Comment 0 for bug 2009317

isa~ lsb_release -rd
No LSB modules are available.
Description: Ubuntu Lunar Lobster (development branch)
Release: 23.04

Expected behavior:
==================
Installed snaps worked before do-release-upgrade, they should also work after.

Actual behavior:
==================
Snaps worked before do-release-upgrade, NONE work after. Printed warning is useless. Debugging requires secondary device. This should be a trivial fix (re-enable apparmor service at the end of do-release-upgrade).

isa~ firefox
snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks
Please make sure that the snapd.apparmor service is enabled and started.
isa~ systemctl status snapd.apparmor
● snapd.apparmor.service - Load AppArmor profiles managed internally by snapd
     Loaded: loaded (/lib/systemd/system/snapd.apparmor.service; enabled; preset: enabled)
     Active: active (exited) since Sun 2023-03-05 18:27:10 MST; 10min ago
   Main PID: 826 (code=exited, status=0/SUCCESS)
        CPU: 43.722s

Mar 05 18:27:10 isa systemd[1]: Finished Load AppArmor profiles managed internally by snapd.
Notice: journal has been rotated since unit was started, output may be incomplete.

It looks like during the release upgrade apparmor was disabled and needs to be re-enabled.

isa~ systemctl status apparmor
○ apparmor.service - Load AppArmor profiles
     Loaded: loaded (/lib/systemd/system/apparmor.service; disabled; preset: enabled)
     Active: inactive (dead)
       Docs: man:apparmor(7)
             https://gitlab.com/apparmor/apparmor/wikis/home/
isa~ systemctl start apparmor

Notes:
======
This is a reoccurring bug, I hit it when upgrading to Kinetic as well on the same device. This does NOT happen on all devices (my other device didn't hit this issue when upgrading Jammy->Kinetic->Lunar). This is a bad user experience - debugging requires a secondary device because Ubuntu browsers are snap-based.