can you look in dmesg or kern.log for the actual apparmor denial?
> I have absolutely no idea what "ixr"
allow r (read) permission
allow ix == on eXecute inherit the current profile
an exec permission can specify different options that should be taken,
inherit the current profile, transition to
Hi,
This bug is back in Document Viewer/Evince(*) 3.36.7, at least under
Linux Mint 20 Ulyana.
Apparently, evince does not try to use exo-open anymore, but launches firefox
directly (or via a sh shell?!?!) :{
I get error: "sh: 1: exec: firefox: Operation not permitted"
I've tried the trick foun
This bug was fixed in the package apparmor - 2.7.102-0ubuntu3.8
---
apparmor (2.7.102-0ubuntu3.8) precise-proposed; urgency=low
* 0022-aa-logprof-PUx_rewrite_fix-lp982619.patch: fix aa-logprof
rewrite of PUx modes (LP: #982619)
* 0023-lp1091642-parser-reset_matchflags.patch: p
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/987578
Title:
Evince is not allowed to use exo-open
To manage notifications about
apparmor 2.7.102-0ubuntu3.8 has been superceded by apparmor
2.7.102-0ubuntu3.9 in -proposed and needs new verification.
** Tags removed: verification-done
** Tags added: verification-needed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubun
See also https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1214979
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/987578
Title:
Evince is not allowed to use exo-open
To manage notifications ab
I have re-tested this problem with the benefit of clarity of time. :)
I have verified that the AppArmor policy changes in the apparmor package
in precise-proposed behave as desired, without DENIED entries, for using
exo-open as the application helper.
I have verified that evince is able to open l
** Branch linked: lp:~kees/apparmor/debian
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/987578
Title:
Evince is not allowed to use exo-open
To manage notifications about this bug go to:
https://bu
Can someone verify this on precise?
I can't replicate the failure of the AppArmor test case here.
I installed the xfce4 package. I logged in using the xfce4 environment.
I downloaded a PDF and a PNG in Firefox, double-clicked them from the
Downloads window (right-click no longer contains "open")
** Branch linked: lp:ubuntu/precise-proposed/apparmor
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/987578
Title:
Evince is not allowed to use exo-open
To manage notifications about this bug go to:
Hello Wannes, or anyone else affected,
Accepted apparmor into precise-proposed. The package will build now and
be available at
http://launchpad.net/ubuntu/+source/apparmor/2.7.102-0ubuntu3.8 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
htt
This bug was fixed in the package evince - 3.4.0-0ubuntu1.5
---
evince (3.4.0-0ubuntu1.5) precise-proposed; urgency=low
* debian/apparmor-profile: allow evince to launch the browser on Xubuntu.
Fix thanks to Mark Ramsell (LP: #987578)
-- Micah GerstenThu, 24 Jan 2013 22:40:
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/987578
Title:
Evince is not allowed to use exo-open
To manage notifications about
I can confirm, that evince 3.4.0-0ubuntu1.5 from precise-proposed fixes
the issue for me.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/987578
Title:
Evince is not allowed to use exo-open
To manage
** Branch linked: lp:ubuntu/precise-proposed/evince
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/987578
Title:
Evince is not allowed to use exo-open
To manage notifications about this bug go to:
h
Brian. Thank you so much. From what I can see here, it seems to work
now. Links launch successfully.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/987578
Title:
Evince is not allowed to use exo-open
Hello Wannes, or anyone else affected,
Accepted evince into precise-proposed. The package will build now and be
available at http://launchpad.net/ubuntu/+source/evince/3.4.0-0ubuntu1.5
in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://w
These are uploaded, but since they're not critical for 12.04.2, they'll
be reviewed after 12.04.2 is done with.
** Changed in: apparmor (Ubuntu Precise)
Milestone: ubuntu-12.04.2 => None
** Changed in: evince (Ubuntu Precise)
Milestone: ubuntu-12.04.2 => None
--
You received this bug no
** Changed in: apparmor (Ubuntu Precise)
Assignee: Micah Gersten (micahg) => (unassigned)
** Changed in: evince (Ubuntu Precise)
Assignee: Micah Gersten (micahg) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu
** Description changed:
Applications aren't able to use exo-open in Xubuntu with apparmor
profiles enabled.
