Evince links not working on Ubuntu 20.04

Question

I am able to open pdf files with evince, but I can't open any link in the browser.

I have found this link from years ago:

Hyperlinks clicked in evince document viewer are not opening, any ideas on how to fix?

but my /etc/apparmor.d/abstractions/ubuntu-helpers file does not contain the mentioned reference "/usr/lib*/{,*/} Pixr,"

# Lenient profile that is intended to be used when 'Ux' is desired but
# does not provide enough environment sanitizing. This effectively is an
# open profile that blacklists certain known dangerous files and also
# does not allow any capabilities. For example, it will not allow 'm' on files
# owned be the user invoking the program. While this provides some additional
# protection, please use with care as applications running under this profile
# are effectively running without any AppArmor protection. Use this profile
# only if the process absolutely must be run (effectively) unconfined.
#
# Usage:
# Because this abstraction defines the sanitized_helper profile, it must only
# be #included once. Therefore this abstraction should typically not be
# included in other abstractions so as to avoid parser errors regarding
# multiple definitions.
#
# Limitations:
# 1. This does not work for root owned processes, because of the way we use
#    owner matching in the sanitized helper. We could do a better job with
#    this to support root, but it would make the policy harder to understand
#    and going unconfined as root is not desirable any way.
#
# 2. For this sanitized_helper to work, the program running in the sanitized
#    environment must open symlinks directly in order for AppArmor to mediate
#    it. This is confirmed to work with:
#     - compiled code which can load shared libraries
#     - python imports
#    It is known not to work with:
#     - perl includes
# 3. Sanitizing ruby and java
#
# Use at your own risk. This profile was developed as an interim workaround for
# LP: #851986 until AppArmor utilizes proper environment filtering.
profile sanitized_helper {
  #include <abstractions/base>
  #include <abstractions/X>
Allow all networking
network inet,
  network inet6,
Allow all DBus communications
#include <abstractions/dbus-session-strict>
  #include <abstractions/dbus-strict>
  dbus,
Needed for Google Chrome
ptrace (trace) peer=**//sanitized_helper,
Allow exec of anything, but under this profile. Allow transition
to other profiles if they exist.
/{usr/,usr/local/,}{bin,sbin}/* Pixr,
Allow exec of libexec applications in /usr/lib* and /usr/local/lib*
/usr/{,local/}lib/{,/} Pixr,
Allow exec of software-center scripts. We may need to allow wider
permissions for /usr/share, but for now just do this. (LP: #972367)
/usr/share/software-center/* Pixr,
Allow exec of texlive font build scripts (LP: #1010909)
/usr/share/texlive/texmf{,-dist}/web2c/{,*/} Pixr,
While the chromium and chrome sandboxes are setuid root, they only link
in limited libraries so glibc's secure execution should be enough to not
require the santized_helper (ie, LD_PRELOAD will only use standard system
paths (man ld.so)).
/usr/lib/chromium-browser/chromium-browser-sandbox PUxr,
  /usr/lib/chromium{,-browser}/chrome-sandbox PUxr,
  /opt/google/chrome{,-beta,-unstable}/chrome-sandbox PUxr,
  /opt/google/chrome{,-beta,-unstable}/google-chrome Pixr,
  /opt/google/chrome{,-beta,-unstable}/chrome Pixr,
  /opt/google/chrome{,-beta,-unstable}/{,*/}lib.so{,.*} m,
Full access
/ r,
  /** rwkl,
  /{,usr/,usr/local/}lib{,32,64}/{,*/}.so{,.*} m,
Dangerous files
audit deny owner //* m,              # compiled libraries
  audit deny owner //.py r,          # python imports
}

Any idea?

mondotofu · Answer 1 · 2021-06-23T03:00:37.973

I love evince, and it's great as a quick viewer for an occasional document, but if you do any kind of collection and organization of documents, then I'd recommend downloading calibre and using its built-in ebook viewer. The calibre is cross-platform and FOSS and can help you build a library of books (including PDF, ePubs, html, and lots of special formats) and help transfer these books to a long list of other devices with their idiosyncrasies.

Maybe that's more than you need, but it's worth a try.

https://calibre-ebook.com/download_linux

Back to the viewer, it's typically invoked from calibre, but can be opened standalone program as

/opt/calibre/bin/ebook-viewer

You can even add it as a favorite on your toolbar.

My solution is therefore not trying to mend a broken installation of evince (which I tried without luck) to open hyperlinks within a PDF, but take your reading to the next step and enjoy other lightweight more robust reading tools and other formats such as ePub, too.

Thanks for your comment. Trying to open a pdf in calibre leads again to evince what do not solve the original problem. Should be something trivial. — Menks, Jun 24 '21 at 09:49
I should have been more clear. In the calibre program, when you highlight a title, right clicking will provide a menu. On the menu is View... It has a submenu of View you can select "View with calibre E-book viewer" rather than the default document viewer program evince. — mondotofu, Jun 26 '21 at 14:53

Evince links not working on Ubuntu 20.04

Allow all networking

Allow all DBus communications

Needed for Google Chrome

Allow exec of anything, but under this profile. Allow transition

to other profiles if they exist.

Allow exec of libexec applications in /usr/lib* and /usr/local/lib*

Allow exec of software-center scripts. We may need to allow wider

permissions for /usr/share, but for now just do this. (LP: #972367)

Allow exec of texlive font build scripts (LP: #1010909)

While the chromium and chrome sandboxes are setuid root, they only link

in limited libraries so glibc's secure execution should be enough to not

require the santized_helper (ie, LD_PRELOAD will only use standard system

paths (man ld.so)).

Full access

Dangerous files

1 Answers1