this seems to have slightly regressed in apparmor in UC20.
i’m trying to package an electron app as wayland kiosk app for Ubuntu Core, unlike with X11, electron needs a dbus session wrapped around it in this setup.
following the above tutorial and using dbus-run-session from a command-chain script works well but triggers an apparmor denial in the logs:
audit: type=1400 audit(1632401841.953:1625): apparmor="DENIED" operation="open" profile="snap.electron-kiosk-uc20.electron-kiosk-uc20" name="/sys/kernel/security/apparmor/features/dbus/mask" pid=105392 comm="dbus-daemon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
this does not seem to cause any issues but it would be nice if we could somehow quieten it … @alexmurray any idea what we could do here ?