In Debian 11, evince has an appamor profile which floods the kernel log with
hundreds of messages of the style:
[24216.325764] audit: type=1400 audit(1631892398.580:255): apparmor="DENIED"
operation="open" profile="/usr/bin/evince"
name="/mnt/home/rprice/.local/share/gvfs-metadata/home" pid=2229
comm="pool-evince" requested_mask="r" denied_mask="r" fsuid=2108 ouid=2108
and floods the console with messages such as
(evince:2869): GVFS-WARNING **: 22:18:18.510: can't init metadata tree
/mnt/home/rprice/.local/share/gvfs-metadata/home: open: Permission denied
** (evince:2869): WARNING **: 22:18:18.510: Error setting file metadata: can’t
open metadata tree
Command ls -l /mnt/home/rprice/.local/share/gvfs-metadata/home reports
-rw------- 1 rprice cs-users 800 Aug 18 10:48
/mnt/home/rprice/.local/share/gvfs-metadata/home
Quoting file /etc/apparmor.d/usr.bin.evince:
# evince is not written with application confinement in mind and is designed to
# operate within a trusted desktop session where anything running within the
# user's session is trusted.
I solved the problem by switching to mupdf, but mupdf is not as complete as
evince.
Is there some way of calming evince+appamor?
Roger