If you are admin of your system, you can manually replace snap profiles. But there are some caveats in that snapd doesn't really want this. It manages its profiles, dynamically regenerates and replaces them etc.
You are correct that the tooling doesn't work here. It expects the abstractions to be in the same directory as the profile, which snapd profiles dir doesn't do. I put this as a wish list as its a feature development request to make the tooling support abstractions in a different location than the profile. ** Changed in: apparmor (Ubuntu) Importance: Undecided => Wishlist -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2057943 Title: Can't disable or modify snap package apparmor rules Status in apparmor package in Ubuntu: New Bug description: On Ubuntu 20.04 (and probably 22.04 and greater), it is impossible to disable snap chromium apparmor rules: root@{HOSTNAME}:~# aa-complain snap.chromium.hook.configure Can't find chromium.hook.configure in the system path list. If the name of the application is correct, please run 'which snap.chromium.hook.configure' as a user with correct PATH environment set up in order to find the fully-qualified path and use the full path as parameter. root@{HOSTNAME}:~# aa-complain snap.chromium.chromedriver -d /var/lib/snapd/apparmor/profiles ERROR: Include file /var/lib/snapd/apparmor/profiles/tunables/global not found root@{HOSTNAME}:~# aa-complain snap.chromium.chromium -d /var/lib/snapd/apparmor/profiles ERROR: Include file /var/lib/snapd/apparmor/profiles/tunables/global not found root@{HOSTNAME}:~# aa-complain snap.chromium.hook.configure -d /var/lib/snapd/apparmor/profiles ERROR: Include file /var/lib/snapd/apparmor/profiles/tunables/global not found It seems like no one has an answer on how these overly restricted rules can be disabled: https://askubuntu.com/questions/1267980/how-to-disable-apparmor-for-chromium-snap-ubuntu-20-04 https://ubuntuforums.org/showthread.php?t=2410550 https://ubuntuforums.org/showthread.php?t=2449022 https://answers.launchpad.net/ubuntu/+source/apparmor/+question/701036 So I just got rid of apparmor which doesn't seem like the solution I was after, but it works great now: sudo systemctl stop apparmor sudo systemctl disable apparmor Please give us a way to modify (and keep the rules permanently modified even after snap updates) snap apparmor rules. Thank you! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2057943/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
