[Touch-packages] [Bug 1229066] Re: evince-thumbnailer can't run mktexpk

Tue, 12 Aug 2014 12:56:29 -0700 

** Package changed: evince (Ubuntu) => apparmor (Ubuntu)

** Changed in: apparmor (Ubuntu)
       Status: Confirmed => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1229066

Title:
  evince-thumbnailer can't run mktexpk

Status in “apparmor” package in Ubuntu:
  Triaged

Bug description:
  On Ubuntu 12.04, when running /usr/bin/evince-thumbnailer on a .dvi
  file that references a font for which there is no PK file on the
  system yet, AppArmor blocks the execution of
  /usr/share/texmf/web2c/mktexnam etc. Here are sample audit log
  messages:

  [ 5720.378549] type=1400 audit(1379921624.784:28): apparmor="DENIED" 
operation="exec" parent=6181 
profile="/usr/bin/evince-thumbnailer//sanitized_helper" 
name="/usr/share/texmf/web2c/mktexnam" pid=6204 comm="mktexpk" 
requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
  [ 5720.384833] type=1400 audit(1379921624.788:29): apparmor="DENIED" 
operation="exec" parent=6181 
profile="/usr/bin/evince-thumbnailer//sanitized_helper" 
name="/usr/share/texmf/web2c/mktexupd" pid=6209 comm="mktexpk" 
requested_mask="x" denied_mask="x" fsuid=1000 ouid=0

  I suspect this is because the sanitized_helper profile in 
/etc/apparmor.d/abstractions/ubuntu-helpers only covers /bin, /sbin, /usr/bin 
and /usr/sbin, not /usr/share/texmf/web2c . I'm not sure whether this bug 
should be filed against apparmor, evince or texlive-binaries; I can think of at 
least three ways of addressing the issue:
  1) add "/usr/share/texmf/web2c/* Pixr" to the sanitized_helper profile;
  2) modify the profile for /usr/bin/evince-thumbnailer to use something other 
than sanitized_helper;
  3) provide a separate AppArmor profile for the /usr/bin/mktexpk wrapper (and 
its siblings).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1229066/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to