Looks like we get this if evince is update, apparmor is not, and a link in a pdf is clicked:
Jul 06 18:36:59 j-evince kernel: audit: type=1400 audit(1688668619.304:78): apparmor="DENIED" operation="exec" info="profile transition not found" error=-13 profile="/usr/bin/evince" name="/usr/bin/snap" pid=2246 comm="env" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 The end result seems the same: permission denied, link isn't opened, the evince gui just does nothing, the console (if launched from a terminal) saya "env: '/snap/bin/firefox': Permission denied If Georgia can confirm this is the worst that can happen by not having the Recommends on the updated apparmor profile, then I think it's ok to leave it out, but would be good to have confirmation from @vorlon, as he raised the objection and it's not clear if he saw Georgia's comment. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1794064 Title: Clicking a hyperlink in a PDF fails to open it if the default browser is a snap Status in apparmor package in Ubuntu: Fix Released Status in evince package in Ubuntu: Fix Released Status in apparmor source package in Jammy: Fix Committed Status in evince source package in Jammy: In Progress Status in apparmor source package in Lunar: Fix Released Status in evince source package in Lunar: Fix Committed Status in apparmor package in Debian: Unknown Status in evince package in Debian: Confirmed Bug description: [Impact] * Users cannot open a hyperlink in a PDF opened with evince when the default browser is a snap. * The fix creates a snap_browsers abstraction on AppArmor which can be used in a transition for when the browser is executed. The snap_browsers abstraction provides the minimal amount of permissions required to execute a browser provided through snaps. This is a workaround since AppArmor currently does not provide mediation/filtering on enhanced environment variables. [Test Plan] * Make sure the default browser is provided through the snap store. * Open a PDF that contains a hyperlink using evince and click on the URL. * The browser should open the requested URL. [Where problems could occur] * If the browser or snap core update to have new requirements for opening a browser, then the current policy could become obsolete and will need to be updated again. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1794064/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
