Hi, Am 08.02.21 um 03:15 schrieb Paul Wise:
> Tags: patch No, No patch. patch does not mean "add a ?" but if at all someting like this $ git diff sysui/desktop/apparmor/program.soffice.bin diff --git a/sysui/desktop/apparmor/program.soffice.bin b/sysui/desktop/apparmor/program.soffice.bin index 42053db2abef..83bd9d11f93c 100644 --- a/sysui/desktop/apparmor/program.soffice.bin +++ b/sysui/desktop/apparmor/program.soffice.bin @@ -101,7 +101,7 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin { owner @{libo_user_dirs}/**/ rw, #allow creating directories that we own owner @{libo_user_dirs}/**~lock.* rw, #lock file support owner @{libo_user_dirs}/**.@{libreoffice_ext} rwk, #Open files rw with the right exts - owner @{libo_user_dirs}/{,**/}lu??????????{,?}.tmp rwk, #Temporary file used when saving + owner @{libo_user_dirs}/{,**/}lu???????????{,?}.tmp rwk, #Temporary file used when saving owner @{libo_user_dirs}/{,**/}.directory r, #Read directory settings on KDE # Settings (Which is even trivially to do in /etc/apparmor.d if you don't know the source path. This won t necessarily help since the path is there in the generated file but if yoz're lucky and are far away "enough" from the profile path..) Not removing the patch since it's now actually has one.. > When I open a document in my home directory in libreoffice I get this: > > Feb 08 08:08:48 audit[474619]: AVC apparmor="DENIED" operation="open" > profile="libreoffice-soffice" name="/home/pabs/lu474619vthyvt.tmp" pid=474619 > comm="soffice.bin" requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000 Didn't you already ask on IRC some weeks ago about this? Did you manually set it to enabled from the default complain-only mode or how did the soffice.bin get into complain mode? > The reason is that this rule allowing temporary files is too short: > > owner @{libo_user_dirs}/{,**/}lu??????????{,?}.tmp rwk, #Temporary file > used when saving > > Adding one more possible temporary filename length fixes the denial: > > owner @{libo_user_dirs}/{,**/}lu??????????{,?,??}.tmp rwk, #Temporary > file used when saving Did you change it or do you mean upstream did? Addendum: Yes, apprarently something changed and it got hidden due to it being complain-only. Indeed I get ALLOWED entries in the log. Regards, Rene