Control: affects -1 + src:gdk-pixbuf src:papers src:apparmor
On Fri, 20 Feb 2026 at 11:20:02 +0000, Simon McVittie wrote:
On Thu, 19 Feb 2026 at 19:31:18 +0200, Faidon Liambotis wrote:
retitle 1127935 evince: AppArmor profile doesn't allow running bwrap
...
When opening evince, without opening a particular file (just the main
screen) I get 64 of these warnings, one for every recent document:
** (evince:49238): WARNING **: 19:21:12.499: Failed to save thumbnail file file:///...: Could not spawn `"bwrap"
"--unshare-all" ... --seccomp" "89" "/usr/libexec/glycin-loaders/2+/glycin-image-rs" "--dbus-fd"
"87"`: Permission denied (os error 13)
Yes, this is an example of a general problem with AppArmor: it's easy
for an AppArmor profile to be overly sensitive to implementation
details, such as whether gdk-pixbuf loads/saves files directly or in a
sandboxed helper. This is certainly a bug in the profile, whether RC
or not.
Here is a sketch of how it could potentially work:
https://salsa.debian.org/gnome-team/extras/evince/-/merge_requests/10
(which is probably both too permissive and too strict, but it does allow
evince to start up).
As a hint for testing, the reproducer that Faidon mentioned will only
work if at least one of your recent documents has not been thumbnailed.
Deleting ~/.cache/thumbnails before running evince is a brute-force way
to make sure that the code paths that use glycin will actually run.
Any package that has a non-trivial AppArmor profile and uses gdk-pixbuf,
such as papers, will need something similar. Perhaps the AppArmor team
could help to generalize this into something that isn't a sandbox
escape, and doesn't require something this extensive in every affected
package?
(I do find myself wondering whether the AppArmor profiles for evince and
papers actually protect us against anything: they allow enough things
that I imagine there's probably at least one sandbox escape available
already. Identifying and isolating the particularly high-risk parts,
like glycin does, or isolating entire apps, like Flatpak does, are
probably better ways in the long term.)
smcv
