** Description changed: + [ Impact ] + + The "papers" app, default PDF viewer in Ubuntu Desktop, is slow because + it is forced to use software rendering, because its apparmor profile is + blocking access to the required kernel interfaces. + + I believe this to be a bug of the system-wide apparmor abstractions, and + have proposed https://gitlab.com/apparmor/apparmor/-/merge_requests/1830 + to resolve that. + + In the meantime, we should add the additional rules required to get GPU + acceleration (through Vulkan, by default) in the papers apparmor + profile. + + [ Test plan ] + + 1. Log-in to Ubuntu Desktop + 2. Open a terminal application + 3. Run the "papers" command + 4. Verify that there are no warnings about. + + You can find below the expected warnings when running papers without this fix + 5. Verify that the Papers app feels fast at browsing PDF files. + + While this is suggestive, there should be a noticeable difference when compared to runnign Papers without this fix. + + [ Where problems could occur ] + + * If the new apparmor rules were malformed, the package would complain at install time. + * By nature of poking more holes through the apparmor sandbox, we expose a larger attack surface through the Papers application. + + [ Other information ] + $ papers libEGL warning: failed to get driver name for fd -1 libEGL warning: MESA-LOADER: failed to retrieve device information libEGL warning: failed to get driver name for fd -1 MESA: error: ZINK: failed to choose pdev libEGL warning: egl: failed to create dri2 screen - $ journalctl -e kernel: audit: type=1400 audit(1761910604.374:8607): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/papers" name="/sys/devices/pci0000:00/0000:00:08.1/0000:63:00.0/uevent" pid=117507 comm="papers" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 kernel: audit: type=1400 audit(1761910604.375:8608): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/papers" name="/sys/devices/pci0000:00/0000:00:08.1/0000:63:00.0/uevent" pid=117507 comm="papers" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 kernel: audit: type=1400 audit(1761910604.375:8609): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/papers" name="/sys/devices/pci0000:00/0000:00:08.1/0000:63:00.0/uevent" pid=117507 comm="papers" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 kernel: audit: type=1400 audit(1761910604.376:8610): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/papers" name="/sys/devices/pci0000:00/0000:00:08.1/0000:63:00.0/uevent" pid=117507 comm="papers" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 kernel: audit: type=1400 audit(1761910604.376:8611): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/papers" name="/sys/devices/pci0000:00/0000:00:08.1/0000:63:00.0/uevent" pid=117507 comm="papers" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 kernel: audit: type=1400 audit(1761910604.377:8612): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/papers" name="/sys/devices/pci0000:00/0000:00:08.1/0000:63:00.0/uevent" pid=117507 comm="papers" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 kernel: audit: type=1400 audit(1761910604.377:8613): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/papers" name="/sys/devices/pci0000:00/0000:00:08.1/0000:63:00.0/uevent" pid=117507 comm="papers" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 kernel: audit: type=1400 audit(1761910604.377:8614): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/papers" name="/sys/devices/pci0000:00/0000:00:08.1/0000:63:00.0/uevent" pid=117507 comm="papers" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 kernel: audit: type=1400 audit(1761910604.381:8615): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/papers" name="/sys/devices/pci0000:00/0000:00:08.1/0000:63:00.0/uevent" pid=117507 comm="papers" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 kernel: audit: type=1400 audit(1761910604.381:8616): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/papers" name="/sys/devices/pci0000:00/0000:00:08.1/0000:63:00.0/uevent" pid=117507 comm="papers" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2130422 Title: Papers is not GPU accelerated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2130422/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
