Debian 11: evince and apparmor flood kernel log

To: debian-user Mailing List <debian-user@lists.debian.org>
Subject: Debian 11: evince and apparmor flood kernel log
From: Roger Price <debian@rogerprice.org>
Date: Fri, 17 Sep 2021 22:54:32 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.20.2109172208160.3994@maria.rogerprice.org>

In Debian 11, evince has an appamor profile which floods the kernel log withhundreds of messages of the style:


 [24216.325764] audit: type=1400 audit(1631892398.580:255): apparmor="DENIED"
  operation="open" profile="/usr/bin/evince"
  name="/mnt/home/rprice/.local/share/gvfs-metadata/home" pid=2229
  comm="pool-evince" requested_mask="r" denied_mask="r" fsuid=2108 ouid=2108

and floods the console with messages such as

 (evince:2869): GVFS-WARNING **: 22:18:18.510: can't init metadata tree /mnt/home/rprice/.local/share/gvfs-metadata/home: open: Permission denied
 ** (evince:2869): WARNING **: 22:18:18.510: Error setting file metadata: canʼt open metadata tree

Command ls -l /mnt/home/rprice/.local/share/gvfs-metadata/home reports

 -rw------- 1 rprice cs-users 800 Aug 18 10:48 /mnt/home/rprice/.local/share/gvfs-metadata/home

Quoting file /etc/apparmor.d/usr.bin.evince:

 # evince is not written with application confinement in mind and is designed to
 # operate within a trusted desktop session where anything running within the
 # user's session is trusted.

I solved the problem by switching to mupdf, but mupdf is not as complete asevince.


Is there some way of calming evince+appamor?

Roger

Reply to:

Follow-Ups:
- Re: Debian 11: evince and apparmor flood kernel log
  - From: Reco <recoverym4n@enotuniq.net>
- Re: Debian 11: evince and apparmor flood kernel log
  - From: Klaus Singvogel <deb-user-ml@singvogel.net>

Prev by Date: Re: Debian bullseye
Next by Date: Re: Debian bullseye
Previous by thread: Re: Debian bullseye
Next by thread: Re: Debian 11: evince and apparmor flood kernel log
Index(es):
- Date
- Thread