On 2018-01-27, Michael Gold <mich...@bitplane.org> wrote: > The problem seems to be that the file isn't treated as being under $HOME > and isn't treated as having a ".pdf" suffix. Both are true for the name > being opened, but not for the target.
My understanding is that this limitation is in the Linux kernel's security module framework. Symbolic links are resolved before AppArmor can verify permission for the path, so AppArmor only sees "/xr0/michael/...etc...", not "/home/michael/...etc...".
