Hello everyone.
I've read the whole thread and I am experiencing a related bug.
My specific scenario is that I'm creating a PDF (by exporting from Emacs
/ Org-Mode) that contains a link to a local video. It may have been a
recent change in an AppArmor that has resulted in the videos not opening
anymore (or maybe a security patch?), but I'm not able to open either
mp4 or webm videos like I could with mpv.
I read the /etc/apparmor.d/abstractions/evince file, and added the
following to the /etc/apparmor.d/local/usr.bin.evince file:
# vim:syntax=apparmor
#
# abstraction used by evince binaries
#
# supported archivers
/usr/bin/mpv ixr,
/usr/bin/totem ixr,
/usr/bin/vlc ixr,
After performing:
rolandog@computer:~$ sudo apparmor_parser --reload
/etc/apparmor.d/usr.bin.evince
I get the following error:
profile /usr/bin/evince: has merged rule /usr/bin/totem with conflicting x
modifiers
ERROR merging rules for profile /usr/bin/evince, failed to load
Playback with mpv (the player I had set as default) still doesn't work
(is blocked by AppArmor), and, after running the following command, I
get the messages shown in the attached file:
rolandog@computer:~$ grep audit /var/log/kern.log
After removing the totem line I get a similar error, but for vlc. After
removing both the totem line and the vlc line, I don't get an error (and
I can launch mpv (the default I had set).
However, I'm torn because this worked for me, but there may be others
that may have similar use-cases to mine that would prefer other players.
** Attachment added: "Semi-anonymized matching audit kernel logs from rolandog"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/462419/+attachment/5509133/+files/rolandog-apparmor-kernel-audit.txt
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/462419
Title:
evince apparmor profile prevents movies from opening
Status in apparmor package in Ubuntu:
Fix Released
Status in evince package in Ubuntu:
Fix Released
Bug description:
Binary package hint: evince
Trying to open a movie with vlc or totem from within evince. I get the
error: "Failed to execute child process vlc (Permission denied)". The
same with totem.
I have been looking at all the "apparmor prevents" bugs that have been
reported of late. DVI printing, chromium, etc... the package
maintainers' strategy has been to add an exceptions to the apparmor
profile as the bugs come in. May I comment that this is a ludicrous
situation? There are going to be numerous helper applications that
people might want to use within a PDF file... why is apparmor blocking
them all?
[22:47][kirkwood][~] > lsb_release -rd
Description:Ubuntu 9.10
Release:9.10
[22:48][kirkwood][~] > apt-cache policy evince
evince:
Installed: 2.28.1-0ubuntu1
Candidate: 2.28.1-0ubuntu1
Version table:
*** 2.28.1-0ubuntu1 0
500 http://us.archive.ubuntu.com karmic/main Packages
100 /var/lib/dpkg/status
Expected to happen: movie opens when clicked on
What happens instead: help application (totem/vlc) prevented from running by
apparmor
Reproducible: 100%
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/462419/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
