Hi, John! Gnome Papers fails to access my hardware token (a Giesecke & Devrient GmbH StarSign CUT S USB device) due to an AppArmor denial. The error message I see is:
Apr 02 23:31:26 desktop kernel: audit: type=1400 audit(1743647486.460:13357): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/papers" name="/sys/devices/pci0000:00/0> As a result, the signing functionality in Gnome Papers doesn't work. From what I understand, Gnome Papers attempts to access various hardware devices (including smart cards, TPMs, and USB tokens like mine) because it needs to request the device password to sign documents. I think different hardware tokens may have different paths in /sys/devices/, which is why the application may need to scan this tree. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2106133 Title: Gnome Papers "Sign Digitally" Feature Fails Due to AppArmor Restrictions Status in AppArmor: New Status in apparmor package in Ubuntu: New Status in papers package in Ubuntu: New Bug description: Description: I am unable to digitally sign PDF documents in Gnome Papers using my hardware device "Giesecke & Devrient GmbH StarSign CUT S" with a certificate. The signing process fails due to AppArmor blocking access to necessary directories. Affected Directories: AppArmor restricts Gnome Papers from accessing the following paths: ~/.pki/nssdb /sys/devices/ Steps to Reproduce: 1. Open Gnome Papers. 2. Attempt to sign a PDF using the "Sign Digitally" feature with a hardware security device. 3. The signing process fails due to restricted access. Workaround: Manually editing the AppArmor profile resolves the issue: Open the file "/etc/apparmor.d/usr.bin.papers" and add the following lines: owner @{HOME}/.pki/** lrk, /sys/devices/** r, /run/pcscd/pcscd.comm rw, Reload AppArmor: sudo systemctl restart apparmor Expected Behavior: Gnome Papers should be able to access the necessary directories and sign PDFs using the hardware device without requiring manual AppArmor modifications. ProblemType: Bug DistroRelease: Ubuntu 25.04 Package: apparmor 4.1.0~beta5-0ubuntu12 ProcVersionSignature: Ubuntu 6.14.0-13.13-generic 6.14.0 Uname: Linux 6.14.0-13-generic x86_64 ApportVersion: 2.32.0-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Thu Apr 3 10:50:21 2025 InstallationDate: Installed on 2025-04-02 (1 days ago) InstallationMedia: Ubuntu 25.04 "Plucky Puffin" - Beta amd64 (20250326.6) ProcEnviron: LANG=en_US.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR=<set> ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-6.14.0-13-generic root=UUID=e5c8dae6-79c1-4a2a-aa55-7a53dcc8a41b ro quiet splash pcie_aspm=off nvme_core.default_ps_max_latency_us=0 crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M vt.handoff=7 SourcePackage: apparmor UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2106133/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
