Adding the line:
capability dac_read_search,
to the cups-pdf section of /etc/apparmor.d/usr.sbin.cupsd allows cups-pdf to function as expected in cases where ~/PDF/ exists with permissions 700, and $HOME also has 700 permissions.
This is unusual, as AppArmor should not be interfering with the stat function calls in cups-pdf. From the AppArmor Technical Documentation provided in the apparmor-docs package:
"Stat. Retrieving information about files is always allowed. We believe that providing policy for file information retrieval is more troublesome than the benefit it would provide."
I am unsure if the failure of cups-pdf's stat call is the result of a bug in AppArmor itself, or an overly restrictive AppArmor profile for the cups package.
Adding the line: d/usr.sbin. cupsd allows cups-pdf to function as expected in cases where ~/PDF/ exists with permissions 700, and $HOME also has 700 permissions.
capability dac_read_search,
to the cups-pdf section of /etc/apparmor.
This is unusual, as AppArmor should not be interfering with the stat function calls in cups-pdf. From the AppArmor Technical Documentation provided in the apparmor-docs package:
"Stat. Retrieving information about files is always allowed. We believe that providing policy for file information retrieval is more troublesome than the benefit it would provide."
I am unsure if the failure of cups-pdf's stat call is the result of a bug in AppArmor itself, or an overly restrictive AppArmor profile for the cups package.