Comment 12 for bug 964510

Neal McBurnett (nealmcb) wrote :

Since the SRU fix for precise seems low on the priority queue, I boldly did this on my precise machine, based on the apparmor_2.7.102-0ubuntu6.debdiff patch and the advice from Antoine-terracol. I'm no expert, but it seems to work now, without even restarting evince.

Add these lines to /etc/apparmor.d/abstractions/ubuntu-helpers after the line "/usr/lib*/{,**/}* Pixr,":

  # From https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/964510/comments/12
  # While the chromium and chrome sandboxes are setuid root, they only link
  # in limited libraries so glibc's secure execution should be enough to not
  # require the santized_helper (ie, LD_PRELOAD will only use standard system
  # paths (man ld.so)).
  /usr/lib/chromium-browser/chromium-browser-sandbox PUxr,
  /opt/google/chrome/chrome-sandbox PUxr,
  /opt/google/chrome/google-chrome Pixr,
  /opt/google/chrome/chrome Pixr,
  /opt/google/chrome/lib*.so{,.*} m,

Run `sudo apparmor_parser -T -W -r /etc/apparmor.d/usr.bin.evince`