Ubuntu
evince package

Evince fail to run mktexpk while openning a dvi file

Bug #846639 reported by Daniel Cordeiro
18
This bug affects 4 people
Affects Status Importance Assigned to Milestone
evince (Ubuntu)
Won't Fix
Undecided
Unassigned

Bug Description

After the upgrade to Oneiric, Evince fail to run mktexpk when opening a dvi file.
The stdout shows:

$ evince /usr/local/texlive/texmf-dist/doc/latex/polyglot/sample.dvi
(evince:15287): GLib-GObject-WARNING **: g_object_set_valist: construct property "enable-gestures" for object `EvView' can't be set after construction

kpathsea: Running mktexpk --mfmode / --bdpi 600 --mag 1+0/600 --dpi 600 cmsl10
mktexpk: Permissão negada
kpathsea: Appending font creation commands to missfont.log.
page: Warning: font `cmsl10' at 600x600 not found, trying `cmr10' instead

kpathsea: Running mktexpk --mfmode / --bdpi 600 --mag 1+0/600 --dpi 600 cmr10
mktexpk: Permissão negada
page: Warning: font `cmsl10' not found, trying metric files instead

kpathsea: Running mkofm cmsl10
mkofm: Permissão negada

kpathsea: Running mktextfm cmsl10
mktextfm: Permissão negada
page: Warning: metric file for `cmsl10' not found, trying `cmr10' instead

kpathsea: Running mkofm cmr10
mkofm: Permissão negada

kpathsea: Running mktextfm cmr10
mktextfm: Permissão negada
page: Error: could not load font `cmsl10'

kpathsea: Running mktexpk --mfmode / --bdpi 600 --mag 1+0/600 --dpi 600 cmsl10
mktexpk: Permissão negada
kpathsea: Appending font creation commands to missfont.log.
page: Warning: font `cmsl10' at 600x600 not found, trying `cmr10' instead

kpathsea: Running mktexpk --mfmode / --bdpi 600 --mag 1+0/600 --dpi 600 cmr10
mktexpk: Permissão negada
page: Warning: font `cmsl10' not found, trying metric files instead

kpathsea: Running mkofm cmsl10
mkofm: Permissão negada

kpathsea: Running mktextfm cmsl10
mktextfm: Permissão negada
page: Warning: metric file for `cmsl10' not found, trying `cmr10' instead

kpathsea: Running mkofm cmr10
mkofm: Permissão negada

kpathsea: Running mktextfm cmr10
mktextfm: Permissão negada
page: Error: could not load font `cmsl10'

I have a local texlive 2011 installation (I'm not using texlive from Ubuntu). But if I run manually, for instance,
$mktexpk --mfmode / --bdpi 600 --mag 1+0/600 --dpi 600 cmr10
mktexpk works fine.

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: evince 3.1.90.1-0ubuntu1
ProcVersionSignature: Ubuntu 3.0.0-10.16-generic 3.0.4
Uname: Linux 3.0.0-10-generic i686
NonfreeKernelModules: nvidia
ApportVersion: 1.22.1-0ubuntu2
Architecture: i386
Date: Sat Sep 10 17:45:17 2011
ExecutablePath: /usr/bin/evince
SourcePackage: evince
UpgradeStatus: Upgraded to oneiric on 2011-09-07 (3 days ago)

Revision history for this message
Daniel Cordeiro (dcordeiro) wrote :
Launchpad Janitor (janitor)
Changed in evince (Ubuntu):
status: New → Confirmed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

The following apparmor denials were found in the kern.log:
Sep 10 17:41:58 varzea kernel: [21712.385345] type=1400 audit(1315687318.262:427): apparmor="DENIED" operation="exec" parent=15296 profile="/usr/bin/evince" name="/usr/local/texlive/bin/i386-linux/mktexpk" pid=15297 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000
Sep 10 17:41:58 varzea kernel: [21712.390202] type=1400 audit(1315687318.266:428): apparmor="DENIED" operation="exec" parent=15296 profile="/usr/bin/evince" name="/usr/local/texlive/bin/i386-linux/mktexpk" pid=15298 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000
Sep 10 17:41:58 varzea kernel: [21712.393863] type=1400 audit(1315687318.270:429): apparmor="DENIED" operation="exec" parent=15296 profile="/usr/bin/evince" name="/usr/local/texlive/bin/i386-linux/mkofm" pid=15299 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000
Sep 10 17:41:58 varzea kernel: [21712.395712] type=1400 audit(1315687318.270:430): apparmor="DENIED" operation="exec" parent=15296 profile="/usr/bin/evince" name="/usr/local/texlive/bin/i386-linux/mktextfm" pid=15300 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000
Sep 10 17:41:58 varzea kernel: [21712.398711] type=1400 audit(1315687318.274:431): apparmor="DENIED" operation="exec" parent=15296 profile="/usr/bin/evince" name="/usr/local/texlive/bin/i386-linux/mkofm" pid=15301 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000
Sep 10 17:41:58 varzea kernel: [21712.400605] type=1400 audit(1315687318.278:432): apparmor="DENIED" operation="exec" parent=15296 profile="/usr/bin/evince" name="/usr/local/texlive/bin/i386-linux/mktextfm" pid=15302 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000
Sep 10 17:41:58 varzea kernel: [21712.433072] type=1400 audit(1315687318.310:433): apparmor="DENIED" operation="exec" parent=15296 profile="/usr/bin/evince" name="/usr/local/texlive/bin/i386-linux/mktexpk" pid=15303 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000
Sep 10 17:41:58 varzea kernel: [21712.437811] type=1400 audit(1315687318.314:434): apparmor="DENIED" operation="exec" parent=15296 profile="/usr/bin/evince" name="/usr/local/texlive/bin/i386-linux/mktexpk" pid=15304 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000

It seems you are using a non-standard texlive. If so, you can update your /etc/apparmor.d/local/usr.bin.evince file to contain entries allowing access to these files. You can also put the profile into complain mode until you can refine the profile for your needs using 'sudo aa-complain /etc/apparmor.d/usr.bin.evince'. See https://wiki.ubuntu.com/DebuggingAppArmor for details.

Changed in evince (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
status: Confirmed → Incomplete
Revision history for this message
Daniel Cordeiro (dcordeiro) wrote :

You are right, this is exactly the problem.
I added the line

/usr/local/texlive/** rux,

to my /etc/apparmor.d/local/usr.bin.evince and now it works.

But I still think that preventing evince to execute local commands from a local installation of texlive is still a bug (an important one, given how old texlive is in Ubuntu distribution :-P).

Thanks for you help!

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks Daniel. Based on your comment I am going to close this bug as "Won't Fix". Because users are able to install newer versions of texlive anywhere on the system, it is not possible to allow apparmor access to locally installed binaries in a way that would still provide meaningful protection. Thank you for reporting the bug and please feel free to report any other bugs you may find.

PS - I encourage you to look at the allowed access for texlive that is in the Ubuntu apparmor profile and mimic that access in your local changes. This will provide for a more secure profile.

Changed in evince (Ubuntu):
status: Incomplete → Won't Fix
assignee: Jamie Strandboge (jdstrand) → nobody
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.