Control: severity -1 minor Hi,
> + owner /{,var/}run/user/*/weston-shared-* rw, Thanks for your report! I personally won't be leading a resolution of this bug short term, so here are a few hints for anyone interested: * I doubt that Evince is the only piece of software that'll need such permissions, so likely there's room for a wayland abstraction. Not sure where exactly it should go, perhaps in the main AppArmor package just like the X abstraction. Next step is to start a discussion on the AppArmor mailing-list about it, IMO. * The path component after /run/user could be a bit more restrictive, with e.g. [0-9]* (I know, this is not used consistently across all profiles we ship). Cheers!