can you look in dmesg or kern.log for the actual apparmor denial? > I have absolutely no idea what "ixr"
allow r (read) permission allow ix == on eXecute inherit the current profile an exec permission can specify different options that should be taken, inherit the current profile, transition to specific profile, transition based on the exec profile name, ... > /usr/bin/firefox ixr, -> error about "option" x being in conflict there is another exec rule that matches and it species that something else should be done. Hence they conflict. > /usr/bin/firefox r, -> does not work > /usr/bin/sh r, -> seems very dangerous & does not work -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/987578 Title: Evince is not allowed to use exo-open Status in apparmor package in Ubuntu: Fix Released Status in evince package in Ubuntu: Fix Released Status in apparmor source package in Precise: Fix Released Status in evince source package in Precise: Fix Released Bug description: Applications aren't able to use exo-open in Xubuntu with apparmor profiles enabled. Test case (apparmor): sudo aa-enforce /etc/apparmor.d/usr.bin.firefox Launch firefox Download a file in Firefox Tools -> Downloads Right Click and open the downloaded file, should fail with the old version and open with the new Test case (evince): Open PDF with a link in it under Xubuntu Click the link Should fail with the current versions of evince/apparmor and work with the new versions --------------------------------------------- Regression potential: minimal as this should just enable exo usage with apparmor profiles ---------------------------------------------- Using a fresh install of Xubuntu 12.04 beta, I can not open links from within evince. A red bar appears on top and says : "Unable to open external link" "Failed to execute child process "exo-open" (Permission denied)" I suppose this is due to a bad configuration of AppArmor. ProblemType: BugDistroRelease: Ubuntu 12.04 Package: evince 3.4.0-0ubuntu1 ProcVersionSignature: Ubuntu 3.2.0-23.36-generic 3.2.14 Uname: Linux 3.2.0-23-generic x86_64 ApportVersion: 2.0.1-0ubuntu5 Architecture: amd64 Date: Tue Apr 24 02:40:31 2012 EcryptfsInUse: Yes InstallationMedia: Xubuntu 12.04 LTS "Precise Pangolin" - Beta amd64 (20120328) KernLog: Apr 24 02:22:50 box kernel: [349882.938280] type=1400 audit(1335226970.303:28): apparmor="DENIED" operation="exec" parent=13156 profile="/usr/bin/evince" name="/usr/bin/exo-open" pid=13157 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 Apr 24 02:23:01 box kernel: [349894.110102] type=1400 audit(1335226981.475:29): apparmor="DENIED" operation="exec" parent=13158 profile="/usr/bin/evince" name="/usr/bin/exo-open" pid=13159 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 Apr 24 02:29:40 box kernel: [350293.526127] type=1400 audit(1335227380.890:30): apparmor="DENIED" operation="exec" parent=13225 profile="/usr/bin/evince" name="/usr/bin/exo-open" pid=13226 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 ProcEnviron: TERM=xterm PATH=(custom, user) LANG=en_US.UTF-8 SHELL=/bin/bashSourcePackage: evince UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/987578/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
