Comment 5 for bug 270046

Martin, sorry, but this is different from bug 151190; my home directories are in the default location. I'm seeing this despite:

  [denisovich ~]$ grep HOME /etc/apparmor.d/tunables/home
  # @{HOME} is a space-separated list of all user home directories. While
  @{HOME}=@{HOMEDIRS}/*/ /root/
  # @{HOMEDIRS} is a space-separated list of where user home directories
  @{HOMEDIRS}=/home/
  [denisovich ~]$ ls -ld /home $HOME
  drwxr-xr-x 5 root root 4096 2008-08-08 11:05 /home
  drwxr-xr-x 66 steve steve 4096 2008-10-06 15:34 /home/steve

The *only* rejection I'm seeing is the dac_override:

  type=APPARMOR_DENIED msg=audit(1223332440.925:7): operation="capable" name="dac_override" pid=17681 profile="/usr/lib/cups/backend/cups-pdf"

I don't have a following inode_create rejection, even after adding the dac_override capability to the profile (and solely adding the dac_override capability to the cups-pdf profile causes the cups-pdf plugin to start working).

An alternative fix would be to include a PDF/ directory in /etc/skel/, but since it seems unpossible to include a tmp/ directory there, I suspect PDF/ is even less likely.