evince fails to run due to a gdk_mir_display_open

Bug #1433165 reported by Christopher Barrington-Leigh on 2015-03-17
74
This bug affects 16 people
Affects Status Importance Assigned to Milestone
evince (Ubuntu)
High
Unassigned

Bug Description

Here's what happens when I try to run evince under 15.04. No evince window comes up. Instead, just:

> evince

No protocol specified

** (evince:22430): WARNING **: Could not open X display
No protocol specified
gdk_mir_display_open
Failed to connect to Mir: Failed to connect to server socket: No such file or directory
Unable to init server: Could not connect: Connection refused
Cannot parse arguments: Cannot open display:

ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: evince 3.14.2-0ubuntu1
ProcVersionSignature: Ubuntu 3.19.0-9.9-generic 3.19.1
Uname: Linux 3.19.0-9-generic x86_64
ApportVersion: 2.16.2-0ubuntu3
Architecture: amd64
CurrentDesktop: Unity
Date: Tue Mar 17 11:47:57 2015
EcryptfsInUse: Yes
InstallationDate: Installed on 2015-03-07 (9 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Alpha amd64 (20150306)
SourcePackage: evince
UpgradeStatus: No upgrade log present (probably fresh install)

Seth Arnold (seth-arnold) wrote :

It looks like you moved your home directories away from /home:

[11617.240214] audit: type=1400 audit(1426607239.103:39): apparmor="DENIED" operation="open" profile="/usr/bin/evince" name="/ssdhome/cpbl/.Xauthority" pid=20599 comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

To modify the system's AppArmor policies, run this:

sudo dpkg-reconfigure apparmor

Then try re-running evince.

Thanks

Changed in evince (Ubuntu):
status: New → Incomplete

Yes. Though its symlinked from /home.

Your reconfigure solves the problem.

Is the behaviour I experienced all as it should be, then?
thanks,
Chris

Changed in evince (Ubuntu):
status: Incomplete → Invalid
Seth Arnold (seth-arnold) wrote :

Excellent, thanks for reporting back Christopher. The kernel follows symlinks before prompting AppArmor to allow or deny something. which is why the reports include the 'real' name. This all appears to be working as expected.

Thanks

Swarnendu Biswas (swarna-cse) wrote :

Hi Seth,

I have my home under /home/, it is just on a different partition. I face the same issue with evince.

Executing sudo dpkg-reconfigure apparmor does not solve the problem for me. I passed /home/ and /home/<user>/ but it doesn't work. Any suggestions?

Swarnendu Biswas (swarna-cse) wrote :

A very crude workaround that I tried is to disable the apparmor profile evnice, similar to firefox and issuing

sudo apparmor_parser -R /etc/apparmor.d/usr.bin.evince.

Obviously evince works now, but this is far from satisfactory.

Jamie Strandboge (jdstrand) wrote :

You should pass '/ssdhome/' as can be seen from the kernel denial. Hope this helps.

Underground78 (underground78) wrote :

I have the same issue and using sudo dpkg-reconfigure apparmor to add /local/home/ does not change anything.

Seria (andreas-boettger) wrote :

% evince
No protocol specified

** (evince:8940): WARNING **: Could not open X display
No protocol specified
gdk_mir_display_open
Failed to connect to Mir: Failed to connect to server socket: No such file or directory
Unable to init server: Could not connect: Connection refused
Cannot parse arguments: Cannot open display:

Mar 26 11:31:45 sturm kernel: [13219.348993] audit: type=1400 audit(1427365905.651:53): apparmor="DENIED" operation="open" profile="/usr/bin/evince" name="/run/user/1000/gdm/Xauthority" pid=8854 comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Mar 26 11:31:45 sturm kernel: [13219.352242] audit: type=1400 audit(1427365905.655:54): apparmor="DENIED" operation="open" profile="/usr/bin/evince" name="/run/user/1000/gdm/Xauthority" pid=8854 comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

LuoZheng (htfy96) wrote :

Solved, by adding /run/user through dpkg-reconfigure apparmor.

An overkill for this bug is:

1) Run evince xxx.pdf in terminal
2) Find out the last lines of the output of dmesg, which should go like this:

[ 7091.704251] audit: type=1400 audit(1427518665.187:100): apparmor="DENIED" operation="open" profile="/usr/bin/evince" name="/run/user/1000/gdm/Xauthority" pid=20485 comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

, and remember the directory after "name="
3) Run dpkg-reconfigure apparmor, add the directory after "name="( in this case it is /run/user/1000/gdm).

Hope this works.

Changed in evince (Ubuntu):
status: Invalid → Confirmed
Changed in evince (Ubuntu):
importance: Undecided → High
Alexander Lazarević (e11bits) wrote :

Thanks for reporting this. The was spot on.

