Ubuntu
apparmor package

apparmor disallows launching chromium from evince

Bug #448812 reported by Alexander Jones
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Fix Released
Medium
Jamie Strandboge
Ubuntu ubuntu-9.10
Karmic
Fix Released
Medium
Jamie Strandboge
Ubuntu ubuntu-9.10

Bug Description

Binary package hint: evince

[23441.782792] type=1503 audit(1255277646.377:25): operation="exec" pid=14463 parent=14462 profile="/usr/bin/evince" requested_mask="::x" denied_mask="::x" fsuid=1000 ouid=0 name="/usr/lib/chromium-browser/chromium-browser"

I notice this is "Fixed Released" for Firefox. I hope that AppArmor doesn't require us to hardcode browsers.

ProblemType: Bug
Architecture: amd64
Date: Sun Oct 11 17:16:24 2009
DistroRelease: Ubuntu 9.10
KernLog:

NonfreeKernelModules: wl nvidia
Package: evince 2.28.0-0ubuntu2
ProcEnviron:
 PATH=(custom, user)
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-13.44-generic
SourcePackage: evince
Uname: Linux 2.6.31-13-generic x86_64

Revision history for this message
Alexander Jones (alex-weej) wrote :
Revision history for this message
Sebastien Bacher (seb128) wrote :

there is an ubuntu-browser class which lists known options

affects: evince (Ubuntu) → apparmor (Ubuntu)
affects: apparmor (Ubuntu) → evince (Ubuntu)
affects: evince (Ubuntu) → apparmor (Ubuntu)
affects: apparmor (Ubuntu) → evince (Ubuntu)
Revision history for this message
Sebastien Bacher (seb128) wrote :

wrong bug changed...

affects: evince (Ubuntu) → apparmor (Ubuntu)
affects: apparmor (Ubuntu) → evince (Ubuntu)
affects: evince (Ubuntu) → apparmor (Ubuntu)
Jamie Strandboge (jdstrand)
Changed in apparmor (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → Medium
milestone: none → ubuntu-9.10
status: New → Triaged
summary: - Can't launch links in Evince due to AppArmor restrictions
+ apparmor disallows launching chromium from evince
Changed in apparmor (Ubuntu Karmic):
status: Triaged → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.3.1+1403-0ubuntu26

---------------
apparmor (2.3.1+1403-0ubuntu26) karmic; urgency=low

  * abstractions/ubuntu-browsers: add Dooble
  * abstractions/ubuntu-browsers: add chromium (LP: #448812)
  * abstractions/gnome: add read for /etc/orbitrc
  * abstractions/audio: add read for /etc/pulse/* for when ~/.pulse/* doesn't
    exist and these files are used for fallback

 -- Jamie Strandboge <email address hidden> Wed, 14 Oct 2009 07:59:03 -0500

Changed in apparmor (Ubuntu Karmic):
status: Fix Committed → Fix Released
Revision history for this message
Ernst (ernst-blaauw) wrote :

I use the chromium-daily ppa for installing this browser. I still cannot open links from evince in chromium.

The executable is located in /usr/bin/ (/usr/bin/chromium-browser). Thus, the line /usr/lib/chromium-browser/chromium-browser Ux, is not correct for my installation. Can /usr/bin/chromium-browser be added to the allowed browsers?

$ apt-cache policy apparmor
apparmor:
  Installed: 2.3.1+1403-0ubuntu27.1
  Candidate: 2.3.1+1403-0ubuntu27.1
  Version table:
 *** 2.3.1+1403-0ubuntu27.1 0
        500 http://nl.archive.ubuntu.com karmic-proposed/main Packages
        100 /var/lib/dpkg/status
     2.3.1+1403-0ubuntu27 0
        500 http://nl.archive.ubuntu.com karmic/main Packages

$ apt-cache policy chromium-browser
chromium-browser:
  Installed: 4.0.233.0~svn20091103r30813-0ubuntu1~ucd1
  Candidate: 4.0.233.0~svn20091103r30813-0ubuntu1~ucd1
  Version table:
 *** 4.0.233.0~svn20091103r30813-0ubuntu1~ucd1 0
        500 http://ppa.launchpad.net karmic/main Packages
        100 /var/lib/dpkg/status

$ which chromium-browser
/usr/bin/chromium-browser

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Ernst, the daily builds seem to use a different path. This will be fixed in the next apparmor upload for the development release. In the meantime, please add to /etc/apparmor.d/abstractions/ubuntu-browsers:
    /usr/bin/chromium-browser Ux,

Then perform:
$ sudo apparmor_parser -T -W -r /etc/apparmor.d/usr.bin.evince

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.