evince denied access to mimeapps.list

Bug #1792027 reported by Jon Schewe on 2018-09-11
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Undecided
Jamie Strandboge

Bug Description

I am receiving the following message in my logs. It appears that the apparmor profile for evince is too strict.

Sep 11 14:17:13 bbn-11838 kernel: [275098.499551] audit: type=1400 audit(1536693433.724:1007): apparmor="DENIED" operation="open" profile="/usr/bin/evince" name="/etc/xdg/mimeapps.list" pid=11797 comm="evince" requested_mask="r" denied_mask="r" fsuid=1832001200 ouid=0

I'm using Ubuntu 18.04.

$ lsb_release -rd
Description: Ubuntu 18.04.1 LTS
Release: 18.04

apt show evince
Package: evince
Version: 3.28.2-1

Jan Groenewald (jan-aims) wrote :

I get this upstream on Debian Stretch.

Changed in apparmor (Ubuntu):
status: New → In Progress
assignee: nobody → Jamie Strandboge (jdstrand)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.13.3-7ubuntu1

---------------
apparmor (2.13.3-7ubuntu1) focal; urgency=medium

  * Merge from Debian. Remaining changes:
    - Ubuntu-specific patches:
      + ubuntu/add-chromium-browser.patch
      + ubuntu/communitheme-snap-support.patch
      + ubuntu/mimeinfo-snap-support.patch
      + ubuntu/parser-conf-no-expr-simplify.patch
      + ubuntu/profiles-grant-access-to-systemd-resolved.patch
      + upstream-dont-allow-fontconfig-cache-write.patch
      + upstream-tests-mult-mount-bump-size-of-created-disk.patch
    - debian/apparmor.{install,maintscript}: feature pinning is not used in
      Ubuntu
    - debian/apparmor.preinst: remove cache files on upgrade to 2.13
    - debian/apparmor-profiles.install: install Ubuntu chromium-browser
      profile and abstraction
    - debian/apparmor-profiles.lintian-overrides: update for chromium-browser
      profile having read access to dpkg database for lsb-release
    - debian/apparmor-profiles.postinst: ubuntu-browsers.d/chromium-browser
      abstraction if it doesn't exist
    - debian/control: adjust the Vcs-{Browser,Git} control fields to reflect
      the branch where the Ubuntu packaging is maintained.
    - debian/gbp.conf: use ubuntu/master as the debian-branch
    - debian/patches/series: comment out debian-only patches
    - debian/tests/control and debian/tests/compile-policy: don't test
      thunderbird since the Ubuntu packaging doesn't ship a profile
  * Drop the following patches, no longer needed:
    - python3.8-ac.diff
  * debian/control: drop Breaks on media-hub, mediascanner2.0, messaging-app,
    and webbrowser-app which was needed for upgrades to bionic (LP: #1797242)
  * upstream-adjust-for-ibus-1.5.22.patch: update ibus abstract path for ibus
    1.5.22
  * upstream-adjust-gnome-for-mimeapps.patch: abstractions/gnome: also allow
    /etc/xdg/mimeapps.list (LP: #1792027)

apparmor (2.13.3-7) unstable; urgency=medium

  * Add explicit build dependency on dh-python, so that this package
    can built with python3-defaults 3.7.5-3.

apparmor (2.13.3-6) unstable; urgency=medium

  [ Matthias Klose ]
  * debian/rules: ensure "set -e" is honored (Closes: #943649).
  * Add upstream-mr-430-Fix-a-Python-3.8-autoconf-check.patch (Closes: #943657).

 -- Jamie Strandboge <email address hidden> Tue, 17 Dec 2019 15:50:00 +0000

Changed in apparmor (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers