The main issue is that I still wasn't able to reproduce it locally.
Dan, could you check if this issue still happens with the unprivileged user
namespace restriction disabled?
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
Please note that this makes your setup vulnerable, so I
Verification done as part of Bug 2064672
** Tags removed: verification-needed verification-needed-noble
** Tags added: verification-done verification-done-noble
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to devhelp in Ubuntu.
Thanks. That version should have the nautilus profile that makes the
thumbnails appear, so we will need to dig a bit deeper.
Could you paste the results of the following command? This will show us if
there is a profile for nautilus loaded and it should look something like this
$ sudo aa-status
If you're still running into this issue, do you mind sharing which AppArmor
version are you running? For that you can run
apt-cache policy apparmor
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to nautilus in Ubuntu.
Erich Eickmeyer, I don't have a Tuxedo Computer to test, so could you
please check if the following profile works for you?
$ echo "# This profile allows everything and only exists to give the
# application a name instead of having the label "unconfined"
abi ,
include
profile
This issue should be fixed by apparmor 4.0.0~beta2-0ubuntu3 which is
currently in -proposed
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to nautilus in Ubuntu.
https://bugs.launchpad.net/bugs/2047256
Title:
Ubuntu 24.04 Some image
** Changed in: devhelp (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: devhelp (Ubuntu)
Assignee: (unassigned) => Georgia Garcia (georgiag)
** Changed in: epiphany-browser (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: epiphany-browse
*** This bug is a duplicate of bug 2046844 ***
https://bugs.launchpad.net/bugs/2046844
Hi!
I'm marking this bug as a duplicate of 2046844.
AppArmor version 4.0.0~alpha4-0ubuntu1 was just uploaded to proposed and it
adds a profile for evolution.
--
You received this bug notification because
*** This bug is a duplicate of bug 2046844 ***
https://bugs.launchpad.net/bugs/2046844
** This bug has been marked a duplicate of bug 2046844
AppArmor user namespace creation restrictions cause many applications to
crash with SIGTRAP
--
You received this bug notification because you are
Hi Gerard
Brave does not work currently because we only added support to Chromium,
Firefox and Opera as you can see in the current snap_browsers abstraction [1].
I'm adding Brave support as well [2].
While that change is not applied to the apparmor package, as a workaround, you
could apply the
The autopkgtests for apparmor failed for the evince update because the
test requires the apparmor update which is also in proposed
https://launchpad.net/ubuntu/+source/apparmor/3.0.4-2ubuntu2.3 but it is
not a regression.
--
You received this bug notification because you are a member of Ubuntu
Reuploading because I had a conflicting version with what was rejected
in -proposed
** Patch added: "evince_42.3-0ubuntu3.2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5711859/+files/evince_42.3-0ubuntu3.2.debdiff
--
You received this bug notification
** Patch removed: "evince_42.3-0ubuntu3.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5711419/+files/evince_42.3-0ubuntu3.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in
Hi! You're right, I forgot to request a sponsorship.
I uploaded the patch for evince/jammy, could you take a look and sponsor
if possible? Thanks
** Patch added: "evince_42.3-0ubuntu3.1.debdiff"
Andreas, Jeremy, you are correct. The worst that could happen is the
same behavior we have currently: when we click a URL the browser does
not open, we get a denied log and evince prints "Permission denied".
My previous statement that profile loading could fail if apparmor did
not find
I have verified on lunar with both apparmor and evince packages updated
from the proposed pocket, it works as expected.
** Tags removed: verification-needed-lunar
** Tags added: verification-done-lunar
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which
Steve, the snap_browsers abstractions needed an update because the
abstraction had not been updated in an year and the snap browsers now
required read and lock permissions to the file
/var/lib/snapd/inhibit/{browser-name}.lock, but this was also submitted,
approved and merged upstream:
Hi Steve.
I updated the patches containing the requested changes and uploaded them to
https://launchpad.net/~georgiag/+archive/ubuntu/lp1794064/+packages
Please let me know if you prefer I attached the debdiffs here.
I'm resubscribing ~ubuntu-sponsors. Thanks
** Patch removed:
I made some changes to the patches I submitted previously. In summary, I added
permission to Xauthority files in the AppArmor abstraction and changed the
dependency of AppArmor in Evince to "Recommends".
Please let me know if it looks okay or if there's any changes I should do
They are in
@Sebastien, yes, I asked people from the security team to sponsor it but
we are still reviewing the snap_browsers abstraction. We are denying
access to /run/user/[0-9]*/gdm/Xauthority in the policy but if that was
the case, then the browser should not have been able to open, but it
does open so we
@Sebastien, yes, just did. Thank you!
I also attached the debdiffs for evince and apparmor for bionic, focal, impish
and jammy. They were also uploaded into the Security Proposed PPA:
https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages?field.name_filter=apparmor
** Patch added: "apparmor_2.13.3-7ubuntu5.2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581884/+files/apparmor_2.13.3-7ubuntu5.2.debdiff
** Patch removed: "apparmor_3.0.3-0ubuntu1.1.debdiff"
** Patch added: "apparmor_2.12-4ubuntu5.2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581885/+files/apparmor_2.12-4ubuntu5.2.debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in
** Patch added: "apparmor_3.0.3-0ubuntu1.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581883/+files/apparmor_3.0.3-0ubuntu1.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince
** Patch added: "apparmor_3.0.3-0ubuntu1.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581882/+files/apparmor_3.0.3-0ubuntu1.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince
** Patch added: "apparmor_3.0.4-2ubuntu3.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581881/+files/apparmor_3.0.4-2ubuntu3.debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in
** Patch added: "evince_3.28.4-0ubuntu1.3.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581880/+files/evince_3.28.4-0ubuntu1.3.debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in
** Patch added: "evince_3.36.10-0ubuntu1.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581879/+files/evince_3.36.10-0ubuntu1.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince
** Patch added: "evince_40.4-2ubuntu0.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581878/+files/evince_40.4-2ubuntu0.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in
** Patch added: "evince_42.1-3ubuntu1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581877/+files/evince_42.1-3ubuntu1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ubuntu.
** Description changed:
- This is related to bug #1792648. After fixing that one (see discussion
- at https://salsa.debian.org/gnome-team/evince/merge_requests/1),
- clicking a hyperlink in a PDF opens it correctly if the default browser
- is a well-known application (such as /usr/bin/firefox),
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Georgia Garcia (georgiag)
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/1794064
Title:
Clicking a hyperl
I'm working on a SRU for apparmor and evince to introduce the snap_browsers
abstraction on apparmor as a workaround for this issue.
It is based on these two merge requests from upstream:
https://gitlab.com/apparmor/apparmor/-/merge_requests/806
I was able to reproduce this issue on focal and bionic but not on
impish. I'm still investigating why, since I don't see any changes in
policies that might affect this issue, but I could have missed
something.
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs,
** Changed in: evince (Ubuntu)
Assignee: (unassigned) => Georgia Garcia (georgiag)
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/1794064
Title:
Clicking a hyperlink in a
35 matches
Mail list logo