Hi Steve.
I updated the patches containing the requested changes and uploaded them to
https://launchpad.net/~georgiag/+archive/ubuntu/lp1794064/+packages
Please let me know if you prefer I attached the debdiffs here.
I'm resubscribing ~ubuntu-sponsors. Thanks
** Patch removed: "evince_42.1-3ubun
Steve, the snap_browsers abstractions needed an update because the
abstraction had not been updated in an year and the snap browsers now
required read and lock permissions to the file
/var/lib/snapd/inhibit/{browser-name}.lock, but this was also submitted,
approved and merged upstream:
https://gitl
I have verified on lunar with both apparmor and evince packages updated
from the proposed pocket, it works as expected.
** Tags removed: verification-needed-lunar
** Tags added: verification-done-lunar
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which i
Andreas, Jeremy, you are correct. The worst that could happen is the
same behavior we have currently: when we click a URL the browser does
not open, we get a denied log and evince prints "Permission denied".
My previous statement that profile loading could fail if apparmor did
not find "snap_brows
Hi! You're right, I forgot to request a sponsorship.
I uploaded the patch for evince/jammy, could you take a look and sponsor
if possible? Thanks
** Patch added: "evince_42.3-0ubuntu3.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5711419/+files/evince_42
** Patch removed: "evince_42.3-0ubuntu3.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5711419/+files/evince_42.3-0ubuntu3.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ub
Reuploading because I had a conflicting version with what was rejected
in -proposed
** Patch added: "evince_42.3-0ubuntu3.2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5711859/+files/evince_42.3-0ubuntu3.2.debdiff
--
You received this bug notification b
The autopkgtests for apparmor failed for the evince update because the
test requires the apparmor update which is also in proposed
https://launchpad.net/ubuntu/+source/apparmor/3.0.4-2ubuntu2.3 but it is
not a regression.
--
You received this bug notification because you are a member of Ubuntu
De
Hi Gerard
Brave does not work currently because we only added support to Chromium,
Firefox and Opera as you can see in the current snap_browsers abstraction [1].
I'm adding Brave support as well [2].
While that change is not applied to the apparmor package, as a workaround, you
could apply the
*** This bug is a duplicate of bug 2046844 ***
https://bugs.launchpad.net/bugs/2046844
** This bug has been marked a duplicate of bug 2046844
AppArmor user namespace creation restrictions cause many applications to
crash with SIGTRAP
--
You received this bug notification because you are
*** This bug is a duplicate of bug 2046844 ***
https://bugs.launchpad.net/bugs/2046844
Hi!
I'm marking this bug as a duplicate of 2046844.
AppArmor version 4.0.0~alpha4-0ubuntu1 was just uploaded to proposed and it
adds a profile for evolution.
--
You received this bug notification because
** Changed in: devhelp (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: devhelp (Ubuntu)
Assignee: (unassigned) => Georgia Garcia (georgiag)
** Changed in: epiphany-browser (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: epiphany-browse
This issue should be fixed by apparmor 4.0.0~beta2-0ubuntu3 which is
currently in -proposed
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to nautilus in Ubuntu.
https://bugs.launchpad.net/bugs/2047256
Title:
Ubuntu 24.04 Some image t
Erich Eickmeyer, I don't have a Tuxedo Computer to test, so could you
please check if the following profile works for you?
$ echo "# This profile allows everything and only exists to give the
# application a name instead of having the label "unconfined"
abi ,
include
profile tuxedo-control-cent
If you're still running into this issue, do you mind sharing which AppArmor
version are you running? For that you can run
apt-cache policy apparmor
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to nautilus in Ubuntu.
https://bugs.launc
Thanks. That version should have the nautilus profile that makes the
thumbnails appear, so we will need to dig a bit deeper.
Could you paste the results of the following command? This will show us if
there is a profile for nautilus loaded and it should look something like this
$ sudo aa-status --
Verification done as part of Bug 2064672
** Tags removed: verification-needed verification-needed-noble
** Tags added: verification-done verification-done-noble
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to devhelp in Ubuntu.
https:
The main issue is that I still wasn't able to reproduce it locally.
Dan, could you check if this issue still happens with the unprivileged user
namespace restriction disabled?
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
Please note that this makes your setup vulnerable, so I r
Ah, so it's not the same issue as the original bug report, it's
something else. Since it's not related to apparmor, I recommend you open
a new bug here in launchpad or upstream
https://gitlab.gnome.org/GNOME/nautilus/-/issues so other people can
help you debug and hopefully fix this issue.
