Telegram snap fails to start

Suddenly, the telegram snap is not working for me anymore:

$ telegram-desktop 
cannot perform operation: mount --rbind /mnt /tmp/snap.rootfs_5jdjBi//mnt: Permission denied

These are the denials I see in dmesg:

[ 2539.315761] audit: type=1400 audit(1568098412.605:293): apparmor="DENIED" operation="mount" info="failed srcname match" error=-13 profile="/usr/lib/snapd/snap-confine" name="/tmp/snap.rootfs_hmvqx8/mnt/" pid=16061 comm="snap-confine" srcname="/mnt/" flags="rw, rbind"
[ 2541.399341] audit: type=1400 audit(1568098414.689:294): apparmor="DENIED" operation="mount" info="failed srcname match" error=-13 profile="/usr/lib/snapd/snap-confine" name="/tmp/snap.rootfs_HyS0Xh/mnt/" pid=16077 comm="snap-confine" srcname="/mnt/" flags="rw, rbind"

All plugs are connected:

$ snap connections telegram-desktop 
Interface              Plug                              Slot                            Notes
content[gtk-3-themes]  telegram-desktop:gtk-3-themes     gtk-common-themes:gtk-3-themes  -
content[icon-themes]   telegram-desktop:icon-themes      gtk-common-themes:icon-themes   -
content[sound-themes]  telegram-desktop:sound-themes     gtk-common-themes:sound-themes  -
desktop                telegram-desktop:desktop          :desktop                        -
desktop-legacy         telegram-desktop:desktop-legacy   :desktop-legacy                 -
gsettings              telegram-desktop:gsettings        :gsettings                      -
home                   telegram-desktop:home             :home                           -
network                telegram-desktop:network          :network                        -
network-bind           telegram-desktop:network-bind     :network-bind                   -
network-manager        telegram-desktop:network-manager  :network-manager                manual
pulseaudio             telegram-desktop:pulseaudio       :pulseaudio                     -
removable-media        telegram-desktop:removable-media  :removable-media                manual
unity7                 telegram-desktop:unity7           :unity7                         -

Edited to add debugging information:

$ ls -l /etc/apparmor.d/*snap-confine*
-rw-r--r-- 1 root root 22019 jul 11  2018 /etc/apparmor.d/snap.core.5001.usr.lib.snapd.snap-confine
-rw-r--r-- 1 root root 17342 sep 11  2017 /etc/apparmor.d/usr.lib.snapd.snap-confine
-rw-r--r-- 1 root root 23754 jul 12 10:40 /etc/apparmor.d/usr.lib.snapd.snap-confine.real

$ apt-cache policy snapd
snapd:
  Instalados: 2.40+18.04
  Candidato:  2.40+18.04
  Tabla de versión:
 *** 2.40+18.04 500
        500 http://es.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     2.37.4+18.04.1 500
        500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages
     2.32.5+18.04 500
        500 http://es.archive.ubuntu.com/ubuntu bionic/main amd64 Packages

snapd journal: https://paste.ubuntu.com/p/wHsRR4R2xD/
content of /etc/apparmor.d/usr.lib.snapd.snap-confine: https://paste.ubuntu.com/p/6vZtGYz8RH/

AIUI this was triggered by apparmor loading the osbolete usr.lib.snapd.snap-confine profile instead of the correct usr.lib.snapd.snap-confine.real profile. The first profile should be no longer on disk but for some reason it still is.

Thanks again for reporting this.

I spend quite a bit of time trying to reproduce various upgrade deb scenarios: 2.15,2.21,2.23,2.25,2.33,2.42. With various permutations (one by one, skip versions in the middle etc). I could not reproduce the leftover conffile. I wonder if this is maybe an artifact from running something like “make hack” while working on the snapd codebase? In any case I added some tweaks to the snapd postinst.

If anyone has hints how to reproduce with a combination of upgrade path versions I would be very grateful and will look into this again.

A fix for this is now part of the upcoming 2.42.1 release.