I found the cause of the bug and would like to propose a fix. The AppArmor profile for Evince contains a specific clause to handle saving files that looks like this:
# evince creates a temporary stream file like '.goutputstream-XXXXXX' in the
# directory a file is saved. This allows that behavior.
owner /**/.goutputstream-* w,
However, write permission is not sufficient to rename a file - the permission should be write AND read:
I found the cause of the bug and would like to propose a fix. The AppArmor profile for Evince contains a specific clause to handle saving files that looks like this:
# evince creates a temporary stream file like '.goutputstream -XXXXXX' in the eam-* w,
# directory a file is saved. This allows that behavior.
owner /**/.goutputstr
However, write permission is not sufficient to rename a file - the permission should be write AND read:
owner /**/.goutputstr eam-* rw,
Making this change has fixed the problem.