[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Getting point-and-click working
From: |
David Wright |
Subject: |
Re: Getting point-and-click working |
Date: |
Sat, 9 Feb 2019 20:50:22 -0600 |
User-agent: |
NeoMutt/20170113 (1.7.2) |
On Sat 09 Feb 2019 at 19:03:02 (+0000), David Sumbler wrote:
> I tried all the suggestions on the page suggested. Nothing helped
> except for completely disabling AppArmor for Evince. The links then
> work as intended!
>
> But it would be preferable, probably, not to do that, so I removed the
> disabling link and tried again with the AppArmor files modified as you
> suggested. I rebooted and, sad to say, the old problem occurs.
>
> However, in case you or anyone else can make a further suggestion on
> how to get things working even with AppArmor doing its thing, here are
> the lines that appear in my /var/log/syslog file when I open a Lilypond
> PDF file in Evince, and then click on a link.
>
> Upon opening the file, I get (in a single line):
>
> Feb 9 18:11:21 vesta kernel: [ 975.529752] audit: type=1400
> audit(1549735881.448:47): apparmor="DENIED"
> operation="open" profile="/usr/bin/evince"
> name="/home/david/.local/share/applications/mimeapps.list" pid=3241
> comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
>
> When I click on a link in the displayed file, I get:
>
> Feb 9 18:11:38 vesta kernel: [ 992.243804] audit: type=1400
> audit(1549735898.161:48): apparmor="DENIED"
> operation="exec" profile="/usr/bin/evince"
> name="/usr/local/bin/lilypond-wrapper.guile" pid=3261
> comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
>
> Although all of the other 71 files in ~/.local/share/applications/ have
> me as owner and group, the file mimeapps.list has owner and group set
> to root. I looked at my partner's computer, which is running Ubuntu
> 16.04, and there the corresponding file has owner and group set to the
> user, rather than root. (Presumably this is some change made in
> Ubuntu, since I don't think I can have done anything to change it.)
Is it possible you accidentally ran the command
xdg-mime default lilypond-invoke-editor.desktop x-scheme-handler/textedit
with sudo? There's no way root should be owning any files in /home.
> So I tried changing the ownership of that file on my computer, and sure
> enough, I no longer see an error in the log file when evince is
> started. But when I click on a link in the Lilypond file I still get:
>
> Feb 9 18:34:45 vesta kernel: [ 200.968460] audit: type=1400
> audit(1549737285.711:45): apparmor="DENIED"
> operation="exec" profile="/usr/bin/evince"
> name="/usr/local/bin/lilypond-wrapper.guile" pid=2507
> comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
>
> Clearly I can't sensibly change the ownership of
> /usr/local/bin/lilypond-wrapper.guile, and presumably this is the sort
> of thing AppArmor is supposed to sort out. I did, however, try adding
> a line specifically for this file in
> /etc/apparmor.d/local/usr.bin.evince, but it hasn't helped.
I too use Debian and, although there are apparmor files dotted around,
it doesn't use them here. However, I get the impression that the
apparmor files are loaded into the kernel, rather than being used
in situ. So I wonder whether, *whenever* you make changes to any of
these files, you have to reparse them with apparmor_parser. Did
you do that? (I don't know if they're loaded at boot time.)
> Meanwhile, I shall go back to disabling AppArmor for Evince, even
> though it is probably slightly less than ideal.
BTW I think there are a few small wrinkles in the documentation:
If you write a file called lilypond-invoke-editor.desktop in a local
directory such as /tmp, then you need to run
xdg-desktop-menu install /tmp/lilypond-invoke-editor.desktop
and not
xdg-desktop-menu install ./lilypond-invoke-editor.desktop
If you run evince but not Gnome, then gnome-open may not be present,
but it may be worth trying xdg-open.
I assume (but cannot test) that the lines:
# For Textedit links
/usr/local/bin/lilypond-invoke-editor Cx -> sanitized_helper,
should be adjusted according to where lilypond was installed.
(In your case, you happen to have matched its assumption.)
Cheers,
David.
- Getting point-and-click working, David Sumbler, 2019/02/08
- Re: Getting point-and-click working, Andrew Bernard, 2019/02/08
- Re: Getting point-and-click working, Andrew Bernard, 2019/02/08
- Re: Getting point-and-click working, Andrew Bernard, 2019/02/08
- Re: Getting point-and-click working, Andrew Bernard, 2019/02/08
- Re: Getting point-and-click working, Federico Bruni, 2019/02/09
- Re: Getting point-and-click working, David Sumbler, 2019/02/09
- Re: Getting point-and-click working,
David Wright <=
- Re: Getting point-and-click working, Federico Bruni, 2019/02/10
- Re: Getting point-and-click working, Andrew Bernard, 2019/02/10
- Re: Getting point-and-click working, David Sumbler, 2019/02/10
- Re: Getting point-and-click working, Aaron Hill, 2019/02/10
- Re: Getting point-and-click working, Aaron Hill, 2019/02/10
- Re: Getting point-and-click working, David Sumbler, 2019/02/10
- Re: Getting point-and-click working, David Wright, 2019/02/10
- Re: Getting point-and-click working, Andrew Bernard, 2019/02/23