Hi All, I am following the same track today.
Can I add a discovery, and a different issue on my Ubuntu 18.10? The discovery is that the /etc/apparmor.d/local directory exists to allow local modifications and add-ons to files in the /etc/apparmor.d directory. At the end of /etc/apparmor.d/usr.bin.evince are the following lines: # Site-specific additions and overrides. See local/README for details. #include <local/usr.bin.evince> You need to uncomment the include line out so that the local file gets taken account of. Then run apparmor_parser on the top level file. Also restart apparmor: # /etc/init.d/apparmor restart just for good measure (I am not sure if this is essential). I hope this makes sense of part of the foregoing thread. But now, for me on Ubuntu 18.10, the problem is solved but it has moved further down the track. Observing /var/log/syslog is useful for debugging this work. We get: Feb 23 23:41:30 ubu1810 kernel: [ 420.450790] audit: type=1400 audit(1550925690.952:84): apparmor="DENIED" operation="exec" profile="/usr/bin/evince" name="/home/andro/bin/lilypond-wrapper.guile" pid=3532 comm="gio-launch-desk" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000 So now you can see that the next lilypond wrapper down the line is blocked. I know very little about apparmor. Does anybody know the appropriate incantation to sort this out? Andrew On Mon, 11 Feb 2019 at 00:43, David Sumbler <da...@aeolia.co.uk> wrote: > Thank you all for your help in this matter. > > Today I have point-and-click working as it should, with AppArmor > apparently doing what it is supposed to do. > > What made the difference was the following: > > The Usage Manual 4.1.1 says that the lines > # For Textedit links > /usr/local/bin/lilypond-invoke-editor Cx -> sanitized_helper, > should be added to the file /etc/apparmor.d/local/usr.bin.evince . > This file did not exist, although there are several other files in that > directory, so I had created the file and put just the two lines above > in it. Unfortunately, as I reported, point-and-click didn't work for > me. > > With the difficulties I was having, yesterday I disabled AppArmor for > Evince by adding a soft link to /etc/apparmor.d/usr.bin.evince in > /etc/apparmor.d/disable/ . This is what made point-and-click work > eventually for me yesterday. > > However, following your latest emails to the list on the topic, today I > thought I would have another go. I deleted the disabling link, and ran > 'sudo apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.evince' > again. I also ran > 'sudo apparmor_parser -r -T -W /etc/apparmor.d/local/usr.bin.evince'. > I don't know whether that needed to be done or not, but I found that it > throws out a syntax error. > > So I copied the lines out of the second file and inserted them into the > main usr.bin.evince file. I then deleted > /etc/apparmor.d/local/usr.bin.evince . > > After I ran > 'sudo apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.evince'once more, I > found that point-and-click works as it should. > > I don't pretend to understand what is going on here, but in summary it > appears that if the additional lines are added to > /etc/apparmor.d/usr.bin.evince rather than to > /etc/apparmor.d/local/usr.bin.evince it all works. > >
_______________________________________________ lilypond-user mailing list lilypond-user@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-user
