Join Log in
Score:0
knb avatar Ubuntu

Apparmor: Allow Inkscape to execute extensions in $HOME/config/inkscape/extensions/

jp flag
knb

I want to extend Inkscape (installed with snap) by putting the SVGO-Optimizer SVGO in Inkscape's local extension directory.

According to the Inkscape preferences dialog (Edit/Preferences/System), the directory to use is (and to put extensions in)

$HOME/.config/inkscape/extensions/

There I want to install inkscape-svgo.inx. I followed the inkscape-svgo instructions.

however, Apparmor does not let me execute the extension from within the Inkscape GUI. I cannot execute the "Save As SVGO-Optimized SVG " dialog.

An uninformative "Saving as [any filename] failed" dialog appears.

I suspect it is an Apparmor issue.
How can I defined or extend the Apparmor rule to allow Inkscape to execute the SVGO extension?

journalctl gives me this output:

AVC apparmor="DENIED" operation="open" profile="snap.inkscape.inkscape" name="/proc/148064/mountinfo" pid=148064 comm="inkscape" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
AVC apparmor="DENIED" operation="exec" profile="snap.inkscape.inkscape" name="$HOME/.config/inkscape/extensions/inkscape-svgo" pid=149456 comm="inkscape" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000
Script::execute(): failed to execute program '$HOME/.config/inkscape/extensions/inkscape-svgo'. 
Reason: Failed to execute child process “$HOME/.config/inkscape/extensions/inkscape-svgo” (Permission denied)

My Inkscape version:

snap list inkscape
Name      Version                    Rev   Tracking       Publisher  Notes
inkscape  1.1-ce6663b3b7-2021-05-25  9090  latest/stable  inkscape✓  -
67
1 + 2
N0rbert avatar
zw flag
N0rbert
I see overcomplication in proposed solution. Using deb-package [from PPA](https://launchpad.net/~inkscape.dev/+archive/ubuntu/stable?field.series_filter=focal) will be easier.
0
Reply
knb avatar
jp flag
knb
? I did not propose a solution, I've asked a question. Specifically about the Inkscape version distributed as a Snap.
0
Reply
Score:0
James S. avatar Ubuntu
de flag
James S.

AppArmor rules are defined in profiles which are stored in /etc/apparmor.d/ You need to update the AppArmor profile with rules to permit filesystem access to the paths you are interested in for Inkscape.

This tutorial from Ubuntu will help to guide you.

More details can be found in the AppArmor documentation, here.

0 + 2
James S. avatar
de flag
James S.
Or, I guess, you could not use snap packages
0
Reply
knb avatar
jp flag
knb
Thanks, but I know how to read documentation. The thing is, the existing aparmor profile defined in `/etc/apparmor.d/usr.lib.snapd.snap-confine.real` is really long and complex. Even disabling apparmor with `systemctl disable apparmor` does not help. Do I need to log out / reboot? That is what I need an answer for.
0
Reply
James S. avatar
de flag
James S.
Disabling AppArmor will not help; it will prevent all profiles from granting permissions. Container privileges fail closed by default. Instead, you must edit the profile in accordance with the documentation.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.