[prev in list] [next in list] [prev in thread] [next in thread]
List: lilypond-user
Subject: Re: Getting point-and-click working
From: Andrew Bernard <andrew.bernard () gmail ! com>
Date: 2019-02-23 12:51:34
Message-ID: CAK5QfnVfnewe3TWMqubDTExUNCxeBLRWYzpjk58Za79jHtQoqQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi All,
I am following the same track today.
Can I add a discovery, and a different issue on my Ubuntu 18.10?
The discovery is that the /etc/apparmor.d/local directory exists to allow
local modifications and add-ons to files in the /etc/apparmor.d directory.
At the end of /etc/apparmor.d/usr.bin.evince are the following lines:
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.bin.evince>
You need to uncomment the include line out so that the local file gets
taken account of. Then run apparmor_parser on the top level file.
Also restart apparmor:
# /etc/init.d/apparmor restart
just for good measure (I am not sure if this is essential).
I hope this makes sense of part of the foregoing thread.
But now, for me on Ubuntu 18.10, the problem is solved but it has moved
further down the track. Observing /var/log/syslog is useful for debugging
this work. We get:
Feb 23 23:41:30 ubu1810 kernel: [ 420.450790] audit: type=1400
audit(1550925690.952:84): apparmor="DENIED" operation="exec"
profile="/usr/bin/evince" name="/home/andro/bin/lilypond-wrapper.guile"
pid=3532 comm="gio-launch-desk" requested_mask="x" denied_mask="x"
fsuid=1000 ouid=1000
So now you can see that the next lilypond wrapper down the line is blocked.
I know very little about apparmor. Does anybody know the appropriate
incantation to sort this out?
Andrew
On Mon, 11 Feb 2019 at 00:43, David Sumbler <david@aeolia.co.uk> wrote:
> Thank you all for your help in this matter.
>
> Today I have point-and-click working as it should, with AppArmor
> apparently doing what it is supposed to do.
>
> What made the difference was the following:
>
> The Usage Manual 4.1.1 says that the lines
> # For Textedit links
> /usr/local/bin/lilypond-invoke-editor Cx -> sanitized_helper,
> should be added to the file /etc/apparmor.d/local/usr.bin.evince .
> This file did not exist, although there are several other files in that
> directory, so I had created the file and put just the two lines above
> in it. Unfortunately, as I reported, point-and-click didn't work for
> me.
>
> With the difficulties I was having, yesterday I disabled AppArmor for
> Evince by adding a soft link to /etc/apparmor.d/usr.bin.evince in
> /etc/apparmor.d/disable/ . This is what made point-and-click work
> eventually for me yesterday.
>
> However, following your latest emails to the list on the topic, today I
> thought I would have another go. I deleted the disabling link, and ran
> 'sudo apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.evince'
> again. I also ran
> 'sudo apparmor_parser -r -T -W /etc/apparmor.d/local/usr.bin.evince'.
> I don't know whether that needed to be done or not, but I found that it
> throws out a syntax error.
>
> So I copied the lines out of the second file and inserted them into the
> main usr.bin.evince file. I then deleted
> /etc/apparmor.d/local/usr.bin.evince .
>
> After I ran
> 'sudo apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.evince'once more, I
> found that point-and-click works as it should.
>
> I don't pretend to understand what is going on here, but in summary it
> appears that if the additional lines are added to
> /etc/apparmor.d/usr.bin.evince rather than to
> /etc/apparmor.d/local/usr.bin.evince it all works.
>
>
[Attachment #5 (text/html)]
<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Hi \
All,</div><div><br></div><div>I am following the same track \
today.</div><div><br></div><div>Can I add a discovery, and a different issue on my \
Ubuntu 18.10?</div><div><br></div><div>The discovery is that the \
/etc/apparmor.d/local directory exists to allow local modifications and add-ons to \
files in the /etc/apparmor.d directory. At the end of /etc/apparmor.d/usr.bin.evince \
are the following lines:</div><div><br></div><div> # Site-specific additions and \
overrides. See local/README for details.<br> #include \
<local/usr.bin.evince></div><div><br></div><div>You need to uncomment the \
include line out so that the local file gets taken account of. Then run \
apparmor_parser on the top level file.</div><div><br></div><div>Also restart \
apparmor:</div><div><br></div><div># /etc/init.d/apparmor \
restart</div><div><br></div><div>just for good measure (I am not sure if this is \
essential).<br></div><div><br></div><div>I hope this makes sense of part of the \
foregoing thread.</div><div><br></div><div>But now, for me on Ubuntu 18.10, the \
problem is solved but it has moved further down the track. Observing /var/log/syslog \
is useful for debugging this work. We \
get:</div><div><br></div><div><br></div><div>Feb 23 23:41:30 ubu1810 kernel: [ \
420.450790] audit: type=1400 audit(1550925690.952:84): apparmor="DENIED" \
operation="exec" profile="/usr/bin/evince" \
name="/home/andro/bin/lilypond-wrapper.guile" pid=3532 \
comm="gio-launch-desk" requested_mask="x" \
denied_mask="x" fsuid=1000 ouid=1000<br></div><div><br></div><div>So now \
you can see that the next lilypond wrapper down the line is \
blocked.</div><div><br></div><div>I know very little about apparmor. Does anybody \
know the appropriate incantation to sort this \
out?</div><div><br></div><div>Andrew</div><div><br></div><div><br></div></div></div><br><div \
class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 11 Feb 2019 at 00:43, \
David Sumbler <<a href="mailto:david@aeolia.co.uk">david@aeolia.co.uk</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Thank you all for your \
help in this matter.<br> <br>
Today I have point-and-click working as it should, with AppArmor<br>
apparently doing what it is supposed to do.<br>
<br>
What made the difference was the following:<br>
<br>
The Usage Manual 4.1.1 says that the lines<br>
# For Textedit links<br>
/usr/local/bin/lilypond-invoke-editor Cx -> sanitized_helper,<br>
should be added to the file /etc/apparmor.d/local/usr.bin.evince . <br>
This file did not exist, although there are several other files in that<br>
directory, so I had created the file and put just the two lines above<br>
in it. Unfortunately, as I reported, point-and-click didn't work for<br>
me.<br>
<br>
With the difficulties I was having, yesterday I disabled AppArmor for<br>
Evince by adding a soft link to /etc/apparmor.d/usr.bin.evince in<br>
/etc/apparmor.d/disable/ . This is what made point-and-click work<br>
eventually for me yesterday.<br>
<br>
However, following your latest emails to the list on the topic, today I<br>
thought I would have another go. I deleted the disabling link, and ran<br>
'sudo apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.evince'<br>
again. I also ran<br>
'sudo apparmor_parser -r -T -W /etc/apparmor.d/local/usr.bin.evince'. <br>
I don't know whether that needed to be done or not, but I found that it<br>
throws out a syntax error.<br>
<br>
So I copied the lines out of the second file and inserted them into the<br>
main usr.bin.evince file. I then deleted<br>
/etc/apparmor.d/local/usr.bin.evince .<br>
<br>
After I ran <br>
'sudo apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.evince'once more, I \
found that point-and-click works as it should.<br> <br>
I don't pretend to understand what is going on here, but in summary it appears \
that if the additional lines are added to /etc/apparmor.d/usr.bin.evince rather than \
to /etc/apparmor.d/local/usr.bin.evince it all works.<br> <br>
</blockquote></div></div></div>
_______________________________________________
lilypond-user mailing list
lilypond-user@gnu.org
https://lists.gnu.org/mailman/listinfo/lilypond-user
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic