← Back to team overview

touch-packages team mailing list archive

[Bug 1010909] Re: permission denied: /usr/bin/{mktexpk, mktextfm}

 

This will be fixed in wily with apparmor 2.9.2-0ubuntu1. Attached is a
patch for this issue as part of a trusty SRU.

** Patch added: "profiles-texlive_font_generation-lp1010909.patch"
   https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1010909/+attachment/4399534/+files/profiles-texlive_font_generation-lp1010909.patch

** Description changed:

+ [impact]
+ 
+ This bug prevents viewing dvi files with evince while confined by
+ apparmor.
+ 
+ [steps to reproduce]
+ 
+ 1) install evince, ensure evince apparmor policy is enabled
+ 2) view a dvi with evince
+ 3) with the fix applied, evince should be able to display the dvi
+ document and should not generate apparmor rejections in syslog
+ 
+ [regression potential]
+ 
+ The change in the patch for this bug is a loosening of the apparmor
+ policy for the sanitized helpers of evince. The risk of an introduced
+ regression is small.
+ 
+ [original description]
+ 
  1) lsb_release -rd
  Description:	Ubuntu Vivid Vervet (development branch)
  Release:	15.04
  
  2) apt-cache policy evince apparmor texlive
  evince:
-   Installed: 3.14.1-0ubuntu1
-   Candidate: 3.14.1-0ubuntu1
-   Version table:
-  *** 3.14.1-0ubuntu1 0
-         500 http://us.archive.ubuntu.com/ubuntu/ vivid/main amd64 Packages
-         100 /var/lib/dpkg/status
+   Installed: 3.14.1-0ubuntu1
+   Candidate: 3.14.1-0ubuntu1
+   Version table:
+  *** 3.14.1-0ubuntu1 0
+         500 http://us.archive.ubuntu.com/ubuntu/ vivid/main amd64 Packages
+         100 /var/lib/dpkg/status
  apparmor:
-   Installed: 2.8.98-0ubuntu4
-   Candidate: 2.8.98-0ubuntu4
-   Version table:
-  *** 2.8.98-0ubuntu4 0
-         500 http://us.archive.ubuntu.com/ubuntu/ vivid/main amd64 Packages
-         100 /var/lib/dpkg/status
+   Installed: 2.8.98-0ubuntu4
+   Candidate: 2.8.98-0ubuntu4
+   Version table:
+  *** 2.8.98-0ubuntu4 0
+         500 http://us.archive.ubuntu.com/ubuntu/ vivid/main amd64 Packages
+         100 /var/lib/dpkg/status
  texlive:
-   Installed: 2014.20141024-1ubuntu1
-   Candidate: 2014.20141024-1ubuntu1
-   Version table:
-  *** 2014.20141024-1ubuntu1 0
-         500 http://us.archive.ubuntu.com/ubuntu/ vivid/main amd64 Packages
-         100 /var/lib/dpkg/status
+   Installed: 2014.20141024-1ubuntu1
+   Candidate: 2014.20141024-1ubuntu1
+   Version table:
+  *** 2014.20141024-1ubuntu1 0
+         500 http://us.archive.ubuntu.com/ubuntu/ vivid/main amd64 Packages
+         100 /var/lib/dpkg/status
  
  3) What is expected to happen is when one attempts to open
  https://bugs.launchpad.net/ubuntu/+source/texlive-
  bin/+bug/1010909/+attachment/4282336/+files/example.dvi it does so
  successfully.
  
  4) What happens instead is it hangs indefinitely, as per output of running evince via a terminal https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/1010909/+attachment/4282345/+files/error.txt . This would appear to be due to apparmor as per:
  https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/1010909/+attachment/4282344/+files/kern.log
  
  However, attempting to disable the offending profile fails:
  sudo aa-complain /usr/bin/evince//sanitized_helper
  /usr/bin/evince//sanitized_helper does not exist, please double-check the path.
  
  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: texlive-binaries 2009-11ubuntu2
  ProcVersionSignature: Ubuntu 3.2.0-24.39-generic 3.2.16
  Uname: Linux 3.2.0-24-generic x86_64
  ApportVersion: 2.0.1-0ubuntu8
  Architecture: amd64
  Date: Sat Jun  9 17:05:03 2012
  InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
  ProcEnviron:
   TERM=xterm
   PATH=(custom, user)
   LANG=de_DE.UTF-8
   SHELL=/bin/zsh
  SourcePackage: texlive-bin
  UpgradeStatus: No upgrade log present (probably fresh install)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1010909

Title:
  permission denied: /usr/bin/{mktexpk,mktextfm}

Status in apparmor package in Ubuntu:
  Triaged

Bug description:
  [impact]

  This bug prevents viewing dvi files with evince while confined by
  apparmor.

  [steps to reproduce]

  1) install evince, ensure evince apparmor policy is enabled
  2) view a dvi with evince
  3) with the fix applied, evince should be able to display the dvi
  document and should not generate apparmor rejections in syslog

  [regression potential]

  The change in the patch for this bug is a loosening of the apparmor
  policy for the sanitized helpers of evince. The risk of an introduced
  regression is small.

  [original description]

  1) lsb_release -rd
  Description:	Ubuntu Vivid Vervet (development branch)
  Release:	15.04

  2) apt-cache policy evince apparmor texlive
  evince:
    Installed: 3.14.1-0ubuntu1
    Candidate: 3.14.1-0ubuntu1
    Version table:
   *** 3.14.1-0ubuntu1 0
          500 http://us.archive.ubuntu.com/ubuntu/ vivid/main amd64 Packages
          100 /var/lib/dpkg/status
  apparmor:
    Installed: 2.8.98-0ubuntu4
    Candidate: 2.8.98-0ubuntu4
    Version table:
   *** 2.8.98-0ubuntu4 0
          500 http://us.archive.ubuntu.com/ubuntu/ vivid/main amd64 Packages
          100 /var/lib/dpkg/status
  texlive:
    Installed: 2014.20141024-1ubuntu1
    Candidate: 2014.20141024-1ubuntu1
    Version table:
   *** 2014.20141024-1ubuntu1 0
          500 http://us.archive.ubuntu.com/ubuntu/ vivid/main amd64 Packages
          100 /var/lib/dpkg/status

  3) What is expected to happen is when one attempts to open
  https://bugs.launchpad.net/ubuntu/+source/texlive-
  bin/+bug/1010909/+attachment/4282336/+files/example.dvi it does so
  successfully.

  4) What happens instead is it hangs indefinitely, as per output of running evince via a terminal https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/1010909/+attachment/4282345/+files/error.txt . This would appear to be due to apparmor as per:
  https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/1010909/+attachment/4282344/+files/kern.log

  However, attempting to disable the offending profile fails:
  sudo aa-complain /usr/bin/evince//sanitized_helper
  /usr/bin/evince//sanitized_helper does not exist, please double-check the path.

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: texlive-binaries 2009-11ubuntu2
  ProcVersionSignature: Ubuntu 3.2.0-24.39-generic 3.2.16
  Uname: Linux 3.2.0-24-generic x86_64
  ApportVersion: 2.0.1-0ubuntu8
  Architecture: amd64
  Date: Sat Jun  9 17:05:03 2012
  InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
  ProcEnviron:
   TERM=xterm
   PATH=(custom, user)
   LANG=de_DE.UTF-8
   SHELL=/bin/zsh
  SourcePackage: texlive-bin
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1010909/+subscriptions