changes to toolbar don't persist under GNOME3 with non standard userdirs (due to apparmor restrictions)

Bug #1016103 reported by Dan Eicher on 2012-06-21
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
evince (Ubuntu)
Low
Unassigned

Bug Description

When you drop an icon on the toolbar in ubuntu 12.04 it stays after you close/reopen evince.

In ubuntu 12.04 evince does not seem to be able to save it's change in settings, perhaps the dialog below would be helpful to a developer.

machine1% evince

(evince:21345): EggSMClient-WARNING **: Failed to connect to the session manager: None of the authentication protocols specified are supported

(evince:21345): Gtk-WARNING **: Attempting to read the recently used resources file at `/homes/dhe/.local/share/recently-used.xbel', but the parser failed: Failed to open file '/homes/dhe/.local/share/recently-used.xbel': Permission denied.

(evince:21345): GLib-GObject-WARNING **: instance with invalid (NULL) class pointer

(evince:21345): GLib-GObject-CRITICAL **: g_signal_handlers_disconnect_matched: assertion `G_TYPE_CHECK_INSTANCE (instance)' failed

(evince:21345): GLib-GObject-WARNING **: instance of invalid non-instantiatable type `<invalid>'

(evince:21345): GLib-GObject-CRITICAL **: g_signal_handlers_disconnect_matched: assertion `G_TYPE_CHECK_INSTANCE (instance)' failed
I/O error : Permission denied
I/O error : Permission denied

** (evince:21345): WARNING **: Failed to write XML data to /homes/dhe/.config/evince/evince_toolbar.xml.tmp

(evince:21345): Gtk-WARNING **: Attempting to store changes into `/homes/dhe/.local/share/recently-used.xbel', but failed: Failed to create file '/homes/dhe/.local/share/recently-used.xbel.K83OGW': Permission denied

(evince:21345): Gtk-WARNING **: Attempting to set the permissions of `/homes/dhe/.local/share/recently-used.xbel', but failed: Permission denied

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: evince 3.4.0-0ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-25.40-generic 3.2.18
Uname: Linux 3.2.0-25-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu8
Architecture: amd64
Date: Thu Jun 21 11:12:43 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Beta amd64 (20120328)
KernLog:

ProcEnviron:
 TERM=xterm
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/usr/local/bin/tcsh
SourcePackage: evince
UpgradeStatus: No upgrade log present (probably fresh install)

Dan Eicher (dhe) wrote :
Sebastien Bacher (seb128) wrote :

thank you for your bug report but it seems a permission issue for your user, could you run those commands and copy the output here:
- ls -ld /homes/dhe/.config
- ls -ld /homes/dhe/.local
- ls -ld /homes/dhe/.local/share

Changed in evince (Ubuntu):
status: New → Incomplete
importance: Undecided → Low
Dan Eicher (dhe) wrote :

machine1:116% ls -ld /cise/homes/dhe/.config
drwx------+ 32 dhe staff 35 Jun 20 12:05 /homes/dhe/.config/

machine1:117% ls -ld /homes/dhe/.local
drwx------+ 3 dhe staff 3 May 1 2007 /homes/dhe/.local/

machine1:120% ls -ld /homes/dhe/.local/share
drwx------+ 16 dhe staff 20 Jun 21 09:49 /homes/dhe/.local/share/

Sebastien Bacher (seb128) wrote :

can you manually edit files in those dirs?

Dan Eicher (dhe) wrote :

machine1:136% pwd
/homes/dhe/.local/share

machine1:137% ls
applications/ evolution/ icc/ rhythmbox/ Trash/ webkit/
desktop-couch/ gsettings-data-convert recently-used.xbel totem/ ubuntuone/ zeitgeist/
desktop-directories/ gvfs-metadata/ recently-used.xbel.JK0ACW tracker/ vlc/

machine1:138% touch testfile
machine1:139% vi testfile
machine1:140% cat testfile
I'm a test file

machine1:141% pwd
/homes/dhe/.local/share

machine:142% ls -al testfile
-rw-------+ 1 dhe cstaff 17 Jun 21 13:10 testfile

Ditto with config

Sebastien Bacher (seb128) wrote :

does "sudo aa-complain evince" workaround the issue? your userdir is an nfs one right?

Dan Eicher (dhe) wrote :

Workstations are on ldap, user accounts can not sudo.
All home directories are automounted (nfs3).

