I think there's two issues at play here. The hooks we added for module loading/unloading as part of USN-4355-1 simply check if the client has an AppArmor label that looks like it belongs to a snap and denies access if found. This will also deny access to classic snaps, which is probably a mistake.
The race condition you've encountered is probably a case of "policy module not in effect" vs. "policy module in effect" rather than a race in the behaviour of the policy module itself. This probably indicates that Pulse is servicing client requests before it has completely started. For the first issue, we can make the hook request info about the snap and allow access to classic snaps. For the second, I think we just need to load module-snap-policy earlier during start up. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1886854 Title: Race in load-module snap policy check in classic confinement To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1886854/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
