Public bug reported:
On Ubuntu 12.04, when running /usr/bin/evince-thumbnailer on a .dvi file
that references a font for which there is no PK file on the system yet,
AppArmor blocks the execution of /usr/share/texmf/web2c/mktexnam etc.
Here are sample audit log messages:
[ 5720.378549] type=1400 audit(1379921624.784:28): apparmor="DENIED"
operation="exec" parent=6181
profile="/usr/bin/evince-thumbnailer//sanitized_helper"
name="/usr/share/texmf/web2c/mktexnam" pid=6204 comm="mktexpk"
requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
[ 5720.384833] type=1400 audit(1379921624.788:29): apparmor="DENIED"
operation="exec" parent=6181
profile="/usr/bin/evince-thumbnailer//sanitized_helper"
name="/usr/share/texmf/web2c/mktexupd" pid=6209 comm="mktexpk"
requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
I suspect this is because the sanitized_helper profile in
/etc/apparmor.d/abstractions/ubuntu-helpers only covers /bin, /sbin, /usr/bin
and /usr/sbin, not /usr/share/texmf/web2c . I'm not sure whether this bug
should be filed against apparmor, evince or texlive-binaries; I can think of at
least three ways of addressing the issue:
1) add "/usr/share/texmf/web2c/* Pixr" to the sanitized_helper profile;
2) modify the profile for /usr/bin/evince-thumbnailer to use something other
than sanitized_helper;
3) provide a separate AppArmor profile for the /usr/bin/mktexpk wrapper (and
its siblings).
** Affects: evince (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/1229066
Title:
evince-thumbnailer can't run mktexpk
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1229066/+subscriptions
--
desktop-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