I think you nailed down the problem....

syslog.1:Jun 20 12:15:31 localhost kernel: [169711.537510] type=1400 audit(1340208931.890:206): apparmor="DENIED" operation="chmod" parent=20817 profile="/usr/bin/evince" name="/homes/dhe/.config/ibus/bus/" pid=4376 comm="evince" requested_mask="w" denied_mask="w" fsuid=7868 ouid=7868
syslog.1:Jun 20 12:15:31 localhost kernel: [169711.570877] type=1400 audit(1340208931.922:207): apparmor="DENIED" operation="open" parent=20817 profile="/usr/bin/evince" name="/homes/dhe/.Xauthority" pid=4376 comm="evince" requested_mask="r" denied_mask="r" fsuid=7868 ouid=7868
syslog.1:Jun 20 12:15:31 localhost kernel: [169711.574423] type=1400 audit(1340208931.926:208): apparmor="DENIED" operation="open" parent=20817 profile="/usr/bin/evince" name="/homes/dhe/.Xauthority" pid=4376 comm="evince" requested_mask="r" denied_mask="r" fsuid=7868 ouid=7868
syslog.1:Jun 20 12:15:31 localhost kernel: [169711.577703] type=1400 audit(1340208931.930:209): apparmor="DENIED" operation="open" parent=20817 profile="/usr/bin/evince" name="/homes/dhe/.Xauthority" pid=4376 comm="evince" requested_mask="r" denied_mask="r" fsuid=7868 ouid=7868
syslog.1:Jun 20 12:15:38 localhost kernel: [169717.722484] type=1400 audit(1340208938.074:210): apparmor="DENIED" operation="mknod" parent=20817 profile="/usr/bin/evince" name="/homes/dhe/.config/evince/accels.EDZ5FW" pid=4376 comm="evince" requested_mask="c" denied_mask="c" fsuid=7868 ouid=7868
syslog.1:Jun 20 12:15:38 localhost kernel: [169717.724879] type=1400 audit(1340208938.078:211): apparmor="DENIED" operation="mknod" parent=20817 profile="/usr/bin/evince" name="/homes/dhe/.local/share/recently-used.xbel.05T5FW" pid=4376 comm="evince" requested_mask="c" denied_mask="c" fsuid=7868 ouid=7868
syslog.1:Jun 20 12:15:38 localhost kernel: [169717.724974] type=1400 audit(1340208938.078:212): apparmor="DENIED" operation="chmod" parent=20817 profile="/usr/bin/evince" name="/homes/dhe/.local/share/recently-used.xbel" pid=4376 comm="evince" requested_mask="w" denied_mask="w" fsuid=7868 ouid=7868

Changed in evince (Ubuntu):
status: Incomplete → New
Sebastien Bacher (seb128) wrote :

Ok, I checked with our security team and they say it's due to your non standard /homes (i.e the "s" at the end), for such setups you need to tweak the apparmor rules as indicated on https://wiki.ubuntu.com/DebuggingApparmor#Adjusting_Tunables

Setting as invalid, it's not really a bug, non standard setups require some tweaking in configurations

Changed in evince (Ubuntu):
status: New → Invalid
Margarita Manterola (marga-9) wrote :

I disagree with the assesment. Users under GNOME 3 have also the issue that settings cannot be saved, and the fix is to add this line to /etc/apparmor.d/usr.bin.evince:

 @{HOME}/.config/evince/* rwl,

Regardless of how weird the path to the home is, if it correctly maps to @{HOME} then it shouldn't be a problem for apparmor.

Changed in evince (Ubuntu):
status: Invalid → Confirmed
tags: added: apparmor
summary: - evince unable to save changes to toolbar
+ changes to toolbar don't persist under GNOME3 with non standard userdirs
+ (due to apparmor restrictions)
Jamie Strandboge (jdstrand) wrote :

This bug has morphed into something else. It started as needing to set tunables but is now that we need:
 owner @{HOME}/.config/evince/* rwl,

This access is totally reasonable and I'll add it now.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package evince - 3.10.3-0ubuntu13

---------------
evince (3.10.3-0ubuntu13) utopic; urgency=medium

  * debian/apparmor-profile.abstraction: allow rw to ~/.config/evince
    (LP: #1016103)
 -- Jamie Strandboge <email address hidden> Fri, 06 Jun 2014 13:03:06 -0500

Changed in evince (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers