Comment 17 for bug 1967632

Thank you very much for documenting thoroughly your findings. These will be useful to design and implement a proper solution to the problem.

In the meantime, a couple of comments:

 - the apparmor profile will be overwritten every time the snap is updated, so you will have to re-apply the changes

 - /usr inside the snap is a bind-mount from /usr in the base snap, not on the host system, which explains why your addition of `/usr/lib/x86_64-linux-gnu/** rm,` to the apparmor profile doesn't work as you'd expect (see https://github.com/snapcore/snapd/pull/11025#issuecomment-1225787194 for details)