[pkg-apparmor] Bug#1127935: evince: AppArmor profile doesn't allow running bwrap
Simon McVittie
smcv at debian.org
Fri Feb 20 12:53:42 GMT 2026
Control: affects -1 + src:gdk-pixbuf src:papers src:apparmor
On Fri, 20 Feb 2026 at 11:20:02 +0000, Simon McVittie wrote:
>On Thu, 19 Feb 2026 at 19:31:18 +0200, Faidon Liambotis wrote:
>>retitle 1127935 evince: AppArmor profile doesn't allow running bwrap
>...
>>When opening evince, without opening a particular file (just the main
>>screen) I get 64 of these warnings, one for every recent document:
>> ** (evince:49238): WARNING **: 19:21:12.499: Failed to save thumbnail file file:///...: Could not spawn `"bwrap" "--unshare-all" ... --seccomp" "89" "/usr/libexec/glycin-loaders/2+/glycin-image-rs" "--dbus-fd" "87"`: Permission denied (os error 13)
>
>Yes, this is an example of a general problem with AppArmor: it's easy
>for an AppArmor profile to be overly sensitive to implementation
>details, such as whether gdk-pixbuf loads/saves files directly or in a
>sandboxed helper. This is certainly a bug in the profile, whether RC
>or not.
Here is a sketch of how it could potentially work:
https://salsa.debian.org/gnome-team/extras/evince/-/merge_requests/10
(which is probably both too permissive and too strict, but it does allow
evince to start up).
As a hint for testing, the reproducer that Faidon mentioned will only
work if at least one of your recent documents has not been thumbnailed.
Deleting ~/.cache/thumbnails before running evince is a brute-force way
to make sure that the code paths that use glycin will actually run.
Any package that has a non-trivial AppArmor profile and uses gdk-pixbuf,
such as papers, will need something similar. Perhaps the AppArmor team
could help to generalize this into something that isn't a sandbox
escape, and doesn't require something this extensive in every affected
package?
(I do find myself wondering whether the AppArmor profiles for evince and
papers actually protect us against anything: they allow enough things
that I imagine there's probably at least one sandbox escape available
already. Identifying and isolating the particularly high-risk parts,
like glycin does, or isolating entire apps, like Flatpak does, are
probably better ways in the long term.)
smcv
More information about the pkg-apparmor-team
mailing list