I have a similar problem to this unanswered question.
When I click on a link in a PDF document using evince, I get the error: "Unable to open external link. Failed to execute child process “sh” (Permission denied)".
As a reference, the link is on p. 6 of this PDF: https://1drv.ms/b/s!ArWcVIN9MDpYlALaxYygOngeodbz. CTRL+F "culty parameter".
Note that you can just copy the link by right clicking it, and paste it into the browser, but it would be good to get the link to work by clicking on it directly.
When I click the link in Adobe Acrobat Reader on Windows 10, I get this prompt:
Clicking allow then opens the URL in the default browser. So I can confirm that this is an issue with Ubuntu.
Note that I can run Bash scripts from the command line, which is what I did to compose the PDF file from the TeX file, with a simple ./build.sh command while cded to the directory of the file.
The issue also occurs in this document. Note that clicking links work fine with the PDF Viewer extension in the Brave browser.
Going through the steps in this question, when I run evince and click a link, there is no output in Bash.
In Ubuntu 17.10, nothing still happens when you click help in the app dropdown menu.
Trying suggestions by @muru:
$ type -a sh
sh is /bin/sh
$ namei -lx /bin/sh
f: /bin/sh
Drwxr-xr-x root root /
drwxr-xr-x root root bin
lrwxrwxrwx root root sh -> dash
-rwxr-xr-x root root dash
(While it probably doesn't matter, the documents are in my home directory, not an external HDD or above it.)
$ grep -i 'apparmor.*denied' /var/log/syslog | sort -uk12,12
Jan 19 12:11:44 james-Streacom kernel: [ 1243.518218] audit: type=1400 audit(1516324304.691:131): apparmor="DENIED" operation="create" profile="/usr/bin/evince//sanitized_helper" pid=4894 comm="WebKitWebProces" family="netlink" sock_type="raw" protocol=0 requested_mask="create" denied_mask="create"
Jan 19 11:01:55 james-Streacom kernel: [ 3443.867198] audit: type=1400 audit(1516320115.513:125): apparmor="DENIED" operation="exec" profile="/usr/bin/evince" name="/bin/dash" pid=7738 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
Jan 19 12:59:09 james-Streacom kernel: [ 4088.301201] audit: type=1400 audit(1516327149.446:146): apparmor="DENIED" operation="file_mmap" profile="snap.akasha.akasha" name="/usr/share/fonts/truetype/ubuntu-font-family/Ubuntu-R.ttf" pid=6997 comm="akasha" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0
Jan 19 10:47:22 james-Streacom kernel: [ 2571.053151] audit: type=1400 audit(1516319242.706:123): apparmor="DENIED" operation="open" profile="/usr/bin/evince" name="/var/lib/snapd/desktop/applications/mimeinfo.cache" pid=7011 comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Jan 19 00:07:17 james-Streacom kernel: [52772.610086] audit: type=1400 audit(1516280837.487:52060): apparmor="DENIED" operation="open" profile="snap.akasha.akasha" name="/sys/bus/usb/devices/" pid=31923 comm="geth" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
apparmor="DENIED". Actually it's so long that it overran the messages that Bash can display, so I'll have to log it to a file. – James Ray Jan 19 '18 at 01:53apparmor="DENIED" operation="open" profile="snap.akasha.akasha" name="/sys/bus/usb/devices/" pid=31923 comm="geth" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0. The akasha application seems to be blocking it, even though it's not running. https://gist.github.com/jamesray1/f05fd70dbe20e8d74102f1874676ca7d. I'll report an issue with the developers. However, I remember getting this error before I installed Akasha, which I only installed just yesterday night. – James Ray Jan 19 '18 at 01:58grep -i 'apparmor.*denied' /var/log/syslog | sort -uk12,12. That should show you the correct source of the problem: AppArmor denying gedit from opening anything outside a specific whitelist. – muru Jan 19 '18 at 02:03/etc/apparmor.d/usr.bin.evince- you'll see evince is only allowed to open some specific applications. Now how you want to solve this is up to you - you could add a command to that whitelist, or disable AppArmor for evince (like it's disabled for Firefox, IIRC). – muru Jan 19 '18 at 02:12/usr/bin/brave ixr,. – James Ray Jan 19 '18 at 02:25/etc/apparmor.d/usr.bin.evince. I triedsudo gedit, but that didn't open, so I usedGDK_BACKEND=wayland gedit, which opened gedit, but I couldn't edit and save the file. https://www.mail-archive.com/ubuntu-bugs@lists.ubuntu.com/msg5243354.html. I'll try changing the modes for the file. I may also try the other option. – James Ray Jan 19 '18 at 02:49sudo nanoorsudo vimif you are comfortable with those. – muru Jan 19 '18 at 02:52xhost si:localuser:root,su -,gedit, added/usr/bin/brave ixr,, saved the file and tried to open a link again, but that didn't work. Adding/bin/sh ixr,didn't work, either. – James Ray Jan 19 '18 at 03:06