Comment 3 for bug 1772097

I can confirm that adding mediate_deleted to the snaps and test profiles allows the access with no other denials or log entries. Using mediate_deleted means that while the standard open/unlink methodology for creating a tmp file and then passing the fd to the processes that need it continues to work, other processes will be able to poke around in /proc/pid/fd and obtain access to the deleted file (apparmor will require a ptrace rule for this access though, so in the case of snaps, they would only be able to access their own deleted files via /prof/pid/fd and continue not to have access to other snap's deleted files).