Ubuntu
evince package

changes to toolbar don't persist under GNOME3 with non standard userdirs (due to apparmor restrictions)

Bug #1016103 reported by Dan Eicher
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
evince (Ubuntu)
Fix Released
Low
Unassigned

Bug Description

When you drop an icon on the toolbar in ubuntu 12.04 it stays after you close/reopen evince.

In ubuntu 12.04 evince does not seem to be able to save it's change in settings, perhaps the dialog below would be helpful to a developer.

machine1% evince

(evince:21345): EggSMClient-WARNING **: Failed to connect to the session manager: None of the authentication protocols specified are supported

(evince:21345): Gtk-WARNING **: Attempting to read the recently used resources file at `/homes/dhe/.local/share/recently-used.xbel', but the parser failed: Failed to open file '/homes/dhe/.local/share/recently-used.xbel': Permission denied.

(evince:21345): GLib-GObject-WARNING **: instance with invalid (NULL) class pointer

(evince:21345): GLib-GObject-CRITICAL **: g_signal_handlers_disconnect_matched: assertion `G_TYPE_CHECK_INSTANCE (instance)' failed

(evince:21345): GLib-GObject-WARNING **: instance of invalid non-instantiatable type `<invalid>'

(evince:21345): GLib-GObject-CRITICAL **: g_signal_handlers_disconnect_matched: assertion `G_TYPE_CHECK_INSTANCE (instance)' failed
I/O error : Permission denied
I/O error : Permission denied

** (evince:21345): WARNING **: Failed to write XML data to /homes/dhe/.config/evince/evince_toolbar.xml.tmp

(evince:21345): Gtk-WARNING **: Attempting to store changes into `/homes/dhe/.local/share/recently-used.xbel', but failed: Failed to create file '/homes/dhe/.local/share/recently-used.xbel.K83OGW': Permission denied

(evince:21345): Gtk-WARNING **: Attempting to set the permissions of `/homes/dhe/.local/share/recently-used.xbel', but failed: Permission denied

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: evince 3.4.0-0ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-25.40-generic 3.2.18
Uname: Linux 3.2.0-25-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu8
Architecture: amd64
Date: Thu Jun 21 11:12:43 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Beta amd64 (20120328)
KernLog:

ProcEnviron:
 TERM=xterm
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/usr/local/bin/tcsh
SourcePackage: evince
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Dan Eicher (dhe) wrote :
Revision history for this message
Sebastien Bacher (seb128) wrote :

thank you for your bug report but it seems a permission issue for your user, could you run those commands and copy the output here:
- ls -ld /homes/dhe/.config
- ls -ld /homes/dhe/.local
- ls -ld /homes/dhe/.local/share

Changed in evince (Ubuntu):
status: New → Incomplete
importance: Undecided → Low
Revision history for this message
Dan Eicher (dhe) wrote :

machine1:116% ls -ld /cise/homes/dhe/.config
drwx------+ 32 dhe staff 35 Jun 20 12:05 /homes/dhe/.config/

machine1:117% ls -ld /homes/dhe/.local
drwx------+ 3 dhe staff 3 May 1 2007 /homes/dhe/.local/

machine1:120% ls -ld /homes/dhe/.local/share
drwx------+ 16 dhe staff 20 Jun 21 09:49 /homes/dhe/.local/share/

Revision history for this message
Sebastien Bacher (seb128) wrote :

can you manually edit files in those dirs?

Revision history for this message
Dan Eicher (dhe) wrote :

machine1:136% pwd
/homes/dhe/.local/share

machine1:137% ls
applications/ evolution/ icc/ rhythmbox/ Trash/ webkit/
desktop-couch/ gsettings-data-convert recently-used.xbel totem/ ubuntuone/ zeitgeist/
desktop-directories/ gvfs-metadata/ recently-used.xbel.JK0ACW tracker/ vlc/

machine1:138% touch testfile
machine1:139% vi testfile
machine1:140% cat testfile
I'm a test file

machine1:141% pwd
/homes/dhe/.local/share

machine:142% ls -al testfile
-rw-------+ 1 dhe cstaff 17 Jun 21 13:10 testfile

Ditto with config

Revision history for this message
Sebastien Bacher (seb128) wrote :

does "sudo aa-complain evince" workaround the issue? your userdir is an nfs one right?

Revision history for this message
Dan Eicher (dhe) wrote :

Workstations are on ldap, user accounts can not sudo.
All home directories are automounted (nfs3).

I think you nailed down the problem....

syslog.1:Jun 20 12:15:31 localhost kernel: [169711.537510] type=1400 audit(1340208931.890:206): apparmor="DENIED" operation="chmod" parent=20817 profile="/usr/bin/evince" name="/homes/dhe/.config/ibus/bus/" pid=4376 comm="evince" requested_mask="w" denied_mask="w" fsuid=7868 ouid=7868
syslog.1:Jun 20 12:15:31 localhost kernel: [169711.570877] type=1400 audit(1340208931.922:207): apparmor="DENIED" operation="open" parent=20817 profile="/usr/bin/evince" name="/homes/dhe/.Xauthority" pid=4376 comm="evince" requested_mask="r" denied_mask="r" fsuid=7868 ouid=7868
syslog.1:Jun 20 12:15:31 localhost kernel: [169711.574423] type=1400 audit(1340208931.926:208): apparmor="DENIED" operation="open" parent=20817 profile="/usr/bin/evince" name="/homes/dhe/.Xauthority" pid=4376 comm="evince" requested_mask="r" denied_mask="r" fsuid=7868 ouid=7868
syslog.1:Jun 20 12:15:31 localhost kernel: [169711.577703] type=1400 audit(1340208931.930:209): apparmor="DENIED" operation="open" parent=20817 profile="/usr/bin/evince" name="/homes/dhe/.Xauthority" pid=4376 comm="evince" requested_mask="r" denied_mask="r" fsuid=7868 ouid=7868
syslog.1:Jun 20 12:15:38 localhost kernel: [169717.722484] type=1400 audit(1340208938.074:210): apparmor="DENIED" operation="mknod" parent=20817 profile="/usr/bin/evince" name="/homes/dhe/.config/evince/accels.EDZ5FW" pid=4376 comm="evince" requested_mask="c" denied_mask="c" fsuid=7868 ouid=7868
syslog.1:Jun 20 12:15:38 localhost kernel: [169717.724879] type=1400 audit(1340208938.078:211): apparmor="DENIED" operation="mknod" parent=20817 profile="/usr/bin/evince" name="/homes/dhe/.local/share/recently-used.xbel.05T5FW" pid=4376 comm="evince" requested_mask="c" denied_mask="c" fsuid=7868 ouid=7868
syslog.1:Jun 20 12:15:38 localhost kernel: [169717.724974] type=1400 audit(1340208938.078:212): apparmor="DENIED" operation="chmod" parent=20817 profile="/usr/bin/evince" name="/homes/dhe/.local/share/recently-used.xbel" pid=4376 comm="evince" requested_mask="w" denied_mask="w" fsuid=7868 ouid=7868

Sebastien Bacher (seb128)
Changed in evince (Ubuntu):
status: Incomplete → New
Revision history for this message
Sebastien Bacher (seb128) wrote :

Ok, I checked with our security team and they say it's due to your non standard /homes (i.e the "s" at the end), for such setups you need to tweak the apparmor rules as indicated on https://wiki.ubuntu.com/DebuggingApparmor#Adjusting_Tunables

Setting as invalid, it's not really a bug, non standard setups require some tweaking in configurations

Changed in evince (Ubuntu):
status: New → Invalid
Revision history for this message
Margarita Manterola (marga-9) wrote :

I disagree with the assesment. Users under GNOME 3 have also the issue that settings cannot be saved, and the fix is to add this line to /etc/apparmor.d/usr.bin.evince:

 @{HOME}/.config/evince/* rwl,

Regardless of how weird the path to the home is, if it correctly maps to @{HOME} then it shouldn't be a problem for apparmor.

Changed in evince (Ubuntu):
status: Invalid → Confirmed
Sebastien Bacher (seb128)
tags: added: apparmor
Sebastien Bacher (seb128)
summary: - evince unable to save changes to toolbar
+ changes to toolbar don't persist under GNOME3 with non standard userdirs
+ (due to apparmor restrictions)
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This bug has morphed into something else. It started as needing to set tunables but is now that we need:
 owner @{HOME}/.config/evince/* rwl,

This access is totally reasonable and I'll add it now.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package evince - 3.10.3-0ubuntu13

---------------
evince (3.10.3-0ubuntu13) utopic; urgency=medium

  * debian/apparmor-profile.abstraction: allow rw to ~/.config/evince
    (LP: #1016103)
 -- Jamie Strandboge <email address hidden> Fri, 06 Jun 2014 13:03:06 -0500

Changed in evince (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.