Comment 18 for bug 1967632

This maybe the biggest problem:
"- /usr inside the snap is a bind-mount from /usr in the base snap, not on the host system, which explains why your addition of `/usr/lib/x86_64-linux-gnu/** rm,` to the apparmor profile doesn't work as you'd expect (see https://github.com/snapcore/snapd/pull/11025#issuecomment-1225787194 for details)"

Are both of you saying that the location of the PKCS11 module makes a difference?
And if the normal location is in /usr/lib/x86_64-linux-gnu is part of the FF snap package and
their is no way to include files from the local system's /usr/lib/x86_64-linux-gnu.
So is that what the copying to the /usr/run/<uid>/doc is trying to overcome?

There are many PKCS11 modules out there, some provided by smartcard vendors and not part of a distro.
OpenSC is distributed Ubuntu and most other distros. How will you handle these other modules?

What package has the /usr/lib/bit4id/libbit4xpki.so?

can you run "ldd /usr/lib/bit4id/libbit4xpki.so" to see what other libs are required?
Does it use a socket to pcscd?

Is it possible some other libs must also be included?

Can you try to install opensc-pkcs11 (which also installs opensc) to your system and see you can get FF to load it?

opensc-pkcs11-0.22.0-1ubuntu2 installs opensc-pkcs11.so in two places: /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so and /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so (which is were p11-kit would load it)
and depends on libopensc.so.8 and /usr/lib/x86_64-linux-gnu/libcrypto.so.3 from libssl3-3.0.2-0ubuntu1.6

 $ ls -l /usr/lib/x86_64-linux-gnu/*opensc*
lrwxrwxrwx 1 root root 18 Mar 10 11:00 /usr/lib/x86_64-linux-gnu/libopensc.so.8 -> libopensc.so.8.0.0
-rw-r--r-- 1 root root 2040208 Mar 10 11:00 /usr/lib/x86_64-linux-gnu/libopensc.so.8.0.0
-rw-r--r-- 1 root root 234704 Mar 10 11:00 /usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so
-rw-r--r-- 1 root root 234704 Mar 10 11:00 /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
$ ldd /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
 linux-vdso.so.1 (0x00007ffcbbdfe000)
 libopensc.so.8 => /lib/x86_64-linux-gnu/libopensc.so.8 (0x00007efd3cd14000)
 libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3 (0x00007efd3c8d2000)
 libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007efd3c6aa000)
 libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007efd3c68e000)
 libgio-2.0.so.0 => /lib/x86_64-linux-gnu/libgio-2.0.so.0 (0x00007efd3c4b6000)
 libgobject-2.0.so.0 => /lib/x86_64-linux-gnu/libgobject-2.0.so.0 (0x00007efd3c456000)
 /lib64/ld-linux-x86-64.so.2 (0x00007efd3cf58000)
 libglib-2.0.so.0 => /lib/x86_64-linux-gnu/libglib-2.0.so.0 (0x00007efd3c31a000)
 libgmodule-2.0.so.0 => /lib/x86_64-linux-gnu/libgmodule-2.0.so.0 (0x00007efd3c313000)
 libmount.so.1 => /lib/x86_64-linux-gnu/libmount.so.1 (0x00007efd3c2cf000)
 libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1 (0x00007efd3c2a3000)
 libffi.so.8 => /lib/x86_64-linux-gnu/libffi.so.8 (0x00007efd3c296000)
 libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 (0x00007efd3c21e000)
 libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007efd3c137000)
 libblkid.so.1 => /lib/x86_64-linux-gnu/libblkid.so.1 (0x00007efd3c100000)
 libpcre2-8.so.0 => /lib/x86_64-linux-gnu/libpcre2-8.so.0 (0x00007efd3c069000)