Ubuntu
evince package

Couldn't connect to accessibility bus

Bug #1978838 reported by Sebastien Bacher
26
This bug affects 4 people
Affects Status Importance Assigned to Milestone
evince (Ubuntu)
Fix Released
High
Unassigned
Jammy
Fix Released
Undecided
Unassigned

Bug Description

* Impact

the apparmor profile blocks the connection to the accessibility bus since it hasn't been updated for the new socket location, https://gitlab.gnome.org/GNOME/at-spi2-core/-/issues/43

* Test Case

start evince, it shouldn't print the warning

dbind-WARNING **: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/UID/at-spi/bus_0: Permission denied

start orca, it should be able to read the content of evince

* Regression potential

The change is only allowing an extra location in the apparmor profile, we kept also the old path for compatibility reasons and for making the profile easier to share between series. Allowing the extra location shouldn't create a regression but if the change was incorrect it is possible that evince would still bot be able to connect to the bus

See original description
Sebastien Bacher (seb128)
Changed in evince (Ubuntu):
importance: Undecided → High
status: New → In Progress
status: In Progress → Fix Committed
Sebastien Bacher (seb128)
description: updated
Revision history for this message
Sebastien Bacher (seb128) wrote :

The fix for kinetic is in https://salsa.debian.org/gnome-team/evince/-/commit/0af145b1 and will be part of the next upload, SRU to 22.04 uploaded now

Revision history for this message
Robie Basak (racb) wrote : Please test proposed package

Hello Sebastien, or anyone else affected,

Accepted evince into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/evince/42.3-0ubuntu2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in evince (Ubuntu Jammy):
status: New → Fix Committed
tags: added: verification-needed verification-needed-jammy
Revision history for this message
Tushar (rafattushar) wrote :

Hello, Sebastien.
Adding evince 42.3-0ubuntu2 from jammy-proposed does not solve this issue. I am still getting "dbind-WARNING **: [XX:XX:XX.XXX]: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/[UID]/at-spi/bus: Permission denied".

Revision history for this message
Sebastien Bacher (seb128) wrote :

@Tushar, could you share the output for
$ dpkg -l | grep evince?

and do
$ journalctl -f

then start evince and share in the bug what was printed?

Revision history for this message
Tushar (rafattushar) wrote :

@Sebastien, here are the outputs:

$ dpkg -l | grep evince
ii evince 42.3-0ubuntu2 amd64 Document (PostScript, PDF) viewer
ii evince-common 42.3-0ubuntu2 all Document (PostScript, PDF) viewer - common files

$ journalctl -f
Jul 04 12:01:10 ubuntu-22 audit[5913]: AVC apparmor="DENIED" operation="connect" profile="/usr/bin/evince" name="/run/user/1000/at-spi/bus" pid=5913 comm="evince" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000
Jul 04 12:01:10 ubuntu-22 kernel: audit: type=1400 audit(1656914470.542:100): apparmor="DENIED" operation="connect" profile="/usr/bin/evince" name="/run/user/1000/at-spi/bus" pid=5913 comm="evince" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000

Revision history for this message
Sebastien Bacher (seb128) wrote :

and
$ grep at-spi /etc/apparmor.d/usr.bin.evince
?

Revision history for this message
Tushar (rafattushar) wrote :

$ grep at-spi /etc/apparmor.d/usr.bin.evince

  owner /{,var/}run/user/*/at-spi2-*/ rw,
  owner /{,var/}run/user/*/at-spi2-*/** rw,

Revision history for this message
Sebastien Bacher (seb128) wrote :

did you ever edit that file manually? if so the packaging system is going to preserve your version

it seems the file is outdated, could you try to restore to the package version by doing?

$ sudo apt install --reinstall -o Dpkg::Options::="--force-confask,confnew,confmiss" evince

Revision history for this message
Tushar (rafattushar) wrote :

Yes, I edited that file, and that caused the error. Sorry for the inconvenience.

Now, I can confirm that this is a successful fix. Thanks, Sebastien.

Sebastien Bacher (seb128)
tags: added: verification-done verification-done-jammy
removed: verification-needed verification-needed-jammy
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package evince - 42.3-0ubuntu2

---------------
evince (42.3-0ubuntu2) jammy; urgency=medium

  * debian/apparmor-profile:
    - authorize the new at-spi socket location, fix warnings displayed
      and the screen reader not working (lp: #1978838)

 -- Sebastien Bacher <email address hidden> Fri, 17 Jun 2022 17:03:23 +0200

Changed in evince (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for evince has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package evince - 42.3-2

---------------
evince (42.3-2) unstable; urgency=medium

  [ Sebastien Bacher ]
   * debian/apparmor-profile:
    - authorize the new at-spi socket location (LP: #1978838)

  [ Jeremy Bicha ]
  * Cherry-pick patch to fix build with gnome-desktop 43

 -- Jeremy Bicha <email address hidden> Thu, 28 Jul 2022 09:45:11 -0400

Changed in evince (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Ubfan (ubfan1) wrote :

Fully patched Ubuntu 22.04, Dec 18, evince 43.3.2 runs fine until a print or print preview is tried on a ps file, resulting in the same error:
$ evince fern.ps
GPL Ghostscript 9.55.0: Unrecoverable error, exit code 1
(libspectre) ghostscript reports: fatal internal error -100
(evince-previewer:13644): dbind-WARNING **: 11:49:59.120: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus_1: Permission denied

The print icon shows the correct printers, the preview produces a blank window and the error, the Print produces a blank page and the error.

Several ps files tried, resulting in the same error.

No edits of system files were done.

Patches mentioned seem to have been applied successfully.

Revision history for this message
tomdean (tomdean) wrote :

> evince
(evince:58774): dbind-WARNING **: 10:34:53.828: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus_0: Permission denied

> uname -a
Linux aorus 6.5.0-14-generic #14~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Mon Nov 20 18:15:30 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
> lsb_release -a
LSB Version: core-11.1.0ubuntu4-noarch:security-11.1.0ubuntu4-noarch
Distributor ID: Ubuntu
Description: Ubuntu 22.04 LTS
Release: 22.04
Codename: jammy

> dpkg -l | grep evince
ii evince 42.1-3 amd64 Document (PostScript, PDF) viewer
ii evince-common 42.1-3 all Document (PostScript, PDF) viewer - common files

> grep at-spi /etc/apparmor.d/usr.bin.evince
  owner /{,var/}run/user/*/at-spi2-*/ rw,
  owner /{,var/}run/user/*/at-spi2-*/** rw,

> journalctl -f
Jan 13 10:41:32 aorus audit[58974]: AVC apparmor="DENIED" operation="open" class="file" profile="/usr/bin/evince" name="/usr/local/lib/libgmp.so.10.5.0" pid=58974 comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Jan 13 10:41:32 aorus kernel: audit: type=1400 audit(1705171292.693:70): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/evince" name="/usr/local/lib/libgmp.so.10.5.0" pid=58974 comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Jan 13 10:41:32 aorus audit[58974]: AVC apparmor="DENIED" operation="connect" class="file" profile="/usr/bin/evince" name="/run/user/1000/at-spi/bus_0" pid=58974 comm="evince" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000
Jan 13 10:41:32 aorus kernel: audit: type=1400 audit(1705171292.709:71): apparmor="DENIED" operation="connect" class="file" profile="/usr/bin/evince" name="/run/user/1000/at-spi/bus_0" pid=58974 comm="evince" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.