[Pkg-gnome-extras-maintainers] Bug#1127935: evince: AppArmor profile doesn't allow running bwrap
Simon McVittie
smcv at debian.org
Fri Feb 20 11:20:02 GMT 2026
Control: reopen 1127935
On Thu, 19 Feb 2026 at 19:31:18 +0200, Faidon Liambotis wrote:
>retitle 1127935 evince: AppArmor profile doesn't allow running bwrap
...
>When opening evince, without opening a particular file (just the main
>screen) I get 64 of these warnings, one for every recent document:
> ** (evince:49238): WARNING **: 19:21:12.499: Failed to save thumbnail file file:///...: Could not spawn `"bwrap" "--unshare-all" ... --seccomp" "89" "/usr/libexec/glycin-loaders/2+/glycin-image-rs" "--dbus-fd" "87"`: Permission denied (os error 13)
Yes, this is an example of a general problem with AppArmor: it's easy
for an AppArmor profile to be overly sensitive to implementation
details, such as whether gdk-pixbuf loads/saves files directly or in a
sandboxed helper. This is certainly a bug in the profile, whether RC or
not.
If you want to repurpose this bug report to track that, to be useful for
that purpose it will need to be reopened; doing that now.
>severity 1127935 serious
I'm not convinced this is a serious Policy violation, but I'll let
someone more involved with evince maintenance make that decision.
smcv
More information about the pkg-gnome-extras-maintainers
mailing list