On Sat, 18 Sep 2021, Klaus Singvogel wrote:
Roger Price wrote:
In Debian 11, evince has an appamor profile which floods the kernel log with
hundreds of messages of the style:
Not only at Debian 11, even Debian 10 has it.
[...]
(evince:2869): GVFS-WARNING **: 22:18:18.510: can't init metadata tree
/mnt/home/rprice/.local/share/gvfs-metadata/home: open: Permission denied
[...]
Is there some way of calming evince+appamor?
The location of your home is uncommon (as on my side).
Fix: edit /etc/apparmor.d/tunables/home.d/site.local
In site.local I found
# The following is a space-separated list of where additional user home
# directories are stored, each must have a trailing '/'. Directories added
# here are appended to @{HOMEDIRS}. See tunables/home for details. Eg:
#@{HOMEDIRS}+=/srv/nfs/home/ /mnt/home/
where curiously, the apparmor installation seems to have detected my non-common
/home and made the necessary addition, but appended to a commented out example.
I added line /mnt/home/ and tried to restart apparmor.service. This failed with
error messages such as
Sep 18 12:08:33 titan apparmor.systemd[5150]: AppArmor parser error for
/etc/apparmor.d/lsb_release in /etc/apparmor.d/tunables/multiarch at line 13:
syntax error
Sep 18 12:08:33 titan apparmor.systemd[5154]: AppArmor parser error for
/etc/apparmor.d/nvidia_modprobe in /etc/apparmor.d/tunables/multiarch at line
13: syntax error
So I tried replacing @{HOMEDIRS}=/home/ with @{HOMEDIRS}=/mnt/home/ in file
/etc/apparmor.d/tunables/home
I restarted apparmor.service and some light testing shows that the problem is
solved.
My error in site.local was probably to have added /mnt/home and not
@{HOMEDIRS}+=/mnt/home
Thanks to all who responded! Roger