Comment 21 for bug 270046

Adding the line:
  capability dac_read_search,
to the cups-pdf section of /etc/apparmor.d/usr.sbin.cupsd allows cups-pdf to function as expected in cases where ~/PDF/ exists with permissions 700, and $HOME also has 700 permissions.

This is unusual, as AppArmor should not be interfering with the stat function calls in cups-pdf. From the AppArmor Technical Documentation provided in the apparmor-docs package:

"Stat. Retrieving information about files is always allowed. We believe that providing policy for file information retrieval is more troublesome than the benefit it would provide."

I am unsure if the failure of cups-pdf's stat call is the result of a bug in AppArmor itself, or an overly restrictive AppArmor profile for the cups package.