Ubuntu 22.04 - snap-confine has elevated permissions and is not confined - apparmor permissions & firefox launch issue

Question

My last package upgrade failed and the system crashed. When I then rebooted and tried to upgrade again it said: dpkg was interrupted, you must manually run 'sudo dpkg --configure -a' to correct the problem. I upgraded it manually like:

$ sudo apt upgrade

E: dpkg was interrupted, you must manually run 'sudo dpkg --configure -a' to correct the problem. 

$ sudo dpkg --configure -a

Setting up snapd (2.61.3+22.04) ...

Configuration file '/etc/apparmor.d/usr.lib.snapd.snap-confine.real'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** usr.lib.snapd.snap-confine.real (Y/I/N/O/D/Z) [default=N] ? N

snapd.failure.service is a disabled or a static unit not running, not starting it.
snapd.snap-repair.service is a disabled or a static unit not running, not starting it.
Failed to restart snapd.mounts-pre.target: Operation refused, unit snapd.mounts-pre.target may be requested by dependency only (it is configured to refuse manual start/stop).
See system logs and 'systemctl status snapd.mounts-pre.target' for details.
Could not execute systemctl:  at /usr/bin/deb-systemd-invoke line 142.
Setting up mutter-common (42.9-0ubuntu7) ...
Processing triggers for mailcap (3.70+nmu1ubuntu1) ...
Processing triggers for bamfdaemon (0.5.6+22.04.20220217-0ubuntu1) ...
Rebuilding /usr/share/applications/bamf-2.index...
Processing triggers for desktop-file-utils (0.26-1ubuntu3) ...
Processing triggers for gnome-menus (3.36.0-1ubuntu3) ...
Processing triggers for libglib2.0-0:amd64 (2.72.4-0ubuntu2.2) ...
Processing triggers for libc-bin (2.35-0ubuntu3.6) ...
Processing triggers for man-db (2.10.2-1) ...
Processing triggers for dbus (1.12.20-2ubuntu4.1) ...
Setting up libmutter-10-0:amd64 (42.9-0ubuntu7) ...
Setting up gir1.2-mutter-10:amd64 (42.9-0ubuntu7) ...
Processing triggers for libc-bin (2.35-0ubuntu3.6) ...

And now I can't launch snap packages from the desktop like firefox after reboot that where recently upgraded:

$ cd snap
~/snap$ ls -la

drwx------ 12 ... ... 4096 Jul  6  2023 .
drwxr-x--- 27 ... ... 4096 Mär 29 09:13 ..
drwxr-xr-x  4 ... ... 4096 Apr 12  2023 atom
drwxr-xr-x  5 ... ... 4096 Mär 28 15:14 chromium
drwxr-xr-x  5 ... ... 4096 Mär 28 15:29 code
drwxr-xr-x  5 ... ... 4096 Dez 11 09:42 evince
drwxr-xr-x  5 ... ... 4096 Mär 28 08:33 firefox
drwxr-xr-x  5 ... ... 4096 Mär 28 15:29 postman
drwxr-xr-x  5 ... ... 4096 Mär 28 12:24 skype
drwxr-xr-x  5 ... ... 4096 Apr 28  2023 snapd-desktop-integration
drwxr-xr-x  4 ... ... 4096 Mär 28 20:30 snap-store
drwxr-xr-x  2 ... ... 4096 Jul  6  2023 vue

If I run ...

$ sudo apparmor_parser -r /etc/apparmor.d/*snap-confine*

I can launch them again from the desktop and all looks fine, but when I reboot the system the issue persists.

I then tried ...

$ sudo systemctl enable --now apparmor.service
$ sudo systemctl enable --now snapd.apparmor.service

or ...

$ sudo service start snapd
$ sudo systemctl enable snapd.service
$ sudo systemctl enable --now snapd.service

or ...

$ sudo snap refresh
gnome-42-2204 0+git.510a601 from Canonical✓ refreshed

or ...

$ sudo apt reinstall --purge apparmor

or ...

$ sudo cp /var/lib/snapd/apparmor/profiles/snap-confine.snapd.21184 /etc/apparmor.d/usr.lib.snapd.snap-confine.real
$ sudo systemctl restart apparmor

or ...

$ sudo service snapd.apparmor start
$ sudo systemctl enable snapd.service
$ sudo systemctl start snapd.service
$ service snapd.apparmor start

or ...

$ sudo dpkg -P snapd
$ sudo apt install snapd

... as suggested in some of the posts:

• https://github.com/canonical/microk8s/issues/249
• Snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks
• https://forum.snapcraft.io/t/sudo-apt-get-upgrade-error/12001/9
• https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/2036695
• https://bugs.launchpad.net/snapd/+bug/2038568

In my log I see:

Mar 28 19:43:40 ... ... systemd[...]: Started snap.firefox.firefox-1....scope.
Mar 28 19:43:40 ... ... firefox_firefox.desktop[...]: snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks
Mar 28 19:43:40 ... ... firefox_firefox.desktop[...]: Please make sure that the snapd.apparmor service is enabled and started.
Mar 28 19:43:46 ... ... kernel: [ ...] [UFW BLOCK] IN=ens32 OUT= MAC=... SRC=... DST=... LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2

What else can I try and solve this issue to directly launch e.g. firefox after reboot?

Status checks for snapd.service & apparmor.service:

$ systemctl status snapd.service
● snapd.service - Snap Daemon
     Loaded: loaded (/lib/systemd/system/snapd.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2024-03-29 09:00:28 CET; 1h 8min ago
TriggeredBy: ● snapd.socket
   Main PID: ... (snapd)
      Tasks: 9 (limit: 4519)
     Memory: 21.4M
        CPU: 2.140s
     CGroup: /system.slice/snapd.service
             └─... /usr/lib/snapd/snapd

$ systemctl status apparmor.service
● apparmor.service - Load AppArmor profiles
     Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled)
     Active: active (exited) since Fri 2024-03-29 08:59:45 CET; 1h 10min ago
       Docs: man:apparmor(7)
             https://gitlab.com/apparmor/apparmor/wikis/home/
   Main PID: ... (code=exited, status=0/SUCCESS)
        CPU: 182ms