Ubuntu
apparmor package

evince denied access to mimeapps.list

Bug #1792027 reported by Jon Schewe
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Fix Released
Undecided
Jamie Strandboge

Bug Description

I am receiving the following message in my logs. It appears that the apparmor profile for evince is too strict.

Sep 11 14:17:13 bbn-11838 kernel: [275098.499551] audit: type=1400 audit(1536693433.724:1007): apparmor="DENIED" operation="open" profile="/usr/bin/evince" name="/etc/xdg/mimeapps.list" pid=11797 comm="evince" requested_mask="r" denied_mask="r" fsuid=1832001200 ouid=0

I'm using Ubuntu 18.04.

$ lsb_release -rd
Description: Ubuntu 18.04.1 LTS
Release: 18.04

apt show evince
Package: evince
Version: 3.28.2-1

Revision history for this message
Jan Groenewald (jan-aims) wrote :

I get this upstream on Debian Stretch.

Jamie Strandboge (jdstrand)
Changed in apparmor (Ubuntu):
status: New → In Progress
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.13.3-7ubuntu1

---------------
apparmor (2.13.3-7ubuntu1) focal; urgency=medium

  * Merge from Debian. Remaining changes:
    - Ubuntu-specific patches:
      + ubuntu/add-chromium-browser.patch
      + ubuntu/communitheme-snap-support.patch
      + ubuntu/mimeinfo-snap-support.patch
      + ubuntu/parser-conf-no-expr-simplify.patch
      + ubuntu/profiles-grant-access-to-systemd-resolved.patch
      + upstream-dont-allow-fontconfig-cache-write.patch
      + upstream-tests-mult-mount-bump-size-of-created-disk.patch
    - debian/apparmor.{install,maintscript}: feature pinning is not used in
      Ubuntu
    - debian/apparmor.preinst: remove cache files on upgrade to 2.13
    - debian/apparmor-profiles.install: install Ubuntu chromium-browser
      profile and abstraction
    - debian/apparmor-profiles.lintian-overrides: update for chromium-browser
      profile having read access to dpkg database for lsb-release
    - debian/apparmor-profiles.postinst: ubuntu-browsers.d/chromium-browser
      abstraction if it doesn't exist
    - debian/control: adjust the Vcs-{Browser,Git} control fields to reflect
      the branch where the Ubuntu packaging is maintained.
    - debian/gbp.conf: use ubuntu/master as the debian-branch
    - debian/patches/series: comment out debian-only patches
    - debian/tests/control and debian/tests/compile-policy: don't test
      thunderbird since the Ubuntu packaging doesn't ship a profile
  * Drop the following patches, no longer needed:
    - python3.8-ac.diff
  * debian/control: drop Breaks on media-hub, mediascanner2.0, messaging-app,
    and webbrowser-app which was needed for upgrades to bionic (LP: #1797242)
  * upstream-adjust-for-ibus-1.5.22.patch: update ibus abstract path for ibus
    1.5.22
  * upstream-adjust-gnome-for-mimeapps.patch: abstractions/gnome: also allow
    /etc/xdg/mimeapps.list (LP: #1792027)

apparmor (2.13.3-7) unstable; urgency=medium

  * Add explicit build dependency on dh-python, so that this package
    can built with python3-defaults 3.7.5-3.

apparmor (2.13.3-6) unstable; urgency=medium

  [ Matthias Klose ]
  * debian/rules: ensure "set -e" is honored (Closes: #943649).
  * Add upstream-mr-430-Fix-a-Python-3.8-autoconf-check.patch (Closes: #943657).

 -- Jamie Strandboge <email address hidden> Tue, 17 Dec 2019 15:50:00 +0000

Changed in apparmor (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.