[pkg-apparmor] Bug#1109826: evince: print preview doesn't work if the papers package is installed: apparmor="DENIED" name="/usr/bin/papers-previewer"
Christian Boltz
debian-bugs at cboltz.de
Thu Jul 24 19:45:28 BST 2025
Hello,
Am Donnerstag, 24. Juli 2025, 15:35 schrieb Simon McVittie:
> On Thu, 24 Jul 2025 at 14:22:08 +0100, Simon McVittie wrote:
> >In the "journalctl -f" output, I see
> >this AppArmor denial (uid 0 or adm membership required):
> >>Jul 24 12:27:49 espresso kernel: audit: type=1400
> >>audit(1753356469.641:148): apparmor="DENIED" operation="exec"
> >>class="file" profile="/usr/bin/evince"
> >>name="/usr/bin/papers-previewer" pid=12463 comm="gio-launch-desk"
> >>requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
> A possible patch:
>
> ----8<----
> --- debian/apparmor-profile 2025-07-17 14:27:11.713382824 +0100
> +++ /etc/apparmor.d/usr.bin.evince 2025-07-24 14:23:39.877301150
+0100
> @@ -63,6 +63,7 @@
>
> /usr/bin/evince rmPx,
> /usr/bin/evince-previewer Px,
> + /usr/bin/papers-previewer Pix,
A Px rule (without the ix fallback) would be better.
Obviously this means that we need a separate profile for
papers-previewer.
Since you switched the evince profile to complain mode, your audit.log
should already include everything to create that profile.
Are you familiar enough with aa-logprof to create the papers-previewer
profile? Otherwise, please attach your /var/log/audit/audit.log (and
possibly audit.log.[0-9] if they have been rotated away - should be
obvious by looking at the timestamp).
Regards,
Christian Boltz
--
Well, in rc3 it complains about using an uninitialized value at
line 1465. But at least the message is shorter now, so it's a
kind of improvement. :-/ [Steffen Winterfeldt in
https://bugzilla.novell.com/show_bug.cgi?id=223909]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/pkg-apparmor-team/attachments/20250724/67006ca9/attachment-0001.sig>
More information about the pkg-apparmor-team
mailing list