Bug#1037199: evince: Cannot open links in browser due to Apparmor profile
Ralf Jung
post at ralfj.de
Wed Jun 7 15:00:31 BST 2023
Package: evince
Version: 43.1-2+b1
Severity: normal
Dear Maintainer,
clicking a link to open things in my browser works in basically all applications, except evince. It took me a long whole to realize that this is due to apparmor:
Jun 07 15:53:03 r-ethtop audit[1165140]: AVC apparmor="DENIED" operation="exec" profile="/usr/bin/evince" name="/home/r/bin/firefox" pid=1165140 comm="gio-launch-desk" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000
Jun 07 15:53:03 r-ethtop kernel: audit: type=1400 audit(1686145983.857:133): apparmor="DENIED" operation="exec" profile="/usr/bin/evince" name="/home/r/bin/firefox" pid=1165140 comm="gio-launch-desk" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000
Looks like this would happen to anyone who set their default browser to something they installed themselves as a user rather than using a system package.
That's quite surprising and most people will probably never figure out why things are broken.
I am still trying to figure out how to work around this, Apparmor seems super complicated and I don't have the time to learn it just to fix clicking links in a PDF... I'll probably end up just disabling it as that seems like the only thing that's reasonably easy to do. :/
Kind regards,
Ralf
-- System Information:
Debian Release: 12.0
APT prefers testing-security
APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.1.0-9-amd64 (SMP w/20 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages evince depends on:
ii dconf-gsettings-backend [gsettings-backend] 0.40.0-4
ii evince-common 43.1-2
ii gsettings-desktop-schemas 43.0-1
ii libatk1.0-0 2.46.0-5
ii libc6 2.36-9
ii libcairo-gobject2 1.16.0-7
ii libcairo2 1.16.0-7
ii libevdocument3-4 43.1-2+b1
ii libevview3-3 43.1-2+b1
ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+b1
ii libglib2.0-0 2.74.6-2
ii libgnome-desktop-3-20 43.2-2
ii libgtk-3-0 3.24.37-2
ii libhandy-1-0 1.8.1-1
ii libpango-1.0-0 1.50.12+ds-1
ii libpangocairo-1.0-0 1.50.12+ds-1
ii libsecret-1-0 0.20.5-3
ii shared-mime-info 2.2-1
Versions of packages evince recommends:
ii dbus-user-session [default-dbus-session-bus] 1.14.6-1
Versions of packages evince suggests:
ii gvfs 1.50.3-1
pn nautilus-sendto <none>
ii poppler-data 0.4.12-1
pn unrar <none>
-- no debconf information
More information about the pkg-gnome-maintainers
mailing list