[Desktop-packages] [Bug 1279272] Re: apparmor denies evince a chmod operation

Thu, 27 Feb 2014 08:32:50 -0800 

Hi,
recently I modified telepathy profile because I moved (link through ln) some 
home folder to Private folder, but the problem was present before that change. 
The notify came to desktop after additional packages installed by:
apt-get install apparmor-utils apparmor-profiles apparmor-notify
But from system log the problem was already present but it was not displayed.
Maybe the problem is not just my installation because I found many equal log on 
internet (i.e. try "apparmor="DENIED" operation="chmod" parent=1 
profile="/usr/bin/evince" name="/tmp/at-spi2/"" by google)
anyway I attach the evince profile present into apparmor.d folder .

Many thanks

Enrico

This is the apparmor_status report:

apparmor module is loaded.
42 profiles are loaded.
19 profiles are in enforce mode.
   /sbin/dhclient
   /usr/bin/evince
   /usr/bin/evince-previewer
   /usr/bin/evince-previewer//launchpad_integration
   /usr/bin/evince-previewer//sanitized_helper
   /usr/bin/evince-thumbnailer
   /usr/bin/evince-thumbnailer//sanitized_helper
   /usr/bin/evince//launchpad_integration
   /usr/bin/evince//sanitized_helper
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/lib/chromium-browser/chromium-browser//browser_java
   /usr/lib/chromium-browser/chromium-browser//browser_openjdk
   /usr/lib/chromium-browser/chromium-browser//sanitized_helper
   /usr/lib/connman/scripts/dhclient-script
   /usr/lib/cups/backend/cups-pdf
   /usr/lib/telepathy/mission-control-5
   /usr/lib/telepathy/telepathy-*
   /usr/sbin/cupsd
   /usr/sbin/tcpdump
23 profiles are in complain mode.
   /bin/ping
   /sbin/klogd
   /sbin/syslog-ng
   /sbin/syslogd
   /usr/lib/chromium-browser/chromium-browser
   /usr/lib/chromium-browser/chromium-browser//chromium_browser_sandbox
   /usr/lib/chromium-browser/chromium-browser//xdgsettings
   /usr/lib/dovecot/deliver
   /usr/lib/dovecot/dovecot-auth
   /usr/lib/dovecot/imap
   /usr/lib/dovecot/imap-login
   /usr/lib/dovecot/managesieve-login
   /usr/lib/dovecot/pop3
   /usr/lib/dovecot/pop3-login
   /usr/sbin/avahi-daemon
   /usr/sbin/dnsmasq
   /usr/sbin/dovecot
   /usr/sbin/identd
   /usr/sbin/mdnsd
   /usr/sbin/nmbd
   /usr/sbin/nscd
   /usr/sbin/smbd
   /usr/{sbin/traceroute,bin/traceroute.db}
7 processes have profiles defined.
3 processes are in enforce mode.
   /usr/lib/telepathy/mission-control-5 (3186) 
   /usr/lib/telepathy/telepathy-* (3230) 
   /usr/sbin/cupsd (1161) 
2 processes are in complain mode.
   /usr/sbin/dnsmasq (1859) 
   /usr/sbin/nmbd (2069) 
2 processes are unconfined but have a profile defined.
   /usr/sbin/smbd (1086) 
   /usr/sbin/smbd (1095) 


** Attachment added: "Evince apparmor profile"
   
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1279272/+attachment/3999690/+files/usr.bin.evince

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/1279272

Title:
  apparmor denies evince a chmod operation

Status in “evince” package in Ubuntu:
  Incomplete

Bug description:
  Hi,
  Recently I have enable Apparmor notify to desktop and when a pdf is open by 
evice a message appear.
  Not sure how it happens but since I enabled the apparmor notify to desktop I 
realized that an error is raised.
  This appens for any pdf document is open.
  A chmod operation is denied on a /tmp sub-folder
  Any error is in this form:

  [ 5148.214512] type=1400 audit(1392198051.114:66): apparmor="DENIED"
  operation="chmod" parent=1 profile="/usr/bin/evince" name="/tmp/at-
  spi2/" pid=6922 comm="evince" requested_mask="w" denied_mask="w"
  fsuid=1000 ouid=118

  I do not know if this error can be the source of a malfunction of the
  program, which is why I reported the problem.

  My system is Ubuntu 12.04 LTS (updated to last available packages):
  lsb_release -rd:
  Description:  Ubuntu 12.04.4 LTS
  Release:      12.04

  uname -a:
  Linux ...... 3.2.0-58-generic #88-Ubuntu SMP Tue Dec 3 17:37:58 UTC 2013 
x86_64 x86_64 x86_64 GNU/Linux

  and evince is the standard package
  dpkg -l|grep evince:
  ii  evince                                 3.4.0-0ubuntu1.7                   
                 Document (PostScript, PDF) viewer
  ii  evince-common                          3.4.0-0ubuntu1.7                   
                 Document (PostScript, PDF) viewer - common files
  ii  libevince3-3                           3.4.0-0ubuntu1.7                   
                 Document (PostScript, PDF) rendering library

  as apparmor
  dpkg -l|grep apparmor:
  ii  apparmor                               2.7.102-0ubuntu3.9                 
                 User-space parser utility for AppArmor
  ii  apparmor-notify                        2.7.102-0ubuntu3.9                 
                 AppArmor notification system
  ii  apparmor-profiles                      2.7.102-0ubuntu3.9                 
                 Profiles for AppArmor Security policies
  ii  apparmor-utils                         2.7.102-0ubuntu3.9                 
                 Utilities for controlling AppArmor
  ii  dh-apparmor                            2.7.102-0ubuntu3.9                 
                 AppArmor debhelper routines
  ii  libapparmor-perl                       2.7.102-0ubuntu3.9                 
                 AppArmor library Perl bindings
  ii  libapparmor1                           2.7.102-0ubuntu3.9                 
                 changehat AppArmor library

  Thanks

  Enrico

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1279272/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to