Ubuntu
evince package

apparmor denies evince creating links in .local/share/gvfs-metadata

Bug #807507 reported by Christian Reis
24
This bug affects 5 people
Affects Status Importance Assigned to Milestone
evince (Ubuntu)
Fix Released
Medium
Unassigned
Ubuntu oneiric-alpha-3

Bug Description

I'm not sure exactly why evince is doing this, but when I open the attached PDF, I get these messages in my syslog:

[517153.642954] type=1400 audit(1310126279.881:64): apparmor="DENIED" operation="link" parent=1 profile="/usr/bin/evince" name="/home/kiko/.local/share/gvfs-metadata/.openRJ3GYV" pid=26997 comm="evince" requested_mask="l" denied_mask="l" fsuid=5107 ouid=5107 target="/home/kiko/.local/share/gvfs-metadata/home-1dc5eb46.log"
[517153.642147] type=1400 audit(1310126279.881:63): apparmor="DENIED" operation="link" parent=1 profile="/usr/bin/evince" name="/home/kiko/.local/share/gvfs-metadata/.openF02GYV" pid=26997 comm="evince" requested_mask="l" denied_mask="l" fsuid=5107 ouid=5107 target="/home/kiko/.local/share/gvfs-metadata/home"

I have a fix (might be a workaround) here:

--- usr.bin.evince.log 2011-07-08 09:44:30.170324154 -0300
+++ usr.bin.evince 2011-07-08 09:41:09.807227272 -0300
@@ -52,6 +52,8 @@
   @{HOME}/.gnome2/accels/ rw,
   @{HOME}/.gnome2/accelsevince rw,
   @{HOME}/.gnome2/accels/evince rw,
+ @{HOME}/.local/share/gvfs-metadata rw,
+ @{HOME}/.local/share/gvfs-metadata/* rwl,

   # from http://live.gnome.org/Evince/SupportedDocumentFormats. Allow
   # read and write for all supported file formats

Tags: patch apparmor

Related branches

lp:ubuntu/oneiric/evince
Revision history for this message
Christian Reis (kiko) wrote :
Revision history for this message
Pedro Villavicencio (pedro) wrote :

Thanks for the report, Jamie may you have a look to it? Thanks.

Changed in evince (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
Jamie Strandboge (jdstrand)
tags: added: apparmor
Changed in evince (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
milestone: none → oneiric-alpha-3
Jamie Strandboge (jdstrand)
Changed in evince (Ubuntu):
assignee: Jamie Strandboge (jdstrand) → nobody
status: Confirmed → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package evince - 3.1.2-0ubuntu2

---------------
evince (3.1.2-0ubuntu2) oneiric; urgency=low

  * debian/apparmor-profile: allow 'l' to files in
    @{HOME}/.local/share/gvfs-metadata/ (LP: #807507)
 -- Jamie Strandboge <email address hidden> Mon, 11 Jul 2011 08:29:21 -0500

Changed in evince (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Sergio Gelato (sergio-gelato) wrote :

Also seen on lucid, at least when booted into a 2.6.38 kernel (from linux-image-generic-lts-backport-natty).

Revision history for this message
Peter Schwenk (schwenk) wrote :

This bug exists in 10.04 LTS (evince 2.30.3-0ubuntu1.2)

Revision history for this message
Fujisan (富士山) (fujisan) wrote :

Hello,

I see the same kind of message in my /var/log/syslog file after an upgrade from 12.04 to 12.10.

[ 1111.398958] type=1400 audit(1352302639.649:45): apparmor="DENIED" operation="link" parent=1 profile="/usr/bin/evince" name="/home/fujisan/.local/share/gvfs-metadata/.openU2W4MW" pid=7087 comm="pool" requested_mask="l" denied_mask="l" fsuid=1010 ouid=1010 target="/home/fujisan/.local/share/gvfs-metadata/home"
[ 1111.402288] type=1400 audit(1352302639.653:46): apparmor="DENIED" operation="link" parent=1 profile="/usr/bin/evince" name="/home/fujisan/.local/share/gvfs-metadata/.openPNZ4MW" pid=7087 comm="pool" requested_mask="l" denied_mask="l" fsuid=1010 ouid=1010 target="/home/fujisan/.local/share/gvfs-metadata/home-f0690307.log"

I do not see these messages on another machine I upgraded the same way.

Also, I am unable to print 2 pages / sheet, but I do not have this problem for the 2nd machine.

Is this problem related to the two-sided printing?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.