touch-packages team mailing list archive

Thread
Date
[Bug 1010909] Re: permission denied: /usr/bin/{mktexpk, mktextfm}

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1010909@xxxxxxxxxxxxxxxxxx>
Date: Wed, 20 May 2015 07:44:58 -0000
Reply-to: Bug 1010909 <1010909@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package apparmor - 2.9.2-0ubuntu1

---------------
apparmor (2.9.2-0ubuntu1) wily; urgency=medium

  * Update to apparmor 2.9.2
    - Fix minitools to work with multiple profiles at once (LP: #1378095)
    - Parse mounts that have non-ascii UTF-8 chars (LP: #1310598)
    - Update dovecot profiles (LP: #1296667)
    - Allow ubuntu-helpers to build texlive fonts (LP: #1010909)
  * dropped patches incorporated upstream:
    add-mir-abstraction-lp1422521.patch, systemd-dev-log-lp1413232.patch
    parser-fix_modifier_compilation_+_tests.patch,
    tests-fix_systemd_breakage_in_pivot_root-lp1436109.patch,
    GDM_X_authority-lp1432126.patch, and
    debian/patches/easyprof-framework-policy.patch
  * Partial merge with debian apparmor package:
    - debian/rules: enable the bindnow hardening flag during build.
    - debian/upstream/signing-key.asc: add new upstream public
      signing key
    - debian/watch: fix watch file, add gpg signature checking
    - install libapparmor.so dev symlink under /usr not /lib
    - debian/patches/reproducible-pdf.patch: make techdoc.pdf
      reproducible even in face of timezone variations.
    - debian/control: sync fields
    - debian/debhelper/postrm-apparmor: remove
      /etc/apparmor.d/{disable,} on package purge
    - debian/libapache2-mod-apparmor.postrm: on package purge, delete
      /etc/apparmor.d/{,disable} if empty
    - debian/libapparmor1.symbols: Use Build-Depends-Package in the
      symbols file.
    - debian/copyright: sync

 -- Steve Beattie <sbeattie@xxxxxxxxxx>  Mon, 11 May 2015 22:03:04 -0700

** Changed in: apparmor (Ubuntu)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1010909

Title:
  permission denied: /usr/bin/{mktexpk,mktextfm}

Status in apparmor package in Ubuntu:
  Fix Released

Bug description:
  [impact]

  This bug prevents viewing dvi files with evince while confined by
  apparmor.

  [steps to reproduce]

  1) install evince, ensure evince apparmor policy is enabled
  2) view a dvi with evince
  3) with the fix applied, evince should be able to display the dvi
  document and should not generate apparmor rejections in syslog

  [regression potential]

  The change in the patch for this bug is a loosening of the apparmor
  policy for the sanitized helpers of evince. The risk of an introduced
  regression is small.

  [original description]

  1) lsb_release -rd
  Description:	Ubuntu Vivid Vervet (development branch)
  Release:	15.04

  2) apt-cache policy evince apparmor texlive
  evince:
    Installed: 3.14.1-0ubuntu1
    Candidate: 3.14.1-0ubuntu1
    Version table:
   *** 3.14.1-0ubuntu1 0
          500 http://us.archive.ubuntu.com/ubuntu/ vivid/main amd64 Packages
          100 /var/lib/dpkg/status
  apparmor:
    Installed: 2.8.98-0ubuntu4
    Candidate: 2.8.98-0ubuntu4
    Version table:
   *** 2.8.98-0ubuntu4 0
          500 http://us.archive.ubuntu.com/ubuntu/ vivid/main amd64 Packages
          100 /var/lib/dpkg/status
  texlive:
    Installed: 2014.20141024-1ubuntu1
    Candidate: 2014.20141024-1ubuntu1
    Version table:
   *** 2014.20141024-1ubuntu1 0
          500 http://us.archive.ubuntu.com/ubuntu/ vivid/main amd64 Packages
          100 /var/lib/dpkg/status

  3) What is expected to happen is when one attempts to open
  https://bugs.launchpad.net/ubuntu/+source/texlive-
  bin/+bug/1010909/+attachment/4282336/+files/example.dvi it does so
  successfully.

  4) What happens instead is it hangs indefinitely, as per output of running evince via a terminal https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/1010909/+attachment/4282345/+files/error.txt . This would appear to be due to apparmor as per:
  https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/1010909/+attachment/4282344/+files/kern.log

  However, attempting to disable the offending profile fails:
  sudo aa-complain /usr/bin/evince//sanitized_helper
  /usr/bin/evince//sanitized_helper does not exist, please double-check the path.

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: texlive-binaries 2009-11ubuntu2
  ProcVersionSignature: Ubuntu 3.2.0-24.39-generic 3.2.16
  Uname: Linux 3.2.0-24-generic x86_64
  ApportVersion: 2.0.1-0ubuntu8
  Architecture: amd64
  Date: Sat Jun  9 17:05:03 2012
  InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
  ProcEnviron:
   TERM=xterm
   PATH=(custom, user)
   LANG=de_DE.UTF-8
   SHELL=/bin/zsh
  SourcePackage: texlive-bin
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1010909/+subscriptions