Hi, This bug report seems to be about 2 distinct problems:
1. Evince cannot start external applications on XFCE because the exo-open abstraction lacks permission to execute /usr/bin/xfce4-mime-helper. A cursory look at the sources suggests that recent exo-open needs to execute xfce4-mime-helper in some cases: https://sources.debian.org/src/exo/4.16.3-1/exo-open/main.c/?hl=265#L265 → https://sources.debian.org/src/exo/4.16.3-1/exo/exo-execute.c/?hl=263#L86 → https://sources.debian.org/src/exo/4.16.3-1/exo/exo-execute.c/?hl=263#L263 This suggests it's a bug in the exo-open abstraction. Is this problem fixed by adding the following line to /etc/apparmor.d/abstractions/exo-open /{,usr/}bin/xfce4-mime-helper rix, ? If that's enough, I'm happy to submit the fix upstream. 2. The list of web browsers that applications can start is hard-coded and does not support, out of the box, browsers installed in arbitrary locations. This is an AppArmor design problem that affects all desktop apps that need to start a browser. I'm not aware of any plan to fix this on the short term. Ideally apps would use Portals instead of implicitly relying on being allowed to execute arbitrary programs. Meanwhile, the best I can suggest is that users add their preferred browser to /etc/apparmor.d/abstractions/ubuntu-browsers. Cheers!
