Comment 47 for bug 2023779

(In reply to Christian Boltz from comment #39)
> (In reply to Aleksey Kontsevich from comment #38)
> > > sudo systemctl restart apparmor.service
> >
> > did not helped for some reason, so forced to restart PC.
>
> Wild guess: The snap profiles live in /var/lib/snapd/apparmor/profiles/,
> right?
>
> "systemctl restart apparmor" will only reload the profiles in
> /etc/apparmor.d/, so you'll need to somehow force snap to reload the
> profile. Of course, rebooting is a way to do this, but maybe
> apparmor_parser -r /var/lib/snapd/apparmor/profiles/
> is less annoying ;-)
> (I don't use snap, therefore i don't know if there is a more "official"
> method to force a reload of its AppArmor profiles.)

there isn't because an official way, ideally users shouldn't be tweaking/changing the snap generated profiles. You can try restarting the snapd.apparmor.service but afaik that will still run into the cached profiles (ie. not rebuilding the cache, and just using that instead) problem.

That could be worked around by manually deleting the profile cache, and then restarting the service.

With the newest versions of snapd vendoring apparmor, it might even be required to use the snapd.apparmor service because snap profiles might have policy rules that the system parser doesn't understand.