Snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks

Question

I have been using snap for some time but after a recent upgrade, I get this error when I try opening any application

Snap-confine has elevated permissions and is not confined but should be.
Refusing to continue to avoid permission escalation attacks

I have tried various fixes but it keeps getting worse. Any idea on what I should do?

I also tried sudo apt purge snapd snap-confine && sudo apt install -y snapd but when I try opening pycharm-community, it doesn't do anything.

Answer 1

sudo apparmor_parser -r /etc/apparmor.d/*snap-confine*
sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap-confine*

Fixes it. No restart required.

Answer 2

This worked for me

service snapd.apparmor start 

(It needs the root.)

Answer 3

sudo systemctl start apparmor 
sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/*

Answer 4

systemctl enable --now apparmor.service    
systemctl enable --now snapd.apparmor.service

from here

Answer 5

In my case it was caused by a bad AppArmor profile being present and loaded in complain (or enforce?) mode in

/etc/apparmor.d/usr.bin.snap

This apparently lead to snap not being able to determine the number of the snap and therefor caused a bad profile to be added to AppArmor.

"aa-status" outputed lines such as:

/usr/bin/snap//null-/usr/lib/snapd/snap-confine

for being in enforce mode

I moved that file (/etc/apparmor.d/usr.bin.snap) to my home directory, ran "sudo aa-remove-unknown" and "sudo systemctl restart apparmor" after which everything was back to normal.

However I don't know the origins of /etc/apparmor.d/usr.bin.snap so keep in mind that there might be something wrong with the system.

Answer 6

I had the same problem when using snap to run scrcpy. I tried this suggestion first and it worked:

sudo snap refresh

(This suggestion found at https://github.com/canonical/microk8s/issues/249)