I recently had the problem that apparmor was blocking operations of a nextcloud snap installation (apparmor=“DENIED“ operation=“ptrace“ profile=“snap.nextcloud.nextcloud-cron“ pid=12828 comm=“ps“ requested_mask=“read“ denied_mask=“read“ peer=“unconfined“ and such)
aa-status showed that profiles exist for these „programs“ (snap.nextcloud.nextcloud-cron).
Fully disabling apparmor via systemctl stop apparmor ****naturally**** didn’t work (I’m a BIG FAN of programs pretending to do something and not doing anything…)
So, to disable a profile in apparmor you can use aa-disable. Buuut – aa-disable needs the program executable.
If you found the snap profiles for apparmor in /var/lib/snapd/apparmor/profiles/ (Congratulations! I wouldn’t have expected them there…) you can feed them to aa-disable:aa-disable -d /var/lib/snapd/apparmor/profiles/ snap.nextcloud.nextcloud-cron
Buuut – that doesn’t work.
Other program profiles lie under /etc/apparmor.d/ and you can stop them via that method. But not under /var/lib/snapd/apparmor/profiles/
What you need to do (Attention! That’s a hack but seems to work…)
ln -s /etc/apparmor.d/tunables /var/lib/snapd/apparmor/profiles/
ln -s /etc/apparmor.d/abstractions /var/lib/snapd/apparmor/profiles/
Did I mention that I’m not a big fan of snaps and systemd…?