Comment 2 for bug 2069941

We have discovered this is due to the fact the command being run is writing to a file directly and strict confinement of snaps not able to write the file is the problem. We were able to reproduce the problem with the following python snippet

from subprocess import Popen, PIPE, STDOUT
command = ['timeout', '300s', 'maas', 'status']
file = open("my_file", mode="w+")
p = Popen(command,shell=False,stdout=file,stderr=STDOUT,bufsize=-1,close_fds=True)
p.wait(300)
print(p.returncode)
print(file.readlines())
file.close()

logs from the reporter

Jun 20 17:54:39 cyberfarm kernel: [1077437.438930] audit: type=1400 audit(1718895279.617:227878): apparmor="DENIED" operation="file_inherit" class="file" namespace="root//lxd-maas_<var-snap-lxd-common-lxd>" profile="/snap/snapd/21759/usr/lib/snapd/snap-confine" name="/tmp/sos/my_file" pid=3168174 comm="snap-confine" requested_mask="wr" denied_mask="wr" fsuid=1000000 ouid=1000000
Jun 20 17:54:39 cyberfarm kernel: [1077437.438938] audit: type=1400 audit(1718895279.617:227879): apparmor="DENIED" operation="file_inherit" class="file" namespace="root//lxd-maas_<var-snap-lxd-common-lxd>" profile="/snap/snapd/21759/usr/lib/snapd/snap-confine" name="/tmp/sos/my_file" pid=3168174 comm="snap-confine" requested_mask="wr" denied_mask="wr" fsuid=1000000 ouid=1000000