AppArmor policy error for networking at initialization, even with the correct network plug.

The webbrowser-app snap is affected too.

Perhaps this is a harmless and intended denial?

Note that for creating the ubuntu-ui-toolkit-examples snap you need to have the overlay PPA enabled (as explained on https://developer.ubuntu.com/en/blog/2016/11/16/snapping-qt-apps/ ). To skip the 'snapcraft' step in testing, I attach the snap file.

This denial involves DBUS traffic. Network or network-bind interfaces don't affect that. You need a dedicated interface or one of the network-* interfaces needs to be enhanced to allow inspecting some of the network manager properties. At this time I'm not sure if all the properties are safe to get for an unprivileged process using the common "network" interface.

You need to 'plugs: [ network-manager ]' in addition to 'network'. As Zygmunt alluded to, in general the network-manager plug is very privileged and should be avoided by regular apps, such as those for Ubuntu Personal and using the ubuntu-ui-toolkit. Instead, use the upcoming connectivity api interfaces that are part of the work for moving Ubuntu Touch to Ubuntu Personal.

Since this is not a bug in snapd, I'm going to close it. If you feel this is in error, please re-open.

In the case of the UITK 'jokes' example, it simply downloads a joke from http://api.icndb.com/jokes/random?limitTo=[nerdy,explicit] in QML code using XMLHttpRequest. I don't see why that would need access to the network-manager interface. Is this a bug in Qt?

So the bug is invalid because I need to use [network-manager], which I should not use because it is too privileged. It is better to use the connectivity api interfaces that do not exist yet. I am confused.

I'm getting the same AppArmor errors on startup of Quassel (quassel-kalikiana). Presumably this qualifies as a "regular app" so I shouldn't be using network-manager? But not sure what I should be doing from the comments here either.

Probably related to bug 1404188.