Ubuntu
evince package

apparmor prevents oxygen-gtk3 from setting the right color scheme

Bug #929114 reported by Philip Muškovac on 2012-02-08

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	evince (Ubuntu)	Won't Fix	Low	Unassigned

Bug Description

Using gtk3-engines-oxygen in KDE evince will only use the default color scheme as apparmor prevents oxygen-gtk3 from setting the correct one:
[181901.662752] type=1400 audit(1328735171.422:4361): apparmor="DENIED" operation="exec" parent=7588 profile="/usr/bin/evince" name="/usr/bin/kde4-config" pid=7590 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: evince 3.3.5-0ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-13.23~ppa1-generic 3.2.2
Uname: Linux 3.2.0-13-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 1.91-0ubuntu1
Architecture: amd64
Date: Wed Feb 8 22:09:14 2012
InstallationMedia: Kubuntu 11.10 "Oneiric Ocelot" - Beta amd64 (20111007)
ProcEnviron:
SHELL=/bin/bash
PATH=(custom, user)
LANG=en_US.UTF-8
LANGUAGE=en_US.UTF-8
SourcePackage: evince
UpgradeStatus: No upgrade log present (probably fresh install)

Tags:

Revision history for this message

Philip Muškovac (yofel) wrote on 2012-02-08:

Dependencies.txt Edit (3.8 KiB, text/plain; charset="utf-8")
KernLog.txt Edit (64.6 KiB, text/plain; charset="utf-8")
RelatedPackageVersions.txt Edit (169 bytes, text/plain; charset="utf-8")

Sebastien Bacher (seb128) on 2012-02-22

Changed in evince (Ubuntu):
assignee:	nobody → Ubuntu Security Team (ubuntu-security)

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2012-02-23:

Thank you for using Ubuntu and filing a bug. The default PDF reader in Kubuntu is Okular, while Evince is the default Ubuntu PDF reader and therefore this is a non-standard configuration. IMO, the /usr/bin/kde4-config program provides more access to the system than should be available in the default install for all Ubuntu users. I am going to mark this bug as "Won't Fix" for now. As a workaround, you can add the following to /etc/apparmor.d/local/usr.bin.evince:
/usr/bin/kde4-config Cxr -> sanitized_helper,

(if that doesn't work, you could try '/usr/bin/kde4-config Uxr,' instead). If someone wants to provide an apparmor profile (perhaps a child profile) for kde4-config, then it could be considered for inclusion in the evince profile. After making changes to your apparmor profile, please run 'sudo apparmor_parser -r /etc/apparmor.d/usr.bin.evince' to put them into effect.

Thanks again and please feel free to report any other bugs you may find.

Changed in evince (Ubuntu):
assignee:	Ubuntu Security Team (ubuntu-security) → nobody
importance:	Undecided → Low
status:	New → Won't Fix

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuevince package