[Bug 462419] Re: evince apparmor profile prevents movies from opening
By the end of the previous comment I had experienced a weird bug. But I decided to post it here as a separate comment because this is still relevant to this thread. I resolved the issues by: 1. changing the default player 2. opening a PDF document that contains a link to a local video 3. clicking the link to the video (and failing to open) 4. closing evince and opening the same document again 5. clicking the link to the video again (and succeeding this time) I had to reproduce those steps for both totem and for vlc, ... but now, everything just works! After that initial hurdle, changing default players results in opening the correct default video player. I'm not really sure what happened, but the issue just fixed itself. There are still some odd messages in the kernel log (see attached file). I don't know if this is reproducible elsewhere, or if this bug should be marked as resolved or not, as I'm way past due to do a clean install of the newest Ubuntu: rolandog@computer:~$ lsb_release -rd Description:Ubuntu 20.10 Release:20.10 rolandog@computer:~$ apt-cache policy evince evince: Installed: 3.38.0-1 Candidate: 3.38.0-1 Version table: *** 3.38.0-1 500 500 http://nl.archive.ubuntu.com/ubuntu groovy/main amd64 Packages 100 /var/lib/dpkg/status I hope this helps out someone getting unexpected behavior. ** Attachment added: "rolandog-apparmor-kernel-audit-2.txt" https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/462419/+attachment/5509157/+files/rolandog-apparmor-kernel-audit-2.txt -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in Ubuntu. https://bugs.launchpad.net/bugs/462419 Title: evince apparmor profile prevents movies from opening To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/462419/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 462419] Re: evince apparmor profile prevents movies from opening
Hello everyone. I've read the whole thread and I am experiencing a related bug. My specific scenario is that I'm creating a PDF (by exporting from Emacs / Org-Mode) that contains a link to a local video. It may have been a recent change in an AppArmor that has resulted in the videos not opening anymore (or maybe a security patch?), but I'm not able to open either mp4 or webm videos like I could with mpv. I read the /etc/apparmor.d/abstractions/evince file, and added the following to the /etc/apparmor.d/local/usr.bin.evince file: # vim:syntax=apparmor # # abstraction used by evince binaries # # supported archivers /usr/bin/mpv ixr, /usr/bin/totem ixr, /usr/bin/vlc ixr, After performing: rolandog@computer:~$ sudo apparmor_parser --reload /etc/apparmor.d/usr.bin.evince I get the following error: profile /usr/bin/evince: has merged rule /usr/bin/totem with conflicting x modifiers ERROR merging rules for profile /usr/bin/evince, failed to load Playback with mpv (the player I had set as default) still doesn't work (is blocked by AppArmor), and, after running the following command, I get the messages shown in the attached file: rolandog@computer:~$ grep audit /var/log/kern.log After removing the totem line I get a similar error, but for vlc. After removing both the totem line and the vlc line, I don't get an error (and I can launch mpv (the default I had set). However, I'm torn because this worked for me, but there may be others that may have similar use-cases to mine that would prefer other players. ** Attachment added: "Semi-anonymized matching audit kernel logs from rolandog" https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/462419/+attachment/5509133/+files/rolandog-apparmor-kernel-audit.txt -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in Ubuntu. https://bugs.launchpad.net/bugs/462419 Title: evince apparmor profile prevents movies from opening To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/462419/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 462419] Re: evince apparmor profile prevents movies from opening
Pausanias wrote: I have been looking at all the apparmor prevents bugs that have been reported of late. DVI printing, chromium, etc... the package maintainers' strategy has been to add an exceptions to the apparmor profile as the bugs come in. May I comment that this is a ludicrous situation? There are going to be numerous helper applications that people might want to use within a PDF file... why is apparmor blocking them all? and in another message added: And I still think the state of the evince apparmor profile has not been well thought out. You should not be restricting the helper applications that a user can call from evince. What if I want to make a presentation that views a .XYZ file with my special graphics program renderXYZ (not at all uncommon for scientific presentations)? I have to have root access so I can edit that abstraction file? This is a poor design choice. I completely agree. I have this problem now with gmplayer, and I am quite amazed such a restriction was added without a non-root way of adding arbitrary helper apps. Or have apparmor pop up the question to the user of granting access to this or that. Is there still no other way around than editing /etc/apparmor.d/abstractions/evince as root and reloading ? Nobody cares to comment on the point Pausanias made ? -- evince apparmor profile prevents movies from opening https://bugs.launchpad.net/bugs/462419 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 462419] Re: evince apparmor profile prevents movies from opening
There is the (now) obvious solution of removing the apparmor package altogether, which is what I did. I'll have apparmor back when this kind of issue has been resolved. -- evince apparmor profile prevents movies from opening https://bugs.launchpad.net/bugs/462419 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 462419] Re: evince apparmor profile prevents movies from opening
At this time AppArmor does not support per-user profiles, but this is a desired feature. If there are bugs in the profile (gmplayer was mentioned), these bugs need to be filed in Launchpad so that they can be corrected. Since this bug was not already reported, I have done so in bug #591421 and already committed a fix for it. Adrian et al, the philosophy behind apparmor profiles in Ubuntu is to have the profiles just work in default and common configurations and not have the user have to worry about them generally. As mentioned, if there are specific examples of things that should be added to the profile, please file a bug so a developer can fix it. Adrian, removing the apparmor package is not recommended. There are many profiles protecting you system that are not causing you any trouble. If the evince profile is causing you problems, then you may simply disable it by performing: $ sudo touch /etc/apparmor.d/disable/usr.bin.evince -- evince apparmor profile prevents movies from opening https://bugs.launchpad.net/bugs/462419 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 462419] Re: evince apparmor profile prevents movies from opening
Although the previous tricks didn't resolve my problem, it is now - due to several apparmor updates - fixed. However, running videos from evince doesn't work with totem (it just opens totem exits before playing the video). It does work with VLC - maybe this helps Alejandro Weinstein. So I can finally confirm that this bug is fixed. -- evince apparmor profile prevents movies from opening https://bugs.launchpad.net/bugs/462419 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
Re: [Bug 462419] Re: evince apparmor profile prevents movies from opening
Unfortunately, I can't say. I tried it today because Jamie said, it was fixed... (again). Today it worked the first time for me. Alejandro Weinstein wrote: nZain: Do you remember when it did start working? My system is up to date, and I still have the same problem. -- evince apparmor profile prevents movies from opening https://bugs.launchpad.net/bugs/462419 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 462419] Re: evince apparmor profile prevents movies from opening
nZain: Do you remember when it did start working? My system is up to date, and I still have the same problem. -- evince apparmor profile prevents movies from opening https://bugs.launchpad.net/bugs/462419 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 462419] Re: evince apparmor profile prevents movies from opening
nZain, This was fixed in Lucid, and you need to have both the updated apparmor and evince package up to date. This bug is confirmed as fixed here with your reproducer. Please make sure your system is up to date, then if you are still having a problem, file a new bug with 'ubuntu-bug evince'. Thanks -- evince apparmor profile prevents movies from opening https://bugs.launchpad.net/bugs/462419 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 462419] Re: evince apparmor profile prevents movies from opening
This was fixed in Lucid That this mean that the bug is still present in Karmic? -- evince apparmor profile prevents movies from opening https://bugs.launchpad.net/bugs/462419 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 462419] Re: evince apparmor profile prevents movies from opening
Alejandro, Correct. This is fixed in the Ubuntu development release (Lucid), not Ubuntu 9.10 (Karmic). -- evince apparmor profile prevents movies from opening https://bugs.launchpad.net/bugs/462419 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 462419] Re: evince apparmor profile prevents movies from opening
The AppArmor portion of this bug was fixed in 2.5~pre+bzr1367-0ubuntu1. ** Changed in: apparmor (Ubuntu) Status: Confirmed = Fix Released -- evince apparmor profile prevents movies from opening https://bugs.launchpad.net/bugs/462419 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 462419] Re: evince apparmor profile prevents movies from opening
This bug was fixed in the package evince - 2.29.91-0ubuntu2 --- evince (2.29.91-0ubuntu2) lucid; urgency=low * debian/apparmor-profile.abstraction: allow access to ubuntu-media-players (LP: #462419) -- Jamie Strandboge ja...@ubuntu.com Mon, 08 Mar 2010 15:41:42 -0600 ** Changed in: evince (Ubuntu) Status: Triaged = Fix Released -- evince apparmor profile prevents movies from opening https://bugs.launchpad.net/bugs/462419 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 462419] Re: evince apparmor profile prevents movies from opening
Same behavior as nZain. I modified /etc/apparmor.d/abstractions/evince and then sudo apparmor_parser --reload /etc/apparmor.d/usr.bin.evince but still can open a video from evince. -- evince apparmor profile prevents movies from opening https://bugs.launchpad.net/bugs/462419 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 462419] Re: evince apparmor profile prevents movies from opening
Sorry. Last line should read but still can't open a video from evince (I couldn't find how to edit my previous comment). -- evince apparmor profile prevents movies from opening https://bugs.launchpad.net/bugs/462419 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 462419] Re: evince apparmor profile prevents movies from opening
** Changed in: evince (Ubuntu) Importance: Undecided = Low ** Changed in: evince (Ubuntu) Status: Confirmed = Triaged -- evince apparmor profile prevents movies from opening https://bugs.launchpad.net/bugs/462419 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 462419] Re: evince apparmor profile prevents movies from opening
This will need an adjustment to the evince profile as well as the apparmor abstraction to fix for Lucid. ** Tags added: apparmor ** Also affects: evince (Ubuntu) Importance: Undecided Status: New ** Changed in: evince (Ubuntu) Status: New = Confirmed ** Changed in: evince (Ubuntu) Assignee: (unassigned) = Jamie Strandboge (jdstrand) -- evince apparmor profile prevents movies from opening https://bugs.launchpad.net/bugs/462419 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 462419] Re: evince apparmor profile prevents movies from opening
Thank you for your bug report, those common software should probably be allowed from apparmor for all desktop profiles there ** Package changed: evince (Ubuntu) = apparmor (Ubuntu) -- evince apparmor profile prevents movies from opening https://bugs.launchpad.net/bugs/462419 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
