18.04 ActiveDirectory joined - snap error - cannot create user data directory

[lmig]

I've joined a UBUNTU 18.04 PC to a Windows domain using samba and winbind.

Domain users homes are created in /home/DOMAIN/USERNAME/ .

Snap applications like "gnome-calculator" fails to open in domain users' sessions, though they run fine in local users' sessions.
For exemple, the command "snap run --shell gnome-calculator" returns this error:

cannot create user data directory: /home/DOMAIN/USERNAME/snap/gnome-calculator/180: Permission denied

This folder actually exists though it is empty. It bellongs to "USERNAME" of group "domain users".

In syslog I can see the following message:

Aug 2 11:13:57 PCNAME kernel: [ 7930.891100] audit: type=1400 audit(1533204837.388:469): apparmor="DENIED" operation="open" profile="/usr/lib/snapd/snap-confine" name="/home/DOMAIN/USERNAME/" pid=8200 comm="snap-confine" requested_mask="r" denied_mask="r" fsuid=50000 ouid=50000

Note: uid 50000 is the uid of the windows user

Please advise.
Thanks.

[slickymaster]

Thread moved to Networking & Wireless for a better fit

[lmig]

Now I've noticed that it may be related to "apparmor" when reading the syslog entry.

I'm clueless about this.

[lmig]

Obrigado slickymaster. Gosto muito da sua pátria também!

[lmig]

SOLVED!

I've found in another forum one user with the same issue with apparmor and Windows domain join.

As the PC is domain joint, the home folder path is different than standard, and is not included in apparmor by default.

I was finally able to fix this by running "sudo dpkg-reconfigure apparmor" and then specifying /home/DOMAIN/ as an additional user home directory!
Now apparmor allows snap applications to access home directory!

Thanks!

[slickymaster]

Being so, please mark the thread as SOLVED. Just follow the link in my signature if you don't know how to do it.