Hi, I'm on Ubuntu 23.10 using Brave browser SNAP and I still face the issue (cannot open links in evince -using Brave browser snap). 

Here are the versions:

```console
❯ apt list --installed | rg 'evince|apparmor'

apparmor/mantic,now 4.0.0~alpha2-0ubuntu5 amd64 [installed,automatic]
evince-common/mantic,mantic,now 45.0-1 all [installed,automatic]
evince/mantic,now 45.0-1 amd64 [installed]
libapparmor1/mantic,now 4.0.0~alpha2-0ubuntu5 amd64 [installed,automatic]
```
Brave Browser 120.1.61.101

`journalctl -f` log:

```console
Dec 20 12:18:37 laptop kernel: audit: type=1400 audit(1703071117.044:3565): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/evince//snap_browsers" name="/proc/cgroups" pid=1351803 comm="brave" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Dec 20 12:18:37 laptop brave_brave.desktop[1351803]: internal error, please report: running "brave" failed: open /snap/brave/323/meta/snap.yaml: permission denied
Dec 20 12:18:37 laptop kernel: audit: type=1400 audit(1703071117.052:3566): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/evince//snap_browsers" name="/snap/brave/323/meta/snap.yaml" pid=1351803 comm="brave" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0


```

I see the following in `/etc/apparmor.d/usr.bin.evince` with all includes commented, including `snap_browsers` line. Is that normal? Thanks


```
       │ File: /etc/apparmor.d/usr.bin.evince
       │ Size: 11.5 KB
───────┼────────────────────────────────────────────────────────────────────────
   1   │ # vim:syntax=apparmor
   2   │ 
   3   │ # evince is not written with application confinement in mind and is designed to
   4   │ # operate within a trusted desktop session where anything running within the
   5   │ # user's session is trusted. That said, evince will often process untrusted
   6   │ # input (PDFs, images, etc). Ideally evince would be written in such a way that
   7   │ # image processing is separate from the main process and that processing
   8   │ # happens in a restrictive sandbox, but unfortunately that is not currently the
   9   │ # case. Because evince will process untrusted input, this profile aims to
  10   │ # provide some hardening, but considering evince's design and other factors such
  11   │ # as X, gsettings, accessibility, translations, DBus session and system
  12   │ # services, etc, complete confinement is not possible.
  13   │ 
  14   │ #include <tunables/global>
  15   │ 
  16   │ /usr/bin/evince {
  17   │   #include <abstractions/audio>
  18   │   #include <abstractions/bash>
  19   │   #include <abstractions/cups-client>
  20   │   #include <abstractions/dbus-accessibility>
  21   │   #include <abstractions/evince>
  22   │   #include <abstractions/ibus>
  23   │   #include <abstractions/nameservice>
  24   │ 
  25   │   #include <abstractions/ubuntu-browsers>
  26   │   #include <abstractions/ubuntu-console-browsers>
  27   │   #include <abstractions/ubuntu-email>
  28   │   #include <abstractions/ubuntu-console-email>
  29   │   #include <abstractions/ubuntu-media-players>
  30   │ 
  31   │   # allow evince to spawn browsers distributed as snaps (LP: #1794064)
  32   │   #include if exists <abstractions/snap_browsers>
  33   │ 
  34   │   # For now, let evince talk to any session services over dbus. We can
  35   │   # blacklist any problematic ones (but note, evince uses libsecret :\)
  36   │   #include <abstractions/dbus-session>
  37   │ 
  38   │   #include <abstractions/dbus-strict>
  39   │   dbus (receive) bus=system,

```