Public bug reported:
Description:
I am unable to digitally sign PDF documents in Gnome Papers using my hardware
device "Giesecke & Devrient GmbH StarSign CUT S" with a certificate. The
signing process fails due to AppArmor blocking access to necessary directories.
Affected Directories:
AppArmor restricts Gnome Papers from accessing the following paths:
~/.pki/nssdb
/sys/devices/
Steps to Reproduce:
1. Open Gnome Papers.
2. Attempt to sign a PDF using the "Sign Digitally" feature with a hardware
security device.
3. The signing process fails due to restricted access.
Workaround:
Manually editing the AppArmor profile resolves the issue:
Open the file "/etc/apparmor.d/usr.bin.papers" and add the following lines:
owner @{HOME}/.pki/** lrk,
/sys/devices/** r,
/run/pcscd/pcscd.comm rw,
Reload AppArmor:
sudo systemctl restart apparmor
Expected Behavior:
Gnome Papers should be able to access the necessary directories and sign PDFs
using the hardware device without requiring manual AppArmor modifications.
ProblemType: Bug
DistroRelease: Ubuntu 25.04
Package: apparmor 4.1.0~beta5-0ubuntu12
ProcVersionSignature: Ubuntu 6.14.0-13.13-generic 6.14.0
Uname: Linux 6.14.0-13-generic x86_64
ApportVersion: 2.32.0-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Thu Apr 3 10:50:21 2025
InstallationDate: Installed on 2025-04-02 (1 days ago)
InstallationMedia: Ubuntu 25.04 "Plucky Puffin" - Beta amd64 (20250326.6)
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-6.14.0-13-generic
root=UUID=e5c8dae6-79c1-4a2a-aa55-7a53dcc8a41b ro quiet splash pcie_aspm=off
nvme_core.default_ps_max_latency_us=0
crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M
vt.handoff=7
SourcePackage: apparmor
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: apparmor
Importance: Undecided
Status: New
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Affects: papers (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug plucky wayland-session
** Also affects: papers (Ubuntu)
Importance: Undecided
Status: New
** Also affects: apparmor
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2106133
Title:
Gnome Papers "Sign Digitally" Feature Fails Due to AppArmor
Restrictions
Status in AppArmor:
New
Status in apparmor package in Ubuntu:
New
Status in papers package in Ubuntu:
New
Bug description:
Description:
I am unable to digitally sign PDF documents in Gnome Papers using my hardware
device "Giesecke & Devrient GmbH StarSign CUT S" with a certificate. The
signing process fails due to AppArmor blocking access to necessary directories.
Affected Directories:
AppArmor restricts Gnome Papers from accessing the following paths:
~/.pki/nssdb
/sys/devices/
Steps to Reproduce:
1. Open Gnome Papers.
2. Attempt to sign a PDF using the "Sign Digitally" feature with a hardware
security device.
3. The signing process fails due to restricted access.
Workaround:
Manually editing the AppArmor profile resolves the issue:
Open the file "/etc/apparmor.d/usr.bin.papers" and add the following lines:
owner @{HOME}/.pki/** lrk,
/sys/devices/** r,
/run/pcscd/pcscd.comm rw,
Reload AppArmor:
sudo systemctl restart apparmor
Expected Behavior:
Gnome Papers should be able to access the necessary directories and sign PDFs
using the hardware device without requiring manual AppArmor modifications.
ProblemType: Bug
DistroRelease: Ubuntu 25.04
Package: apparmor 4.1.0~beta5-0ubuntu12
ProcVersionSignature: Ubuntu 6.14.0-13.13-generic 6.14.0
Uname: Linux 6.14.0-13-generic x86_64
ApportVersion: 2.32.0-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Thu Apr 3 10:50:21 2025
InstallationDate: Installed on 2025-04-02 (1 days ago)
InstallationMedia: Ubuntu 25.04 "Plucky Puffin" - Beta amd64 (20250326.6)
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-6.14.0-13-generic
root=UUID=e5c8dae6-79c1-4a2a-aa55-7a53dcc8a41b ro quiet splash pcie_aspm=off
nvme_core.default_ps_max_latency_us=0
crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M
vt.handoff=7
SourcePackage: apparmor
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2106133/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
