I made an unfortunate typo in the following sentence found in comment #4:
This explains the AppArmor denial from comment #3 containing "fsuid=296608 ouid=0". The setuid-container-root snap-confine task is correctly running as fsuid 296608 (container_ns root) but the mountinfo inode is correctly assigned uid 0 (init_ns root).
It should have read:
This explains the AppArmor denial from comment #3 containing "fsuid=296608 ouid=0". The setuid-container-root snap-confine task is correctly running as fsuid 296608 (container_ns root) but the mountinfo inode is *incorrectly* assigned uid 0 (init_ns root).
I made an unfortunate typo in the following sentence found in comment #4:
This explains the AppArmor denial from comment #3 containing "fsuid=296608 ouid=0". The setuid- container- root snap-confine task is correctly running as fsuid 296608 (container_ns root) but the mountinfo inode is correctly assigned uid 0 (init_ns root).
It should have read:
This explains the AppArmor denial from comment #3 containing "fsuid=296608 ouid=0". The setuid- container- root snap-confine task is correctly running as fsuid 296608 (container_ns root) but the mountinfo inode is *incorrectly* assigned uid 0 (init_ns root).