Troubleshooting snapd, snap-confine and apparmor

I have spent days now trying to figure out how to get it right. Eventually following tutorials to purge remove snapd and apparmor and reinstall all after that. It is clear that in my derivative of ubuntu 20.04 I cannot get it to work without error messages. It is very disappointing. Especially since I have been following Ubuntu DE’s for years now, usually by trials in VM’s in Hyper-v.

My job. Being a sysadmin mostly on VMware, MS server and some Linux servers. The latter never configured for complicated environments like some small business servers and most desktop environments are in the world of media-creators.

November 2023. I thought I may be ready to completely go Linux. If only because my clients begin to ask me if it would be possible to use a more privacy friendly OS. So now I run Plasma KDE on a 20.04 ubuntu machine with mostly everything installed I had on my MS Windows 10. The last one still running from it’s original nvm drive now in a virt-manager vm.

In many occasions like now, I seriously wonder where the conviction of the Linux believers comes from how much better Linux is doing as an OS. Stripped from the fact that I have everything running on 180GB that used to run on 400GB of system install. Stripped from the fact my laptop is no longer constantly cooled by ventilators but often clearly ‘not busy’. Yet so many basic things unmanageable like policies. Probably because it works! (Until it doesn’t).

My main question: do I like in Windows OS, best practice turn off the notifications I get from AppArmor (aa-notify and the audit-log) if I want to get rid of all warnings? Should I only troubleshoot a ‘snappy’ if it fails to do something I need?

dbus warnings I should not get according to the forums because desktop and legacy-desktop are the actual route to take? I cannot spend another minute on this because my real work is piling up. I went this far to try and find out how things work. But getting a clear insight of what ‘policies’ are set seems to be impossible (unless I am very stupid and nobody noticed).

aa-logprof does not seem to find it’s way into the snap profiles so I can run it as often as i want, the most logging apps in my audit log either need re-coded profiles individually and I need to become a specialist. Or I can do what most Windows Server sysadmins do to stop reading warning logs. Turn off the logging.

What tools did I, Google and my ChatGPT miss to get everything to stop telling me it fails to do things? Snap has been the culprit of the AppArmor warnings left. Is there any developer who made the tools for Snap ti fix broken AppArmor profiles or at least give some better understanding as to what is going on?