Bug#870807: apparmor: new /run/user/*/wayland-cursor-* missing - breaks evince

[Alban Browaeys]

Package: apparmor
Version: 2.11.0-6+b2
Severity: important

apparmor wayland cursor's users need a new item:
/run/user/*/wayland-cursor-*

I applied it to the whole wayland abstraction.

On my box I appended it to the list in 
/etc/apparmor.d/abstractions/wayland :
  owner /run/user/*/{mesa,mutter,sdl,weston,xwayland,wayland-cursor}-shared-* 
rw,

now all is fine.

Best regards
Alban

journald:
août 05 10:23:32 cyclope audit[3141]: AVC apparmor="DENIED" operation="mknod" 
profile="/usr/bin/evince" name="/run/user/1000/wayland-cursor-shared-1UbRJA" 
pid=3141 comm="evince" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
août 05 10:23:32 cyclope audit[3141]: SYSCALL arch=c000003e syscall=2 
success=no exit=-13 a0=c7bd6462a0 a1=800c2 a2=180 a3=1774627f0ba103 items=0 
ppid=27393 pid=3141 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 
egid=1000 sgid=1000 fsgid=1000 tty=pts0 ses=18 comm="evince" 
exe="/usr/bin/evince" key=(null)
août 05 10:23:32 cyclope audit: PROCTITLE 
proctitle=6576696E6365002E2F72656375705F6469722E342F66313839393337355F6D6F64656C652D67657374696F6E2D657863657074696F6E732E5044462E706466
août 05 10:23:32 cyclope kernel: audit: type=1400 audit(1501921412.393:72475): 
apparmor="DENIED" operation="mknod" profile="/usr/bin/evince" 
name="/run/user/1000/wayland-cursor-shared-1UbRJA" pid=3141 comm="evince" 
requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
août 05 10:23:32 cyclope kernel: audit: type=1300 audit(1501921412.393:72475): 
arch=c000003e syscall=2 success=no exit=-13 a0=c7bd6462a0 a1=800c2 a2=180 
a3=1774627f0ba103 items=0 ppid=27393 pid=3141 auid=1000 uid=1000 gid=1000 
euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts0 ses=18 
comm="evince" exe="/usr/bin/evince" key=(null)
août 05 10:23:32 cyclope kernel: audit: type=1327 audit(1501921412.393:72475): 
proctitle=6576696E6365002E2F72656375705F6469722E342F66313839393337355F6D6F64656C652D67657374696F6E2D657863657074696F6E732E5044462E706466

Running evince I get a segfault:
Gdk:ERROR:/build/gtk+3.0-uqUKHM/gtk+3.0-3.22.17/./gdk/wayland/gdkdisplay-wayland.c:1039:_gdk_wayland_display_get_scaled_cursor_theme:
 assertion failed: (display_wayland->cursor_theme_name)
Abandon (core dumped)


also reported at:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1708753




-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.11.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apparmor depends on:
ii  debconf              1.5.63
ii  init-system-helpers  1.49
ii  libapparmor-perl     2.11.0-6+b2
ii  libc6                2.24-14
ii  lsb-base             9.20161125
ii  python3              3.5.3-3

apparmor recommends no packages.

Versions of packages apparmor suggests:
ii  apparmor-profiles        2.11.0-6
ii  apparmor-profiles-extra  1.12
ii  apparmor-utils           2.11.0-6+b2

-- Configuration Files:
/etc/apparmor.d/abstractions/wayland changed:
  owner /var/run/user/*/weston-shared-* rw,
  owner /run/user/*/wayland-[0-9]* rw,
  owner /run/user/*/{mesa,mutter,sdl,weston,xwayland,wayland-cursor}-shared-* 
rw,


-- debconf information:
  apparmor/homedirs: