permission denied: /usr/bin/{mktexpk,mktextfm}
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
[impact]
This bug prevents viewing dvi files with evince while confined by
apparmor.
[steps to reproduce]
1) install evince, ensure evince apparmor policy is enabled
2) view a dvi with evince
3) with the fix applied, evince should be able to display the dvi
document and should not generate apparmor rejections in syslog
[regression potential]
The change in the patch for this bug is a loosening of the apparmor
policy for the sanitized helpers of evince. The risk of an introduced
regression is small.
[original description]
1) lsb_release -rd
Description: Ubuntu Vivid Vervet (development branch)
Release: 15.04
2) apt-cache policy evince apparmor texlive
evince:
Installed: 3.14.1-0ubuntu1
Candidate: 3.14.1-0ubuntu1
Version table:
*** 3.14.1-0ubuntu1 0
500 http://
100 /var/lib/
apparmor:
Installed: 2.8.98-0ubuntu4
Candidate: 2.8.98-0ubuntu4
Version table:
*** 2.8.98-0ubuntu4 0
500 http://
100 /var/lib/
texlive:
Installed: 2014.20141024-
Candidate: 2014.20141024-
Version table:
*** 2014.20141024-
500 http://
100 /var/lib/
3) What is expected to happen is when one attempts to open https:/
4) What happens instead is it hangs indefinitely, as per output of running evince via a terminal https:/
https:/
However, attempting to disable the offending profile fails:
sudo aa-complain /usr/bin/
/usr/bin/
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: texlive-binaries 2009-11ubuntu2
ProcVersionSign
Uname: Linux 3.2.0-24-generic x86_64
ApportVersion: 2.0.1-0ubuntu8
Architecture: amd64
Date: Sat Jun 9 17:05:03 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
ProcEnviron:
TERM=xterm
PATH=(custom, user)
LANG=de_DE.UTF-8
SHELL=/bin/zsh
SourcePackage: texlive-bin
UpgradeStatus: No upgrade log present (probably fresh install)
tags: | added: regression-release |
ah, I should've said that it the output is from evince.
Second: This does not happen under Ubuntu 10.04.