Olivier Berger <[email protected]> writes: > > Evince currently fails to start on my testing system: > (org.gnome.Evince:10136): Gtk-WARNING **: 15:13:54.895: Could not load a > pixbuf from icon theme. > This may indicate that pixbuf loaders or the mime database could not be found. > ** > Gtk:ERROR:../../../gtk/gtkiconhelper.c:495:ensure_surface_for_gicon: > assertion failed (error == NULL): Failed to load > /usr/share/icons/gnome/48x48/status/image-missing.png: Could not spawn > `"bwrap" "--unshare-all" "--die-with-parent" "--chdir" "/" "--ro-bind" "/usr" > "/usr" "--dev" "/dev" "--ro-bind-try" "/etc/ld.so.cache" "/etc/ld.so.cache" > "--ro-bind-try" "/nix/store" "/nix/store" "--tmpfs" "/tmp-home" "--tmpfs" > "/tmp-run" "--clearenv" "--setenv" "HOME" "/tmp-home" "--setenv" > "XDG_RUNTIME_DIR" "/tmp-run" "--setenv" "XDG_RUNTIME_DIR" "/run/user/1000" > "--symlink" "/usr/lib64" "/lib64" "--symlink" "/usr/lib" "/lib" "--seccomp" > "22" "/usr/libexec/glycin-loaders/2+/glycin-image-rs" "--dbus-fd" "21"`: > Permission denied (os error 13) (gdk-pixbuf-error-quark, 0) > Bail out! > Gtk:ERROR:../../../gtk/gtkiconhelper.c:495:ensure_surface_for_gicon: > assertion failed (error == NULL): Failed to load > /usr/share/icons/gnome/48x48/status/image-missing.png: Could not spawn > `"bwrap" "--unshare-all" "--die-with-parent" "--chdir" "/" "--ro-bind" "/usr" > "/usr" "--dev" "/dev" "--ro-bind-try" "/etc/ld.so.cache" "/etc/ld.so.cache" > "--ro-bind-try" "/nix/store" "/nix/store" "--tmpfs" "/tmp-home" "--tmpfs" > "/tmp-run" "--clearenv" "--setenv" "HOME" "/tmp-home" "--setenv" > "XDG_RUNTIME_DIR" "/tmp-run" "--setenv" "XDG_RUNTIME_DIR" "/run/user/1000" > "--symlink" "/usr/lib64" "/lib64" "--symlink" "/usr/lib" "/lib" "--seccomp" > "22" "/usr/libexec/glycin-loaders/2+/glycin-image-rs" "--dbus-fd" "21"`: > Permission denied (os error 13) (gdk-pixbuf-error-quark, 0) > > > This is similar to #1127710 and relates to what's mentioned in > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127710#19 > > Subsequent bug's messages may suggest a workaround > (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127710#24), but > haven't tested this yet.
I can confirm that installing apparmor-utils, and launching 'aa-complain /etc/apparmor.d/usr.bin.evince' as root, helped workaround the issue. Before, syslog reported: 2026-02-14T15:20:52.426038+01:00 xxxxxxxxxxx kernel: audit: type=1400 audit(1771078852.420:237): apparmor="DENIED" operation="exec" class="file" profile="/usr/bin/evince" name="/usr/bin/bwrap" pid=11116 comm="blocking-2" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 2026-02-14T15:20:52.426048+01:00 xxxxxxxxxxx kernel: audit: type=1400 audit(1771078852.420:238): apparmor="DENIED" operation="exec" class="file" profile="/usr/bin/evince" name="/usr/bin/bwrap" pid=11116 comm="blocking-2" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 2026-02-14T15:20:52.426049+01:00 xxxxxxxxxxx kernel: audit: type=1400 audit(1771078852.420:239): apparmor="DENIED" operation="exec" class="file" profile="/usr/bin/evince" name="/usr/bin/bwrap" pid=11118 comm="gly-hdl-loader" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 2026-02-14T15:20:52.426049+01:00 xxxxxxxxxxx kernel: audit: type=1400 audit(1771078852.420:240): apparmor="DENIED" operation="exec" class="file" profile="/usr/bin/evince" name="/usr/bin/bwrap" pid=11118 comm="gly-hdl-loader" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 2026-02-14T15:20:52.438040+01:00 xxxxxxxxxxx kernel: audit: type=1400 audit(1771078852.432:241): apparmor="DENIED" operation="exec" class="file" profile="/usr/bin/evince" name="/usr/bin/bwrap" pid=11121 comm="gly-hdl-loader" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 2026-02-14T15:20:52.438048+01:00 xxxxxxxxxxx kernel: audit: type=1400 audit(1771078852.432:242): apparmor="DENIED" operation="exec" class="file" profile="/usr/bin/evince" name="/usr/bin/bwrap" pid=11121 comm="gly-hdl-loader" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 2026-02-14T15:20:52.442046+01:00 xxxxxxxxxxx kernel: audit: type=1400 audit(1771078852.436:243): apparmor="DENIED" operation="exec" class="file" profile="/usr/bin/evince" name="/usr/bin/bwrap" pid=11123 comm="gly-hdl-loader" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 2026-02-14T15:20:52.442059+01:00 xxxxxxxxxxx kernel: audit: type=1400 audit(1771078852.436:244): apparmor="DENIED" operation="exec" class="file" profile="/usr/bin/evince" name="/usr/bin/bwrap" pid=11123 comm="gly-hdl-loader" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 After, evince, starts and just spits: WARNING: Glycin running without sandbox. WARNING: Glycin running without sandbox. WARNING: Glycin running without sandbox. > > AFAIU, #1127158 may be the root cause, but is is beyond my > understanding. > Not adding Control instructions, fearing I'd be doing it wrong. Best regards, -- Olivier BERGER https://www-public.imtbs-tsp.eu/~berger_o/ - OpenPGP 2048R/0xF9EAE3A65819D7E8 Ingenieur Recherche - Dept INF Institut Mines-Telecom, Telecom SudParis, Evry (France)
