Package: evince Version: 43.1-2+b1 Severity: important Hello,
It seems that the AppArmor profile is not allowing evince to read file accessed via the GVFS on Google drive (and probably other integrations) I get the following denials: type=AVC msg=audit(1674751821.962:528): apparmor="DENIED" operation="open" profile="/usr/bin/evince" name="/run/user/1000/gvfs/google-drive:host=example.com,user=foo/<path>" pid=11026 comm="EvJobScheduler" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000FSUID="bigon" OUID="bigon" Adding the following rule is allowing me to read my files, but I'm not sure that enough or consistant with the other rules (shouldn't write access be allowed too?): /{,var/}run/user/*/gvfs/** r, Kind regards, Laurent Bigonville -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-2-amd64 (SMP w/12 CPU threads; PREEMPT) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages evince depends on: ii dconf-gsettings-backend [gsettings-backend] 0.40.0-4 ii evince-common 43.1-2 ii gsettings-desktop-schemas 43.0-1 ii libatk1.0-0 2.46.0-4 ii libc6 2.36-8 ii libcairo-gobject2 1.16.0-7 ii libcairo2 1.16.0-7 ii libevdocument3-4 43.1-2+b1 ii libevview3-3 43.1-2+b1 ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+b1 ii libglib2.0-0 2.74.5-1 ii libgnome-desktop-3-20 43.1-1 ii libgtk-3-0 3.24.36-2 ii libhandy-1-0 1.8.0-1 ii libpango-1.0-0 1.50.12+ds-1 ii libpangocairo-1.0-0 1.50.12+ds-1 ii libsecret-1-0 0.20.5-3 ii shared-mime-info 2.2-1 Versions of packages evince recommends: ii dbus-user-session [default-dbus-session-bus] 1.14.4-1 Versions of packages evince suggests: ii gvfs 1.50.3-1 pn nautilus-sendto <none> ii poppler-data 0.4.11-1 pn unrar <none> -- no debconf information