Hi All,
I am following the same track today.
Can I add a discovery, and a different issue on my Ubuntu 18.10?
The discovery is that the /etc/apparmor.d/local directory exists to allow local modifications and add-ons to files in the /etc/apparmor.d directory. At the end of /etc/apparmor.d/usr.bin.evince are the following lines:
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.bin.evince>
You need to uncomment the include line out so that the local file gets taken account of. Then run apparmor_parser on the top level file.
Also restart apparmor:
# /etc/init.d/apparmor restart
just for good measure (I am not sure if this is essential).
I hope this makes sense of part of the foregoing thread.
But now, for me on Ubuntu 18.10, the problem is solved but it has moved further down the track. Observing /var/log/syslog is useful for debugging this work. We get:
Feb 23 23:41:30 ubu1810 kernel: [ 420.450790] audit: type=1400 audit(1550925690.952:84): apparmor="DENIED" operation="exec" profile="" name="/home/andro/bin/lilypond-wrapper.guile" pid=3532 comm="gio-launch-desk" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000
So now you can see that the next lilypond wrapper down the line is blocked.
I know very little about apparmor. Does anybody know the appropriate incantation to sort this out?
Andrew