ImageMagick security settings in openSUSE

Tommaso Cucinotta tommaso at lyx.org
Fri Oct 30 23:11:58 UTC 2020


Hi,

I'm not sure if the problem is similar, I've just tried LyX 2.3.4 on Ubuntu 20.04.1, and noticed that after inserting a 
PDF file/graphics, LyX has problems in converting the image into PNG, as needed to show the preview on-screen.

One way I could work around it, was to comment out the PDF rule/filter in the security policy coming with ImageMagick 6:
(not understanding yet the full implications of this, though)

tommaso at laptom$ grep PDF /etc/ImageMagick-6/policy.xml
   <!-- <policy domain="module" rights="none" pattern="{PS,PDF,XPS}" /> -->
   <!-- <policy domain="coder" rights="none" pattern="PDF" /> -->

Now, the question I wanted to ask is: when reconfiguring LyX looking for existence of the various converters, would it 
make sense for LyX to have a means to try the converters one by one (at least a known subset of them), to be sure they 
work and they've not been forbidden, so to exclude those ones that don't actually work ?
Or, is there some other way to handle the problem in a user-friendly way ?

FYI, the user perception of the issue shows up like this:
tommaso at laptom$ lyx placement.lyx
convert-im6.q16: attempt to perform an operation not allowed by the security policy `PS' @ 
error/constitute.c/IsCoderAuthorized/408.
convert-im6.q16: no images defined `/tmp/lyx_tmpdir.pPGlFCzHmrqd/gconvertDiWwGs.png' @ 
error/convert.c/ConvertImageCommand/3258.

and, in LyX, the generic error on the image "spot" saying "cannot convert".

Thanks,

	T.

On 03/07/19 15:43, Cor Blom wrote:
> Dear LyX devs,
> 
> Because of the following bug
> 
> https://bugzilla.opensuse.org/show_bug.cgi?id=1139928
> 
> I have become aware of the strict security settings in openSUSE which limits capabilities of ImageMagick. There is an 
> alternative setting that the user can activate, but most users will not know this.
> 
> I am just writing this, so you are aware of this. I don't know a solution.
> 
> Regards,
> 
> Cor
> 
> 
> 



More information about the lyx-devel mailing list