todo to investigate this for desktop-legacy as well.
It looks like discord is shipping ‘xdg-mime’ and these denials are all coming from that. This is discussed here: Unable to set default mail client - x-scheme-handler in snap .desktop files are ignored