Bug#921532: evince: can't open a pdf from firefox (apparmor error)
On 2/6/19 4:54 PM, Simon McVittie wrote: > On Wed, 06 Feb 2019 at 16:20:32 +0100, Julien Cristau wrote: >> trying to open a pdf file from my local firefox installs fails, with a >> message like the below in the kernel log: >> >> [239440.060481] audit: type=1400 audit(1549462128.942:91): apparmor="DENIED" >> operation="file_mmap" profile="/usr/bin/evince" >> name="/home/jcristau/firefox/beta/firefox/libnss3.so" pid=4992 >> comm="EvJobScheduler" requested_mask="m" denied_mask="m" fsuid=1000 ouid=1000 >> [239440.062127] audit: type=1400 audit(1549462128.942:92): apparmor="DENIED" >> operation="file_mmap" profile="/usr/bin/evince" >> name="/home/jcristau/firefox/beta/firefox/libnss3.so" pid=4992 >> comm="EvJobScheduler" requested_mask="m" denied_mask="m" fsuid=1000 ouid=1000 > > I assume your local Firefox build sets a LD_LIBRARY_PATH on itself and its > child processes? > Looks like it does. *sigh* I wonder if we could fix it there to undo its env changes before exec()ing external apps. Cheers, Julien
Bug#921532: evince: can't open a pdf from firefox (apparmor error)
On Wed, Feb 06, 2019 at 04:20:32PM +0100, Julien Cristau wrote: > [239440.060481] audit: type=1400 audit(1549462128.942:91): apparmor="DENIED" > operation="file_mmap" profile="/usr/bin/evince" > name="/home/jcristau/firefox/beta/firefox/libnss3.so" pid=4992 > comm="EvJobScheduler" requested_mask="m" denied_mask="m" fsuid=1000 ouid=1000 > [239440.062127] audit: type=1400 audit(1549462128.942:92): apparmor="DENIED" > operation="file_mmap" profile="/usr/bin/evince" > name="/home/jcristau/firefox/beta/firefox/libnss3.so" pid=4992 > comm="EvJobScheduler" requested_mask="m" denied_mask="m" fsuid=1000 ouid=1000 > > I'm pretty sure this worked not too long ago. I've no idea why it's > trying to mmap firefox's libnss. Have you set $LD_LIBRARY_PATH, which could cause evince to load the wrong libnss?
Bug#921532: evince: can't open a pdf from firefox (apparmor error)
On Wed, 06 Feb 2019 at 16:20:32 +0100, Julien Cristau wrote: > trying to open a pdf file from my local firefox installs fails, with a > message like the below in the kernel log: > > [239440.060481] audit: type=1400 audit(1549462128.942:91): apparmor="DENIED" > operation="file_mmap" profile="/usr/bin/evince" > name="/home/jcristau/firefox/beta/firefox/libnss3.so" pid=4992 > comm="EvJobScheduler" requested_mask="m" denied_mask="m" fsuid=1000 ouid=1000 > [239440.062127] audit: type=1400 audit(1549462128.942:92): apparmor="DENIED" > operation="file_mmap" profile="/usr/bin/evince" > name="/home/jcristau/firefox/beta/firefox/libnss3.so" pid=4992 > comm="EvJobScheduler" requested_mask="m" denied_mask="m" fsuid=1000 ouid=1000 I assume your local Firefox build sets a LD_LIBRARY_PATH on itself and its child processes? If so, I'm not sure there's much that evince can do about that. (If desktop file-handling was delegated to a D-Bus API, a bit like the way flatpak-xdg-utils' xdg-open reimplementation works, then that would solve this sort of thing forever... but that doesn't currently exist.) smcv
Bug#921532: evince: can't open a pdf from firefox (apparmor error)
Package: evince Version: 3.30.2-3 Severity: important Hi, trying to open a pdf file from my local firefox installs fails, with a message like the below in the kernel log: [239440.060481] audit: type=1400 audit(1549462128.942:91): apparmor="DENIED" operation="file_mmap" profile="/usr/bin/evince" name="/home/jcristau/firefox/beta/firefox/libnss3.so" pid=4992 comm="EvJobScheduler" requested_mask="m" denied_mask="m" fsuid=1000 ouid=1000 [239440.062127] audit: type=1400 audit(1549462128.942:92): apparmor="DENIED" operation="file_mmap" profile="/usr/bin/evince" name="/home/jcristau/firefox/beta/firefox/libnss3.so" pid=4992 comm="EvJobScheduler" requested_mask="m" denied_mask="m" fsuid=1000 ouid=1000 I'm pretty sure this worked not too long ago. I've no idea why it's trying to mmap firefox's libnss. Cheers, Julien -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (900, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages evince depends on: ii dconf-gsettings-backend [gsettings-backend] 0.30.1-2 ii evince-common3.30.2-3 ii gsettings-desktop-schemas3.28.1-1 ii libatk1.0-0 2.30.0-2 ii libc62.28-5 ii libcairo-gobject21.16.0-2 ii libcairo21.16.0-2 ii libevdocument3-4 3.30.2-3 ii libevview3-3 3.30.2-3 ii libgdk-pixbuf2.0-0 2.38.0+dfsg-7 ii libglib2.0-0 2.58.2-3 ii libgnome-desktop-3-173.30.2-4 ii libgtk-3-0 3.24.4-1 ii libnautilus-extension1a 3.30.5-1 ii libpango-1.0-0 1.42.4-6 ii libpangocairo-1.0-0 1.42.4-6 ii libsecret-1-00.18.7-1 ii shared-mime-info 1.10-1 Versions of packages evince recommends: ii dbus-user-session [default-dbus-session-bus] 1.12.12-1 ii dbus-x11 [dbus-session-bus] 1.12.12-1 Versions of packages evince suggests: ii gvfs 1.38.1-2+b1 ii nautilus-sendto 3.8.6-3 ii poppler-data 0.4.9-2 pn unrar -- no debconf information