I have the same problem, but the above solutions don't work:

$evince testpdf.pdf
No protocol specified

** (evince:5819): WARNING **: Could not open X display
No protocol specified
gdk_mir_display_open
Failed to connect to Mir: Failed to connect to server socket: No such file or directory
Unable to init server: Could not connect: Connection refused
Cannot parse arguments: Cannot open display:

dmesg gives:
[ 862.287951] audit: type=1400 audit(1433776649.140:49): apparmor="DENIED" operation="open" profile="/usr/bin/evince" name="/work/davids/.Xauthority" pid=5819 comm="evince" requested_mask="r" denied_mask="r" fsuid=1011 ouid=1011

$ sudo dpkg-reconfigure apparmor (with name=/work/davids/)

update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults
Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox
Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd

Try again:

$evince testpdf.pdf
No protocol specified

** (evince:5991): WARNING **: Could not open X display
No protocol specified
gdk_mir_display_open
Failed to connect to Mir: Failed to connect to server socket: No such file or directory
Unable to init server: Could not connect: Connection refused
Cannot parse arguments: Cannot open display:

Underground78 (underground78) wrote :

Have you checked the owner and rights of the file? My ".Xauthority" had them wrong so reconfiguring AppArmor wasn't enough.

Just tried another pdf which fails with the same errors:

ls -lt Issue_54_AprMay_2015.pdf
-rw-rw-r-- 1 davids davids 6452563 May 3 11:13 Issue_54_AprMay_2015.pdf

ie read permission for all. And my .Xauthority looks like:

$ls -lt .Xauthority
-rw------- 1 davids davids 65 Jun 8 17:03 .Xauthority

Seth Arnold (seth-arnold) wrote :

xadder, I think instead of dpkg-reconfigure apparmor name=/work/davids/ try name=/work/

Thanks

Ah, yes, that worked. Thanks!

Thales (ceolin) wrote :

#15 Is the right workaround. Thanks

Frits van der Holst (frits-b) wrote :

Just additional note for anyone else stumbling into this. I ran into this problem, thought first my /home located on another disk caused it. So ran the reconfig and all, no fix.
Careful rereading this report, lead met to check my .Xauthority... and there it was.
I changed those for some experimentation during a training I was doing, and forgot to change it back. Setting it back only rw to the user fixed the problem for me.

Alan Meekins (alan-meekins) wrote :

I've tried every suggestion in this thread and still seeing issues. At first I was getting the exact same error as the original poster, after adding variants(symlinks and non-symlinks)of all the denied paths and possibly associated directors:

/home/ /mnt/storage0/home/ /home/user/ /mnt/storage0/home/user/ /usr/share/locale-langpack/en/LC_MESSAGES/ /mnt/storage0/usr/share/locale-langpack/en/LC_MESSAGES/ /usr/share/glib-2.0/schemas/ /mnt/storage0/usr/share/glib-2.0/schemas/

Running evince now produces the following crash and dmesg output. Thoughts?

$ evince

(evince:5181): GLib-GIO-ERROR **: No GSettings schemas are installed on the system
Trace/breakpoint trap (core dumped)

$ dmesg

[ 1098.393345] audit: type=1400 audit(1442266027.531:351): apparmor="DENIED" operation="open" profile="/usr/bin/evince" name="/mnt/storage0/usr/share/locale-langpack/en/LC_MESSAGES/gtk30.mo" pid=5176 comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 1098.399296] audit: type=1400 audit(1442266027.535:352): apparmor="DENIED" operation="open" profile="/usr/bin/evince" name="/mnt/storage0/usr/share/glib-2.0/schemas/gschemas.compiled" pid=5176 comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 1098.399596] traps: evince[5176] trap int3 ip:7f1f2737ad00 sp:7ffcfc9e5bd0 error:0

$ sudo dpkg-reconfigure apparmor

/home/ /mnt/storage0/home/ /home/user/ /mnt/storage0/home/user/ /usr/share/locale-langpack/en/LC_MESSAGES/ /mnt/storage0/usr/share/locale-langpack/en/LC_MESSAGES/ /usr/share/glib-2.0/schemas/ /mnt/storage0/usr/share/glib-2.0/schemas/

Seth Arnold (seth-arnold) wrote :

Alan, those are some surprising errors. It looks a lot like you've got / symlinked to /mnt/stoarge0/ or something else similar.

If so, you'd probably be better served with a rule like:

alias / -> /mnt/storage0/,

in the /etc/apparmor.d/tunables/alias file.

Then you could clean up the @{HOME} variable to only the paths actually used for home directories (the dpkg-reconfigure apparmor question) and drastically tighten the security policy while also allowing the accesses that need to happen.

Thanks

shubham wange (wangeshubham) wrote :

hduser@AJ:/home/aj$ nautilus
No protocol specified

** (nautilus:6153): WARNING **: Could not open X display
No protocol specified
gdk_mir_display_open
Failed to connect to Mir: Failed to connect to server socket: Permission denied
Unable to init server: Could not connect: Connection refused

(nautilus:6153): Gtk-WARNING **: cannot open display: :0

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers