This bug was fixed in the package evince - 3.10.3-0ubuntu15
---------------
evince (3.10.3-0ubuntu15) utopic; urgency=medium
* debian/apparmor-profile:
- allow site-wide dconf. Thanks to Lars Masden. (LP: #1355804)
- allow read/write to files we own in /media (LP: #1096837)
- allow read/write to files we own in /run/user/1000/at-spi2-*
(LP: #1308488)
- allow 'l' to /run/user/*/gvfs-metadata/** (LP: #1344810)
- allow read/write of @{HOME}/.cache/dconf/user (LP: #1024605)
* debian/apparmor-profile.abstraction:
- allow read of /etc/xdg/lubuntu/applications/defaults.list (LP: #1290157,
LP: #1299239)
- allow read of /**.[eE][pP][sS][fFiI23] (LP: #1330430)
-- Jamie Strandboge <[email protected]> Tue, 12 Aug 2014 14:30:43 -0500
** Changed in: evince (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/1344810
Title:
etc/apparmor.d/usr.bin.evince should allow /run/user/*/gvfs-
metadata/**
Status in “evince” package in Ubuntu:
Fix Released
Bug description:
/etc/apparmor.d/usr.bin.evince has a line
@{HOME}/.local/share/gvfs-metadata/** l,
However, it is possible (seen on trusty) for session state files to be stored
under /run/user/<uid>/ instead of ~/.local/share/ . Please consider adding
owner /run/user/*/gvfs-metadata/** l,
to the apparmor profile.
Moreover (but this may be worth discussing and tracking separately)
I've seen evince being denied "r" access to gvfs-
metadata/home-[[:xdigit:]]+.log . I'm not sure what it needs that
access for, but maybe there is a legitimate need?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1344810/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
