Bug#915024: evince-thumbnailer: Permission denied due to apparmor
Luis Guzman
ark at switnet.org
Wed Oct 23 07:34:25 BST 2024
Package: evince
Version: 43.1-2+b1
Followup-For: Bug #915024
Dear Maintainer,
As an update to this issue, seems like the apparmor profile got updates since 2018 breaking the thumbnail feature.
I'm using this as a workaround on LXDE and should work with other DE.
I'm not an expert on AppArmor but seems to work and follow regular security policies, would you mind take a look?
Thanks in advance for the attention.
diff --git a/etc/apparmor.d/usr.bin.evince.orig b/etc/apparmor.d/usr.bin.evince
index eb0253e..d2c2923 100644
--- a/etc/apparmor.d/usr.bin.evince.orig
+++ b/etc/apparmor.d/usr.bin.evince
@@ -338,6 +338,10 @@
/ r,
deny /missfont.log w,
+ # Fix thumbnail issue #915024
+ owner @{HOME}/.cache/thumbnails/** rw,
+ owner /tmp/evince-thumbnailer* rw,
+
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.bin.evince>
}
-- System Information:
Debian Release: 12.7
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-26-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=es_MX.UTF-8, LC_CTYPE=es_MX.UTF-8 (charmap=UTF-8), LANGUAGE=es_MX:es
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages evince depends on:
ii dconf-gsettings-backend [gsettings-backend] 0.40.0-4
ii evince-common 43.1-2
ii gsettings-desktop-schemas 43.0-1
ii libatk1.0-0 2.46.0-5
ii libc6 2.36-9+deb12u8
ii libcairo-gobject2 1.16.0-7
ii libcairo2 1.16.0-7
ii libevdocument3-4 43.1-2+b1
ii libevview3-3 43.1-2+b1
ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+deb12u1
ii libglib2.0-0 2.74.6-2+deb12u3
ii libgnome-desktop-3-20 43.2-2
ii libgtk-3-0 3.24.38-2~deb12u2
ii libhandy-1-0 1.8.1-1
ii libpango-1.0-0 1.50.12+ds-1
ii libpangocairo-1.0-0 1.50.12+ds-1
ii libsecret-1-0 0.20.5-3
ii shared-mime-info 2.2-1
Versions of packages evince recommends:
ii dbus-user-session [default-dbus-session-bus] 1.14.10-1~deb12u1
Versions of packages evince suggests:
ii gvfs 1.50.3-1
pn nautilus-sendto <none>
ii poppler-data 0.4.12-1
pn unrar <none>
-- Configuration Files:
/etc/apparmor.d/usr.bin.evince changed [not included]
-- no debconf information
More information about the pkg-gnome-maintainers
mailing list