Bug#915024: evince-thumbnailer: Permission denied due to apparmor

Wed Oct 23 07:34:25 BST 2024

Package: evince
Version: 43.1-2+b1
Followup-For: Bug #915024

Dear Maintainer,

As an update to this issue, seems like the apparmor profile got updates since 2018 breaking the thumbnail feature.

I'm using this as a workaround on LXDE and should work with other DE.
I'm not an expert on AppArmor but seems to work and follow regular security policies, would you mind take a look?

Thanks in advance for the attention.

diff --git a/etc/apparmor.d/usr.bin.evince.orig b/etc/apparmor.d/usr.bin.evince
index eb0253e..d2c2923 100644
--- a/etc/apparmor.d/usr.bin.evince.orig
+++ b/etc/apparmor.d/usr.bin.evince
@@ -338,6 +338,10 @@
   / r,
   deny /missfont.log w,
 
+  # Fix thumbnail issue #915024
+  owner @{HOME}/.cache/thumbnails/** rw,
+  owner /tmp/evince-thumbnailer* rw,
+
   # Site-specific additions and overrides. See local/README for details.
   #include <local/usr.bin.evince>
 }


-- System Information:
Debian Release: 12.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-26-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=es_MX.UTF-8, LC_CTYPE=es_MX.UTF-8 (charmap=UTF-8), LANGUAGE=es_MX:es
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages evince depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.40.0-4
ii  evince-common                                43.1-2
ii  gsettings-desktop-schemas                    43.0-1
ii  libatk1.0-0                                  2.46.0-5
ii  libc6                                        2.36-9+deb12u8
ii  libcairo-gobject2                            1.16.0-7
ii  libcairo2                                    1.16.0-7
ii  libevdocument3-4                             43.1-2+b1
ii  libevview3-3                                 43.1-2+b1
ii  libgdk-pixbuf-2.0-0                          2.42.10+dfsg-1+deb12u1
ii  libglib2.0-0                                 2.74.6-2+deb12u3
ii  libgnome-desktop-3-20                        43.2-2
ii  libgtk-3-0                                   3.24.38-2~deb12u2
ii  libhandy-1-0                                 1.8.1-1
ii  libpango-1.0-0                               1.50.12+ds-1
ii  libpangocairo-1.0-0                          1.50.12+ds-1
ii  libsecret-1-0                                0.20.5-3
ii  shared-mime-info                             2.2-1

Versions of packages evince recommends:
ii  dbus-user-session [default-dbus-session-bus]  1.14.10-1~deb12u1

Versions of packages evince suggests:
ii  gvfs             1.50.3-1
pn  nautilus-sendto  <none>
ii  poppler-data     0.4.12-1
pn  unrar            <none>

-- Configuration Files:
/etc/apparmor.d/usr.bin.evince changed [not included]

-- no debconf information

