The "classic" snap on Ubuntu Core spams apparmor warnings


I am part of a team developing a Ubuntu Core-based embedded product. So, we make heavy use of a full development environment in the “classic” snap. However, this logs apparmor messages at such a rate that systemd-journald nearly pegs a core, and the in-ram journal rotates every few minutes! Example:
Sep 01 16:49:38 bar8 audit[16421]: AVC apparmor=“ALLOWED” operation=“recvmsg” profile=“snap.classic.classic” pid=16421 comm=“ssh” laddr=::1 lport=45712 faddr=::1 fport=2222 family=“inet6” sock_type=“stream” protocol=6 requested_mask=“receive” denied_mask=“receive”
Sep 01 16:49:38 bar8 audit[19176]: AVC apparmor=“ALLOWED” operation=“sendmsg” profile=“snap.classic.classic” pid=19176 comm=“python” laddr= lport=43630 faddr= fport=43990 family=“inet” sock_type=“stream” protocol=6 requested_mask=“send” denied_mask=“send”

Basically, it appears that every send or receive of network traffic from any application in classic generates an apparmor warning. Our application is based on ROS, which involves heavy network traffic.

Would it help to rebuild the classic snap locally, declaring network related plug(s)? Other ideas?

sounds like

which was fixed with revision 24
(since classic is a --devmode snap you will have to refresh it manually, it will not auto-refresh)