Comment 7 for bug 2052489

Note: snap now vendors apparmor so reinstalling/removing the system apparmor package with not affect snapd's use of apparmor.

You can temporarily (for the boot) disable apparmor in the grub command line by adding apparmor=0 to the kernel parameters.

From the logs the following adjustments need to be done to snap policy, after fixing these new denials may be encountered.

The firefox denial is weird, and I have to ask why is root trying to run firefox. The likely culprits are
/snap/snapd/20671/usr/lib/snapd/snap-confine and snap.snapd-desktop-integration.snapd-desktop-integration.

Can you try copying these profiles out of /var/lib/snapd/apparmor/profiles/ modifying them by putting flags=(complain) in the profile header, and then reloading them with sudo apparmor_parser -r profile.file. This will temporarily place these profiles in dev mode and if they are the source of the problem allow the graphics layer to come up.

profile snap-update-ns.firefox
   /usr/local/share/ r, # owner root, fsuid root

profile /snap/snapd/20671/usr/lib/snapd/snap-confine
   capability net_admin,
   capability perfmon,

profile snap.snapd-desktop-integration.snapd-desktop-integration
   /etc/gnutls/config r, # owner root, fsuid 1000
   /etc/gnutls/config r, # owner root, fsuid 1000