Kevin, this is a host configuration issue, snapd does not actively monitor that part of the system but at the same time, it is not something that is disabled by default.
Whenever the kernel boots with apparmor enabled snapd requires apparmor profiles to be loaded. If this is not done so then it exits with a clear message about this. There are multiple reasons why profiles may not be loaded on a particular system so we cannot provide more advice. I did file https://bugs.launchpad.net/snapd/+bug/1806135 to track the dedicated issue of checking apparmor service is active (though it varies from OS to OS so it's not just that one service that needs to be verified). As such I am closing this instance of the problem (configuration on a specific host as invalid). I don't disagree about the desire to improve snapd to monitor apparmor services on the host but, as I explained above, this is tracked in the other bug. If you believe there is another issue at play then please do report it but reopening this bug is in my eyes, counterproductive. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1803476 Title: After reboot, snap-confine has elevated permissions and is not confined but should be To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1803476/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
