Some snaps stops working if you have symlinks in your home folder

I've reproduced this with beekeeper-studio. Running beekeeper-studio with snap run --strace shows this right before it exits (Music is a symlink to /mnt/foo directory owned by me):

[pid 4540] stat("/home/pawel/Music/", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
[pid 4540] lstat("/home/pawel/Music/test", {st_mode=S_IFREG|0664, st_size=0, ...}) = 0
[pid 4540] lstat("/home/pawel/Music/test", {st_mode=S_IFREG|0664, st_size=0, ...}) = 0
(... omitted irrelevant traces ...)
[pid 4540] write(2, "mv: ", 4) = 4
[pid 4540] write(2, "'/home/pawel/Music/test' and '/h"..., 71) = 71
[pid 4540] write(2, "\n", 1) = 1
[pid 4540] lseek(0, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek)

There are NO apparmor denials related to accessing these directories (journalctl|grep DENIED).

I've quickly created a simple test snap that has home and removable-media plugs and as long as they are connected, my snap is able to access /mnt/foo via Music symlink, and create a file there with no issues.

Do you know any other snap having similar problem?

The --devmode effectively disables the sandboxing, so yes it hides many issues. It should only be used be developers and not by end users of snaps.

Bitwarden also seems to suffer from the same issue. Installed from https://snapcraft.io/bitwarden

[Expired for snapd because there has been no activity for 60 days.]

Change the status to new as this seems to still be a thing, but no progress have been made on it.

I can reproduce the problem, and observe the following denials:

[ 3731.214312] audit: type=1400 audit(1612425557.581:616): apparmor="DENIED" operation="open" profile="snap.beekeeper-studio.beekeeper-studio" name="/mnt/data/maciek/Music/" pid=12944 comm="head" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[ 3731.310177] audit: type=1400 audit(1612425557.678:617): apparmor="DENIED" operation="rmdir" profile="snap.beekeeper-studio.beekeeper-studio" name="/mnt/data/maciek/Music/" pid=12950 comm="rmdir" requested_mask="d" denied_mask="d" fsuid=1000 ouid=1000

And there's a corresponding rmdir() = -EACCESS in strace output. I have no clue why beekeeper-studio tries to remove those locations, but it seems to attepmt that on each run.

The denials is expected, as /mnt and /media are considered removable media locations, and you need to explicitly allow access to that location for the beekeeper-studio studio. Running `snap connect beekeeper-studio:removable-media` should do the trick

Once AppArmor prompting is available at some point in the future, perhaps there will be a dialog box shown when this happens. However, right now you can either connect the plug manually as I've suggested, or look for a permissions switch in the snap store section with installed snaps.

Even if I do a `snap connect beekeeper-studio:removable-media` I still can't start beekeeper studio.

And the same thing goes for Bitwarden, if you have symlinks as described in the ticket Bitwarden stops working as well.

Thus, I do not agree that this bug is invalid.

I can't reproduce that, beekeeper-studio works for me, same for bitwarden. I'm not a user of those applications, so I cannot say with all certainty that they function as expected, but FWIW a window is shown for each of them.

Can you run: snap run --strace='--raw -vf -s 256' beekeper-studio and attach the last ~100 or so lines? Also please attach the output of dmesg.

Attacking Beekeeper log, it now actually starts.

Bitwarden however, still does not work, and I can't connect it with external storage as with Beekeeper.

[Expired for snapd because there has been no activity for 60 days.]

Hi, could you please reproduce the error and include the output of these 2 commands?:
# dmesg
# journaclt -u snapd

[Expired for snapd because there has been no activity for 60 days.]