Having 'snap install juju --classic' yesterday my logs are filled with Apparmor denials:
$ journalctl -o cat -b0 --grep snap.juju-db.daemon | grep -cF 'apparmor="DENIED"'
136138
Those are all about /proc/$PID/net/{netstat,snmp}:
$ journalctl -o cat -b0 --grep snap.juju-db.daemon | grep -F 'apparmor="DENIED"' | tail -n 4
audit: type=1400 audit(1620133548.999:75999): apparmor="DENIED" operation="open" namespace="root//lxd-juju-d24df9-0_<var-snap-lxd-common-lxd>" profile="snap.juju-db.daemon" name="/proc/3219/net/netstat" pid=1605657 comm="ftdc" requested_mask="r" denied_mask="r" fsuid=1000000 ouid=1000000
audit: type=1400 audit(1620133548.999:76000): apparmor="DENIED" operation="open" namespace="root//lxd-juju-d24df9-0_<var-snap-lxd-common-lxd>" profile="snap.juju-db.daemon" name="/proc/3219/net/snmp" pid=1605657 comm="ftdc" requested_mask="r" denied_mask="r" fsuid=1000000 ouid=1000000
AVC apparmor="DENIED" operation="open" namespace="root//lxd-juju-d24df9-0_<var-snap-lxd-common-lxd>" profile="snap.juju-db.daemon" name="/proc/3219/net/netstat" pid=1605657 comm="ftdc" requested_mask="r" denied_mask="r" fsuid=1000000 ouid=1000000
AVC apparmor="DENIED" operation="open" namespace="root//lxd-juju-d24df9-0_<var-snap-lxd-common-lxd>" profile="snap.juju-db.daemon" name="/proc/3219/net/snmp" pid=1605657 comm="ftdc" requested_mask="r" denied_mask="r" fsuid=1000000 ouid=1000000
Additional information:
$ snap info juju | grep installed
installed: 2.9.0 (16132) 99MB classic
$ lsb_release -rd
Description: Ubuntu 20.04.2 LTS
Release: 20.04
$ uname -a
Linux simon-lemur 5.8.0-50-generic #56~20.04.1-Ubuntu SMP Mon Apr 12 21:46:35 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
I'm marking this as incomplete, as I'm trying to reproduce this. I'm missing some information about how to trigger this (time element or deployment).
Can we get some information about what provider was bootstrapped (assuming localhost LXD, what version?) and the type of deployment that occurred. Additionally, was the journal logs captured on the controller machine?