That smells like a problem with AppArmor blocking too much for Document Viewer.

I believe "Document Viewer" is the package evince.

Ah, it seems AppAmor contains a hardcoded list of web browsers, and needs to be educated about the existence of PureBrowser in the file

/etc/apparmor.d/abstractions/ubuntu-browsers

I will fork apparmor with that change...

should be fixed in landing by now. Will keep this issue open until either someone using landing confirms, or it trickles into green and noone screams.

In T363#6906, @jonas.smedegaard wrote:

Ah, it seems AppAmor contains a hardcoded list of web browsers, and needs to be educated about the existence of PureBrowser in the file

/etc/apparmor.d/abstractions/ubuntu-browsers

Could you also check if other areas within AppArmor require forks we use? Or if there are other applications that require browser specific tasks to include PureBrowser? (a simple grep maybe?)

The reason this was fixed by forking apparmor (not including an apparmor snippet with purebrowser package) was to address generally the need of application needing access to browser to also be granted that for PureBrowser.

I am unaware of any other current deviations of ours requiring modifications to AppArmor, but lack a complete picture yet of how exactly our system deviates from Debian: from our end we track only the parts we deviate _and_ lag behind (see T367#6535) and at from Debian end tracking is blocked by lack of funding for disk space (last - possibly incomplete - data is from 2018-01-05: http://deriv.debian.net/Purism/).

Yes, I will try locate issues unrelated to apparmor of packages hardcoding default browser being "firefox" (like T303 and T337). Will track such as separate issues, though.