Bug#900042: evince: AppArmor profile denies access to temporary directory

John Scott jscott at posteo.net
Fri May 25 03:09:40 BST 2018 

Package: evince
Version: 3.28.2-1
Severity: normal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I found this in my kernel log after apparmor-notify
caught my attention, which I'm reporting because
the profile is enforced by default.

apparmor="DENIED" operation="open" profile="/usr/bin/evince//sanitized_helper" name="/dev/shm/org.chromium.pyS2xf" pid=6366 comm=57656220436F6E74656E74 requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

I've never used Chromium though, and my /dev/shm/ is
empty. I don't know enough about Evince to be of
much help from here.

I don't believe I was using it when this happened;
it might've been the daemon.

- -- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.16.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages evince depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.28.0-2
ii  evince-common                                3.28.2-1
ii  gsettings-desktop-schemas                    3.28.0-1
ii  libatk1.0-0                                  2.28.1-1
ii  libc6                                        2.27-3
ii  libcairo-gobject2                            1.15.10-3
ii  libcairo2                                    1.15.10-3
ii  libevdocument3-4                             3.28.2-1
ii  libevview3-3                                 3.28.2-1
ii  libgdk-pixbuf2.0-0                           2.36.11-2
ii  libglib2.0-0                                 2.56.1-2
ii  libgnome-desktop-3-17                        3.28.2-1
ii  libgtk-3-0                                   3.22.29-3
ii  libnautilus-extension1a                      3.26.3.1-1
ii  libpango-1.0-0                               1.42.0-1
ii  libpangocairo-1.0-0                          1.42.0-1
ii  libsecret-1-0                                0.18.6-1
ii  shared-mime-info                             1.9-2

Versions of packages evince recommends:
ii  dbus-user-session [default-dbus-session-bus]  1.12.8-2
ii  dbus-x11 [dbus-session-bus]                   1.12.8-2

Versions of packages evince suggests:
ii  gvfs             1.36.1-1
ii  nautilus-sendto  3.8.6-2
ii  poppler-data     0.4.9-2
pn  unrar            <none>

- -- no debconf information

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEJwCMxdBfG24Y2trvfWFEpid5MHIFAlsHcGMACgkQfWFEpid5
MHLSOgf/fwXkLfvsIE5+CALBjk5+zz0tDfoK6xVwNcqEjGtqyUUtAQhLJG4I4tZd
hV421vmRb6s9kG37uHwCCgz7lUtC3x9Jd4oBdvNjm88Cc9LrehMRrgza3JFNUlEc
z2yLb7OrD3HmcZ4xXbuFjHQEOvTwewjjFKUeGSs41fBYfU93hJILMKlLt3wVljyh
eGPXDLFiJZIPe5ynmYtPYcs7qkiMWX2MuW7gxD91esjsFOQcKyf3RU1OZNIaiq5g
RbaofihBnJPGrbqpb7hUfAMcGcBeZ/C6zwP+Rwy6QNrdDdvMyRje0PUsRXVWfxSS
K2YllHZSkZ0OUa2sPg41BhurIH1ybA==
=M8m1
-----END PGP SIGNATURE-----

More information about the pkg-gnome-maintainers mailing list