Bug#1037199: evince: Cannot open links in browser due to Apparmor profile

Ralf Jung post at ralfj.de
Wed Jun 7 15:00:31 BST 2023 

Package: evince
Version: 43.1-2+b1
Severity: normal

Dear Maintainer,

clicking a link to open things in my browser works in basically all applications, except evince. It took me a long whole to realize that this is due to apparmor:

Jun 07 15:53:03 r-ethtop audit[1165140]: AVC apparmor="DENIED" operation="exec" profile="/usr/bin/evince" name="/home/r/bin/firefox" pid=1165140 comm="gio-launch-desk" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000
Jun 07 15:53:03 r-ethtop kernel: audit: type=1400 audit(1686145983.857:133): apparmor="DENIED" operation="exec" profile="/usr/bin/evince" name="/home/r/bin/firefox" pid=1165140 comm="gio-launch-desk" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000

Looks like this would happen to anyone who set their default browser to something they installed themselves as a user rather than using a system package.
That's quite surprising and most people will probably never figure out why things are broken.

I am still trying to figure out how to work around this, Apparmor seems super complicated and I don't have the time to learn it just to fix clicking links in a PDF... I'll probably end up just disabling it as that seems like the only thing that's reasonably easy to do. :/

Kind regards,
Ralf


-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-9-amd64 (SMP w/20 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages evince depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.40.0-4
ii  evince-common                                43.1-2
ii  gsettings-desktop-schemas                    43.0-1
ii  libatk1.0-0                                  2.46.0-5
ii  libc6                                        2.36-9
ii  libcairo-gobject2                            1.16.0-7
ii  libcairo2                                    1.16.0-7
ii  libevdocument3-4                             43.1-2+b1
ii  libevview3-3                                 43.1-2+b1
ii  libgdk-pixbuf-2.0-0                          2.42.10+dfsg-1+b1
ii  libglib2.0-0                                 2.74.6-2
ii  libgnome-desktop-3-20                        43.2-2
ii  libgtk-3-0                                   3.24.37-2
ii  libhandy-1-0                                 1.8.1-1
ii  libpango-1.0-0                               1.50.12+ds-1
ii  libpangocairo-1.0-0                          1.50.12+ds-1
ii  libsecret-1-0                                0.20.5-3
ii  shared-mime-info                             2.2-1

Versions of packages evince recommends:
ii  dbus-user-session [default-dbus-session-bus]  1.14.6-1

Versions of packages evince suggests:
ii  gvfs             1.50.3-1
pn  nautilus-sendto  <none>
ii  poppler-data     0.4.12-1
pn  unrar            <none>

-- no debconf information

More information about the pkg-gnome-maintainers mailing list