Control: tag -1 + moreinfo Hi,
Trent W. Buck (2021-09-30): > The original bug report complained about LibreOffice and Evince. > I tested those specifically. > > LibreOffice is in "complain" mode. > It's rules fail, but there is no user-visible impact. > > Evince is in "enforce" mode. > I couldn't generate an error by just opening PDFs, saving them, and printing > them (to files). Interesting! I was not surprised that msmtp works because its profile has attach_disconnected, but the Evince and LibreOffice don't have that kludge so I'm surprised they work. > Is this a sufficient test? It's definitely a sufficient test to give some hope! Could you please test this with some LUKS-encrypted persistence mounts, e.g. make ~/.gnupg persistent and check that AppArmor correctly forbids access to the persistent files in there, both when accessed via ~/.gnupg and via the mountpoint of the persistent filesystem? Cheers!