evince silently crashes with apparmor error on artful

Bug #1710487 reported by Alan Pope ๐Ÿบ๐Ÿง๐Ÿฑ ๐Ÿฆ„ on 2017-08-13
38
This bug affects 10 people
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
High
Jamie Strandboge
evince (Ubuntu)
High
Jamie Strandboge

Bug Description

On an up to date Ubuntu Artful system, evince is not runnable.

$ evince

(evince:1954): Gdk-WARNING **: Failed to load cursor theme DMZ-White

(evince:1954): Gdk-WARNING **: Failed to load cursor theme DMZ-White
**
Gdk:ERROR:/build/gtk+3.0-f0nGiQ/gtk+3.0-3.22.17/./gdk/wayland/gdkdisplay-wayland.c:1039:_gdk_wayland_display_get_scaled_cursor_theme: assertion failed: (display_wayland->cursor_theme_name)
Aborted

In the syslog.

[Sun Aug 13 01:58:49 2017] audit: type=1400 audit(1502642630.119:120387): apparmor="DENIED" operation="mknod" profile="/usr/bin/evince" name="/run/user/1000/wayland-cursor-shared-sWj8Hz" pid=1988 comm="evince" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
[Sun Aug 13 01:58:49 2017] audit: type=1400 audit(1502642630.147:120388): apparmor="DENIED" operation="mknod" profile="/usr/bin/evince" name="/run/user/1000/wayland-cursor-shared-nEkncR" pid=1988 comm="evince" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: evince 3.24.1-0ubuntu1
ProcVersionSignature: Ubuntu 4.11.0-13.19-generic 4.11.12
Uname: Linux 4.11.0-13-generic x86_64
NonfreeKernelModules: zfs zunicode zavl zcommon znvpair
ApportVersion: 2.20.6-0ubuntu5
Architecture: amd64
CurrentDesktop: GNOME
Date: Sun Aug 13 17:41:34 2017
InstallationDate: Installed on 2017-08-02 (11 days ago)
InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Alpha amd64 (20170712)
SourcePackage: evince
UpgradeStatus: No upgrade log present (probably fresh install)

Will Cooke (willcooke) on 2017-08-14
Changed in evince (Ubuntu):
status: New → Confirmed
importance: Undecided → High
Sebastien Bacher (seb128) wrote :

It looks like debian has a patch in its apparmor package for that, which is mentioned in the changelog but not in the ubuntu package, could be a merge issue?

https://launchpad.net/ubuntu/+source/apparmor/2.11.0-2ubuntu1
apparmor (2.10.95-5) unstable; urgency=medium

  * Merge from ubuntu-citrain up to revision 1600. Remaining Debian changes:
    - debian/apparmor.init: don't call handle_system_policy_package_updates.
  * r3566-wayland.patch: new patch, to support Wayland in at least Evince
    (Closes: #827335).

Security team, is there any reason we don't have that patch in Ubuntu or is that a merge overlook?

affects: evince (Ubuntu) → apparmor (Ubuntu)
Sebastien Bacher (seb128) wrote :

the patch is now named wayland-cursor.patch in Debian

Changed in apparmor (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
status: Confirmed → Triaged
Jamie Strandboge (jdstrand) wrote :

FYI, there are two parts to this bug:
1. apparmor in Ubuntu doesn't have the upstream fix for wayland-cursor in the wayland abstraction
2. evince doesn't include the wayland abstraction anywhere

Changed in evince (Ubuntu):
status: New → Triaged
importance: Undecided → High
assignee: nobody → Jamie Strandboge (jdstrand)
Jamie Strandboge (jdstrand) wrote :

Uploaded apparmor and evince to artful.

Changed in apparmor (Ubuntu):
status: Triaged → Fix Committed
Changed in evince (Ubuntu):
status: Triaged → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package evince - 3.24.1-0ubuntu2

---------------
evince (3.24.1-0ubuntu2) artful; urgency=medium

  * debian/apparmor-profile.abstraction: #include <abstractions/wayland>
    (LP: #1710487)

 -- Jamie Strandboge <email address hidden> Mon, 14 Aug 2017 19:38:18 +0000

Changed in evince (Ubuntu):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.11.0-2ubuntu16

---------------
apparmor (2.11.0-2ubuntu16) artful; urgency=medium

  * add wayland-cursor.patch (LP: #1710487)

 -- Jamie Strandboge <email address hidden> Mon, 14 Aug 2017 19:36:26 +0000

Changed in apparmor (Ubuntu):
status: Fix Committed → Fix Released
intrigeri (intrigeri) wrote :

FWIW: Jamie, while reviewing the Debian..Ubuntu packaging log in order to merge the Ubuntu one into the Debian source package, I see a few instances of duplicate packaging work going on (e.g. the fix for this bug, upstart job removal). Such duplicate work could have been avoided by merging from Debian firstโ€ฆ which would also have avoided mistakes like keeping the obsolete ubuntu-manpage-updates.patch, and removing the initscript by mistake to re-add it 3 versions later.

Let me know if I can adjust my workflow in a way that makes it easier for you folks to merge from Debian more consistently, I'm open to requests & suggestions :)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers