Comment 36 for bug 1991691

Philip so possibly snapd will need to add some new rules. This isn't a case of missing on older kernels but the new kernel requiring something more/new. I need to investigate the why more. There are three potential options I see

1. this is a regression in apparmor, around the handling of getattr. This is possible as there were changes in how permissions where handled. With that said apparmor does have regression tests around getattr that are passing so if this is the case that would indicate something is wrong in the tests.

2. The kernel could have added a new check, that is being surfaced by apparmor. This would mean adding new snapd rules.

3. Userspace libwrappers have some checks conditional on some kernel feature and the new kernel triggers this check leading to the new permission request.