apparmor denies evince creating links in .local/share/gvfs-metadata

Bug #807507 reported by Christian Reis on 2011-07-08
This bug affects 5 people
Affects Status Importance Assigned to Milestone
evince (Ubuntu)

Bug Description

I'm not sure exactly why evince is doing this, but when I open the attached PDF, I get these messages in my syslog:

[517153.642954] type=1400 audit(1310126279.881:64): apparmor="DENIED" operation="link" parent=1 profile="/usr/bin/evince" name="/home/kiko/.local/share/gvfs-metadata/.openRJ3GYV" pid=26997 comm="evince" requested_mask="l" denied_mask="l" fsuid=5107 ouid=5107 target="/home/kiko/.local/share/gvfs-metadata/home-1dc5eb46.log"
[517153.642147] type=1400 audit(1310126279.881:63): apparmor="DENIED" operation="link" parent=1 profile="/usr/bin/evince" name="/home/kiko/.local/share/gvfs-metadata/.openF02GYV" pid=26997 comm="evince" requested_mask="l" denied_mask="l" fsuid=5107 ouid=5107 target="/home/kiko/.local/share/gvfs-metadata/home"

I have a fix (might be a workaround) here:

--- usr.bin.evince.log 2011-07-08 09:44:30.170324154 -0300
+++ usr.bin.evince 2011-07-08 09:41:09.807227272 -0300
@@ -52,6 +52,8 @@
   @{HOME}/.gnome2/accels/ rw,
   @{HOME}/.gnome2/accelsevince rw,
   @{HOME}/.gnome2/accels/evince rw,
+ @{HOME}/.local/share/gvfs-metadata rw,
+ @{HOME}/.local/share/gvfs-metadata/* rwl,

   # from Allow
   # read and write for all supported file formats

Related branches

Pedro Villavicencio (pedro) wrote :

Thanks for the report, Jamie may you have a look to it? Thanks.

Changed in evince (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
tags: added: apparmor
Changed in evince (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
milestone: none → oneiric-alpha-3
Changed in evince (Ubuntu):
assignee: Jamie Strandboge (jdstrand) → nobody
status: Confirmed → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package evince - 3.1.2-0ubuntu2

evince (3.1.2-0ubuntu2) oneiric; urgency=low

  * debian/apparmor-profile: allow 'l' to files in
    @{HOME}/.local/share/gvfs-metadata/ (LP: #807507)
 -- Jamie Strandboge <email address hidden> Mon, 11 Jul 2011 08:29:21 -0500

Changed in evince (Ubuntu):
status: In Progress → Fix Released
Sergio Gelato (sergio-gelato) wrote :

Also seen on lucid, at least when booted into a 2.6.38 kernel (from linux-image-generic-lts-backport-natty).

Peter Schwenk (schwenk) wrote :

This bug exists in 10.04 LTS (evince 2.30.3-0ubuntu1.2)


I see the same kind of message in my /var/log/syslog file after an upgrade from 12.04 to 12.10.

[ 1111.398958] type=1400 audit(1352302639.649:45): apparmor="DENIED" operation="link" parent=1 profile="/usr/bin/evince" name="/home/fujisan/.local/share/gvfs-metadata/.openU2W4MW" pid=7087 comm="pool" requested_mask="l" denied_mask="l" fsuid=1010 ouid=1010 target="/home/fujisan/.local/share/gvfs-metadata/home"
[ 1111.402288] type=1400 audit(1352302639.653:46): apparmor="DENIED" operation="link" parent=1 profile="/usr/bin/evince" name="/home/fujisan/.local/share/gvfs-metadata/.openPNZ4MW" pid=7087 comm="pool" requested_mask="l" denied_mask="l" fsuid=1010 ouid=1010 target="/home/fujisan/.local/share/gvfs-metadata/home-f0690307.log"

I do not see these messages on another machine I upgraded the same way.

Also, I am unable to print 2 pages / sheet, but I do not have this problem for the 2nd machine.

Is this problem related to the two-sided printing?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers