Hey @jdstrand thanks for the reply and the investigation.
Interestingly, if I add this to the policy (ie, no owner match):
then launching mailspring in the second terminal after window close works in that it doesn’t kill the first process, we see ‘Exiting because another instance of the app is already running.’ and a mailspring window pops up.
Ahh great! This totally makes sense. The code in that Chromium
ProcessSingleton class I referenced earlier implements the business logic around these files, and they’re intentionally killing the first process if it can’t open the socket file (I think the idea is that it’s become unresponsive). Resolving the AppArmor denial and allowing access to that file should definitely prevent the process from being killed.
Thanks for adding a workaround rule— that seems like a good solution for now and I’ll see if I can create a small reproduction snap (though a minimal Electron app still isn’t super minimal…)
How long will it take for the policy change to reach the stable channel? I’d love to ship the Mailspring snap (I’m actually getting a couple emails / tweets a day about it because I said it was coming soon on the website ) but I should probably wait until a fix for this is in the wild.