Comment 2 for bug 1772097

So it looks like apparmor is detecting one of the entries as deleted, which it will allow for fds being passed around but not to base lookups off of.

You should be able to work around this by adding the mediate_deleted flag to the profile. Which will allow path lookup from the fd that it is identifying as deleted.

So your example profile would change to

profile test_attach_disconnected (attach_disconnected,mediate_deleted) {
  #include <abstractions/base>

  /tmp/{#,okular}* rwl,
  @{HOME}/snap/test-tmp-linkat/common/{#,okular}* rwl,
}