> cat /etc/apparmor.d/tunables/home.d/ubuntu
> # This file is auto-generated. It is recommended you update it using:
> # $ sudo dpkg-reconfigure apparmor
> #
> # The following is a space-separated list of where additional user home
> # directories are stored, each must have a trailing '/'. Directories added
> # here are appended to @{HOMEDIRS}. See tunables/home for details.
> @{HOMEDIRS}+=/home/server/files/users/
What this in fact shows is that something is trying to access /home/server/files/ and is denied access. Do you perhaps have users who have a home directory of /home/server/files? Or, are there symlinks somewhere pointing to /home/server/files as the target? From your description of your setup, it is not expected that snaps are trying to access /home/server/files directly.
> cat /etc/apparmor. d/tunables/ home.d/ ubuntu +=/home/ server/ files/users/
> # This file is auto-generated. It is recommended you update it using:
> # $ sudo dpkg-reconfigure apparmor
> #
> # The following is a space-separated list of where additional user home
> # directories are stored, each must have a trailing '/'. Directories added
> # here are appended to @{HOMEDIRS}. See tunables/home for details.
> @{HOMEDIRS}
> sudo apparmor_parser -r /etc/apparmor. d/*snap- confine* snapd/apparmor/ profiles/ *
> sudo apparmor_parser -r /var/lib/
> Note the following seems to have stripped /users/ off the above
> directory:
> Nov 22 16:42:29 desktop kernel: [ 2875.968601] audit: type=1400 9.258:67) : apparmor="DENIED" operation="open" "/snap/ core/5897/ usr/lib/ snapd/snap- confine" home/server/ files/" pid=6254 comm="snap-confine"
> audit(154290134
> profile=
> name="/
> requested_mask="r" denied_mask="r" fsuid=5001 ouid=0
What this in fact shows is that something is trying to access /home/server/files/ and is denied access. Do you perhaps have users who have a home directory of /home/server/files? Or, are there symlinks somewhere pointing to /home/server/files as the target? From your description of your setup, it is not expected that snaps are trying to access /home/server/files directly.