Comment 2 for bug 1567565

I found the cause of the bug and would like to propose a fix. The AppArmor profile for Evince contains a specific clause to handle saving files that looks like this:

  # evince creates a temporary stream file like '.goutputstream-XXXXXX' in the
  # directory a file is saved. This allows that behavior.
  owner /**/.goutputstream-* w,

However, write permission is not sufficient to rename a file - the permission should be write AND read:

  owner /**/.goutputstream-* rw,

Making this change has fixed the problem.