- Test case:
+ Test case (apparmor):
+ sudo aa-enforce /etc/apparmor.d/usr.bin.firefox
+ Launch firefox
+ Download a file in Firefox
+ Tools -> Downloads
+ Right Click and open the do
** Description changed:
+ Applications aren't able to use exo-open in Xubuntu with apparmor.
+
+ Test case:
+ Open PDF with a link in it under Xubuntu
+ Click the link
+ Should fail with the current versions of evince/apparmor and work with the
new versions
+
+ -
Attached is a debdiff for this issue and for bug 982619 and bug 1091642
for an SRU for precise. I've confirmed that the package rebuilds
correctly via sbuild and that the result passes the apparmor tests from
lp:qa-regression-testing.
** Patch added: "apparmor_2.7.102-0ubuntu3.8.debdiff"
http
** Also affects: evince (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Precise)
Importance: Undecided
Status: New
** Changed in: evince (Ubuntu Precise)
Status: New => In Progress
** Changed in: evince (Ubuntu Precise)
Assigne
My default browser is SeaMonkey and I am still experiencing a
permissions issue.
~$ cat /etc/apparmor.d/local/usr.bin.evince
# Site-specific additions and overrides for usr.bin.evince.
# For more details, please see /etc/apparmor.d/local/README.
/usr/bin/exo-open ixr,
/usr/lib/i386-linux-gnu/xfc
This bug was fixed in the package evince - 3.5.3-0ubuntu5
---
evince (3.5.3-0ubuntu5) quantal; urgency=low
* debian/apparmor-profile: allow evince to launch the browser on Xubuntu.
Fix thanks to Mark Ramsell (LP: #987578)
-- Jamie StrandbogeThu, 05 Jul 2012 13:12:14 -0500
** Changed in: evince (Ubuntu)
Status: Triaged => In Progress
** Changed in: evince (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/
This bug was fixed in the package apparmor - 2.8.0-0ubuntu1
---
apparmor (2.8.0-0ubuntu1) quantal; urgency=low
* New upstream release
- Drop the following patches, now included upstream:
0003-add-aa-easyprof.patch
0005-clean-common-from-vim.patch
0006-use-linux
** Changed in: apparmor (Ubuntu)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/987578
Title:
Evince is not allowed to use exo-open
To manage notifications abou
Modified fix to x64 (/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1)
and it appared to work, but hit bug #964510 before i could confirm. No
comment/knowledge on security implications.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Mark's update looks reasonable to me. Can others experiencing this issue
confirm?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/987578
Title:
Evince is not allowed to use exo-open
To manage notific
System is Linux 3.2.0-25-generic #40-Ubuntu SMP Wed May 23 20:33:05 UTC 2012
i686 i686 i386 GNU/Linux
Xubuntu 12.04
Stepped through all the DENIED errors and came up with this...
# Site-specific additions and overrides for usr.bin.evince.
# For more details, please see /etc/apparmor.d/local/READ
The security implication of using '/usr/bin/exo-open Ux' is that if
there is a flaw in evince, an attacker can execute anything via exo-
open. This is not the proper fix.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.lau
Adding the following line to /etc/apparmor.d/local/usr.bin.evince seems to fix
the bug:
/usr/bin/exo-open Ux,
(i.e. Ux instead of ixr)
I do not know the security implications of this, but at least links in
evince seem to work again.
--
You received this bug notification because you are a member
Thanks Jamie! I foolishly searched under "evince" rather than
"apparmor". Ignore my off-topic comment.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/987578
Title:
Evince is not allowed to use exo-op
tnhh, your problem is bug #964510
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/987578
Title:
Evince is not allowed to use exo-open
To manage notifications about this bug go to:
https://bugs.launch
I have the same problem with Ubuntu and chromium-browser.
/var/log/syslog says
May 1 12:17:13 theakston kernel: [100752.649693] type=1400
audit(1335871033.942:36): apparmor="DENIED" operation="file_mmap" parent=28630
profile="/usr/bin/evince//sanitized_helper"
name="/lib/x86_64-linux-gnu/libp
36 matches
Mail list logo
