Snap refresh breaks /proc/PID/exe link


I’ve been seeing an issue where a snap refresh will break the exe link in /proc/PID.

Specifically, my chromium process, which normally has exe linked to /snap/chromium/2529/usr/lib/chromium-browser/chrome will become linked to /lib/chromim-browser/chrome. When this happens, I start to see these logs (snappy-debug output below) when trying to do things like access the camera (which fails):

= AppArmor =
Time: Jul 17 20:38:25
Log: apparmor="DENIED" operation="exec" profile="snap.chromium.chromium" name="/usr/lib/chromium-browser/chrome" pid=4060732 comm="ThreadPoolSingl" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
File: /usr/lib/chromium-browser/chrome (exec)
* adjust snap to ship 'chrome'
* adjust program to use relative paths if the snap already ships 'chrome'

I first noticed it when snapd refreshed cups on 7/14/23. I’ve been able to occasionally reproduce by reverting and/or refreshing cups manually, although it seems to happen at times when I’d say the chromium process has been “less active” (not accessing cameras, etc.) for a while. When I am able to reproduce, the link seems to break while the output message is along the lines of “refreshing cups security profiles…”

Snap info:

$ snap --version
snap    2.59.5
snapd   2.59.5
series  16
ubuntu  22.04
kernel  5.15.0-67-lowlatency

Any suggestions or information are helpful, thanks!