--
You
Verification completed in bug 2064672
** Tags removed: verification-needed verification-needed-noble
** Tags added: verification-done verification-done-noble
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to devhelp in Ubuntu.
https://b
I'm working on a SRU for apparmor and evince to introduce the snap_browsers
abstraction on apparmor as a workaround for this issue.
It is based on these two merge requests from upstream:
https://gitlab.com/apparmor/apparmor/-/merge_requests/806
https://gitlab.com/apparmor/apparmor/-/merge_requests
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Georgia Garcia (georgiag)
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/1794064
Title:
Clicking a hyperlink i
** Description changed:
- This is related to bug #1792648. After fixing that one (see discussion
- at https://salsa.debian.org/gnome-team/evince/merge_requests/1),
- clicking a hyperlink in a PDF opens it correctly if the default browser
- is a well-known application (such as /usr/bin/firefox), bu
** Patch added: "evince_42.1-3ubuntu1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581877/+files/evince_42.1-3ubuntu1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ubuntu.
** Patch added: "evince_3.36.10-0ubuntu1.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581879/+files/evince_3.36.10-0ubuntu1.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince i
** Patch added: "evince_40.4-2ubuntu0.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581878/+files/evince_40.4-2ubuntu0.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ubun
** Patch added: "evince_3.28.4-0ubuntu1.3.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581880/+files/evince_3.28.4-0ubuntu1.3.debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in
** Patch added: "apparmor_3.0.4-2ubuntu3.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581881/+files/apparmor_3.0.4-2ubuntu3.debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ub
** Patch added: "apparmor_3.0.3-0ubuntu1.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581882/+files/apparmor_3.0.3-0ubuntu1.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince i
** Patch added: "apparmor_2.12-4ubuntu5.2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581885/+files/apparmor_2.12-4ubuntu5.2.debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in
** Patch added: "apparmor_3.0.3-0ubuntu1.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581883/+files/apparmor_3.0.3-0ubuntu1.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince i
** Patch added: "apparmor_2.13.3-7ubuntu5.2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581884/+files/apparmor_2.13.3-7ubuntu5.2.debdiff
** Patch removed: "apparmor_3.0.3-0ubuntu1.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/17940
@Sebastien, yes, just did. Thank you!
I also attached the debdiffs for evince and apparmor for bionic, focal, impish
and jammy. They were also uploaded into the Security Proposed PPA:
https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages?field.name_filter=apparmor
https://
@Sebastien, yes, I asked people from the security team to sponsor it but
we are still reviewing the snap_browsers abstraction. We are denying
access to /run/user/[0-9]*/gdm/Xauthority in the policy but if that was
the case, then the browser should not have been able to open, but it
does open so we
I made some changes to the patches I submitted previously. In summary, I added
permission to Xauthority files in the AppArmor abstraction and changed the
dependency of AppArmor in Evince to "Recommends".
Please let me know if it looks okay or if there's any changes I should do
They are in
https:/
** Changed in: evince (Ubuntu)
Assignee: (unassigned) => Georgia Garcia (georgiag)
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/1794064
Title:
Clicking a hyperlink in a
I was able to reproduce this issue on focal and bionic but not on
impish. I'm still investigating why, since I don't see any changes in
policies that might affect this issue, but I could have missed
something.
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs,
Hi Ondra. Could you share what the apparmor profile looks like? Spaces
should work when surrounded by double quotes in the profile. In
4.0.1really4.0.1-0ubuntu0.24.04.3 there's an example of that in
/etc/apparmor.d/MongoDB_Compass.
profile "MongoDB Compass" "/usr/lib/mongodb-compass/MongoDB Compas
If after running the following command thumbnails still won't load, then
it is not related to this bug report. If that's the case, please open a
new bug.
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
Note that this makes your setup vulnerable, so I recommend turning back on
afte
Eugenio, do you see any apparmor messages in your system logs? They could be in
/var/log/syslog or /var/log/kern.log, or if you have auditd installed
/var/log/audit/audit.log
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to nautilus in
Hi Eugenio. I appreciate your patience, but we haven't been able to
reproduce the issue so we depend on our logs to draw out any conclusion.
Is there any change you are using a different software or extension to
display your thumbnails other than nautilus directly? Something like
gnome-shell-exten
Hi Eugenio. I'm relieved to hear that you are using Desktop Icons NG. That bug
is being tracked in
https://bugs.launchpad.net/ubuntu/+source/gnome-shell-extension-desktop-icons-ng/+bug/2064849
as
kanschat shared in #41
Good news is that there's already a fix on the way
https://salsa.debian.org
42 matches
Mail list logo
