Comment 28 for bug 2023779

Created attachment 867632
/sbin/apparmor_parser -pq /var/lib/snapd/apparmor/profiles/snap.chromium.hook.configure

> uname -a
Linux localhost.localdomain 6.3.7-1-default #1 SMP PREEMPT_DYNAMIC Mon Jun 12 05:01:32 UTC 2023 (b5f9ff5) x86_64 x86_64 x86_64 GNU/Linux

On above system with apparmor 3.1.5-1.2, trying to install chromium as below fails.

> snap install chromium --channel=latest/candidate/hwacc
2023-06-16T19:12:57-04:00 INFO Waiting for automatic snapd restart...
error: cannot perform the following tasks:
- Run configure hook of "chromium" snap if present (run hook "configure":
-----
update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/share/doc /usr/share/doc none bind,ro 0 0): permission denied
update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/share/fonts /usr/share/fonts none bind,ro 0 0): permission denied
update.go:85: cannot change mount namespace according to change mount (/var/snap/cups/common/run /var/cups none bind,rw 0 0): permission denied
cannot update snap namespace: cannot create writable mimic over "/snap/chromium/2475": permission denied
snap-update-ns failed with code 1
-----)

On a related system with the same uname -a output, but with apparmoer 3.1.4-2.1 chromium installs and works fine. The attachment snap.chromium.hook.configure_profile_with_includes is from that system.