Comment 6 for bug 190516

well, I can confirm it, and even provide some insight.

MUGEN does some very uhm interesting things on startup. It creates a new elf file in tmp, uses open to pin the file and then it deletes it. This results in the file being removed from the namespace and completely inaccessable except to processes that already have the file open. It then passes /proc/<pid>/fd/<mugen tmp file> to execve as the file to open, AppArmor is detecting that this is a deleted inaccessible file and failing the exec.

This is unfortunate in that this happens even when mugen is run from an unconfined shell, because AppArmor can't determine whether it should attach confinement to it. I will see what I can do, but any fixes if taken will have to come in a kernel update.